package org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm;

import com.sun.jna.platform.win32.Sspi;
import java.io.IOException;
import javax.security.auth.Subject;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.common.OAuthConstants;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler;
import org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.util.SimpleFilterChain;
import org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.util.SimpleHttpRequest;
import org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.util.SimpleHttpResponse;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import waffle.servlet.NegotiateSecurityFilter;
import waffle.util.Base64;
import waffle.windows.auth.IWindowsCredentialsHandle;
import waffle.windows.auth.impl.WindowsAccountImpl;
import waffle.windows.auth.impl.WindowsAuthProviderImpl;
import waffle.windows.auth.impl.WindowsCredentialsHandleImpl;
import waffle.windows.auth.impl.WindowsSecurityContextImpl;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/token/handlers/grant/iwa/ntlm/NTLMAuthenticationGrantHandler.class */
public class NTLMAuthenticationGrantHandler extends AbstractAuthorizationGrantHandler {
    private static Log log = LogFactory.getLog(NTLMAuthenticationGrantHandler.class);
    String securityPackage = "Negotiate";

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler, org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public boolean validateGrant(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        boolean z;
        if (!super.validateGrant(oAuthTokenReqMessageContext)) {
            return false;
        }
        NegotiateSecurityFilter negotiateSecurityFilter = new NegotiateSecurityFilter();
        negotiateSecurityFilter.setAuth(new WindowsAuthProviderImpl());
        try {
            negotiateSecurityFilter.init((FilterConfig) null);
            String windowsToken = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getWindowsToken();
            negotiateSecurityFilter.setRoleFormat("both");
            if (windowsToken == null) {
                if (log.isDebugEnabled()) {
                    log.debug("NTLM token is null");
                }
                throw new IdentityOAuth2Exception("NTLM token is null");
            }
            if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("NTLM_Token")) {
                log.debug("Received NTLM Token : " + oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getWindowsToken());
            }
            IWindowsCredentialsHandle current = WindowsCredentialsHandleImpl.getCurrent(this.securityPackage);
            current.initialize();
            WindowsSecurityContextImpl windowsSecurityContextImpl = new WindowsSecurityContextImpl();
            windowsSecurityContextImpl.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
            windowsSecurityContextImpl.setCredentialsHandle(current.getHandle());
            windowsSecurityContextImpl.setSecurityPackage(this.securityPackage);
            windowsSecurityContextImpl.initialize((Sspi.CtxtHandle) null, (Sspi.SecBufferDesc) null, WindowsAccountImpl.getCurrentUsername());
            SimpleHttpRequest simpleHttpRequest = new SimpleHttpRequest();
            SimpleFilterChain simpleFilterChain = new SimpleFilterChain();
            while (true) {
                try {
                    simpleHttpRequest.addHeader(OAuthConstants.HTTP_REQ_HEADER_AUTHZ, this.securityPackage + " " + windowsToken);
                    SimpleHttpResponse simpleHttpResponse = new SimpleHttpResponse();
                    try {
                        negotiateSecurityFilter.doFilter(simpleHttpRequest, simpleHttpResponse, simpleFilterChain);
                        Subject subject = (Subject) simpleHttpRequest.getSession().getAttribute("javax.security.auth.subject");
                        z = subject != null && subject.getPrincipals().size() > 0;
                        if (z) {
                            break;
                        }
                        windowsSecurityContextImpl.initialize(windowsSecurityContextImpl.getHandle(), new Sspi.SecBufferDesc(2, Base64.decode(simpleHttpResponse.getHeader(OAuthConstants.HTTP_RESP_HEADER_AUTHENTICATE).substring(this.securityPackage.length() + 1))), "localhost");
                        windowsToken = Base64.encode(windowsSecurityContextImpl.getToken());
                    } catch (IOException e) {
                        log.error("You have been given wrong inputs to negotiate filter", e);
                        throw new IdentityOAuth2Exception("Error while processing negotiate the filter.", e);
                    }
                } catch (Exception e2) {
                    log.error("Error while validating the NTLM authentication grant", e2);
                    throw new IdentityOAuth2Exception("Error while validating the NTLM authentication grant", e2);
                }
            }
            if (log.isDebugEnabled()) {
                log.debug("NTLM token is authenticated");
            }
            oAuthTokenReqMessageContext.setAuthorizedUser(OAuth2Util.getUserFromUserName(WindowsAccountImpl.getCurrentUsername().split("\\\\")[1]));
            return z;
        } catch (ServletException e3) {
            log.error("Error while initializing Negotiate Security Filter", e3);
            throw new IdentityOAuth2Exception("Error while initializing Negotiate Security Filter", e3);
        }
    }
}
