package org.alfresco.filesys.server.auth.passthru;

import java.util.Hashtable;
import javax.transaction.UserTransaction;
import org.alfresco.config.ConfigElement;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.filesys.server.SessionListener;
import org.alfresco.filesys.server.SrvSession;
import org.alfresco.filesys.server.auth.AuthContext;
import org.alfresco.filesys.server.auth.CifsAuthenticator;
import org.alfresco.filesys.server.auth.ClientInfo;
import org.alfresco.filesys.server.auth.NTLanManAuthContext;
import org.alfresco.filesys.server.config.InvalidConfigurationException;
import org.alfresco.filesys.server.config.ServerConfiguration;
import org.alfresco.filesys.server.core.SharedDevice;
import org.alfresco.filesys.smb.server.SMBServer;
import org.alfresco.filesys.smb.server.SMBSrvSession;
import org.alfresco.model.ContentModel;
import org.alfresco.service.cmr.repository.NodeRef;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/alfresco/filesys/server/auth/passthru/PassthruAuthenticator.class */
public class PassthruAuthenticator extends CifsAuthenticator implements SessionListener {
    private static final Log logger = LogFactory.getLog("org.alfresco.smb.protocol.auth");
    public static final int DefaultSessionTmo = 5000;
    public static final int MinSessionTmo = 2000;
    public static final int MaxSessionTmo = 30000;
    private PassthruServers m_passthruServers;
    private SMBServer m_server;
    private Hashtable<String, PassthruDetails> m_sessions = new Hashtable<>();

    @Override // org.alfresco.filesys.server.auth.CifsAuthenticator
    public int authenticateShareConnect(ClientInfo clientInfo, SharedDevice sharedDevice, String str, SrvSession srvSession) {
        return 2;
    }

    @Override // org.alfresco.filesys.server.auth.CifsAuthenticator
    public int authenticateUser(ClientInfo clientInfo, SrvSession srvSession, int i) {
        if (clientInfo.isNullSession()) {
            if (!logger.isDebugEnabled()) {
                return 0;
            }
            logger.debug("Null CIFS logon allowed");
            return 0;
        }
        if (clientInfo.getAuthenticationToken() != null && clientInfo.getLogonType() != 2) {
            this.m_authComponent.setCurrentUser(clientInfo.getUserName());
            if (logger.isDebugEnabled()) {
                logger.debug("Re-using existing authentication token");
            }
            return clientInfo.getLogonType() != 1 ? 0 : 268435456;
        }
        int i2 = -1;
        if (clientInfo.isGuest() || clientInfo.getUserName().equalsIgnoreCase(getGuestUserName())) {
            if (!allowGuest()) {
                return -1;
            }
            doGuestLogon(clientInfo, srvSession);
            if (logger.isDebugEnabled()) {
                logger.debug("Authenticated user " + clientInfo.getUserName() + " sts=" + getStatusAsString(268435456));
            }
            return 268435456;
        }
        PassthruDetails passthruDetails = this.m_sessions.get(srvSession.getUniqueId());
        if (passthruDetails != null) {
            try {
                AuthenticateSession authenticateSession = passthruDetails.getAuthenticateSession();
                authenticateSession.doSessionSetup(clientInfo.getUserName(), clientInfo.getANSIPassword(), clientInfo.getPassword());
                if (!authenticateSession.isGuest()) {
                    UserTransaction userTransaction = this.m_transactionService.getUserTransaction(true);
                    try {
                        userTransaction.begin();
                        String userName = clientInfo.getUserName();
                        NodeRef person = this.m_personService.getPerson(userName);
                        if (person != null) {
                            String str = (String) this.m_nodeService.getProperty(person, ContentModel.PROP_USERNAME);
                            this.m_authComponent.setCurrentUser(str);
                            if (logger.isDebugEnabled()) {
                                logger.debug("Setting current user using person " + str + " (username " + userName + ")");
                            }
                        } else {
                            if (!this.m_personService.getUserNamesAreCaseSensitive()) {
                                userName = userName.toLowerCase();
                            }
                            this.m_authComponent.setCurrentUser(userName);
                            if (logger.isDebugEnabled()) {
                                logger.debug("Setting current user using username " + userName);
                            }
                        }
                        i2 = 0;
                        if (logger.isDebugEnabled()) {
                            logger.debug("Passthru authenticate user=" + clientInfo.getUserName() + ", FULL");
                        }
                    } finally {
                        if (userTransaction != null) {
                            try {
                                userTransaction.commit();
                            } catch (Exception e) {
                            }
                        }
                    }
                } else if (allowGuest()) {
                    doGuestLogon(clientInfo, srvSession);
                    i2 = 268435456;
                    if (logger.isDebugEnabled()) {
                        logger.debug("Passthru authenticate user=" + clientInfo.getUserName() + ", GUEST");
                    }
                }
            } catch (Exception e2) {
                logger.error(e2.getMessage());
            }
            if (!(srvSession instanceof SMBSrvSession)) {
                this.m_sessions.remove(srvSession.getUniqueId());
                try {
                    AuthenticateSession authenticateSession2 = passthruDetails.getAuthenticateSession();
                    authenticateSession2.CloseSession();
                    if (logger.isDebugEnabled()) {
                        logger.debug("Closed auth session, sessId=" + authenticateSession2.getSessionId());
                    }
                } catch (Exception e3) {
                    logger.error("Passthru error closing session (auth user)", e3);
                }
            }
        } else if (logger.isDebugEnabled()) {
            logger.debug("  No PassthruDetails for " + srvSession.getUniqueId());
        }
        return i2;
    }

    @Override // org.alfresco.filesys.server.auth.CifsAuthenticator
    public AuthContext getAuthContext(SMBSrvSession sMBSrvSession) {
        NTLanManAuthContext nTLanManAuthContext = null;
        if (sMBSrvSession.hasAuthenticationContext() && sMBSrvSession.hasClientInformation() && sMBSrvSession.getClientInformation().getAuthenticationToken() != null && sMBSrvSession.getClientInformation().getLogonType() != 2) {
            if (logger.isDebugEnabled()) {
                logger.debug("Re-using existing challenge, already authenticated");
            }
            return sMBSrvSession.getAuthenticationContext();
        }
        try {
            AuthenticateSession openSession = this.m_passthruServers.openSession();
            if (openSession != null) {
                this.m_sessions.put(sMBSrvSession.getUniqueId(), new PassthruDetails(sMBSrvSession, openSession));
                nTLanManAuthContext = new NTLanManAuthContext(openSession.getEncryptionKey());
                sMBSrvSession.setAuthenticationContext(nTLanManAuthContext);
                if (logger.isDebugEnabled()) {
                    logger.debug("Passthru sessId=" + openSession.getSessionId() + ", auth ctx=" + nTLanManAuthContext);
                }
            }
        } catch (Exception e) {
            logger.error("Passthru error getting challenge", e);
        }
        return nTLanManAuthContext;
    }

    @Override // org.alfresco.filesys.server.auth.CifsAuthenticator
    public void initialize(ServerConfiguration serverConfiguration, ConfigElement configElement) throws InvalidConfigurationException {
        super.initialize(serverConfiguration, configElement);
        this.m_passthruServers = new PassthruServers();
        ConfigElement child = configElement.getChild("Timeout");
        if (child != null) {
            try {
                int parseInt = Integer.parseInt(child.getValue());
                if (parseInt < 2000 || parseInt > 30000) {
                    throw new InvalidConfigurationException("Invalid session timeout, valid range is 2000 to 30000");
                }
                this.m_passthruServers.setConnectionTimeout(parseInt);
            } catch (NumberFormatException e) {
                throw new InvalidConfigurationException("Invalid timeout value specified");
            }
        }
        String str = null;
        if (configElement.getChild("LocalServer") != null) {
            str = serverConfiguration.getLocalServerName(true);
            if (str == null) {
                throw new AlfrescoRuntimeException("Passthru authenticator failed to get local server name");
            }
        }
        ConfigElement child2 = configElement.getChild("Server");
        if (child2 != null && child2.getValue().length() > 0) {
            if (str != null) {
                throw new AlfrescoRuntimeException("Set passthru server via local server or specify name");
            }
            str = child2.getValue();
        }
        if (str != null) {
            this.m_passthruServers.setServerList(str);
        } else {
            String str2 = null;
            if (configElement.getChild("LocalDomain") != null) {
                str2 = serverConfiguration.getLocalDomainName();
            }
            ConfigElement child3 = configElement.getChild("Domain");
            if (child3 != null && child3.getValue().length() > 0) {
                if (str != null) {
                    throw new AlfrescoRuntimeException("Specify server or domain name for passthru authentication");
                }
                str2 = child3.getValue();
            }
            if (str2 != null) {
                this.m_passthruServers.setDomain(str2);
            }
        }
        if (this.m_passthruServers.getTotalServerCount() == 0) {
            throw new AlfrescoRuntimeException("No valid authentication servers found for passthru");
        }
        SMBServer sMBServer = (SMBServer) serverConfiguration.findServer("SMB");
        if (sMBServer != null) {
            sMBServer.addSessionListener(this);
        }
    }

    @Override // org.alfresco.filesys.server.auth.CifsAuthenticator
    public void closeAuthenticator() {
        if (this.m_passthruServers != null) {
            this.m_passthruServers.shutdown();
        }
    }

    @Override // org.alfresco.filesys.server.SessionListener
    public void sessionClosed(SrvSession srvSession) {
        PassthruDetails passthruDetails = this.m_sessions.get(srvSession.getUniqueId());
        if (passthruDetails != null) {
            this.m_sessions.remove(srvSession.getUniqueId());
            try {
                AuthenticateSession authenticateSession = passthruDetails.getAuthenticateSession();
                authenticateSession.CloseSession();
                if (logger.isDebugEnabled()) {
                    logger.debug("Closed auth session, sessId=" + authenticateSession.getSessionId());
                }
            } catch (Exception e) {
                logger.error("Passthru error closing session (closed)", e);
            }
        }
    }

    @Override // org.alfresco.filesys.server.SessionListener
    public void sessionCreated(SrvSession srvSession) {
    }

    @Override // org.alfresco.filesys.server.SessionListener
    public void sessionLoggedOn(SrvSession srvSession) {
        PassthruDetails passthruDetails;
        if (!srvSession.hasClientInformation() || srvSession.getClientInformation().getUserName() == null || srvSession.getClientInformation().getUserName().length() <= 0 || (passthruDetails = this.m_sessions.get(srvSession.getUniqueId())) == null) {
            return;
        }
        this.m_sessions.remove(srvSession.getUniqueId());
        try {
            AuthenticateSession authenticateSession = passthruDetails.getAuthenticateSession();
            authenticateSession.CloseSession();
            if (logger.isDebugEnabled()) {
                logger.debug("Closed auth session, sessId=" + authenticateSession.getSessionId());
            }
        } catch (Exception e) {
            logger.error("Passthru error closing session (logon)", e);
        }
    }
}
