package jcifs.http;

import java.io.IOException;
import java.net.UnknownHostException;
import java.util.Enumeration;
import java.util.Properties;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jcifs.Address;
import jcifs.CIFSContext;
import jcifs.CIFSException;
import jcifs.Config;
import jcifs.NetbiosAddress;
import jcifs.config.PropertyConfiguration;
import jcifs.context.BaseContext;
import jcifs.netbios.UniAddress;
import jcifs.smb.NtlmChallenge;
import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SmbAuthException;
import jcifs.smb.SmbException;
import jcifs.smb.SmbSessionInternal;
import jcifs.smb.SmbTransportInternal;
import jcifs.util.Hexdump;
import p101.C11289;
import p1130.C31979;
import p1510.C39711;
import p1567.C40703;
import p1567.InterfaceC40702;
import p909.C25729;

@Deprecated
/* loaded from: classes5.dex */
public class NtlmHttpFilter implements Filter {
    private static int dcListCounter;
    private static final InterfaceC40702 log = C40703.m134670(NtlmHttpFilter.class);
    private long dcListExpiration;
    private String defaultDomain;
    private String domainController;
    private boolean enableBasic;
    private boolean insecureBasic;
    private boolean loadBalance;
    private String realm;
    private CIFSContext transportContext;
    private Address[] dcList = null;
    private int netbiosLookupRespLimit = 3;
    private long netbiosCacheTimeout = 36000;

    private synchronized NtlmChallenge getChallengeForDomain(String str) throws UnknownHostException, ServletException {
        int i;
        try {
            if (str == null) {
                throw new ServletException("A domain was not specified");
            }
            long currentTimeMillis = System.currentTimeMillis();
            int i2 = 1;
            while (true) {
                if (this.dcListExpiration < currentTimeMillis) {
                    NetbiosAddress[] nbtAllByName = getTransportContext().getNameServiceClient().getNbtAllByName(str, 28, null, null);
                    this.dcListExpiration = (this.netbiosCacheTimeout * 1000) + currentTimeMillis;
                    if (nbtAllByName == null || nbtAllByName.length <= 0) {
                        this.dcListExpiration = currentTimeMillis + C39711.f114427;
                        log.mo54985("Failed to retrieve DC list from WINS");
                    } else {
                        this.dcList = nbtAllByName;
                    }
                }
                int min = Math.min(this.dcList.length, this.netbiosLookupRespLimit);
                for (int i3 = 0; i3 < min; i3++) {
                    int i4 = dcListCounter;
                    dcListCounter = i4 + 1;
                    i = i4 % min;
                    if (this.dcList[i] != null) {
                        try {
                        } catch (SmbException e) {
                            log.mo54953("Failed validate DC: " + this.dcList[i], e);
                            this.dcList[i] = null;
                        }
                    }
                }
                this.dcListExpiration = 0L;
                int i5 = i2 - 1;
                if (i2 <= 0) {
                    this.dcListExpiration = currentTimeMillis + C39711.f114427;
                    throw new UnknownHostException("Failed to negotiate with a suitable domain controller for " + str);
                }
                i2 = i5;
            }
        } catch (Throwable th) {
            throw th;
        }
        return interrogate(getTransportContext(), this.dcList[i]);
    }

    private CIFSContext getTransportContext() {
        return this.transportContext;
    }

    private static NtlmChallenge interrogate(CIFSContext cIFSContext, Address address) throws SmbException {
        UniAddress uniAddress = new UniAddress(address);
        try {
            SmbTransportInternal smbTransportInternal = (SmbTransportInternal) cIFSContext.getTransportPool().getSmbTransport(cIFSContext, (Address) uniAddress, 0, false, cIFSContext.hasDefaultCredentials() && cIFSContext.getConfig().isIpcSigningEnforced()).unwrap(SmbTransportInternal.class);
            try {
                if (cIFSContext.hasDefaultCredentials()) {
                    SmbSessionInternal smbSessionInternal = (SmbSessionInternal) smbTransportInternal.getSmbSession(cIFSContext.withDefaultCredentials()).unwrap(SmbSessionInternal.class);
                    try {
                        smbSessionInternal.treeConnectLogon();
                        smbSessionInternal.close();
                    } finally {
                    }
                } else {
                    smbTransportInternal.ensureConnected();
                    log.mo54985("Default credentials (jcifs.smb.client.username/password) not specified. SMB signing may not work propertly.  Skipping DC interrogation.");
                }
                NtlmChallenge ntlmChallenge = new NtlmChallenge(smbTransportInternal.getServerEncryptionKey(), uniAddress);
                smbTransportInternal.close();
                return ntlmChallenge;
            } catch (Throwable th) {
                try {
                    throw th;
                } catch (Throwable th2) {
                    if (smbTransportInternal != null) {
                        try {
                            smbTransportInternal.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    }
                    throw th2;
                }
            }
        } catch (SmbException e) {
            throw e;
        } catch (IOException e2) {
            throw new SmbException("Connection failed", e2);
        }
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        NtlmPasswordAuthentication negotiate = negotiate(httpServletRequest, (HttpServletResponse) servletResponse, false);
        if (negotiate == null) {
            return;
        }
        filterChain.doFilter(new NtlmHttpServletRequest(httpServletRequest, negotiate), servletResponse);
    }

    public FilterConfig getFilterConfig() {
        return null;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        Properties properties = new Properties();
        properties.setProperty("jcifs.smb.client.soTimeout", "1800000");
        properties.setProperty("jcifs.netbios.cachePolicy", "1200");
        properties.setProperty("jcifs.smb.lmCompatibility", C11289.f35683);
        properties.setProperty("jcifs.smb.client.useExtendedSecurity", "false");
        Enumeration initParameterNames = filterConfig.getInitParameterNames();
        while (initParameterNames.hasMoreElements()) {
            String str = (String) initParameterNames.nextElement();
            if (str.startsWith("jcifs.")) {
                properties.setProperty(str, filterConfig.getInitParameter(str));
            }
        }
        try {
            this.defaultDomain = properties.getProperty("jcifs.smb.client.domain");
            String property = properties.getProperty("jcifs.http.domainController");
            this.domainController = property;
            if (property == null) {
                this.domainController = this.defaultDomain;
                this.loadBalance = Config.getBoolean(properties, "jcifs.http.loadBalance", true);
            }
            this.enableBasic = Boolean.valueOf(properties.getProperty("jcifs.http.enableBasic")).booleanValue();
            this.insecureBasic = Boolean.valueOf(properties.getProperty("jcifs.http.insecureBasic")).booleanValue();
            this.realm = properties.getProperty("jcifs.http.basicRealm");
            this.netbiosLookupRespLimit = Config.getInt(properties, "jcifs.netbios.lookupRespLimit", 3);
            this.netbiosCacheTimeout = Config.getInt(properties, "jcifs.netbios.cachePolicy", 600) * 60;
            if (this.realm == null) {
                this.realm = "jCIFS";
            }
            this.transportContext = new BaseContext(new PropertyConfiguration(properties));
        } catch (CIFSException unused) {
            throw new ServletException("Failed to initialize CIFS context");
        }
    }

    public NtlmPasswordAuthentication negotiate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServletException {
        NtlmPasswordAuthentication ntlmPasswordAuthentication;
        NtlmPasswordAuthentication ntlmPasswordAuthentication2;
        Address byName;
        HttpSession session;
        byte[] challenge;
        String header = httpServletRequest.getHeader("Authorization");
        boolean z2 = this.enableBasic && (this.insecureBasic || httpServletRequest.isSecure());
        if (header == null || !(header.startsWith("NTLM ") || (z2 && header.startsWith("Basic ")))) {
            if (z) {
                return null;
            }
            HttpSession session2 = httpServletRequest.getSession(false);
            if (session2 != null && (ntlmPasswordAuthentication = (NtlmPasswordAuthentication) session2.getAttribute("NtlmHttpAuth")) != null) {
                return ntlmPasswordAuthentication;
            }
            httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
            if (z2) {
                httpServletResponse.addHeader("WWW-Authenticate", C25729.m85644(new StringBuilder("Basic realm=\""), this.realm, "\""));
            }
            httpServletResponse.setStatus(401);
            httpServletResponse.setContentLength(0);
            httpServletResponse.flushBuffer();
            return null;
        }
        if (header.startsWith("NTLM ")) {
            HttpSession session3 = httpServletRequest.getSession();
            if (this.loadBalance) {
                NtlmChallenge ntlmChallenge = (NtlmChallenge) session3.getAttribute("NtlmHttpChal");
                if (ntlmChallenge == null) {
                    ntlmChallenge = getChallengeForDomain(this.defaultDomain);
                    session3.setAttribute("NtlmHttpChal", ntlmChallenge);
                }
                byName = ntlmChallenge.dc;
                challenge = ntlmChallenge.challenge;
            } else {
                byName = getTransportContext().getNameServiceClient().getByName(this.domainController, true);
                challenge = getTransportContext().getTransportPool().getChallenge(getTransportContext(), byName);
            }
            ntlmPasswordAuthentication2 = NtlmSsp.authenticate(getTransportContext(), httpServletRequest, httpServletResponse, challenge);
            if (ntlmPasswordAuthentication2 == null) {
                return null;
            }
            session3.removeAttribute("NtlmHttpChal");
        } else {
            String str = new String(C31979.m109969(header.substring(6)), "US-ASCII");
            int indexOf = str.indexOf(58);
            String substring = indexOf != -1 ? str.substring(0, indexOf) : str;
            String substring2 = indexOf != -1 ? str.substring(indexOf + 1) : "";
            int indexOf2 = substring.indexOf(92);
            if (indexOf2 == -1) {
                indexOf2 = substring.indexOf(47);
            }
            String substring3 = indexOf2 != -1 ? substring.substring(0, indexOf2) : this.defaultDomain;
            if (indexOf2 != -1) {
                substring = substring.substring(indexOf2 + 1);
            }
            ntlmPasswordAuthentication2 = new NtlmPasswordAuthentication(getTransportContext(), substring3, substring, substring2);
            byName = getTransportContext().getNameServiceClient().getByName(this.domainController, true);
        }
        try {
            getTransportContext().getTransportPool().logon(getTransportContext(), byName);
            InterfaceC40702 interfaceC40702 = log;
            if (interfaceC40702.isDebugEnabled()) {
                interfaceC40702.mo54933("NtlmHttpFilter: " + ntlmPasswordAuthentication2 + " successfully authenticated against " + byName);
            }
            httpServletRequest.getSession().setAttribute("NtlmHttpAuth", ntlmPasswordAuthentication2);
            return ntlmPasswordAuthentication2;
        } catch (SmbAuthException e) {
            log.mo54985("NtlmHttpFilter: " + ntlmPasswordAuthentication2.getName() + ": 0x" + Hexdump.toHexString(e.getNtStatus(), 8) + ": " + e);
            if (e.getNtStatus() == -1073741819 && (session = httpServletRequest.getSession(false)) != null) {
                session.removeAttribute("NtlmHttpAuth");
            }
            httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
            if (z2) {
                httpServletResponse.addHeader("WWW-Authenticate", C25729.m85644(new StringBuilder("Basic realm=\""), this.realm, "\""));
            }
            httpServletResponse.setStatus(401);
            httpServletResponse.setContentLength(0);
            httpServletResponse.flushBuffer();
            return null;
        }
    }

    public void setFilterConfig(FilterConfig filterConfig) {
        try {
            init(filterConfig);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
