package com.liferay.portal.security.sso.ntlm.internal.servlet.filter;

import com.liferay.portal.kernel.cache.PortalCache;
import com.liferay.portal.kernel.cache.SingleVMPool;
import com.liferay.portal.kernel.io.BigEndianCodec;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.module.configuration.ConfigurationProvider;
import com.liferay.portal.kernel.security.SecureRandomUtil;
import com.liferay.portal.kernel.servlet.BaseFilter;
import com.liferay.portal.kernel.servlet.BrowserSnifferUtil;
import com.liferay.portal.kernel.settings.CompanyServiceSettingsLocator;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.sso.ntlm.NetlogonConnectionManager;
import com.liferay.portal.security.sso.ntlm.configuration.NtlmConfiguration;
import com.liferay.portal.security.sso.ntlm.constants.NtlmConstants;
import com.liferay.portal.security.sso.ntlm.constants.NtlmWebKeys;
import com.liferay.portal.security.sso.ntlm.internal.NtlmManager;
import com.liferay.portal.security.sso.ntlm.internal.NtlmUserAccount;
import com.liferay.portal.util.PortalInstances;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jcifs.Config;
import jcifs.util.Base64;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;

@Component(configurationPid = {"com.liferay.portal.security.sso.ntlm.configuration.NtlmConfiguration"}, immediate = true, property = {"dispatcher=FORWARD", "dispatcher=REQUEST", "servlet-context-name=", "servlet-filter-name=SSO Ntlm Filter", "url-pattern=/c/portal/login"}, service = {Filter.class})
/* loaded from: input_file:com/liferay/portal/security/sso/ntlm/internal/servlet/filter/NtlmFilter.class */
public class NtlmFilter extends BaseFilter {
    private static final Log _log = LogFactoryUtil.getLog(NtlmFilter.class);
    private ConfigurationProvider _configurationProvider;
    private NetlogonConnectionManager _netlogonConnectionManager;
    private final Map<Long, NtlmManager> _ntlmManagers = new ConcurrentHashMap();
    private PortalCache<String, byte[]> _portalCache;

    public boolean isFilterEnabled(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            NtlmConfiguration ntlmConfiguration = (NtlmConfiguration) this._configurationProvider.getConfiguration(NtlmConfiguration.class, new CompanyServiceSettingsLocator(PortalInstances.getCompanyId(httpServletRequest), NtlmConstants.SERVICE_NAME));
            if (BrowserSnifferUtil.isIe(httpServletRequest)) {
                return ntlmConfiguration.enabled();
            }
            return false;
        } catch (Exception e) {
            _log.error(e, e);
            return false;
        }
    }

    @Reference(unbind = "-")
    public void setNetlogonConnectionManager(NetlogonConnectionManager netlogonConnectionManager) {
        this._netlogonConnectionManager = netlogonConnectionManager;
    }

    @Reference(unbind = "-")
    public void setSingleVMPool(SingleVMPool singleVMPool) {
        this._portalCache = singleVMPool.getPortalCache(NtlmFilter.class.getName());
    }

    @Activate
    @Modified
    protected void activate(Map<String, Object> map) {
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String key = entry.getKey();
            if (key.contains("jcifs.")) {
                Config.setProperty(key, (String) entry.getValue());
            }
        }
        this._ntlmManagers.clear();
    }

    protected Log getLog() {
        return _log;
    }

    protected NtlmManager getNtlmManager(long j) throws Exception {
        NtlmConfiguration ntlmConfiguration = (NtlmConfiguration) this._configurationProvider.getConfiguration(NtlmConfiguration.class, new CompanyServiceSettingsLocator(j, NtlmConstants.SERVICE_NAME));
        String domain = ntlmConfiguration.domain();
        String domainController = ntlmConfiguration.domainController();
        String domainControllerName = ntlmConfiguration.domainControllerName();
        String serviceAccount = ntlmConfiguration.serviceAccount();
        String servicePassword = ntlmConfiguration.servicePassword();
        NtlmManager ntlmManager = this._ntlmManagers.get(Long.valueOf(j));
        if (ntlmManager == null) {
            ntlmManager = new NtlmManager(this._netlogonConnectionManager, domain, domainController, domainControllerName, serviceAccount, servicePassword);
            this._ntlmManagers.put(Long.valueOf(j), ntlmManager);
        } else if (!Validator.equals(ntlmManager.getDomain(), domain) || !Validator.equals(ntlmManager.getDomainController(), domainController) || !Validator.equals(ntlmManager.getDomainControllerName(), domainControllerName) || !Validator.equals(ntlmManager.getServiceAccount(), serviceAccount) || !Validator.equals(ntlmManager.getServicePassword(), servicePassword)) {
            ntlmManager.setConfiguration(domain, domainController, domainControllerName, serviceAccount, servicePassword);
        }
        return ntlmManager;
    }

    protected String getPortalCacheKey(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        return session == null ? httpServletRequest.getRemoteAddr() : session.getId();
    }

    protected void processFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws Exception {
        HttpSession session = httpServletRequest.getSession(false);
        long companyId = PortalInstances.getCompanyId(httpServletRequest);
        String string = GetterUtil.getString(httpServletRequest.getHeader("Authorization"));
        if (string.startsWith("NTLM")) {
            NtlmManager ntlmManager = getNtlmManager(companyId);
            String portalCacheKey = getPortalCacheKey(httpServletRequest);
            byte[] decode = Base64.decode(string.substring(5));
            if (decode[8] == 1) {
                byte[] bArr = new byte[8];
                BigEndianCodec.putLong(bArr, 0, SecureRandomUtil.nextLong());
                String encode = Base64.encode(ntlmManager.negotiate(decode, bArr));
                httpServletResponse.setContentLength(0);
                httpServletResponse.setHeader("WWW-Authenticate", "NTLM " + encode);
                httpServletResponse.setStatus(401);
                httpServletResponse.flushBuffer();
                this._portalCache.put(portalCacheKey, bArr);
                return;
            }
            byte[] bArr2 = (byte[]) this._portalCache.get(portalCacheKey);
            if (bArr2 == null) {
                httpServletResponse.setContentLength(0);
                httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
                httpServletResponse.setStatus(401);
                httpServletResponse.flushBuffer();
                return;
            }
            NtlmUserAccount ntlmUserAccount = null;
            try {
                try {
                    ntlmUserAccount = ntlmManager.authenticate(decode, bArr2);
                    this._portalCache.remove(portalCacheKey);
                } catch (Exception e) {
                    if (_log.isErrorEnabled()) {
                        _log.error("Unable to perform NTLM authentication", e);
                    }
                    this._portalCache.remove(portalCacheKey);
                }
                if (ntlmUserAccount == null) {
                    httpServletResponse.setContentLength(0);
                    httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
                    httpServletResponse.setStatus(401);
                    httpServletResponse.flushBuffer();
                    return;
                }
                if (_log.isDebugEnabled()) {
                    _log.debug("NTLM remote user " + ntlmUserAccount.getUserName());
                }
                httpServletRequest.setAttribute(NtlmWebKeys.NTLM_REMOTE_USER, ntlmUserAccount.getUserName());
                if (session != null) {
                    session.setAttribute(NtlmWebKeys.NTLM_USER_ACCOUNT, ntlmUserAccount);
                }
            } catch (Throwable th) {
                this._portalCache.remove(portalCacheKey);
                throw th;
            }
        }
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo != null && pathInfo.endsWith("/login")) {
            NtlmUserAccount ntlmUserAccount2 = null;
            if (session != null) {
                ntlmUserAccount2 = (NtlmUserAccount) session.getAttribute(NtlmWebKeys.NTLM_USER_ACCOUNT);
            }
            if (ntlmUserAccount2 == null) {
                httpServletResponse.setContentLength(0);
                httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
                httpServletResponse.setStatus(401);
                httpServletResponse.flushBuffer();
                return;
            }
            httpServletRequest.setAttribute(NtlmWebKeys.NTLM_REMOTE_USER, ntlmUserAccount2.getUserName());
        }
        processFilter(NtlmPostFilter.class.getName(), httpServletRequest, httpServletResponse, filterChain);
    }

    @Reference(unbind = "-")
    protected void setConfigurationProvider(ConfigurationProvider configurationProvider) {
        this._configurationProvider = configurationProvider;
    }
}
