package org.alfresco.filesys.server.auth;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import javax.transaction.UserTransaction;
import org.alfresco.config.ConfigElement;
import org.alfresco.filesys.server.SrvSession;
import org.alfresco.filesys.server.config.InvalidConfigurationException;
import org.alfresco.filesys.server.config.ServerConfiguration;
import org.alfresco.filesys.server.core.SharedDevice;
import org.alfresco.filesys.server.filesys.DiskInterface;
import org.alfresco.filesys.server.filesys.DiskSharedDevice;
import org.alfresco.filesys.server.filesys.SrvDiskInfo;
import org.alfresco.filesys.smb.DialectSelector;
import org.alfresco.filesys.smb.SMBStatus;
import org.alfresco.filesys.smb.server.SMBSrvException;
import org.alfresco.filesys.smb.server.SMBSrvPacket;
import org.alfresco.filesys.smb.server.SMBSrvSession;
import org.alfresco.filesys.smb.server.repo.ContentContext;
import org.alfresco.filesys.util.DataPacker;
import org.alfresco.filesys.util.HexDump;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.MD4PasswordEncoder;
import org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/alfresco/filesys/server/auth/CifsAuthenticator.class */
public abstract class CifsAuthenticator {
    protected static final Log logger = LogFactory.getLog("org.alfresco.smb.protocol.auth");
    public static final int LANMAN = 0;
    public static final int NTLM1 = 1;
    public static final int NTLM2 = 2;
    public static final int AUTH_ALLOW = 0;
    public static final int AUTH_GUEST = 268435456;
    public static final int AUTH_DISALLOW = -1;
    public static final int AUTH_BADPASSWORD = -2;
    public static final int AUTH_BADUSER = -3;
    public static final int NoAccess = 0;
    public static final int ReadOnly = 1;
    public static final int Writeable = 2;
    public static final int STANDARD_PASSWORD_LEN = 24;
    public static final int STANDARD_CHALLENGE_LEN = 8;
    protected static final String GUEST_USERNAME = "guest";
    private DialectSelector m_dialects;
    private boolean m_allowGuest;
    private boolean m_mapToGuest;
    protected ServerConfiguration m_config;
    protected AuthenticationComponent m_authComponent;
    protected NodeService m_nodeService;
    protected PersonService m_personService;
    protected TransactionService m_transactionService;
    protected AuthenticationService m_authenticationService;
    private int m_securityMode = 3;
    private PasswordEncryptor m_encryptor = new PasswordEncryptor();
    private String m_guestUserName = "guest";
    protected Random m_random = new Random(System.currentTimeMillis());
    protected MD4PasswordEncoder m_md4Encoder = new MD4PasswordEncoderImpl();

    public int authenticateShareConnect(ClientInfo clientInfo, SharedDevice sharedDevice, String str, SrvSession srvSession) {
        return 2;
    }

    public int authenticateUser(ClientInfo clientInfo, SrvSession srvSession, int i) {
        return -1;
    }

    public void initialize(ServerConfiguration serverConfiguration, ConfigElement configElement) throws InvalidConfigurationException {
        this.m_config = serverConfiguration;
        this.m_authComponent = this.m_config.getAuthenticationComponent();
        if (this.m_authComponent == null) {
            throw new InvalidConfigurationException("Authentication component not available");
        }
        this.m_dialects = new DialectSelector();
        this.m_dialects.AddDialect(2);
        this.m_dialects.AddDialect(4);
        this.m_dialects.AddDialect(3);
        this.m_dialects.AddDialect(5);
        this.m_dialects.AddDialect(6);
        this.m_dialects.AddDialect(7);
        this.m_nodeService = serverConfiguration.getNodeService();
        this.m_personService = serverConfiguration.getPersonService();
        this.m_transactionService = serverConfiguration.getTransactionService();
        this.m_authenticationService = serverConfiguration.getAuthenticationService();
        setGuestUserName(this.m_authComponent.getGuestUserName());
        if (!validateAuthenticationMode()) {
            throw new InvalidConfigurationException("Required authentication mode not available");
        }
    }

    protected boolean validateAuthenticationMode() {
        return true;
    }

    protected final byte[] generateEncryptedPassword(String str, byte[] bArr, int i, String str2, String str3) {
        byte[] bArr2 = null;
        try {
            bArr2 = this.m_encryptor.generateEncryptedPassword(str, bArr, i, str2, str3);
        } catch (InvalidKeyException e) {
        } catch (NoSuchAlgorithmException e2) {
        }
        return bArr2;
    }

    public AuthContext getAuthContext(SMBSrvSession sMBSrvSession) {
        NTLanManAuthContext nTLanManAuthContext;
        if (sMBSrvSession.hasAuthenticationContext() && (sMBSrvSession.getAuthenticationContext() instanceof NTLanManAuthContext)) {
            nTLanManAuthContext = (NTLanManAuthContext) sMBSrvSession.getAuthenticationContext();
        } else {
            nTLanManAuthContext = new NTLanManAuthContext();
            sMBSrvSession.setAuthenticationContext(nTLanManAuthContext);
        }
        return nTLanManAuthContext;
    }

    public final DialectSelector getEnabledDialects() {
        return this.m_dialects;
    }

    public final int getSecurityMode() {
        return this.m_securityMode;
    }

    public void generateNegotiateResponse(SMBSrvSession sMBSrvSession, SMBSrvPacket sMBSrvPacket, boolean z) throws AuthenticatorException {
        NTLanManAuthContext nTLanManAuthContext = (NTLanManAuthContext) getAuthContext(sMBSrvSession);
        int byteOffset = sMBSrvPacket.getByteOffset();
        byte[] buffer = sMBSrvPacket.getBuffer();
        if (nTLanManAuthContext.getChallenge() == null) {
            for (int i = 0; i < 8; i++) {
                int i2 = byteOffset;
                byteOffset++;
                buffer[i2] = 0;
            }
        } else {
            for (byte b : nTLanManAuthContext.getChallenge()) {
                int i3 = byteOffset;
                byteOffset++;
                buffer[i3] = b;
            }
        }
        String domainName = sMBSrvSession.getServer().getConfiguration().getDomainName();
        if (domainName != null) {
            byteOffset = DataPacker.putString(domainName, buffer, byteOffset, true, true);
        }
        sMBSrvPacket.setByteCount(DataPacker.putString(sMBSrvSession.getServer().getServerName(), buffer, byteOffset, true, true) - sMBSrvPacket.getByteOffset());
    }

    public void processSessionSetup(SMBSrvSession sMBSrvSession, SMBSrvPacket sMBSrvPacket, SMBSrvPacket sMBSrvPacket2) throws SMBSrvException {
        if (!sMBSrvPacket.checkPacketIsValid(13, 0)) {
            throw new SMBSrvException(SMBStatus.NTInvalidParameter, 1, 2);
        }
        int parameter = sMBSrvPacket.getParameter(2);
        int parameter2 = sMBSrvPacket.getParameter(3);
        int parameter3 = sMBSrvPacket.getParameter(4);
        int parameter4 = sMBSrvPacket.getParameter(7);
        int parameter5 = sMBSrvPacket.getParameter(8);
        int parameterLong = sMBSrvPacket.getParameterLong(11);
        sMBSrvPacket.getBuffer();
        boolean isUnicode = sMBSrvPacket.isUnicode();
        byte[] unpackBytes = sMBSrvPacket.unpackBytes(parameter4);
        byte[] unpackBytes2 = sMBSrvPacket.unpackBytes(parameter5);
        String unpackString = sMBSrvPacket.unpackString(isUnicode);
        if (unpackString == null) {
            throw new SMBSrvException(SMBStatus.NTInvalidParameter, 1, 2);
        }
        String str = "";
        if (sMBSrvPacket.hasMoreData()) {
            str = sMBSrvPacket.unpackString(isUnicode);
            if (str == null) {
                throw new SMBSrvException(SMBStatus.NTInvalidParameter, 1, 2);
            }
        }
        String str2 = "";
        if (sMBSrvPacket.hasMoreData()) {
            str2 = sMBSrvPacket.unpackString(isUnicode);
            if (str2 == null) {
                throw new SMBSrvException(SMBStatus.NTInvalidParameter, 1, 2);
            }
        }
        if (logger.isDebugEnabled() && sMBSrvSession.hasDebug(4)) {
            logger.debug("NT Session setup from user=" + unpackString + ", password=" + (unpackBytes2 != null ? HexDump.hexString(unpackBytes2) : "none") + ", ANSIpwd=" + (unpackBytes != null ? HexDump.hexString(unpackBytes) : "none") + ", domain=" + str + ", os=" + str2 + ", VC=" + parameter3 + ", maxBuf=" + parameter + ", maxMpx=" + parameter2 + ", authCtx=" + sMBSrvSession.getAuthenticationContext());
            logger.debug("  MID=" + sMBSrvPacket.getMultiplexId() + ", UID=" + sMBSrvPacket.getUserId() + ", PID=" + sMBSrvPacket.getProcessId());
        }
        sMBSrvSession.setClientMaximumBufferSize(parameter);
        sMBSrvSession.setClientMaximumMultiplex(parameter2);
        sMBSrvSession.setClientCapabilities(parameterLong);
        ClientInfo clientInfo = new ClientInfo(unpackString, unpackBytes2);
        clientInfo.setANSIPassword(unpackBytes);
        clientInfo.setDomain(str);
        clientInfo.setOperatingSystem(str2);
        if (sMBSrvSession.hasRemoteAddress()) {
            clientInfo.setClientAddress(sMBSrvSession.getRemoteAddress().getHostAddress());
        }
        if (unpackString.length() == 0 && str.length() == 0 && parameter5 == 0 && parameter4 == 1) {
            clientInfo.setLogonType(2);
        }
        boolean z = false;
        int authenticateUser = authenticateUser(clientInfo, sMBSrvSession, 1);
        if (authenticateUser > 0 && (authenticateUser & 268435456) != 0) {
            z = true;
            if (logger.isDebugEnabled() && sMBSrvSession.hasDebug(4)) {
                logger.debug("User " + unpackString + ", logged on as guest");
            }
        } else if (authenticateUser != 0) {
            if (sMBSrvSession.getClientInformation() == null || clientInfo.getUserName().length() != 0) {
                if (logger.isDebugEnabled() && sMBSrvSession.hasDebug(4)) {
                    logger.debug("User " + unpackString + ", access denied");
                }
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 5, 1);
            }
            clientInfo = sMBSrvSession.getClientInformation();
            if (logger.isDebugEnabled() && sMBSrvSession.hasDebug(4)) {
                logger.debug("Null client information, reusing existing client=" + clientInfo);
            }
        } else if (logger.isDebugEnabled() && sMBSrvSession.hasDebug(4)) {
            logger.debug("User " + unpackString + " logged on " + (clientInfo != null ? " (type " + clientInfo.getLogonTypeString() + ")" : ""));
        }
        if (sMBSrvSession.getClientInformation() == null || sMBSrvSession.getClientInformation().getUserName().length() == 0) {
            sMBSrvSession.setClientInformation(clientInfo);
        }
        clientInfo.setGuest(z);
        sMBSrvSession.setLoggedOn(true);
        sMBSrvPacket2.setParameterCount(3);
        sMBSrvPacket2.setParameter(0, 0);
        sMBSrvPacket2.setParameter(1, 0);
        sMBSrvPacket2.setParameter(2, z ? 1 : 0);
        sMBSrvPacket2.setByteCount(0);
        sMBSrvPacket2.setTreeId(0);
        sMBSrvPacket2.setUserId(0);
        sMBSrvPacket2.setFlags(sMBSrvPacket2.getFlags() & (-9));
        int i = 1;
        if (isUnicode) {
            i = 1 + 32768;
        }
        sMBSrvPacket2.setFlags2(i);
        int byteOffset = sMBSrvPacket2.getByteOffset();
        byte[] buffer = sMBSrvPacket2.getBuffer();
        if (isUnicode) {
            byteOffset = DataPacker.wordAlign(byteOffset);
        }
        sMBSrvPacket2.setByteCount(DataPacker.putString(sMBSrvSession.getServer().getConfiguration().getDomainName(), buffer, DataPacker.putString("Alfresco CIFS Server " + sMBSrvSession.getServer().isVersion(), buffer, DataPacker.putString("Java", buffer, byteOffset, true, isUnicode), true, isUnicode), true, isUnicode) - sMBSrvPacket2.getByteOffset());
    }

    public int getEncryptionKeyLength() {
        return 8;
    }

    public int getServerCapabilities() {
        return 49788;
    }

    public final boolean allowGuest() {
        return this.m_allowGuest;
    }

    public final String getGuestUserName() {
        return this.m_guestUserName;
    }

    public final boolean mapUnknownUserToGuest() {
        return this.m_mapToGuest;
    }

    public final void setAllowGuest(boolean z) {
        this.m_allowGuest = z;
    }

    public final void setGuestUserName(String str) {
        this.m_guestUserName = str;
    }

    public final void setMapToGuest(boolean z) {
        this.m_mapToGuest = z;
    }

    protected final void setSecurityMode(int i) {
        this.m_securityMode = i;
    }

    public void closeAuthenticator() {
    }

    protected final boolean validatePassword(String str, byte[] bArr, byte[] bArr2, int i, String str2, String str3) {
        byte[] generateEncryptedPassword = generateEncryptedPassword(str != null ? str : "", bArr2, i, str2, str3);
        if (generateEncryptedPassword == null || bArr == null || generateEncryptedPassword.length != 24 || bArr.length != 24) {
            return false;
        }
        for (int i2 = 0; i2 < 24; i2++) {
            if (generateEncryptedPassword[i2] != bArr[i2]) {
                return false;
            }
        }
        return true;
    }

    protected final byte[] convertPassword(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str);
        if (stringBuffer.length() > 14) {
            stringBuffer.setLength(14);
        } else {
            while (stringBuffer.length() < 14) {
                stringBuffer.append((char) 0);
            }
        }
        return stringBuffer.toString().getBytes();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PasswordEncryptor getEncryptor() {
        return this.m_encryptor;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String getStatusAsString(int i) {
        String str = null;
        switch (i) {
            case AUTH_BADUSER /* -3 */:
                str = "BadUser";
                break;
            case AUTH_BADPASSWORD /* -2 */:
                str = "BadPassword";
                break;
            case -1:
                str = "Disallow";
                break;
            case 0:
                str = "Allow";
                break;
            case 268435456:
                str = "Guest";
                break;
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void doGuestLogon(ClientInfo clientInfo, SrvSession srvSession) {
        this.m_authenticationService.authenticateAsGuest();
        clientInfo.setAuthenticationToken(this.m_authComponent.getCurrentAuthentication());
        clientInfo.setUserName(getGuestUserName());
        getHomeFolderForUser(clientInfo);
        clientInfo.setGuest(true);
        DiskInterface diskInterface = this.m_config.getDiskInterface();
        ContentContext contentContext = new ContentContext("", "", clientInfo.getHomeFolder());
        contentContext.setDiskInformation(new SrvDiskInfo(2560, 64, 512, 2304));
        srvSession.addDynamicShare(new DiskSharedDevice(clientInfo.getUserName(), diskInterface, contentContext, 8));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void getHomeFolderForUser(ClientInfo clientInfo) {
        UserTransaction userTransaction = this.m_transactionService.getUserTransaction();
        try {
            userTransaction.begin();
            clientInfo.setHomeFolder((NodeRef) this.m_nodeService.getProperty(this.m_personService.getPerson(clientInfo.getUserName()), ContentModel.PROP_HOMEFOLDER));
            userTransaction.commit();
        } catch (Throwable th) {
            try {
                userTransaction.rollback();
            } catch (Throwable th2) {
                logger.error("Failed to rollback transaction", th2);
            }
            if (!(th instanceof RuntimeException)) {
                throw new RuntimeException("Error during execution of transaction.", th);
            }
            throw ((RuntimeException) th);
        }
    }
}
