package waffle.servlet.spi;

import com.google.common.io.BaseEncoding;
import com.google.common.net.HttpHeaders;
import com.sun.jna.platform.win32.WinError;
import java.io.IOException;
import java.security.InvalidParameterException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import waffle.util.AuthorizationHeader;
import waffle.util.NtlmServletRequest;
import waffle.windows.auth.IWindowsAuthProvider;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.IWindowsSecurityContext;

/* loaded from: input_file:WEB-INF/lib/waffle-jna-1.7.3.jar:waffle/servlet/spi/NegotiateSecurityFilterProvider.class */
public class NegotiateSecurityFilterProvider implements SecurityFilterProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) NegotiateSecurityFilterProvider.class);
    private static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    private static final String PROTOCOLS = "protocols";
    private static final String NEGOTIATE = "Negotiate";
    private static final String NTLM = "NTLM";
    private List<String> protocols = new ArrayList();
    private IWindowsAuthProvider auth;

    public NegotiateSecurityFilterProvider(IWindowsAuthProvider iWindowsAuthProvider) {
        this.auth = iWindowsAuthProvider;
        this.protocols.add(NEGOTIATE);
        this.protocols.add(NTLM);
    }

    public List<String> getProtocols() {
        return this.protocols;
    }

    public void setProtocols(List<String> list) {
        this.protocols = list;
    }

    @Override // waffle.servlet.spi.SecurityFilterProvider
    public void sendUnauthorized(HttpServletResponse httpServletResponse) {
        Iterator<String> it = this.protocols.iterator();
        while (it.hasNext()) {
            httpServletResponse.addHeader("WWW-Authenticate", it.next());
        }
    }

    @Override // waffle.servlet.spi.SecurityFilterProvider
    public boolean isPrincipalException(HttpServletRequest httpServletRequest) {
        AuthorizationHeader authorizationHeader = new AuthorizationHeader(httpServletRequest);
        boolean isNtlmType1PostAuthorizationHeader = authorizationHeader.isNtlmType1PostAuthorizationHeader();
        LOGGER.debug("authorization: {}, ntlm post: {}", authorizationHeader, Boolean.valueOf(isNtlmType1PostAuthorizationHeader));
        return isNtlmType1PostAuthorizationHeader;
    }

    @Override // waffle.servlet.spi.SecurityFilterProvider
    public IWindowsIdentity doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        AuthorizationHeader authorizationHeader = new AuthorizationHeader(httpServletRequest);
        boolean isNtlmType1PostAuthorizationHeader = authorizationHeader.isNtlmType1PostAuthorizationHeader();
        String connectionId = NtlmServletRequest.getConnectionId(httpServletRequest);
        String securityPackage = authorizationHeader.getSecurityPackage();
        LOGGER.debug("security package: {}, connection id: {}", securityPackage, connectionId);
        if (isNtlmType1PostAuthorizationHeader) {
            this.auth.resetSecurityToken(connectionId);
        }
        byte[] tokenBytes = authorizationHeader.getTokenBytes();
        LOGGER.debug("token buffer: {} byte(s)", Integer.valueOf(tokenBytes.length));
        IWindowsSecurityContext acceptSecurityToken = this.auth.acceptSecurityToken(connectionId, tokenBytes, securityPackage);
        byte[] token = acceptSecurityToken.getToken();
        if (token != null && token.length > 0) {
            String encode = BaseEncoding.base64().encode(token);
            LOGGER.debug("continue token: {}", encode);
            httpServletResponse.addHeader("WWW-Authenticate", securityPackage + " " + encode);
        }
        LOGGER.debug("continue required: {}", Boolean.valueOf(acceptSecurityToken.isContinue()));
        if (!acceptSecurityToken.isContinue() && !isNtlmType1PostAuthorizationHeader) {
            IWindowsIdentity identity = acceptSecurityToken.getIdentity();
            acceptSecurityToken.dispose();
            return identity;
        }
        httpServletResponse.setHeader(HttpHeaders.CONNECTION, "keep-alive");
        httpServletResponse.setStatus(WinError.ERROR_THREAD_MODE_NOT_BACKGROUND);
        httpServletResponse.flushBuffer();
        return null;
    }

    @Override // waffle.servlet.spi.SecurityFilterProvider
    public boolean isSecurityPackageSupported(String str) {
        Iterator<String> it = this.protocols.iterator();
        while (it.hasNext()) {
            if (it.next().equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // waffle.servlet.spi.SecurityFilterProvider
    public void initParameter(String str, String str2) {
        if (!str.equals(PROTOCOLS)) {
            throw new InvalidParameterException(str);
        }
        this.protocols = new ArrayList();
        for (String str3 : str2.split("\\s+")) {
            String trim = str3.trim();
            if (trim.length() > 0) {
                LOGGER.debug("init protocol: {}", trim);
                if (!trim.equals(NEGOTIATE) && !trim.equals(NTLM)) {
                    LOGGER.error("unsupported protocol: {}", trim);
                    throw new RuntimeException("Unsupported protocol: " + trim);
                }
                this.protocols.add(trim);
            }
        }
    }
}
