package org.nuxeo.ecm.platform.ui.web.auth.ntlm;

import java.io.IOException;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jcifs.Config;
import jcifs.UniAddress;
import jcifs.http.NtlmSsp;
import jcifs.smb.NtlmChallenge;
import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SmbAuthException;
import jcifs.smb.SmbSession;
import jcifs.util.Hexdump;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin;

/* loaded from: input_file:org/nuxeo/ecm/platform/ui/web/auth/ntlm/NTLMAuthenticator.class */
public class NTLMAuthenticator implements NuxeoAuthenticationPlugin {
    private static final String JCIFS_PREFIX = "jcifs.";
    public static final String JCIFS_NETBIOS_CACHE_POLICY = "jcifs.netbios.cachePolicy";
    public static final String JCIFS_SMB_CLIENT_SO_TIMEOUT = "jcifs.smb.client.soTimeout";
    public static final String JCIFS_HTTP_LOAD_BALANCE = "jcifs.http.loadBalance";
    public static final String JCIFS_HTTP_DOMAIN_CONTROLLER = "jcifs.http.domainController";
    public static final String JCIFS_SMB_CLIENT_DOMAIN = "jcifs.smb.client.domain";
    public static final boolean FORCE_SESSION_CREATION = true;
    public static final String NTLM_HTTP_AUTH_SESSION_KEY = "NtlmHttpAuth";
    public static final String NTLM_HTTP_CHAL_SESSION_KEY = "NtlmHttpChal";
    protected static String defaultDomain;
    protected static String domainController;
    protected static boolean loadBalance;
    private static final Log log = LogFactory.getLog(NTLMAuthenticator.class);

    public List<String> getUnAuthenticatedURLPrefix() {
        return null;
    }

    public Boolean handleLoginPrompt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        log.debug("Handle NTLM login prompt");
        NtlmPasswordAuthentication ntlmPasswordAuthentication = null;
        HttpSession session = httpServletRequest.getSession(true);
        if (session != null) {
            ntlmPasswordAuthentication = (NtlmPasswordAuthentication) session.getAttribute(NTLM_HTTP_AUTH_SESSION_KEY);
        }
        if (session != null && ntlmPasswordAuthentication != null) {
            log.debug("No NTLM Prompt done since NTLM Auth was found :" + ntlmPasswordAuthentication.getUsername());
            return false;
        }
        log.debug("Sending NTLM Challenge/Response request to browser");
        httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
        httpServletResponse.setStatus(401);
        httpServletResponse.setContentLength(0);
        try {
            httpServletResponse.flushBuffer();
        } catch (IOException e) {
            log.error("Error while flushing buffer:" + e.getMessage());
            e.printStackTrace();
        }
        return true;
    }

    public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        log.debug("NTML handleRetrieveIdentity");
        try {
            NtlmPasswordAuthentication negotiate = negotiate(httpServletRequest, httpServletResponse, false);
            if (negotiate == null) {
                log.debug("Negotiation returned a null NTLM token");
                return null;
            }
            log.debug("Negotiation succeed and returned a NTLM token, creating UserIdentificationInfo");
            String username = negotiate.getUsername();
            log.debug("ntlm.getUsername() = " + username);
            if (username.startsWith(negotiate.getDomain())) {
                username = username.replace(negotiate.getDomain() + "/", "");
            }
            log.debug("userName = " + username);
            String password = negotiate.getPassword();
            if (password != null && !"".equals(password)) {
                return new UserIdentificationInfo(negotiate.getUsername(), negotiate.getPassword());
            }
            UserIdentificationInfo userIdentificationInfo = new UserIdentificationInfo(negotiate.getUsername(), "ITrustNTLM");
            userIdentificationInfo.setLoginPluginName("Trusting_LM");
            return userIdentificationInfo;
        } catch (Exception e) {
            log.error("NTLM negotiation failed : " + e.getMessage(), e);
            return null;
        }
    }

    public void initPlugin(Map<String, String> map) {
        Config.setProperty(JCIFS_SMB_CLIENT_SO_TIMEOUT, "300000");
        Config.setProperty(JCIFS_NETBIOS_CACHE_POLICY, "1200");
        for (String str : map.keySet()) {
            if (str.startsWith(JCIFS_PREFIX)) {
                Config.setProperty(str, map.get(str));
            }
        }
        defaultDomain = Config.getProperty(JCIFS_SMB_CLIENT_DOMAIN);
        domainController = Config.getProperty(JCIFS_HTTP_DOMAIN_CONTROLLER);
        if (domainController == null) {
            domainController = defaultDomain;
            loadBalance = Config.getBoolean(JCIFS_HTTP_LOAD_BALANCE, true);
        }
    }

    public Boolean needLoginPrompt(HttpServletRequest httpServletRequest) {
        String lowerCase = httpServletRequest.getHeader("User-Agent").toLowerCase();
        if (!lowerCase.contains("windows")) {
            log.debug("No NTLM LoginPrompt : User does not use Win32");
            return false;
        }
        if (lowerCase.contains("msie")) {
            log.debug("NTLM LoginPrompt Needed");
            return true;
        }
        log.debug("No NTLM LoginPrompt : User does not use MSIE");
        return false;
    }

    public static NtlmPasswordAuthentication negotiate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServletException {
        UniAddress byName;
        byte[] challenge;
        HttpSession session;
        log.debug("NTLM negotiation starts");
        String header = httpServletRequest.getHeader("Authorization");
        log.debug("NTLM negotiation header = " + header);
        if (header == null || !header.startsWith("NTLM ")) {
            log.debug("NTLM negotiation header is null");
            return null;
        }
        HttpSession session2 = httpServletRequest.getSession();
        if (loadBalance) {
            NtlmChallenge ntlmChallenge = (NtlmChallenge) session2.getAttribute(NTLM_HTTP_CHAL_SESSION_KEY);
            if (ntlmChallenge == null) {
                ntlmChallenge = SmbSession.getChallengeForDomain();
                session2.setAttribute(NTLM_HTTP_CHAL_SESSION_KEY, ntlmChallenge);
            }
            byName = ntlmChallenge.dc;
            challenge = ntlmChallenge.challenge;
        } else {
            byName = UniAddress.getByName(UniAddress.getByName(domainController, true).getHostAddress(), true);
            challenge = SmbSession.getChallenge(byName);
        }
        NtlmPasswordAuthentication authenticate = NtlmSsp.authenticate(httpServletRequest, httpServletResponse, challenge);
        if (authenticate == null) {
            log.debug("NtlmSsp.authenticate returned null");
            return null;
        }
        log.debug("NtlmSsp.authenticate succeed");
        log.debug("Domain controller is " + byName.getHostName());
        if (authenticate.getDomain() != null) {
            log.debug("NtlmSsp.authenticate => domain = " + authenticate.getDomain());
        } else {
            log.debug("NtlmSsp.authenticate => null domain");
        }
        if (authenticate.getUsername() != null) {
            log.debug("NtlmSsp.authenticate => userName = " + authenticate.getUsername());
        } else {
            log.debug("NtlmSsp.authenticate => userName = null");
        }
        if (authenticate.getPassword() != null) {
            log.debug("NtlmSsp.authenticate => password = " + authenticate.getPassword());
        } else {
            log.debug("NtlmSsp.authenticate => password = null");
        }
        session2.removeAttribute(NTLM_HTTP_CHAL_SESSION_KEY);
        if (!z) {
            try {
                log.debug("Trying to logon NTLM session on dc " + byName.toString());
                SmbSession.logon(byName, authenticate);
                log.debug(authenticate + " successfully authenticated against " + byName);
                httpServletRequest.getSession().setAttribute(NTLM_HTTP_AUTH_SESSION_KEY, authenticate);
            } catch (SmbAuthException e) {
                log.error(authenticate.getName() + ": 0x" + Hexdump.toHexString(e.getNtStatus(), 8) + ": " + e);
                if (e.getNtStatus() == -1073741819 && (session = httpServletRequest.getSession(false)) != null) {
                    session.removeAttribute(NTLM_HTTP_AUTH_SESSION_KEY);
                }
                httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
                httpServletResponse.setStatus(401);
                httpServletResponse.setContentLength(0);
                httpServletResponse.flushBuffer();
                return null;
            }
        }
        return authenticate;
    }
}
