package org.josso.gateway.protocol.handler;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jcifs.Config;
import jcifs.UniAddress;
import jcifs.http.NtlmSsp;
import jcifs.smb.NtlmChallenge;
import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SmbException;
import jcifs.smb.SmbSession;
import jcifs.util.Base64;
import jcifs.util.LogStream;
import org.apache.axis.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.josso.auth.BaseCredential;
import org.josso.auth.Credential;
import org.josso.auth.exceptions.AuthenticationFailureException;
import org.josso.auth.scheme.NtlmPasswordAuthenticationCredential;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;

/* loaded from: input_file:WEB-INF/lib/josso-ntlm-authscheme-1.8.11.jar:org/josso/gateway/protocol/handler/NtlmProtocolHandler.class */
public class NtlmProtocolHandler implements ProtocolHandler, InitializingBean {
    private static final Log logger = LogFactory.getLog(NtlmProtocolHandler.class);
    private static LogStream jcifsLog = LogStream.getInstance();
    public static final String NTLM_DOMAIN_CONTROLLER = "ntlmHttpDc";
    public static final String NTLM_PASS_AUTHENTICATION = "ntlmHttpPa";
    public static final String NTLM_ERROR_FLAG = "ntlm_error";
    public static final String NTLM_ERROR_COUNT = "ntlm_error_count";
    private String defaultDomain;
    private String wins;
    private String domainController;
    private boolean loadBalance;
    private boolean enableBasic;
    private boolean insecureBasic;
    private String realm;
    private String preAuthUsername;
    private String preAuthPassword;
    private boolean log;

    public String getDefaultDomain() {
        return this.defaultDomain;
    }

    public void setDefaultDomain(String str) {
        this.defaultDomain = str;
    }

    public String getWins() {
        return this.wins;
    }

    public void setWins(String str) {
        this.wins = str;
    }

    public String getDomainController() {
        return this.domainController;
    }

    public void setDomainController(String str) {
        this.domainController = str;
    }

    public boolean getLoadBalance() {
        return this.loadBalance;
    }

    public void setLoadBalance(String str) {
        setLoadBalance(Boolean.getBoolean(str));
    }

    public void setLoadBalance(boolean z) {
        this.loadBalance = z;
    }

    public boolean getEnableBasic() {
        return this.enableBasic;
    }

    public void setEnableBasic(String str) {
        setEnableBasic(Boolean.getBoolean(str));
    }

    public void setEnableBasic(boolean z) {
        this.enableBasic = z;
    }

    public boolean getInsecureBasic() {
        return this.insecureBasic;
    }

    public void setInsecureBasic(String str) {
        setInsecureBasic(Boolean.getBoolean(str));
    }

    public void setInsecureBasic(boolean z) {
        this.insecureBasic = z;
    }

    public String getRealm() {
        return this.realm;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public void setPreAuthUsername(String str) {
        this.preAuthUsername = str;
    }

    public String getPreAuthPassword() {
        return this.preAuthPassword;
    }

    public void setPreAuthPassword(String str) {
        this.preAuthPassword = str;
    }

    public boolean getLog() {
        return this.log;
    }

    public void setLog(boolean z) {
        this.log = z;
    }

    private boolean isOfferBasic(HttpServletRequest httpServletRequest) {
        return this.enableBasic && (this.insecureBasic || httpServletRequest.isSecure());
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        if (this.preAuthUsername == null) {
            throw new IllegalArgumentException("preAuthUsername attribute must be declared");
        }
        Config.setProperty("jcifs.smb.client.username", this.preAuthUsername);
        if (this.preAuthPassword == null) {
            throw new IllegalArgumentException("preAuthPassword attribute must be declared");
        }
        Config.setProperty("jcifs.smb.client.password", this.preAuthPassword);
        Config.setProperty("jcifs.smb.client.soTimeout", "1800000");
        Config.setProperty("jcifs.netbios.cachePolicy", "1200");
        Config.setProperty("jcifs.smb.client.useExtendedSecurity", CustomBooleanEditor.VALUE_FALSE);
        Config.setProperty("jcifs.smb.lmCompatibility", CustomBooleanEditor.VALUE_0);
        if (getWins() != null) {
            Config.setProperty("jcifs.netbios.wins", getWins());
        }
        LogStream.setLevel(this.log ? 10 : -1);
        Config.setProperty("jcifs.util.loglevel", this.log ? "10" : "-1");
        if (this.log) {
            try {
                Config.store(jcifsLog, "JCIFS PROPERTIES");
            } catch (IOException e) {
            }
        }
    }

    @Override // org.josso.gateway.protocol.handler.ProtocolHandler
    public boolean acceptJob(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str = (String) httpServletRequest.getSession().getAttribute(NTLM_ERROR_FLAG);
        if (str == null) {
            return true;
        }
        if (str.equals("AUTHN_ERROR") && ((Integer) httpServletRequest.getSession().getAttribute(NTLM_ERROR_COUNT)).intValue() < 2) {
            return true;
        }
        httpServletRequest.setAttribute(NTLM_ERROR_FLAG, str);
        return false;
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException: Cannot invoke "java.util.List.isEmpty()" because "s" is null
        	at jadx.core.utils.BlockUtils.getNextBlock(BlockUtils.java:411)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:172)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processIf(RegionMaker.java:735)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:152)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processExcHandler(RegionMaker.java:1110)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1046)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    @Override // org.josso.gateway.protocol.handler.ProtocolHandler
    public boolean doJob(javax.servlet.http.HttpServletRequest r6, javax.servlet.http.HttpServletResponse r7) {
        /*
            r5 = this;
            r0 = r5
            r1 = r6
            r2 = r7
            r3 = 0
            boolean r0 = r0.negotiate(r1, r2, r3)     // Catch: java.lang.Exception -> Ld java.lang.Throwable -> L3d
            r8 = r0
            r0 = jsr -> L45
        Lb:
            r1 = r8
            return r1
        Ld:
            r8 = move-exception
            r0 = r6
            java.lang.String r1 = "ntlm_error"
            java.lang.String r2 = "FATAL_ERROR"
            r0.setAttribute(r1, r2)     // Catch: java.lang.Throwable -> L3d
            org.apache.commons.logging.Log r0 = org.josso.gateway.protocol.handler.NtlmProtocolHandler.logger     // Catch: java.lang.Throwable -> L3d
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L3d
            r2 = r1
            r2.<init>()     // Catch: java.lang.Throwable -> L3d
            java.lang.String r2 = "Error during NTLM handshake : "
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: java.lang.Throwable -> L3d
            r2 = r8
            java.lang.String r2 = r2.getMessage()     // Catch: java.lang.Throwable -> L3d
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: java.lang.Throwable -> L3d
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Throwable -> L3d
            r2 = r8
            r0.error(r1, r2)     // Catch: java.lang.Throwable -> L3d
            r0 = jsr -> L45
        L3a:
            goto Ld2
        L3d:
            r9 = move-exception
            r0 = jsr -> L45
        L42:
            r1 = r9
            throw r1
        L45:
            r10 = r0
            r0 = r6
            java.lang.String r1 = "ntlm_error"
            java.lang.Object r0 = r0.getAttribute(r1)
            java.lang.String r0 = (java.lang.String) r0
            r11 = r0
            r0 = r11
            if (r0 == 0) goto Ld0
            r0 = r6
            javax.servlet.http.HttpSession r0 = r0.getSession()
            java.lang.String r1 = "ntlm_error"
            r2 = r11
            r0.setAttribute(r1, r2)
            r0 = r11
            java.lang.String r1 = "AUTHN_ERROR"
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto Lc2
            r0 = 0
            java.lang.Integer r0 = java.lang.Integer.valueOf(r0)
            r12 = r0
            r0 = r6
            javax.servlet.http.HttpSession r0 = r0.getSession()
            java.lang.String r1 = "ntlm_error_count"
            java.lang.Object r0 = r0.getAttribute(r1)
            if (r0 == 0) goto L9a
            r0 = r6
            javax.servlet.http.HttpSession r0 = r0.getSession()
            java.lang.String r1 = "ntlm_error_count"
            java.lang.Object r0 = r0.getAttribute(r1)
            java.lang.Integer r0 = (java.lang.Integer) r0
            r12 = r0
        L9a:
            r0 = r12
            r13 = r0
            r0 = r12
            int r0 = r0.intValue()
            r1 = 1
            int r0 = r0 + r1
            java.lang.Integer r0 = java.lang.Integer.valueOf(r0)
            r1 = r0
            r12 = r1
            r14 = r0
            r0 = r13
            r0 = r6
            javax.servlet.http.HttpSession r0 = r0.getSession()
            java.lang.String r1 = "ntlm_error_count"
            r2 = r12
            r0.setAttribute(r1, r2)
            goto Ld0
        Lc2:
            r0 = r6
            javax.servlet.http.HttpSession r0 = r0.getSession()
            java.lang.String r1 = "ntlm_error_count"
            r2 = 0
            r0.setAttribute(r1, r2)
        Ld0:
            ret r10
        Ld2:
            r1 = 1
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: org.josso.gateway.protocol.handler.NtlmProtocolHandler.doJob(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse):boolean");
    }

    @Override // org.josso.gateway.protocol.handler.ProtocolHandler
    public boolean authenticate(Credential[] credentialArr) throws AuthenticationFailureException {
        try {
            return authenticateCredentials(credentialArr);
        } catch (SmbException e) {
            throw new AuthenticationFailureException(e.getMessage(), Integer.toHexString(e.getNtStatus()));
        }
    }

    protected boolean negotiate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServletException {
        NtlmPasswordAuthentication ntlmPasswordAuthentication;
        UniAddress byName;
        byte[] challenge;
        String header = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
        if (httpServletRequest.getAttribute(NTLM_ERROR_FLAG) != null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Restarts negotiation due to authentication error");
            }
            httpServletRequest.removeAttribute(NTLM_ERROR_FLAG);
            startsNegotiation(httpServletRequest, httpServletResponse);
            return false;
        }
        if (header == null || !(header.startsWith("NTLM ") || (isOfferBasic(httpServletRequest) && header.startsWith("Basic ")))) {
            if (z) {
                return true;
            }
            HttpSession session = httpServletRequest.getSession(false);
            if (session != null && session.getAttribute(NTLM_PASS_AUTHENTICATION) != null) {
                return true;
            }
            startsNegotiation(httpServletRequest, httpServletResponse);
            return false;
        }
        if (header.startsWith("NTLM ")) {
            HttpSession session2 = httpServletRequest.getSession();
            if (this.loadBalance) {
                NtlmChallenge ntlmChallenge = (NtlmChallenge) session2.getAttribute("NtlmHttpChal");
                if (ntlmChallenge == null) {
                    ntlmChallenge = SmbSession.getChallengeForDomain();
                    session2.setAttribute("NtlmHttpChal", ntlmChallenge);
                }
                byName = ntlmChallenge.dc;
                challenge = ntlmChallenge.challenge;
            } else {
                byName = UniAddress.getByName(this.domainController, true);
                challenge = SmbSession.getChallenge(byName);
            }
            NtlmPasswordAuthentication authenticate = NtlmSsp.authenticate(httpServletRequest, httpServletResponse, challenge);
            ntlmPasswordAuthentication = authenticate;
            if (authenticate == null) {
                httpServletRequest.setAttribute(NTLM_ERROR_FLAG, "AUTHN_ERROR");
                return true;
            }
            session2.removeAttribute("NtlmHttpChal");
        } else {
            String str = new String(Base64.decode(header.substring(6)), "US-ASCII");
            int indexOf = str.indexOf(58);
            String substring = indexOf != -1 ? str.substring(0, indexOf) : str;
            String substring2 = indexOf != -1 ? str.substring(indexOf + 1) : "";
            int indexOf2 = substring.indexOf(92);
            if (indexOf2 == -1) {
                indexOf2 = substring.indexOf(47);
            }
            ntlmPasswordAuthentication = new NtlmPasswordAuthentication(indexOf2 != -1 ? substring.substring(0, indexOf2) : this.defaultDomain, indexOf2 != -1 ? substring.substring(indexOf2 + 1) : substring, substring2);
            byName = UniAddress.getByName(this.domainController, true);
        }
        httpServletRequest.getSession().setAttribute(NTLM_DOMAIN_CONTROLLER, byName);
        httpServletRequest.getSession().setAttribute(NTLM_PASS_AUTHENTICATION, ntlmPasswordAuthentication);
        return true;
    }

    private void startsNegotiation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
        if (isOfferBasic(httpServletRequest)) {
            httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + this.realm + "\"");
        }
        httpServletResponse.setStatus(401);
        httpServletResponse.setContentLength(0);
        httpServletResponse.flushBuffer();
    }

    private boolean authenticateCredentials(Credential[] credentialArr) throws SmbException {
        if (credentialArr.length != 2) {
            logger.error("Spected 2 credencials, received " + credentialArr.length);
            return false;
        }
        Object value = ((BaseCredential) credentialArr[0]).getValue();
        Object value2 = ((BaseCredential) credentialArr[1]).getValue();
        if (value == null || value2 == null) {
            logger.error("Some or all of the credential values are null");
            return false;
        }
        if ((value instanceof UniAddress) && (value2 instanceof NtlmPasswordAuthentication)) {
            return authenticate((UniAddress) value, (NtlmPasswordAuthentication) value2);
        }
        if ((value2 instanceof UniAddress) && (value instanceof NtlmPasswordAuthentication)) {
            return authenticate((UniAddress) value2, (NtlmPasswordAuthentication) value);
        }
        logger.error("The credential types could not be managed");
        logger.error("  Credential 1 is " + value);
        logger.error("  Credential 2 is " + value2);
        return false;
    }

    private boolean authenticate(UniAddress uniAddress, NtlmPasswordAuthentication ntlmPasswordAuthentication) throws SmbException {
        SmbSession.logon(uniAddress, ntlmPasswordAuthentication);
        if (!logger.isDebugEnabled()) {
            return true;
        }
        logger.debug("[authenticate()]" + ntlmPasswordAuthentication + " successfully authenticated against " + uniAddress);
        return true;
    }

    public static String getPasswordAuthentication(NtlmPasswordAuthenticationCredential ntlmPasswordAuthenticationCredential) {
        NtlmPasswordAuthentication ntlmPasswordAuthentication = (NtlmPasswordAuthentication) ntlmPasswordAuthenticationCredential.getValue();
        return ntlmPasswordAuthentication == null ? "" : ntlmPasswordAuthentication.getUsername();
    }

    public String toString() {
        return "{ [Default Domain=" + this.defaultDomain + "] [Domain Controller=" + this.domainController + "] [Wins=" + this.wins + "] [Load Balance=" + this.loadBalance + "] [Enable Basic=" + this.enableBasic + "] [Insecure Basic=" + this.insecureBasic + "] [Realm=" + this.realm + "] [Preauthentication Username=" + this.preAuthUsername + "] [Preauthentication Password=" + this.preAuthPassword + "] [Log=" + this.log + "] }";
    }

    public String getPreAuthUsername() {
        return this.preAuthUsername;
    }
}
