package waffle.spring;

import com.sun.jna.platform.win32.W32Errors;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean;
import waffle.servlet.WindowsPrincipal;
import waffle.servlet.spi.SecurityFilterProviderCollection;
import waffle.util.AuthorizationHeader;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.PrincipalFormat;

/* loaded from: input_file:waffle/spring/NegotiateSecurityFilter.class */
public class NegotiateSecurityFilter extends GenericFilterBean {
    private Log _log = LogFactory.getLog(NegotiateSecurityFilter.class);
    private SecurityFilterProviderCollection _provider = null;
    private PrincipalFormat _principalFormat = PrincipalFormat.fqn;
    private PrincipalFormat _roleFormat = PrincipalFormat.fqn;
    private boolean _allowGuestLogin = true;
    private GrantedAuthorityFactory _grantedAuthorityFactory = WindowsAuthenticationToken.DEFAULT_GRANTED_AUTHORITY_FACTORY;
    private GrantedAuthority _defaultGrantedAuthority = WindowsAuthenticationToken.DEFAULT_GRANTED_AUTHORITY;

    public NegotiateSecurityFilter() {
        this._log.debug("[waffle.spring.NegotiateSecurityFilter] loaded");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        this._log.info(httpServletRequest.getMethod() + " " + httpServletRequest.getRequestURI() + ", contentlength: " + httpServletRequest.getContentLength());
        AuthorizationHeader authorizationHeader = new AuthorizationHeader(httpServletRequest);
        if (!authorizationHeader.isNull() && this._provider.isSecurityPackageSupported(authorizationHeader.getSecurityPackage())) {
            try {
                IWindowsIdentity doFilter = this._provider.doFilter(httpServletRequest, httpServletResponse);
                if (doFilter == null) {
                    return;
                }
                if (!this._allowGuestLogin && doFilter.isGuest()) {
                    this._log.warn("guest login disabled: " + doFilter.getFqn());
                    sendUnauthorized(httpServletResponse, true);
                    return;
                }
                try {
                    this._log.debug("logged in user: " + doFilter.getFqn() + " (" + doFilter.getSidString() + ")");
                    WindowsPrincipal windowsPrincipal = new WindowsPrincipal(doFilter, this._principalFormat, this._roleFormat);
                    this._log.debug("roles: " + windowsPrincipal.getRolesString());
                    SecurityContextHolder.getContext().setAuthentication(new WindowsAuthenticationToken(windowsPrincipal, this._grantedAuthorityFactory, this._defaultGrantedAuthority));
                    this._log.info("successfully logged in user: " + doFilter.getFqn());
                    doFilter.dispose();
                } catch (Throwable th) {
                    doFilter.dispose();
                    throw th;
                }
            } catch (Exception e) {
                this._log.warn("error logging in user: " + e.getMessage());
                sendUnauthorized(httpServletResponse, true);
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        if (this._provider == null) {
            throw new ServletException("Missing NegotiateSecurityFilter.Provider");
        }
    }

    private void sendUnauthorized(HttpServletResponse httpServletResponse, boolean z) {
        try {
            this._provider.sendUnauthorized(httpServletResponse);
            if (z) {
                httpServletResponse.setHeader("Connection", "close");
            } else {
                httpServletResponse.setHeader("Connection", "keep-alive");
            }
            httpServletResponse.sendError(W32Errors.ERROR_THREAD_MODE_NOT_BACKGROUND);
            httpServletResponse.flushBuffer();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public PrincipalFormat getPrincipalFormat() {
        return this._principalFormat;
    }

    public void setPrincipalFormat(PrincipalFormat principalFormat) {
        this._principalFormat = principalFormat;
    }

    public PrincipalFormat getRoleFormat() {
        return this._roleFormat;
    }

    public void setRoleFormat(PrincipalFormat principalFormat) {
        this._roleFormat = principalFormat;
    }

    public boolean getAllowGuestLogin() {
        return this._allowGuestLogin;
    }

    public void setAllowGuestLogin(boolean z) {
        this._allowGuestLogin = z;
    }

    public SecurityFilterProviderCollection getProvider() {
        return this._provider;
    }

    public void setProvider(SecurityFilterProviderCollection securityFilterProviderCollection) {
        this._provider = securityFilterProviderCollection;
    }

    public GrantedAuthorityFactory getGrantedAuthorityFactory() {
        return this._grantedAuthorityFactory;
    }

    public void setGrantedAuthorityFactory(GrantedAuthorityFactory grantedAuthorityFactory) {
        this._grantedAuthorityFactory = grantedAuthorityFactory;
    }

    public GrantedAuthority getDefaultGrantedAuthority() {
        return this._defaultGrantedAuthority;
    }

    public void setDefaultGrantedAuthority(GrantedAuthority grantedAuthority) {
        this._defaultGrantedAuthority = grantedAuthority;
    }
}
