package waffle.apache;

import com.sun.jna.platform.win32.Win32Exception;
import java.io.IOException;
import java.security.Principal;
import java.util.Base64;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.realm.GenericPrincipal;
import org.slf4j.LoggerFactory;
import waffle.util.AuthorizationHeader;
import waffle.util.NtlmServletRequest;
import waffle.windows.auth.IWindowsAuthProvider;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.IWindowsSecurityContext;
import waffle.windows.auth.PrincipalFormat;

/* loaded from: input_file:waffle/apache/NegotiateAuthenticator.class */
public class NegotiateAuthenticator extends WaffleAuthenticatorBase {
    public NegotiateAuthenticator() {
        this.log = LoggerFactory.getLogger(NegotiateAuthenticator.class);
        this.info = "waffle.apache.NegotiateAuthenticator/1.0";
        this.log.debug("[waffle.apache.NegotiateAuthenticator] loaded");
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public synchronized void startInternal() throws LifecycleException {
        this.log.info("[waffle.apache.NegotiateAuthenticator] started");
        super.startInternal();
    }

    public synchronized void stopInternal() throws LifecycleException {
        super.stopInternal();
        this.log.info("[waffle.apache.NegotiateAuthenticator] stopped");
    }

    public boolean authenticate(Request request, HttpServletResponse httpServletResponse) {
        Principal userPrincipal = request.getUserPrincipal();
        AuthorizationHeader authorizationHeader = new AuthorizationHeader(request);
        boolean isNtlmType1PostAuthorizationHeader = authorizationHeader.isNtlmType1PostAuthorizationHeader();
        this.log.debug("{} {}, contentlength: {}", new Object[]{request.getMethod(), request.getRequestURI(), Integer.valueOf(request.getContentLength())});
        this.log.debug("authorization: {}, ntlm post: {}", authorizationHeader, Boolean.valueOf(isNtlmType1PostAuthorizationHeader));
        if (userPrincipal != null && !isNtlmType1PostAuthorizationHeader) {
            this.log.debug("previously authenticated user: {}", userPrincipal.getName());
            return true;
        }
        if (authorizationHeader.isNull()) {
            this.log.debug("authorization required");
            sendUnauthorized(httpServletResponse);
            return false;
        }
        String securityPackage = authorizationHeader.getSecurityPackage();
        String connectionId = NtlmServletRequest.getConnectionId(request);
        this.log.debug("security package: {}, connection id: {}", securityPackage, connectionId);
        if (isNtlmType1PostAuthorizationHeader) {
            this.auth.resetSecurityToken(connectionId);
        }
        byte[] tokenBytes = authorizationHeader.getTokenBytes();
        this.log.debug("token buffer: {} byte(s)", Integer.valueOf(tokenBytes.length));
        try {
            IWindowsSecurityContext acceptSecurityToken = this.auth.acceptSecurityToken(connectionId, tokenBytes, securityPackage);
            this.log.debug("continue required: {}", Boolean.valueOf(acceptSecurityToken.isContinue()));
            byte[] token = acceptSecurityToken.getToken();
            if (token != null && token.length > 0) {
                String encodeToString = Base64.getEncoder().encodeToString(token);
                this.log.debug("continue token: {}", encodeToString);
                httpServletResponse.addHeader("WWW-Authenticate", securityPackage + " " + encodeToString);
            }
            try {
                if (acceptSecurityToken.isContinue()) {
                    httpServletResponse.setHeader("Connection", "keep-alive");
                    httpServletResponse.sendError(401);
                    httpServletResponse.flushBuffer();
                    return false;
                }
                if (this.context == null || this.context.getRealm() == null) {
                    this.log.warn("missing context/realm");
                    sendError(httpServletResponse, 503);
                    return false;
                }
                IWindowsIdentity identity = acceptSecurityToken.getIdentity();
                if (!this.allowGuestLogin && identity.isGuest()) {
                    this.log.warn("guest login disabled: {}", identity.getFqn());
                    sendUnauthorized(httpServletResponse);
                    return false;
                }
                try {
                    this.log.debug("logged in user: {} ({})", identity.getFqn(), identity.getSidString());
                    GenericPrincipal createPrincipal = createPrincipal(identity);
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("roles: {}", String.join(", ", createPrincipal.getRoles()));
                    }
                    HttpSession session = request.getSession(true);
                    this.log.debug("session id: {}", session == null ? "null" : session.getId());
                    register(request, httpServletResponse, createPrincipal, securityPackage, createPrincipal.getName(), null);
                    this.log.info("successfully logged in user: {}", createPrincipal.getName());
                    identity.dispose();
                    acceptSecurityToken.dispose();
                    return true;
                } catch (Throwable th) {
                    identity.dispose();
                    acceptSecurityToken.dispose();
                    throw th;
                }
            } catch (IOException e) {
                this.log.warn("error logging in user: {}", e.getMessage());
                this.log.trace("", e);
                sendUnauthorized(httpServletResponse);
                return false;
            }
        } catch (Win32Exception e2) {
            this.log.warn("error logging in user: {}", e2.getMessage());
            this.log.trace("", e2);
            sendUnauthorized(httpServletResponse);
            return false;
        }
    }

    protected boolean doAuthenticate(Request request, HttpServletResponse httpServletResponse) throws IOException {
        return authenticate(request, httpServletResponse);
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ void setProtocols(String str) {
        super.setProtocols(str);
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ void setAllowGuestLogin(boolean z) {
        super.setAllowGuestLogin(z);
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ boolean isAllowGuestLogin() {
        return super.isAllowGuestLogin();
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ PrincipalFormat getRoleFormat() {
        return super.getRoleFormat();
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ void setRoleFormat(String str) {
        super.setRoleFormat(str);
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ PrincipalFormat getPrincipalFormat() {
        return super.getPrincipalFormat();
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ void setPrincipalFormat(String str) {
        super.setPrincipalFormat(str);
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ String getInfo() {
        return super.getInfo();
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ void setAuth(IWindowsAuthProvider iWindowsAuthProvider) {
        super.setAuth(iWindowsAuthProvider);
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ IWindowsAuthProvider getAuth() {
        return super.getAuth();
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ void setContinueContextsTimeout(int i) {
        super.setContinueContextsTimeout(i);
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ int getContinueContextsTimeout() {
        return super.getContinueContextsTimeout();
    }
}
