package io.milton.http.http11.auth;

import com.google.android.exoplayer2.util.Assertions;
import h.a.a.a.a;
import i.b.c.p;
import io.milton.http.AuthenticationHandler;
import io.milton.http.BeanCookie;
import io.milton.http.HttpManager;
import io.milton.http.Request;
import io.milton.http.ResourceFactory;
import io.milton.http.Response;
import io.milton.http.exceptions.BadRequestException;
import io.milton.http.exceptions.NotAuthorizedException;
import io.milton.http.http11.auth.NonceProvider;
import io.milton.resource.s;
import java.io.ByteArrayOutputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import m.d.b;
import m.d.c;
import org.apache.mina.proxy.handlers.socks.SocksProxyConstants;

/* loaded from: classes.dex */
public class CookieAuthenticationHandler implements AuthenticationHandler {

    /* renamed from: f, reason: collision with root package name */
    private static final b f1740f = c.d(CookieAuthenticationHandler.class);
    private final List<AuthenticationHandler> a;
    private final ResourceFactory b;
    private final NonceProvider c;
    private boolean d = true;
    private final List<String> e;

    public CookieAuthenticationHandler(NonceProvider nonceProvider, List<AuthenticationHandler> list, ResourceFactory resourceFactory, List<String> list2) {
        this.c = nonceProvider;
        this.a = list;
        this.b = resourceFactory;
        this.e = list2;
    }

    private void f(Response response) {
        f1740f.info("clearCookieValue");
        response.setCookie("miltonUserUrl", "");
        response.setCookie("miltonUserUrlHash", "");
    }

    private String h(Request request, String str) {
        String str2;
        if (request == null) {
            return null;
        }
        if (request.getParams() != null && (str2 = request.getParams().get(str)) != null) {
            return str2;
        }
        BeanCookie cookie = request.getCookie(str);
        if (cookie != null) {
            return cookie.a();
        }
        return null;
    }

    private String i(Request request) {
        String hostHeader = request.getHostHeader();
        if (hostHeader.contains(":")) {
            hostHeader = hostHeader.substring(0, hostHeader.indexOf(":"));
        }
        return hostHeader == null ? "nohost" : hostHeader;
    }

    private String k(Request request, String str) {
        String str2;
        if (request.getParams() == null || (str2 = request.getParams().get(str)) == null) {
            return null;
        }
        return str2;
    }

    private boolean p(Request request) {
        String str;
        return (request.getParams() == null || (str = request.getParams().get("miltonLogout")) == null || str.length() <= 0) ? false : true;
    }

    private void q(Response response, String str, String str2, boolean z) {
        f1740f.trace("setCookieValues");
        BeanCookie beanCookie = new BeanCookie("miltonUserUrl");
        beanCookie.b(g(str));
        response.setCookie(beanCookie);
        BeanCookie beanCookie2 = new BeanCookie("miltonUserUrlHash");
        beanCookie2.b("\"" + str2 + "\"");
        response.setCookie(beanCookie2);
    }

    private boolean u(String str, Request request) {
        String j2 = j(request);
        if (j2 == null) {
            return false;
        }
        String trim = j2.replace("\"", "").trim();
        if (trim.length() == 0) {
            f1740f.warn("cookie signature is not present in cookie: miltonUserUrlHash");
            return false;
        }
        for (String str2 : this.e) {
            if (str2 != null && str2.length() > 0 && v(str, str2, trim, request)) {
                return true;
            }
        }
        return false;
    }

    private boolean v(String str, String str2, String str3, Request request) {
        int indexOf = str3.indexOf(":");
        if (indexOf < 1) {
            f1740f.warn("Invalid cookie signing format, no semi-colon: " + str3 + " Should be in form - nonce:hmac");
            return false;
        }
        String i2 = i(request);
        String substring = str3.substring(0, indexOf);
        String substring2 = str3.substring(indexOf + 1);
        String A = a.A(substring, ":", str, ":", i2);
        String a = Assertions.a(A, str2);
        b bVar = f1740f;
        if (bVar.isTraceEnabled()) {
            bVar.trace("Message:" + A);
            bVar.trace("Key:" + str2);
            bVar.trace("Hash:" + a);
            bVar.trace("Given Signing:" + str3);
        }
        if (!a.equals(substring2)) {
            if (bVar.isDebugEnabled()) {
                bVar.debug("Cookie sig does not match expected. Given=" + substring2 + " Expected=" + a);
            }
            return false;
        }
        NonceProvider.NonceValidity nonceValidity = this.c.getNonceValidity(substring, null);
        if (nonceValidity == null) {
            throw new RuntimeException("Unhandled nonce validity value");
        }
        int ordinal = nonceValidity.ordinal();
        if (ordinal != 0) {
            if (ordinal != 1) {
                if (ordinal != 2) {
                    throw new RuntimeException("Unhandled nonce validity value");
                }
                StringBuilder W = a.W("Received an invalid nonce: ", substring, " not found in provider: ");
                W.append(this.c);
                bVar.warn(W.toString());
                return false;
            }
            bVar.warn("Nonce is valid, but expired. We will accept it but reset it");
            s(str, request);
        }
        return true;
    }

    @Override // io.milton.http.AuthenticationHandler
    public boolean a(s sVar, Request request) {
        if (p(request)) {
            String n = n(request);
            f1740f.info("Is LogOut request, clear cookie");
            if (n != null && n.length() > 0) {
                f(HttpManager.s());
            }
        }
        ArrayList arrayList = new ArrayList();
        for (AuthenticationHandler authenticationHandler : this.a) {
            if (authenticationHandler.a(sVar, request)) {
                f1740f.info("Found child handler who supports this request {}", authenticationHandler);
                arrayList.add(authenticationHandler);
            }
        }
        if (arrayList.isEmpty()) {
            return n(request) != null;
        }
        request.getAttributes().put("_delegatedAuthenticationHandler", arrayList);
        return true;
    }

    @Override // io.milton.http.AuthenticationHandler
    public boolean b(s sVar, Request request) {
        Iterator<AuthenticationHandler> it = this.a.iterator();
        while (it.hasNext()) {
            if (it.next().b(sVar, request)) {
                return true;
            }
        }
        return false;
    }

    @Override // io.milton.http.AuthenticationHandler
    public void c(s sVar, Request request, List<String> list) {
        for (AuthenticationHandler authenticationHandler : this.a) {
            if (authenticationHandler.b(sVar, request)) {
                authenticationHandler.c(sVar, request, list);
            }
        }
    }

    @Override // io.milton.http.AuthenticationHandler
    public boolean d(Request request) {
        String o = o(request);
        if (o != null && o.length() > 0) {
            return true;
        }
        Iterator<AuthenticationHandler> it = this.a.iterator();
        while (it.hasNext()) {
            if (it.next().d(request)) {
                return true;
            }
        }
        return false;
    }

    @Override // io.milton.http.AuthenticationHandler
    public Object e(s sVar, Request request) {
        String str;
        List<AuthenticationHandler> list = (List) request.getAttributes().get("_delegatedAuthenticationHandler");
        Object obj = null;
        if (list != null && !list.isEmpty()) {
            for (AuthenticationHandler authenticationHandler : list) {
                b bVar = f1740f;
                if (bVar.isTraceEnabled()) {
                    bVar.trace("authenticate: use delegateHandler: " + authenticationHandler);
                }
                Object e = authenticationHandler.e(sVar, request);
                if (e != null) {
                    if (e instanceof io.milton.principal.b) {
                        r((io.milton.principal.b) e, request);
                        bVar.trace("authenticate: authentication passed by delegated handler, persisted userUrl to cookie");
                    } else {
                        bVar.warn("authenticate: auth.tag is not an instance of " + io.milton.principal.b.class + ", is: " + e.getClass() + " so is not compatible with cookie authentication");
                        if (authenticationHandler instanceof FormAuthenticationHandler) {
                            LoginResponseHandler.B(request);
                            return null;
                        }
                    }
                    return e;
                }
                StringBuilder R = a.R("Login failed by delegated handler: ");
                R.append(authenticationHandler.getClass());
                bVar.info(R.toString());
            }
            return null;
        }
        b bVar2 = f1740f;
        bVar2.trace("no delegating handler");
        if (p(request)) {
            str = "authenticate: is logout";
        } else {
            String n = n(request);
            if (n != null) {
                if (bVar2.isTraceEnabled()) {
                    bVar2.trace("authenticate: userUrl=" + n);
                }
                String hostHeader = request.getHostHeader();
                try {
                    Object a = this.b.a(hostHeader, n);
                    bVar2.trace("found current user: " + a);
                    obj = a;
                } catch (BadRequestException | NotAuthorizedException e2) {
                    f1740f.error("Couldnt check userUrl in cookie", e2);
                }
                if (obj == null) {
                    b bVar3 = f1740f;
                    StringBuilder X = a.X("User not found host: ", hostHeader, " userUrl: ", n, " with resourcefactory: ");
                    X.append(this.b);
                    bVar3.warn(X.toString());
                    f(HttpManager.s());
                } else if (request.getParams() == null || !(request.getParams().containsKey("miltonUserUrl") || request.getParams().containsKey("loginToken"))) {
                    f1740f.trace("Do not set cookies, because token did not come from request variable");
                } else if (obj instanceof io.milton.principal.b) {
                    r((io.milton.principal.b) obj, request);
                } else {
                    f1740f.warn("Found user from request, but user object is not expected type. Should be " + io.milton.principal.b.class + " but is " + obj.getClass());
                }
                return obj;
            }
            str = "authenticate: no userUrl in request or cookie, nothing to do";
        }
        bVar2.trace(str);
        return null;
    }

    public String g(String str) {
        byte[] bytes = str.getBytes(p.a);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (int i2 = 0; i2 < (bytes.length + 2) / 3; i2++) {
            short[] sArr = new short[3];
            short[] sArr2 = new short[4];
            for (int i3 = 0; i3 < 3; i3++) {
                int i4 = (i2 * 3) + i3;
                if (i4 < bytes.length) {
                    sArr[i3] = (short) (bytes[i4] & SocksProxyConstants.NO_ACCEPTABLE_AUTH_METHOD);
                } else {
                    sArr[i3] = -1;
                }
            }
            sArr2[0] = (short) (sArr[0] >> 2);
            if (sArr[1] == -1) {
                sArr2[1] = (short) ((sArr[0] & 3) << 4);
            } else {
                sArr2[1] = (short) (((sArr[0] & 3) << 4) + (sArr[1] >> 4));
            }
            if (sArr[1] == -1) {
                sArr2[3] = 64;
                sArr2[2] = 64;
            } else if (sArr[2] == -1) {
                sArr2[2] = (short) ((sArr[1] & 15) << 2);
                sArr2[3] = 64;
            } else {
                sArr2[2] = (short) (((sArr[1] & 15) << 2) + (sArr[2] >> 6));
                sArr2[3] = (short) (sArr[2] & 63);
            }
            for (int i5 = 0; i5 < 4; i5++) {
                byteArrayOutputStream.write("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".charAt(sArr2[i5]));
            }
        }
        return a.t("b64", p.c(new String(byteArrayOutputStream.toByteArray())));
    }

    public String j(Request request) {
        String h2;
        String k2 = k(request, "miltonUserUrlHash");
        if (k2 == null) {
            if (request.getAttributes().containsKey("miltonUserUrlHash")) {
                k2 = (String) request.getAttributes().get("miltonUserUrlHash");
            }
            if (k2 == null && (h2 = h(request, "loginToken")) != null) {
                String str = new String(Assertions.d(h2));
                if (str.contains("|")) {
                    String[] split = str.split("\\|");
                    if (split.length == 2) {
                        k2 = split[1];
                    }
                }
                f1740f.warn("getHashFromRequest: loginToken is invalid: {}", str);
            }
        }
        return k2 == null ? h(request, "miltonUserUrlHash") : k2;
    }

    public String l(String str, Request request) {
        return m(str, request, i(request));
    }

    public String m(String str, Request request, String str2) {
        String createNonce = this.c.createNonce(request);
        String A = a.A(createNonce, ":", str, ":", str2);
        String str3 = this.e.get(r7.size() - 1);
        String a = Assertions.a(A, str3);
        String v = a.v(createNonce, ":", a);
        b bVar = f1740f;
        if (bVar.isTraceEnabled()) {
            bVar.trace("Message:" + A);
            bVar.trace("Key:" + str3);
            bVar.trace("Hash:" + a);
            bVar.trace("Signing:" + v);
        }
        return v;
    }

    public String n(Request request) {
        String o = o(request);
        if (o == null) {
            return null;
        }
        String trim = o.trim();
        if (trim.length() <= 0) {
            return null;
        }
        if (u(trim, request)) {
            return trim;
        }
        f1740f.info("Invalid userUrl hash, possible attempted hacking attempt. userUrl=" + trim);
        return null;
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x0048  */
    /* JADX WARN: Removed duplicated region for block: B:15:0x004e  */
    /* JADX WARN: Removed duplicated region for block: B:9:0x003e  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String o(io.milton.http.Request r7) {
        /*
            r6 = this;
            java.lang.String r0 = "loginToken"
            java.lang.String r0 = r6.h(r7, r0)
            r1 = 0
            if (r0 == 0) goto L3b
            byte[] r0 = com.google.android.exoplayer2.util.Assertions.d(r0)
            java.lang.String r2 = new java.lang.String
            r2.<init>(r0)
            java.lang.String r0 = "|"
            boolean r0 = r2.contains(r0)
            java.lang.String r3 = "getUserUrlFromRequest: loginToken is invalid: {}"
            if (r0 == 0) goto L36
            java.lang.String r0 = "\\|"
            java.lang.String[] r0 = r2.split(r0)
            int r4 = r0.length
            r5 = 2
            if (r4 != r5) goto L36
            r2 = 0
            r2 = r0[r2]
            java.util.Map r3 = r7.getAttributes()
            r4 = 1
            r0 = r0[r4]
            java.lang.String r4 = "miltonUserUrlHash"
            r3.put(r4, r0)
            goto L3c
        L36:
            m.d.b r0 = io.milton.http.http11.auth.CookieAuthenticationHandler.f1740f
            r0.warn(r3, r2)
        L3b:
            r2 = r1
        L3c:
            if (r2 != 0) goto L44
            java.lang.String r0 = "miltonUserUrl"
            java.lang.String r2 = r6.h(r7, r0)
        L44:
            m.d.b r7 = io.milton.http.http11.auth.CookieAuthenticationHandler.f1740f
            if (r2 != 0) goto L4e
            java.lang.String r0 = "getUserUrlFromRequest: Null encodedUserUrl"
            r7.trace(r0)
            return r1
        L4e:
            boolean r0 = r7.isDebugEnabled()
            if (r0 == 0) goto L68
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r0.<init>()
            java.lang.String r1 = "getUserUrlFromRequest: Raw:"
            r0.append(r1)
            r0.append(r2)
            java.lang.String r0 = r0.toString()
            r7.debug(r0)
        L68:
            java.lang.String r0 = "b64"
            boolean r0 = r2.startsWith(r0)
            if (r0 != 0) goto L76
            java.lang.String r0 = "Looks like a plain path, return as is"
            r7.trace(r0)
            return r2
        L76:
            java.lang.String r0 = "Looks like a base64 encoded string"
            r7.trace(r0)
            r0 = 3
            java.lang.String r0 = r2.substring(r0)
            java.lang.String r0 = i.b.c.p.a(r0)
            boolean r1 = r7.isDebugEnabled()
            if (r1 == 0) goto L9e
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r1.<init>()
            java.lang.String r2 = "getUserUrlFromRequest: Percent decoded:"
            r1.append(r2)
            r1.append(r0)
            java.lang.String r1 = r1.toString()
            r7.debug(r1)
        L9e:
            byte[] r1 = com.google.android.exoplayer2.util.Assertions.d(r0)
            if (r1 != 0) goto Laa
            java.lang.String r1 = "Failed to decode encodedUserUrl, so maybe its not encoded, return as it is"
            r7.debug(r1)
            return r0
        Laa:
            java.lang.String r0 = new java.lang.String
            r0.<init>(r1)
            boolean r1 = r7.isDebugEnabled()
            if (r1 == 0) goto Lc9
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r1.<init>()
            java.lang.String r2 = "getUserUrlFromRequest: Decoded user url:"
            r1.append(r2)
            r1.append(r0)
            java.lang.String r1 = r1.toString()
            r7.debug(r1)
        Lc9:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: io.milton.http.http11.auth.CookieAuthenticationHandler.o(io.milton.http.Request):java.lang.String");
    }

    public void r(io.milton.principal.b bVar, Request request) {
        f1740f.trace("setLoginCookies");
        if (bVar.D() == null) {
            throw new NullPointerException("getIdenitifer object is null");
        }
        String a = ((io.milton.principal.c) bVar.D()).a();
        if (a == null) {
            throw new NullPointerException("user identifier returned a null value");
        }
        s(a, request);
    }

    public void s(String str, Request request) {
        if (request == null) {
            return;
        }
        Response s = HttpManager.s();
        if (s == null) {
            f1740f.trace("setLoginCookies: No response object");
            return;
        }
        String l2 = l(str, request);
        String str2 = request.getParams() != null ? request.getParams().get("keepLoggedIn") : null;
        q(s, str, l2, str2 != null ? str2.equalsIgnoreCase("true") : true);
        request.getAttributes().put("userUrl", str);
    }

    public void t(boolean z) {
        this.d = z;
    }
}
