package waffle.servlet.spi;

import com.sun.jna.platform.win32.WinError;
import java.io.IOException;
import java.security.InvalidParameterException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import waffle.util.AuthorizationHeader;
import waffle.util.Base64;
import waffle.util.NtlmServletRequest;
import waffle.windows.auth.IWindowsAuthProvider;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.IWindowsSecurityContext;

/* loaded from: input_file:waffle/servlet/spi/NegotiateSecurityFilterProvider.class */
public class NegotiateSecurityFilterProvider implements SecurityFilterProvider {
    private Logger _log = LoggerFactory.getLogger(NegotiateSecurityFilterProvider.class);
    private List<String> _protocols = new ArrayList();
    private IWindowsAuthProvider _auth;

    public NegotiateSecurityFilterProvider(IWindowsAuthProvider iWindowsAuthProvider) {
        this._auth = null;
        this._auth = iWindowsAuthProvider;
        this._protocols.add("Negotiate");
        this._protocols.add("NTLM");
    }

    public List<String> getProtocols() {
        return this._protocols;
    }

    public void setProtocols(List<String> list) {
        this._protocols = list;
    }

    @Override // waffle.servlet.spi.SecurityFilterProvider
    public void sendUnauthorized(HttpServletResponse httpServletResponse) {
        Iterator<String> it = this._protocols.iterator();
        while (it.hasNext()) {
            httpServletResponse.addHeader("WWW-Authenticate", it.next());
        }
    }

    @Override // waffle.servlet.spi.SecurityFilterProvider
    public boolean isPrincipalException(HttpServletRequest httpServletRequest) {
        AuthorizationHeader authorizationHeader = new AuthorizationHeader(httpServletRequest);
        boolean isNtlmType1PostAuthorizationHeader = authorizationHeader.isNtlmType1PostAuthorizationHeader();
        this._log.debug("authorization: " + authorizationHeader.toString() + ", ntlm post: " + isNtlmType1PostAuthorizationHeader);
        return isNtlmType1PostAuthorizationHeader;
    }

    @Override // waffle.servlet.spi.SecurityFilterProvider
    public IWindowsIdentity doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        AuthorizationHeader authorizationHeader = new AuthorizationHeader(httpServletRequest);
        boolean isNtlmType1PostAuthorizationHeader = authorizationHeader.isNtlmType1PostAuthorizationHeader();
        String connectionId = NtlmServletRequest.getConnectionId(httpServletRequest);
        String securityPackage = authorizationHeader.getSecurityPackage();
        this._log.debug("security package: " + securityPackage + ", connection id: " + connectionId);
        if (isNtlmType1PostAuthorizationHeader) {
            this._auth.resetSecurityToken(connectionId);
        }
        byte[] tokenBytes = authorizationHeader.getTokenBytes();
        this._log.debug("token buffer: " + tokenBytes.length + " byte(s)");
        IWindowsSecurityContext acceptSecurityToken = this._auth.acceptSecurityToken(connectionId, tokenBytes, securityPackage);
        byte[] token = acceptSecurityToken.getToken();
        if (token != null && token.length > 0) {
            String str = new String(Base64.encode(token));
            this._log.debug("continue token: " + str);
            httpServletResponse.addHeader("WWW-Authenticate", securityPackage + " " + str);
        }
        this._log.debug("continue required: " + acceptSecurityToken.isContinue());
        if (!acceptSecurityToken.isContinue() && !isNtlmType1PostAuthorizationHeader) {
            IWindowsIdentity identity = acceptSecurityToken.getIdentity();
            acceptSecurityToken.dispose();
            return identity;
        }
        httpServletResponse.setHeader("Connection", "keep-alive");
        httpServletResponse.setStatus(WinError.ERROR_THREAD_MODE_NOT_BACKGROUND);
        httpServletResponse.flushBuffer();
        return null;
    }

    @Override // waffle.servlet.spi.SecurityFilterProvider
    public boolean isSecurityPackageSupported(String str) {
        Iterator<String> it = this._protocols.iterator();
        while (it.hasNext()) {
            if (it.next().equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // waffle.servlet.spi.SecurityFilterProvider
    public void initParameter(String str, String str2) {
        if (!str.equals("protocols")) {
            throw new InvalidParameterException(str);
        }
        this._protocols = new ArrayList();
        for (String str3 : str2.split("\\s+")) {
            String trim = str3.trim();
            if (trim.length() > 0) {
                this._log.debug("init protocol: " + trim);
                if (!trim.equals("Negotiate") && !trim.equals("NTLM")) {
                    this._log.error("unsupported protocol: " + trim);
                    throw new RuntimeException("Unsupported protocol: " + trim);
                }
                this._protocols.add(trim);
            }
        }
    }
}
