package jcifs.http;

import c.d.b.a.a;
import j.d.e;
import j.d.f;
import j.d.f0;
import j.d.g;
import j.d.o0.c;
import j.d.v;
import j.d.z;
import java.io.IOException;
import java.net.UnknownHostException;
import java.util.Enumeration;
import java.util.Properties;
import jcifs.Address;
import jcifs.CIFSContext;
import jcifs.CIFSException;
import jcifs.Config;
import jcifs.NetbiosAddress;
import jcifs.config.PropertyConfiguration;
import jcifs.context.BaseContext;
import jcifs.netbios.UniAddress;
import jcifs.smb.NtlmChallenge;
import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SmbAuthException;
import jcifs.smb.SmbException;
import jcifs.smb.SmbSessionInternal;
import jcifs.smb.SmbTransportInternal;
import jcifs.util.Hexdump;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Deprecated
/* loaded from: classes4.dex */
public class NtlmHttpFilter implements e {
    public static int dcListCounter;
    public static final Logger log = LoggerFactory.getLogger((Class<?>) NtlmHttpFilter.class);
    public long dcListExpiration;
    public String defaultDomain;
    public String domainController;
    public boolean enableBasic;
    public boolean insecureBasic;
    public boolean loadBalance;
    public String realm;
    public CIFSContext transportContext;
    public Address[] dcList = null;
    public int netbiosLookupRespLimit = 3;
    public long netbiosCacheTimeout = 36000;

    private synchronized NtlmChallenge getChallengeForDomain(String str) throws UnknownHostException, v {
        int i2;
        try {
            if (str == null) {
                throw new v("A domain was not specified");
            }
            long currentTimeMillis = System.currentTimeMillis();
            int i3 = 1;
            while (true) {
                if (this.dcListExpiration < currentTimeMillis) {
                    NetbiosAddress[] nbtAllByName = getTransportContext().getNameServiceClient().getNbtAllByName(str, 28, null, null);
                    this.dcListExpiration = (this.netbiosCacheTimeout * 1000) + currentTimeMillis;
                    if (nbtAllByName == null || nbtAllByName.length <= 0) {
                        this.dcListExpiration = currentTimeMillis + 900000;
                        log.warn("Failed to retrieve DC list from WINS");
                    } else {
                        this.dcList = nbtAllByName;
                    }
                }
                int min = Math.min(this.dcList.length, this.netbiosLookupRespLimit);
                for (int i4 = 0; i4 < min; i4++) {
                    int i5 = dcListCounter;
                    dcListCounter = i5 + 1;
                    i2 = i5 % min;
                    if (this.dcList[i2] != null) {
                        try {
                        } catch (SmbException e2) {
                            log.warn("Failed validate DC: " + this.dcList[i2], (Throwable) e2);
                            this.dcList[i2] = null;
                        }
                    }
                }
                this.dcListExpiration = 0L;
                int i6 = i3 - 1;
                if (i3 <= 0) {
                    this.dcListExpiration = currentTimeMillis + 900000;
                    throw new UnknownHostException("Failed to negotiate with a suitable domain controller for " + str);
                }
                i3 = i6;
            }
        } catch (Throwable th) {
            throw th;
        }
        return interrogate(getTransportContext(), this.dcList[i2]);
    }

    private CIFSContext getTransportContext() {
        return this.transportContext;
    }

    public static NtlmChallenge interrogate(CIFSContext cIFSContext, Address address) throws SmbException {
        UniAddress uniAddress = new UniAddress(address);
        try {
            SmbTransportInternal smbTransportInternal = (SmbTransportInternal) cIFSContext.getTransportPool().getSmbTransport(cIFSContext, (Address) uniAddress, 0, false, cIFSContext.hasDefaultCredentials() && cIFSContext.getConfig().isIpcSigningEnforced()).unwrap(SmbTransportInternal.class);
            try {
                if (cIFSContext.hasDefaultCredentials()) {
                    SmbSessionInternal smbSessionInternal = (SmbSessionInternal) smbTransportInternal.getSmbSession(cIFSContext.withDefaultCredentials()).unwrap(SmbSessionInternal.class);
                    try {
                        smbSessionInternal.treeConnectLogon();
                        smbSessionInternal.close();
                    } finally {
                    }
                } else {
                    smbTransportInternal.ensureConnected();
                    log.warn("Default credentials (jcifs.smb.client.username/password) not specified. SMB signing may not work propertly.  Skipping DC interrogation.");
                }
                NtlmChallenge ntlmChallenge = new NtlmChallenge(smbTransportInternal.getServerEncryptionKey(), uniAddress);
                smbTransportInternal.close();
                return ntlmChallenge;
            } catch (Throwable th) {
                try {
                    throw th;
                } catch (Throwable th2) {
                    if (smbTransportInternal != null) {
                        try {
                            smbTransportInternal.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    }
                    throw th2;
                }
            }
        } catch (SmbException e2) {
            throw e2;
        } catch (IOException e3) {
            throw new SmbException("Connection failed", e3);
        }
    }

    @Override // j.d.e
    public void destroy() {
    }

    @Override // j.d.e
    public void doFilter(z zVar, f0 f0Var, f fVar) throws IOException, v {
        c cVar = (c) zVar;
        NtlmPasswordAuthentication negotiate = negotiate(cVar, (j.d.o0.e) f0Var, false);
        if (negotiate == null) {
            return;
        }
        fVar.doFilter(new NtlmHttpServletRequest(cVar, negotiate), f0Var);
    }

    public g getFilterConfig() {
        return null;
    }

    @Override // j.d.e
    public void init(g gVar) throws v {
        Properties properties = new Properties();
        properties.setProperty("jcifs.smb.client.soTimeout", "1800000");
        properties.setProperty("jcifs.netbios.cachePolicy", "1200");
        properties.setProperty("jcifs.smb.lmCompatibility", "0");
        properties.setProperty("jcifs.smb.client.useExtendedSecurity", "false");
        Enumeration<String> initParameterNames = gVar.getInitParameterNames();
        while (initParameterNames.hasMoreElements()) {
            String nextElement = initParameterNames.nextElement();
            if (nextElement.startsWith("jcifs.")) {
                properties.setProperty(nextElement, gVar.getInitParameter(nextElement));
            }
        }
        try {
            this.defaultDomain = properties.getProperty("jcifs.smb.client.domain");
            String property = properties.getProperty("jcifs.http.domainController");
            this.domainController = property;
            if (property == null) {
                this.domainController = this.defaultDomain;
                this.loadBalance = Config.getBoolean(properties, "jcifs.http.loadBalance", true);
            }
            this.enableBasic = Boolean.valueOf(properties.getProperty("jcifs.http.enableBasic")).booleanValue();
            this.insecureBasic = Boolean.valueOf(properties.getProperty("jcifs.http.insecureBasic")).booleanValue();
            this.realm = properties.getProperty("jcifs.http.basicRealm");
            this.netbiosLookupRespLimit = Config.getInt(properties, "jcifs.netbios.lookupRespLimit", 3);
            this.netbiosCacheTimeout = Config.getInt(properties, "jcifs.netbios.cachePolicy", 600) * 60;
            if (this.realm == null) {
                this.realm = "jCIFS";
            }
            this.transportContext = new BaseContext(new PropertyConfiguration(properties));
        } catch (CIFSException unused) {
            throw new v("Failed to initialize CIFS context");
        }
    }

    public NtlmPasswordAuthentication negotiate(c cVar, j.d.o0.e eVar, boolean z) throws IOException, v {
        NtlmPasswordAuthentication ntlmPasswordAuthentication;
        NtlmPasswordAuthentication ntlmPasswordAuthentication2;
        Address byName;
        j.d.o0.g session;
        byte[] challenge;
        String header = cVar.getHeader("Authorization");
        boolean z2 = this.enableBasic && (this.insecureBasic || cVar.isSecure());
        if (header == null || !(header.startsWith("NTLM ") || (z2 && header.startsWith("Basic ")))) {
            if (z) {
                return null;
            }
            j.d.o0.g session2 = cVar.getSession(false);
            if (session2 != null && (ntlmPasswordAuthentication = (NtlmPasswordAuthentication) session2.getAttribute("NtlmHttpAuth")) != null) {
                return ntlmPasswordAuthentication;
            }
            eVar.setHeader("WWW-Authenticate", "NTLM");
            if (z2) {
                StringBuilder a2 = a.a("Basic realm=\"");
                a2.append(this.realm);
                a2.append("\"");
                eVar.addHeader("WWW-Authenticate", a2.toString());
            }
            eVar.setStatus(401);
            eVar.setContentLength(0);
            eVar.flushBuffer();
            return null;
        }
        if (header.startsWith("NTLM ")) {
            j.d.o0.g session3 = cVar.getSession();
            if (this.loadBalance) {
                NtlmChallenge ntlmChallenge = (NtlmChallenge) session3.getAttribute("NtlmHttpChal");
                if (ntlmChallenge == null) {
                    ntlmChallenge = getChallengeForDomain(this.defaultDomain);
                    session3.setAttribute("NtlmHttpChal", ntlmChallenge);
                }
                byName = ntlmChallenge.dc;
                challenge = ntlmChallenge.challenge;
            } else {
                byName = getTransportContext().getNameServiceClient().getByName(this.domainController, true);
                challenge = getTransportContext().getTransportPool().getChallenge(getTransportContext(), byName);
            }
            ntlmPasswordAuthentication2 = NtlmSsp.authenticate(getTransportContext(), cVar, eVar, challenge);
            if (ntlmPasswordAuthentication2 == null) {
                return null;
            }
            session3.removeAttribute("NtlmHttpChal");
        } else {
            String str = new String(Base64.decode(header.substring(6)), "US-ASCII");
            int indexOf = str.indexOf(58);
            String substring = indexOf != -1 ? str.substring(0, indexOf) : str;
            String substring2 = indexOf != -1 ? str.substring(indexOf + 1) : "";
            int indexOf2 = substring.indexOf(92);
            if (indexOf2 == -1) {
                indexOf2 = substring.indexOf(47);
            }
            String substring3 = indexOf2 != -1 ? substring.substring(0, indexOf2) : this.defaultDomain;
            if (indexOf2 != -1) {
                substring = substring.substring(indexOf2 + 1);
            }
            ntlmPasswordAuthentication2 = new NtlmPasswordAuthentication(getTransportContext(), substring3, substring, substring2);
            byName = getTransportContext().getNameServiceClient().getByName(this.domainController, true);
        }
        try {
            getTransportContext().getTransportPool().logon(getTransportContext(), byName);
            if (log.isDebugEnabled()) {
                log.debug("NtlmHttpFilter: " + ntlmPasswordAuthentication2 + " successfully authenticated against " + byName);
            }
            cVar.getSession().setAttribute("NtlmHttpAuth", ntlmPasswordAuthentication2);
            return ntlmPasswordAuthentication2;
        } catch (SmbAuthException e2) {
            Logger logger = log;
            StringBuilder a3 = a.a("NtlmHttpFilter: ");
            a3.append(ntlmPasswordAuthentication2.getName());
            a3.append(": 0x");
            a3.append(Hexdump.toHexString(e2.getNtStatus(), 8));
            a3.append(": ");
            a3.append(e2);
            logger.warn(a3.toString());
            if (e2.getNtStatus() == -1073741819 && (session = cVar.getSession(false)) != null) {
                session.removeAttribute("NtlmHttpAuth");
            }
            eVar.setHeader("WWW-Authenticate", "NTLM");
            if (z2) {
                StringBuilder a4 = a.a("Basic realm=\"");
                a4.append(this.realm);
                a4.append("\"");
                eVar.addHeader("WWW-Authenticate", a4.toString());
            }
            eVar.setStatus(401);
            eVar.setContentLength(0);
            eVar.flushBuffer();
            return null;
        }
    }

    public void setFilterConfig(g gVar) {
        try {
            init(gVar);
        } catch (Exception e2) {
            e2.printStackTrace();
        }
    }
}
