package waffle.shiro.negotiate;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import waffle.util.AuthorizationHeader;
import waffle.util.NtlmServletRequest;

/* loaded from: input_file:waffle/shiro/negotiate/NegotiateAuthenticationFilter.class */
public class NegotiateAuthenticationFilter extends AuthenticatingFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(NegotiateAuthenticationFilter.class);
    private static final List<String> PROTOCOLS = new ArrayList();
    private String failureKeyAttribute = "shiroLoginFailure";
    private String rememberMeParam = "rememberMe";

    public NegotiateAuthenticationFilter() {
        PROTOCOLS.add("Negotiate");
        PROTOCOLS.add("NTLM");
    }

    public String getRememberMeParam() {
        return this.rememberMeParam;
    }

    public void setRememberMeParam(String str) {
        this.rememberMeParam = str;
    }

    protected boolean isRememberMe(ServletRequest servletRequest) {
        return WebUtils.isTrue(servletRequest, getRememberMeParam());
    }

    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {
        String[] split = getAuthzHeader(servletRequest).split(" ", -1);
        byte[] decode = Base64.getDecoder().decode(split[1]);
        String connectionId = NtlmServletRequest.getConnectionId((HttpServletRequest) servletRequest);
        String str = split[0];
        boolean isNtlmType1PostAuthorizationHeader = new AuthorizationHeader((HttpServletRequest) servletRequest).isNtlmType1PostAuthorizationHeader();
        LOGGER.debug("security package: {}, connection id: {}, ntlmPost: {}", new Object[]{str, connectionId, Boolean.valueOf(isNtlmType1PostAuthorizationHeader)});
        return new NegotiateToken(decode, new byte[0], connectionId, str, isNtlmType1PostAuthorizationHeader, isRememberMe(servletRequest), getHost(servletRequest));
    }

    protected boolean onLoginSuccess(AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        servletRequest.setAttribute("MY_SUBJECT", ((NegotiateToken) authenticationToken).getSubject());
        return true;
    }

    protected boolean onLoginFailure(AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) {
        if (authenticationException instanceof AuthenticationInProgressException) {
            String authzHeaderProtocol = getAuthzHeaderProtocol(servletRequest);
            LOGGER.debug("Negotiation in progress for protocol: {}", authzHeaderProtocol);
            sendChallengeDuringNegotiate(authzHeaderProtocol, servletResponse, ((NegotiateToken) authenticationToken).getOut());
            return false;
        }
        LOGGER.warn("login exception: {}", authenticationException.getMessage());
        sendChallengeOnFailure(servletResponse);
        setFailureAttribute(servletRequest, authenticationException);
        return true;
    }

    protected void setFailureAttribute(ServletRequest servletRequest, AuthenticationException authenticationException) {
        servletRequest.setAttribute(getFailureKeyAttribute(), authenticationException.getClass().getName());
    }

    public String getFailureKeyAttribute() {
        return this.failureKeyAttribute;
    }

    public void setFailureKeyAttribute(String str) {
        this.failureKeyAttribute = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        boolean z = false;
        if (isLoginAttempt(servletRequest)) {
            z = executeLogin(servletRequest, servletResponse);
        } else {
            LOGGER.debug("authorization required, supported protocols: {}", PROTOCOLS);
            sendChallengeInitiateNegotiate(servletResponse);
        }
        return z;
    }

    private boolean isLoginAttempt(ServletRequest servletRequest) {
        String authzHeader = getAuthzHeader(servletRequest);
        return authzHeader != null && isLoginAttempt(authzHeader);
    }

    private String getAuthzHeader(ServletRequest servletRequest) {
        return WebUtils.toHttp(servletRequest).getHeader("Authorization");
    }

    private String getAuthzHeaderProtocol(ServletRequest servletRequest) {
        String authzHeader = getAuthzHeader(servletRequest);
        return authzHeader.substring(0, authzHeader.indexOf(32));
    }

    boolean isLoginAttempt(String str) {
        Iterator<String> it = PROTOCOLS.iterator();
        while (it.hasNext()) {
            if (str.toLowerCase().startsWith(it.next().toLowerCase())) {
                return true;
            }
        }
        return false;
    }

    private void sendChallenge(List<String> list, ServletResponse servletResponse, byte[] bArr) {
        HttpServletResponse http = WebUtils.toHttp(servletResponse);
        sendAuthenticateHeader(list, bArr, http);
        http.setStatus(401);
    }

    void sendChallengeInitiateNegotiate(ServletResponse servletResponse) {
        sendChallenge(PROTOCOLS, servletResponse, null);
    }

    void sendChallengeDuringNegotiate(String str, ServletResponse servletResponse, byte[] bArr) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        sendChallenge(arrayList, servletResponse, bArr);
    }

    void sendChallengeOnFailure(ServletResponse servletResponse) {
        HttpServletResponse http = WebUtils.toHttp(servletResponse);
        sendUnauthorized(PROTOCOLS, null, http);
        http.setHeader("Connection", "close");
        try {
            http.sendError(401);
            http.flushBuffer();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private void sendAuthenticateHeader(List<String> list, byte[] bArr, HttpServletResponse httpServletResponse) {
        sendUnauthorized(list, bArr, httpServletResponse);
        httpServletResponse.setHeader("Connection", "keep-alive");
    }

    private void sendUnauthorized(List<String> list, byte[] bArr, HttpServletResponse httpServletResponse) {
        for (String str : list) {
            if (bArr == null || bArr.length == 0) {
                httpServletResponse.addHeader("WWW-Authenticate", str);
            } else {
                httpServletResponse.setHeader("WWW-Authenticate", str + " " + Base64.getEncoder().encodeToString(bArr));
            }
        }
    }
}
