package com.inet.authentication.windows;

import com.inet.authentication.AuthenticationDescription;
import com.inet.authentication.LoginProcessor;
import com.inet.authentication.LoginRoles;
import com.inet.authentication.RemoteLoginProcessor;
import com.inet.authentication.base.BasicLoginProcessor;
import com.inet.authentication.base.LoginManager;
import com.inet.classloader.I18nMessages;
import com.inet.error.ErrorCode;
import com.inet.http.ClientMessageException;
import com.inet.http.error.ServletErrorHandler;
import com.inet.http.servlet.ClientLocale;
import com.inet.http.servlet.NopHttpServletResponse;
import com.inet.http.servlet.SessionStore;
import com.inet.id.GUID;
import com.inet.lib.util.NetworkFunctions;
import com.inet.logging.LogManager;
import com.inet.notification.Notification;
import com.inet.notification.NotificationManager;
import com.inet.notification.PermissionNotificationGenerator;
import com.inet.plugin.ApplicationDescription;
import com.inet.plugin.ServerPluginManager;
import com.inet.shared.servlet.ProxyHttpServletRequest;
import com.inet.usersandgroups.api.user.UserAccount;
import com.sun.jna.Native;
import com.sun.jna.Structure;
import com.sun.jna.platform.win32.W32Errors;
import com.sun.jna.platform.win32.Win32Exception;
import java.io.BufferedReader;
import java.io.IOException;
import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.SuppressFBWarnings;
import javax.servlet.AsyncContext;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpUpgradeHandler;
import javax.servlet.http.Part;
import waffle.servlet.NegotiateSecurityFilter;
import waffle.servlet.WindowsPrincipal;
import waffle.util.NtlmServletRequest;
import waffle.windows.auth.WindowsAccount;

/* loaded from: input_file:com/inet/authentication/windows/b.class */
public class b extends RemoteLoginProcessor implements LoginRoles {
    private HttpServletRequest a;
    private Set<String> b;
    private Set<String> c;
    private static final Filter d;
    private static final Exception e;
    static final String f = NetworkFunctions.getLocalHostName();
    private final HttpServletRequest g;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/inet/authentication/windows/b$a.class */
    public static class a implements FilterChain {
        private HttpServletRequest a;

        private a() {
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) {
            this.a = (HttpServletRequest) servletRequest;
        }
    }

    public b(AuthenticationDescription authenticationDescription) {
        super(authenticationDescription);
        this.g = new HttpServletRequest() { // from class: com.inet.authentication.windows.b.1
            public String getAuthType() {
                return null;
            }

            public String getContextPath() {
                return null;
            }

            public Cookie[] getCookies() {
                return null;
            }

            public long getDateHeader(String str) {
                return 0L;
            }

            public String getHeader(String str) {
                return null;
            }

            public Enumeration getHeaderNames() {
                return null;
            }

            public Enumeration getHeaders(String str) {
                return null;
            }

            public int getIntHeader(String str) {
                return 0;
            }

            public String getMethod() {
                return "GET";
            }

            public String getPathInfo() {
                return "/";
            }

            public String getPathTranslated() {
                return null;
            }

            public String getQueryString() {
                return null;
            }

            public String getRemoteUser() {
                return null;
            }

            public String getRequestURI() {
                return null;
            }

            public StringBuffer getRequestURL() {
                return null;
            }

            public String getRequestedSessionId() {
                return null;
            }

            public String getServletPath() {
                return null;
            }

            public HttpSession getSession() {
                return null;
            }

            public HttpSession getSession(boolean z) {
                return null;
            }

            public Principal getUserPrincipal() {
                return null;
            }

            public boolean isRequestedSessionIdFromCookie() {
                return false;
            }

            public boolean isRequestedSessionIdFromURL() {
                return false;
            }

            public boolean isRequestedSessionIdFromUrl() {
                return false;
            }

            public boolean isRequestedSessionIdValid() {
                return false;
            }

            public boolean isUserInRole(String str) {
                return false;
            }

            public Object getAttribute(String str) {
                return null;
            }

            public Enumeration getAttributeNames() {
                return null;
            }

            public String getCharacterEncoding() {
                return null;
            }

            public int getContentLength() {
                return 0;
            }

            public String getContentType() {
                return null;
            }

            public ServletInputStream getInputStream() {
                return null;
            }

            public String getLocalAddr() {
                return null;
            }

            public String getLocalName() {
                return null;
            }

            public int getLocalPort() {
                return 0;
            }

            public Locale getLocale() {
                return null;
            }

            public Enumeration getLocales() {
                return null;
            }

            public String getParameter(String str) {
                return null;
            }

            public Map getParameterMap() {
                return null;
            }

            public Enumeration getParameterNames() {
                return null;
            }

            public String[] getParameterValues(String str) {
                return null;
            }

            public String getProtocol() {
                return null;
            }

            public BufferedReader getReader() {
                return null;
            }

            public String getRealPath(String str) {
                return null;
            }

            public String getRemoteAddr() {
                return null;
            }

            public String getRemoteHost() {
                return null;
            }

            public int getRemotePort() {
                return 0;
            }

            public RequestDispatcher getRequestDispatcher(String str) {
                return null;
            }

            public String getScheme() {
                return null;
            }

            public String getServerName() {
                return null;
            }

            public int getServerPort() {
                return 0;
            }

            public boolean isSecure() {
                return false;
            }

            public void removeAttribute(String str) {
            }

            public void setAttribute(String str, Object obj) {
            }

            public void setCharacterEncoding(String str) {
            }

            public AsyncContext getAsyncContext() {
                return null;
            }

            public long getContentLengthLong() {
                return 0L;
            }

            public DispatcherType getDispatcherType() {
                return null;
            }

            public ServletContext getServletContext() {
                return null;
            }

            public boolean isAsyncStarted() {
                return false;
            }

            public boolean isAsyncSupported() {
                return false;
            }

            public AsyncContext startAsync() throws IllegalStateException {
                return null;
            }

            public AsyncContext startAsync(ServletRequest servletRequest, ServletResponse servletResponse) throws IllegalStateException {
                return null;
            }

            public boolean authenticate(HttpServletResponse httpServletResponse) throws IOException, ServletException {
                return false;
            }

            public String changeSessionId() {
                return null;
            }

            public Part getPart(String str) throws IOException, ServletException {
                return null;
            }

            public Collection<Part> getParts() throws IOException, ServletException {
                return null;
            }

            public void login(String str, String str2) throws ServletException {
            }

            public void logout() throws ServletException {
            }

            public <T extends HttpUpgradeHandler> T upgrade(Class<T> cls) throws IOException, ServletException {
                return null;
            }
        };
        if (e != null) {
            ErrorCode.throwAny(e);
        }
    }

    @Nonnull
    public String getLoginSource() {
        return "system";
    }

    public void requestLoginData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            HttpSession session = httpServletRequest.getSession(false);
            if (session != null) {
                session.removeAttribute("waffle.servlet.NegotiateSecurityFilter.PRINCIPAL");
            }
            this.a = null;
            httpServletResponse = b(httpServletRequest, httpServletResponse);
            if (ProxyHttpServletRequest.isProxyRequest(httpServletRequest)) {
                httpServletResponse = new HttpServletResponseWrapper(httpServletResponse) { // from class: com.inet.authentication.windows.b.4
                    public void addHeader(String str, String str2) {
                        if ("WWW-Authenticate".equals(str) && str2.startsWith("NTLM")) {
                            return;
                        }
                        super.addHeader(str, str2);
                    }
                };
            }
            d.doFilter(this.g, httpServletResponse, new a());
        } catch (Throwable th) {
            a(th, httpServletRequest, httpServletResponse);
        }
    }

    public boolean transferClientLoginData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header;
        if ((getLoginID() != null && (!httpServletRequest.getMethod().equals("POST") || httpServletRequest.getContentLength() != 0)) || (header = httpServletRequest.getHeader("Authorization")) == null) {
            return true;
        }
        if (header.startsWith("Basic ")) {
            a(httpServletRequest);
            return true;
        }
        if (header.startsWith("NTLM ") || header.startsWith("Negotiate ")) {
            return a(httpServletRequest, b(httpServletRequest, httpServletResponse));
        }
        LOGGER.error("Wrong authorization header: " + header);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @SuppressFBWarnings(value = {"TRUST_BOUNDARY_VIOLATION"}, justification = "data is already in the session")
    public void a(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession();
        if (!LoginManager.isAddSignUpMode(httpServletRequest)) {
            session.removeAttribute("waffle.servlet.NegotiateSecurityFilter.PRINCIPAL");
            a(httpServletRequest, (HttpServletResponse) new NopHttpServletResponse());
        } else {
            Object attribute = session.getAttribute("waffle.servlet.NegotiateSecurityFilter.PRINCIPAL");
            session.removeAttribute("waffle.servlet.NegotiateSecurityFilter.PRINCIPAL");
            a(httpServletRequest, (HttpServletResponse) new NopHttpServletResponse());
            session.setAttribute("waffle.servlet.NegotiateSecurityFilter.PRINCIPAL", attribute);
        }
    }

    @Nullable
    protected UserAccount getOrCreateUserAccount(@Nonnull String str) {
        try {
            return super.getOrCreateUserAccount(str);
        } catch (ClientMessageException e2) {
            HttpSession httpSession = SessionStore.getHttpSession(false);
            if (httpSession != null) {
                httpSession.removeAttribute("waffle.servlet.NegotiateSecurityFilter.PRINCIPAL");
            }
            throw e2;
        }
    }

    private boolean a(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        a aVar = new a();
        if (BasicLoginProcessor.LOGGER.isDebug()) {
            BasicLoginProcessor.LOGGER.debug("Authorization header: " + httpServletRequest.getHeader("Authorization"));
        }
        try {
            d.doFilter(httpServletRequest, httpServletResponse, aVar);
            if (aVar.a == null) {
                return false;
            }
            try {
                WindowsPrincipal userPrincipal = aVar.a.getUserPrincipal();
                String sidString = userPrincipal.getSidString();
                if (BasicLoginProcessor.LOGGER.isDebug()) {
                    BasicLoginProcessor.LOGGER.debug("LoginID: " + userPrincipal.getName());
                    BasicLoginProcessor.LOGGER.debug("Sid    : " + sidString);
                    BasicLoginProcessor.LOGGER.debug("Groups : " + userPrincipal.getRolesString());
                }
                if ((!sidString.startsWith("S-1-5-21-") || !sidString.endsWith("-501")) && !sidString.equals("S-1-5-7")) {
                    this.a = aVar.a;
                    return true;
                }
                BasicLoginProcessor.LOGGER.debug("Guest not supported.");
                HttpSession httpSession = SessionStore.getHttpSession(false);
                if (httpSession != null) {
                    httpSession.removeAttribute("waffle.servlet.NegotiateSecurityFilter.PRINCIPAL");
                }
                return true;
            } catch (Exception e2) {
                LogManager.getLogger("Authentication").error(e2);
                return false;
            }
        } catch (Exception e3) {
            BasicLoginProcessor.LOGGER.error(e3);
            throw new RuntimeException(e3);
        }
    }

    public String getLoginID() {
        if (this.a == null || this.a.getUserPrincipal() == null) {
            return null;
        }
        return this.a.getUserPrincipal().getName();
    }

    public boolean isWebUserInRole(String str) {
        Set<String> set = this.c;
        if (set == null) {
            set = new HashSet();
            Iterator<String> it = getRoles().iterator();
            while (it.hasNext()) {
                set.add(it.next().toLowerCase());
            }
            this.c = set;
        }
        String lowerCase = str.replace('/', '\\').toLowerCase();
        if (set.contains(lowerCase)) {
            return true;
        }
        if (f == null || lowerCase.indexOf(92) != -1) {
            return false;
        }
        return set.contains(f + "\\" + lowerCase);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:14:0x0060. Please report as an issue. */
    @Nonnull
    public Set<String> getRoles() {
        if (this.b != null) {
            return this.b;
        }
        Map<String, WindowsAccount> a2 = a();
        if (a2 == null) {
            return Collections.EMPTY_SET;
        }
        HashSet hashSet = new HashSet();
        Iterator<Map.Entry<String, WindowsAccount>> it = a2.entrySet().iterator();
        while (it.hasNext()) {
            WindowsAccount value = it.next().getValue();
            String sidString = value.getSidString();
            boolean z = -1;
            switch (sidString.hashCode()) {
                case 507681120:
                    if (sidString.equals("S-1-5-64-10")) {
                        z = false;
                        break;
                    }
                    break;
                case 1983315903:
                    if (sidString.equals("S-1-2-0")) {
                        z = 3;
                        break;
                    }
                    break;
                case 1983315904:
                    if (sidString.equals("S-1-2-1")) {
                        z = 2;
                        break;
                    }
                    break;
                case 1983318788:
                    if (sidString.equals("S-1-5-2")) {
                        z = true;
                        break;
                    }
                    break;
                case 1983318790:
                    if (sidString.equals("S-1-5-4")) {
                        z = 4;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                case true:
                case true:
                case true:
                case true:
                    break;
                default:
                    if (!sidString.startsWith("S-1-5-5-") && !sidString.startsWith("S-1-16-")) {
                        hashSet.add(value.getFqn());
                        break;
                    }
                    break;
            }
        }
        this.b = hashSet;
        return hashSet;
    }

    @Nullable
    private Map<String, WindowsAccount> a() {
        if (this.a == null) {
            return null;
        }
        try {
            return this.a.getUserPrincipal().getGroups();
        } catch (Exception e2) {
            LogManager.getLogger("Authentication").error(e2);
            return null;
        }
    }

    private static void a(Throwable th, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        LogManager.getLogger("Authentication").error(th);
        ServletErrorHandler.sendErrorPage(httpServletRequest, httpServletResponse, th);
    }

    private static HttpServletResponse b(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (LOGGER.isDebug()) {
            LOGGER.debug("NTLM Connection ID: " + NtlmServletRequest.getConnectionId(httpServletRequest));
            httpServletResponse = new HttpServletResponseWrapper(httpServletResponse) { // from class: com.inet.authentication.windows.b.5
                public void addHeader(String str, String str2) {
                    LoginProcessor.LOGGER.debug(str + " header: " + str2);
                    super.addHeader(str, str2);
                }
            };
        }
        return httpServletResponse;
    }

    static {
        Filter filter;
        Exception exc = null;
        try {
            Class.forName(Structure.class.getName());
            Class.forName(Native.class.getName());
            filter = new NegotiateSecurityFilter();
            FilterConfig filterConfig = new FilterConfig() { // from class: com.inet.authentication.windows.b.2
                private Properties i = new Properties();

                {
                    this.i.put("waffle.servlet.spi.BasicSecurityFilterProvider/realm", ((ApplicationDescription) ServerPluginManager.getInstance().getSingleInstance(ApplicationDescription.class)).getApplicationName());
                    this.i.put("waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols", "NTLM");
                }

                public String getFilterName() {
                    return "waffle.servlet.NegotiateSecurityFilter";
                }

                public String getInitParameter(String str) {
                    return this.i.getProperty(str);
                }

                public Enumeration getInitParameterNames() {
                    return this.i.keys();
                }

                public ServletContext getServletContext() {
                    return null;
                }
            };
            Thread.currentThread().setContextClassLoader(filter.getClass().getClassLoader());
            filter.init(filterConfig);
            LOGGER.addFilter((logLevel, obj) -> {
                if (!(obj instanceof Throwable)) {
                    return false;
                }
                Throwable th = (Throwable) obj;
                while (true) {
                    Throwable th2 = th;
                    if (th2 == null) {
                        return false;
                    }
                    if (th2 instanceof Win32Exception) {
                        final Win32Exception win32Exception = (Win32Exception) th2;
                        final int errorCode = win32Exception.getErrorCode();
                        switch (errorCode) {
                            case -2146893044:
                                LOGGER.debug("ErrorCode: " + errorCode + " " + Integer.toHexString(W32Errors.HRESULT_FROM_WIN32(errorCode).intValue()) + " (SEC_E_LOGON_DENIED)\nCommon reasons are:\n\ta) Calling domain/host is in a untrusted domain\n\tb) User account disabled\n\tc) User account restricted\n\td) User account expired\n\te) Password expired");
                                return false;
                            case -2146893039:
                            case 1311:
                            case 1385:
                                NotificationManager.getInstance().registerGenerator(new PermissionNotificationGenerator() { // from class: com.inet.authentication.windows.b.3
                                    private String j = Long.toString(System.currentTimeMillis());
                                    private String k = SessionStore.getRemoteAddr();

                                    public GUID getId() {
                                        return GUID.valueOf("ntlm0authentication0error");
                                    }

                                    public String getPeriodKey() {
                                        return this.j;
                                    }

                                    public Notification createNotification() {
                                        return new Notification(ServerPluginManager.getInstance().getPluginDescription("authentication.windows").getDisplayName("id", ClientLocale.getThreadLocale()), new I18nMessages("com.inet.authentication.windows.structure.i18n.ConfigStructure", this).getMsg("login.error", new Object[]{this.k, win32Exception.getMessage() + " (0x" + Integer.toHexString(errorCode) + ")"}));
                                    }
                                });
                                break;
                            case 1326:
                                return false;
                        }
                        LOGGER.debug("ErrorCode: " + errorCode + " " + Integer.toHexString(W32Errors.HRESULT_FROM_WIN32(errorCode).intValue()));
                        return false;
                    }
                    th = th2.getCause();
                }
            });
        } catch (Exception e2) {
            exc = e2;
            filter = null;
        }
        e = exc;
        d = filter;
    }
}
