package org.apereo.cas.digest.web.flow;

import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.digest.DigestCredential;
import org.apereo.cas.digest.DigestHashedCredentialRetriever;
import org.apereo.cas.digest.util.DigestAuthenticationUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.pac4j.http.credentials.DigestCredentials;
import org.pac4j.http.credentials.extractor.DigestAuthExtractor;
import org.pac4j.jee.context.JEEContext;
import org.pac4j.jee.context.session.JEESessionStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;

@Deprecated(since = "6.6")
/* loaded from: input_file:org/apereo/cas/digest/web/flow/DigestAuthenticationAction.class */
public class DigestAuthenticationAction extends AbstractNonInteractiveCredentialsAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DigestAuthenticationAction.class);
    private final String nonce;
    private final DigestHashedCredentialRetriever credentialRetriever;
    private final String realm;
    private final String authenticationMethod;

    public DigestAuthenticationAction(CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver, CasWebflowEventResolver casWebflowEventResolver, AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy, String str, String str2, DigestHashedCredentialRetriever digestHashedCredentialRetriever) {
        super(casDelegatingWebflowEventResolver, casWebflowEventResolver, adaptiveAuthenticationPolicy);
        this.nonce = DigestAuthenticationUtils.createNonce();
        this.realm = str;
        this.authenticationMethod = str2;
        this.credentialRetriever = digestHashedCredentialRetriever;
    }

    protected Credential constructCredentialsFromRequest(RequestContext requestContext) {
        try {
            HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
            HttpServletResponse httpServletResponseFromExternalWebflowContext = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
            Optional extract = new DigestAuthExtractor().extract(new JEEContext(httpServletRequestFromExternalWebflowContext, httpServletResponseFromExternalWebflowContext), JEESessionStore.INSTANCE);
            if (extract.isEmpty()) {
                httpServletResponseFromExternalWebflowContext.addHeader("WWW-Authenticate", DigestAuthenticationUtils.createAuthenticateHeader(this.realm, this.authenticationMethod, this.nonce));
                httpServletResponseFromExternalWebflowContext.setStatus(401);
                return null;
            }
            DigestCredentials digestCredentials = (DigestCredentials) extract.get();
            LOGGER.debug("Received digest authentication request from credentials [{}] ", digestCredentials);
            String findCredential = this.credentialRetriever.findCredential(digestCredentials.getUsername(), this.realm);
            LOGGER.trace("Digest credential password on record for [{}] is [{}]", digestCredentials.getUsername(), findCredential);
            String calculateServerDigest = digestCredentials.calculateServerDigest(true, findCredential);
            LOGGER.trace("Server digest calculated for [{}] is [{}]", digestCredentials.getUsername(), calculateServerDigest);
            String token = digestCredentials.getToken();
            if (calculateServerDigest.equals(token)) {
                return new DigestCredential(digestCredentials.getUsername(), this.realm, digestCredentials.getToken());
            }
            LOGGER.trace("Server digest [{}] does not mach [{}]", calculateServerDigest, token);
            httpServletResponseFromExternalWebflowContext.setStatus(401);
            return null;
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            return null;
        }
    }
}
