package org.alfresco.repo.webdav.auth;

import java.io.IOException;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Random;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.transaction.UserTransaction;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.BadCredentialsException;
import org.alfresco.jlan.server.auth.PasswordEncryptor;
import org.alfresco.jlan.server.auth.ntlm.NTLMLogonDetails;
import org.alfresco.jlan.server.auth.ntlm.NTLMMessage;
import org.alfresco.jlan.server.auth.ntlm.NTLMv2Blob;
import org.alfresco.jlan.server.auth.ntlm.TargetInfo;
import org.alfresco.jlan.server.auth.ntlm.Type1NTLMMessage;
import org.alfresco.jlan.server.auth.ntlm.Type2NTLMMessage;
import org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage;
import org.alfresco.jlan.util.DataPacker;
import org.alfresco.repo.SessionUser;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.MD4PasswordEncoder;
import org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl;
import org.alfresco.repo.security.authentication.NTLMMode;
import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
import org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.web.auth.GuestCredentials;
import org.alfresco.repo.web.auth.NTLMCredentials;
import org.alfresco.repo.web.auth.TicketCredentials;
import org.alfresco.repo.web.auth.UnknownCredentials;
import org.alfresco.repo.web.auth.WebCredentials;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;

/* loaded from: input_file:org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.class */
public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthenticationFilter {
    public static final String NTLM_AUTH_SESSION = "_alfNTLMAuthSess";
    public static final String NTLM_AUTH_DETAILS = "_alfNTLMDetails";
    protected static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    protected static final String AUTHORIZATION = "Authorization";
    protected static final String AUTH_NTLM = "NTLM";
    private static final int NTLM_FLAGS_NTLM2 = -1610087807;
    private static final int NTLM_FLAGS_NTLM1 = -2147483005;
    private int m_ntlmFlags;
    private PasswordEncryptor m_encryptor = new PasswordEncryptor();
    private Random m_random = new Random(System.currentTimeMillis());
    private MD4PasswordEncoder m_md4Encoder = new MD4PasswordEncoderImpl();
    private boolean m_allowGuest = false;
    private boolean m_mapUnknownUserToGuest = false;
    private boolean m_disableNTLMv2 = false;
    private NLTMAuthenticator nltmAuthenticator;

    public void setMapUnknownUserToGuest(boolean z) {
        this.m_mapUnknownUserToGuest = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter
    public void init() throws ServletException {
        super.init();
        if (!(this.authenticationComponent instanceof NLTMAuthenticator)) {
            throw new ServletException("Authentication component does not support NTLM");
        }
        this.nltmAuthenticator = this.authenticationComponent;
        if (this.nltmAuthenticator.getNTLMMode() != NTLMMode.MD4_PROVIDER && this.nltmAuthenticator.getNTLMMode() != NTLMMode.PASS_THROUGH) {
            throw new ServletException("Required authentication mode not available");
        }
        this.m_allowGuest = this.authenticationComponent.guestUserAuthenticationAllowed();
        if (getLogger().isDebugEnabled() && this.m_allowGuest) {
            getLogger().debug("NTLM filter guest access allowed");
        }
        if (getLogger().isDebugEnabled() && this.m_mapUnknownUserToGuest) {
            getLogger().debug("NTLM filter map unknown users to guest");
        }
        if (this.nltmAuthenticator.getNTLMMode() != NTLMMode.MD4_PROVIDER || this.m_disableNTLMv2) {
            this.m_ntlmFlags = NTLM_FLAGS_NTLM1;
        } else {
            this.m_ntlmFlags = NTLM_FLAGS_NTLM2;
        }
    }

    @Override // org.alfresco.repo.webdav.auth.AuthenticationDriver
    public boolean authenticateRequest(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String header = httpServletRequest.getHeader(AUTHORIZATION);
        boolean z = false;
        if (header != null) {
            if (header.startsWith(AUTH_NTLM)) {
                z = true;
            } else if (header.startsWith("Negotiate")) {
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug("Received 'Negotiate' from client, may be SPNEGO/Kerberos logon");
                }
                restartLoginChallenge(servletContext, httpServletRequest, httpServletResponse);
                return false;
            }
        }
        SessionUser sessionUser = getSessionUser(servletContext, httpServletRequest, httpServletResponse, true);
        if (sessionUser != null && !z) {
            onValidate(servletContext, httpServletRequest, httpServletResponse, new TicketCredentials(sessionUser.getTicket()));
            if (!getLogger().isDebugEnabled()) {
                return true;
            }
            getLogger().debug("Authentication not required (user), chaining ...");
            return true;
        }
        if (hasLoginPage() && httpServletRequest.getRequestURI().endsWith(getLoginPage())) {
            if (!getLogger().isDebugEnabled()) {
                return true;
            }
            getLogger().debug("Login page requested, chaining ...");
            return true;
        }
        String header2 = httpServletRequest.getHeader("user-agent");
        if (header2 != null && header2.indexOf("Opera ") != -1) {
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("Opera detected, redirecting to login page");
            }
            if (hasLoginPage()) {
                redirectToLoginPage(httpServletRequest, httpServletResponse);
                return false;
            }
            restartLoginChallenge(servletContext, httpServletRequest, httpServletResponse);
            return false;
        }
        if (header == null) {
            if (allowsTicketLogons() && checkForTicketParameter(servletContext, httpServletRequest, httpServletResponse)) {
                return true;
            }
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("New NTLM auth request from " + httpServletRequest.getRemoteHost() + " (" + httpServletRequest.getRemoteAddr() + ":" + httpServletRequest.getRemotePort() + ") SID:" + httpServletRequest.getSession().getId());
            }
            httpServletResponse.setHeader(WWW_AUTHENTICATE, AUTH_NTLM);
            httpServletResponse.setStatus(401);
            writeLoginPageLink(servletContext, httpServletRequest, httpServletResponse);
            httpServletResponse.flushBuffer();
            return false;
        }
        byte[] decodeBase64 = Base64.decodeBase64(header.substring(5).getBytes());
        int isNTLMType = NTLMMessage.isNTLMType(decodeBase64);
        if (isNTLMType == 1) {
            processType1(new Type1NTLMMessage(decodeBase64), httpServletRequest, httpServletResponse);
            return false;
        }
        if (isNTLMType == 3) {
            return processType3(new Type3NTLMMessage(decodeBase64), servletContext, httpServletRequest, httpServletResponse);
        }
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("NTLM blob not handled, redirecting to login page.");
        }
        if (hasLoginPage()) {
            redirectToLoginPage(httpServletRequest, httpServletResponse);
            return false;
        }
        restartLoginChallenge(servletContext, httpServletRequest, httpServletResponse);
        return false;
    }

    protected void processType1(Type1NTLMMessage type1NTLMMessage, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("Received type1 " + type1NTLMMessage);
        }
        HttpSession session = httpServletRequest.getSession();
        NTLMLogonDetails nTLMLogonDetails = (NTLMLogonDetails) session.getAttribute(NTLM_AUTH_DETAILS);
        if (nTLMLogonDetails != null && nTLMLogonDetails.hasType2Message() && nTLMLogonDetails.hasNTLMHashedPassword() && nTLMLogonDetails.hasAuthenticationToken()) {
            Type2NTLMMessage type2Message = nTLMLogonDetails.getType2Message();
            String str = "NTLM " + new String(Base64.encodeBase64(type2Message.getBytes()));
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("Sending cached NTLM type2 to client - " + type2Message);
            }
            httpServletResponse.setHeader(WWW_AUTHENTICATE, str);
            httpServletResponse.setStatus(401);
            httpServletResponse.flushBuffer();
            return;
        }
        session.removeAttribute(NTLM_AUTH_DETAILS);
        byte[] bArr = null;
        Authentication authentication = null;
        if (this.nltmAuthenticator.getNTLMMode() == NTLMMode.MD4_PROVIDER) {
            bArr = new byte[8];
            DataPacker.putIntelLong(this.m_random.nextLong(), bArr, 0);
        } else {
            String domain = type1NTLMMessage.getDomain();
            if (domain == null || domain.length() == 0) {
                domain = mapClientAddressToDomain(httpServletRequest.getRemoteAddr());
            }
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("Client domain " + domain);
            }
            authentication = new NTLMPassthruToken(domain);
            this.nltmAuthenticator.authenticate(authentication);
            if (authentication.getChallenge() != null) {
                bArr = authentication.getChallenge().getBytes();
            }
        }
        int flags = type1NTLMMessage.getFlags() & this.m_ntlmFlags;
        ArrayList arrayList = new ArrayList();
        String serverName = getServerName();
        arrayList.add(new TargetInfo(1, serverName));
        Type2NTLMMessage type2NTLMMessage = new Type2NTLMMessage();
        type2NTLMMessage.buildType2(flags, serverName, bArr, (int[]) null, arrayList);
        NTLMLogonDetails nTLMLogonDetails2 = new NTLMLogonDetails();
        nTLMLogonDetails2.setType2Message(type2NTLMMessage);
        nTLMLogonDetails2.setAuthenticationToken(authentication);
        session.setAttribute(NTLM_AUTH_DETAILS, nTLMLogonDetails2);
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("Sending NTLM type2 to client - " + type2NTLMMessage);
        }
        httpServletResponse.setHeader(WWW_AUTHENTICATE, "NTLM " + new String(Base64.encodeBase64(type2NTLMMessage.getBytes())));
        httpServletResponse.setStatus(401);
        httpServletResponse.flushBuffer();
    }

    protected boolean processType3(Type3NTLMMessage type3NTLMMessage, ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        WebCredentials nTLMCredentials;
        Log logger = getLogger();
        if (logger.isDebugEnabled()) {
            logger.debug("Received type3 " + type3NTLMMessage);
        }
        SessionUser sessionUser = getSessionUser(servletContext, httpServletRequest, httpServletResponse, true);
        HttpSession session = httpServletRequest.getSession();
        NTLMLogonDetails nTLMLogonDetails = (NTLMLogonDetails) session.getAttribute(NTLM_AUTH_DETAILS);
        final String userName = type3NTLMMessage.getUserName();
        String workstation = type3NTLMMessage.getWorkstation();
        String domain = type3NTLMMessage.getDomain();
        String str = (String) this.transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<String>() { // from class: org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.1
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public String m226execute() throws Throwable {
                return (String) AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<String>() { // from class: org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.1.1
                    /* renamed from: doWork, reason: merged with bridge method [inline-methods] */
                    public String m227doWork() throws Exception {
                        return BaseNTLMAuthenticationFilter.this.personService.getUserIdentifier(userName);
                    }
                }, "System");
            }
        }, true);
        if (str != null) {
            userName = str;
        }
        boolean z = false;
        if (sessionUser != null && nTLMLogonDetails != null && nTLMLogonDetails.hasNTLMHashedPassword()) {
            byte[] nTLMHash = type3NTLMMessage.getNTLMHash();
            byte[] nTLMHashedPassword = nTLMLogonDetails.getNTLMHashedPassword();
            if (nTLMHash != null) {
                z = Arrays.equals(nTLMHashedPassword, nTLMHash);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Using cached NTLM hash, authenticated = " + z);
            }
            onValidate(servletContext, httpServletRequest, httpServletResponse, new NTLMCredentials(userName, nTLMHash));
            return true;
        }
        if (this.nltmAuthenticator.getNTLMMode() != NTLMMode.MD4_PROVIDER) {
            nTLMCredentials = new NTLMCredentials(type3NTLMMessage.getUserName(), type3NTLMMessage.getNTLMHash());
            if (!(type3NTLMMessage.hasFlag(536870912) && type3NTLMMessage.hasFlag(524288)) && (type3NTLMMessage.getNTLMHash() == null || type3NTLMMessage.getNTLMHash().length <= 24)) {
                NTLMPassthruToken nTLMPassthruToken = (NTLMPassthruToken) nTLMLogonDetails.getAuthenticationToken();
                nTLMPassthruToken.setUserAndPassword(type3NTLMMessage.getUserName(), type3NTLMMessage.getNTLMHash(), 1);
                try {
                    try {
                        this.nltmAuthenticator.authenticate(nTLMPassthruToken);
                        z = true;
                        if (nTLMPassthruToken.isGuestLogon()) {
                            userName = this.authenticationComponent.getGuestUserName();
                        }
                        this.authenticationComponent.setCurrentUser(userName);
                        nTLMLogonDetails.setAuthenticationToken((Object) null);
                    } catch (BadCredentialsException e) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Authentication failed, " + e.getMessage());
                        }
                        nTLMLogonDetails.setAuthenticationToken((Object) null);
                    } catch (AuthenticationException e2) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Authentication failed, " + e2.getMessage());
                        }
                        nTLMLogonDetails.setAuthenticationToken((Object) null);
                    }
                } catch (Throwable th) {
                    nTLMLogonDetails.setAuthenticationToken((Object) null);
                    throw th;
                }
            } else if (logger.isErrorEnabled()) {
                logger.error("Client " + workstation + " using NTLMv2 logon, not valid with passthru authentication");
            }
        } else if (this.m_allowGuest && userName.equalsIgnoreCase(this.authenticationComponent.getGuestUserName())) {
            nTLMCredentials = new GuestCredentials();
            z = true;
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("Guest logon");
            }
        } else {
            String mD4Hash = getMD4Hash(userName);
            if (mD4Hash != null) {
                z = validateLocalHashedPassword(type3NTLMMessage, nTLMLogonDetails, false, mD4Hash);
                nTLMCredentials = new NTLMCredentials(nTLMLogonDetails.getUserName(), nTLMLogonDetails.getNTLMHashedPassword());
            } else if (this.m_mapUnknownUserToGuest) {
                userName = this.authenticationComponent.getGuestUserName();
                z = true;
                nTLMCredentials = new GuestCredentials();
                if (logger.isDebugEnabled()) {
                    logger.debug("User " + userName + " logged on as guest, no Alfresco account");
                }
            } else {
                if (logger.isDebugEnabled()) {
                    logger.debug("User " + userName + " does not have Alfresco account");
                }
                nTLMCredentials = new UnknownCredentials();
                z = false;
            }
        }
        if (!z) {
            restartLoginChallenge(servletContext, httpServletRequest, httpServletResponse);
            return false;
        }
        boolean z2 = false;
        if (sessionUser == null) {
            try {
                createUserEnvironment(session, userName);
                z2 = true;
            } catch (AuthenticationException e3) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Failed to validate user " + userName, e3);
                }
                onValidateFailed(servletContext, httpServletRequest, httpServletResponse, session, nTLMCredentials);
                return false;
            }
        }
        onValidate(servletContext, httpServletRequest, httpServletResponse, nTLMCredentials);
        String serverName = getServerName();
        if (nTLMLogonDetails == null) {
            nTLMLogonDetails = new NTLMLogonDetails(userName, workstation, domain, false, serverName);
            nTLMLogonDetails.setNTLMHashedPassword(type3NTLMMessage.getNTLMHash());
            session.setAttribute(NTLM_AUTH_DETAILS, nTLMLogonDetails);
            if (logger.isDebugEnabled()) {
                logger.debug("No cached NTLM details, created");
            }
        } else {
            nTLMLogonDetails.setDetails(userName, workstation, domain, false, serverName);
            nTLMLogonDetails.setNTLMHashedPassword(type3NTLMMessage.getNTLMHash());
            if (logger.isDebugEnabled()) {
                logger.debug("Updated cached NTLM details");
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("User logged on via NTLM, " + nTLMLogonDetails);
        }
        return onLoginComplete(servletContext, httpServletRequest, httpServletResponse, z2);
    }

    protected boolean validateLocalHashedPassword(Type3NTLMMessage type3NTLMMessage, NTLMLogonDetails nTLMLogonDetails, boolean z, String str) {
        boolean checkNTLMv1;
        if (nTLMLogonDetails == null || nTLMLogonDetails.getType2Message() == null) {
            if (!getLogger().isDebugEnabled()) {
                return false;
            }
            getLogger().debug("No cached Type2, ntlmDetails=" + nTLMLogonDetails);
            return false;
        }
        if (!type3NTLMMessage.hasFlag(524288)) {
            checkNTLMv1 = checkNTLMv1(str, nTLMLogonDetails.getChallengeKey(), type3NTLMMessage, false);
            if (getLogger().isDebugEnabled()) {
                getLogger().debug((checkNTLMv1 ? "Logged on" : "Logon failed") + " using NTLMSSP/NTLMv1");
            }
        } else if (type3NTLMMessage.getNTLMHashLength() > 24) {
            checkNTLMv1 = checkNTLMv2(str, nTLMLogonDetails.getChallengeKey(), type3NTLMMessage);
            if (getLogger().isDebugEnabled()) {
                getLogger().debug((checkNTLMv1 ? "Logged on" : "Logon failed") + " using NTLMSSP/NTLMv2");
            }
            if (!checkNTLMv1 && type3NTLMMessage.hasFlag(Integer.MIN_VALUE) && type3NTLMMessage.getLMHashLength() == 24) {
                checkNTLMv1 = checkNTLMv1(str, nTLMLogonDetails.getChallengeKey(), type3NTLMMessage, true);
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug((checkNTLMv1 ? "Logged on" : "Logon failed") + " using NTLMSSP/NTLMv1 (via fallback)");
                }
            }
        } else {
            checkNTLMv1 = checkNTLMv2SessionKey(str, nTLMLogonDetails.getChallengeKey(), type3NTLMMessage);
            if (getLogger().isDebugEnabled()) {
                getLogger().debug((checkNTLMv1 ? "Logged on" : "Logon failed") + " using NTLMSSP/NTLMv2SessKey");
            }
        }
        return checkNTLMv1;
    }

    protected final boolean checkNTLMv1(String str, byte[] bArr, Type3NTLMMessage type3NTLMMessage, boolean z) {
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("Perform an NTLMv1 hashed password check.");
        }
        byte[] bArr2 = new byte[21];
        System.arraycopy(this.m_md4Encoder.decodeHash(str), 0, bArr2, 0, 16);
        byte[] bArr3 = null;
        try {
            bArr3 = this.m_encryptor.doNTLM1Encryption(bArr2, bArr);
        } catch (NoSuchAlgorithmException e) {
        }
        byte[] lMHash = z ? type3NTLMMessage.getLMHash() : type3NTLMMessage.getNTLMHash();
        if (lMHash != null && bArr3 != null && lMHash.length == bArr3.length) {
            int i = 0;
            while (i < lMHash.length && lMHash[i] == bArr3[i]) {
                i++;
            }
            if (i == lMHash.length) {
                if (!getLogger().isDebugEnabled()) {
                    return true;
                }
                getLogger().debug("Hashed passwords match.");
                return true;
            }
        }
        if (!getLogger().isDebugEnabled()) {
            return false;
        }
        getLogger().debug("Hashed passwords do not match.");
        return false;
    }

    protected final boolean checkNTLMv2(String str, byte[] bArr, Type3NTLMMessage type3NTLMMessage) {
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("Perform an NTLMv2 check.");
        }
        boolean z = false;
        boolean z2 = false;
        try {
            byte[] doNTLM2Encryption = this.m_encryptor.doNTLM2Encryption(this.m_md4Encoder.decodeHash(str), type3NTLMMessage.getUserName(), type3NTLMMessage.getDomain());
            NTLMv2Blob nTLMv2Blob = new NTLMv2Blob(type3NTLMMessage.getNTLMHash());
            byte[] calculateHMAC = nTLMv2Blob.calculateHMAC(bArr, doNTLM2Encryption);
            byte[] hmac = nTLMv2Blob.getHMAC();
            if (hmac != null && calculateHMAC != null && hmac.length == calculateHMAC.length) {
                int i = 0;
                while (i < hmac.length && hmac[i] == calculateHMAC[i]) {
                    i++;
                }
                if (i == hmac.length) {
                    if (getLogger().isDebugEnabled()) {
                        getLogger().debug("HMAC matches the client, user authenticated.");
                    }
                    z = true;
                }
            }
            if (!z) {
                byte[] lMHash = type3NTLMMessage.getLMHash();
                byte[] clientChallenge = nTLMv2Blob.getClientChallenge();
                if (lMHash != null && lMHash.length == 24 && clientChallenge != null && clientChallenge.length == 8) {
                    int i2 = 0;
                    while (i2 < clientChallenge.length && lMHash[i2 + 16] == clientChallenge[i2]) {
                        i2++;
                    }
                    if (i2 == clientChallenge.length) {
                        byte[] calculateLMv2HMAC = nTLMv2Blob.calculateLMv2HMAC(doNTLM2Encryption, bArr, clientChallenge);
                        int i3 = 0;
                        while (i3 < calculateLMv2HMAC.length && lMHash[i3] == calculateLMv2HMAC[i3]) {
                            i3++;
                        }
                        if (i3 == calculateLMv2HMAC.length) {
                            if (getLogger().isDebugEnabled()) {
                                getLogger().debug("LMv2 HMAC matches the client, user authenticated.");
                            }
                            z2 = true;
                        }
                    }
                }
            }
        } catch (Exception e) {
            if (getLogger().isDebugEnabled()) {
                getLogger().debug(e);
            }
        }
        return z || z2;
    }

    protected final boolean checkNTLMv2SessionKey(String str, byte[] bArr, Type3NTLMMessage type3NTLMMessage) {
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("Perform an NTLMv2 session key check.");
        }
        byte[] bArr2 = new byte[16];
        System.arraycopy(bArr, 0, bArr2, 0, 8);
        System.arraycopy(type3NTLMMessage.getLMHash(), 0, bArr2, 8, 8);
        byte[] bArr3 = new byte[8];
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(bArr2);
            System.arraycopy(messageDigest.digest(), 0, bArr3, 0, 8);
        } catch (NoSuchAlgorithmException e) {
            getLogger().error(e);
        }
        byte[] bArr4 = new byte[21];
        System.arraycopy(this.m_md4Encoder.decodeHash(str), 0, bArr4, 0, 16);
        byte[] bArr5 = null;
        try {
            bArr5 = this.m_encryptor.doNTLM1Encryption(bArr4, bArr3);
        } catch (NoSuchAlgorithmException e2) {
            getLogger().error(e2);
        }
        byte[] nTLMHash = type3NTLMMessage.getNTLMHash();
        if (nTLMHash != null && bArr5 != null && nTLMHash.length == bArr5.length) {
            int i = 0;
            while (i < nTLMHash.length && nTLMHash[i] == bArr5[i]) {
                i++;
            }
            if (i == nTLMHash.length) {
                if (!getLogger().isDebugEnabled()) {
                    return true;
                }
                getLogger().debug("Hashed password check successful.");
                return true;
            }
        }
        if (!getLogger().isDebugEnabled()) {
            return false;
        }
        getLogger().debug("Password check failed.");
        return false;
    }

    protected String getMD4Hash(String str) {
        String str2 = null;
        UserTransaction userTransaction = this.transactionService.getUserTransaction();
        try {
            try {
                userTransaction.begin();
                str2 = this.nltmAuthenticator.getMD4HashedPassword(str);
                if (userTransaction != null) {
                    try {
                        if (userTransaction.getStatus() == 1 || userTransaction.getStatus() == 4 || userTransaction.getStatus() == 9) {
                            userTransaction.rollback();
                        } else {
                            userTransaction.commit();
                        }
                    } catch (Throwable th) {
                        if (getLogger().isDebugEnabled()) {
                            getLogger().debug(th);
                        }
                    }
                }
            } catch (Throwable th2) {
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug(th2);
                }
                if (userTransaction != null) {
                    try {
                        if (userTransaction.getStatus() == 1 || userTransaction.getStatus() == 4 || userTransaction.getStatus() == 9) {
                            userTransaction.rollback();
                        } else {
                            userTransaction.commit();
                        }
                    } catch (Throwable th3) {
                        if (getLogger().isDebugEnabled()) {
                            getLogger().debug(th3);
                        }
                    }
                }
            }
            return str2;
        } catch (Throwable th4) {
            if (userTransaction != null) {
                try {
                    if (userTransaction.getStatus() == 1 || userTransaction.getStatus() == 4 || userTransaction.getStatus() == 9) {
                        userTransaction.rollback();
                    } else {
                        userTransaction.commit();
                    }
                } catch (Throwable th5) {
                    if (getLogger().isDebugEnabled()) {
                        getLogger().debug(th5);
                    }
                }
            }
            throw th4;
        }
    }

    @Override // org.alfresco.repo.webdav.auth.AuthenticationDriver
    public void restartLoginChallenge(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("restartLoginChallenge...");
        }
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            clearSession(session);
        }
        String header = httpServletRequest.getHeader("user-agent");
        if (header == null || header.indexOf("Safari") == -1) {
            httpServletResponse.setHeader(WWW_AUTHENTICATE, AUTH_NTLM);
            httpServletResponse.setStatus(401);
            writeLoginPageLink(servletContext, httpServletRequest, httpServletResponse);
        } else {
            PrintWriter writer = httpServletResponse.getWriter();
            writer.println("<html><head></head>");
            writer.println("<body><p>Login authentication failed. Please close and re-open Safari to try again.</p>");
            writer.println("</body></html>");
            writer.close();
        }
        httpServletResponse.flushBuffer();
    }

    private void clearSession(HttpSession httpSession) {
        Enumeration attributeNames = httpSession.getAttributeNames();
        while (attributeNames.hasMoreElements()) {
            httpSession.removeAttribute((String) attributeNames.nextElement());
        }
    }

    protected final void disableNTLMv2() {
        this.m_disableNTLMv2 = true;
    }
}
