package org.alfresco.repo.security.authentication.ntlm;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.StringTokenizer;
import net.sf.acegisecurity.AuthenticationServiceException;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.filesys.auth.PassthruServerFactory;
import org.alfresco.jlan.server.auth.PasswordEncryptor;
import org.alfresco.jlan.server.auth.passthru.AuthSessionFactory;
import org.alfresco.jlan.server.auth.passthru.AuthenticateSession;
import org.alfresco.jlan.server.auth.passthru.PassthruServers;
import org.alfresco.jlan.smb.Protocol;
import org.alfresco.jlan.smb.SMBException;
import org.alfresco.jlan.smb.SMBStatus;
import org.alfresco.repo.security.authentication.AbstractAuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.NTLMMode;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:WEB-INF/lib/alfresco-repository-3.4.a.jar:org/alfresco/repo/security/authentication/ntlm/NTLMAuthenticationComponentImpl.class */
public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationComponent implements NLTMAuthenticator, InitializingBean {
    private static final Log logger = LogFactory.getLog("org.alfresco.passthru.auth");
    public static final String NTLMAuthorityGuest = "Guest";
    public static final String NTLMAuthorityAdministrator = "Administrator";
    private static final long DefaultSessionTimeout = 60000;
    private static final long MinimumSessionTimeout = 5000;
    private PassthruServers m_passthruServers;
    private boolean m_allowGuest;
    private boolean m_allowAuthUserAsGuest;
    private boolean m_nullDomainUseAnyServer;
    private PassthruServerFactory m_passthruServerFactory = new PassthruServerFactory();
    private long m_passthruSessTmo = 60000;
    private PasswordEncryptor m_encryptor = new PasswordEncryptor();
    private Hashtable<NTLMPassthruToken, AuthenticateSession> m_passthruSessions = new Hashtable<>();
    private PassthruReaperThread m_reaperThread = new PassthruReaperThread();

    /* loaded from: input_file:WEB-INF/lib/alfresco-repository-3.4.a.jar:org/alfresco/repo/security/authentication/ntlm/NTLMAuthenticationComponentImpl$PassthruReaperThread.class */
    class PassthruReaperThread extends Thread {
        private boolean m_ishutdown;
        private long m_wakeupInterval;

        PassthruReaperThread() {
            this.m_wakeupInterval = NTLMAuthenticationComponentImpl.this.m_passthruSessTmo / 2;
            setDaemon(true);
            setName("PassthruReaper");
            start();
        }

        public final void setWakeup(long j) {
            this.m_wakeupInterval = j;
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            this.m_ishutdown = false;
            while (!this.m_ishutdown) {
                try {
                    sleep(this.m_wakeupInterval);
                } catch (InterruptedException e) {
                }
                if (NTLMAuthenticationComponentImpl.this.m_passthruSessions.size() > 0) {
                    Enumeration keys = NTLMAuthenticationComponentImpl.this.m_passthruSessions.keys();
                    long currentTimeMillis = System.currentTimeMillis();
                    while (keys.hasMoreElements()) {
                        NTLMPassthruToken nTLMPassthruToken = (NTLMPassthruToken) keys.nextElement();
                        if (nTLMPassthruToken != null && nTLMPassthruToken.getAuthenticationExpireTime() < currentTimeMillis) {
                            AuthenticateSession authenticateSession = (AuthenticateSession) NTLMAuthenticationComponentImpl.this.m_passthruSessions.get(nTLMPassthruToken);
                            if (authenticateSession != null) {
                                try {
                                    authenticateSession.CloseSession();
                                } catch (Exception e2) {
                                    if (NTLMAuthenticationComponentImpl.logger.isDebugEnabled()) {
                                        NTLMAuthenticationComponentImpl.logger.debug("Error closing expired authentication session", e2);
                                    }
                                }
                            }
                            NTLMAuthenticationComponentImpl.this.m_passthruSessions.remove(nTLMPassthruToken);
                            if (NTLMAuthenticationComponentImpl.logger.isDebugEnabled()) {
                                NTLMAuthenticationComponentImpl.logger.debug("Removed expired NTLM token " + nTLMPassthruToken);
                            }
                        }
                    }
                }
            }
            if (NTLMAuthenticationComponentImpl.logger.isDebugEnabled()) {
                NTLMAuthenticationComponentImpl.logger.debug("Passthru reaper thread shutdown");
            }
        }

        public final void shutdownRequest() {
            this.m_ishutdown = true;
            interrupt();
        }
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        if (this.m_passthruServers == null) {
            this.m_passthruServerFactory.afterPropertiesSet();
            this.m_passthruServers = (PassthruServers) this.m_passthruServerFactory.getObject();
        }
    }

    public final boolean allowsGuest() {
        return this.m_allowGuest;
    }

    public void setPassthruServers(PassthruServers passthruServers) {
        this.m_passthruServers = passthruServers;
    }

    public void setDomain(String str) {
        if (str.length() > 0) {
            this.m_passthruServerFactory.setDomain(str);
        }
    }

    public void setServers(String str) {
        if (str.length() > 0) {
            this.m_passthruServerFactory.setServer(str);
        }
    }

    public void setUseLocalServer(String str) {
        this.m_passthruServerFactory.setLocalServer(Boolean.parseBoolean(str));
    }

    public void setGuestAccess(String str) {
        this.m_allowGuest = Boolean.parseBoolean(str);
    }

    public void setAllowAuthUserAsGuest(String str) {
        this.m_allowAuthUserAsGuest = Boolean.parseBoolean(str);
    }

    public void setNullDomainUseAnyServer(String str) {
        this.m_nullDomainUseAnyServer = Boolean.parseBoolean(str);
        this.m_passthruServers.setNullDomainUseAnyServer(this.m_nullDomainUseAnyServer);
    }

    public void setJCEProvider(String str) {
        try {
            Object newInstance = Class.forName(str).newInstance();
            if (!(newInstance instanceof Provider)) {
                throw new AlfrescoRuntimeException("JCE provider class is not a valid Provider class");
            }
            Security.addProvider((Provider) newInstance);
            if (logger.isDebugEnabled()) {
                logger.debug("Using JCE provider " + str);
            }
        } catch (ClassNotFoundException e) {
            throw new AlfrescoRuntimeException("JCE provider class " + str + " not found");
        } catch (Exception e2) {
            throw new AlfrescoRuntimeException("JCE provider class error", e2);
        }
    }

    public void setSessionTimeout(String str) {
        try {
            long parseLong = Long.parseLong(str) * 1000;
            if (parseLong < 5000) {
                throw new AlfrescoRuntimeException("Authentication session timeout too low, " + str);
            }
            this.m_passthruSessTmo = parseLong;
            this.m_reaperThread.setWakeup(parseLong / 2);
        } catch (NumberFormatException e) {
            throw new AlfrescoRuntimeException("Invalid authenication session timeout value");
        }
    }

    public void setProtocolOrder(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        int i = -1;
        int i2 = -1;
        if (stringTokenizer.countTokens() > 2) {
            throw new AlfrescoRuntimeException("Invalid protocol order list, " + str);
        }
        if (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.equalsIgnoreCase("TCPIP")) {
                i = 2;
            } else {
                if (!nextToken.equalsIgnoreCase("NetBIOS")) {
                    throw new AlfrescoRuntimeException("Invalid protocol type, " + nextToken);
                }
                i = 1;
            }
            if (stringTokenizer.hasMoreTokens()) {
                String nextToken2 = stringTokenizer.nextToken();
                if (nextToken2.equalsIgnoreCase("TCPIP") && i != 2) {
                    i2 = 2;
                } else {
                    if (!nextToken2.equalsIgnoreCase("NetBIOS") || i == 1) {
                        throw new AlfrescoRuntimeException("Invalid secondary protocol, " + nextToken2);
                    }
                    i2 = 1;
                }
            }
        }
        AuthSessionFactory.setProtocolOrder(i, i2);
        if (logger.isDebugEnabled()) {
            logger.debug("Protocol order primary=" + Protocol.asString(i) + ", secondary=" + Protocol.asString(i2));
        }
    }

    private final long getSessionTimeout() {
        return this.m_passthruSessTmo;
    }

    @Override // org.alfresco.repo.security.authentication.AbstractAuthenticationComponent
    protected void authenticateImpl(String str, char[] cArr) throws AuthenticationException {
        if (logger.isDebugEnabled()) {
            logger.debug("Authenticate user=" + str + " via local credentials");
        }
        authenticate(new NTLMLocalToken(str, new String(cArr)));
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:24:0x00aa
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    @Override // org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator
    public net.sf.acegisecurity.Authentication authenticate(net.sf.acegisecurity.Authentication r5) throws org.alfresco.repo.security.authentication.AuthenticationException {
        /*
            r4 = this;
            org.apache.commons.logging.Log r0 = org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.logger
            boolean r0 = r0.isDebugEnabled()
            if (r0 == 0) goto L2b
            org.apache.commons.logging.Log r0 = org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.logger
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "Authenticate "
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r5
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r2 = " via token"
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.debug(r1)
        L2b:
            r0 = r5
            boolean r0 = r0 instanceof org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken
            if (r0 == 0) goto L3f
            r0 = r5
            org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken r0 = (org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken) r0
            r6 = r0
            r0 = r4
            r1 = r6
            r0.authenticatePassthru(r1)
            goto Lbb
        L3f:
            r0 = r5
            boolean r0 = r0 instanceof org.alfresco.repo.security.authentication.ntlm.NTLMLocalToken
            if (r0 == 0) goto Lb1
            r0 = 0
            r6 = r0
            r0 = r5
            org.alfresco.repo.security.authentication.ntlm.NTLMLocalToken r0 = (org.alfresco.repo.security.authentication.ntlm.NTLMLocalToken) r0     // Catch: java.lang.Throwable -> L95
            r7 = r0
            r0 = r4
            org.alfresco.jlan.server.auth.passthru.PassthruServers r0 = r0.m_passthruServers     // Catch: java.lang.Throwable -> L95
            org.alfresco.jlan.server.auth.passthru.AuthenticateSession r0 = r0.openSession()     // Catch: java.lang.Throwable -> L95
            r6 = r0
            r0 = r6
            if (r0 != 0) goto L89
            org.apache.commons.logging.Log r0 = org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.logger     // Catch: java.lang.Throwable -> L95
            boolean r0 = r0.isDebugEnabled()     // Catch: java.lang.Throwable -> L95
            if (r0 == 0) goto L7f
            org.apache.commons.logging.Log r0 = org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.logger     // Catch: java.lang.Throwable -> L95
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L95
            r2 = r1
            r2.<init>()     // Catch: java.lang.Throwable -> L95
            java.lang.String r2 = "Failed to open passthru session, or no valid passthru server available for "
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: java.lang.Throwable -> L95
            r2 = r7
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: java.lang.Throwable -> L95
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Throwable -> L95
            r0.debug(r1)     // Catch: java.lang.Throwable -> L95
        L7f:
            org.alfresco.repo.security.authentication.AuthenticationException r0 = new org.alfresco.repo.security.authentication.AuthenticationException     // Catch: java.lang.Throwable -> L95
            r1 = r0
            java.lang.String r2 = "Failed to open session to passthru server"
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L95
            throw r0     // Catch: java.lang.Throwable -> L95
        L89:
            r0 = r4
            r1 = r7
            r2 = r6
            r0.authenticateLocal(r1, r2)     // Catch: java.lang.Throwable -> L95
            r0 = jsr -> L9d
        L92:
            goto Lae
        L95:
            r8 = move-exception
            r0 = jsr -> L9d
        L9a:
            r1 = r8
            throw r1
        L9d:
            r9 = r0
            r0 = r6
            if (r0 == 0) goto Lac
            r0 = r6
            r0.CloseSession()     // Catch: java.lang.Exception -> Laa
            goto Lac
        Laa:
            r10 = move-exception
        Lac:
            ret r9
        Lae:
            goto Lbb
        Lb1:
            org.alfresco.repo.security.authentication.AuthenticationException r0 = new org.alfresco.repo.security.authentication.AuthenticationException
            r1 = r0
            java.lang.String r2 = "Unsupported authentication token type"
            r1.<init>(r2)
            throw r0
        Lbb:
            r0 = r4
            net.sf.acegisecurity.Authentication r0 = r0.getCurrentAuthentication()
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(net.sf.acegisecurity.Authentication):net.sf.acegisecurity.Authentication");
    }

    @Override // org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator
    public NTLMMode getNTLMMode() {
        return NTLMMode.PASS_THROUGH;
    }

    @Override // org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator
    public String getMD4HashedPassword(String str) {
        throw new AlfrescoRuntimeException("MD4 passwords not supported");
    }

    private void authenticateLocal(NTLMLocalToken nTLMLocalToken, AuthenticateSession authenticateSession) {
        AuthenticationException authenticationException;
        try {
            String str = (String) nTLMLocalToken.getPrincipal();
            authenticateSession.doSessionSetup(str, null, this.m_encryptor.generateEncryptedPassword((String) nTLMLocalToken.getCredentials(), authenticateSession.getEncryptionKey(), 1, null, null));
            if (!authenticateSession.isGuest() && !str.equalsIgnoreCase("GUEST")) {
                nTLMLocalToken.setAuthorities(new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_AUTHENTICATED")});
            } else {
                if (!allowsGuest()) {
                    throw new AuthenticationException("Guest logons disabled");
                }
                nTLMLocalToken.setAuthorities(new GrantedAuthority[]{new GrantedAuthorityImpl("Guest"), new GrantedAuthorityImpl("ROLE_AUTHENTICATED")});
            }
            nTLMLocalToken.setAuthenticated(true);
            clearCurrentSecurityContext();
            setCurrentUser(str);
            if (logger.isDebugEnabled()) {
                logger.debug("Authenticated token=" + nTLMLocalToken);
            }
        } catch (IOException e) {
            throw new AuthenticationServiceException("I/O error", e);
        } catch (InvalidKeyException e2) {
            throw new AuthenticationServiceException("Invalid key error", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new AuthenticationServiceException("JCE provider error", e3);
        } catch (SMBException e4) {
            if (e4.getErrorClass() != 6) {
                throw new AuthenticationException("Logon failure");
            }
            switch (e4.getErrorCode()) {
                case SMBStatus.NTLogonFailure /* -1073741715 */:
                    authenticationException = new AuthenticationException("Logon failure");
                    break;
                case SMBStatus.NTAccountDisabled /* -1073741710 */:
                    authenticationException = new AuthenticationException("Account disabled");
                    break;
                default:
                    authenticationException = new AuthenticationException("Logon failure");
                    break;
            }
            throw authenticationException;
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:31:0x029b
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private void authenticatePassthru(org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken r7) {
        /*
            Method dump skipped, instructions count: 672
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken):void");
    }

    public boolean exists(String str) {
        throw new UnsupportedOperationException();
    }

    @Override // org.alfresco.repo.security.authentication.AbstractAuthenticationComponent
    protected boolean implementationAllowsGuestLogin() {
        return allowsGuest();
    }
}
