package com.liferay.portal.servlet.filters.sso.ntlm;

import com.liferay.portal.kernel.cache.PortalCache;
import com.liferay.portal.kernel.cache.SingleVMPoolUtil;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.ldap.LDAPSettingsUtil;
import com.liferay.portal.security.ntlm.NtlmManager;
import com.liferay.portal.security.ntlm.NtlmUserAccount;
import com.liferay.portal.servlet.filters.BasePortalFilter;
import com.liferay.portal.util.PortalInstances;
import com.liferay.portal.util.PrefsPropsUtil;
import com.liferay.portal.util.PropsUtil;
import com.liferay.portal.util.PropsValues;
import com.liferay.portal.util.WebKeys;
import java.io.Serializable;
import java.security.SecureRandom;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jcifs.Config;
import jcifs.http.NtlmHttpFilter;
import jcifs.util.Base64;

/* loaded from: input_file:com/liferay/portal/servlet/filters/sso/ntlm/NtlmFilter.class */
public class NtlmFilter extends BasePortalFilter {
    private static Log _log = LogFactoryUtil.getLog(NtlmFilter.class);
    private Map<Long, NtlmManager> _ntlmManagers = new ConcurrentHashMap();
    private SecureRandom _secureRandom = new SecureRandom();
    private PortalCache _serverChallenges = SingleVMPoolUtil.getCache(NtlmFilter.class.getName());

    public void init(FilterConfig filterConfig) {
        try {
            new NtlmHttpFilter().init(filterConfig);
            for (Map.Entry entry : PropsUtil.getProperties("jcifs.", false).entrySet()) {
                Config.setProperty((String) entry.getKey(), (String) entry.getValue());
            }
        } catch (Exception e) {
            _log.error(e, e);
        }
    }

    @Override // com.liferay.portal.servlet.filters.BasePortalFilter
    protected Log getLog() {
        return _log;
    }

    protected NtlmManager getNtlmManager(long j) throws SystemException {
        String string = PrefsPropsUtil.getString(j, "ntlm.auth.domain", PropsValues.NTLM_DOMAIN);
        String string2 = PrefsPropsUtil.getString(j, "ntlm.auth.domain.controller", PropsValues.NTLM_DOMAIN_CONTROLLER);
        String string3 = PrefsPropsUtil.getString(j, "ntlm.auth.domain.controller.name", PropsValues.NTLM_DOMAIN_CONTROLLER_NAME);
        String string4 = PrefsPropsUtil.getString(j, "ntlm.auth.service.account", PropsValues.NTLM_SERVICE_ACCOUNT);
        String string5 = PrefsPropsUtil.getString(j, "ntlm.auth.service.password", PropsValues.NTLM_SERVICE_PASSWORD);
        NtlmManager ntlmManager = this._ntlmManagers.get(Long.valueOf(j));
        if (ntlmManager == null) {
            ntlmManager = new NtlmManager(string, string2, string3, string4, string5);
            this._ntlmManagers.put(Long.valueOf(j), ntlmManager);
        } else if (!Validator.equals(ntlmManager.getDomain(), string) || !Validator.equals(ntlmManager.getDomainController(), string2) || !Validator.equals(ntlmManager.getDomainControllerName(), string3) || !Validator.equals(ntlmManager.getServiceAccount(), string4) || !Validator.equals(ntlmManager.getServicePassword(), string5)) {
            ntlmManager.setConfiguration(string, string2, string3, string4, string5);
        }
        return ntlmManager;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v68, types: [byte[], java.io.Serializable] */
    protected void processFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws Exception {
        long companyId = PortalInstances.getCompanyId(httpServletRequest);
        if (LDAPSettingsUtil.isNtlmEnabled(companyId)) {
            HttpSession session = httpServletRequest.getSession(false);
            String string = GetterUtil.getString(httpServletRequest.getHeader("Authorization"));
            if (string.startsWith("NTLM")) {
                NtlmManager ntlmManager = getNtlmManager(companyId);
                byte[] decode = Base64.decode(string.substring(5));
                if (decode[8] == 1) {
                    ?? r0 = new byte[8];
                    this._secureRandom.nextBytes(r0);
                    httpServletResponse.setHeader("WWW-Authenticate", "NTLM " + Base64.encode(ntlmManager.negotiate(decode, r0)));
                    httpServletResponse.setStatus(401);
                    httpServletResponse.setContentLength(0);
                    httpServletResponse.flushBuffer();
                    this._serverChallenges.put(httpServletRequest.getRemoteAddr(), (Serializable) r0);
                    return;
                }
                byte[] bArr = (byte[]) this._serverChallenges.get(httpServletRequest.getRemoteAddr());
                if (bArr == null) {
                    httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
                    httpServletResponse.setStatus(401);
                    httpServletResponse.setContentLength(0);
                    httpServletResponse.flushBuffer();
                    return;
                }
                NtlmUserAccount ntlmUserAccount = null;
                try {
                    ntlmUserAccount = ntlmManager.authenticate(decode, bArr);
                } catch (Exception e) {
                    if (_log.isErrorEnabled()) {
                        _log.error("Unable to perform NTLM authentication", e);
                    }
                } finally {
                    this._serverChallenges.remove(httpServletRequest.getRemoteAddr());
                }
                if (ntlmUserAccount == null) {
                    httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
                    httpServletResponse.setStatus(401);
                    httpServletResponse.setContentLength(0);
                    httpServletResponse.flushBuffer();
                    return;
                }
                if (_log.isDebugEnabled()) {
                    _log.debug("NTLM remote user " + ntlmUserAccount.getUserName());
                }
                httpServletRequest.setAttribute(WebKeys.NTLM_REMOTE_USER, ntlmUserAccount.getUserName());
                if (session != null) {
                    session.setAttribute(WebKeys.NTLM_USER_ACCOUNT, ntlmUserAccount);
                }
            }
            String pathInfo = httpServletRequest.getPathInfo();
            if (pathInfo != null && pathInfo.endsWith("/login")) {
                NtlmUserAccount ntlmUserAccount2 = null;
                if (session != null) {
                    ntlmUserAccount2 = (NtlmUserAccount) session.getAttribute(WebKeys.NTLM_USER_ACCOUNT);
                }
                if (ntlmUserAccount2 == null) {
                    httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
                    httpServletResponse.setStatus(401);
                    httpServletResponse.setContentLength(0);
                    httpServletResponse.flushBuffer();
                    return;
                }
            }
        }
        processFilter(NtlmPostFilter.class, httpServletRequest, httpServletResponse, filterChain);
    }
}
