package com.alibaba.dubbo.governance.web.common.interceptor;

import com.alibaba.citrus.service.pipeline.PipelineContext;
import com.alibaba.citrus.service.pipeline.support.AbstractValve;
import com.alibaba.dubbo.common.logger.Logger;
import com.alibaba.dubbo.common.logger.LoggerFactory;
import com.alibaba.dubbo.common.utils.StringUtils;
import com.alibaba.dubbo.governance.service.UserService;
import com.alibaba.dubbo.governance.web.util.WebConstants;
import com.alibaba.dubbo.registry.common.domain.User;
import com.alibaba.dubbo.registry.common.util.Coder;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.client.params.AuthPolicy;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:WEB-INF/classes/com/alibaba/dubbo/governance/web/common/interceptor/AuthorizationValve.class */
public class AuthorizationValve extends AbstractValve {

    @Autowired
    private HttpServletRequest request;

    @Autowired
    private HttpServletResponse response;

    @Autowired
    private UserService userService;
    private static final String BASIC_CHALLENGE = "Basic";
    private static final String DIGEST_CHALLENGE = "Digest";
    private static final String CHALLENGE = "Basic";
    private static final String REALM = "dubbo";
    private String logout = "/logout";
    private String logoutCookie = "logout";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AuthorizationValve.class);
    private static Pattern PARAMETER_PATTERN = Pattern.compile("(\\w+)=[\"]?([^,\"]+)[\"]?[,]?\\s*");

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.alibaba.citrus.springext.support.BeanSupport
    public void init() throws Exception {
    }

    @Override // com.alibaba.citrus.service.pipeline.Valve
    public void invoke(PipelineContext pipelineContext) throws Exception {
        int indexOf;
        if (logger.isInfoEnabled()) {
            logger.info("AuthorizationValve of uri: " + this.request.getRequestURI());
        }
        String requestURI = this.request.getRequestURI();
        String contextPath = this.request.getContextPath();
        if (contextPath != null && contextPath.length() > 0 && !"/".equals(contextPath)) {
            requestURI = requestURI.substring(contextPath.length());
        }
        if (requestURI.equals(this.logout)) {
            if (isLogout()) {
                setLogout(false);
                this.response.sendRedirect((contextPath == null || contextPath.length() == 0) ? "/" : contextPath);
                return;
            } else {
                setLogout(true);
                showLoginForm();
                return;
            }
        }
        if (requestURI.startsWith("/status/")) {
            pipelineContext.invokeNext();
            return;
        }
        User user = null;
        String header = this.request.getHeader("Authorization");
        if (header != null && header.length() > 0 && (indexOf = header.indexOf(32)) >= 0) {
            String substring = header.substring(0, indexOf);
            String substring2 = header.substring(indexOf + 1);
            if (AuthPolicy.BASIC.equalsIgnoreCase(substring)) {
                user = loginByBase(substring2);
            } else if ("Digest".equalsIgnoreCase(substring)) {
                user = loginByDigest(substring2);
            }
        }
        if (user == null || user.getUsername() == null || user.getUsername().length() == 0) {
            showLoginForm();
            pipelineContext.breakPipeline(1);
        }
        if (user == null || !StringUtils.isNotEmpty(user.getUsername())) {
            return;
        }
        this.request.getSession().setAttribute(WebConstants.CURRENT_USER_KEY, user);
        pipelineContext.invokeNext();
    }

    private User getUser(String str) {
        return this.userService.findUser(str);
    }

    private void showLoginForm() throws IOException {
        if ("Digest".equals(AuthPolicy.BASIC)) {
            this.response.setHeader("WWW-Authenticate", "Basic realm=\"dubbo\", qop=\"auth\", nonce=\"" + UUID.randomUUID().toString().replace("-", "") + "\", opaque=\"" + Coder.encodeMd5("dubbo") + "\"");
        } else {
            this.response.setHeader("WWW-Authenticate", "Basic realm=\"dubbo\"");
        }
        this.response.setHeader("Cache-Control", "must-revalidate,no-cache,no-store");
        this.response.setHeader("Content-Type", "text/html; charset=iso-8859-1");
        this.response.sendError(401);
    }

    private User loginByBase(String str) {
        String substring;
        String password;
        String decodeBase64 = Coder.decodeBase64(str);
        int indexOf = decodeBase64.indexOf(58);
        String substring2 = decodeBase64.substring(0, indexOf);
        if (substring2 == null || substring2.length() <= 0 || (substring = decodeBase64.substring(indexOf + 1)) == null || substring.length() <= 0) {
            return null;
        }
        String encodeMd5 = Coder.encodeMd5(substring2 + ":dubbo:" + substring);
        User user = getUser(substring2);
        if (user == null || (password = user.getPassword()) == null || password.length() <= 0 || !encodeMd5.equals(password)) {
            return null;
        }
        return user;
    }

    private User loginByDigest(String str) throws IOException {
        String str2;
        User user;
        String password;
        Map<String, String> parseParameters = parseParameters(str);
        String str3 = parseParameters.get("username");
        if (str3 == null || str3.length() <= 0 || (str2 = parseParameters.get("response")) == null || str2.length() <= 0 || (user = getUser(str3)) == null || (password = user.getPassword()) == null || password.length() <= 0) {
            return null;
        }
        String str4 = parseParameters.get("uri");
        String str5 = parseParameters.get("nonce");
        String str6 = parseParameters.get("nc");
        String str7 = parseParameters.get("cnonce");
        String str8 = parseParameters.get("qop");
        String method = this.request.getMethod();
        String encodeMd5 = "auth-int".equals(str8) ? Coder.encodeMd5(method + ":" + str4 + ":" + Coder.encodeMd5(readToBytes(this.request.getInputStream()))) : Coder.encodeMd5(method + ":" + str4);
        if ((("auth".equals(str8) || "auth-int".equals(str8)) ? Coder.encodeMd5(password + ":" + str5 + ":" + str6 + ":" + str7 + ":" + str8 + ":" + encodeMd5) : Coder.encodeMd5(password + ":" + str5 + ":" + encodeMd5)).equals(str2)) {
            return user;
        }
        return null;
    }

    private boolean isLogout() {
        Cookie[] cookies = this.request.getCookies();
        if (cookies == null || cookies.length <= 0) {
            return false;
        }
        for (Cookie cookie : cookies) {
            if (cookie != null && this.logoutCookie.equals(cookie.getName())) {
                return "true".equals(cookie.getValue());
            }
        }
        return false;
    }

    private void setLogout(boolean z) {
        this.response.addCookie(new Cookie(this.logoutCookie, String.valueOf(z)));
    }

    static Map<String, String> parseParameters(String str) {
        Matcher matcher = PARAMETER_PATTERN.matcher(str);
        HashMap hashMap = new HashMap();
        while (matcher.find()) {
            hashMap.put(matcher.group(1), matcher.group(2));
        }
        return hashMap;
    }

    static byte[] readToBytes(InputStream inputStream) throws IOException {
        byte[] bArr = new byte[inputStream.available()];
        inputStream.read(bArr);
        return bArr;
    }
}
