package org.apache.jetspeed.security.impl.ntlm;

import java.security.Principal;
import javax.security.auth.Subject;
import org.apache.commons.lang.StringUtils;
import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
import org.apache.jetspeed.pipeline.PipelineException;
import org.apache.jetspeed.request.RequestContext;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.SubjectHelper;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;
import org.apache.jetspeed.security.impl.AbstractSecurityValve;
import org.apache.jetspeed.statistics.PortalStatistics;

/* loaded from: input_file:tomcat-portal.zip:webapps/jetspeed/WEB-INF/lib/jetspeed-portal-2.2.0.jar:org/apache/jetspeed/security/impl/ntlm/NtlmSecurityValve.class */
public class NtlmSecurityValve extends AbstractSecurityValve {
    private UserManager userMgr;
    private PortalStatistics statistics;
    private String networkDomain;
    private boolean ntlmAuthRequired;
    private boolean omitDomain;

    public NtlmSecurityValve(UserManager userManager, String str, boolean z, boolean z2, PortalStatistics portalStatistics, PortalAuthenticationConfiguration portalAuthenticationConfiguration) {
        this.userMgr = userManager;
        this.statistics = portalStatistics;
        this.networkDomain = str;
        this.ntlmAuthRequired = z2;
        this.omitDomain = z;
        this.authenticationConfiguration = portalAuthenticationConfiguration;
    }

    public NtlmSecurityValve(UserManager userManager, String str, boolean z, boolean z2, PortalStatistics portalStatistics) {
        this(userManager, str, z, z2, portalStatistics, null);
    }

    public NtlmSecurityValve(UserManager userManager, String str, boolean z, boolean z2) {
        this(userManager, str, z, z2, null);
    }

    public String toString() {
        return "NtlmSecurityValve";
    }

    @Override // org.apache.jetspeed.security.impl.AbstractSecurityValve
    protected Principal getUserPrincipal(RequestContext requestContext) throws Exception {
        Subject subjectFromSession = getSubjectFromSession(requestContext);
        return subjectFromSession != null ? SubjectHelper.getPrincipal(subjectFromSession, User.class) : this.userMgr.newTransientUser(this.userMgr.getAnonymousUser());
    }

    @Override // org.apache.jetspeed.security.impl.AbstractSecurityValve
    protected Subject getSubject(RequestContext requestContext) throws Exception {
        Principal principal;
        Subject subjectFromSession = getSubjectFromSession(requestContext);
        String remoteUser = requestContext.getRequest().getRemoteUser();
        if (remoteUser == null) {
            if (this.ntlmAuthRequired) {
                throw new PipelineException("Authorization failed.");
            }
            if (requestContext.getRequest().getUserPrincipal() != null) {
                remoteUser = requestContext.getRequest().getUserPrincipal().getName();
            }
        } else if (this.omitDomain && this.networkDomain != null) {
            remoteUser = StringUtils.stripStart(remoteUser, this.networkDomain + "\\");
        }
        if (subjectFromSession != null && ((principal = SubjectHelper.getPrincipal(subjectFromSession, User.class)) == null || !principal.getName().equals(remoteUser))) {
            subjectFromSession = null;
        }
        if (subjectFromSession == null) {
            if (remoteUser != null) {
                try {
                    User user = this.userMgr.getUser(remoteUser);
                    if (user != null) {
                        subjectFromSession = this.userMgr.getSubject(user);
                    }
                } catch (SecurityException e) {
                    subjectFromSession = null;
                }
                if (subjectFromSession == null && this.ntlmAuthRequired) {
                    throw new PipelineException("Authorization failed for user '" + remoteUser + "'.");
                }
            }
            if (subjectFromSession == null) {
                subjectFromSession = this.userMgr.getSubject(this.userMgr.getUser(this.userMgr.getAnonymousUser()));
            }
            if (this.statistics != null) {
                this.statistics.logUserLogin(requestContext, 0L);
            }
            requestContext.setSessionAttribute(IP_ADDRESS, requestContext.getRequest().getRemoteAddr());
        }
        return subjectFromSession;
    }
}
