package at.bitfire.dav4android;

import at.bitfire.dav4android.HttpUtils;
import defpackage.hsu;
import defpackage.htk;
import defpackage.htt;
import defpackage.hty;
import defpackage.htz;
import defpackage.hub;
import defpackage.hue;
import defpackage.hxf;
import defpackage.hxj;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.LinkedList;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes.dex */
public class BasicDigestAuthHandler implements hsu, htt {
    protected static final String HEADER_AUTHENTICATE = "WWW-Authenticate";
    protected static final String HEADER_AUTHORIZATION = "Authorization";
    static String clientNonce = h(UUID.randomUUID().toString());
    static final AtomicInteger nonceCount = new AtomicInteger(1);
    HttpUtils.AuthScheme basicAuth;
    HttpUtils.AuthScheme digestAuth;
    final String domain;
    final String password;
    final String username;

    /* loaded from: classes.dex */
    public enum Algorithm {
        MD5(MessageDigestAlgorithms.MD5),
        MD5_SESSION("MD5-sess");

        public final String name;

        Algorithm(String str) {
            this.name = str;
        }

        static Algorithm determine(String str) {
            if (str == null || MD5.name.equalsIgnoreCase(str)) {
                return MD5;
            }
            if (MD5_SESSION.name.equals(str)) {
                return MD5_SESSION;
            }
            Constants.log.warning("Ignoring unknown hash algorithm: " + str);
            return null;
        }
    }

    /* loaded from: classes.dex */
    public enum Protection {
        Auth("auth"),
        AuthInt("auth-int");

        public final String name;

        Protection(String str) {
            this.name = str;
        }

        static Protection selectFrom(String str) {
            boolean z = false;
            if (str != null) {
                boolean z2 = false;
                for (String str2 : str.split(",")) {
                    if ("auth".equals(str2)) {
                        z2 = true;
                    } else if ("auth-int".equals(str2)) {
                        z = true;
                    }
                }
                if (z) {
                    return AuthInt;
                }
                if (z2) {
                    return Auth;
                }
            }
            return null;
        }
    }

    public BasicDigestAuthHandler(String str, String str2, String str3) {
        this.domain = str;
        this.username = str2;
        this.password = str3;
    }

    protected static String h(htz htzVar) {
        hxf hxfVar = new hxf();
        htzVar.a(hxfVar);
        return hxj.aq(hxfVar.blK()).blQ().blT();
    }

    protected static String h(String str) {
        return hxj.aq(str.getBytes()).blQ().blT();
    }

    protected static String kd(String str, String str2) {
        return h(str + ":" + str2);
    }

    protected static String quotedString(String str) {
        return "\"" + str.replace("\"", "\\\"") + "\"";
    }

    @Override // defpackage.hsu
    public hty authenticate(hue hueVar, hub hubVar) {
        return authenticateRequest(hubVar.bjb(), hubVar);
    }

    protected hty authenticateRequest(hty htyVar, hub hubVar) {
        HttpUtils.AuthScheme authScheme;
        if (this.domain != null) {
            String biN = htyVar.bhS().biN();
            if (!this.domain.equalsIgnoreCase(UrlUtils.hostToDomain(biN))) {
                Constants.log.warning("Not authenticating against " + biN + " because it doesn't belong to " + this.domain);
                return null;
            }
        }
        if (hubVar != null) {
            HttpUtils.AuthScheme authScheme2 = null;
            HttpUtils.AuthScheme authScheme3 = null;
            for (HttpUtils.AuthScheme authScheme4 : HttpUtils.parseWwwAuthenticate((String[]) hubVar.ue("WWW-Authenticate").toArray(new String[0]))) {
                if ("Basic".equalsIgnoreCase(authScheme4.name)) {
                    if (this.basicAuth != null) {
                        Constants.log.warning("Basic credentials didn't work last time -> aborting");
                        this.basicAuth = null;
                        return null;
                    }
                    HttpUtils.AuthScheme authScheme5 = authScheme2;
                    authScheme = authScheme4;
                    authScheme4 = authScheme5;
                } else if (!"Digest".equalsIgnoreCase(authScheme4.name)) {
                    authScheme4 = authScheme2;
                    authScheme = authScheme3;
                } else {
                    if (this.digestAuth != null && !"true".equalsIgnoreCase(authScheme4.params.get("stale"))) {
                        Constants.log.warning("Digest credentials didn't work last time and server nonce has not expired -> aborting");
                        this.digestAuth = null;
                        return null;
                    }
                    authScheme = authScheme3;
                }
                authScheme3 = authScheme;
                authScheme2 = authScheme4;
            }
            this.basicAuth = authScheme3;
            this.digestAuth = authScheme2;
        } else if (this.basicAuth == null && this.digestAuth == null && htyVar.biK()) {
            Constants.log.fine("Trying Basic auth preemptively");
            this.basicAuth = new HttpUtils.AuthScheme("Basic");
        }
        if (this.digestAuth != null) {
            Constants.log.fine("Adding Digest authorization request for " + htyVar.bhS());
            return digestRequest(htyVar, this.digestAuth);
        }
        if (this.basicAuth != null) {
            Constants.log.fine("Adding Basic authorization header for " + htyVar.bhS());
            return htyVar.bjD().cj("Authorization", htk.a(this.username, this.password, Charset.forName("UTF-8"))).bjH();
        }
        if (hubVar == null) {
            return null;
        }
        Constants.log.warning("No supported authentication scheme");
        return null;
    }

    protected hty digestRequest(hty htyVar, HttpUtils.AuthScheme authScheme) {
        String kd;
        String str;
        String str2 = authScheme.params.get("realm");
        String str3 = authScheme.params.get("opaque");
        String str4 = authScheme.params.get("nonce");
        Algorithm determine = Algorithm.determine(authScheme.params.get("algorithm"));
        Protection selectFrom = Protection.selectFrom(authScheme.params.get("qop"));
        LinkedList linkedList = new LinkedList();
        linkedList.add("username=" + quotedString(this.username));
        if (str2 == null) {
            Constants.log.warning("No realm provided, aborting Digest auth");
            return null;
        }
        linkedList.add("realm=" + quotedString(str2));
        if (str4 == null) {
            Constants.log.warning("No nonce provided, aborting Digest auth");
            return null;
        }
        linkedList.add("nonce=" + quotedString(str4));
        if (str3 != null) {
            linkedList.add("opaque=" + quotedString(str3));
        }
        if (determine != null) {
            linkedList.add("algorithm=" + quotedString(determine.name));
        }
        String bjA = htyVar.bjA();
        String biQ = htyVar.bhS().biQ();
        linkedList.add("uri=" + quotedString(biQ));
        if (selectFrom != null) {
            linkedList.add("qop=" + selectFrom.name);
            linkedList.add("cnonce=" + quotedString(clientNonce));
            String format = String.format("%08x", Integer.valueOf(nonceCount.getAndIncrement()));
            linkedList.add("nc=" + format);
            String str5 = determine == Algorithm.MD5 ? this.username + ":" + str2 + ":" + this.password : determine == Algorithm.MD5_SESSION ? h(this.username + ":" + str2 + ":" + this.password) + ":" + str4 + ":" + clientNonce : null;
            Constants.log.finer("A1=" + str5);
            if (selectFrom == Protection.Auth) {
                str = bjA + ":" + biQ;
            } else {
                if (selectFrom == Protection.AuthInt) {
                    try {
                        htz bjC = htyVar.bjC();
                        str = bjA + ":" + biQ + ":" + (bjC != null ? h(bjC) : h(""));
                    } catch (IOException e) {
                        Constants.log.warning("Couldn't get entity-body for hash calculation");
                    }
                }
                str = null;
            }
            Constants.log.finer("A2=" + str);
            if (str5 != null && str != null) {
                kd = kd(h(str5), str4 + ":" + format + ":" + clientNonce + ":" + selectFrom.name + ":" + h(str));
            }
            kd = null;
        } else {
            Constants.log.finer("Using legacy Digest auth");
            if (determine == Algorithm.MD5) {
                kd = kd(h(this.username + ":" + str2 + ":" + this.password), str4 + ":" + h(bjA + ":" + biQ));
            }
            kd = null;
        }
        if (kd == null) {
            return null;
        }
        linkedList.add("response=" + quotedString(kd));
        return htyVar.bjD().cj("Authorization", "Digest " + StringUtils.join(linkedList, ", ")).bjH();
    }

    @Override // defpackage.htt
    public hub intercept(htt.a aVar) {
        hty htyVar;
        hty bjb = aVar.bjb();
        if (bjb.uc("Authorization") != null || (htyVar = authenticateRequest(bjb, null)) == null) {
            htyVar = bjb;
        }
        return aVar.a(htyVar);
    }
}
