package org.springframework.security.ui.ntlm;

import java.io.IOException;
import java.net.UnknownHostException;
import java.util.Enumeration;
import java.util.Properties;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jcifs.Config;
import jcifs.UniAddress;
import jcifs.ntlmssp.Type1Message;
import jcifs.ntlmssp.Type2Message;
import jcifs.ntlmssp.Type3Message;
import jcifs.smb.NtlmChallenge;
import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SmbAuthException;
import jcifs.smb.SmbException;
import jcifs.smb.SmbSession;
import jcifs.util.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.InsufficientAuthenticationException;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
import org.springframework.security.ui.SpringSecurityFilter;
import org.springframework.security.ui.WebAuthenticationDetails;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/ui/ntlm/NtlmProcessingFilter.class */
public class NtlmProcessingFilter extends SpringSecurityFilter implements InitializingBean {
    private static Log logger;
    private static final String STATE_ATTR = "SpringSecurityNtlm";
    private static final String CHALLENGE_ATTR = "NtlmChal";
    private static final Integer BEGIN;
    private static final Integer NEGOTIATE;
    private static final Integer COMPLETE;
    private static final Integer DELAYED;
    private boolean loadBalance;
    private boolean stripDomain = true;
    private boolean forceIdentification = true;
    private boolean retryOnAuthFailure;
    private String soTimeout;
    private String cachePolicy;
    private String defaultDomain;
    private String domainController;
    private AuthenticationManager authenticationManager;
    static Class class$org$springframework$security$ui$ntlm$NtlmProcessingFilter;

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
        Config.setProperty("jcifs.smb.client.soTimeout", this.soTimeout == null ? "300000" : this.soTimeout);
        Config.setProperty("jcifs.netbios.cachePolicy", this.cachePolicy == null ? "1200" : this.cachePolicy);
        if (this.domainController == null) {
            this.domainController = this.defaultDomain;
        }
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setDefaultDomain(String str) {
        this.defaultDomain = str;
        Config.setProperty("jcifs.smb.client.domain", str);
    }

    public void setSmbClientUsername(String str) {
        Config.setProperty("jcifs.smb.client.username", str);
    }

    public void setSmbClientPassword(String str) {
        Config.setProperty("jcifs.smb.client.password", str);
    }

    public void setSmbClientSSNLimit(String str) {
        Config.setProperty("jcifs.smb.client.ssnLimit", str);
    }

    public void setNetbiosWINS(String str) {
        Config.setProperty("jcifs.netbios.wins", str);
    }

    public void setDomainController(String str) {
        this.domainController = str;
    }

    public void setLoadBalance(boolean z) {
        this.loadBalance = z;
    }

    public void setStripDomain(boolean z) {
        this.stripDomain = z;
    }

    public void setSoTimeout(String str) {
        this.soTimeout = str;
    }

    public void setCachePolicy(String str) {
        this.cachePolicy = str;
    }

    public void setJcifsProperties(Properties properties) {
        Enumeration keys = properties.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            if (str.startsWith("jcifs.")) {
                Config.setProperty(str, properties.getProperty(str));
            }
        }
    }

    public boolean isForceIdentification() {
        return this.forceIdentification;
    }

    public void setForceIdentification(boolean z) {
        this.forceIdentification = z;
    }

    public void setRetryOnAuthFailure(boolean z) {
        this.retryOnAuthFailure = z;
    }

    protected void doFilterHttp(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException {
        HttpSession session = httpServletRequest.getSession();
        Integer num = (Integer) session.getAttribute(STATE_ATTR);
        if (num == null) {
            if (this.forceIdentification) {
                logger.debug("Starting NTLM handshake");
                session.setAttribute(STATE_ATTR, BEGIN);
                throw new NtlmBeginHandshakeException();
            }
            logger.debug("NTLM handshake not yet started");
            session.setAttribute(STATE_ATTR, DELAYED);
        }
        if (num == COMPLETE && reAuthOnIEPost(httpServletRequest)) {
            num = BEGIN;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (num == COMPLETE || header == null || !header.startsWith("NTLM ")) {
            return;
        }
        UniAddress dCAddress = getDCAddress(session);
        if (num == BEGIN) {
            logger.debug("Processing NTLM Type 1 Message");
            session.setAttribute(STATE_ATTR, NEGOTIATE);
            processType1Message(header, session, dCAddress);
            return;
        }
        logger.debug("Processing NTLM Type 3 Message");
        NtlmPasswordAuthentication processType3Message = processType3Message(header, session, dCAddress);
        logger.debug("NTLM negotiation complete");
        logon(session, dCAddress, processType3Message);
        session.setAttribute(STATE_ATTR, COMPLETE);
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || (authentication instanceof AnonymousAuthenticationToken)) {
            logger.debug("Authenticating user credentials");
            authenticate(httpServletRequest, httpServletResponse, session, processType3Message);
        }
    }

    private boolean reAuthOnIEPost(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("User-Agent");
        return (!httpServletRequest.getMethod().equalsIgnoreCase("POST") || header == null || header.indexOf("MSIE") == -1) ? false : true;
    }

    private void processType1Message(String str, HttpSession httpSession, UniAddress uniAddress) throws IOException {
        throw new NtlmType2MessageException(Base64.encode(new Type2Message(new Type1Message(Base64.decode(str.substring(5))), getChallenge(httpSession, uniAddress), (String) null).toByteArray()));
    }

    private NtlmPasswordAuthentication processType3Message(String str, HttpSession httpSession, UniAddress uniAddress) throws IOException {
        Type3Message type3Message = new Type3Message(Base64.decode(str.substring(5)));
        return new NtlmPasswordAuthentication(type3Message.getDomain(), type3Message.getUser(), getChallenge(httpSession, uniAddress), type3Message.getLMResponse() != null ? type3Message.getLMResponse() : new byte[0], type3Message.getNTResponse() != null ? type3Message.getNTResponse() : new byte[0]);
    }

    private void logon(HttpSession httpSession, UniAddress uniAddress, NtlmPasswordAuthentication ntlmPasswordAuthentication) throws IOException {
        try {
            try {
                SmbSession.logon(uniAddress, ntlmPasswordAuthentication);
                if (logger.isDebugEnabled()) {
                    logger.debug(new StringBuffer().append(ntlmPasswordAuthentication).append(" successfully authenticated against ").append(uniAddress).toString());
                }
            } catch (SmbAuthException e) {
                logger.error(new StringBuffer().append("Credentials ").append(ntlmPasswordAuthentication).append(" were not accepted by the domain controller ").append(uniAddress).toString());
                throw new BadCredentialsException("Bad NTLM credentials");
            }
        } finally {
            if (this.loadBalance) {
                httpSession.removeAttribute(CHALLENGE_ATTR);
            }
        }
    }

    private void authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession, NtlmPasswordAuthentication ntlmPasswordAuthentication) throws IOException {
        NtlmUsernamePasswordAuthenticationToken ntlmUsernamePasswordAuthenticationToken = new NtlmUsernamePasswordAuthenticationToken(ntlmPasswordAuthentication, this.stripDomain);
        ntlmUsernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(httpServletRequest));
        httpSession.setAttribute("SPRING_SECURITY_LAST_USERNAME", ntlmUsernamePasswordAuthenticationToken.getName());
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        try {
            SecurityContextHolder.getContext().setAuthentication(this.authenticationManager.authenticate(ntlmUsernamePasswordAuthenticationToken));
        } catch (AuthenticationException e) {
            if (logger.isInfoEnabled()) {
                logger.info(new StringBuffer().append("Authentication request for user: ").append(ntlmUsernamePasswordAuthenticationToken.getName()).append(" failed: ").append(e.toString()).toString());
            }
            SecurityContextHolder.getContext().setAuthentication(authentication);
            if (!this.retryOnAuthFailure || (!(e instanceof AuthenticationCredentialsNotFoundException) && !(e instanceof InsufficientAuthenticationException))) {
                throw e;
            }
            logger.debug("Restart NTLM authentication handshake due to AuthenticationException");
            httpSession.setAttribute(STATE_ATTR, BEGIN);
            throw new NtlmBeginHandshakeException();
        }
    }

    private UniAddress getDCAddress(HttpSession httpSession) throws UnknownHostException, SmbException {
        if (!this.loadBalance) {
            return UniAddress.getByName(this.domainController, true);
        }
        NtlmChallenge ntlmChallenge = (NtlmChallenge) httpSession.getAttribute(CHALLENGE_ATTR);
        if (ntlmChallenge == null) {
            ntlmChallenge = SmbSession.getChallengeForDomain();
            httpSession.setAttribute(CHALLENGE_ATTR, ntlmChallenge);
        }
        return ntlmChallenge.dc;
    }

    private byte[] getChallenge(HttpSession httpSession, UniAddress uniAddress) throws UnknownHostException, SmbException {
        return this.loadBalance ? ((NtlmChallenge) httpSession.getAttribute(CHALLENGE_ATTR)).challenge : SmbSession.getChallenge(uniAddress);
    }

    public int getOrder() {
        return -2147481448;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$springframework$security$ui$ntlm$NtlmProcessingFilter == null) {
            cls = class$("org.springframework.security.ui.ntlm.NtlmProcessingFilter");
            class$org$springframework$security$ui$ntlm$NtlmProcessingFilter = cls;
        } else {
            cls = class$org$springframework$security$ui$ntlm$NtlmProcessingFilter;
        }
        logger = LogFactory.getLog(cls);
        BEGIN = new Integer(0);
        NEGOTIATE = new Integer(1);
        COMPLETE = new Integer(2);
        DELAYED = new Integer(3);
    }
}
