package jeus.servlet.security.jaspic.servlet;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import java.util.StringTokenizer;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.module.ServerAuthModule;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jeus.security.base.SecurityCommonService;
import jeus.security.base.SecurityException;
import jeus.security.base.ServiceException;
import jeus.security.container.web.ServletSecurity;
import jeus.security.impl.login.JeusSecurityConfiguration;
import jeus.security.impl.login.KerberosSharedStateLoginModule;
import jeus.security.resource.PrincipalImpl;
import jeus.security.resource.SystemPassword;
import jeus.security.spi.AuthenticationRepositoryService;
import jeus.security.util.AuthMethod;
import jeus.security.util.Base64Coder;
import jeus.security.util.MD5Encoder;
import jeus.servlet.deployment.descriptor.SessionCookieDescriptor;
import jeus.servlet.engine.HttpServletRequestImpl;
import jeus.servlet.filter.DigestLoginInfo;
import jeus.servlet.filter.LoginInfo;
import jeus.servlet.logger.message.JeusMessage_WebContainer10;
import jeus.servlet.security.WebModuleSecurityUtil;
import jeus.servlet.security.jaspic.JeusServletMessageInfo;
import jeus.sessionmanager.util.SecureSessionIdGenerator;
import jeus.util.message.JeusMessageBundles;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;

/* loaded from: input_file:jeus/servlet/security/jaspic/servlet/WebModuleServerAuthModule.class */
public final class WebModuleServerAuthModule implements ServerAuthModule {
    public static final String J_SECURITY_CHECK = "j_security_check";
    public static final String J_SECURITY_CHECK_WITH_SLASH = "/j_security_check";
    public static final String J_USERNAME = "j_username";
    public static final String J_PASSWORD = "j_password";
    public static final String JEUS_SECURITY_AUTHORIZED = "jeus.servlet.request.authorized";
    public static final String AUTH_METHOD_PARAM = "auth-method";
    public static final String FORM_LOGIN_PAGE_PARAM = "form-login-page";
    public static final String FORM_ERROR_PAGE_PARAM = "form-error-page";
    public static final String REALM_NAME_PARAM = "realm-name";
    public static final String SECURITY_POLICY_ID_PARAM = "security-policy-id";
    public static final String SECURITY_DOMAIN_PARAM = "security-domain";
    private static final String LOGIN_FAILED = "Login Failed";
    private static final String ACCESS_DENIED = "Access Denied";
    private static final String SPNEGO_CONTEXT = "SPNEGO_CONTEXT";
    private static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String BASIC_AUTHORIZATION_VALUE = "Basic ";
    private static final String DIGEST_AUTHORIZATION_VALUE = "Digest ";
    private static final String SPNEGO_AUTHORIZATION_VALUE = "Negotiate ";
    private static final MD5Encoder md5Encoder = new MD5Encoder();
    private static ThreadLocal<MessageDigest> md5Helper = new ThreadLocal<>();
    private AuthMethod authMethod = AuthMethod.BASIC;
    private String formLoginPage;
    private String formErrorPage;
    private String realmName;
    private String securityPolicyID;
    private String securityDomain;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: jeus.servlet.security.jaspic.servlet.WebModuleServerAuthModule$1, reason: invalid class name */
    /* loaded from: input_file:jeus/servlet/security/jaspic/servlet/WebModuleServerAuthModule$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$jeus$security$util$AuthMethod = new int[AuthMethod.values().length];

        static {
            try {
                $SwitchMap$jeus$security$util$AuthMethod[AuthMethod.FORM.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$jeus$security$util$AuthMethod[AuthMethod.DIGEST.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$jeus$security$util$AuthMethod[AuthMethod.BASIC.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$jeus$security$util$AuthMethod[AuthMethod.CLIENTCERT.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$jeus$security$util$AuthMethod[AuthMethod.SPNEGO.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jeus/servlet/security/jaspic/servlet/WebModuleServerAuthModule$SPNEGOAction.class */
    public static class SPNEGOAction implements PrivilegedExceptionAction<AuthStatus> {
        private String authorization;
        private GSSContext gssContext;
        private HttpServletResponse response;

        public SPNEGOAction(String str, GSSContext gSSContext, HttpServletResponse httpServletResponse) {
            this.authorization = str;
            this.gssContext = gSSContext;
            this.response = httpServletResponse;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedExceptionAction
        public AuthStatus run() throws Exception {
            int length = WebModuleServerAuthModule.SPNEGO_AUTHORIZATION_VALUE.length();
            if (this.authorization == null || this.authorization.length() <= length) {
                return AuthStatus.FAILURE;
            }
            if (!this.authorization.substring(0, length).equalsIgnoreCase(WebModuleServerAuthModule.SPNEGO_AUTHORIZATION_VALUE)) {
                return AuthStatus.FAILURE;
            }
            byte[] base64ToByteArray = Base64Coder.base64ToByteArray(this.authorization.substring(length));
            byte[] acceptSecContext = this.gssContext.acceptSecContext(base64ToByteArray, 0, base64ToByteArray.length);
            if (this.gssContext.isEstablished()) {
                return AuthStatus.SUCCESS;
            }
            if (acceptSecContext != null) {
                this.response.setHeader("WWW-Authenticate", WebModuleServerAuthModule.SPNEGO_AUTHORIZATION_VALUE + Base64Coder.byteArrayToBase64(acceptSecContext));
                this.response.sendError(401);
            }
            return AuthStatus.SEND_SUCCESS;
        }
    }

    public Class[] getSupportedMessageTypes() {
        return new Class[]{JeusServletMessageInfo.class};
    }

    public void initialize(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map map) throws AuthException {
        this.realmName = (String) map.get(REALM_NAME_PARAM);
        this.securityPolicyID = (String) map.get(SECURITY_POLICY_ID_PARAM);
        this.securityDomain = (String) map.get(SECURITY_DOMAIN_PARAM);
        AuthMethod authMethod = (AuthMethod) map.get(AUTH_METHOD_PARAM);
        this.authMethod = authMethod;
        switch (AnonymousClass1.$SwitchMap$jeus$security$util$AuthMethod[authMethod.ordinal()]) {
            case 1:
                this.formLoginPage = (String) map.get(FORM_LOGIN_PAGE_PARAM);
                this.formErrorPage = (String) map.get(FORM_ERROR_PAGE_PARAM);
                if (this.formLoginPage == null) {
                    throw new AuthException(JeusMessageBundles.getMessage(JeusMessage_WebContainer10._10501));
                }
                return;
            case 2:
                if (md5Helper.get() == null) {
                    try {
                        md5Helper.set(MessageDigest.getInstance("MD5"));
                        return;
                    } catch (NoSuchAlgorithmException e) {
                        AuthException authException = new AuthException();
                        authException.initCause(e);
                        throw authException;
                    }
                }
                return;
            default:
                return;
        }
    }

    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        if (!(messageInfo.getRequestMessage() instanceof HttpServletRequestImpl) || !(messageInfo.getResponseMessage() instanceof HttpServletResponse)) {
            throw new AuthException(JeusMessageBundles.getMessage(JeusMessage_WebContainer10._10502));
        }
        HttpServletRequestImpl httpServletRequestImpl = (HttpServletRequestImpl) messageInfo.getRequestMessage();
        HttpServletResponse httpServletResponse = (HttpServletResponse) messageInfo.getResponseMessage();
        AuthStatus login = login(httpServletRequestImpl, httpServletResponse);
        if (login != AuthStatus.SUCCESS) {
            return login;
        }
        ServletSecurity.setServletSecurityContext(this.securityPolicyID, httpServletRequestImpl);
        if (WebModuleSecurityUtil.checkUserDataPermission(this.securityPolicyID, httpServletRequestImpl) && WebModuleSecurityUtil.checkResourcePermission(this.securityPolicyID, httpServletRequestImpl)) {
            httpServletRequestImpl.setAttribute(JEUS_SECURITY_AUTHORIZED, Boolean.TRUE);
            return AuthStatus.SUCCESS;
        }
        try {
            internalSendError(httpServletRequestImpl, httpServletResponse, 403, this.formErrorPage, ACCESS_DENIED);
        } catch (IOException e) {
        } catch (ServletException e2) {
        }
        return AuthStatus.FAILURE;
    }

    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        return AuthStatus.SUCCESS;
    }

    public void destroy() {
    }

    private AuthStatus login(HttpServletRequestImpl httpServletRequestImpl, HttpServletResponse httpServletResponse) {
        try {
            switch (AnonymousClass1.$SwitchMap$jeus$security$util$AuthMethod[this.authMethod.ordinal()]) {
                case 1:
                    return loginForm(httpServletRequestImpl, httpServletResponse);
                case 2:
                    return loginDigest(httpServletRequestImpl, httpServletResponse);
                case 3:
                    return loginBasic(httpServletRequestImpl, httpServletResponse);
                case 4:
                    return loginCertificate(httpServletRequestImpl, httpServletResponse);
                case 5:
                    return loginSPNEGO(httpServletRequestImpl, httpServletResponse);
                default:
                    return AuthStatus.FAILURE;
            }
        } catch (IOException e) {
            e.printStackTrace();
            return AuthStatus.FAILURE;
        } catch (ServletException e2) {
            e2.printStackTrace();
            return AuthStatus.FAILURE;
        }
    }

    private AuthStatus loginForm(HttpServletRequestImpl httpServletRequestImpl, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        HttpSession session = httpServletRequestImpl.getSession();
        LoginInfo loginInfo = (LoginInfo) session.getAttribute(J_SECURITY_CHECK);
        if (httpServletRequestImpl.getDecodedRequestURI().endsWith(J_SECURITY_CHECK)) {
            String parameter = httpServletRequestImpl.getParameter(J_USERNAME);
            String parameter2 = httpServletRequestImpl.getParameter(J_PASSWORD);
            if (!authenticate(this.securityDomain, parameter, parameter2)) {
                internalSendError(httpServletRequestImpl, httpServletResponse, 403, this.formErrorPage, LOGIN_FAILED);
                return AuthStatus.FAILURE;
            }
            if (loginInfo == null) {
                loginInfo = new LoginInfo();
            }
            loginInfo.username = parameter;
            loginInfo.password = parameter2;
            loginInfo.subject = SecurityCommonService.getCurrentSubject();
            httpServletRequestImpl.setUserPrincipal(loginInfo.subject.getPrincipal());
            httpServletRequestImpl.setAuthType("FORM");
            session.setAttribute(J_SECURITY_CHECK, loginInfo);
            httpServletResponse.sendRedirect(getRedirectPathInForm(httpServletRequestImpl, loginInfo));
            return AuthStatus.SEND_SUCCESS;
        }
        if (loginInfo != null) {
            if (!authenticate(loginInfo.subject)) {
                internalSendError(httpServletRequestImpl, httpServletResponse, 403, this.formLoginPage, LOGIN_FAILED);
                return AuthStatus.FAILURE;
            }
            httpServletRequestImpl.setUserPrincipal(loginInfo.subject.getPrincipal());
            httpServletRequestImpl.setAuthType("FORM");
            return AuthStatus.SUCCESS;
        }
        LoginInfo loginInfo2 = new LoginInfo();
        loginInfo2.decodedRequestURI = httpServletRequestImpl.getDecodedRequestURI();
        loginInfo2.queryString = httpServletRequestImpl.getQueryString();
        session.setAttribute(J_SECURITY_CHECK, loginInfo2);
        RequestDispatcher requestDispatcher = httpServletRequestImpl.getRequestDispatcher(this.formLoginPage);
        if (requestDispatcher != null) {
            requestDispatcher.forward(httpServletRequestImpl, httpServletResponse);
            return AuthStatus.SEND_SUCCESS;
        }
        internalSendError(httpServletRequestImpl, httpServletResponse, 404, this.formErrorPage, JeusMessageBundles.getMessage(JeusMessage_WebContainer10._10503, new Object[]{this.formLoginPage}));
        return AuthStatus.FAILURE;
    }

    private AuthStatus loginBasic(HttpServletRequestImpl httpServletRequestImpl, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        LoginInfo basicLoginInfoFromRequestHeader = getBasicLoginInfoFromRequestHeader(httpServletRequestImpl);
        HttpSession httpSession = null;
        if (httpServletRequestImpl.getServletContext() != null) {
            httpSession = httpServletRequestImpl.getSession();
        }
        LoginInfo loginInfo = null;
        if (httpSession != null) {
            loginInfo = (LoginInfo) httpSession.getAttribute(J_SECURITY_CHECK);
        }
        String str = basicLoginInfoFromRequestHeader.username;
        String str2 = basicLoginInfoFromRequestHeader.password;
        if (str == null || str2 == null) {
            if (loginInfo == null || loginInfo.subject == null) {
                internalSendError(httpServletRequestImpl, httpServletResponse);
                return AuthStatus.SEND_CONTINUE;
            }
            if (!authenticate(loginInfo.subject)) {
                internalSendError(httpServletRequestImpl, httpServletResponse);
                return AuthStatus.FAILURE;
            }
            httpServletRequestImpl.setUserPrincipal(loginInfo.subject.getPrincipal());
            httpServletRequestImpl.setAuthType("BASIC");
            return AuthStatus.SUCCESS;
        }
        boolean z = true;
        try {
            WebModuleSecurityUtil.loginBasic(this.securityDomain, httpServletRequestImpl);
        } catch (SecurityException e) {
            z = false;
        } catch (ServiceException e2) {
            z = false;
        }
        if (!z) {
            internalSendError(httpServletRequestImpl, httpServletResponse);
            return AuthStatus.FAILURE;
        }
        if (httpSession != null) {
            if (loginInfo == null) {
                loginInfo = new LoginInfo();
            }
            loginInfo.username = str;
            loginInfo.password = str2;
            loginInfo.subject = SecurityCommonService.getCurrentSubject();
            httpSession.setAttribute(J_SECURITY_CHECK, loginInfo);
        }
        return AuthStatus.SUCCESS;
    }

    private AuthStatus loginDigest(HttpServletRequestImpl httpServletRequestImpl, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        DigestLoginInfo digestLoginInfoFromRequestHeader = getDigestLoginInfoFromRequestHeader(httpServletRequestImpl);
        HttpSession session = httpServletRequestImpl.getSession();
        LoginInfo loginInfo = (LoginInfo) session.getAttribute(J_SECURITY_CHECK);
        if (!authenticateDigest(this.securityDomain, digestLoginInfoFromRequestHeader)) {
            if (loginInfo == null || !authenticate(loginInfo.subject)) {
                internalSendError(httpServletRequestImpl, httpServletResponse);
                return AuthStatus.SEND_CONTINUE;
            }
            httpServletRequestImpl.setUserPrincipal(loginInfo.subject.getPrincipal());
            httpServletRequestImpl.setAuthType("DIGEST");
            return AuthStatus.SUCCESS;
        }
        if (loginInfo == null || !(loginInfo instanceof DigestLoginInfo)) {
            loginInfo = new DigestLoginInfo();
        }
        DigestLoginInfo digestLoginInfo = (DigestLoginInfo) loginInfo;
        digestLoginInfo.username = digestLoginInfoFromRequestHeader.username;
        digestLoginInfo.subject = SecurityCommonService.getCurrentSubject();
        digestLoginInfo.realm = digestLoginInfoFromRequestHeader.realm;
        digestLoginInfo.nonce = digestLoginInfoFromRequestHeader.nonce;
        digestLoginInfo.nc = digestLoginInfoFromRequestHeader.nc;
        digestLoginInfo.cnonce = digestLoginInfoFromRequestHeader.cnonce;
        digestLoginInfo.qop = digestLoginInfoFromRequestHeader.qop;
        digestLoginInfo.uri = digestLoginInfoFromRequestHeader.uri;
        digestLoginInfo.response = digestLoginInfoFromRequestHeader.response;
        httpServletRequestImpl.setUserPrincipal(digestLoginInfo.subject.getPrincipal());
        httpServletRequestImpl.setAuthType("DIGEST");
        session.setAttribute(J_SECURITY_CHECK, digestLoginInfo);
        return AuthStatus.SUCCESS;
    }

    private AuthStatus loginSPNEGO(HttpServletRequestImpl httpServletRequestImpl, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        GSSContext gSSContext;
        String header = httpServletRequestImpl.getHeader(AUTHORIZATION_HEADER);
        if (header == null) {
            httpServletResponse.setHeader("WWW-Authenticate", "Negotiate");
            httpServletResponse.sendError(401);
            return AuthStatus.SEND_SUCCESS;
        }
        Subject serviceSubject = JeusSecurityConfiguration.getServiceSubject(KerberosSharedStateLoginModule.getServicePrincipalName());
        try {
            HttpSession session = httpServletRequestImpl.getSession();
            Object attribute = session.getAttribute(SPNEGO_CONTEXT);
            if (attribute == null) {
                try {
                    gSSContext = GSSManager.getInstance().createContext((GSSCredential) null);
                } catch (GSSException e) {
                    throw new ServletException(e);
                }
            } else {
                gSSContext = (GSSContext) attribute;
            }
            AuthStatus authStatus = AuthStatus.SUCCESS;
            if (!gSSContext.isEstablished()) {
                authStatus = (AuthStatus) Subject.doAs(serviceSubject, new SPNEGOAction(header, gSSContext, httpServletResponse));
                session.setAttribute(SPNEGO_CONTEXT, gSSContext);
            }
            if (authStatus == AuthStatus.SUCCESS) {
                String obj = gSSContext.getSrcName().toString();
                String substring = obj.substring(0, obj.indexOf(47));
                if (!AuthenticationRepositoryService.userExist(substring)) {
                    internalSendError(httpServletRequestImpl, httpServletResponse, 403, null, JeusMessageBundles.getMessage(JeusMessage_WebContainer10._10504, new Object[]{obj}));
                    return AuthStatus.FAILURE;
                }
                jeus.security.base.Subject subject = new jeus.security.base.Subject(this.securityDomain, new PrincipalImpl(substring));
                if (gSSContext.getCredDelegState()) {
                    subject.getPublicCredentials().add(gSSContext.getDelegCred());
                }
                SystemPassword.setSystemPassword(subject);
                SecurityCommonService.assotiateSubjectWithThread(subject);
            }
            return authStatus;
        } catch (Exception e2) {
            internalSendError(httpServletRequestImpl, httpServletResponse, 403, null, LOGIN_FAILED);
            return AuthStatus.FAILURE;
        }
    }

    private AuthStatus loginCertificate(HttpServletRequestImpl httpServletRequestImpl, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        HttpSession httpSession = null;
        if (httpServletRequestImpl.getContext() != null) {
            httpSession = httpServletRequestImpl.getSession();
        }
        LoginInfo loginInfo = null;
        if (httpSession != null) {
            loginInfo = (LoginInfo) httpSession.getAttribute(J_SECURITY_CHECK);
        }
        if (WebModuleSecurityUtil.loginCertificate(this.securityDomain, httpServletRequestImpl)) {
            if (httpSession != null) {
                if (loginInfo == null) {
                    loginInfo = new LoginInfo();
                }
                loginInfo.subject = SecurityCommonService.getCurrentSubject();
                httpSession.setAttribute(J_SECURITY_CHECK, loginInfo);
            }
            return AuthStatus.SUCCESS;
        }
        if (loginInfo == null || !authenticate(loginInfo.subject)) {
            internalSendError(httpServletRequestImpl, httpServletResponse);
            return AuthStatus.SEND_CONTINUE;
        }
        httpServletRequestImpl.setUserPrincipal(loginInfo.subject.getPrincipal());
        httpServletRequestImpl.setAuthType("CLIENT_CERT");
        return AuthStatus.SUCCESS;
    }

    private boolean authenticate(String str, String str2, String str3) {
        if (str2 == null || str2.length() == 0) {
            return false;
        }
        try {
            ServletSecurity.loginServletCaller(str, str2, str3);
            return true;
        } catch (ServiceException e) {
            e.printStackTrace();
            return false;
        } catch (SecurityException e2) {
            e2.printStackTrace();
            return false;
        }
    }

    private boolean authenticate(jeus.security.base.Subject subject) {
        if (subject == null) {
            return false;
        }
        try {
            ServletSecurity.loginServletCaller(subject);
            return true;
        } catch (SecurityException e) {
            e.printStackTrace();
            return false;
        } catch (ServiceException e2) {
            e2.printStackTrace();
            return false;
        }
    }

    private boolean authenticateDigest(String str, DigestLoginInfo digestLoginInfo) {
        if (digestLoginInfo == null || digestLoginInfo.username == null || digestLoginInfo.username.length() == 0) {
            return false;
        }
        try {
            ServletSecurity.loginServletCaller(str, digestLoginInfo.username, digestLoginInfo.response, digestLoginInfo.nonce, digestLoginInfo.nc, digestLoginInfo.cnonce, digestLoginInfo.qop, digestLoginInfo.realm, md5Encoder.encode(md5Helper.get().digest((digestLoginInfo.method + ":" + digestLoginInfo.uri).getBytes())));
            return true;
        } catch (ServiceException e) {
            e.printStackTrace();
            return false;
        } catch (SecurityException e2) {
            e2.printStackTrace();
            return false;
        }
    }

    public static void internalSendError(ServletRequest servletRequest, HttpServletResponse httpServletResponse, int i, String str, String str2) throws IOException, ServletException {
        RequestDispatcher requestDispatcher = servletRequest.getRequestDispatcher(str);
        if (requestDispatcher == null) {
            httpServletResponse.setStatus(i);
            httpServletResponse.sendError(i, str2);
        } else {
            httpServletResponse.setStatus(i);
            requestDispatcher.forward(servletRequest, httpServletResponse);
        }
    }

    private void internalSendError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        internalSendError(httpServletRequest, httpServletResponse, 401, null);
    }

    private void internalSendError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i, String str) throws IOException {
        String str2 = this.realmName != null ? this.realmName : httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort();
        String str3 = null;
        if (str == null) {
            String remoteUser = httpServletRequest.getRemoteUser();
            if (remoteUser == null) {
                remoteUser = "unknown user";
            }
            str = JeusMessageBundles.getMessage(JeusMessage_WebContainer10._10505, new Object[]{httpServletRequest.getRequestURI(), remoteUser});
        }
        switch (AnonymousClass1.$SwitchMap$jeus$security$util$AuthMethod[this.authMethod.ordinal()]) {
            case 2:
                String encode = md5Encoder.encode(md5Helper.get().digest((httpServletRequest.getRemoteAddr() + ":" + SecureSessionIdGenerator.generateId()).getBytes()));
                str3 = "Digest realm=\"" + str2 + "\", qop=\"auth\", nonce=\"" + encode + "\", opaque=\"" + md5Encoder.encode(md5Helper.get().digest(encode.getBytes())) + "\"";
                break;
            case 3:
                str3 = "Basic realm=\"" + str2 + "\"";
                break;
        }
        if (str3 != null) {
            httpServletResponse.setHeader("WWW-Authenticate", str3);
        }
        httpServletResponse.sendError(i, str);
    }

    private String getRedirectPathInForm(HttpServletRequestImpl httpServletRequestImpl, LoginInfo loginInfo) {
        String str;
        String contextPath = httpServletRequestImpl.getContextPath();
        if (loginInfo == null || loginInfo.decodedRequestURI == null) {
            str = contextPath;
        } else {
            if (loginInfo.decodedRequestURI.equals((contextPath.endsWith(SessionCookieDescriptor.DEFAULT_PATH) || this.formLoginPage == null || this.formLoginPage.startsWith(SessionCookieDescriptor.DEFAULT_PATH)) ? contextPath + this.formLoginPage : contextPath + SessionCookieDescriptor.DEFAULT_PATH + this.formLoginPage)) {
                str = contextPath;
            } else {
                str = loginInfo.decodedRequestURI;
                if (loginInfo.queryString != null) {
                    str = str + "?" + loginInfo.queryString;
                }
            }
        }
        return str;
    }

    public static LoginInfo getBasicLoginInfoFromRequestHeader(HttpServletRequest httpServletRequest) {
        LoginInfo loginInfo = new LoginInfo();
        if (httpServletRequest == null) {
            return loginInfo;
        }
        String header = httpServletRequest.getHeader(AUTHORIZATION_HEADER);
        if (header != null && header.length() > BASIC_AUTHORIZATION_VALUE.length() && header.substring(0, BASIC_AUTHORIZATION_VALUE.length()).equalsIgnoreCase(BASIC_AUTHORIZATION_VALUE)) {
            String decode = Base64Coder.decode(header.substring(BASIC_AUTHORIZATION_VALUE.length()));
            int indexOf = decode.indexOf(58);
            if (indexOf < 0) {
                loginInfo.username = decode;
                loginInfo.password = null;
            } else {
                loginInfo.username = decode.substring(0, indexOf);
                loginInfo.password = decode.substring(indexOf + 1);
            }
        }
        return loginInfo;
    }

    public static DigestLoginInfo getDigestLoginInfoFromRequestHeader(HttpServletRequest httpServletRequest) {
        DigestLoginInfo digestLoginInfo = new DigestLoginInfo();
        if (httpServletRequest == null) {
            return digestLoginInfo;
        }
        String header = httpServletRequest.getHeader(AUTHORIZATION_HEADER);
        if (header != null && header.length() > DIGEST_AUTHORIZATION_VALUE.length() && header.substring(0, DIGEST_AUTHORIZATION_VALUE.length()).equalsIgnoreCase(DIGEST_AUTHORIZATION_VALUE)) {
            StringTokenizer stringTokenizer = new StringTokenizer(header.substring(DIGEST_AUTHORIZATION_VALUE.length()), ",");
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                int indexOf = nextToken.indexOf(61);
                if (indexOf < 0) {
                    return digestLoginInfo;
                }
                String trim = nextToken.substring(0, indexOf).trim();
                String trim2 = nextToken.substring(indexOf + 1).trim();
                if ("username".equals(trim)) {
                    digestLoginInfo.username = removeQuotes(trim2, false);
                }
                if ("realm".equals(trim)) {
                    digestLoginInfo.realm = removeQuotes(trim2, true);
                }
                if ("nonce".equals(trim)) {
                    digestLoginInfo.nonce = removeQuotes(trim2, false);
                }
                if ("nc".equals(trim)) {
                    digestLoginInfo.nc = removeQuotes(trim2, false);
                }
                if ("cnonce".equals(trim)) {
                    digestLoginInfo.cnonce = removeQuotes(trim2, false);
                }
                if ("qop".equals(trim)) {
                    digestLoginInfo.qop = removeQuotes(trim2, false);
                }
                if ("uri".equals(trim)) {
                    digestLoginInfo.uri = removeQuotes(trim2, false);
                }
                if ("response".equals(trim)) {
                    digestLoginInfo.response = removeQuotes(trim2, false);
                }
            }
            digestLoginInfo.method = httpServletRequest.getMethod();
            if (digestLoginInfo.username == null || digestLoginInfo.realm == null || digestLoginInfo.nonce == null || digestLoginInfo.uri == null || digestLoginInfo.response == null) {
                digestLoginInfo = new DigestLoginInfo();
            }
        }
        return digestLoginInfo;
    }

    private static String removeQuotes(String str, boolean z) {
        return (str.length() <= 0 || str.charAt(0) == '\"' || z) ? str.length() > 2 ? str.substring(1, str.length() - 1) : "" : str;
    }

    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
    }
}
