package org.jasig.cas.support.spnego.authentication.handler.support;

import java.net.InetAddress;
import javax.validation.constraints.NotNull;
import jcifs.Config;
import jcifs.UniAddress;
import jcifs.netbios.NbtAddress;
import jcifs.ntlmssp.Type1Message;
import jcifs.ntlmssp.Type2Message;
import jcifs.ntlmssp.Type3Message;
import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SmbAuthException;
import jcifs.smb.SmbSession;
import org.jasig.cas.authentication.handler.AuthenticationException;
import org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException;
import org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.jasig.cas.authentication.principal.Credentials;
import org.jasig.cas.authentication.principal.SimplePrincipal;
import org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentials;

/* loaded from: input_file:org/jasig/cas/support/spnego/authentication/handler/support/NtlmAuthenticationHandler.class */
public class NtlmAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {
    private boolean loadBalance = true;

    @NotNull
    private String domainController = Config.getProperty("jcifs.smb.client.domain");
    private String includePattern = null;

    protected final boolean doAuthentication(Credentials credentials) throws AuthenticationException {
        SpnegoCredentials spnegoCredentials = (SpnegoCredentials) credentials;
        byte[] initToken = spnegoCredentials.getInitToken();
        UniAddress uniAddress = null;
        try {
            if (!this.loadBalance) {
                uniAddress = UniAddress.getByName(this.domainController, true);
            } else if (this.includePattern != null) {
                NbtAddress[] allByName = NbtAddress.getAllByName(this.domainController, 28, (String) null, (InetAddress) null);
                int i = 0;
                while (true) {
                    if (i >= allByName.length) {
                        break;
                    }
                    if (allByName[i].getHostAddress().matches(this.includePattern)) {
                        uniAddress = new UniAddress(allByName[i]);
                        break;
                    }
                    i++;
                }
            } else {
                uniAddress = new UniAddress(NbtAddress.getByName(this.domainController, 28, (String) null));
            }
            byte[] challenge = SmbSession.getChallenge(uniAddress);
            switch (initToken[8]) {
                case 1:
                    this.log.debug("Type 1 received");
                    Type2Message type2Message = new Type2Message(new Type1Message(initToken), challenge, (String) null);
                    this.log.debug("Type 2 returned. Setting next token.");
                    spnegoCredentials.setNextToken(type2Message.toByteArray());
                    return false;
                case 2:
                default:
                    return false;
                case 3:
                    this.log.debug("Type 3 received");
                    Type3Message type3Message = new Type3Message(initToken);
                    NtlmPasswordAuthentication ntlmPasswordAuthentication = new NtlmPasswordAuthentication(type3Message.getDomain(), type3Message.getUser(), challenge, type3Message.getLMResponse() == null ? new byte[0] : type3Message.getLMResponse(), type3Message.getNTResponse() == null ? new byte[0] : type3Message.getNTResponse());
                    this.log.debug("Trying to authenticate " + type3Message.getUser() + " with domain controller");
                    try {
                        SmbSession.logon(uniAddress, ntlmPasswordAuthentication);
                        spnegoCredentials.setPrincipal(new SimplePrincipal(type3Message.getUser()));
                        return true;
                    } catch (SmbAuthException e) {
                        this.log.debug("Authentication failed", e);
                        return false;
                    }
            }
        } catch (Exception e2) {
            this.log.error(e2.getMessage(), e2);
            throw new BadCredentialsAuthenticationException(e2);
        }
        this.log.error(e2.getMessage(), e2);
        throw new BadCredentialsAuthenticationException(e2);
    }

    public boolean supports(Credentials credentials) {
        return credentials != null && SpnegoCredentials.class.equals(credentials.getClass());
    }

    public void setLoadBalance(boolean z) {
        this.loadBalance = z;
    }

    public void setDomainController(String str) {
        this.domainController = str;
    }

    public void setIncludePattern(String str) {
        this.includePattern = str;
    }
}
