package org.alfresco.filesys.auth.cifs;

import java.security.NoSuchAlgorithmException;
import org.alfresco.filesys.alfresco.AlfrescoClientInfo;
import org.alfresco.jlan.server.SrvSession;
import org.alfresco.jlan.server.auth.AuthContext;
import org.alfresco.jlan.server.auth.ClientInfo;
import org.alfresco.jlan.server.auth.NTLanManAuthContext;
import org.alfresco.jlan.server.core.SharedDevice;
import org.alfresco.jlan.smb.server.SMBSrvSession;
import org.alfresco.jlan.util.HexDump;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.NTLMMode;
import org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken;
import org.alfresco.repo.transaction.RetryingTransactionHelper;

/* loaded from: input_file:org/alfresco/filesys/auth/cifs/AlfrescoCifsAuthenticator.class */
public class AlfrescoCifsAuthenticator extends CifsAuthenticatorBase {
    @Override // org.alfresco.filesys.auth.cifs.CifsAuthenticatorBase
    protected boolean validateAuthenticationMode() {
        try {
            if (getNTLMAuthenticator().getNTLMMode() != NTLMMode.MD4_PROVIDER) {
                return getNTLMAuthenticator().getNTLMMode() == NTLMMode.PASS_THROUGH;
            }
            return true;
        } catch (IllegalStateException e) {
            return false;
        }
    }

    public int authenticateUser(final ClientInfo clientInfo, final SrvSession srvSession, final int i) {
        if (!(clientInfo instanceof AlfrescoClientInfo)) {
            return -1;
        }
        AlfrescoClientInfo alfrescoClientInfo = (AlfrescoClientInfo) clientInfo;
        if (clientInfo.isNullSession() && (srvSession instanceof SMBSrvSession)) {
            if (!logger.isDebugEnabled()) {
                return 0;
            }
            logger.debug("Null CIFS logon allowed");
            return 0;
        }
        try {
            if (alfrescoClientInfo.hasAuthenticationTicket() && clientInfo.getLogonType() != 2) {
                getAuthenticationService().validate(alfrescoClientInfo.getAuthenticationTicket());
                if (logger.isDebugEnabled()) {
                    logger.debug("Re-using existing authentication token");
                }
                return clientInfo.getLogonType() != 1 ? 0 : 268435456;
            }
        } catch (AuthenticationException e) {
            alfrescoClientInfo.setAuthenticationTicket(null);
        }
        int i2 = -1;
        try {
        } catch (Exception e2) {
            if (logger.isDebugEnabled()) {
                logger.debug(e2);
            }
        }
        if (clientInfo.isGuest() || clientInfo.getUserName().equalsIgnoreCase(getGuestUserName())) {
            if (!allowGuest()) {
                return -1;
            }
            doGuestLogon(clientInfo, srvSession);
            if (logger.isDebugEnabled()) {
                logger.debug("Authenticated user " + clientInfo.getUserName() + " sts=" + getStatusAsString(268435456));
            }
            return 268435456;
        }
        i2 = getNTLMAuthenticator().getNTLMMode() == NTLMMode.MD4_PROVIDER ? ((Integer) doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Integer>() { // from class: org.alfresco.filesys.auth.cifs.AlfrescoCifsAuthenticator.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
            public Integer execute() throws Throwable {
                return Integer.valueOf(AlfrescoCifsAuthenticator.this.doMD4UserAuthentication(clientInfo, srvSession, i));
            }
        })).intValue() : ((Integer) doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Integer>() { // from class: org.alfresco.filesys.auth.cifs.AlfrescoCifsAuthenticator.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
            public Integer execute() throws Throwable {
                return Integer.valueOf(AlfrescoCifsAuthenticator.this.doPassthruUserAuthentication(clientInfo, srvSession, i));
            }
        })).intValue();
        if (i2 == 268435456) {
            if (mapUnknownUserToGuest()) {
                doGuestLogon(clientInfo, srvSession);
            } else {
                i2 = -1;
            }
        }
        if (i2 == 0 && clientInfo.getLogonType() == 0) {
            checkForAdminUserName(clientInfo);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Authenticated user " + clientInfo.getUserName() + " sts=" + getStatusAsString(i2) + " via " + (getNTLMAuthenticator().getNTLMMode() == NTLMMode.MD4_PROVIDER ? "MD4" : "Passthru"));
        }
        return i2;
    }

    public int authenticateShareConnect(ClientInfo clientInfo, SharedDevice sharedDevice, String str, SrvSession srvSession) {
        return 2;
    }

    public AuthContext getAuthContext(SMBSrvSession sMBSrvSession) {
        AuthContext authTokenAuthContext;
        if (sMBSrvSession.hasAuthenticationContext() && sMBSrvSession.getClientInformation().getLogonType() != 2) {
            authTokenAuthContext = sMBSrvSession.getAuthenticationContext();
            if (logger.isDebugEnabled()) {
                logger.debug("Re-using existing challenge, already authenticated");
            }
        } else if (getNTLMAuthenticator().getNTLMMode() == NTLMMode.MD4_PROVIDER) {
            authTokenAuthContext = new NTLanManAuthContext();
            sMBSrvSession.setAuthenticationContext(authTokenAuthContext);
        } else {
            NTLMPassthruToken nTLMPassthruToken = new NTLMPassthruToken(mapClientAddressToDomain(sMBSrvSession.getRemoteAddress()));
            getNTLMAuthenticator().authenticate(nTLMPassthruToken);
            authTokenAuthContext = new AuthTokenAuthContext(nTLMPassthruToken);
            sMBSrvSession.setAuthenticationContext(authTokenAuthContext);
        }
        return authTokenAuthContext;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final int doMD4UserAuthentication(ClientInfo clientInfo, SrvSession srvSession, int i) {
        String mD4HashedPassword = getNTLMAuthenticator().getMD4HashedPassword(clientInfo.getUserName());
        if (mD4HashedPassword == null) {
            if (clientInfo.isNullSession() && (srvSession instanceof SMBSrvSession)) {
                return 0;
            }
            return allowGuest() ? 268435456 : -1;
        }
        if (clientInfo.getPassword() == null) {
            return -2;
        }
        try {
            byte[] bArr = new byte[21];
            System.arraycopy(this.m_md4Encoder.decodeHash(mD4HashedPassword), 0, bArr, 0, 16);
            if (!srvSession.hasAuthenticationContext() || !(srvSession.getAuthenticationContext() instanceof NTLanManAuthContext)) {
                return -1;
            }
            byte[] doNTLM1Encryption = getEncryptor().doNTLM1Encryption(bArr, srvSession.getAuthenticationContext().getChallenge());
            byte[] password = clientInfo.getPassword();
            if (password == null || password.length != 24) {
                password = clientInfo.getANSIPassword();
                if (logger.isDebugEnabled()) {
                    logger.debug("Using secondary password hash - " + HexDump.hexString(password));
                    logger.debug("                   Local hash - " + HexDump.hexString(doNTLM1Encryption));
                }
            }
            if (password == null || password.length != doNTLM1Encryption.length) {
                return -2;
            }
            for (int i2 = 0; i2 < password.length; i2++) {
                if (password[i2] != doNTLM1Encryption[i2]) {
                    return -2;
                }
            }
            if (logger.isInfoEnabled()) {
                logger.info("Logged on user " + clientInfo.getUserName() + " (" + srvSession.getRemoteAddress() + ")");
            }
            getAuthenticationComponent().setCurrentUser(clientInfo.getUserName());
            ((AlfrescoClientInfo) clientInfo).setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
            getHomeFolderForUser(clientInfo);
            clientInfo.setLogonType(0);
            return 0;
        } catch (NoSuchAlgorithmException | AuthenticationException e) {
            return -1;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final int doPassthruUserAuthentication(ClientInfo clientInfo, SrvSession srvSession, int i) {
        NTLMPassthruToken token;
        byte[] aNSIPassword;
        int i2 = -1;
        AuthTokenAuthContext authenticationContext = srvSession.getAuthenticationContext();
        if (authenticationContext == null || !(authenticationContext instanceof AuthTokenAuthContext) || (token = authenticationContext.getToken()) == null) {
            return -1;
        }
        if (i == 1) {
            aNSIPassword = clientInfo.getPassword();
        } else {
            if (i != 0) {
                return -1;
            }
            aNSIPassword = clientInfo.getANSIPassword();
        }
        token.setUserAndPassword(clientInfo.getUserName(), aNSIPassword, i);
        try {
            getNTLMAuthenticator().authenticate(token);
            String currentTicket = getAuthenticationService().getCurrentTicket();
            if (!token.isGuestLogon()) {
                i2 = 0;
                clientInfo.setLogonType(0);
            } else if (allowGuest()) {
                i2 = 268435456;
                clientInfo.setLogonType(1);
            }
            ((AlfrescoClientInfo) clientInfo).setAuthenticationTicket(currentTicket);
            getHomeFolderForUser(clientInfo);
            if (logger.isDebugEnabled()) {
                logger.debug("Auth ticket " + currentTicket);
            }
        } catch (Exception e) {
            logger.error("Error during passthru authentication", e);
        } catch (AuthenticationException e2) {
        }
        srvSession.setAuthenticationContext((AuthContext) null);
        return i2;
    }
}
