package com.liferay.portal.servlet.filters.sso.ntlm;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.security.ldap.PortalLDAPUtil;
import com.liferay.portal.util.PortalInstances;
import com.liferay.portal.util.PrefsPropsUtil;
import com.liferay.portal.util.PropsKeys;
import com.liferay.portal.util.PropsValues;
import com.liferay.portal.util.WebKeys;
import com.liferay.util.servlet.filters.DynamicFilterConfig;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jcifs.Config;
import jcifs.UniAddress;
import jcifs.http.NtlmHttpFilter;
import jcifs.http.NtlmSsp;
import jcifs.ntlmssp.Type1Message;
import jcifs.ntlmssp.Type2Message;
import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SmbSession;
import jcifs.util.Base64;

/* loaded from: input_file:com/liferay/portal/servlet/filters/sso/ntlm/NtlmFilter.class */
public class NtlmFilter extends NtlmHttpFilter {
    private static Log _log = LogFactoryUtil.getLog(NtlmFilter.class);
    private DynamicFilterConfig _filterConfig;

    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        this._filterConfig = new DynamicFilterConfig(filterConfig);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            long companyId = PortalInstances.getCompanyId(httpServletRequest);
            if (PortalLDAPUtil.isNtlmEnabled(companyId)) {
                String initParameter = this._filterConfig.getInitParameter("jcifs.http.domainController");
                String initParameter2 = this._filterConfig.getInitParameter("jcifs.smb.client.domain");
                if (initParameter == null && initParameter2 == null) {
                    String string = PrefsPropsUtil.getString(companyId, PropsKeys.NTLM_DOMAIN_CONTROLLER, PropsValues.NTLM_DOMAIN_CONTROLLER);
                    String string2 = PrefsPropsUtil.getString(companyId, PropsKeys.NTLM_DOMAIN, PropsValues.NTLM_DOMAIN);
                    this._filterConfig.addInitParameter("jcifs.http.domainController", string);
                    this._filterConfig.addInitParameter("jcifs.smb.client.domain", string2);
                    super.init(this._filterConfig);
                    if (_log.isDebugEnabled()) {
                        _log.debug("Host " + string);
                        _log.debug("Domain " + string2);
                    }
                }
                String header = httpServletRequest.getHeader("Authorization");
                if (header != null && header.startsWith("NTLM")) {
                    byte[] decode = Base64.decode(header.substring(5));
                    if (decode[8] == 1) {
                        httpServletResponse.setHeader("WWW-Authenticate", "NTLM " + Base64.encode(new Type2Message(new Type1Message(decode), SmbSession.getChallenge(UniAddress.getByName(Config.getProperty("jcifs.http.domainController"), true)), (String) null).toByteArray()));
                        httpServletResponse.setStatus(401);
                        httpServletResponse.setContentLength(0);
                        httpServletResponse.flushBuffer();
                        return;
                    }
                }
                String pathInfo = httpServletRequest.getPathInfo();
                if (pathInfo != null && pathInfo.endsWith("/login")) {
                    NtlmPasswordAuthentication negotiate = negotiate(httpServletRequest, httpServletResponse, false);
                    if (negotiate == null) {
                        return;
                    }
                    String name = negotiate.getName();
                    int indexOf = name.indexOf("\\");
                    if (indexOf != -1) {
                        name = name.substring(indexOf + 1);
                    }
                    if (_log.isDebugEnabled()) {
                        _log.debug("NTLM remote user " + name);
                    }
                    servletRequest.setAttribute(WebKeys.NTLM_REMOTE_USER, name);
                }
            }
        } catch (Exception e) {
            _log.error(e);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public NtlmPasswordAuthentication negotiate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServletException {
        NtlmPasswordAuthentication ntlmPasswordAuthentication = null;
        HttpSession session = httpServletRequest.getSession(false);
        String header = httpServletRequest.getHeader("Authorization");
        if (_log.isDebugEnabled()) {
            _log.debug("Authorization header " + header);
        }
        if (header == null || !header.startsWith("NTLM ")) {
            if (session != null) {
                ntlmPasswordAuthentication = (NtlmPasswordAuthentication) session.getAttribute("NtlmHttpAuth");
            }
            if (ntlmPasswordAuthentication == null) {
                httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
                httpServletResponse.setStatus(401);
                httpServletResponse.setContentLength(0);
                httpServletResponse.flushBuffer();
                return null;
            }
        } else {
            UniAddress byName = UniAddress.getByName(Config.getProperty("jcifs.http.domainController"), true);
            if (_log.isDebugEnabled()) {
                _log.debug("Address " + byName);
            }
            ntlmPasswordAuthentication = NtlmSsp.authenticate(httpServletRequest, httpServletResponse, SmbSession.getChallenge(byName));
            session.setAttribute("NtlmHttpAuth", ntlmPasswordAuthentication);
        }
        if (_log.isDebugEnabled()) {
            _log.debug("Password authentication " + ntlmPasswordAuthentication);
        }
        return ntlmPasswordAuthentication;
    }
}
