package org.alfresco.repo.webdav.auth;

import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.transaction.UserTransaction;
import org.alfresco.filesys.ServerConfigurationBean;
import org.alfresco.jlan.server.auth.ntlm.NTLM;
import org.alfresco.jlan.server.auth.passthru.DomainMapping;
import org.alfresco.jlan.server.config.SecurityConfigSection;
import org.alfresco.jlan.util.IPAddress;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.SessionUser;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.web.app.servlet.BaseServlet;
import org.apache.commons.logging.Log;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:WEB-INF/lib/alfresco-remote-api.jar:org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.class */
public abstract class BaseSSOAuthenticationFilter implements Filter {
    protected static final String AUTHENTICATION_USER = "_alfAuthTicket";
    protected static final String LOGIN_EXTERNAL_AUTH = "_alfExternalAuth";
    protected static final String NO_AUTH_REQUIRED = "alfNoAuthRequired";
    protected static final String WEBDAV_AUTH_USER = "_alfDAVAuthTicket";
    private static final String ARG_TICKET = "ticket";
    protected ServletContext m_context;
    private ServerConfigurationBean m_srvConfig;
    private SecurityConfigSection m_secConfig;
    protected AuthenticationService m_authService;
    protected AuthenticationComponent m_authComponent;
    protected PersonService m_personService;
    protected NodeService m_nodeService;
    protected TransactionService m_transactionService;
    protected String m_srvName;
    private String m_loginPage;
    private boolean m_ticketLogons;
    private String m_userAttributeName = "_alfAuthTicket";

    public void init(FilterConfig filterConfig) throws ServletException {
        this.m_context = filterConfig.getServletContext();
        WebApplicationContext requiredWebApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(this.m_context);
        ServiceRegistry serviceRegistry = (ServiceRegistry) requiredWebApplicationContext.getBean(ServiceRegistry.SERVICE_REGISTRY);
        this.m_nodeService = serviceRegistry.getNodeService();
        this.m_transactionService = serviceRegistry.getTransactionService();
        this.m_authService = serviceRegistry.getAuthenticationService();
        this.m_authComponent = (AuthenticationComponent) requiredWebApplicationContext.getBean("AuthenticationComponent");
        this.m_personService = (PersonService) requiredWebApplicationContext.getBean("personService");
        this.m_srvConfig = (ServerConfigurationBean) requiredWebApplicationContext.getBean(ServerConfigurationBean.SERVER_CONFIGURATION);
        if (this.m_srvConfig != null) {
            this.m_srvName = this.m_srvConfig.getServerName();
            if (this.m_srvName != null) {
                try {
                    if (InetAddress.getByName(this.m_srvName) == null) {
                        this.m_srvName = this.m_srvConfig.getLocalServerName(true);
                    }
                } catch (UnknownHostException e) {
                    if (getLogger().isErrorEnabled()) {
                        getLogger().error("NTLM filter, error resolving CIFS host name", e);
                    }
                }
            }
            if (this.m_srvName == null) {
                this.m_srvName = this.m_srvConfig.getLocalServerName(true);
            }
            this.m_secConfig = (SecurityConfigSection) this.m_srvConfig.getConfigSection("Security");
        } else {
            try {
                this.m_srvName = InetAddress.getLocalHost().getHostName();
                int indexOf = this.m_srvName.indexOf(".");
                if (indexOf != -1) {
                    this.m_srvName = this.m_srvName.substring(0, indexOf - 1);
                }
            } catch (UnknownHostException e2) {
                if (getLogger().isErrorEnabled()) {
                    getLogger().error("NTLM filter, error getting local host name", e2);
                }
            }
        }
        if (this.m_srvName == null || this.m_srvName.length() == 0) {
            throw new ServletException("Failed to get local server name");
        }
    }

    public void destroy() {
    }

    protected abstract SessionUser createUserObject(String str, String str2, NodeRef nodeRef, String str3);

    /* JADX INFO: Access modifiers changed from: protected */
    public SessionUser getSessionUser(HttpSession httpSession) {
        return (SessionUser) httpSession.getAttribute(getUserAttributeName());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeSessionUser(HttpSession httpSession) {
        httpSession.removeAttribute(getUserAttributeName());
    }

    protected final String getUserAttributeName() {
        return this.m_userAttributeName;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setUserAttributeName(String str) {
        this.m_userAttributeName = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SessionUser createUserEnvironment(HttpSession httpSession, String str) throws IOException, ServletException {
        UserTransaction userTransaction = this.m_transactionService.getUserTransaction();
        try {
            userTransaction.begin();
            final NodeRef person = this.m_personService.getPerson(str);
            String str2 = (String) AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<String>() { // from class: org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork
                public String doWork() throws Exception {
                    return (String) BaseSSOAuthenticationFilter.this.m_nodeService.getProperty(person, ContentModel.PROP_USERNAME);
                }
            }, AuthenticationUtil.SYSTEM_USER_NAME);
            this.m_authComponent.setCurrentUser(str2);
            SessionUser createUserObject = createUserObject(str2, this.m_authService.getCurrentTicket(), person, ((NodeRef) this.m_nodeService.getProperty(person, ContentModel.PROP_HOMEFOLDER)).getId());
            userTransaction.commit();
            httpSession.setAttribute(getUserAttributeName(), createUserObject);
            httpSession.setAttribute("_alfExternalAuth", Boolean.TRUE);
            return createUserObject;
        } catch (Throwable th) {
            try {
                userTransaction.rollback();
            } catch (Exception e) {
                getLogger().error("Failed to rollback transaction", e);
            }
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            if (th instanceof IOException) {
                throw ((IOException) th);
            }
            if (th instanceof ServletException) {
                throw th;
            }
            throw new RuntimeException("Authentication setup failed", th);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void onValidate(HttpServletRequest httpServletRequest, HttpSession httpSession) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void onValidateFailed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) throws IOException {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean onLoginComplete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String mapClientAddressToDomain(String str) {
        if (this.m_secConfig != null && !this.m_secConfig.hasDomainMappings()) {
            return null;
        }
        if (this.m_secConfig != null) {
            int parseNumericAddress = IPAddress.parseNumericAddress(str);
            for (DomainMapping domainMapping : this.m_secConfig.getDomainMappings()) {
                if (domainMapping.isMemberOfDomain(parseNumericAddress)) {
                    if (getLogger().isDebugEnabled()) {
                        getLogger().debug("Mapped client IP " + str + " to domain " + domainMapping.getDomain());
                    }
                    return domainMapping.getDomain();
                }
            }
        }
        if (!getLogger().isDebugEnabled()) {
            return null;
        }
        getLogger().debug("Failed to map client IP " + str + " to a domain");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkForTicketParameter(HttpServletRequest httpServletRequest, HttpSession httpSession) {
        boolean z = false;
        String parameter = httpServletRequest.getParameter(ARG_TICKET);
        if (parameter != null && parameter.length() != 0) {
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("Logon via ticket from " + httpServletRequest.getRemoteHost() + " (" + httpServletRequest.getRemoteAddr() + ":" + httpServletRequest.getRemotePort() + ") ticket=" + parameter);
            }
            UserTransaction userTransaction = null;
            try {
                try {
                    try {
                        this.m_authService.validate(parameter);
                        if (getSessionUser(httpSession) == null) {
                            UserTransaction userTransaction2 = this.m_transactionService.getUserTransaction();
                            userTransaction2.begin();
                            String currentUserName = this.m_authService.getCurrentUserName();
                            SessionUser createUserObject = createUserObject(currentUserName, this.m_authService.getCurrentTicket(), this.m_personService.getPerson(currentUserName), null);
                            userTransaction2.commit();
                            userTransaction = null;
                            httpServletRequest.getSession().setAttribute(getUserAttributeName(), createUserObject);
                        }
                        z = true;
                        if (userTransaction != null) {
                            try {
                                userTransaction.rollback();
                            } catch (Exception e) {
                            }
                        }
                    } catch (Throwable th) {
                        if (userTransaction != null) {
                            try {
                                userTransaction.rollback();
                            } catch (Exception e2) {
                                throw th;
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th2) {
                    if (getLogger().isDebugEnabled()) {
                        getLogger().debug("Error during ticket validation and user creation: " + th2.getMessage(), th2);
                    }
                    if (userTransaction != null) {
                        try {
                            userTransaction.rollback();
                        } catch (Exception e3) {
                        }
                    }
                }
            } catch (AuthenticationException e4) {
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug("Failed to authenticate user ticket: " + e4.getMessage(), e4);
                }
                if (userTransaction != null) {
                    try {
                        userTransaction.rollback();
                    } catch (Exception e5) {
                    }
                }
            }
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void redirectToLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (hasLoginPage()) {
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + BaseServlet.FACES_SERVLET + getLoginPage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract Log getLogger();

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean hasLoginPage() {
        return this.m_loginPage != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String getLoginPage() {
        return this.m_loginPage;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setLoginPage(String str) {
        this.m_loginPage = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean allowsTicketLogons() {
        return this.m_ticketLogons;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setTicketLogons(boolean z) {
        this.m_ticketLogons = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean isNTLMSSPBlob(byte[] bArr, int i) {
        boolean z = false;
        if (bArr.length - i >= NTLM.Signature.length) {
            int i2 = 0;
            while (i2 < NTLM.Signature.length && bArr[i + i2] == NTLM.Signature[i2]) {
                i2++;
            }
            if (i2 == NTLM.Signature.length) {
                z = true;
            }
        }
        return z;
    }
}
