package io.milton.http.http11.auth;

import android.support.v4.media.session.MediaSessionCompat;
import c.a.a.a.a;
import io.milton.common.Utils;
import io.milton.http.AuthenticationHandler;
import io.milton.http.BeanCookie;
import io.milton.http.HttpManager;
import io.milton.http.Request;
import io.milton.http.ResourceFactory;
import io.milton.http.Response;
import io.milton.http.exceptions.BadRequestException;
import io.milton.http.exceptions.NotAuthorizedException;
import io.milton.http.http11.auth.NonceProvider;
import io.milton.principal.DiscretePrincipal;
import io.milton.principal.HrefPrincipleId;
import io.milton.resource.Resource;
import java.io.ByteArrayOutputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import org.apache.mina.proxy.handlers.socks.SocksProxyConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class CookieAuthenticationHandler implements AuthenticationHandler {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CookieAuthenticationHandler.class);
    private final List<AuthenticationHandler> handlers;
    private final List<String> keys;
    private final NonceProvider nonceProvider;
    private final ResourceFactory principalResourceFactory;
    private boolean useLongLivedCookies = true;

    public CookieAuthenticationHandler(NonceProvider nonceProvider, List<AuthenticationHandler> list, ResourceFactory resourceFactory, List<String> list2) {
        this.nonceProvider = nonceProvider;
        this.handlers = list;
        this.principalResourceFactory = resourceFactory;
        this.keys = list2;
    }

    private String getCookieOrParam(Request request, String str) {
        String str2;
        if (request == null) {
            return null;
        }
        if (request.getParams() != null && (str2 = request.getParams().get(str)) != null) {
            return str2;
        }
        BeanCookie cookie = request.getCookie(str);
        if (cookie != null) {
            return cookie.getValue();
        }
        return null;
    }

    private String getDomain(Request request) {
        String hostHeader = request.getHostHeader();
        if (hostHeader.contains(":")) {
            hostHeader = hostHeader.substring(0, hostHeader.indexOf(":"));
        }
        return hostHeader == null ? "nohost" : hostHeader;
    }

    private boolean isLogout(Request request) {
        String str;
        return (request.getParams() == null || (str = request.getParams().get("miltonLogout")) == null || str.length() <= 0) ? false : true;
    }

    @Override // io.milton.http.AuthenticationHandler
    public void appendChallenges(Resource resource, Request request, List<String> list) {
        for (AuthenticationHandler authenticationHandler : this.handlers) {
            if (authenticationHandler.isCompatible(resource, request)) {
                authenticationHandler.appendChallenges(resource, request, list);
            }
        }
    }

    @Override // io.milton.http.AuthenticationHandler
    public Object authenticate(Resource resource, Request request) {
        String str;
        List<AuthenticationHandler> list = (List) request.getAttributes().get("_delegatedAuthenticationHandler");
        Object obj = null;
        if (list != null && !list.isEmpty()) {
            for (AuthenticationHandler authenticationHandler : list) {
                Logger logger = log;
                if (logger.isTraceEnabled()) {
                    logger.trace("authenticate: use delegateHandler: " + authenticationHandler);
                }
                Object authenticate = authenticationHandler.authenticate(resource, request);
                if (authenticate != null) {
                    if (authenticate instanceof DiscretePrincipal) {
                        setLoginCookies((DiscretePrincipal) authenticate, request);
                        logger.trace("authenticate: authentication passed by delegated handler, persisted userUrl to cookie");
                    } else {
                        logger.warn("authenticate: auth.tag is not an instance of " + DiscretePrincipal.class + ", is: " + authenticate.getClass() + " so is not compatible with cookie authentication");
                        if (authenticationHandler instanceof FormAuthenticationHandler) {
                            LoginResponseHandler.setDisableHtmlResponse(request);
                            return null;
                        }
                    }
                    return authenticate;
                }
                StringBuilder k0 = a.k0("Login failed by delegated handler: ");
                k0.append(authenticationHandler.getClass());
                logger.info(k0.toString());
            }
            return null;
        }
        Logger logger2 = log;
        logger2.trace("no delegating handler");
        if (isLogout(request)) {
            str = "authenticate: is logout";
        } else {
            String userUrl = getUserUrl(request);
            if (userUrl != null) {
                if (logger2.isTraceEnabled()) {
                    logger2.trace("authenticate: userUrl=" + userUrl);
                }
                String hostHeader = request.getHostHeader();
                try {
                    Object resource2 = this.principalResourceFactory.getResource(hostHeader, userUrl);
                    logger2.trace("found current user: " + resource2);
                    obj = resource2;
                } catch (BadRequestException | NotAuthorizedException e) {
                    log.error("Couldnt check userUrl in cookie", e);
                }
                if (obj == null) {
                    Logger logger3 = log;
                    StringBuilder r0 = a.r0("User not found host: ", hostHeader, " userUrl: ", userUrl, " with resourcefactory: ");
                    r0.append(this.principalResourceFactory);
                    logger3.warn(r0.toString());
                    Response response = HttpManager.response();
                    logger3.info("clearCookieValue");
                    response.setCookie("miltonUserUrl", "");
                    response.setCookie("miltonUserUrlHash", "");
                } else if (request.getParams() == null || !(request.getParams().containsKey("miltonUserUrl") || request.getParams().containsKey("loginToken"))) {
                    log.trace("Do not set cookies, because token did not come from request variable");
                } else if (obj instanceof DiscretePrincipal) {
                    setLoginCookies((DiscretePrincipal) obj, request);
                } else {
                    log.warn("Found user from request, but user object is not expected type. Should be " + DiscretePrincipal.class + " but is " + obj.getClass());
                }
                return obj;
            }
            str = "authenticate: no userUrl in request or cookie, nothing to do";
        }
        logger2.trace(str);
        return null;
    }

    @Override // io.milton.http.AuthenticationHandler
    public boolean credentialsPresent(Request request) {
        String userUrlFromRequest = getUserUrlFromRequest(request);
        if (userUrlFromRequest != null && userUrlFromRequest.length() > 0) {
            return true;
        }
        Iterator<AuthenticationHandler> it = this.handlers.iterator();
        while (it.hasNext()) {
            if (it.next().credentialsPresent(request)) {
                return true;
            }
        }
        return false;
    }

    public String getUserUrl(Request request) {
        String str;
        String cookieOrParam;
        String userUrlFromRequest = getUserUrlFromRequest(request);
        if (userUrlFromRequest != null) {
            String trim = userUrlFromRequest.trim();
            if (trim.length() > 0) {
                if (request.getParams() == null || (str = request.getParams().get("miltonUserUrlHash")) == null) {
                    str = null;
                }
                boolean z = true;
                if (str == null) {
                    if (request.getAttributes().containsKey("miltonUserUrlHash")) {
                        str = (String) request.getAttributes().get("miltonUserUrlHash");
                    }
                    if (str == null && (cookieOrParam = getCookieOrParam(request, "loginToken")) != null) {
                        String str2 = new String(MediaSessionCompat.fromString(cookieOrParam));
                        if (str2.contains("|")) {
                            String[] split = str2.split("\\|");
                            if (split.length == 2) {
                                str = split[1];
                            }
                        }
                        log.warn("getHashFromRequest: loginToken is invalid: {}", str2);
                    }
                }
                if (str == null) {
                    str = getCookieOrParam(request, "miltonUserUrlHash");
                }
                int i = 0;
                if (str != null) {
                    String trim2 = str.replace("\"", "").trim();
                    if (trim2.length() == 0) {
                        log.warn("cookie signature is not present in cookie: miltonUserUrlHash");
                    } else {
                        for (String str3 : this.keys) {
                            if (str3 != null && str3.length() > 0) {
                                int indexOf = trim2.indexOf(":");
                                if (indexOf < 1) {
                                    log.warn("Invalid cookie signing format, no semi-colon: " + trim2 + " Should be in form - nonce:hmac");
                                } else {
                                    String domain = getDomain(request);
                                    String substring = trim2.substring(i, indexOf);
                                    String substring2 = trim2.substring(indexOf + 1);
                                    String O = a.O(substring, ":", trim, ":", domain);
                                    String calcShaHash = MediaSessionCompat.calcShaHash(O, str3);
                                    Logger logger = log;
                                    if (logger.isTraceEnabled()) {
                                        logger.trace("Message:" + O);
                                        logger.trace("Key:" + str3);
                                        logger.trace("Hash:" + calcShaHash);
                                        logger.trace("Given Signing:" + trim2);
                                    }
                                    if (calcShaHash.equals(substring2)) {
                                        NonceProvider.NonceValidity nonceValidity = this.nonceProvider.getNonceValidity(substring, null);
                                        if (nonceValidity == null) {
                                            throw new RuntimeException("Unhandled nonce validity value");
                                        }
                                        int ordinal = nonceValidity.ordinal();
                                        if (ordinal != 0) {
                                            if (ordinal == 1) {
                                                logger.warn("Nonce is valid, but expired. We will accept it but reset it");
                                                setLoginCookies(trim, request);
                                            } else {
                                                if (ordinal != 2) {
                                                    throw new RuntimeException("Unhandled nonce validity value");
                                                }
                                                StringBuilder q0 = a.q0("Received an invalid nonce: ", substring, " not found in provider: ");
                                                q0.append(this.nonceProvider);
                                                logger.warn(q0.toString());
                                            }
                                        }
                                        i = 1;
                                    } else if (logger.isDebugEnabled()) {
                                        logger.debug("Cookie sig does not match expected. Given=" + substring2 + " Expected=" + calcShaHash);
                                    }
                                    i = 0;
                                }
                                if (i != 0) {
                                    break;
                                }
                            }
                            i = 0;
                        }
                    }
                }
                z = false;
                if (z) {
                    return trim;
                }
                log.info("Invalid userUrl hash, possible attempted hacking attempt. userUrl=" + trim);
            }
        }
        return null;
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x0048  */
    /* JADX WARN: Removed duplicated region for block: B:15:0x004e  */
    /* JADX WARN: Removed duplicated region for block: B:9:0x003e  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String getUserUrlFromRequest(io.milton.http.Request r7) {
        /*
            r6 = this;
            java.lang.String r0 = "loginToken"
            java.lang.String r0 = r6.getCookieOrParam(r7, r0)
            r1 = 0
            if (r0 == 0) goto L3b
            byte[] r0 = android.support.v4.media.session.MediaSessionCompat.fromString(r0)
            java.lang.String r2 = new java.lang.String
            r2.<init>(r0)
            java.lang.String r0 = "|"
            boolean r0 = r2.contains(r0)
            java.lang.String r3 = "getUserUrlFromRequest: loginToken is invalid: {}"
            if (r0 == 0) goto L36
            java.lang.String r0 = "\\|"
            java.lang.String[] r0 = r2.split(r0)
            int r4 = r0.length
            r5 = 2
            if (r4 != r5) goto L36
            r2 = 0
            r2 = r0[r2]
            java.util.Map r3 = r7.getAttributes()
            r4 = 1
            r0 = r0[r4]
            java.lang.String r4 = "miltonUserUrlHash"
            r3.put(r4, r0)
            goto L3c
        L36:
            org.slf4j.Logger r0 = io.milton.http.http11.auth.CookieAuthenticationHandler.log
            r0.warn(r3, r2)
        L3b:
            r2 = r1
        L3c:
            if (r2 != 0) goto L44
            java.lang.String r0 = "miltonUserUrl"
            java.lang.String r2 = r6.getCookieOrParam(r7, r0)
        L44:
            org.slf4j.Logger r7 = io.milton.http.http11.auth.CookieAuthenticationHandler.log
            if (r2 != 0) goto L4e
            java.lang.String r0 = "getUserUrlFromRequest: Null encodedUserUrl"
            r7.trace(r0)
            return r1
        L4e:
            boolean r0 = r7.isDebugEnabled()
            if (r0 == 0) goto L68
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r0.<init>()
            java.lang.String r1 = "getUserUrlFromRequest: Raw:"
            r0.append(r1)
            r0.append(r2)
            java.lang.String r0 = r0.toString()
            r7.debug(r0)
        L68:
            java.lang.String r0 = "b64"
            boolean r0 = r2.startsWith(r0)
            if (r0 != 0) goto L76
            java.lang.String r0 = "Looks like a plain path, return as is"
            r7.trace(r0)
            return r2
        L76:
            java.lang.String r0 = "Looks like a base64 encoded string"
            r7.trace(r0)
            r0 = 3
            java.lang.String r0 = r2.substring(r0)
            java.lang.String r0 = io.milton.common.Utils.decodePath(r0)
            boolean r1 = r7.isDebugEnabled()
            if (r1 == 0) goto L9e
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r1.<init>()
            java.lang.String r2 = "getUserUrlFromRequest: Percent decoded:"
            r1.append(r2)
            r1.append(r0)
            java.lang.String r1 = r1.toString()
            r7.debug(r1)
        L9e:
            byte[] r1 = android.support.v4.media.session.MediaSessionCompat.fromString(r0)
            if (r1 != 0) goto Laa
            java.lang.String r1 = "Failed to decode encodedUserUrl, so maybe its not encoded, return as it is"
            r7.debug(r1)
            return r0
        Laa:
            java.lang.String r0 = new java.lang.String
            r0.<init>(r1)
            boolean r1 = r7.isDebugEnabled()
            if (r1 == 0) goto Lc9
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r1.<init>()
            java.lang.String r2 = "getUserUrlFromRequest: Decoded user url:"
            r1.append(r2)
            r1.append(r0)
            java.lang.String r1 = r1.toString()
            r7.debug(r1)
        Lc9:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: io.milton.http.http11.auth.CookieAuthenticationHandler.getUserUrlFromRequest(io.milton.http.Request):java.lang.String");
    }

    @Override // io.milton.http.AuthenticationHandler
    public boolean isCompatible(Resource resource, Request request) {
        Iterator<AuthenticationHandler> it = this.handlers.iterator();
        while (it.hasNext()) {
            if (it.next().isCompatible(resource, request)) {
                return true;
            }
        }
        return false;
    }

    public void setLoginCookies(DiscretePrincipal discretePrincipal, Request request) {
        log.trace("setLoginCookies");
        Objects.requireNonNull(discretePrincipal.getIdenitifer(), "getIdenitifer object is null");
        String value = ((HrefPrincipleId) discretePrincipal.getIdenitifer()).getValue();
        Objects.requireNonNull(value, "user identifier returned a null value");
        setLoginCookies(value, request);
    }

    public void setLoginCookies(String str, Request request) {
        char c2;
        if (request == null) {
            return;
        }
        Response response = HttpManager.response();
        if (response == null) {
            log.trace("setLoginCookies: No response object");
            return;
        }
        String domain = getDomain(request);
        String createNonce = this.nonceProvider.createNonce(request);
        String O = a.O(createNonce, ":", str, ":", domain);
        String str2 = this.keys.get(r7.size() - 1);
        String calcShaHash = MediaSessionCompat.calcShaHash(O, str2);
        String K = a.K(createNonce, ":", calcShaHash);
        Logger logger = log;
        if (logger.isTraceEnabled()) {
            logger.trace("Message:" + O);
            logger.trace("Key:" + str2);
            logger.trace("Hash:" + calcShaHash);
            logger.trace("Signing:" + K);
        }
        String str3 = request.getParams() != null ? request.getParams().get("keepLoggedIn") : null;
        if (str3 != null) {
            str3.equalsIgnoreCase("true");
        }
        logger.trace("setCookieValues");
        BeanCookie beanCookie = new BeanCookie("miltonUserUrl");
        byte[] bytes = str.getBytes(Utils.UTF8);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        char c3 = 0;
        int i = 0;
        while (true) {
            if (i >= (bytes.length + 2) / 3) {
                beanCookie.setValue("b64" + Utils.percentEncode(new String(byteArrayOutputStream.toByteArray())));
                response.setCookie(beanCookie);
                BeanCookie beanCookie2 = new BeanCookie("miltonUserUrlHash");
                beanCookie2.setValue("\"" + K + "\"");
                response.setCookie(beanCookie2);
                request.getAttributes().put("userUrl", str);
                return;
            }
            short[] sArr = new short[3];
            short[] sArr2 = new short[4];
            int i2 = 0;
            for (int i3 = 3; i2 < i3; i3 = 3) {
                int i4 = (i * 3) + i2;
                if (i4 < bytes.length) {
                    sArr[i2] = (short) (bytes[i4] & SocksProxyConstants.NO_ACCEPTABLE_AUTH_METHOD);
                } else {
                    sArr[i2] = -1;
                }
                i2++;
            }
            sArr2[c3] = (short) (sArr[c3] >> 2);
            if (sArr[1] == -1) {
                c2 = 3;
                sArr2[1] = (short) ((sArr[c3] & 3) << 4);
            } else {
                c2 = 3;
                sArr2[1] = (short) (((sArr[c3] & 3) << 4) + (sArr[1] >> 4));
            }
            if (sArr[1] == -1) {
                sArr2[c2] = 64;
                sArr2[2] = 64;
            } else if (sArr[2] == -1) {
                sArr2[2] = (short) ((sArr[1] & 15) << 2);
                sArr2[c2] = 64;
            } else {
                sArr2[2] = (short) (((sArr[1] & 15) << 2) + (sArr[2] >> 6));
                sArr2[3] = (short) (sArr[2] & 63);
            }
            for (int i5 = 0; i5 < 4; i5++) {
                byteArrayOutputStream.write("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".charAt(sArr2[i5]));
            }
            i++;
            c3 = 0;
        }
    }

    public void setUseLongLivedCookies(boolean z) {
        this.useLongLivedCookies = z;
    }

    @Override // io.milton.http.AuthenticationHandler
    public boolean supports(Resource resource, Request request) {
        if (isLogout(request)) {
            String userUrl = getUserUrl(request);
            Logger logger = log;
            logger.info("Is LogOut request, clear cookie");
            if (userUrl != null && userUrl.length() > 0) {
                Response response = HttpManager.response();
                logger.info("clearCookieValue");
                response.setCookie("miltonUserUrl", "");
                response.setCookie("miltonUserUrlHash", "");
            }
        }
        ArrayList arrayList = new ArrayList();
        for (AuthenticationHandler authenticationHandler : this.handlers) {
            if (authenticationHandler.supports(resource, request)) {
                log.info("Found child handler who supports this request {}", authenticationHandler);
                arrayList.add(authenticationHandler);
            }
        }
        if (arrayList.isEmpty()) {
            return getUserUrl(request) != null;
        }
        request.getAttributes().put("_delegatedAuthenticationHandler", arrayList);
        return true;
    }
}
