package org.nuxeo.ecm.platform.ui.web.auth.ntlm;

import java.io.IOException;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jcifs.Config;
import jcifs.UniAddress;
import jcifs.http.NtlmSsp;
import jcifs.smb.NtlmChallenge;
import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SmbAuthException;
import jcifs.smb.SmbSession;
import jcifs.util.Hexdump;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin;

/* loaded from: input_file:org/nuxeo/ecm/platform/ui/web/auth/ntlm/NTLMAuthenticator.class */
public class NTLMAuthenticator implements NuxeoAuthenticationPlugin {
    protected String defaultDomain;
    protected String domainController;
    protected boolean loadBalance;
    private static final Log log = LogFactory.getLog(NTLMAuthenticator.class);

    public List<String> getUnAuthenticatedURLPrefix() {
        return null;
    }

    public Boolean handleLoginPrompt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        log.debug("Handle NTLM login prompt");
        NtlmPasswordAuthentication ntlmPasswordAuthentication = null;
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            ntlmPasswordAuthentication = (NtlmPasswordAuthentication) session.getAttribute("NtlmHttpAuth");
        }
        if (session != null && ntlmPasswordAuthentication != null) {
            log.debug("No NTLM Prompt done !!!");
            return false;
        }
        log.debug("Sending NTLM Chanllenge/Response request to browser");
        httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
        httpServletResponse.setStatus(401);
        httpServletResponse.setContentLength(0);
        try {
            httpServletResponse.flushBuffer();
        } catch (IOException e) {
            log.error("Error while flushing buffer:" + e.getMessage());
            e.printStackTrace();
        }
        return true;
    }

    public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        log.debug("NTML handleRetrieveIdentity");
        try {
            NtlmPasswordAuthentication negotiate = negotiate(httpServletRequest, httpServletResponse, false);
            if (negotiate == null) {
                log.debug("Negociation returned a null NTLM token");
                return null;
            }
            log.debug("Negociation succeed and returned a NTLM token, creating UserIdentificationInfo");
            return new UserIdentificationInfo(negotiate.getUsername(), negotiate.getPassword());
        } catch (ServletException e) {
            e.printStackTrace();
            log.error("NTLM negociation failed : " + e.getMessage());
            return null;
        } catch (IOException e2) {
            e2.printStackTrace();
            log.error("NTLM negociation failed : " + e2.getMessage());
            return null;
        }
    }

    public void initPlugin(Map<String, String> map) {
        Config.setProperty("jcifs.smb.client.soTimeout", "300000");
        Config.setProperty("jcifs.netbios.cachePolicy", "1200");
        for (String str : map.keySet()) {
            if (str.startsWith("jcifs.")) {
                Config.setProperty(str, map.get(str));
            }
        }
        this.defaultDomain = Config.getProperty("jcifs.smb.client.domain");
        this.domainController = Config.getProperty("jcifs.http.domainController");
        if (this.domainController == null) {
            this.domainController = this.defaultDomain;
            this.loadBalance = Config.getBoolean("jcifs.http.loadBalance", true);
        }
    }

    public Boolean needLoginPrompt(HttpServletRequest httpServletRequest) {
        String lowerCase = httpServletRequest.getHeader("User-Agent").toLowerCase();
        if (!lowerCase.contains("windows")) {
            log.debug("No NTLM LoginPrompt : User does not use Win32");
            return false;
        }
        if (lowerCase.contains("msie")) {
            log.debug("NTLM LoginPrompt Needed");
            return true;
        }
        log.debug("No NTLM LoginPrompt : User does not use MSIE");
        return false;
    }

    protected NtlmPasswordAuthentication negotiate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServletException {
        UniAddress byName;
        byte[] challenge;
        HttpSession session;
        log.debug("NTLM negitiation starts");
        String header = httpServletRequest.getHeader("Authorization");
        log.debug("NTLM negitiation header = " + header);
        if (header == null || !header.startsWith("NTLM ")) {
            log.debug("NTLM negociation header is null");
            return null;
        }
        HttpSession session2 = httpServletRequest.getSession();
        if (this.loadBalance) {
            NtlmChallenge ntlmChallenge = (NtlmChallenge) session2.getAttribute("NtlmHttpChal");
            if (ntlmChallenge == null) {
                ntlmChallenge = SmbSession.getChallengeForDomain();
                session2.setAttribute("NtlmHttpChal", ntlmChallenge);
            }
            byName = ntlmChallenge.dc;
            challenge = ntlmChallenge.challenge;
        } else {
            byName = UniAddress.getByName(this.domainController, true);
            challenge = SmbSession.getChallenge(byName);
        }
        NtlmPasswordAuthentication authenticate = NtlmSsp.authenticate(httpServletRequest, httpServletResponse, challenge);
        if (authenticate == null) {
            log.debug("NtlmSsp.authenticate returned null");
            return null;
        }
        session2.removeAttribute("NtlmHttpChal");
        try {
            log.debug("Trying to logon NTLM session");
            SmbSession.logon(byName, authenticate);
            log.debug(authenticate + " successfully authenticated against " + byName);
            httpServletRequest.getSession().setAttribute("NtlmHttpAuth", authenticate);
            return authenticate;
        } catch (SmbAuthException e) {
            log.error(authenticate.getName() + ": 0x" + Hexdump.toHexString(e.getNtStatus(), 8) + ": " + e);
            if (e.getNtStatus() == -1073741819 && (session = httpServletRequest.getSession(false)) != null) {
                session.removeAttribute("NtlmHttpAuth");
            }
            httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
            httpServletResponse.setStatus(401);
            httpServletResponse.setContentLength(0);
            httpServletResponse.flushBuffer();
            return null;
        }
    }
}
