package jcifs.smb;

import com.android.tools.r8.GeneratedOutlineSupport;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.Cipher;
import jcifs.CIFSContext;
import jcifs.CIFSException;
import jcifs.internal.util.SMBUtil;
import jcifs.ntlmssp.NtlmMessage;
import jcifs.ntlmssp.Type1Message;
import jcifs.ntlmssp.Type2Message;
import jcifs.ntlmssp.Type3Message;
import jcifs.util.Crypto;
import jcifs.util.Hexdump;
import net.schmizz.sshj.common.Buffer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.math.raw.Nat384;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class NtlmContext implements SSPContext {
    public static ASN1ObjectIdentifier NTLMSSP_OID;
    public static final Logger log = LoggerFactory.getLogger((Class<?>) NtlmContext.class);
    public NtlmPasswordAuthenticator auth;
    public final boolean requireKeyExchange;
    public Cipher sealClientHandle;
    public byte[] sealClientKey;
    public Cipher sealServerHandle;
    public byte[] sealServerKey;
    public byte[] signKey;
    public CIFSContext transportContext;
    public byte[] type1Bytes;
    public byte[] verifyKey;
    public String workstation;
    public boolean isEstablished = false;
    public byte[] serverChallenge = null;
    public byte[] masterKey = null;
    public String netbiosName = null;
    public final AtomicInteger signSequence = new AtomicInteger(0);
    public final AtomicInteger verifySequence = new AtomicInteger(0);
    public int state = 1;
    public int ntlmsspFlags = ((this.ntlmsspFlags | 4) | 524288) | 536870912;
    public int ntlmsspFlags = ((this.ntlmsspFlags | 4) | 524288) | 536870912;

    static {
        try {
            NTLMSSP_OID = new ASN1ObjectIdentifier("1.3.6.1.4.1.311.2.2.10");
        } catch (IllegalArgumentException e) {
            log.error("Failed to parse OID", (Throwable) e);
        }
    }

    public NtlmContext(CIFSContext cIFSContext, NtlmPasswordAuthenticator ntlmPasswordAuthenticator, boolean z) {
        this.transportContext = cIFSContext;
        this.auth = ntlmPasswordAuthenticator;
        if (ntlmPasswordAuthenticator.isAnonymous()) {
            this.ntlmsspFlags |= 2048;
        } else {
            this.ntlmsspFlags |= 1073774608;
        }
        this.requireKeyExchange = z;
        this.workstation = cIFSContext.getConfig().getNetbiosHostname();
    }

    public static byte[] deriveKey(byte[] bArr, String str) {
        MessageDigest md5 = Crypto.getMD5();
        md5.update(bArr);
        md5.update(str.getBytes(StandardCharsets.US_ASCII));
        md5.update((byte) 0);
        return md5.digest();
    }

    @Override // jcifs.smb.SSPContext
    public byte[] calculateMIC(byte[] bArr) throws CIFSException {
        byte[] bArr2 = this.signKey;
        if (bArr2 == null) {
            throw new CIFSException("Signing is not initialized");
        }
        byte[] bArr3 = new byte[4];
        long andIncrement = this.signSequence.getAndIncrement();
        SMBUtil.writeInt4(andIncrement, bArr3, 0);
        MessageDigest hmact64 = Crypto.getHMACT64(bArr2);
        hmact64.update(bArr3);
        hmact64.update(bArr);
        byte[] digest = hmact64.digest();
        byte[] bArr4 = new byte[8];
        System.arraycopy(digest, 0, bArr4, 0, 8);
        if (log.isDebugEnabled()) {
            Logger logger = log;
            StringBuilder outline26 = GeneratedOutlineSupport.outline26("Digest ");
            outline26.append(Hexdump.toHexString(digest));
            logger.debug(outline26.toString());
            Logger logger2 = log;
            StringBuilder outline262 = GeneratedOutlineSupport.outline26("Truncated ");
            outline262.append(Hexdump.toHexString(bArr4, 0, 8));
            logger2.debug(outline262.toString());
        }
        if ((this.ntlmsspFlags & Buffer.MAX_SIZE) != 0) {
            try {
                bArr4 = this.sealClientHandle.doFinal(bArr4);
                if (log.isDebugEnabled()) {
                    log.debug("Encrypted " + Hexdump.toHexString(bArr4));
                }
            } catch (GeneralSecurityException e) {
                throw new CIFSException("Failed to encrypt MIC", e);
            }
        }
        byte[] bArr5 = new byte[16];
        SMBUtil.writeInt4(1L, bArr5, 0);
        System.arraycopy(bArr4, 0, bArr5, 4, 8);
        SMBUtil.writeInt4(andIncrement, bArr5, 12);
        return bArr5;
    }

    @Override // jcifs.smb.SSPContext
    public int getFlags() {
        return 0;
    }

    @Override // jcifs.smb.SSPContext
    public String getNetbiosName() {
        return this.netbiosName;
    }

    @Override // jcifs.smb.SSPContext
    public byte[] getSigningKey() {
        return this.masterKey;
    }

    @Override // jcifs.smb.SSPContext
    public ASN1ObjectIdentifier[] getSupportedMechs() {
        return new ASN1ObjectIdentifier[]{NTLMSSP_OID};
    }

    @Override // jcifs.smb.SSPContext
    public byte[] initSecContext(byte[] bArr, int i, int i2) throws SmbException {
        int i3;
        int i4;
        int i5 = this.state;
        if (i5 != 1) {
            if (i5 != 2) {
                throw new SmbException("Invalid state");
            }
            try {
                Type2Message type2Message = new Type2Message(bArr);
                if (log.isTraceEnabled()) {
                    log.trace(type2Message.toString());
                    log.trace(Hexdump.toHexString(bArr, 0, bArr.length));
                }
                this.serverChallenge = type2Message.challenge;
                if (this.requireKeyExchange) {
                    if (!this.transportContext.getConfig().isEnforceSpnegoIntegrity() && (!type2Message.getFlag(Buffer.MAX_SIZE) || !type2Message.getFlag(524288))) {
                        throw new SmbUnsupportedOperationException("Server does not support extended NTLMv2 key exchange");
                    }
                    if (!type2Message.getFlag(16)) {
                        throw new SmbUnsupportedOperationException("Server does not support basic NTLM signature key exchange");
                    }
                    if (!type2Message.getFlag(536870912)) {
                        throw new SmbUnsupportedOperationException("Server does not support 128-bit keys");
                    }
                }
                int i6 = this.ntlmsspFlags & type2Message.flags;
                this.ntlmsspFlags = i6;
                Type3Message type3Message = new Type3Message(this.transportContext, type2Message, null, this.auth.password, this.auth.domain, this.auth.username, this.workstation, i6);
                type3Message.setupMIC(this.type1Bytes, bArr);
                byte[] byteArray = type3Message.toByteArray();
                if (log.isTraceEnabled()) {
                    log.trace(type3Message.toString());
                    log.trace(Hexdump.toHexString(bArr, 0, bArr.length));
                }
                if ((this.ntlmsspFlags & 16) != 0) {
                    this.masterKey = type3Message.masterKey;
                    if ((this.ntlmsspFlags & 524288) != 0) {
                        initSessionSecurity(type3Message.masterKey);
                    }
                }
                this.isEstablished = true;
                this.state++;
                return byteArray;
            } catch (SmbException e) {
                throw e;
            } catch (Exception e2) {
                throw new SmbException(e2.getMessage(), e2);
            }
        }
        Type1Message type1Message = new Type1Message(this.transportContext, this.ntlmsspFlags, this.auth.domain, this.workstation);
        try {
            int i7 = type1Message.flags;
            int i8 = i7 & 33554432;
            int i9 = 32 + (i8 != 0 ? 8 : 0);
            byte[] bArr2 = new byte[0];
            String str = type1Message.suppliedDomain;
            if (i8 != 0 || str == null || str.length() == 0) {
                i3 = i7 & (-4097);
            } else {
                i3 = i7 | 4096;
                bArr2 = str.toUpperCase().getBytes("Cp850");
                i9 += bArr2.length;
            }
            byte[] bArr3 = new byte[0];
            String str2 = type1Message.suppliedWorkstation;
            if ((i3 & 33554432) != 0 || str2 == null || str2.length() == 0) {
                i4 = i3 & (-8193);
            } else {
                i4 = i3 | 8192;
                bArr3 = str2.toUpperCase().getBytes("Cp850");
                i9 += bArr3.length;
            }
            byte[] bArr4 = new byte[i9];
            System.arraycopy(NtlmMessage.NTLMSSP_SIGNATURE, 0, bArr4, 0, NtlmMessage.NTLMSSP_SIGNATURE.length);
            int length = NtlmMessage.NTLMSSP_SIGNATURE.length + 0;
            NtlmMessage.writeULong(bArr4, length, 1);
            int i10 = length + 4;
            NtlmMessage.writeULong(bArr4, i10, i4);
            int i11 = i10 + 4;
            int writeSecurityBuffer = NtlmMessage.writeSecurityBuffer(bArr4, i11, bArr2);
            int i12 = i11 + 8;
            int writeSecurityBuffer2 = NtlmMessage.writeSecurityBuffer(bArr4, i12, bArr3);
            int i13 = i12 + 8;
            if ((i4 & 33554432) != 0) {
                System.arraycopy(NtlmMessage.NTLMSSP_VERSION, 0, bArr4, i13, NtlmMessage.NTLMSSP_VERSION.length);
                i13 += NtlmMessage.NTLMSSP_VERSION.length;
            }
            NtlmMessage.writeSecurityBufferContent(bArr4, i13 + NtlmMessage.writeSecurityBufferContent(bArr4, i13, writeSecurityBuffer, bArr2), writeSecurityBuffer2, bArr3);
            this.type1Bytes = bArr4;
            if (log.isTraceEnabled()) {
                log.trace(type1Message.toString());
                log.trace(Hexdump.toHexString(bArr4, 0, i9));
            }
            this.state++;
            return bArr4;
        } catch (IOException e3) {
            throw new IllegalStateException(e3.getMessage());
        }
    }

    public void initSessionSecurity(byte[] bArr) {
        this.signKey = deriveKey(bArr, "session key to client-to-server signing key magic constant");
        this.verifyKey = deriveKey(bArr, "session key to server-to-client signing key magic constant");
        if (log.isDebugEnabled()) {
            Logger logger = log;
            StringBuilder outline26 = GeneratedOutlineSupport.outline26("Sign key is ");
            outline26.append(Hexdump.toHexString(this.signKey));
            logger.debug(outline26.toString());
            Logger logger2 = log;
            StringBuilder outline262 = GeneratedOutlineSupport.outline26("Verify key is ");
            outline262.append(Hexdump.toHexString(this.verifyKey));
            logger2.debug(outline262.toString());
        }
        byte[] deriveKey = deriveKey(bArr, "session key to client-to-server sealing key magic constant");
        this.sealClientKey = deriveKey;
        this.sealClientHandle = Crypto.getArcfour(deriveKey);
        if (log.isDebugEnabled()) {
            Logger logger3 = log;
            StringBuilder outline263 = GeneratedOutlineSupport.outline26("Seal key is ");
            outline263.append(Hexdump.toHexString(this.sealClientKey));
            logger3.debug(outline263.toString());
        }
        byte[] deriveKey2 = deriveKey(bArr, "session key to server-to-client sealing key magic constant");
        this.sealServerKey = deriveKey2;
        this.sealServerHandle = Crypto.getArcfour(deriveKey2);
        if (log.isDebugEnabled()) {
            Logger logger4 = log;
            StringBuilder outline264 = GeneratedOutlineSupport.outline26("Server seal key is ");
            outline264.append(Hexdump.toHexString(this.sealServerKey));
            logger4.debug(outline264.toString());
        }
    }

    @Override // jcifs.smb.SSPContext
    public boolean isEstablished() {
        return this.isEstablished;
    }

    @Override // jcifs.smb.SSPContext
    public boolean isMICAvailable() {
        return (this.signKey == null || this.verifyKey == null) ? false : true;
    }

    @Override // jcifs.smb.SSPContext
    public boolean isPreferredMech(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        if (this.auth != null) {
            return NTLMSSP_OID.equals((Object) aSN1ObjectIdentifier);
        }
        throw null;
    }

    @Override // jcifs.smb.SSPContext
    public boolean isSupported(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return NTLMSSP_OID.equals((Object) aSN1ObjectIdentifier);
    }

    @Override // jcifs.smb.SSPContext
    public boolean supportsIntegrity() {
        return true;
    }

    public String toString() {
        String sb;
        String sb2;
        StringBuilder outline26 = GeneratedOutlineSupport.outline26("NtlmContext[auth=");
        outline26.append(this.auth);
        outline26.append(",ntlmsspFlags=0x");
        GeneratedOutlineSupport.outline38(this.ntlmsspFlags, 8, outline26, ",workstation=");
        outline26.append(this.workstation);
        outline26.append(",isEstablished=");
        outline26.append(this.isEstablished);
        outline26.append(",state=");
        String outline20 = GeneratedOutlineSupport.outline20(outline26, this.state, ",serverChallenge=");
        if (this.serverChallenge == null) {
            sb = GeneratedOutlineSupport.outline17(outline20, "null");
        } else {
            StringBuilder outline262 = GeneratedOutlineSupport.outline26(outline20);
            byte[] bArr = this.serverChallenge;
            outline262.append(Hexdump.toHexString(bArr, 0, bArr.length * 2));
            sb = outline262.toString();
        }
        String outline17 = GeneratedOutlineSupport.outline17(sb, ",signingKey=");
        if (this.masterKey == null) {
            sb2 = GeneratedOutlineSupport.outline17(outline17, "null");
        } else {
            StringBuilder outline263 = GeneratedOutlineSupport.outline26(outline17);
            byte[] bArr2 = this.masterKey;
            outline263.append(Hexdump.toHexString(bArr2, 0, bArr2.length * 2));
            sb2 = outline263.toString();
        }
        return GeneratedOutlineSupport.outline17(sb2, "]");
    }

    @Override // jcifs.smb.SSPContext
    public void verifyMIC(byte[] bArr, byte[] bArr2) throws CIFSException {
        byte[] bArr3 = this.verifyKey;
        if (bArr3 == null) {
            throw new CIFSException("Signing is not initialized");
        }
        int readInt4 = SMBUtil.readInt4(bArr2, 0);
        if (readInt4 != 1) {
            throw new SmbUnsupportedOperationException("Invalid signature version");
        }
        MessageDigest hmact64 = Crypto.getHMACT64(bArr3);
        int readInt42 = SMBUtil.readInt4(bArr2, 12);
        hmact64.update(bArr2, 12, 4);
        byte[] digest = hmact64.digest(bArr);
        byte[] copyOf = Nat384.copyOf(digest, 8);
        if (log.isDebugEnabled()) {
            Logger logger = log;
            StringBuilder outline26 = GeneratedOutlineSupport.outline26("Digest ");
            outline26.append(Hexdump.toHexString(digest, 0, digest.length));
            logger.debug(outline26.toString());
            Logger logger2 = log;
            StringBuilder outline262 = GeneratedOutlineSupport.outline26("Truncated ");
            outline262.append(Hexdump.toHexString(copyOf, 0, copyOf.length));
            logger2.debug(outline262.toString());
        }
        boolean z = (this.ntlmsspFlags & Buffer.MAX_SIZE) != 0;
        if (z) {
            try {
                copyOf = this.sealServerHandle.doFinal(copyOf);
                if (log.isDebugEnabled()) {
                    log.debug("Decrypted " + Hexdump.toHexString(copyOf));
                }
            } catch (GeneralSecurityException e) {
                throw new CIFSException("Failed to decrypt MIC", e);
            }
        }
        int andIncrement = this.verifySequence.getAndIncrement();
        if (andIncrement != readInt42) {
            throw new CIFSException(String.format("Invalid MIC sequence, expect %d have %d", Integer.valueOf(andIncrement), Integer.valueOf(readInt42)));
        }
        byte[] bArr4 = new byte[8];
        System.arraycopy(bArr2, 4, bArr4, 0, 8);
        if (MessageDigest.isEqual(copyOf, bArr4)) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Seq = %d ver = %d encrypted = %s", Integer.valueOf(readInt42), Integer.valueOf(readInt4), Boolean.valueOf(z)));
            log.debug(String.format("Expected MIC %s != %s", Hexdump.toHexString(copyOf), Hexdump.toHexString(bArr4, 0, 8)));
        }
        throw new CIFSException("Invalid MIC");
    }
}
