package com.hierynomus.smbj.connection;

import E8.b;
import E8.c;
import com.hierynomus.asn1.types.primitive.ASN1ObjectIdentifier;
import com.hierynomus.mserref.NtStatus;
import com.hierynomus.mssmb2.SMB2Dialect;
import com.hierynomus.mssmb2.SMB2Packet;
import com.hierynomus.mssmb2.SMB2PacketHeader;
import com.hierynomus.mssmb2.SMBApiException;
import com.hierynomus.mssmb2.messages.SMB2SessionSetup;
import com.hierynomus.protocol.commons.Factory;
import com.hierynomus.security.DerivationFunction;
import com.hierynomus.security.MessageDigest;
import com.hierynomus.security.SecurityException;
import com.hierynomus.security.jce.derivationfunction.CounterDerivationParameters;
import com.hierynomus.smb.Packets;
import com.hierynomus.smbj.SmbConfig;
import com.hierynomus.smbj.auth.AuthenticateResponse;
import com.hierynomus.smbj.auth.AuthenticationContext;
import com.hierynomus.smbj.auth.Authenticator;
import com.hierynomus.smbj.common.SMBRuntimeException;
import com.hierynomus.smbj.session.SMB2GuestSigningRequiredException;
import com.hierynomus.smbj.session.Session;
import com.hierynomus.smbj.session.SessionContext;
import com.hierynomus.smbj.utils.DigestUtil;
import com.hierynomus.spnego.NegTokenInit2;
import com.hierynomus.spnego.SpnegoException;
import com.hierynomus.utils.Strings;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class SMBSessionBuilder {

    /* renamed from: g, reason: collision with root package name */
    static final byte[] f14634g = Strings.c("SMBC2SCipherKey");

    /* renamed from: h, reason: collision with root package name */
    static final byte[] f14635h = Strings.c("SMBS2CCipherKey");

    /* renamed from: i, reason: collision with root package name */
    static final byte[] f14636i = Strings.c("SMB2AESCCM");

    /* renamed from: j, reason: collision with root package name */
    static final byte[] f14637j = Strings.c("ServerIn ");

    /* renamed from: k, reason: collision with root package name */
    static final byte[] f14638k = Strings.c("ServerOut");

    /* renamed from: l, reason: collision with root package name */
    static final byte[] f14639l = Strings.c("SmbSign");

    /* renamed from: m, reason: collision with root package name */
    static final byte[] f14640m = Strings.c("SMB2AESCMAC");

    /* renamed from: n, reason: collision with root package name */
    static final byte[] f14641n = Strings.c("SMBSigningKey");

    /* renamed from: o, reason: collision with root package name */
    static final byte[] f14642o = Strings.c("SmbRpc");

    /* renamed from: p, reason: collision with root package name */
    static final byte[] f14643p = Strings.c("SMB2APP");

    /* renamed from: q, reason: collision with root package name */
    static final byte[] f14644q = Strings.c("SMBAppKey");

    /* renamed from: r, reason: collision with root package name */
    private static final b f14645r = c.i(SMBSessionBuilder.class);

    /* renamed from: a, reason: collision with root package name */
    private final SmbConfig f14646a;

    /* renamed from: b, reason: collision with root package name */
    private final ConnectionContext f14647b;

    /* renamed from: c, reason: collision with root package name */
    private final SessionFactory f14648c;

    /* renamed from: d, reason: collision with root package name */
    private final SessionTable f14649d;

    /* renamed from: e, reason: collision with root package name */
    private final SessionTable f14650e;

    /* renamed from: f, reason: collision with root package name */
    private final Connection f14651f;

    /* loaded from: classes.dex */
    public static class BuilderContext {

        /* renamed from: a, reason: collision with root package name */
        private Authenticator f14652a;

        /* renamed from: b, reason: collision with root package name */
        private long f14653b;

        /* renamed from: c, reason: collision with root package name */
        private byte[] f14654c;

        /* renamed from: d, reason: collision with root package name */
        private AuthenticationContext f14655d;

        /* renamed from: e, reason: collision with root package name */
        private byte[] f14656e;

        /* renamed from: f, reason: collision with root package name */
        private SMB2SessionSetup f14657f;

        /* renamed from: g, reason: collision with root package name */
        private SMB2SessionSetup f14658g;

        /* renamed from: h, reason: collision with root package name */
        private MessageDigest f14659h;
    }

    /* loaded from: classes.dex */
    public interface SessionFactory {
        Session a(AuthenticationContext authenticationContext);
    }

    public SMBSessionBuilder(Connection connection, SmbConfig smbConfig, SessionFactory sessionFactory) {
        this.f14651f = connection;
        this.f14646a = smbConfig;
        this.f14647b = connection.U();
        this.f14649d = connection.i0();
        this.f14650e = connection.b0();
        this.f14648c = sessionFactory;
    }

    private SecretKey a(SecretKey secretKey, byte[] bArr, byte[] bArr2, String str) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(25);
        try {
            byteArrayOutputStream.write(bArr);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(bArr2);
            byteArrayOutputStream.write(new byte[]{0, 0, 0, Byte.MIN_VALUE});
            try {
                DerivationFunction e9 = this.f14646a.E().e("KDF/Counter/HMACSHA256");
                e9.b(new CounterDerivationParameters(secretKey.getEncoded(), byteArrayOutputStream.toByteArray(), 32));
                byte[] bArr3 = new byte[16];
                e9.a(bArr3, 0, 16);
                return new SecretKeySpec(bArr3, str);
            } catch (SecurityException e10) {
                throw new SMBRuntimeException(e10);
            }
        } catch (IOException e11) {
            f14645r.m("Unable to format suffix, error occur : ", e11);
            return null;
        }
    }

    private void b(SMB2SessionSetup sMB2SessionSetup, SMB2Dialect sMB2Dialect, SessionContext sessionContext) {
        if (!sMB2Dialect.b() || sMB2SessionSetup.o().contains(SMB2SessionSetup.SMB2SessionFlags.SMB2_SESSION_FLAG_IS_NULL) || sMB2SessionSetup.o().contains(SMB2SessionSetup.SMB2SessionFlags.SMB2_SESSION_FLAG_IS_GUEST)) {
            return;
        }
        SMB2Dialect sMB2Dialect2 = SMB2Dialect.SMB_3_1_1;
        if (sMB2Dialect == sMB2Dialect2) {
            sessionContext.o(a(sessionContext.e(), f14641n, sessionContext.d(), "AesCmac"));
        } else {
            sessionContext.o(a(sessionContext.e(), f14640m, f14639l, "AesCmac"));
        }
        if (this.f14647b.q()) {
            String a9 = this.f14647b.b().a();
            if (sMB2Dialect == sMB2Dialect2) {
                sessionContext.l(a(sessionContext.e(), f14634g, sessionContext.d(), a9));
                sessionContext.j(a(sessionContext.e(), f14635h, sessionContext.d(), a9));
                sessionContext.i(a(sessionContext.e(), f14644q, sessionContext.d(), a9));
            } else {
                SecretKey e9 = sessionContext.e();
                byte[] bArr = f14636i;
                sessionContext.l(a(e9, bArr, f14637j, a9));
                sessionContext.j(a(sessionContext.e(), bArr, f14638k, a9));
                sessionContext.i(a(sessionContext.e(), f14643p, f14642o, a9));
            }
        }
    }

    private Authenticator d(AuthenticationContext authenticationContext) {
        ArrayList arrayList = new ArrayList(this.f14646a.H());
        List arrayList2 = new ArrayList();
        if (this.f14647b.e().length > 0) {
            arrayList2 = new NegTokenInit2().i(this.f14647b.e()).g();
        }
        Iterator it = new ArrayList(arrayList).iterator();
        while (it.hasNext()) {
            Factory.Named named = (Factory.Named) it.next();
            if (arrayList2.isEmpty() || arrayList2.contains(new ASN1ObjectIdentifier(named.getName()))) {
                Authenticator authenticator = (Authenticator) named.a();
                if (authenticator.a(authenticationContext)) {
                    return authenticator;
                }
            }
        }
        throw new SMBRuntimeException("Could not find a configured authenticator for mechtypes: " + arrayList2 + " and authentication context: " + authenticationContext);
    }

    private BuilderContext e(BuilderContext builderContext, byte[] bArr) {
        SMB2SessionSetup sMB2SessionSetup = new SMB2SessionSetup(this.f14647b.f().a(), EnumSet.of(this.f14647b.k() ? SMB2SessionSetup.SMB2SecurityMode.SMB2_NEGOTIATE_SIGNING_REQUIRED : SMB2SessionSetup.SMB2SecurityMode.SMB2_NEGOTIATE_SIGNING_ENABLED), this.f14647b.c());
        sMB2SessionSetup.r(bArr);
        ((SMB2PacketHeader) sMB2SessionSetup.c()).x(builderContext.f14653b);
        builderContext.f14657f = sMB2SessionSetup;
        builderContext.f14658g = (SMB2SessionSetup) this.f14651f.w0(sMB2SessionSetup);
        return builderContext;
    }

    private BuilderContext f(AuthenticationContext authenticationContext, Authenticator authenticator) {
        BuilderContext builderContext = new BuilderContext();
        builderContext.f14652a = authenticator;
        builderContext.f14655d = authenticationContext;
        return builderContext;
    }

    private Session g(BuilderContext builderContext) {
        Session a9 = this.f14648c.a(builderContext.f14655d);
        a9.E(builderContext.f14653b);
        a9.r().m(this.f14647b.h());
        return a9;
    }

    private void h(BuilderContext builderContext, byte[] bArr) {
        AuthenticateResponse c9 = builderContext.f14652a.c(builderContext.f14655d, bArr, this.f14647b);
        if (c9 == null) {
            return;
        }
        this.f14647b.n(c9.d());
        this.f14647b.m(c9.b());
        builderContext.f14654c = c9.c();
        builderContext.f14656e = c9.a();
    }

    private Session i(BuilderContext builderContext) {
        e(builderContext, builderContext.f14656e);
        SMB2SessionSetup sMB2SessionSetup = builderContext.f14658g;
        builderContext.f14653b = ((SMB2PacketHeader) sMB2SessionSetup.c()).k();
        SMB2Dialect a9 = this.f14647b.f().a();
        if (((SMB2PacketHeader) sMB2SessionSetup.c()).m() == NtStatus.STATUS_MORE_PROCESSING_REQUIRED.getValue()) {
            if (a9 == SMB2Dialect.SMB_3_1_1) {
                Session b9 = this.f14650e.b(Long.valueOf(builderContext.f14653b));
                if (b9 == null) {
                    b9 = g(builderContext);
                    this.f14650e.c(Long.valueOf(builderContext.f14653b), b9);
                }
                j(builderContext, b9.r(), builderContext.f14657f);
                j(builderContext, b9.r(), builderContext.f14658g);
            }
            f14645r.a("More processing required for authentication of {} using {}", builderContext.f14655d.d(), builderContext.f14652a);
            h(builderContext, sMB2SessionSetup.n());
            return i(builderContext);
        }
        if (((SMB2PacketHeader) sMB2SessionSetup.c()).m() != NtStatus.STATUS_SUCCESS.getValue()) {
            throw new SMBApiException((SMB2PacketHeader) sMB2SessionSetup.c(), String.format("Authentication failed for '%s' using %s", builderContext.f14655d.d(), builderContext.f14652a));
        }
        Session b10 = this.f14650e.b(Long.valueOf(builderContext.f14653b));
        SMB2Dialect sMB2Dialect = SMB2Dialect.SMB_3_1_1;
        if (a9 != sMB2Dialect || b10 == null) {
            b10 = g(builderContext);
        } else {
            this.f14650e.d(Long.valueOf(b10.u()));
        }
        SessionContext r9 = b10.r();
        h(builderContext, sMB2SessionSetup.n());
        r9.n(new SecretKeySpec(builderContext.f14654c, "HmacSHA256"));
        if (a9 == sMB2Dialect) {
            j(builderContext, r9, builderContext.f14657f);
        }
        k(builderContext, r9);
        b(sMB2SessionSetup, a9, r9);
        r9.a(sMB2SessionSetup);
        return b10;
    }

    private void j(BuilderContext builderContext, SessionContext sessionContext, SMB2Packet sMB2Packet) {
        if (builderContext.f14659h == null) {
            String a9 = this.f14651f.U().g().a();
            try {
                builderContext.f14659h = this.f14646a.E().b(a9);
            } catch (SecurityException e9) {
                throw new SMBRuntimeException("Cannot get the message digest for " + a9, e9);
            }
        }
        sessionContext.m(DigestUtil.a(builderContext.f14659h, sessionContext.d(), Packets.a(sMB2Packet)));
    }

    private void k(BuilderContext builderContext, SessionContext sessionContext) {
        boolean R8 = this.f14646a.R();
        sessionContext.p(R8 || this.f14651f.U().k());
        if (builderContext.f14658g.o().contains(SMB2SessionSetup.SMB2SessionFlags.SMB2_SESSION_FLAG_IS_NULL)) {
            sessionContext.p(false);
        }
        boolean contains = builderContext.f14658g.o().contains(SMB2SessionSetup.SMB2SessionFlags.SMB2_SESSION_FLAG_IS_GUEST);
        if (contains && sessionContext.h()) {
            throw new SMB2GuestSigningRequiredException();
        }
        if (contains && !R8) {
            sessionContext.p(false);
        }
        if (this.f14651f.V().a().b() && this.f14651f.U().q() && builderContext.f14658g.o().contains(SMB2SessionSetup.SMB2SessionFlags.SMB2_SESSION_FLAG_ENCRYPT_DATA)) {
            sessionContext.k(true);
            sessionContext.p(false);
        }
    }

    public Session c(AuthenticationContext authenticationContext) {
        try {
            Authenticator d9 = d(authenticationContext);
            BuilderContext f9 = f(authenticationContext, d9);
            d9.b(this.f14646a);
            h(f9, this.f14647b.e());
            Session i9 = i(f9);
            f14645r.A("Successfully authenticated {} on {}, session is {}", authenticationContext.d(), this.f14651f.e0(), Long.valueOf(i9.u()));
            this.f14649d.c(Long.valueOf(i9.u()), i9);
            return i9;
        } catch (SpnegoException | IOException e9) {
            throw new SMBRuntimeException(e9);
        }
    }
}
