package org.alfresco.filesys.auth.ftp;

import java.net.InetAddress;
import javax.transaction.UserTransaction;
import org.alfresco.config.ConfigElement;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.filesys.ExtendedServerConfigurationAccessor;
import org.alfresco.filesys.alfresco.AlfrescoClientInfo;
import org.alfresco.filesys.auth.PassthruServerFactory;
import org.alfresco.jlan.ftp.FTPSrvSession;
import org.alfresco.jlan.server.SrvSession;
import org.alfresco.jlan.server.auth.ClientInfo;
import org.alfresco.jlan.server.auth.PasswordEncryptor;
import org.alfresco.jlan.server.auth.passthru.AuthenticateSession;
import org.alfresco.jlan.server.auth.passthru.DomainMapping;
import org.alfresco.jlan.server.auth.passthru.PassthruServers;
import org.alfresco.jlan.server.config.InvalidConfigurationException;
import org.alfresco.jlan.server.config.SecurityConfigSection;
import org.alfresco.jlan.server.config.ServerConfiguration;
import org.alfresco.jlan.util.IPAddress;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.NTLMMode;
import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
import org.alfresco.repo.webdav.WebDAV;
import org.apache.axiom.soap.SOAP11Constants;

/* loaded from: input_file:WEB-INF/lib/alfresco-repository-3.2.jar:org/alfresco/filesys/auth/ftp/PassthruFtpAuthenticator.class */
public class PassthruFtpAuthenticator extends FTPAuthenticatorBase {
    public static final int DefaultSessionTmo = 5000;
    public static final int MinSessionTmo = 2000;
    public static final int MaxSessionTmo = 30000;
    public static final int MinCheckInterval = 10;
    public static final int MaxCheckInterval = 900;
    public static final long PassthruKeepAliveInterval = 60000;
    private PassthruServers m_passthruServers;
    private boolean m_localPassThruServers;
    private PasswordEncryptor m_passwordEncryptor;

    protected SecurityConfigSection getSecurityConfig() {
        return (SecurityConfigSection) this.serverConfiguration.getConfigSection("Security");
    }

    public void setPassthruServers(PassthruServers passthruServers) {
        this.m_passthruServers = passthruServers;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase, org.alfresco.jlan.ftp.FTPAuthenticator
    public void initialize(ServerConfiguration serverConfiguration, ConfigElement configElement) throws InvalidConfigurationException {
        PassthruServerFactory passthruServerFactory = new PassthruServerFactory();
        ConfigElement child = configElement.getChild("offlineCheckInterval");
        if (child != null) {
            try {
                passthruServerFactory.setOfflineCheckInterval(Integer.valueOf(Integer.parseInt(child.getValue())));
            } catch (NumberFormatException e) {
                throw new InvalidConfigurationException("Invalid offline check interval specified");
            }
        }
        ConfigElement child2 = configElement.getChild(WebDAV.HEADER_TIMEOUT);
        if (child2 != null) {
            try {
                passthruServerFactory.setTimeout(Integer.parseInt(child2.getValue()));
            } catch (NumberFormatException e2) {
                throw new InvalidConfigurationException("Invalid timeout value specified");
            }
        }
        ExtendedServerConfigurationAccessor extendedServerConfigurationAccessor = null;
        if (serverConfiguration instanceof ExtendedServerConfigurationAccessor) {
            extendedServerConfigurationAccessor = (ExtendedServerConfigurationAccessor) serverConfiguration;
        }
        if (configElement.getChild("LocalServer") != null && extendedServerConfigurationAccessor != null) {
            String localServerName = extendedServerConfigurationAccessor.getLocalServerName(true);
            if (localServerName == null) {
                throw new AlfrescoRuntimeException("Passthru authenticator failed to get local server name");
            }
            passthruServerFactory.setServer(localServerName);
        }
        ConfigElement child3 = configElement.getChild(SOAP11Constants.FAULT_CODE_RECEIVER);
        if (child3 != null && child3.getValue().length() > 0) {
            passthruServerFactory.setServer(child3.getValue());
        }
        if (configElement.getChild("LocalDomain") != null && extendedServerConfigurationAccessor != null) {
            passthruServerFactory.setDomain(extendedServerConfigurationAccessor.getLocalDomainName());
        }
        ConfigElement child4 = configElement.getChild("Domain");
        if (child4 != null && child4.getValue().length() > 0) {
            passthruServerFactory.setDomain(child4.getValue());
        }
        ConfigElement child5 = configElement.getChild("ProtocolOrder");
        if (child5 != null && child5.getValue().length() > 0) {
            passthruServerFactory.setProtocolOrder(child5.getValue());
        }
        passthruServerFactory.afterPropertiesSet();
        setPassthruServers((PassthruServers) passthruServerFactory.getObject());
        this.m_localPassThruServers = true;
        super.initialize(serverConfiguration, configElement);
    }

    @Override // org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase
    public void initialize() throws InvalidConfigurationException {
        super.initialize();
        AuthenticationComponent authenticationComponent = getAuthenticationComponent();
        if ((authenticationComponent instanceof NLTMAuthenticator) && ((NLTMAuthenticator) authenticationComponent).getNTLMMode() == NTLMMode.MD4_PROVIDER) {
            throw new AlfrescoRuntimeException("Wrong authentication setup for passthru authenticator (cannot be used with Alfresco users)");
        }
        this.m_passwordEncryptor = new PasswordEncryptor();
    }

    @Override // org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase, org.alfresco.jlan.ftp.FTPAuthenticator
    public boolean authenticateUser(ClientInfo clientInfo, FTPSrvSession fTPSrvSession) {
        if (!(clientInfo instanceof AlfrescoClientInfo)) {
            return false;
        }
        boolean z = false;
        UserTransaction userTransaction = null;
        try {
            try {
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        if (userTransaction.getStatus() == 1) {
                            userTransaction.rollback();
                        } else {
                            userTransaction.commit();
                        }
                    } catch (Exception e) {
                    }
                }
                throw th;
            }
        } catch (Exception e2) {
            if (logger.isDebugEnabled()) {
                logger.debug(e2);
            }
            if (0 != 0) {
                try {
                    if (userTransaction.getStatus() == 1) {
                        userTransaction.rollback();
                    } else {
                        userTransaction.commit();
                    }
                } catch (Exception e3) {
                }
            }
        }
        if (clientInfo.isGuest()) {
            doGuestLogon((AlfrescoClientInfo) clientInfo, fTPSrvSession);
            if (logger.isDebugEnabled()) {
                logger.debug("Authenticated guest user " + clientInfo.getUserName() + " sts=true");
            }
            if (0 != 0) {
                try {
                    if (userTransaction.getStatus() == 1) {
                        userTransaction.rollback();
                    } else {
                        userTransaction.commit();
                    }
                } catch (Exception e4) {
                }
            }
            return true;
        }
        UserTransaction userTransaction2 = getTransactionService().getUserTransaction(false);
        userTransaction2.begin();
        z = doPassthruUserAuthentication(clientInfo, fTPSrvSession);
        if (z && clientInfo.getLogonType() == 0) {
            checkForAdminUserName(clientInfo);
        }
        if (userTransaction2 != null) {
            try {
                if (userTransaction2.getStatus() == 1) {
                    userTransaction2.rollback();
                } else {
                    userTransaction2.commit();
                }
            } catch (Exception e5) {
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Authenticated user " + clientInfo.getUserName() + " sts=" + z + " via Passthru");
        }
        return z;
    }

    protected void doGuestLogon(AlfrescoClientInfo alfrescoClientInfo, SrvSession srvSession) {
        getAuthenticationService().authenticateAsGuest();
        alfrescoClientInfo.setAuthenticationToken(getAuthenticationComponent().getCurrentAuthentication());
        alfrescoClientInfo.setGuest(true);
    }

    private final boolean doPassthruUserAuthentication(ClientInfo clientInfo, SrvSession srvSession) {
        boolean z = false;
        AuthenticateSession authenticateSession = null;
        try {
            try {
                authenticateSession = this.m_passthruServers.openSession(false, mapClientAddressToDomain(srvSession.getRemoteAddress()));
                if (authenticateSession != null) {
                    authenticateSession.doSessionSetup(clientInfo.getDomain(), clientInfo.getUserName(), null, null, this.m_passwordEncryptor.generateEncryptedPassword(clientInfo.getPasswordAsString(), authenticateSession.getEncryptionKey(), 1, clientInfo.getUserName(), null), 0);
                    if (authenticateSession.isGuest()) {
                        doGuestLogon((AlfrescoClientInfo) clientInfo, srvSession);
                        z = true;
                        if (logger.isDebugEnabled()) {
                            logger.debug("Passthru authenticate user=" + clientInfo.getUserName() + ", GUEST");
                        }
                    } else {
                        ((AlfrescoClientInfo) clientInfo).setAuthenticationToken(getAuthenticationComponent().setCurrentUser(clientInfo.getUserName()));
                        z = true;
                        clientInfo.setLogonType(0);
                        if (logger.isInfoEnabled()) {
                            logger.info("Logged on user " + clientInfo.getUserName() + " ( address " + srvSession.getRemoteAddress() + ")");
                        }
                    }
                    authenticateSession.CloseSession();
                    authenticateSession = null;
                }
                if (authenticateSession != null) {
                    try {
                        authenticateSession.CloseSession();
                    } catch (Exception e) {
                    }
                }
            } catch (Exception e2) {
                logger.error("Passthru error", e2);
                if (authenticateSession != null) {
                    try {
                        authenticateSession.CloseSession();
                    } catch (Exception e3) {
                    }
                }
            }
            return z;
        } catch (Throwable th) {
            if (authenticateSession != null) {
                try {
                    authenticateSession.CloseSession();
                } catch (Exception e4) {
                }
            }
            throw th;
        }
    }

    protected final String mapClientAddressToDomain(InetAddress inetAddress) {
        if (!getSecurityConfig().hasDomainMappings()) {
            return null;
        }
        int asInteger = IPAddress.asInteger(inetAddress);
        for (DomainMapping domainMapping : getSecurityConfig().getDomainMappings()) {
            if (domainMapping.isMemberOfDomain(asInteger)) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Mapped client IP " + inetAddress + " to domain " + domainMapping.getDomain());
                }
                return domainMapping.getDomain();
            }
        }
        if (!logger.isDebugEnabled()) {
            return null;
        }
        logger.debug("Failed to map client IP " + inetAddress + " to a domain");
        return null;
    }

    @Override // org.alfresco.filesys.auth.ftp.FTPAuthenticatorBase, org.alfresco.jlan.ftp.FTPAuthenticator
    public void closeAuthenticator() {
        super.closeAuthenticator();
        if (!this.m_localPassThruServers || this.m_passthruServers == null) {
            return;
        }
        this.m_passthruServers.shutdown();
    }
}
