package com.ibm.ws.sip.security.digest;

import com.ibm.sip.util.log.Log;
import com.ibm.sip.util.log.LogMgr;
import com.ibm.sip.util.log.Situation;
import com.ibm.ws.sip.security.auth.DigestConstants;
import com.ibm.ws.sip.security.auth.DigestUtils;
import jain.protocol.ip.sip.header.SecurityHeader;
import java.util.Properties;
import java.util.StringTokenizer;

/* loaded from: input_file:com/ibm/ws/sip/security/digest/SIPDigestService.class */
public class SIPDigestService {
    public static final String PROPERTY_NAME_DISABLE_MULTIPLE_USE_OF_NONCE = "com.ibm.websphere.sip.security.digest.disableMultipleUseOfNonce";
    private static final LogMgr c_logger = Log.get(SIPDigestService.class);
    private DigestPasswordServer m_passwordServer;
    private NonceManager m_nonceManager;

    public SIPDigestService(DigestPasswordServer digestPasswordServer, Properties properties) {
        this.m_passwordServer = null;
        this.m_nonceManager = null;
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry(this, "SIPDigestService");
        }
        this.m_nonceManager = NonceManagerFactory.getNonceManager(properties);
        this.m_nonceManager.init(properties);
        this.m_passwordServer = digestPasswordServer;
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "SIPDigestService");
        }
    }

    public String createNonce() {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry(this, "createNonce");
        }
        String createNonce = this.m_nonceManager.createNonce();
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "createNonce", createNonce);
        }
        return createNonce;
    }

    public boolean authenticate(String str, String str2) throws DigestPasswordServerException {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "authenticate", new Object[]{str, str2});
        }
        boolean z = false;
        if (str != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            String str3 = null;
            String str4 = null;
            String str5 = null;
            String str6 = DigestConstants.QOP_AUTH;
            String str7 = null;
            String str8 = null;
            String str9 = null;
            String str10 = null;
            String str11 = DigestConstants.ALG_MD5;
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if (c_logger.isTraceDebugEnabled()) {
                    c_logger.traceDebug(this, "handleAuthorizationHeader", "nextToken=[" + nextToken + "]");
                }
                int indexOf = nextToken.indexOf("=");
                if (nextToken.startsWith(DigestConstants.PROPERTY_USER_NAME)) {
                    str3 = nextToken.charAt(indexOf + 1) == '\"' ? nextToken.substring(indexOf + 2, nextToken.length() - 1) : nextToken.substring(indexOf + 1);
                } else if (nextToken.startsWith(DigestConstants.PROPERTY_REALM)) {
                    str4 = nextToken.charAt(indexOf + 1) == '\"' ? nextToken.substring(indexOf + 2, nextToken.length() - 1) : nextToken.substring(indexOf + 1);
                } else if (nextToken.startsWith(DigestConstants.PROPERTY_NONCE)) {
                    str5 = nextToken.charAt(indexOf + 1) == '\"' ? nextToken.substring(indexOf + 2, nextToken.length() - 1) : nextToken.substring(indexOf + 1);
                    if (!this.m_nonceManager.validateNonce(str5)) {
                        return false;
                    }
                } else if (nextToken.startsWith(DigestConstants.PROPERTY_URI)) {
                    str9 = nextToken.charAt(indexOf + 1) == '\"' ? nextToken.substring(indexOf + 2, nextToken.length() - 1) : nextToken.substring(indexOf + 1);
                } else if (nextToken.startsWith(DigestConstants.PROPERTY_RESPONSE)) {
                    str10 = nextToken.charAt(indexOf + 1) == '\"' ? nextToken.substring(indexOf + 2, nextToken.length() - 1) : nextToken.substring(indexOf + 1);
                } else if (nextToken.startsWith(DigestConstants.PROPERTY_NC)) {
                    str7 = nextToken.charAt(indexOf + 1) == '\"' ? nextToken.substring(indexOf + 2, nextToken.length() - 1) : nextToken.substring(indexOf + 1);
                } else if (nextToken.startsWith(DigestConstants.PROPERTY_CNONCE)) {
                    str8 = nextToken.charAt(indexOf + 1) == '\"' ? nextToken.substring(indexOf + 2, nextToken.length() - 1) : nextToken.substring(indexOf + 1);
                } else if (nextToken.startsWith(DigestConstants.PROPERTY_QOP)) {
                    str6 = nextToken.charAt(indexOf + 1) == '\"' ? nextToken.substring(indexOf + 2, nextToken.length() - 1) : nextToken.substring(indexOf + 1);
                } else if (nextToken.startsWith(DigestConstants.PROPERTY_ALGORITHM)) {
                    str11 = nextToken.charAt(indexOf + 1) == '\"' ? nextToken.substring(indexOf + 2, nextToken.length() - 1) : nextToken.substring(indexOf + 1);
                }
            }
            String createDigestFromAuthParams = DigestUtils.createDigestFromAuthParams(getHashedCredentials(str3, str4), str5, str6, str7, str8, str9, str11, str2, null);
            if (c_logger.isTraceDebugEnabled()) {
                c_logger.traceDebug(this, "handleAuthorizationHeader", "KD[" + createDigestFromAuthParams + "]");
            }
            if (createDigestFromAuthParams.equals(str10)) {
                z = true;
            }
        }
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "authenticate", new Boolean(z));
        }
        return z;
    }

    public AuthorizationResponse authenticate(SecurityHeader securityHeader, String str, String str2, byte[] bArr) throws DigestPasswordServerException {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "authenticate", new Object[]{securityHeader, str});
        }
        AuthorizationResponse authorizationResponse = new AuthorizationResponse();
        authorizationResponse.isAuthorized = false;
        if (securityHeader != null) {
            String parameter = securityHeader.getParameter(DigestConstants.PROPERTY_USER_NAME);
            String parameter2 = securityHeader.getParameter(DigestConstants.PROPERTY_REALM);
            String parameter3 = securityHeader.getParameter(DigestConstants.PROPERTY_NONCE);
            String parameter4 = securityHeader.getParameter(DigestConstants.PROPERTY_URI);
            String parameter5 = securityHeader.getParameter(DigestConstants.PROPERTY_QOP);
            String parameter6 = securityHeader.getParameter(DigestConstants.PROPERTY_NC);
            String parameter7 = securityHeader.getParameter(DigestConstants.PROPERTY_CNONCE);
            String parameter8 = securityHeader.getParameter(DigestConstants.PROPERTY_RESPONSE);
            String parameter9 = securityHeader.getParameter(DigestConstants.PROPERTY_ALGORITHM);
            String parameter10 = securityHeader.getParameter(DigestConstants.PROPERTY_OPAQUE);
            if (!str2.equals(parameter10)) {
                authorizationResponse.isOpaqueValid = false;
                if (c_logger.isTraceDebugEnabled()) {
                    c_logger.traceDebug(this, "authenticate", "Response opaque " + parameter10 + " is different then than current logical name, " + str2);
                }
            }
            if (!this.m_nonceManager.validateNonce(parameter3)) {
                authorizationResponse.isNonceStale = true;
                return authorizationResponse;
            }
            if (parameter9 == null) {
                parameter9 = DigestConstants.ALG_MD5;
            }
            if (c_logger.isTraceDebugEnabled()) {
                c_logger.traceDebug(this, "authenticate", "username[" + parameter + "],realm[" + parameter2 + "],nonce[" + parameter3 + "],uri[" + parameter4 + "],response[" + parameter8 + "],nc[" + parameter6 + "],cnonce[" + parameter7 + "],qop[" + parameter5 + "],alg[" + parameter9 + "],opaque[" + str2 + "]");
            }
            String hashedCredentials = getHashedCredentials(parameter, parameter2);
            if (hashedCredentials == null) {
                authorizationResponse.isUserExists = false;
                return authorizationResponse;
            }
            if (DigestUtils.createDigestFromAuthParams(hashedCredentials, parameter3, parameter5, parameter6, parameter7, parameter4, parameter9, str, bArr).equals(parameter8)) {
                authorizationResponse.isAuthorized = true;
            }
        }
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "authenticate", Boolean.toString(authorizationResponse.isAuthorized));
        }
        return authorizationResponse;
    }

    String getHashedCredentials(String str, String str2) throws DigestPasswordServerException {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "getHashedCredentials", new Object[]{str, str2});
        }
        try {
            String hashedUserCredentials = this.m_passwordServer.getHashedUserCredentials(str, str2);
            if (c_logger.isTraceEntryExitEnabled()) {
                c_logger.traceExit(this, "getHashedUserCredentials", hashedUserCredentials);
            }
            return hashedUserCredentials;
        } catch (Throwable th) {
            if (c_logger.isErrorEnabled()) {
                c_logger.error("error.security.password.retrieve", Situation.SITUATION_UNKNOWN, (Object[]) null, (Throwable) null);
            }
            throw new DigestPasswordServerException();
        }
    }
}
