package org.alfresco.filesys.auth.cifs;

import org.alfresco.filesys.AlfrescoConfigSection;
import org.alfresco.filesys.alfresco.AlfrescoClientInfo;
import org.alfresco.filesys.repo.ContentContext;
import org.alfresco.jlan.server.SrvSession;
import org.alfresco.jlan.server.auth.CifsAuthenticator;
import org.alfresco.jlan.server.auth.ClientInfo;
import org.alfresco.jlan.server.config.InvalidConfigurationException;
import org.alfresco.jlan.server.config.ServerConfiguration;
import org.alfresco.jlan.server.filesys.DiskInterface;
import org.alfresco.jlan.server.filesys.DiskSharedDevice;
import org.alfresco.jlan.server.filesys.SrvDiskInfo;
import org.alfresco.jlan.smb.server.SMBSrvException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.MD4PasswordEncoder;
import org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl;
import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.fop.fo.Constants;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.extensions.config.ConfigElement;

/* loaded from: input_file:WEB-INF/lib/alfresco-repository-5.0.d.jar:org/alfresco/filesys/auth/cifs/CifsAuthenticatorBase.class */
public abstract class CifsAuthenticatorBase extends CifsAuthenticator implements ActivateableBean, InitializingBean, DisposableBean {
    protected static final Log logger = LogFactory.getLog(CifsAuthenticatorBase.class);
    private AuthenticationComponent authenticationComponent;
    private AuthenticationService authenticationService;
    private NodeService nodeService;
    private PersonService personService;
    private TransactionService transactionService;
    private AuthorityService authorityService;
    private DiskInterface diskInterface;
    protected MD4PasswordEncoder m_md4Encoder = new MD4PasswordEncoderImpl();
    private boolean active = true;

    public CifsAuthenticatorBase() {
        setAccessMode(1);
    }

    public void setAuthenticationComponent(AuthenticationComponent authenticationComponent) {
        this.authenticationComponent = authenticationComponent;
    }

    public void setAuthenticationService(AuthenticationService authenticationService) {
        this.authenticationService = authenticationService;
    }

    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    public void setTransactionService(TransactionService transactionService) {
        this.transactionService = transactionService;
    }

    public void setAuthorityService(AuthorityService authorityService) {
        this.authorityService = authorityService;
    }

    public void setDiskInterface(DiskInterface diskInterface) {
        this.diskInterface = diskInterface;
    }

    @Override // org.alfresco.repo.management.subsystems.ActivateableBean
    public boolean isActive() {
        return this.active;
    }

    public void setActive(boolean z) {
        this.active = z;
    }

    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    public void initialize(ServerConfiguration serverConfiguration, ConfigElement configElement) throws InvalidConfigurationException {
        AlfrescoConfigSection alfrescoConfigSection = (AlfrescoConfigSection) serverConfiguration.getConfigSection("Alfresco");
        setAuthenticationComponent(alfrescoConfigSection.getAuthenticationComponent());
        setAuthenticationService(alfrescoConfigSection.getAuthenticationService());
        setNodeService(alfrescoConfigSection.getNodeService());
        setPersonService(alfrescoConfigSection.getPersonService());
        setTransactionService(alfrescoConfigSection.getTransactionService());
        setAuthorityService(alfrescoConfigSection.getAuthorityService());
        setDiskInterface(alfrescoConfigSection.getRepoDiskInterface());
        super.initialize(serverConfiguration, configElement);
    }

    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    public void initialize() throws InvalidConfigurationException {
        super.initialize();
        if (getAuthenticationComponent() == null) {
            throw new InvalidConfigurationException("Authentication component not available");
        }
        setAllowGuest(allowGuest() || getAuthenticationComponent().guestUserAuthenticationAllowed());
        setGuestUserName(getAuthenticationComponent().getGuestUserName());
        if (!validateAuthenticationMode()) {
            throw new InvalidConfigurationException("Required authentication mode not available");
        }
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public final void afterPropertiesSet() throws InvalidConfigurationException {
        if (this.active) {
            initialize();
        }
    }

    protected boolean validateAuthenticationMode() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    public void doGuestLogon(ClientInfo clientInfo, SrvSession srvSession) {
        if (clientInfo instanceof AlfrescoClientInfo) {
            AlfrescoClientInfo alfrescoClientInfo = (AlfrescoClientInfo) clientInfo;
            getAuthenticationService().authenticateAsGuest();
            alfrescoClientInfo.setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
            clientInfo.setUserName(getGuestUserName());
            getHomeFolderForUser(clientInfo);
            clientInfo.setGuest(true);
            ContentContext contentContext = new ContentContext(clientInfo.getUserName(), "", "", alfrescoClientInfo.getHomeFolder());
            contentContext.setDiskInformation(new SrvDiskInfo(Constants.CP_MAXIMUM, 64, 512, 2304));
            srvSession.addDynamicShare(new DiskSharedDevice(clientInfo.getUserName(), this.diskInterface, contentContext, 8));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void getHomeFolderForUser(final ClientInfo clientInfo) {
        if (!(clientInfo instanceof AlfrescoClientInfo) || clientInfo.isNullSession()) {
            return;
        }
        final AlfrescoClientInfo alfrescoClientInfo = (AlfrescoClientInfo) clientInfo;
        doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Object>() { // from class: org.alfresco.filesys.auth.cifs.CifsAuthenticatorBase.1
            @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
            public Object execute() throws SMBSrvException {
                alfrescoClientInfo.setHomeFolder((NodeRef) CifsAuthenticatorBase.this.getNodeService().getProperty(CifsAuthenticatorBase.this.getPersonService().getPerson(clientInfo.getUserName()), ContentModel.PROP_HOMEFOLDER));
                return null;
            }
        });
    }

    public final String mapUserNameToPerson(final String str, final boolean z) {
        if (logger.isDebugEnabled()) {
            logger.debug("mapUserNameToPerson userName:" + str + ", checkEnabled:" + z);
        }
        return (String) AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<String>() { // from class: org.alfresco.filesys.auth.cifs.CifsAuthenticatorBase.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork
            /* renamed from: doWork */
            public String doWork2() throws Exception {
                return (String) CifsAuthenticatorBase.this.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<String>() { // from class: org.alfresco.filesys.auth.cifs.CifsAuthenticatorBase.2.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
                    public String execute() throws Throwable {
                        String userIdentifier = CifsAuthenticatorBase.this.getPersonService().getUserIdentifier(str);
                        if (userIdentifier == null) {
                            CifsAuthenticatorBase.this.authenticationComponent.setCurrentUser(str);
                            userIdentifier = CifsAuthenticatorBase.this.getPersonService().getUserIdentifier(str);
                        }
                        if (z && userIdentifier != null) {
                            if (!CifsAuthenticatorBase.this.getAuthenticationService().getAuthenticationEnabled(userIdentifier)) {
                                CifsAuthenticatorBase.logger.debug("autentication service says user is not enabled");
                                throw new AuthenticationException("Authentication not enabled for:" + str);
                            }
                            if (!CifsAuthenticatorBase.this.personService.isEnabled(userIdentifier)) {
                                CifsAuthenticatorBase.logger.debug("person service says user is not enabled");
                                throw new AuthenticationException("Authentication not enabled for person:" + str);
                            }
                        }
                        return userIdentifier == null ? str : userIdentifier;
                    }
                });
            }
        }, AuthenticationUtil.getSystemUserName());
    }

    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator, org.alfresco.jlan.server.auth.ICifsAuthenticator
    public void setCurrentUser(ClientInfo clientInfo) {
        if (clientInfo == null || clientInfo.isNullSession()) {
            getAuthenticationComponent().clearCurrentSecurityContext();
            return;
        }
        if (clientInfo.isGuest() || !(clientInfo instanceof AlfrescoClientInfo)) {
            getAuthenticationComponent().setGuestUserAsCurrentUser();
            return;
        }
        AlfrescoClientInfo alfrescoClientInfo = (AlfrescoClientInfo) clientInfo;
        if (!alfrescoClientInfo.hasAuthenticationTicket()) {
            getAuthenticationComponent().clearCurrentSecurityContext();
            return;
        }
        boolean z = false;
        try {
            getAuthenticationService().validate(alfrescoClientInfo.getAuthenticationTicket());
        } catch (AuthenticationException e) {
            z = true;
            if (logger.isDebugEnabled()) {
                logger.debug("Failed to validate ticket, user=" + clientInfo.getUserName() + ", ticket=" + alfrescoClientInfo.getAuthenticationTicket());
            }
        }
        if (z) {
            try {
                getAuthenticationComponent().setCurrentUser(mapUserNameToPerson(clientInfo.getUserName(), false));
                alfrescoClientInfo.setAuthenticationTicket(getAuthenticationService().getCurrentTicket());
            } catch (AuthenticationException e2) {
                if (logger.isErrorEnabled()) {
                    logger.error("Failed to get new ticket for user=" + clientInfo.getUserName());
                    logger.error(e2);
                }
                alfrescoClientInfo.setAuthenticationTicket(null);
                getAuthenticationComponent().clearCurrentSecurityContext();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final AuthenticationComponent getAuthenticationComponent() {
        return this.authenticationComponent;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final NLTMAuthenticator getNTLMAuthenticator() {
        if (this.authenticationComponent instanceof NLTMAuthenticator) {
            return (NLTMAuthenticator) this.authenticationComponent;
        }
        throw new IllegalStateException("Attempt to use non SSO-enabled authentication component for SSO");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final AuthenticationService getAuthenticationService() {
        return this.authenticationService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final NodeService getNodeService() {
        return this.nodeService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PersonService getPersonService() {
        return this.personService;
    }

    private final TransactionService getTransactionService() {
        return this.transactionService;
    }

    protected final AuthorityService getAuthorityService() {
        return this.authorityService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void checkForAdminUserName(final ClientInfo clientInfo) {
        doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Object>() { // from class: org.alfresco.filesys.auth.cifs.CifsAuthenticatorBase.3
            @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
            public Object execute() {
                if (clientInfo.getLogonType() != 0 || !CifsAuthenticatorBase.this.getAuthorityService().isAdminAuthority(clientInfo.getUserName())) {
                    return null;
                }
                clientInfo.setLogonType(3);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T> T doInTransaction(RetryingTransactionHelper.RetryingTransactionCallback<T> retryingTransactionCallback) {
        TransactionService transactionService = getTransactionService();
        return (transactionService.isReadOnly() || !transactionService.getAllowWrite()) ? (T) transactionService.getRetryingTransactionHelper().doInTransaction(retryingTransactionCallback, true, false) : (T) transactionService.getRetryingTransactionHelper().doInTransaction(retryingTransactionCallback, false, false);
    }

    @Override // org.springframework.beans.factory.DisposableBean
    public void destroy() throws Exception {
        closeAuthenticator();
    }
}
