package org.restlet;

import java.util.Collection;
import java.util.Collections;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.logging.Level;
import org.restlet.data.ChallengeResponse;
import org.restlet.data.ChallengeScheme;
import org.restlet.data.Request;
import org.restlet.data.Response;
import org.restlet.data.Status;
import org.restlet.util.Engine;
import org.restlet.util.Resolver;

/* loaded from: input_file:WEB-INF/plugin-repository/nexus-restlet1x-plugin-2.14.17-01/dependencies/org.restlet-1.1.6-SONATYPE-5348-V8.jar:org/restlet/Guard.class */
public class Guard extends Filter {
    public static final int AUTHENTICATION_INVALID = -1;
    public static final int AUTHENTICATION_MISSING = 0;
    public static final int AUTHENTICATION_STALE = 2;
    public static final int AUTHENTICATION_VALID = 1;
    public static final long DEFAULT_NONCE_LIFESPAN_MILLIS = 300000;
    private volatile Collection<String> domainUris;
    private volatile long nonceLifespan;
    private volatile String realm;
    private volatile boolean rechallengeEnabled;
    private volatile ChallengeScheme scheme;
    private volatile Resolver<char[]> secretResolver;
    private final ConcurrentMap<String, char[]> secrets;
    private volatile String serverKey;

    public Guard(Context context, ChallengeScheme challengeScheme, String str) throws IllegalArgumentException {
        super(context);
        this.domainUris = Collections.singleton("/");
        this.nonceLifespan = DEFAULT_NONCE_LIFESPAN_MILLIS;
        this.serverKey = "serverKey";
        if (challengeScheme == null) {
            throw new IllegalArgumentException("Please specify an authentication scheme. Use the 'None' challenge if no authentication is required.");
        }
        this.rechallengeEnabled = true;
        this.secretResolver = new Resolver<char[]>() { // from class: org.restlet.Guard.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.restlet.util.Resolver
            public char[] resolve(String str2) {
                return Guard.this.getSecrets().get(str2);
            }
        };
        this.secrets = new ConcurrentHashMap();
        this.scheme = challengeScheme;
        this.realm = str;
    }

    public Guard(Context context, String str, Collection<String> collection, String str2) {
        this(context, ChallengeScheme.HTTP_DIGEST, str);
        this.domainUris = collection;
        this.serverKey = str2;
    }

    public void accept(Request request, Response response) {
        super.doHandle(request, response);
    }

    public int authenticate(Request request) {
        return Engine.getInstance().authenticate(request, this);
    }

    public boolean authorize(Request request) {
        return true;
    }

    @Deprecated
    public void challenge(Response response) {
        challenge(response, false);
    }

    public void challenge(Response response, boolean z) {
        Engine.getInstance().challenge(response, z, this);
    }

    public boolean checkSecret(Request request, String str, char[] cArr) {
        return checkSecret(str, cArr);
    }

    @Deprecated
    protected boolean checkSecret(String str, char[] cArr) {
        boolean z = false;
        char[] findSecret = findSecret(str);
        if (cArr == null || findSecret == null) {
            z = cArr == findSecret;
        } else if (cArr.length == findSecret.length) {
            boolean z2 = true;
            for (int i = 0; i < cArr.length && z2; i++) {
                z2 = cArr[i] == findSecret[i];
            }
            z = z2;
        }
        return z;
    }

    @Override // org.restlet.Filter
    public int doHandle(Request request, Response response) {
        boolean isLoggable = getLogger().isLoggable(Level.FINE);
        switch (authenticate(request)) {
            case -1:
                if (isLoggable) {
                    getLogger().fine("Authentication failed. Invalid credentials provided.");
                }
                if (isRechallengeEnabled()) {
                    challenge(response, false);
                    return 0;
                }
                forbid(response);
                return 0;
            case 0:
                if (isLoggable) {
                    getLogger().fine("Authentication failed. No credentials provided.");
                }
                challenge(response, false);
                return 0;
            case 1:
                ChallengeResponse challengeResponse = request.getChallengeResponse();
                if (isLoggable) {
                    if (challengeResponse != null) {
                        getLogger().fine("Authentication succeeded. Valid credentials provided for identifier: " + request.getChallengeResponse().getIdentifier() + ".");
                    } else {
                        getLogger().fine("Authentication succeeded. Valid credentials provided.");
                    }
                }
                if (authorize(request)) {
                    if (isLoggable) {
                        if (challengeResponse != null) {
                            getLogger().fine("Request authorized for identifier: " + request.getChallengeResponse().getIdentifier() + ".");
                        } else {
                            getLogger().fine("Request authorized.");
                        }
                    }
                    accept(request, response);
                    return 0;
                }
                if (isLoggable) {
                    if (challengeResponse != null) {
                        getLogger().fine("Request not authorized for identifier: " + request.getChallengeResponse().getIdentifier() + ".");
                    } else {
                        getLogger().fine("Request not authorized.");
                    }
                }
                forbid(response);
                return 0;
            case 2:
                if (isLoggable) {
                    getLogger().fine("Authentication failed. Stale credentials provided.");
                }
                challenge(response, true);
                return 0;
            default:
                return 0;
        }
    }

    public char[] findSecret(String str) {
        return getSecretResolver().resolve(str);
    }

    public void forbid(Response response) {
        response.setStatus(Status.CLIENT_ERROR_FORBIDDEN);
    }

    public Collection<String> getDomainUris() {
        return this.domainUris;
    }

    public long getNonceLifespan() {
        return this.nonceLifespan;
    }

    public String getRealm() {
        return this.realm;
    }

    public ChallengeScheme getScheme() {
        return this.scheme;
    }

    public Resolver<char[]> getSecretResolver() {
        return this.secretResolver;
    }

    public ConcurrentMap<String, char[]> getSecrets() {
        return this.secrets;
    }

    public String getServerKey() {
        return this.serverKey;
    }

    public boolean isRechallengeEnabled() {
        return this.rechallengeEnabled;
    }

    public void setDomainUris(Collection<String> collection) {
        this.domainUris = collection;
    }

    public void setNonceLifespan(long j) {
        this.nonceLifespan = j;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public void setRechallengeEnabled(boolean z) {
        this.rechallengeEnabled = z;
    }

    public void setScheme(ChallengeScheme challengeScheme) {
        this.scheme = challengeScheme;
    }

    public void setSecretResolver(Resolver<char[]> resolver) {
        this.secretResolver = resolver;
    }

    public void setServerKey(String str) {
        this.serverKey = str;
    }
}
