package org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.ResponseHeader;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import waffle.util.Base64;
import waffle.windows.auth.impl.WindowsAuthProviderImpl;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/token/handlers/grant/iwa/ntlm/NTLMAuthenticationGrantHandlerWithHandshake.class */
public class NTLMAuthenticationGrantHandlerWithHandshake extends AbstractAuthorizationGrantHandler {
    private static final String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
    private static final String SCHEME_NTLM = "NTLM";
    private static final String SERVER_CONNECTION = "server-connection";
    private static final String SECURITY_PACKAGE = "Negotiate";
    private static final int MESSAGE_TYPE_BYTE_INDEX = 8;
    private static final int NTLM_TYPE_1_TOKEN = 1;
    private static final int NTLM_TYPE_3_TOKEN = 3;
    private static Log log = LogFactory.getLog(NTLMAuthenticationGrantHandlerWithHandshake.class);
    private static WindowsAuthProviderImpl provider = new WindowsAuthProviderImpl();

    public int getNLTMMessageType(byte[] bArr) throws IdentityOAuth2Exception {
        if (bArr.length <= MESSAGE_TYPE_BYTE_INDEX) {
            throw new IdentityOAuth2Exception("Cannot extract message type from NLTM Token. Decoded token length is less than 8.");
        }
        byte b = bArr[MESSAGE_TYPE_BYTE_INDEX];
        if (b < NTLM_TYPE_1_TOKEN || b > 3) {
            throw new IdentityOAuth2Exception("Invalid NLTM message type:" + ((int) b) + ". Should be one of 1,2 or 3.");
        }
        return b;
    }

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler, org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public boolean validateGrant(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        if (!super.validateGrant(oAuthTokenReqMessageContext)) {
            return false;
        }
        String windowsToken = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getWindowsToken();
        if (windowsToken == null) {
            throw new IdentityOAuth2Exception("Received NTLM token is null");
        }
        byte[] decode = Base64.decode(windowsToken);
        int nLTMMessageType = getNLTMMessageType(decode);
        if (log.isDebugEnabled()) {
            log.debug("Received NTLM token Type " + nLTMMessageType + ":" + windowsToken);
        }
        if (nLTMMessageType != NTLM_TYPE_1_TOKEN) {
            if (nLTMMessageType == 3) {
                oAuthTokenReqMessageContext.setAuthorizedUser(OAuth2Util.getUserFromUserName(provider.acceptSecurityToken(SERVER_CONNECTION, decode, SECURITY_PACKAGE).getIdentity().getFqn().split("\\\\")[NTLM_TYPE_1_TOKEN]));
                return true;
            }
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Unknown NTLM token, Type " + nLTMMessageType + ":" + windowsToken);
            return false;
        }
        String encode = Base64.encode(provider.acceptSecurityToken(SERVER_CONNECTION, decode, SECURITY_PACKAGE).getToken());
        if (log.isDebugEnabled()) {
            log.debug("Sent NTLM token Type 2:" + encode);
        }
        ResponseHeader[] responseHeaderArr = {new ResponseHeader()};
        responseHeaderArr[0].setKey(HEADER_WWW_AUTHENTICATE);
        responseHeaderArr[0].setValue("NTLM " + encode);
        oAuthTokenReqMessageContext.addProperty("RESPONSE_HEADERS", responseHeaderArr);
        return false;
    }
}
