package com.hierynomus.smbj.connection.packet;

import com.google.crypto.tink.Registry;
import com.hierynomus.asn1.ASN1Parser;
import com.hierynomus.mssmb2.DeadLetterPacketData;
import com.hierynomus.mssmb2.SMB2DecryptedPacketData;
import com.hierynomus.mssmb2.SMB2MessageCommandCode;
import com.hierynomus.mssmb2.SMB2MessageFlag;
import com.hierynomus.mssmb2.SMB2PacketData;
import com.hierynomus.mssmb2.SMB2PacketHeader;
import com.hierynomus.protocol.commons.Objects;
import com.hierynomus.security.SecurityException;
import com.hierynomus.security.bc.BCMac;
import com.hierynomus.smb.SMBBuffer;
import com.hierynomus.smb.SMBHeader;
import com.hierynomus.smbj.connection.PacketSignatory;
import com.hierynomus.smbj.session.Session;
import java.util.Arrays;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.Mac;
import org.bouncycastle.crypto.params.KeyParameter;
import org.jsoup.helper.UrlBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public final class SMB2SignatureVerificationPacketHandler extends SMB2PacketHandler {
    public static final Logger logger = LoggerFactory.getLogger((Class<?>) SMB2SignatureVerificationPacketHandler.class);
    public UrlBuilder sessionTable;
    public PacketSignatory signatory;

    @Override // com.hierynomus.smbj.connection.packet.SMB2PacketHandler
    public final void doSMB2Handle(SMB2PacketData sMB2PacketData) {
        Session find;
        UrlBuilder urlBuilder = this.sessionTable;
        SMBHeader sMBHeader = sMB2PacketData.header;
        SMB2PacketHeader sMB2PacketHeader = (SMB2PacketHeader) sMBHeader;
        long j = sMB2PacketHeader.messageId;
        Logger logger2 = logger;
        if (j == -1) {
            logger2.debug("Message ID is 0xFFFFFFFFFFFFFFFF, no verification necessary");
            ((ASN1Parser) this.decoder).handle$1(sMB2PacketData);
            return;
        }
        if (sMB2PacketData instanceof SMB2DecryptedPacketData) {
            logger2.debug("Passthrough Signature Verification as packet is decrypted");
            ((ASN1Parser) this.decoder).handle$1(sMB2PacketData);
            return;
        }
        long j2 = sMB2PacketHeader.flags;
        SMB2MessageFlag sMB2MessageFlag = SMB2MessageFlag.SMB2_FLAGS_SIGNED;
        if (!Objects.isSet(j2, sMB2MessageFlag)) {
            SMB2PacketHeader sMB2PacketHeader2 = (SMB2PacketHeader) sMBHeader;
            if (!Objects.isSet(sMB2PacketHeader2.flags, sMB2MessageFlag)) {
                SMB2PacketHeader sMB2PacketHeader3 = (SMB2PacketHeader) sMB2PacketData.header;
                if (!Objects.isSet(sMB2PacketHeader3.flags, SMB2MessageFlag.SMB2_FLAGS_ASYNC_COMMAND) || sMB2PacketHeader3.statusCode != 259) {
                    SMB2PacketHeader sMB2PacketHeader4 = (SMB2PacketHeader) sMB2PacketData.header;
                    if ((sMB2PacketHeader4.messageId != -1 || sMB2PacketHeader4.message != SMB2MessageCommandCode.SMB2_OPLOCK_BREAK) && (find = urlBuilder.find(Long.valueOf(sMB2PacketHeader2.sessionId))) != null && find.sessionContext.signingRequired) {
                        logger2.warn("Illegal request, session requires message signing, but packet {} is not signed.", sMB2PacketData);
                        ((ASN1Parser) this.decoder).handle$1(new DeadLetterPacketData(sMBHeader));
                        return;
                    }
                }
            }
            ((ASN1Parser) this.decoder).handle$1(sMB2PacketData);
            return;
        }
        SMB2PacketHeader sMB2PacketHeader5 = (SMB2PacketHeader) sMBHeader;
        long j3 = sMB2PacketHeader5.sessionId;
        if (j3 == 0 || sMB2PacketHeader5.message == SMB2MessageCommandCode.SMB2_SESSION_SETUP) {
            ((ASN1Parser) this.decoder).handle$1(sMB2PacketData);
            return;
        }
        Session find2 = urlBuilder.find(Long.valueOf(j3));
        if (find2 == null) {
            logger2.error("Could not find session << {} >> for packet {}.", Long.valueOf(j3), sMB2PacketData);
            ((ASN1Parser) this.decoder).handle$1(new DeadLetterPacketData(sMBHeader));
            return;
        }
        PacketSignatory packetSignatory = this.signatory;
        SecretKey signingKey = find2.getSigningKey(sMB2PacketHeader5, false);
        packetSignatory.getClass();
        try {
            SMBBuffer sMBBuffer = sMB2PacketData.buffer;
            Registry.AnonymousClass4 anonymousClass4 = packetSignatory.securityProvider;
            SecretKeySpec secretKeySpec = (SecretKeySpec) signingKey;
            String algorithm = secretKeySpec.getAlgorithm();
            anonymousClass4.getClass();
            Mac mac = new BCMac(algorithm).mac;
            mac.init(new KeyParameter(secretKeySpec.getEncoded()));
            mac.update(sMBBuffer.data, ((SMB2PacketHeader) sMBHeader).headerStartPosition, 48);
            mac.update(SMB2PacketHeader.EMPTY_SIGNATURE, 0, 16);
            mac.update(sMBBuffer.data, 64, ((SMB2PacketHeader) sMBHeader).messageEndPosition - 64);
            byte[] bArr = new byte[mac.getMacSize()];
            mac.doFinal(bArr, 0);
            byte[] bArr2 = ((SMB2PacketHeader) sMBHeader).signature;
            for (int i = 0; i < 16; i++) {
                if (bArr[i] != bArr2[i]) {
                    Logger logger3 = PacketSignatory.logger;
                    logger3.error("Signatures for packet {} do not match (received: {}, calculated: {})", sMB2PacketData, Arrays.toString(bArr2), Arrays.toString(bArr));
                    logger3.error("Packet {} has header: {}", sMB2PacketData, sMBHeader);
                    logger2.warn("Invalid packet signature for packet {}", sMB2PacketData);
                    ((ASN1Parser) this.decoder).handle$1(new DeadLetterPacketData(sMBHeader));
                    return;
                }
            }
            logger2.debug("Signature for packet {} verified.", sMB2PacketData);
            ((ASN1Parser) this.decoder).handle$1(sMB2PacketData);
        } catch (SecurityException e) {
            throw new IllegalStateException(e);
        }
    }
}
