package org.ntlmv2.filter;

import java.io.IOException;
import java.security.SecureRandom;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jcifs.util.Base64;
import net.sf.ehcache.Cache;
import net.sf.ehcache.CacheException;
import net.sf.ehcache.CacheManager;
import net.sf.ehcache.Element;
import org.ntlmv2.liferay.NtlmManager;
import org.ntlmv2.liferay.NtlmUserAccount;
import org.ntlmv2.liferay.util.HttpHeaders;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/ntlmv2-filter-1.0.5.jar:org/ntlmv2/filter/NtlmFilter.class */
public class NtlmFilter implements Filter {
    private static final String NTLM_USER_ACCOUNT = "ntlmUserAccount";
    public static final String CACHE_NAME = "ntlmChallengeCache";
    private static Logger log = LoggerFactory.getLogger(NtlmFilter.class);
    private static CacheManager singletonManager = null;
    private SecureRandom secureRandom = new SecureRandom();
    private NtlmManager ntlmManager = null;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        log.info("Initializing NTLMv2 filter...");
        try {
            singletonManager = CacheManager.create(getClass().getResourceAsStream("/ehcache.xml"));
            if (log.isTraceEnabled()) {
                log.trace("Add memory-only cache.");
            }
            String[] cacheNames = singletonManager.getCacheNames();
            if (cacheNames == null || cacheNames.length <= 0) {
                log.error("FAILED TO CREATE ANY CACHES !!");
            } else {
                for (String str : cacheNames) {
                    if (log.isTraceEnabled()) {
                        log.trace("Cache: " + str);
                    }
                }
            }
            if (log.isTraceEnabled()) {
                log.trace("NTLM challenge cache initialized.");
            }
            try {
                String initParameter = filterConfig.getInitParameter("ntlm-domain");
                String initParameter2 = filterConfig.getInitParameter("ntlm-dc");
                String initParameter3 = filterConfig.getInitParameter("ntlm-dc-name");
                String initParameter4 = filterConfig.getInitParameter("ntlm-account");
                String initParameter5 = filterConfig.getInitParameter("ntlm-password");
                log.info("Windows domain: " + initParameter);
                log.info("Domain controller IP address: " + initParameter2);
                log.info("Domain controller hostname: " + initParameter3);
                log.info("Computer account name: " + initParameter4);
                log.info("Computer account password: " + initParameter5);
                this.ntlmManager = new NtlmManager(initParameter, initParameter2, initParameter3, initParameter4, initParameter5);
                log.info("NTLMv2 filter initialized.");
            } catch (Exception e) {
                throw new ServletException("NTLM filter initialization failed. Reason: " + e, e);
            }
        } catch (CacheException e2) {
            throw new ServletException("Failed to initialize cache: " + e2.toString(), e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v89, types: [byte[], java.io.Serializable] */
    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        log.debug("Process request...");
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession(false);
        String header = httpServletRequest.getHeader(HttpHeaders.AUTHORIZATION);
        if (header != null && header.startsWith("NTLM")) {
            Cache cache = singletonManager.getCache(CACHE_NAME);
            byte[] decode = Base64.decode(header.substring(5));
            if (decode[8] == 1) {
                log.debug("Create server challenge...");
                ?? r0 = new byte[8];
                this.secureRandom.nextBytes(r0);
                String encode = Base64.encode(this.ntlmManager.negotiate(decode, r0));
                httpServletResponse.setContentLength(0);
                httpServletResponse.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM " + encode);
                httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                httpServletResponse.flushBuffer();
                synchronized (cache) {
                    if (log.isTraceEnabled()) {
                        log.trace("Cache server challenge for: " + httpServletRequest.getRemoteAddr());
                    }
                    cache.put(new Element(httpServletRequest.getRemoteAddr(), r0));
                }
                return;
            }
            byte[] bArr = null;
            synchronized (cache) {
                try {
                    if (log.isTraceEnabled()) {
                        log.trace("Get cached server challenge for: " + httpServletRequest.getRemoteAddr());
                    }
                    bArr = (byte[]) cache.get(httpServletRequest.getRemoteAddr()).getValue();
                } catch (CacheException e) {
                    if (log.isWarnEnabled()) {
                        log.warn("No challenge found in cache for client: " + httpServletRequest.getRemoteAddr());
                    }
                }
            }
            if (bArr == null) {
                log.debug("Start NTLM login...");
                sendWwwAuthenticateResponse(httpServletResponse);
                return;
            }
            NtlmUserAccount ntlmUserAccount = null;
            try {
                try {
                    log.debug("Try authenticating user now...");
                    ntlmUserAccount = this.ntlmManager.authenticate(decode, bArr);
                    log.info("Authentication was successful. Creating session.");
                    session = httpServletRequest.getSession(true);
                    session.setAttribute(NTLM_USER_ACCOUNT, ntlmUserAccount);
                    synchronized (cache) {
                        cache.remove(httpServletRequest.getRemoteAddr());
                    }
                } catch (Exception e2) {
                    log.error("NTLM authentication failed: " + e2, (Throwable) e2);
                    synchronized (cache) {
                        cache.remove(httpServletRequest.getRemoteAddr());
                    }
                }
                if (ntlmUserAccount == null) {
                    sendWwwAuthenticateResponse(httpServletResponse);
                    return;
                } else if (log.isDebugEnabled()) {
                    log.debug("NTLM remote user " + ntlmUserAccount.getUserName());
                }
            } catch (Throwable th) {
                synchronized (cache) {
                    cache.remove(httpServletRequest.getRemoteAddr());
                    throw th;
                }
            }
        }
        NtlmUserAccount ntlmUserAccount2 = null;
        if (session != null) {
            ntlmUserAccount2 = (NtlmUserAccount) session.getAttribute(NTLM_USER_ACCOUNT);
        }
        HttpServletRequest httpServletRequest2 = httpServletRequest;
        if (ntlmUserAccount2 == null) {
            log.debug("No NTLM user set yet, begin authentication...");
            sendWwwAuthenticateResponse(httpServletResponse);
        } else {
            log.debug("NTLM user in session: " + ntlmUserAccount2.getUserName());
            if (!(httpServletRequest instanceof NtlmV2HttpRequestWrapper)) {
                httpServletRequest2 = new NtlmV2HttpRequestWrapper(httpServletRequest, ntlmUserAccount2.getUserName());
            }
            filterChain.doFilter(httpServletRequest2, servletResponse);
        }
    }

    private void sendWwwAuthenticateResponse(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setContentLength(0);
        httpServletResponse.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM");
        httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        httpServletResponse.flushBuffer();
    }

    @Override // javax.servlet.Filter
    public void destroy() {
        removeEhCache();
    }

    private static void removeEhCache() {
        try {
            log.debug("Remove memory-only cache.");
            CacheManager create = CacheManager.create();
            create.removeCache(CACHE_NAME);
            create.shutdown();
        } catch (Exception e) {
        }
    }
}
