package waffle.apache;

import java.security.Principal;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.slf4j.LoggerFactory;
import waffle.util.AuthorizationHeader;
import waffle.util.Base64;
import waffle.util.NtlmServletRequest;
import waffle.windows.auth.IWindowsAuthProvider;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.IWindowsSecurityContext;
import waffle.windows.auth.PrincipalFormat;

/* loaded from: input_file:waffle/apache/NegotiateAuthenticator.class */
public class NegotiateAuthenticator extends WaffleAuthenticatorBase {
    public NegotiateAuthenticator() {
        this._log = LoggerFactory.getLogger(NegotiateAuthenticator.class);
        this._info = "waffle.apache.NegotiateAuthenticator/1.0";
        this._log.debug("[waffle.apache.NegotiateAuthenticator] loaded");
    }

    public void start() {
        this._log.info("[waffle.apache.NegotiateAuthenticator] started");
    }

    public void stop() {
        this._log.info("[waffle.apache.NegotiateAuthenticator] stopped");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v64, types: [java.security.Principal, waffle.apache.GenericWindowsPrincipal] */
    protected boolean authenticate(Request request, Response response, LoginConfig loginConfig) {
        Principal userPrincipal = request.getUserPrincipal();
        AuthorizationHeader authorizationHeader = new AuthorizationHeader(request);
        boolean isNtlmType1PostAuthorizationHeader = authorizationHeader.isNtlmType1PostAuthorizationHeader();
        this._log.debug(request.getMethod() + " " + request.getRequestURI() + ", contentlength: " + request.getContentLength());
        this._log.debug("authorization: " + authorizationHeader.toString() + ", ntlm post: " + isNtlmType1PostAuthorizationHeader);
        if (userPrincipal != null && !isNtlmType1PostAuthorizationHeader) {
            this._log.debug("previously authenticated user: " + userPrincipal.getName());
            return true;
        }
        if (authorizationHeader.isNull()) {
            this._log.debug("authorization required");
            sendUnauthorized(response);
            return false;
        }
        String securityPackage = authorizationHeader.getSecurityPackage();
        String connectionId = NtlmServletRequest.getConnectionId(request);
        this._log.debug("security package: " + securityPackage + ", connection id: " + connectionId);
        if (isNtlmType1PostAuthorizationHeader) {
            this._auth.resetSecurityToken(connectionId);
        }
        try {
            byte[] tokenBytes = authorizationHeader.getTokenBytes();
            this._log.debug("token buffer: " + tokenBytes.length + " byte(s)");
            IWindowsSecurityContext acceptSecurityToken = this._auth.acceptSecurityToken(connectionId, tokenBytes, securityPackage);
            this._log.debug("continue required: " + acceptSecurityToken.isContinue());
            byte[] token = acceptSecurityToken.getToken();
            if (token != null && token.length > 0) {
                String str = new String(Base64.encode(token));
                this._log.debug("continue token: " + str);
                response.addHeader("WWW-Authenticate", securityPackage + " " + str);
            }
            if (acceptSecurityToken.isContinue() || isNtlmType1PostAuthorizationHeader) {
                response.setHeader("Connection", "keep-alive");
                response.setStatus(401);
                response.flushBuffer();
                return false;
            }
            if (this.context == null || this.context.getRealm() == null) {
                this._log.warn("missing context/realm");
                response.setStatus(503);
                return false;
            }
            IWindowsIdentity identity = acceptSecurityToken.getIdentity();
            if (!this._allowGuestLogin && identity.isGuest()) {
                this._log.warn("guest login disabled: " + identity.getFqn());
                sendUnauthorized(response);
                return false;
            }
            try {
                this._log.debug("logged in user: " + identity.getFqn() + " (" + identity.getSidString() + ")");
                ?? genericWindowsPrincipal = new GenericWindowsPrincipal(identity, this.context.getRealm(), this._principalFormat, this._roleFormat);
                this._log.debug("roles: " + genericWindowsPrincipal.getRolesString());
                this._log.debug("session id:" + request.getSession(true).getId());
                register(request, response, genericWindowsPrincipal, securityPackage, genericWindowsPrincipal.getName(), null);
                this._log.info("successfully logged in user: " + genericWindowsPrincipal.getName());
                identity.dispose();
                return true;
            } catch (Throwable th) {
                identity.dispose();
                throw th;
            }
        } catch (Exception e) {
            this._log.warn("error logging in user: " + e.getMessage());
            sendUnauthorized(response);
            return false;
        }
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ void setAllowGuestLogin(boolean z) {
        super.setAllowGuestLogin(z);
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ boolean isAllowGuestLogin() {
        return super.isAllowGuestLogin();
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ PrincipalFormat getRoleFormat() {
        return super.getRoleFormat();
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ void setRoleFormat(String str) {
        super.setRoleFormat(str);
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ PrincipalFormat getPrincipalFormat() {
        return super.getPrincipalFormat();
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ void setPrincipalFormat(String str) {
        super.setPrincipalFormat(str);
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ String getInfo() {
        return super.getInfo();
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ void setAuth(IWindowsAuthProvider iWindowsAuthProvider) {
        super.setAuth(iWindowsAuthProvider);
    }

    @Override // waffle.apache.WaffleAuthenticatorBase
    public /* bridge */ /* synthetic */ IWindowsAuthProvider getAuth() {
        return super.getAuth();
    }
}
