package waffle.apache;

import java.io.IOException;
import java.security.Principal;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.commons.logging.LogFactory;
import waffle.util.AuthorizationHeader;
import waffle.util.Base64;
import waffle.util.NtlmServletRequest;
import waffle.windows.auth.IWindowsAuthProvider;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.IWindowsSecurityContext;
import waffle.windows.auth.PrincipalFormat;

/* loaded from: input_file:waffle/apache/MixedAuthenticator.class */
public class MixedAuthenticator extends WaffleAuthenticatorBase {
    public MixedAuthenticator() {
        this._log = LogFactory.getLog(MixedAuthenticator.class);
        this._info = "waffle.apache.MixedAuthenticator/1.0";
        this._log.debug("[waffle.apache.MixedAuthenticator] loaded");
    }

    public void startInternal() throws LifecycleException {
        this._log.info("[waffle.apache.MixedAuthenticator] started");
        super.startInternal();
    }

    public void stopInternal() throws LifecycleException {
        super.stopInternal();
        this._log.info("[waffle.apache.MixedAuthenticator] stopped");
    }

    public boolean authenticate(Request request, HttpServletResponse httpServletResponse, LoginConfig loginConfig) {
        if (this.context == null || this.context.getRealm() == null) {
            this._log.warn("missing context/realm");
            sendError(httpServletResponse, 503);
            return false;
        }
        this._log.debug(request.getMethod() + " " + request.getRequestURI() + ", contentlength: " + request.getContentLength());
        boolean z = request.getParameter("j_negotiate_check") != null;
        this._log.debug("negotiateCheck: " + z);
        boolean z2 = request.getParameter("j_security_check") != null;
        this._log.debug("securityCheck: " + z2);
        Principal userPrincipal = request.getUserPrincipal();
        AuthorizationHeader authorizationHeader = new AuthorizationHeader(request);
        boolean isNtlmType1PostAuthorizationHeader = authorizationHeader.isNtlmType1PostAuthorizationHeader();
        this._log.debug("authorization: " + authorizationHeader.toString() + ", ntlm post: " + isNtlmType1PostAuthorizationHeader);
        if (userPrincipal != null && !isNtlmType1PostAuthorizationHeader) {
            this._log.debug("previously authenticated user: " + userPrincipal.getName());
            return true;
        }
        if (z) {
            if (!authorizationHeader.isNull()) {
                return negotiate(request, httpServletResponse, authorizationHeader);
            }
            this._log.debug("authorization required");
            sendUnauthorized(httpServletResponse);
            return false;
        }
        if (!z2) {
            redirectTo(request, httpServletResponse, loginConfig.getLoginPage());
            return false;
        }
        boolean post = post(request, httpServletResponse, loginConfig);
        if (post) {
            redirectTo(request, httpServletResponse, request.getServletPath());
        } else {
            redirectTo(request, httpServletResponse, loginConfig.getErrorPage());
        }
        return post;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v41, types: [java.security.Principal, waffle.apache.GenericWindowsPrincipal] */
    private boolean negotiate(Request request, HttpServletResponse httpServletResponse, AuthorizationHeader authorizationHeader) {
        String securityPackage = authorizationHeader.getSecurityPackage();
        String connectionId = NtlmServletRequest.getConnectionId(request);
        this._log.debug("security package: " + securityPackage + ", connection id: " + connectionId);
        boolean isNtlmType1PostAuthorizationHeader = authorizationHeader.isNtlmType1PostAuthorizationHeader();
        if (isNtlmType1PostAuthorizationHeader) {
            this._auth.resetSecurityToken(connectionId);
        }
        try {
            byte[] tokenBytes = authorizationHeader.getTokenBytes();
            this._log.debug("token buffer: " + tokenBytes.length + " byte(s)");
            IWindowsSecurityContext acceptSecurityToken = this._auth.acceptSecurityToken(connectionId, tokenBytes, securityPackage);
            this._log.debug("continue required: " + acceptSecurityToken.getContinue());
            byte[] token = acceptSecurityToken.getToken();
            if (token != null) {
                String str = new String(Base64.encode(token));
                this._log.debug("continue token: " + str);
                httpServletResponse.addHeader("WWW-Authenticate", securityPackage + " " + str);
            }
            if (acceptSecurityToken.getContinue() || isNtlmType1PostAuthorizationHeader) {
                httpServletResponse.setHeader("Connection", "keep-alive");
                httpServletResponse.sendError(401);
                httpServletResponse.flushBuffer();
                return false;
            }
            IWindowsIdentity identity = acceptSecurityToken.getIdentity();
            if (!this._allowGuestLogin && identity.isGuest()) {
                this._log.warn("guest login disabled: " + identity.getFqn());
                sendUnauthorized(httpServletResponse);
                return false;
            }
            try {
                this._log.debug("logged in user: " + identity.getFqn() + " (" + identity.getSidString() + ")");
                ?? genericWindowsPrincipal = new GenericWindowsPrincipal(identity, this._principalFormat, this._roleFormat);
                this._log.debug("roles: " + genericWindowsPrincipal.getRolesString());
                this._log.debug("session id:" + request.getSession(true).getId());
                register(request, httpServletResponse, genericWindowsPrincipal, securityPackage, genericWindowsPrincipal.getName(), null);
                this._log.info("successfully logged in user: " + genericWindowsPrincipal.getName());
                identity.dispose();
                return true;
            } catch (Throwable th) {
                identity.dispose();
                throw th;
            }
        } catch (Exception e) {
            this._log.warn("error logging in user: " + e.getMessage());
            sendUnauthorized(httpServletResponse);
            return false;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v19, types: [java.security.Principal, waffle.apache.GenericWindowsPrincipal] */
    private boolean post(Request request, HttpServletResponse httpServletResponse, LoginConfig loginConfig) {
        String parameter = request.getParameter("j_username");
        String parameter2 = request.getParameter("j_password");
        this._log.debug("logging in: " + parameter);
        try {
            IWindowsIdentity logonUser = this._auth.logonUser(parameter, parameter2);
            if (!this._allowGuestLogin && logonUser.isGuest()) {
                this._log.warn("guest login disabled: " + logonUser.getFqn());
                return false;
            }
            try {
                this._log.debug("successfully logged in " + parameter + " (" + logonUser.getSidString() + ")");
                ?? genericWindowsPrincipal = new GenericWindowsPrincipal(logonUser, this._principalFormat, this._roleFormat);
                this._log.debug("roles: " + genericWindowsPrincipal.getRolesString());
                this._log.debug("session id:" + request.getSession(true).getId());
                register(request, httpServletResponse, genericWindowsPrincipal, "FORM", genericWindowsPrincipal.getName(), null);
                this._log.info("successfully logged in user: " + genericWindowsPrincipal.getName());
                logonUser.dispose();
                return true;
            } catch (Throwable th) {
                logonUser.dispose();
                throw th;
            }
        } catch (Exception e) {
            this._log.error(e.getMessage());
            return false;
        }
    }

    private void redirectTo(Request request, HttpServletResponse httpServletResponse, String str) {
        try {
            this._log.debug("redirecting to: " + str);
            this.context.getServletContext().getRequestDispatcher(str).forward(request.getRequest(), httpServletResponse);
        } catch (ServletException e) {
            this._log.error(e.getMessage());
            throw new RuntimeException((Throwable) e);
        } catch (IOException e2) {
            this._log.error(e2.getMessage());
            throw new RuntimeException(e2);
        }
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ void setAllowGuestLogin(boolean z) {
        super.setAllowGuestLogin(z);
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ boolean getAllowGuestLogin() {
        return super.getAllowGuestLogin();
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ PrincipalFormat getRoleFormat() {
        return super.getRoleFormat();
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ void setRoleFormat(String str) {
        super.setRoleFormat(str);
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ PrincipalFormat getPrincipalFormat() {
        return super.getPrincipalFormat();
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ void setPrincipalFormat(String str) {
        super.setPrincipalFormat(str);
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ String getInfo() {
        return super.getInfo();
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ void setAuth(IWindowsAuthProvider iWindowsAuthProvider) {
        super.setAuth(iWindowsAuthProvider);
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ IWindowsAuthProvider getAuth() {
        return super.getAuth();
    }
}
