package org.alfresco.jlan.server.auth;

import java.net.InetAddress;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import org.alfresco.config.ConfigElement;
import org.alfresco.jlan.debug.Debug;
import org.alfresco.jlan.debug.DebugConfigSection;
import org.alfresco.jlan.server.SrvSession;
import org.alfresco.jlan.server.auth.passthru.DomainMapping;
import org.alfresco.jlan.server.config.InvalidConfigurationException;
import org.alfresco.jlan.server.config.SecurityConfigSection;
import org.alfresco.jlan.server.config.ServerConfiguration;
import org.alfresco.jlan.server.config.ServerConfigurationAccessor;
import org.alfresco.jlan.server.core.NoPooledMemoryException;
import org.alfresco.jlan.server.core.SharedDevice;
import org.alfresco.jlan.smb.DialectSelector;
import org.alfresco.jlan.smb.SMBStatus;
import org.alfresco.jlan.smb.server.CIFSConfigSection;
import org.alfresco.jlan.smb.server.SMBSrvException;
import org.alfresco.jlan.smb.server.SMBSrvPacket;
import org.alfresco.jlan.smb.server.SMBSrvSession;
import org.alfresco.jlan.smb.server.VirtualCircuit;
import org.alfresco.jlan.util.DataPacker;
import org.alfresco.jlan.util.HexDump;
import org.alfresco.jlan.util.IPAddress;

/* loaded from: input_file:WEB-INF/lib/alfresco-jlan-embed-3.2r.jar:org/alfresco/jlan/server/auth/CifsAuthenticator.class */
public abstract class CifsAuthenticator implements ICifsAuthenticator {
    protected static final String GUEST_USERNAME = "guest";
    private DialectSelector m_dialects;
    private boolean m_extendedSecurity;
    private boolean m_allowGuest;
    private boolean m_mapToGuest;
    protected ServerConfigurationAccessor m_config;
    private boolean m_debug;
    private int m_securityMode = 3;
    private PasswordEncryptor m_encryptor = new PasswordEncryptor();
    private int m_accessMode = 0;
    private String m_guestUserName = "guest";
    protected Random m_random = new Random(System.currentTimeMillis());

    public void setDebug(boolean z) {
        this.m_debug = z;
    }

    public void setConfig(ServerConfigurationAccessor serverConfigurationAccessor) {
        this.m_config = serverConfigurationAccessor;
    }

    @Override // org.alfresco.jlan.server.auth.ICifsAuthenticator
    public int authenticateShareConnect(ClientInfo clientInfo, SharedDevice sharedDevice, String str, SrvSession srvSession) {
        return 2;
    }

    @Override // org.alfresco.jlan.server.auth.ICifsAuthenticator
    public int authenticateUser(ClientInfo clientInfo, SrvSession srvSession, int i) {
        UserAccount userDetails = getUserDetails(clientInfo.getUserName());
        if (userDetails == null) {
            if (clientInfo.isNullSession() && (srvSession instanceof SMBSrvSession)) {
                return 0;
            }
            return allowGuest() ? 268435456 : -1;
        }
        boolean z = false;
        if (clientInfo.getPassword() != null) {
            z = validatePassword(userDetails, clientInfo, srvSession.getAuthenticationContext(), i);
        } else if (clientInfo.hasANSIPassword()) {
            z = validatePassword(userDetails, clientInfo, srvSession.getAuthenticationContext(), 0);
        }
        return z ? 0 : -2;
    }

    public final int authenticateUserPlainText(ClientInfo clientInfo, SrvSession srvSession) {
        NTLanManAuthContext nTLanManAuthContext = (NTLanManAuthContext) srvSession.getAuthenticationContext();
        if (nTLanManAuthContext == null) {
            nTLanManAuthContext = new NTLanManAuthContext();
            srvSession.setAuthenticationContext(nTLanManAuthContext);
        }
        String passwordAsString = clientInfo.getPasswordAsString();
        if (passwordAsString == null) {
            passwordAsString = clientInfo.getANSIPasswordAsString();
        }
        clientInfo.setPassword(generateEncryptedPassword(passwordAsString, nTLanManAuthContext.getChallenge(), 1, clientInfo.getUserName(), clientInfo.getDomain()));
        return authenticateUser(clientInfo, srvSession, 1);
    }

    public void initialize() throws InvalidConfigurationException {
        if (this.m_config == null) {
            throw new InvalidConfigurationException("server configuration accessor not set");
        }
        this.m_dialects = new DialectSelector();
        this.m_dialects.AddDialect(2);
        this.m_dialects.AddDialect(4);
        this.m_dialects.AddDialect(3);
        this.m_dialects.AddDialect(5);
        this.m_dialects.AddDialect(6);
        this.m_dialects.AddDialect(7);
    }

    public void initialize(ServerConfiguration serverConfiguration, ConfigElement configElement) throws InvalidConfigurationException {
        if (configElement.getChild(DebugConfigSection.SectionName) != null) {
            setDebug(true);
        }
        setConfig(serverConfiguration);
        initialize();
    }

    protected final byte[] generateEncryptedPassword(String str, byte[] bArr, int i, String str2, String str3) {
        byte[] bArr2 = null;
        try {
            bArr2 = this.m_encryptor.generateEncryptedPassword(str, bArr, i, str2, str3);
        } catch (InvalidKeyException e) {
        } catch (NoSuchAlgorithmException e2) {
        }
        return bArr2;
    }

    @Override // org.alfresco.jlan.server.auth.ICifsAuthenticator
    public final int getAccessMode() {
        return this.m_accessMode;
    }

    @Override // org.alfresco.jlan.server.auth.ICifsAuthenticator
    public final boolean hasExtendedSecurity() {
        return this.m_extendedSecurity;
    }

    public AuthContext getAuthContext(SMBSrvSession sMBSrvSession) {
        AuthContext nTLanManAuthContext;
        if (sMBSrvSession.hasAuthenticationContext() && (sMBSrvSession.getAuthenticationContext() instanceof NTLanManAuthContext)) {
            nTLanManAuthContext = sMBSrvSession.getAuthenticationContext();
        } else {
            nTLanManAuthContext = new NTLanManAuthContext();
            sMBSrvSession.setAuthenticationContext(nTLanManAuthContext);
        }
        return nTLanManAuthContext;
    }

    public final DialectSelector getEnabledDialects() {
        return this.m_dialects;
    }

    @Override // org.alfresco.jlan.server.auth.ICifsAuthenticator
    public final int getSecurityMode() {
        return this.m_securityMode;
    }

    public final CIFSConfigSection getCIFSConfig() {
        return (CIFSConfigSection) this.m_config.getConfigSection(CIFSConfigSection.SectionName);
    }

    public final SecurityConfigSection getsecurityConfig() {
        return (SecurityConfigSection) this.m_config.getConfigSection(SecurityConfigSection.SectionName);
    }

    public final boolean hasDebug() {
        return this.m_debug;
    }

    @Override // org.alfresco.jlan.server.auth.ICifsAuthenticator
    public void generateNegotiateResponse(SMBSrvSession sMBSrvSession, SMBSrvPacket sMBSrvPacket, boolean z) throws AuthenticatorException {
        ChallengeAuthContext challengeAuthContext = (ChallengeAuthContext) getAuthContext(sMBSrvSession);
        int byteOffset = sMBSrvPacket.getByteOffset();
        byte[] buffer = sMBSrvPacket.getBuffer();
        if (challengeAuthContext == null || challengeAuthContext.getChallenge() == null) {
            for (int i = 0; i < 8; i++) {
                int i2 = byteOffset;
                byteOffset++;
                buffer[i2] = 0;
            }
        } else {
            for (byte b : challengeAuthContext.getChallenge()) {
                int i3 = byteOffset;
                byteOffset++;
                buffer[i3] = b;
            }
        }
        String domainName = sMBSrvSession.getSMBServer().getCIFSConfiguration().getDomainName();
        if (domainName != null) {
            byteOffset = DataPacker.putString(domainName, buffer, byteOffset, true, true);
        }
        sMBSrvPacket.setByteCount(DataPacker.putString(sMBSrvSession.getSMBServer().getServerName(), buffer, byteOffset, true, true) - sMBSrvPacket.getByteOffset());
    }

    @Override // org.alfresco.jlan.server.auth.ICifsAuthenticator
    public void processSessionSetup(SMBSrvSession sMBSrvSession, SMBSrvPacket sMBSrvPacket) throws SMBSrvException {
        if (!sMBSrvPacket.checkPacketIsValid(13, 0)) {
            throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
        }
        int parameter = sMBSrvPacket.getParameter(2);
        int parameter2 = sMBSrvPacket.getParameter(3);
        int parameter3 = sMBSrvPacket.getParameter(4);
        int parameter4 = sMBSrvPacket.getParameter(7);
        int parameter5 = sMBSrvPacket.getParameter(8);
        int parameterLong = sMBSrvPacket.getParameterLong(11);
        sMBSrvPacket.getBuffer();
        boolean isUnicode = sMBSrvPacket.isUnicode();
        byte[] unpackBytes = sMBSrvPacket.unpackBytes(parameter4);
        byte[] unpackBytes2 = sMBSrvPacket.unpackBytes(parameter5);
        String unpackString = sMBSrvPacket.unpackString(isUnicode);
        if (unpackString == null) {
            throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
        }
        String str = "";
        if (sMBSrvPacket.hasMoreData()) {
            str = sMBSrvPacket.unpackString(isUnicode);
            if (str == null) {
                throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
            }
        }
        String str2 = "";
        if (sMBSrvPacket.hasMoreData()) {
            str2 = sMBSrvPacket.unpackString(isUnicode);
            if (str2 == null) {
                throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
            }
        }
        if (sMBSrvSession.hasDebug(32)) {
            Debug.println("[SMB] NT Session setup from user=" + unpackString + ", password=" + (unpackBytes2 != null ? HexDump.hexString(unpackBytes2) : "none") + ", ANSIpwd=" + (unpackBytes != null ? HexDump.hexString(unpackBytes) : "none") + ", domain=" + str + ", os=" + str2 + ", VC=" + parameter3 + ", maxBuf=" + parameter + ", maxMpx=" + parameter2 + ", authCtx=" + sMBSrvSession.getAuthenticationContext());
            Debug.println("[SMB]  MID=" + sMBSrvPacket.getMultiplexId() + ", UID=" + sMBSrvPacket.getUserId() + ", PID=" + sMBSrvPacket.getProcessId());
        }
        sMBSrvSession.setClientMaximumBufferSize(parameter != 0 ? parameter : 65540);
        sMBSrvSession.setClientMaximumMultiplex(parameter2);
        sMBSrvSession.setClientCapabilities(parameterLong);
        ClientInfo createInfo = ClientInfo.getFactory().createInfo(unpackString, unpackBytes2);
        createInfo.setANSIPassword(unpackBytes);
        createInfo.setDomain(str);
        createInfo.setOperatingSystem(str2);
        if (sMBSrvSession.hasRemoteAddress()) {
            createInfo.setClientAddress(sMBSrvSession.getRemoteAddress().getHostAddress());
        }
        if (unpackString.length() == 0 && str.length() == 0 && parameter5 == 0 && parameter4 == 1) {
            createInfo.setLogonType(2);
        }
        boolean z = false;
        int authenticateUser = authenticateUser(createInfo, sMBSrvSession, 1);
        if (authenticateUser > 0 && (authenticateUser & 268435456) != 0) {
            z = true;
            if (sMBSrvSession.hasDebug(32)) {
                Debug.println("[SMB] User " + unpackString + ", logged on as guest");
            }
        } else {
            if (authenticateUser != 0) {
                if (sMBSrvSession.hasDebug(32)) {
                    Debug.println("[SMB] User " + unpackString + ", access denied");
                }
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
            if (sMBSrvSession.hasDebug(32)) {
                Debug.println("[SMB] User " + unpackString + " logged on " + (createInfo != null ? " (type " + createInfo.getLogonTypeString() + ")" : ""));
            }
        }
        VirtualCircuit virtualCircuit = new VirtualCircuit(parameter3, createInfo);
        int addVirtualCircuit = sMBSrvSession.addVirtualCircuit(virtualCircuit);
        if (addVirtualCircuit == -1) {
            if (sMBSrvSession.hasDebug(32)) {
                Debug.println("[SMB] Failed to allocate UID for virtual circuit, " + virtualCircuit);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        if (sMBSrvSession.hasDebug(32)) {
            Debug.println("[SMB] Allocated UID=" + addVirtualCircuit + " for VC=" + virtualCircuit);
        }
        if (!createInfo.isNullSession()) {
            createInfo.setGuest(z);
        }
        sMBSrvSession.setLoggedOn(true);
        SMBSrvPacket sMBSrvPacket2 = sMBSrvPacket;
        if (sMBSrvPacket.hasAndXCommand()) {
            try {
                sMBSrvPacket2 = sMBSrvSession.getPacketPool().allocatePacket(sMBSrvPacket.getLength(), sMBSrvPacket);
            } catch (NoPooledMemoryException e) {
                throw new SMBSrvException(2, 83);
            }
        }
        sMBSrvPacket2.setParameterCount(3);
        sMBSrvPacket2.setParameter(0, 0);
        sMBSrvPacket2.setParameter(1, 0);
        sMBSrvPacket2.setParameter(2, z ? 1 : 0);
        sMBSrvPacket2.setByteCount(0);
        sMBSrvPacket2.setTreeId(0);
        sMBSrvPacket2.setUserId(addVirtualCircuit);
        sMBSrvPacket2.setFlags(sMBSrvPacket2.getFlags() & (-9));
        int i = 1;
        if (isUnicode) {
            i = 1 + 32768;
        }
        if (!hasExtendedSecurity()) {
            i &= -2049;
        }
        sMBSrvPacket2.setFlags2(i);
        int byteOffset = sMBSrvPacket2.getByteOffset();
        byte[] buffer = sMBSrvPacket2.getBuffer();
        if (isUnicode) {
            byteOffset = DataPacker.wordAlign(byteOffset);
        }
        int putString = DataPacker.putString(sMBSrvSession.getSMBServer().getCIFSConfiguration().getDomainName(), buffer, DataPacker.putString("Alfresco CIFS Server " + sMBSrvSession.getServer().isVersion(), buffer, DataPacker.putString("Java", buffer, byteOffset, true, isUnicode), true, isUnicode), true, isUnicode);
        sMBSrvPacket2.setByteCount(putString - sMBSrvPacket2.getByteOffset());
        sMBSrvPacket2.setParameter(1, putString - 4);
    }

    @Override // org.alfresco.jlan.server.auth.ICifsAuthenticator
    public int getEncryptionKeyLength() {
        return 8;
    }

    @Override // org.alfresco.jlan.server.auth.ICifsAuthenticator
    public int getServerCapabilities() {
        return 49788;
    }

    public final boolean allowGuest() {
        return this.m_allowGuest;
    }

    public final String getGuestUserName() {
        return this.m_guestUserName;
    }

    public final boolean mapUnknownUserToGuest() {
        return this.m_mapToGuest;
    }

    public final void setAllowGuest(boolean z) {
        this.m_allowGuest = z;
    }

    public final void setGuestUserName(String str) {
        this.m_guestUserName = str;
    }

    public final void setMapToGuest(boolean z) {
        this.m_mapToGuest = z;
    }

    protected final void setSecurityMode(int i) {
        this.m_securityMode = i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setExtendedSecurity(boolean z) {
        this.m_extendedSecurity = z;
    }

    @Override // org.alfresco.jlan.server.auth.ICifsAuthenticator
    public void closeAuthenticator() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean validatePassword(UserAccount userAccount, ClientInfo clientInfo, AuthContext authContext, int i) {
        if (authContext == null || !(authContext instanceof NTLanManAuthContext)) {
            return false;
        }
        byte[] challenge = ((NTLanManAuthContext) authContext).getChallenge();
        byte[] aNSIPassword = i == 0 ? clientInfo.getANSIPassword() : clientInfo.getPassword();
        byte[] bArr = null;
        if (!userAccount.hasMD4Password() || i == 0) {
            bArr = generateEncryptedPassword(userAccount.getPassword() != null ? userAccount.getPassword() : "", challenge, i, clientInfo.getUserName(), clientInfo.getDomain());
        } else {
            try {
                if (i == 1) {
                    byte[] bArr2 = new byte[21];
                    System.arraycopy(userAccount.getMD4Password(), 0, bArr2, 0, userAccount.getMD4Password().length);
                    bArr = getEncryptor().doNTLM1Encryption(bArr2, challenge);
                } else if (i == 2) {
                    bArr = getEncryptor().doNTLM2Encryption(userAccount.getMD4Password(), clientInfo.getUserName(), clientInfo.getDomain());
                }
            } catch (InvalidKeyException e) {
            } catch (NoSuchAlgorithmException e2) {
            }
        }
        if (bArr == null || aNSIPassword == null || bArr.length != 24 || aNSIPassword.length != 24) {
            return false;
        }
        for (int i2 = 0; i2 < 24; i2++) {
            if (bArr[i2] != aNSIPassword[i2]) {
                return false;
            }
        }
        return true;
    }

    protected final byte[] convertPassword(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str);
        if (stringBuffer.length() > 14) {
            stringBuffer.setLength(14);
        } else {
            while (stringBuffer.length() < 14) {
                stringBuffer.append((char) 0);
            }
        }
        return stringBuffer.toString().getBytes();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PasswordEncryptor getEncryptor() {
        return this.m_encryptor;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String getStatusAsString(int i) {
        String str = null;
        switch (i) {
            case -3:
                str = "BadUser";
                break;
            case -2:
                str = "BadPassword";
                break;
            case -1:
                str = "Disallow";
                break;
            case 0:
                str = "Allow";
                break;
            case 268435456:
                str = "Guest";
                break;
        }
        return str;
    }

    public final void setAccessMode(int i) {
        this.m_accessMode = i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doGuestLogon(ClientInfo clientInfo, SrvSession srvSession) {
        clientInfo.setUserName(getGuestUserName());
        clientInfo.setGuest(true);
    }

    public final UserAccount getUserDetails(String str) {
        return getsecurityConfig().getUsersInterface().getUserAccount(str);
    }

    @Override // org.alfresco.jlan.server.auth.ICifsAuthenticator
    public void setCurrentUser(ClientInfo clientInfo) {
    }

    protected final String mapClientAddressToDomain(InetAddress inetAddress) {
        SecurityConfigSection securityConfigSection = getsecurityConfig();
        if (!securityConfigSection.hasDomainMappings()) {
            return null;
        }
        int asInteger = IPAddress.asInteger(inetAddress);
        for (DomainMapping domainMapping : securityConfigSection.getDomainMappings()) {
            if (domainMapping.isMemberOfDomain(asInteger)) {
                if (hasDebug()) {
                    Debug.println("Mapped client IP " + inetAddress + " to domain " + domainMapping.getDomain());
                }
                return domainMapping.getDomain();
            }
        }
        if (!hasDebug()) {
            return null;
        }
        Debug.println("Failed to map client IP " + inetAddress + " to a domain");
        return null;
    }

    public String toString() {
        return getClass().getName() + ", mode=" + (getAccessMode() == 0 ? "SHARE" : "USER");
    }
}
