package com.day.j2ee.ntlm;

import com.day.j2ee.servletengine.Constants;
import com.day.j2ee.servletengine.RequestImpl;
import com.day.j2ee.servletengine.ResponseImpl;
import com.day.smb.SmbException;
import com.day.smb.SmbInput;
import com.day.smb.SmbOutput;
import com.day.smb.netbios.NBException;
import com.day.smb.ntlm.Base64;
import com.day.smb.ntlm.Header;
import com.day.smb.ntlm.Message;
import com.day.smb.ntlm.NTLMPrincipal;
import com.day.smb.ntlm.Type1Message;
import com.day.smb.ntlm.Type2Message;
import com.day.smb.ntlm.Type3Message;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import org.jdom.Attribute;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/day/j2ee/ntlm/NTLMAuthenticationHandler.class */
public class NTLMAuthenticationHandler implements NTLMCallContext, Constants {
    private static final Logger SEL = LoggerFactory.getLogger(Constants.SERVLETENGINE);
    private static final String NTLM_PREFIX = "NTLM ";
    private static final int NONE = 0;
    private static final int CHALLENGED = 1;
    private static final int RESPONDED = 2;
    private final NTLMAuthenticator authenticator;
    private final Map attributes = new HashMap();
    private Principal principal;
    private int state;
    private NTLMDomain domain;
    private byte[] challenge;

    public NTLMAuthenticationHandler(NTLMAuthenticator nTLMAuthenticator) {
        this.authenticator = nTLMAuthenticator;
    }

    public boolean handle(RequestImpl requestImpl, ResponseImpl responseImpl) {
        Message message = null;
        String header = requestImpl.getHeader(Constants.HEADER_AUTHORIZATION);
        if (header != null && header.startsWith(NTLM_PREFIX)) {
            message = decodeMessage(header.substring(NTLM_PREFIX.length()));
        }
        if (message instanceof Type1Message) {
            reset();
        }
        switch (this.state) {
            case 0:
                if (message != null) {
                    if (!(message instanceof Type1Message)) {
                        SEL.warn("Expected Type1 message, got: {}", message);
                        break;
                    } else {
                        return handleChallenge(requestImpl, responseImpl, (Type1Message) message);
                    }
                }
                break;
            case 1:
                if (message != null) {
                    if (!(message instanceof Type3Message)) {
                        SEL.warn("Expected Type3 message, got: {}", message);
                        break;
                    } else {
                        handleResponse((Type3Message) message);
                        break;
                    }
                }
                break;
            case 2:
                if (message != null) {
                    SEL.warn("Unexpected message: {}", message);
                    break;
                }
                break;
        }
        if (this.principal == null) {
            return false;
        }
        requestImpl.setUserPrincipal(this.principal, "NTLM");
        return false;
    }

    public void reset() {
        this.principal = null;
        this.state = 0;
        if (this.domain != null) {
            this.domain.release(this);
            this.domain = null;
        }
        this.challenge = null;
    }

    private static Message decodeMessage(String str) {
        SmbInput smbInput = new SmbInput(Base64.decode(str));
        Header header = new Header();
        try {
            header.read(smbInput);
            Type1Message type1Message = null;
            switch (header.getType()) {
                case 1:
                    type1Message = new Type1Message();
                    break;
                case 2:
                    type1Message = new Type2Message();
                    break;
                case Attribute.IDREF_TYPE /* 3 */:
                    type1Message = new Type3Message(true);
                    break;
            }
            try {
                type1Message.read(smbInput);
                return type1Message;
            } catch (SmbException e) {
                SEL.warn("Unable to parse message: {}", e.getMessage());
                if (!SEL.isDebugEnabled()) {
                    return null;
                }
                SEL.debug("Stack trace: ", e);
                return null;
            }
        } catch (SmbException e2) {
            SEL.warn("Unable to parse message header: {}", e2.getMessage());
            if (!SEL.isDebugEnabled()) {
                return null;
            }
            SEL.debug("Stack trace: ", e2);
            return null;
        }
    }

    private boolean handleChallenge(RequestImpl requestImpl, ResponseImpl responseImpl, Type1Message type1Message) {
        String domain = type1Message.getDomain();
        if (domain == null) {
            try {
                domain = this.authenticator.getDomain(requestImpl.getRemoteInetAddress());
            } catch (NBException e) {
                SEL.warn("Unable to determine domain of client {}: {}.", requestImpl.getRemoteHost(), e.getMessage());
            }
        }
        if (domain == null) {
            this.domain = this.authenticator.getAnonymousDomain();
            if (this.domain == null) {
                SEL.warn("Unable to get anonymous domain.");
                return false;
            }
        } else {
            this.domain = this.authenticator.getDomain(domain);
            if (this.domain == null) {
                SEL.warn("Unable to find domain {}.", domain);
                return false;
            }
        }
        SmbOutput smbOutput = new SmbOutput();
        try {
            Type2Message challenge = this.domain.challenge(this, type1Message);
            this.challenge = challenge.getChallenge();
            challenge.write(smbOutput);
            responseImpl.setHeader(Constants.HEADER_WWW_AUTHENTICATE, new StringBuffer().append(NTLM_PREFIX).append(Base64.encode(smbOutput.toByteArray())).toString());
            responseImpl.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            this.state = 1;
            return true;
        } catch (SmbException e2) {
            SEL.warn("Unable to get challenge from domain: {}", e2.getMessage());
            if (!SEL.isDebugEnabled()) {
                return false;
            }
            SEL.debug("Stack trace: ", e2);
            return false;
        }
    }

    private void handleResponse(Type3Message type3Message) {
        this.principal = new NTLMPrincipal(type3Message.getUserName(), type3Message.getWorkstation(), this.domain.getName(), this.challenge, type3Message.getNtlmResponse());
        try {
            this.domain.validate(this, type3Message);
        } catch (SmbException e) {
            SEL.warn("Unable to validate response: {}", e.getMessage());
            if (SEL.isDebugEnabled()) {
                SEL.debug("Stack trace: ", e);
            }
        }
        this.state = 2;
    }

    @Override // com.day.j2ee.ntlm.NTLMCallContext
    public Object getAttribute(String str) {
        return this.attributes.get(str);
    }

    @Override // com.day.j2ee.ntlm.NTLMCallContext
    public void setAttribute(String str, Object obj) {
        this.attributes.put(str, obj);
    }
}
