package org.jasig.cas.support.spnego.authentication.handler.support;

import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.regex.Pattern;
import javax.security.auth.login.FailedLoginException;
import jcifs.spnego.Authentication;
import jcifs.spnego.AuthenticationException;
import org.jasig.cas.authentication.BasicCredentialMetaData;
import org.jasig.cas.authentication.Credential;
import org.jasig.cas.authentication.HandlerResult;
import org.jasig.cas.authentication.PreventedException;
import org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.jasig.cas.authentication.principal.SimplePrincipal;
import org.jasig.cas.support.spnego.authentication.principal.SpnegoCredential;

/* loaded from: input_file:org/jasig/cas/support/spnego/authentication/handler/support/JCIFSSpnegoAuthenticationHandler.class */
public final class JCIFSSpnegoAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {
    private Authentication authentication;
    private boolean principalWithDomainName = true;
    private boolean isNTLMallowed = false;

    protected HandlerResult doAuthentication(Credential credential) throws GeneralSecurityException, PreventedException {
        Principal principal;
        byte[] nextToken;
        SpnegoCredential spnegoCredential = (SpnegoCredential) credential;
        try {
            synchronized (this) {
                this.authentication.reset();
                this.authentication.process(spnegoCredential.getInitToken());
                principal = this.authentication.getPrincipal();
                nextToken = this.authentication.getNextToken();
            }
            if (nextToken != null) {
                this.logger.debug("Setting nextToken in credential");
                spnegoCredential.setNextToken(nextToken);
            } else {
                this.logger.debug("nextToken is null");
            }
            boolean z = false;
            if (principal != null) {
                if (spnegoCredential.isNtlm()) {
                    this.logger.debug("NTLM Credential is valid for user [{}]", principal.getName());
                    spnegoCredential.setPrincipal(getSimplePrincipal(principal.getName(), true));
                    boolean z2 = this.isNTLMallowed;
                }
                this.logger.debug("Kerberos Credential is valid for user [{}]", principal.getName());
                spnegoCredential.setPrincipal(getSimplePrincipal(principal.getName(), false));
                z = true;
            }
            if (z) {
                return new HandlerResult(this, new BasicCredentialMetaData(credential), spnegoCredential.getPrincipal());
            }
            throw new FailedLoginException("Principal is null, the processing of the SPNEGO Token failed");
        } catch (AuthenticationException e) {
            throw new FailedLoginException(e.getMessage());
        }
    }

    public boolean supports(Credential credential) {
        return credential instanceof SpnegoCredential;
    }

    public void setAuthentication(Authentication authentication) {
        this.authentication = authentication;
    }

    public void setPrincipalWithDomainName(boolean z) {
        this.principalWithDomainName = z;
    }

    public void setNTLMallowed(boolean z) {
        this.isNTLMallowed = z;
    }

    protected SimplePrincipal getSimplePrincipal(String str, boolean z) {
        return this.principalWithDomainName ? new SimplePrincipal(str) : z ? Pattern.matches("\\S+\\\\\\S+", str) ? new SimplePrincipal(str.split("\\\\")[1]) : new SimplePrincipal(str) : new SimplePrincipal(str.split("@")[0]);
    }
}
