package io.milton.http.http11.auth;

import H.a;
import io.milton.common.Utils;
import io.milton.dns.utils.base64;
import io.milton.http.AuthenticationHandler;
import io.milton.http.BeanCookie;
import io.milton.http.Cookie;
import io.milton.http.HttpManager;
import io.milton.http.Request;
import io.milton.http.ResourceFactory;
import io.milton.http.Response;
import io.milton.http.exceptions.BadRequestException;
import io.milton.http.exceptions.NotAuthorizedException;
import io.milton.http.http11.auth.NonceProvider;
import io.milton.principal.DiscretePrincipal;
import io.milton.resource.Resource;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class CookieAuthenticationHandler implements AuthenticationHandler {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CookieAuthenticationHandler.class);
    private final List<AuthenticationHandler> handlers;
    private final List<String> keys;
    private final NonceProvider nonceProvider;
    private final ResourceFactory principalResourceFactory;
    private final String requestParamLogout = "miltonLogout";
    private final String cookieUserUrlValue = "miltonUserUrl";
    private final String cookieUserUrlHash = "miltonUserUrlHash";
    private final String loginTokenName = "loginToken";
    private String userUrlAttName = "userUrl";
    private boolean useLongLivedCookies = true;
    private String keepLoggedInParamName = "keepLoggedIn";

    /* renamed from: io.milton.http.http11.auth.CookieAuthenticationHandler$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$milton$http$http11$auth$NonceProvider$NonceValidity;

        static {
            int[] iArr = new int[NonceProvider.NonceValidity.values().length];
            $SwitchMap$io$milton$http$http11$auth$NonceProvider$NonceValidity = iArr;
            try {
                iArr[NonceProvider.NonceValidity.OK.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$io$milton$http$http11$auth$NonceProvider$NonceValidity[NonceProvider.NonceValidity.EXPIRED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$io$milton$http$http11$auth$NonceProvider$NonceValidity[NonceProvider.NonceValidity.INVALID.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    public CookieAuthenticationHandler(NonceProvider nonceProvider, List<AuthenticationHandler> list, ResourceFactory resourceFactory, List<String> list2) {
        this.nonceProvider = nonceProvider;
        this.handlers = list;
        this.principalResourceFactory = resourceFactory;
        this.keys = list2;
    }

    private void clearCookieValue(Response response) {
        log.info("clearCookieValue");
        response.setCookie("miltonUserUrl", "");
        response.setCookie("miltonUserUrlHash", "");
    }

    private String getCookieOrParam(Request request, String str) {
        String str2;
        if (request == null) {
            return null;
        }
        if (request.getParams() != null && (str2 = request.getParams().get(str)) != null) {
            return str2;
        }
        Cookie cookie = request.getCookie(str);
        if (cookie != null) {
            return cookie.getValue();
        }
        return null;
    }

    private String getDomain(Request request) {
        String hostHeader = request.getHostHeader();
        if (hostHeader.contains(":")) {
            hostHeader = hostHeader.substring(0, hostHeader.indexOf(":"));
        }
        return hostHeader == null ? "nohost" : hostHeader;
    }

    private String getParamVal(Request request, String str) {
        String str2;
        if (request.getParams() == null || (str2 = request.getParams().get(str)) == null) {
            return null;
        }
        return str2;
    }

    private boolean isLogout(Request request) {
        String str;
        return (request.getParams() == null || (str = request.getParams().get("miltonLogout")) == null || str.length() <= 0) ? false : true;
    }

    private void setCookieValues(Response response, String str, String str2, boolean z2) {
        log.trace("setCookieValues");
        BeanCookie beanCookie = new BeanCookie("miltonUserUrl");
        beanCookie.setValue(encodeUserUrl(str));
        beanCookie.setPath("/");
        beanCookie.setVersion(1);
        if (z2 && this.useLongLivedCookies) {
            beanCookie.setExpiry(31536000);
        }
        response.setCookie(beanCookie);
        BeanCookie beanCookie2 = new BeanCookie("miltonUserUrlHash");
        beanCookie2.setValue("\"" + str2 + "\"");
        beanCookie2.setHttpOnly(true);
        beanCookie2.setVersion(1);
        beanCookie2.setPath("/");
        if (z2 && this.useLongLivedCookies) {
            beanCookie2.setExpiry(31536000);
        }
        response.setCookie(beanCookie2);
    }

    private boolean verifyHash(String str, Request request) {
        String hashFromRequest = getHashFromRequest(request);
        if (hashFromRequest == null) {
            return false;
        }
        String trim = hashFromRequest.replace("\"", "").trim();
        if (trim.length() == 0) {
            log.warn("cookie signature is not present in cookie: miltonUserUrlHash");
            return false;
        }
        for (String str2 : this.keys) {
            if (str2 != null && str2.length() > 0 && verifyHash(str, str2, trim, request)) {
                return true;
            }
        }
        return false;
    }

    private boolean verifyHash(String str, String str2, String str3, Request request) {
        int indexOf = str3.indexOf(":");
        if (indexOf < 1) {
            log.warn("Invalid cookie signing format, no semi-colon: " + str3 + " Should be in form - nonce:hmac");
            return false;
        }
        String domain = getDomain(request);
        String substring = str3.substring(0, indexOf);
        String substring2 = str3.substring(indexOf + 1);
        String str4 = substring + ":" + str + ":" + domain;
        String calcShaHash = HmacUtils.calcShaHash(str4, str2);
        Logger logger = log;
        if (logger.isTraceEnabled()) {
            logger.trace("Message:" + str4);
            logger.trace("Key:" + str2);
            logger.trace("Hash:" + calcShaHash);
            logger.trace("Given Signing:".concat(str3));
        }
        if (!calcShaHash.equals(substring2)) {
            if (logger.isDebugEnabled()) {
                logger.debug("Cookie sig does not match expected. Given=" + substring2 + " Expected=" + calcShaHash);
            }
            return false;
        }
        NonceProvider.NonceValidity nonceValidity = this.nonceProvider.getNonceValidity(substring, null);
        if (nonceValidity == null) {
            throw new RuntimeException("Unhandled nonce validity value");
        }
        int i = AnonymousClass1.$SwitchMap$io$milton$http$http11$auth$NonceProvider$NonceValidity[nonceValidity.ordinal()];
        if (i != 1) {
            if (i != 2) {
                if (i != 3) {
                    throw new RuntimeException("Unhandled nonce validity value");
                }
                StringBuilder r2 = a.r("Received an invalid nonce: ", substring, " not found in provider: ");
                r2.append(this.nonceProvider);
                logger.warn(r2.toString());
                return false;
            }
            logger.warn("Nonce is valid, but expired. We will accept it but reset it");
            setLoginCookies(str, request);
        }
        return true;
    }

    @Override // io.milton.http.AuthenticationHandler
    public void appendChallenges(Resource resource, Request request, List<String> list) {
        for (AuthenticationHandler authenticationHandler : this.handlers) {
            if (authenticationHandler.isCompatible(resource, request)) {
                authenticationHandler.appendChallenges(resource, request, list);
            }
        }
    }

    @Override // io.milton.http.AuthenticationHandler
    public Object authenticate(Resource resource, Request request) {
        List<AuthenticationHandler> list = (List) request.getAttributes().get("_delegatedAuthenticationHandler");
        Resource resource2 = null;
        if (list != null && !list.isEmpty()) {
            for (AuthenticationHandler authenticationHandler : list) {
                Logger logger = log;
                if (logger.isTraceEnabled()) {
                    logger.trace("authenticate: use delegateHandler: " + authenticationHandler);
                }
                Object authenticate = authenticationHandler.authenticate(resource, request);
                if (authenticate != null) {
                    logger.warn("authenticate: auth.tag is not an instance of " + DiscretePrincipal.class + ", is: " + authenticate.getClass() + " so is not compatible with cookie authentication");
                    if (!(authenticationHandler instanceof FormAuthenticationHandler)) {
                        return authenticate;
                    }
                    LoginResponseHandler.setDisableHtmlResponse(request);
                    return null;
                }
                logger.info("Login failed by delegated handler: " + authenticationHandler.getClass());
            }
            return null;
        }
        Logger logger2 = log;
        logger2.trace("no delegating handler");
        if (isLogout(request)) {
            logger2.trace("authenticate: is logout");
            return null;
        }
        String userUrl = getUserUrl(request);
        if (userUrl == null) {
            logger2.trace("authenticate: no userUrl in request or cookie, nothing to do");
            return null;
        }
        if (logger2.isTraceEnabled()) {
            logger2.trace("authenticate: userUrl=".concat(userUrl));
        }
        String hostHeader = request.getHostHeader();
        try {
            Resource resource3 = this.principalResourceFactory.getResource(hostHeader, userUrl);
            logger2.trace("found current user: " + resource3);
            resource2 = resource3;
        } catch (BadRequestException e) {
            log.error("Couldnt check userUrl in cookie", (Throwable) e);
        } catch (NotAuthorizedException e2) {
            log.error("Couldnt check userUrl in cookie", (Throwable) e2);
        }
        if (resource2 == null) {
            Logger logger3 = log;
            StringBuilder p2 = org.apache.velocity.runtime.parser.a.p("User not found host: ", hostHeader, " userUrl: ", userUrl, " with resourcefactory: ");
            p2.append(this.principalResourceFactory);
            logger3.warn(p2.toString());
            clearCookieValue(HttpManager.response());
        } else if (request.getParams() == null || !(request.getParams().containsKey("miltonUserUrl") || request.getParams().containsKey("loginToken"))) {
            log.trace("Do not set cookies, because token did not come from request variable");
        } else {
            log.warn("Found user from request, but user object is not expected type. Should be " + DiscretePrincipal.class + " but is " + resource2.getClass());
        }
        return resource2;
    }

    @Override // io.milton.http.AuthenticationHandler
    public boolean credentialsPresent(Request request) {
        String userUrlFromRequest = getUserUrlFromRequest(request);
        if (userUrlFromRequest != null && userUrlFromRequest.length() > 0) {
            return true;
        }
        Iterator<AuthenticationHandler> it = this.handlers.iterator();
        while (it.hasNext()) {
            if (it.next().credentialsPresent(request)) {
                return true;
            }
        }
        return false;
    }

    public String encodeUserUrl(String str) {
        return ch.qos.logback.core.sift.a.l("b64", Utils.percentEncode(base64.toString(str.getBytes(Utils.UTF8))));
    }

    public String getHashFromRequest(Request request) {
        String cookieOrParam;
        String paramVal = getParamVal(request, "miltonUserUrlHash");
        if (paramVal == null) {
            if (request.getAttributes().containsKey("miltonUserUrlHash")) {
                paramVal = (String) request.getAttributes().get("miltonUserUrlHash");
            }
            if (paramVal == null && (cookieOrParam = getCookieOrParam(request, "loginToken")) != null) {
                String str = new String(base64.fromString(cookieOrParam));
                if (str.contains("|")) {
                    String[] split = str.split("\\|");
                    if (split.length == 2) {
                        paramVal = split[1];
                    } else {
                        log.warn("getHashFromRequest: loginToken is invalid: {}", str);
                    }
                } else {
                    log.warn("getHashFromRequest: loginToken is invalid: {}", str);
                }
            }
        }
        return paramVal == null ? getCookieOrParam(request, "miltonUserUrlHash") : paramVal;
    }

    public String getUrlSigningHash(String str, Request request) {
        return getUrlSigningHash(str, request, getDomain(request));
    }

    public String getUrlSigningHash(String str, Request request, String str2) {
        String createNonce = this.nonceProvider.createNonce(request);
        String str3 = createNonce + ":" + str + ":" + str2;
        String str4 = (String) a.b(this.keys, 1);
        String calcShaHash = HmacUtils.calcShaHash(str3, str4);
        String j = org.apache.velocity.runtime.parser.a.j(createNonce, ":", calcShaHash);
        Logger logger = log;
        if (logger.isTraceEnabled()) {
            logger.trace("Message:" + str3);
            logger.trace("Key:" + str4);
            logger.trace("Hash:" + calcShaHash);
            logger.trace("Signing:" + j);
        }
        return j;
    }

    public String getUserUrl(Request request) {
        String userUrlFromRequest;
        if (request != null && (userUrlFromRequest = getUserUrlFromRequest(request)) != null) {
            String trim = userUrlFromRequest.trim();
            if (trim.length() > 0) {
                if (verifyHash(trim, request)) {
                    return trim;
                }
                log.info("Invalid userUrl hash, possible attempted hacking attempt. userUrl=".concat(trim));
            }
        }
        return null;
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x004c  */
    /* JADX WARN: Removed duplicated region for block: B:14:0x0054  */
    /* JADX WARN: Removed duplicated region for block: B:9:0x0044  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String getUserUrlFromRequest(io.milton.http.Request r7) {
        /*
            r6 = this;
            java.lang.String r0 = "loginToken"
            java.lang.String r0 = r6.getCookieOrParam(r7, r0)
            r1 = 0
            if (r0 == 0) goto L41
            byte[] r0 = io.milton.dns.utils.base64.fromString(r0)
            java.lang.String r2 = new java.lang.String
            r2.<init>(r0)
            java.lang.String r0 = "|"
            boolean r0 = r2.contains(r0)
            java.lang.String r3 = "getUserUrlFromRequest: loginToken is invalid: {}"
            if (r0 == 0) goto L3c
            java.lang.String r0 = "\\|"
            java.lang.String[] r0 = r2.split(r0)
            int r4 = r0.length
            r5 = 2
            if (r4 != r5) goto L36
            r2 = 0
            r2 = r0[r2]
            java.util.Map r3 = r7.getAttributes()
            r4 = 1
            r0 = r0[r4]
            java.lang.String r4 = "miltonUserUrlHash"
            r3.put(r4, r0)
            goto L42
        L36:
            org.slf4j.Logger r0 = io.milton.http.http11.auth.CookieAuthenticationHandler.log
            r0.warn(r3, r2)
            goto L41
        L3c:
            org.slf4j.Logger r0 = io.milton.http.http11.auth.CookieAuthenticationHandler.log
            r0.warn(r3, r2)
        L41:
            r2 = r1
        L42:
            if (r2 != 0) goto L4a
            java.lang.String r0 = "miltonUserUrl"
            java.lang.String r2 = r6.getCookieOrParam(r7, r0)
        L4a:
            if (r2 != 0) goto L54
            org.slf4j.Logger r7 = io.milton.http.http11.auth.CookieAuthenticationHandler.log
            java.lang.String r0 = "getUserUrlFromRequest: Null encodedUserUrl"
            r7.trace(r0)
            return r1
        L54:
            org.slf4j.Logger r7 = io.milton.http.http11.auth.CookieAuthenticationHandler.log
            boolean r0 = r7.isDebugEnabled()
            if (r0 == 0) goto L65
            java.lang.String r0 = "getUserUrlFromRequest: Raw:"
            java.lang.String r0 = r0.concat(r2)
            r7.debug(r0)
        L65:
            java.lang.String r0 = "b64"
            boolean r0 = r2.startsWith(r0)
            if (r0 != 0) goto L73
            java.lang.String r0 = "Looks like a plain path, return as is"
            r7.trace(r0)
            return r2
        L73:
            java.lang.String r0 = "Looks like a base64 encoded string"
            r7.trace(r0)
            r0 = 3
            java.lang.String r0 = r2.substring(r0)
            java.lang.String r0 = io.milton.common.Utils.decodePath(r0)
            boolean r1 = r7.isDebugEnabled()
            if (r1 == 0) goto L98
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            java.lang.String r2 = "getUserUrlFromRequest: Percent decoded:"
            r1.<init>(r2)
            r1.append(r0)
            java.lang.String r1 = r1.toString()
            r7.debug(r1)
        L98:
            byte[] r1 = io.milton.dns.utils.base64.fromString(r0)
            if (r1 != 0) goto La4
            java.lang.String r1 = "Failed to decode encodedUserUrl, so maybe its not encoded, return as it is"
            r7.debug(r1)
            return r0
        La4:
            java.lang.String r0 = new java.lang.String
            r0.<init>(r1)
            boolean r1 = r7.isDebugEnabled()
            if (r1 == 0) goto Lb8
            java.lang.String r1 = "getUserUrlFromRequest: Decoded user url:"
            java.lang.String r1 = r1.concat(r0)
            r7.debug(r1)
        Lb8:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: io.milton.http.http11.auth.CookieAuthenticationHandler.getUserUrlFromRequest(io.milton.http.Request):java.lang.String");
    }

    @Override // io.milton.http.AuthenticationHandler
    public boolean isCompatible(Resource resource, Request request) {
        Iterator<AuthenticationHandler> it = this.handlers.iterator();
        while (it.hasNext()) {
            if (it.next().isCompatible(resource, request)) {
                return true;
            }
        }
        return false;
    }

    public void setLoginCookies(String str, Request request) {
        if (request == null) {
            return;
        }
        Response response = HttpManager.response();
        if (response == null) {
            log.trace("setLoginCookies: No response object");
            return;
        }
        String urlSigningHash = getUrlSigningHash(str, request);
        String str2 = request.getParams() != null ? request.getParams().get(this.keepLoggedInParamName) : null;
        setCookieValues(response, str, urlSigningHash, str2 != null ? str2.equalsIgnoreCase("true") : true);
        request.getAttributes().put(this.userUrlAttName, str);
    }

    public void setUseLongLivedCookies(boolean z2) {
        this.useLongLivedCookies = z2;
    }

    @Override // io.milton.http.AuthenticationHandler
    public boolean supports(Resource resource, Request request) {
        if (isLogout(request)) {
            String userUrl = getUserUrl(request);
            log.info("Is LogOut request, clear cookie");
            if (userUrl != null && userUrl.length() > 0) {
                clearCookieValue(HttpManager.response());
            }
        }
        ArrayList arrayList = new ArrayList();
        for (AuthenticationHandler authenticationHandler : this.handlers) {
            if (authenticationHandler.supports(resource, request)) {
                log.info("Found child handler who supports this request {}", authenticationHandler);
                arrayList.add(authenticationHandler);
            }
        }
        if (arrayList.isEmpty()) {
            return getUserUrl(request) != null;
        }
        request.getAttributes().put("_delegatedAuthenticationHandler", arrayList);
        return true;
    }
}
