package org.ifsoft.sso;

import com.j256.twofactorauth.TimeBasedOneTimePasswordUtil;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.Base64;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.glassfish.jersey.jackson.internal.jackson.jaxrs.json.JacksonJsonProvider;
import org.jitsi.util.OSUtils;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.group.Group;
import org.jivesoftware.openfire.group.GroupManager;
import org.jivesoftware.openfire.group.GroupNotFoundException;
import org.jivesoftware.openfire.http.HttpBindManager;
import org.jivesoftware.openfire.user.User;
import org.jivesoftware.openfire.user.UserManager;
import org.jivesoftware.openfire.user.UserNotFoundException;
import org.jivesoftware.util.JiveGlobals;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/ofmeet-0.9.7.jar:org/ifsoft/sso/Password.class */
public class Password extends HttpServlet {
    private static final Logger Log = LoggerFactory.getLogger((Class<?>) Password.class);
    public static final ConcurrentHashMap<String, String> passwords = new ConcurrentHashMap<>();

    @Override // javax.servlet.http.HttpServlet
    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        int indexOf;
        try {
            String str = null;
            if (OSUtils.IS_WINDOWS) {
                String remoteUser = httpServletRequest.getRemoteUser();
                String name = httpServletRequest.getUserPrincipal().getName();
                if (name != null && remoteUser != null && remoteUser.equals(name) && (indexOf = name.indexOf("\\")) > -1) {
                    str = name.substring(indexOf + 1).toLowerCase();
                }
            } else {
                str = getNtlmUserName(httpServletRequest, httpServletResponse);
            }
            XMPPServer.getInstance().getServerInfo().getHostname();
            XMPPServer.getInstance().getServerInfo().getXMPPDomain();
            Log.debug("Password Servlet: " + str);
            if (str != null) {
                String str2 = passwords.get(str);
                if (str2 == null) {
                    str2 = TimeBasedOneTimePasswordUtil.generateBase32Secret();
                    passwords.put(str, str2);
                }
                UserManager userManager = XMPPServer.getInstance().getUserManager();
                User user = null;
                try {
                    try {
                        user = userManager.getUser(str);
                        Log.debug("Password servlet: Found user " + str);
                    } catch (Exception e) {
                        Log.error("Config servlet: Failed finding user " + str, (Throwable) e);
                    }
                } catch (UserNotFoundException e2) {
                    try {
                        Log.debug("Password servlet: Creating user " + str);
                        user = userManager.createUser(str, str2, (String) null, (String) null);
                        Group group = null;
                        String property = JiveGlobals.getProperty("ofchat.winsso.groupname", "winsso");
                        String property2 = JiveGlobals.getProperty("ofchat.winsso.groupname", "Windows SSO");
                        try {
                            group = GroupManager.getInstance().getGroup(property);
                        } catch (GroupNotFoundException e3) {
                            try {
                                group = GroupManager.getInstance().createGroup(property);
                                group.getProperties().put("sharedRoster.showInRoster", "onlyGroup");
                                group.getProperties().put("sharedRoster.displayName", property2);
                                group.getProperties().put("sharedRoster.groupList", "");
                            } catch (Exception e4) {
                            }
                        }
                        if (group != null) {
                            group.getMembers().add(XMPPServer.getInstance().createJID(str, (String) null));
                        }
                    } catch (Exception e5) {
                        Log.error("Config servlet: Failed creating user " + str, (Throwable) e5);
                    }
                }
                if (user != null) {
                    writeHeader(httpServletResponse);
                    httpServletResponse.getOutputStream().println(str + ":" + str2);
                    return;
                }
            }
        } catch (Exception e6) {
            Log.error("Password Servlet Error", (Throwable) e6);
        }
        writeHeader(httpServletResponse);
        httpServletResponse.getOutputStream().println("error:error");
    }

    private String getNtlmUserName(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            httpServletResponse.setStatus(401);
            httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
            return null;
        }
        if (!header.startsWith("NTLM ")) {
            return null;
        }
        byte[] decode = Base64.getDecoder().decode(header.substring(5));
        if (decode[8] == 1) {
            httpServletResponse.setStatus(401);
            httpServletResponse.setHeader("WWW-Authenticate", "NTLM " + new String(Base64.getEncoder().encode(new byte[]{78, 84, 76, 77, 83, 83, 80, 0, 2, 0, 0, 0, 0, 0, 0, 0, 40, 0, 0, 0, 1, -126, 0, 0, 0, 2, 2, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}), "UTF-8").trim());
            return null;
        }
        if (decode[8] != 3) {
            return null;
        }
        Charset charset = Boolean.valueOf((decode[60] & 1) == 1).booleanValue() ? StandardCharsets.UTF_16LE : StandardCharsets.UTF_8;
        Log.debug("NTLMAuth Domain Name {}", new String(decode, (decode[30 + 3] * 256) + decode[30 + 2], (decode[30 + 1] * 256) + decode[30], charset));
        Log.debug("NTLMAuth Computer Name {}", new String(decode, (decode[30 + 19] * 256) + decode[30 + 18], (decode[30 + 17] * 256) + decode[30 + 16], charset));
        String str = new String(decode, (decode[30 + 11] * 256) + decode[30 + 10], (decode[30 + 9] * 256) + decode[30 + 8], charset);
        Log.debug("NTLMAuth User Name {}", str);
        return str;
    }

    private void writeHeader(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
        httpServletResponse.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
        httpServletResponse.addHeader("Cache-Control", "post-check=0, pre-check=0");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setHeader("Content-Type", JacksonJsonProvider.MIME_JAVASCRIPT);
        httpServletResponse.setHeader("Connection", "close");
        HttpBindManager.getInstance();
        httpServletResponse.setHeader("Access-Control-Allow-Methods", String.join(",", (Iterable<? extends CharSequence>) HttpBindManager.HTTP_BIND_CORS_ALLOW_METHODS.getValue()));
        httpServletResponse.setHeader("Access-Control-Allow-Headers", String.join(",", String.valueOf(HttpBindManager.HTTP_BIND_CORS_ALLOW_HEADERS.getValue()) + ", Authorization"));
        httpServletResponse.setHeader("Access-Control-Max-Age", String.valueOf(((Duration) HttpBindManager.HTTP_BIND_CORS_MAX_AGE.getValue()).toSeconds()));
        httpServletResponse.setHeader("Access-Control-Allow-Origin", String.valueOf(HttpBindManager.HTTP_BIND_ALLOWED_ORIGINS.getDefaultValue()));
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
    }
}
