package jcifs.smb;

import edili.d01;
import edili.f01;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Arrays;
import jcifs.CIFSException;
import jcifs.Configuration;
import jcifs.spnego.NegTokenInit;
import jcifs.spnego.NegTokenTarg;
import jcifs.spnego.SpnegoConstants;
import jcifs.spnego.SpnegoException;
import jcifs.spnego.SpnegoToken;
import jcifs.util.Hexdump;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSequence;

/* loaded from: classes4.dex */
class SpnegoContext implements SSPContext {
    private static ASN1ObjectIdentifier SPNEGO_MECH_OID;
    private static final d01 log = f01.i(SpnegoContext.class);
    private boolean completed;
    private boolean disableMic;
    private boolean firstResponse;
    private SSPContext mechContext;
    private ASN1ObjectIdentifier[] mechs;
    private ASN1ObjectIdentifier[] remoteMechs;
    private boolean requireMic;
    private ASN1ObjectIdentifier selectedMech;

    static {
        try {
            SPNEGO_MECH_OID = new ASN1ObjectIdentifier(SpnegoConstants.SPNEGO_MECHANISM);
        } catch (IllegalArgumentException e) {
            log.error("Failed to initialize OID", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SpnegoContext(Configuration configuration, SSPContext sSPContext) {
        this(configuration, sSPContext, sSPContext.getSupportedMechs());
    }

    SpnegoContext(Configuration configuration, SSPContext sSPContext, ASN1ObjectIdentifier[] aSN1ObjectIdentifierArr) {
        this.firstResponse = true;
        this.mechContext = sSPContext;
        this.mechs = aSN1ObjectIdentifierArr;
        this.disableMic = !configuration.isEnforceSpnegoIntegrity() && configuration.isDisableSpnegoIntegrity();
        this.requireMic = configuration.isEnforceSpnegoIntegrity();
    }

    private byte[] calculateMechListMIC() throws CIFSException {
        if (!this.mechContext.isMICAvailable()) {
            return null;
        }
        ASN1ObjectIdentifier[] aSN1ObjectIdentifierArr = this.mechs;
        byte[] encodeMechs = encodeMechs(aSN1ObjectIdentifierArr);
        byte[] calculateMIC = this.mechContext.calculateMIC(encodeMechs);
        d01 d01Var = log;
        if (d01Var.isDebugEnabled()) {
            d01Var.debug("Out Mech list " + Arrays.toString(aSN1ObjectIdentifierArr));
            d01Var.debug("Out Mech list encoded " + Hexdump.toHexString(encodeMechs));
            d01Var.debug("Out Mech list MIC " + Hexdump.toHexString(calculateMIC));
        }
        return calculateMIC;
    }

    private static byte[] encodeMechs(ASN1ObjectIdentifier[] aSN1ObjectIdentifierArr) throws CIFSException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
            dEROutputStream.writeObject((ASN1Primitive) new DERSequence(aSN1ObjectIdentifierArr));
            dEROutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new CIFSException("Failed to encode mechList", e);
        }
    }

    private static SpnegoToken getToken(byte[] bArr) throws SpnegoException {
        try {
            byte b = bArr[0];
            if (b == -95) {
                return new NegTokenTarg(bArr);
            }
            if (b == 96) {
                return new NegTokenInit(bArr);
            }
            throw new SpnegoException("Invalid token type");
        } catch (IOException unused) {
            throw new SpnegoException("Invalid token");
        }
    }

    private static SpnegoToken getToken(byte[] bArr, int i, int i2) throws SpnegoException {
        byte[] bArr2 = new byte[i2];
        if (i != 0 || bArr.length != i2) {
            System.arraycopy(bArr, i, bArr2, 0, i2);
            bArr = bArr2;
        }
        return getToken(bArr);
    }

    private SpnegoToken initialToken() throws CIFSException {
        return new NegTokenInit(this.mechs, this.mechContext.getFlags(), this.mechContext.initSecContext(new byte[0], 0, 0), null);
    }

    private SpnegoToken negotitate(byte[] bArr, int i, int i2) throws CIFSException {
        byte[] mechanismToken;
        byte[] bArr2;
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        SpnegoToken token = getToken(bArr, i, i2);
        if (token instanceof NegTokenInit) {
            NegTokenInit negTokenInit = (NegTokenInit) token;
            ASN1ObjectIdentifier[] mechanisms = negTokenInit.getMechanisms();
            this.remoteMechs = mechanisms;
            if (this.mechContext.isSupported(mechanisms[0])) {
                mechanismToken = negTokenInit.getMechanismToken();
            } else {
                int length = mechanisms.length;
                int i3 = 0;
                while (true) {
                    if (i3 >= length) {
                        aSN1ObjectIdentifier = null;
                        break;
                    }
                    aSN1ObjectIdentifier = mechanisms[i3];
                    if (this.mechContext.isSupported(aSN1ObjectIdentifier)) {
                        break;
                    }
                    i3++;
                }
                if (aSN1ObjectIdentifier == null) {
                    throw new SmbException("Server does advertise any supported mechanism");
                }
                mechanismToken = null;
            }
        } else {
            if (!(token instanceof NegTokenTarg)) {
                throw new SmbException("Invalid token");
            }
            NegTokenTarg negTokenTarg = (NegTokenTarg) token;
            if (this.firstResponse) {
                if (!this.mechContext.isSupported(negTokenTarg.getMechanism())) {
                    throw new SmbException("Server chose an unsupported mechanism " + negTokenTarg.getMechanism());
                }
                this.selectedMech = negTokenTarg.getMechanism();
                if (negTokenTarg.getResult() == 3) {
                    this.requireMic = true;
                }
                this.firstResponse = false;
            } else if (negTokenTarg.getMechanism() != null && !negTokenTarg.getMechanism().equals((ASN1Primitive) this.selectedMech)) {
                throw new SmbException("Server switched mechanism");
            }
            mechanismToken = negTokenTarg.getMechanismToken();
        }
        boolean z = token instanceof NegTokenTarg;
        if (z && this.mechContext.isEstablished()) {
            NegTokenTarg negTokenTarg2 = (NegTokenTarg) token;
            if (negTokenTarg2.getResult() == 1 && negTokenTarg2.getMechanismToken() == null && negTokenTarg2.getMechanismListMIC() != null) {
                verifyMechListMIC(negTokenTarg2.getMechanismListMIC());
                return new NegTokenTarg(-1, null, null, calculateMechListMIC());
            }
            if (negTokenTarg2.getResult() != 0) {
                throw new SmbException("SPNEGO negotiation did not complete");
            }
            verifyMechListMIC(negTokenTarg2.getMechanismListMIC());
            this.completed = true;
            return null;
        }
        if (mechanismToken == null) {
            return initialToken();
        }
        byte[] initSecContext = this.mechContext.initSecContext(mechanismToken, 0, mechanismToken.length);
        if (z) {
            NegTokenTarg negTokenTarg3 = (NegTokenTarg) token;
            if (negTokenTarg3.getResult() == 0 && this.mechContext.isEstablished()) {
                verifyMechListMIC(negTokenTarg3.getMechanismListMIC());
                bArr2 = (!this.disableMic || this.requireMic) ? calculateMechListMIC() : null;
                this.completed = true;
            } else if (this.mechContext.isMICAvailable() && (!this.disableMic || this.requireMic)) {
                bArr2 = calculateMechListMIC();
            } else if (negTokenTarg3.getResult() == 2) {
                throw new SmbException("SPNEGO mechanism was rejected");
            }
            if (initSecContext == null || !this.mechContext.isEstablished()) {
                return new NegTokenTarg(-1, null, initSecContext, bArr2);
            }
            return null;
        }
        bArr2 = null;
        if (initSecContext == null) {
        }
        return new NegTokenTarg(-1, null, initSecContext, bArr2);
    }

    private void verifyMechListMIC(byte[] bArr) throws CIFSException {
        if (this.disableMic) {
            return;
        }
        if ((bArr == null || !this.mechContext.supportsIntegrity()) && this.requireMic && !this.mechContext.isPreferredMech(this.selectedMech)) {
            throw new CIFSException("SPNEGO integrity is required but not available");
        }
        if (!this.mechContext.isMICAvailable() || bArr == null) {
            return;
        }
        try {
            ASN1ObjectIdentifier[] aSN1ObjectIdentifierArr = this.mechs;
            byte[] encodeMechs = encodeMechs(aSN1ObjectIdentifierArr);
            d01 d01Var = log;
            if (d01Var.isInfoEnabled()) {
                d01Var.debug("In Mech list " + Arrays.toString(aSN1ObjectIdentifierArr));
                d01Var.debug("In Mech list encoded " + Hexdump.toHexString(encodeMechs));
                d01Var.debug("In Mech list MIC " + Hexdump.toHexString(bArr));
            }
            this.mechContext.verifyMIC(encodeMechs, bArr);
        } catch (CIFSException e) {
            throw new CIFSException("Failed to verify mechanismListMIC", e);
        }
    }

    @Override // jcifs.smb.SSPContext
    public byte[] calculateMIC(byte[] bArr) throws CIFSException {
        if (this.completed) {
            return this.mechContext.calculateMIC(bArr);
        }
        throw new CIFSException("Context is not established");
    }

    @Override // jcifs.smb.SSPContext
    public void dispose() throws CIFSException {
        this.mechContext.dispose();
    }

    @Override // jcifs.smb.SSPContext
    public int getFlags() {
        return this.mechContext.getFlags();
    }

    ASN1ObjectIdentifier[] getMechs() {
        return this.mechs;
    }

    @Override // jcifs.smb.SSPContext
    public String getNetbiosName() {
        return null;
    }

    ASN1ObjectIdentifier[] getRemoteMechs() {
        return this.remoteMechs;
    }

    @Override // jcifs.smb.SSPContext
    public byte[] getSigningKey() throws CIFSException {
        return this.mechContext.getSigningKey();
    }

    @Override // jcifs.smb.SSPContext
    public ASN1ObjectIdentifier[] getSupportedMechs() {
        return new ASN1ObjectIdentifier[]{SPNEGO_MECH_OID};
    }

    @Override // jcifs.smb.SSPContext
    public byte[] initSecContext(byte[] bArr, int i, int i2) throws CIFSException {
        if (this.completed) {
            throw new CIFSException("Already complete");
        }
        SpnegoToken initialToken = i2 == 0 ? initialToken() : negotitate(bArr, i, i2);
        if (initialToken == null) {
            return null;
        }
        return initialToken.toByteArray();
    }

    @Override // jcifs.smb.SSPContext
    public boolean isEstablished() {
        return this.completed && this.mechContext.isEstablished();
    }

    @Override // jcifs.smb.SSPContext
    public boolean isMICAvailable() {
        if (this.completed) {
            return this.mechContext.isMICAvailable();
        }
        return false;
    }

    @Override // jcifs.smb.SSPContext
    public boolean isPreferredMech(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return this.mechContext.isPreferredMech(aSN1ObjectIdentifier);
    }

    @Override // jcifs.smb.SSPContext
    public boolean isSupported(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return false;
    }

    void setMechs(ASN1ObjectIdentifier[] aSN1ObjectIdentifierArr) {
        this.mechs = aSN1ObjectIdentifierArr;
    }

    @Override // jcifs.smb.SSPContext
    public boolean supportsIntegrity() {
        return this.mechContext.supportsIntegrity();
    }

    public String toString() {
        return "SPNEGO[" + this.mechContext + "]";
    }

    @Override // jcifs.smb.SSPContext
    public void verifyMIC(byte[] bArr, byte[] bArr2) throws CIFSException {
        if (!this.completed) {
            throw new CIFSException("Context is not established");
        }
        this.mechContext.verifyMIC(bArr, bArr2);
    }
}
