package com.hierynomus.smbj.auth;

import com.hierynomus.ntlm.functions.NtlmFunctions;
import com.hierynomus.ntlm.messages.AvId;
import com.hierynomus.ntlm.messages.NtlmAuthenticate;
import com.hierynomus.ntlm.messages.NtlmChallenge;
import com.hierynomus.ntlm.messages.NtlmNegotiate;
import com.hierynomus.ntlm.messages.NtlmNegotiateFlag;
import com.hierynomus.protocol.commons.ByteArrayUtils;
import com.hierynomus.protocol.commons.EnumWithValue;
import com.hierynomus.protocol.commons.Factory;
import com.hierynomus.protocol.commons.buffer.Buffer;
import com.hierynomus.protocol.commons.buffer.Endian;
import com.hierynomus.security.SecurityProvider;
import com.hierynomus.smbj.common.SMBRuntimeException;
import com.hierynomus.smbj.session.Session;
import com.hierynomus.spnego.NegTokenInit;
import com.hierynomus.spnego.NegTokenTarg;
import com.hierynomus.spnego.SpnegoException;
import java.io.IOException;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.Random;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class NtlmAuthenticator implements Authenticator {
    private Random random;
    private SecurityProvider securityProvider;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) NtlmAuthenticator.class);
    private static final ASN1ObjectIdentifier NTLMSSP = new ASN1ObjectIdentifier("1.3.6.1.4.1.311.2.2.10");
    private boolean initialized = false;
    private boolean completed = false;

    /* loaded from: classes2.dex */
    public static class Factory implements Factory.Named<Authenticator> {
        @Override // com.hierynomus.protocol.commons.Factory
        public NtlmAuthenticator create() {
            return new NtlmAuthenticator();
        }

        @Override // com.hierynomus.protocol.commons.Factory.Named
        public String getName() {
            return NtlmAuthenticator.NTLMSSP.getId();
        }
    }

    private byte[] negTokenInit(NtlmNegotiate ntlmNegotiate) throws SpnegoException {
        NegTokenInit negTokenInit = new NegTokenInit();
        negTokenInit.addSupportedMech(NTLMSSP);
        Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer(Endian.LE);
        ntlmNegotiate.write(plainBuffer);
        negTokenInit.setMechToken(plainBuffer.getCompactData());
        Buffer.PlainBuffer plainBuffer2 = new Buffer.PlainBuffer(Endian.LE);
        negTokenInit.write(plainBuffer2);
        return plainBuffer2.getCompactData();
    }

    private byte[] negTokenTarg(NtlmAuthenticate ntlmAuthenticate, byte[] bArr) throws SpnegoException {
        NegTokenTarg negTokenTarg = new NegTokenTarg();
        negTokenTarg.setResponseToken(bArr);
        Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer(Endian.LE);
        ntlmAuthenticate.write(plainBuffer);
        negTokenTarg.setResponseToken(plainBuffer.getCompactData());
        Buffer.PlainBuffer plainBuffer2 = new Buffer.PlainBuffer(Endian.LE);
        negTokenTarg.write(plainBuffer2);
        return plainBuffer2.getCompactData();
    }

    @Override // com.hierynomus.smbj.auth.Authenticator
    public AuthenticateResponse authenticate(AuthenticationContext authenticationContext, byte[] bArr, Session session) throws IOException {
        byte[] bArr2;
        try {
            AuthenticateResponse authenticateResponse = new AuthenticateResponse();
            if (this.completed) {
                return null;
            }
            if (!this.initialized) {
                logger.debug("Initialized Authentication of {} using NTLM", authenticationContext.getUsername());
                NtlmNegotiate ntlmNegotiate = new NtlmNegotiate();
                this.initialized = true;
                authenticateResponse.setNegToken(negTokenInit(ntlmNegotiate));
                return authenticateResponse;
            }
            logger.debug("Received token: {}", ByteArrayUtils.printHex(bArr));
            NtlmFunctions ntlmFunctions = new NtlmFunctions(this.random, this.securityProvider);
            NegTokenTarg read = new NegTokenTarg().read(bArr);
            read.getNegotiationResult();
            NtlmChallenge ntlmChallenge = new NtlmChallenge();
            try {
                ntlmChallenge.read(new Buffer.PlainBuffer(read.getResponseToken(), Endian.LE));
                logger.debug("Received NTLM challenge from: {}", ntlmChallenge.getTargetName());
                authenticateResponse.setWindowsVersion(ntlmChallenge.getVersion());
                authenticateResponse.setNetBiosName(ntlmChallenge.getAvPairString(AvId.MsvAvNbComputerName));
                byte[] serverChallenge = ntlmChallenge.getServerChallenge();
                byte[] NTOWFv2 = ntlmFunctions.NTOWFv2(String.valueOf(authenticationContext.getPassword()), authenticationContext.getUsername(), authenticationContext.getDomain());
                byte[] nTLMv2Response = ntlmFunctions.getNTLMv2Response(NTOWFv2, serverChallenge, ntlmFunctions.getNTLMv2ClientChallenge(ntlmChallenge.getTargetInfo()));
                byte[] hmac_md5 = ntlmFunctions.hmac_md5(NTOWFv2, Arrays.copyOfRange(nTLMv2Response, 0, 16));
                EnumSet<NtlmNegotiateFlag> negotiateFlags = ntlmChallenge.getNegotiateFlags();
                if (negotiateFlags.contains(NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_KEY_EXCH) && (negotiateFlags.contains(NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_SIGN) || negotiateFlags.contains(NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_SEAL) || negotiateFlags.contains(NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_ALWAYS_SIGN))) {
                    byte[] bArr3 = new byte[16];
                    this.random.nextBytes(bArr3);
                    byte[] encryptRc4 = ntlmFunctions.encryptRc4(hmac_md5, bArr3);
                    authenticateResponse.setSigningKey(bArr3);
                    bArr2 = encryptRc4;
                } else {
                    authenticateResponse.setSigningKey(hmac_md5);
                    bArr2 = hmac_md5;
                }
                this.completed = true;
                Object avPairObject = ntlmChallenge.getAvPairObject(AvId.MsvAvFlags);
                if (!(avPairObject instanceof Long) || (((Long) avPairObject).longValue() & 2) <= 0) {
                    authenticateResponse.setNegToken(negTokenTarg(new NtlmAuthenticate(new byte[0], nTLMv2Response, authenticationContext.getUsername(), authenticationContext.getDomain(), null, bArr2, EnumWithValue.EnumUtils.toLong(negotiateFlags), false), read.getResponseToken()));
                    return authenticateResponse;
                }
                NtlmAuthenticate ntlmAuthenticate = new NtlmAuthenticate(new byte[0], nTLMv2Response, authenticationContext.getUsername(), authenticationContext.getDomain(), null, bArr2, EnumWithValue.EnumUtils.toLong(negotiateFlags), true);
                Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer(Endian.LE);
                plainBuffer.putRawBytes(read.getResponseToken());
                plainBuffer.putRawBytes(ntlmChallenge.getServerChallenge());
                ntlmAuthenticate.writeAutentificateMessage(plainBuffer);
                ntlmAuthenticate.setMic(ntlmFunctions.hmac_md5(hmac_md5, plainBuffer.getCompactData()));
                authenticateResponse.setNegToken(negTokenTarg(ntlmAuthenticate, read.getResponseToken()));
                return authenticateResponse;
            } catch (Buffer.BufferException e) {
                throw new IOException(e);
            }
        } catch (SpnegoException e2) {
            throw new SMBRuntimeException(e2);
        }
    }

    @Override // com.hierynomus.smbj.auth.Authenticator
    public void init(SecurityProvider securityProvider, Random random) {
        this.securityProvider = securityProvider;
        this.random = random;
    }

    @Override // com.hierynomus.smbj.auth.Authenticator
    public boolean supports(AuthenticationContext authenticationContext) {
        return authenticationContext.getClass().equals(AuthenticationContext.class);
    }
}
