package org.alfresco.repo.webdav.auth;

import java.io.IOException;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.UnknownHostException;
import javax.servlet.FilterChain;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.transaction.UserTransaction;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.filesys.ExtendedServerConfigurationAccessor;
import org.alfresco.jlan.server.auth.ntlm.NTLM;
import org.alfresco.jlan.server.config.SecurityConfigSection;
import org.alfresco.repo.SessionUser;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.web.auth.WebCredentials;
import org.alfresco.repo.web.filter.beans.DependencyInjectedFilter;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.class */
public abstract class BaseSSOAuthenticationFilter extends BaseAuthenticationFilter implements DependencyInjectedFilter, AuthenticationDriver, ActivateableBean, InitializingBean {
    private ExtendedServerConfigurationAccessor serverConfiguration;
    private String m_loginPage;
    private boolean m_ticketLogons;
    private String m_lastConfiguredServerName;
    private String m_lastResolvedServerName;
    private AuthenticationDriver fallbackDelegate;
    protected static final String MIME_HTML_TEXT = "text/html";
    protected String loginPageLink;
    private boolean m_isActive = true;
    private boolean m_isFallbackEnabled = true;

    public String getLoginPageLink() {
        return (this.loginPageLink == null || this.loginPageLink.isEmpty()) ? "/faces" + getLoginPage() : this.loginPageLink;
    }

    public void setLoginPageLink(String str) {
        this.loginPageLink = str;
    }

    public void setServerConfiguration(ExtendedServerConfigurationAccessor extendedServerConfigurationAccessor) {
        this.serverConfiguration = extendedServerConfigurationAccessor;
    }

    public final void setActive(boolean z) {
        this.m_isActive = z;
    }

    public final boolean isActive() {
        return this.m_isActive;
    }

    public final void setFallback(AuthenticationDriver authenticationDriver) {
        this.fallbackDelegate = authenticationDriver;
    }

    public final void setFallbackEnabled(boolean z) {
        this.m_isFallbackEnabled = z;
    }

    public final boolean isFallbackEnabled() {
        return this.m_isFallbackEnabled && this.fallbackDelegate != null;
    }

    public final void afterPropertiesSet() throws ServletException {
        if (isActive()) {
            init();
        }
    }

    @Override // org.alfresco.repo.web.filter.beans.DependencyInjectedFilter
    public void doFilter(ServletContext servletContext, ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest.getAttribute("alfNoAuthRequired") != null) {
            if (getLogger().isTraceEnabled()) {
                getLogger().trace("Authentication not required (filter), chaining ...");
            }
            filterChain.doFilter(servletRequest, servletResponse);
        } else if (authenticateRequest(servletContext, (HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse)) {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void init() throws ServletException {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void onValidate(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WebCredentials webCredentials) {
        this.authenticationListener.userAuthenticated(webCredentials);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void onValidateFailed(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession, WebCredentials webCredentials) throws IOException {
        this.authenticationListener.authenticationFailed(webCredentials);
        restartLoginChallenge(servletContext, httpServletRequest, httpServletResponse);
    }

    protected boolean onLoginComplete(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkForTicketParameter(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean z = false;
        String parameter = httpServletRequest.getParameter("ticket");
        if (parameter != null && parameter.length() != 0) {
            if (getLogger().isTraceEnabled()) {
                getLogger().trace("Logon via ticket from " + httpServletRequest.getRemoteHost() + " (" + httpServletRequest.getRemoteAddr() + ":" + httpServletRequest.getRemotePort() + ") ticket=" + parameter);
            }
            UserTransaction userTransaction = null;
            try {
                try {
                    try {
                        SessionUser sessionUser = getSessionUser(servletContext, httpServletRequest, httpServletResponse, true);
                        if (sessionUser != null && !parameter.equals(sessionUser.getTicket())) {
                            if (getLogger().isDebugEnabled()) {
                                getLogger().debug("The ticket doesn't match, invalidate the session.");
                            }
                            invalidateSession(httpServletRequest);
                            sessionUser = null;
                        }
                        if (sessionUser == null) {
                            if (getLogger().isDebugEnabled()) {
                                getLogger().debug("There is no valid cached user, validate the ticket and create one.");
                            }
                            this.authenticationService.validate(parameter);
                            createUserEnvironment(httpServletRequest.getSession(), this.authenticationService.getCurrentUserName(), this.authenticationService.getCurrentTicket(), true);
                        }
                        z = true;
                        if (0 != 0) {
                            try {
                                userTransaction.rollback();
                            } catch (Exception e) {
                            }
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            try {
                                userTransaction.rollback();
                            } catch (Exception e2) {
                                throw th;
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th2) {
                    if (getLogger().isDebugEnabled()) {
                        getLogger().debug("Error during ticket validation and user creation: " + th2.getMessage(), th2);
                    }
                    if (0 != 0) {
                        try {
                            userTransaction.rollback();
                        } catch (Exception e3) {
                        }
                    }
                }
            } catch (AuthenticationException e4) {
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug("Failed to authenticate user ticket: " + e4.getMessage(), e4);
                }
                if (0 != 0) {
                    try {
                        userTransaction.rollback();
                    } catch (Exception e5) {
                    }
                }
            }
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void redirectToLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (getLogger().isTraceEnabled()) {
            getLogger().trace("redirectToLoginPage...");
        }
        if (hasLoginPage()) {
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/faces" + getLoginPage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean hasLoginPage() {
        return this.m_loginPage != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String getLoginPage() {
        return this.m_loginPage;
    }

    protected final void setLoginPage(String str) {
        this.m_loginPage = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean allowsTicketLogons() {
        return this.m_ticketLogons;
    }

    public final void setTicketLogons(boolean z) {
        this.m_ticketLogons = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean isNTLMSSPBlob(byte[] bArr, int i) {
        boolean z = false;
        if (bArr.length - i >= NTLM.Signature.length) {
            int i2 = 0;
            while (i2 < NTLM.Signature.length && bArr[i + i2] == NTLM.Signature[i2]) {
                i2++;
            }
            if (i2 == NTLM.Signature.length) {
                z = true;
            }
        }
        return z;
    }

    protected synchronized String getServerName() {
        if (getLogger().isTraceEnabled()) {
            getLogger().trace("Searching for local server name.");
        }
        String str = null;
        if (this.serverConfiguration != null) {
            str = this.serverConfiguration.getServerName();
            if (str != null && str.length() == 0) {
                str = null;
            }
        }
        if (this.m_lastResolvedServerName != null && ((this.m_lastConfiguredServerName == null && str == null) || this.m_lastConfiguredServerName.equals(str))) {
            return this.m_lastResolvedServerName;
        }
        this.m_lastResolvedServerName = null;
        if (getLogger().isTraceEnabled()) {
            getLogger().trace("Found server name in the file server configuration: " + str);
        }
        this.m_lastConfiguredServerName = str;
        if (this.serverConfiguration != null) {
            if (this.m_lastConfiguredServerName != null) {
                try {
                    if (InetAddress.getByName(this.m_lastConfiguredServerName) == null) {
                        if (getLogger().isDebugEnabled()) {
                            getLogger().debug("Failed to resolve the configured name.");
                        }
                        this.m_lastResolvedServerName = this.serverConfiguration.getLocalServerName(true);
                    } else {
                        this.m_lastResolvedServerName = this.m_lastConfiguredServerName;
                    }
                } catch (UnknownHostException e) {
                    if (getLogger().isWarnEnabled()) {
                        getLogger().warn("NTLM filter, error resolving CIFS host name" + this.m_lastConfiguredServerName);
                    }
                }
            }
            if (this.m_lastResolvedServerName == null) {
                this.m_lastResolvedServerName = this.serverConfiguration.getLocalServerName(true);
                if (getLogger().isInfoEnabled()) {
                    getLogger().info("NTLM filter using server name " + this.m_lastResolvedServerName);
                }
            }
        } else {
            try {
                this.m_lastResolvedServerName = InetAddress.getLocalHost().getHostName();
                if (getLogger().isInfoEnabled()) {
                    getLogger().info("Found FQDN " + this.m_lastResolvedServerName);
                }
                int indexOf = this.m_lastResolvedServerName.indexOf(".");
                if (indexOf != -1) {
                    this.m_lastResolvedServerName = this.m_lastResolvedServerName.substring(0, indexOf);
                }
            } catch (UnknownHostException e2) {
                getLogger().error("NTLM filter, error getting local host name", e2);
            }
        }
        if (this.m_lastResolvedServerName == null || this.m_lastResolvedServerName.length() == 0) {
            throw new AlfrescoRuntimeException("Failed to get local server name");
        }
        return this.m_lastResolvedServerName;
    }

    protected SecurityConfigSection getSecurityConfigSection() {
        if (this.serverConfiguration == null) {
            return null;
        }
        return this.serverConfiguration.getConfigSection("Security");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void writeLoginPageLink(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (hasLoginPage()) {
            httpServletResponse.setContentType(MIME_HTML_TEXT);
            PrintWriter writer = httpServletResponse.getWriter();
            writer.println("<html><head>");
            writer.println("</head><body><p>Please <a href=\"" + httpServletRequest.getContextPath() + "/faces" + getLoginPage() + "\">log in</a>.</p>");
            writer.println("</body></html>");
            writer.close();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void includeFallbackAuth(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        this.fallbackDelegate.restartLoginChallenge(servletContext, httpServletRequest, httpServletResponse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean performFallbackAuthentication(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        if (getLogger().isTraceEnabled()) {
            getLogger().trace("Performing fallback authentication...");
        }
        boolean authenticateRequest = this.fallbackDelegate.authenticateRequest(servletContext, httpServletRequest, httpServletResponse);
        if (!authenticateRequest) {
            restartLoginChallenge(servletContext, httpServletRequest, httpServletResponse);
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("Fallback authentication failed. Restarting login...");
            }
        }
        if (authenticateRequest && getLogger().isDebugEnabled()) {
            getLogger().debug("Fallback authentication succeeded.");
        }
        return authenticateRequest;
    }
}
