package org.apache.jetspeed.modules.actions;

import java.util.Locale;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.Profiler;
import org.apache.jetspeed.services.customlocalization.CustomLocalizationService;
import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
import org.apache.jetspeed.services.logging.JetspeedLogger;
import org.apache.jetspeed.services.resources.JetspeedResources;
import org.apache.jetspeed.services.rundata.JetspeedRunData;
import org.apache.jetspeed.services.security.JetspeedSecurityCache;
import org.apache.jetspeed.services.security.LoginException;
import org.apache.jetspeed.services.security.UnknownUserException;
import org.apache.jetspeed.util.ServiceUtil;
import org.apache.turbine.services.resources.TurbineResources;
import org.apache.turbine.util.RunData;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:org/apache/jetspeed/modules/actions/NTLMSessionValidator.class */
public class NTLMSessionValidator extends TemplateSessionValidator {
    private static final String INVALID_CHARS_KEY = "NTLMSessionValidator.chars.to.remove";
    private String invalidChars = JetspeedResources.getString(INVALID_CHARS_KEY, null);
    private static final byte z = 0;
    private static final byte[] msg1 = {78, 84, 76, 77, 83, 83, 80, 0, 2, 0, 0, 0, 0, 0, 0, 0, 40, 0, 0, 0, 1, -126, 0, 0, 0, 2, 2, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
    private static final String encodedMsg1 = new StringBuffer().append("NTLM ").append(new BASE64Encoder().encodeBuffer(msg1).trim()).toString();
    private static final JetspeedLogger logger;
    static Class class$org$apache$jetspeed$modules$actions$NTLMSessionValidator;

    @Override // org.apache.jetspeed.modules.actions.TemplateSessionValidator
    public void doPerform(RunData runData) throws Exception {
        super.doPerform(runData);
        JetspeedUser jetspeedUser = (JetspeedUser) runData.getUser();
        String remoteUser = getRemoteUser(runData);
        if ((jetspeedUser == null || !jetspeedUser.hasLoggedIn()) && remoteUser != null && remoteUser.length() > 0) {
            byte[] bytes = remoteUser.getBytes();
            StringBuffer stringBuffer = new StringBuffer();
            for (int i = 0; i < bytes.length; i++) {
                if (bytes[i] != 0 && (this.invalidChars == null || this.invalidChars.indexOf(bytes[i]) < 0)) {
                    stringBuffer.append((char) bytes[i]);
                }
            }
            String stringBuffer2 = stringBuffer.toString();
            try {
                jetspeedUser = JetspeedSecurity.getUser(stringBuffer2);
                runData.setUser(jetspeedUser);
                jetspeedUser.setHasLoggedIn(new Boolean(true));
                jetspeedUser.updateLastLogin();
                runData.save();
                if (JetspeedSecurityCache.getAcl(stringBuffer2) == null) {
                    JetspeedSecurityCache.load(stringBuffer2);
                }
                logger.info(new StringBuffer().append("NTLMSessionValidator: automatic login using [").append(stringBuffer2).append("]").toString());
            } catch (LoginException e) {
            } catch (UnknownUserException e2) {
                if (logger.isWarnEnabled()) {
                    logger.warn(new StringBuffer().append("NTLMSessionValidator: username [").append(stringBuffer2).append("] does not exist or authentication failed, ").append("redirecting to anon profile").toString());
                }
            }
        }
        try {
            JetspeedRunData jetspeedRunData = (JetspeedRunData) runData;
            String parameter = runData.getRequest().getParameter("js_language");
            if (null != parameter) {
                jetspeedUser.setPerm(Profiler.PARAM_LANGUAGE, parameter);
            }
            Locale locale = ((CustomLocalizationService) ServiceUtil.getServiceByName(CustomLocalizationService.SERVICE_NAME)).getLocale(runData);
            if (locale == null) {
                locale = new Locale(TurbineResources.getString("locale.default.language", "en"), TurbineResources.getString("locale.default.country", "US"));
            }
            runData.getUser().setTemp("locale", locale);
            String string = jetspeedRunData.getParameters().getString(JetspeedResources.PATH_PORTLETID_KEY);
            if (string == null || string.length() <= 0) {
                return;
            }
            jetspeedRunData.setJs_peid(string);
        } catch (ClassCastException e3) {
            logger.error("The RunData object does not implement the expected interface, please verify the RunData factory settings");
        }
    }

    @Override // org.apache.jetspeed.modules.actions.TemplateSessionValidator
    public boolean requiresNewSession(RunData runData) {
        return false;
    }

    private String getRemoteUser(RunData runData) throws Exception {
        HttpServletRequest request = runData.getRequest();
        HttpServletResponse response = runData.getResponse();
        if (runData.getUser().hasLoggedIn() && request.getMethod().equalsIgnoreCase("get")) {
            return runData.getUser().getUserName();
        }
        String header = request.getHeader("Authorization");
        if (header == null) {
            response.setStatus(401);
            response.setHeader("WWW-Authenticate", "NTLM");
            response.flushBuffer();
            return null;
        }
        if (!header.startsWith("NTLM ")) {
            return null;
        }
        byte[] decodeBuffer = new BASE64Decoder().decodeBuffer(header.substring(5));
        if (decodeBuffer[8] == 1) {
            response.setHeader("WWW-Authenticate", encodedMsg1);
            response.setStatus(401);
            return null;
        }
        if (decodeBuffer[8] != 3) {
            return null;
        }
        if (runData.getUser().hasLoggedIn()) {
            return runData.getUser().getUserName();
        }
        return new String(decodeBuffer, (decodeBuffer[30 + 11] * 256) + decodeBuffer[30 + 10], (decodeBuffer[30 + 9] * 256) + decodeBuffer[30 + 8]);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$jetspeed$modules$actions$NTLMSessionValidator == null) {
            cls = class$("org.apache.jetspeed.modules.actions.NTLMSessionValidator");
            class$org$apache$jetspeed$modules$actions$NTLMSessionValidator = cls;
        } else {
            cls = class$org$apache$jetspeed$modules$actions$NTLMSessionValidator;
        }
        logger = JetspeedLogFactoryService.getLogger(cls.getName());
    }
}
