package com.hierynomus.smbj.connection;

import coil3.util.BitmapsKt;
import com.google.common.base.Splitter;
import com.google.crypto.tink.Registry;
import com.hierynomus.asn1.ASN1InputStream;
import com.hierynomus.asn1.encodingrules.der.DERDecoder;
import com.hierynomus.asn1.types.ASN1Object;
import com.hierynomus.asn1.types.ASN1Tag;
import com.hierynomus.asn1.types.ASN1TagClass;
import com.hierynomus.asn1.types.constructed.ASN1Sequence;
import com.hierynomus.asn1.types.constructed.ASN1TaggedObject;
import com.hierynomus.asn1.types.primitive.ASN1ObjectIdentifier;
import com.hierynomus.mssmb2.SMB2Dialect;
import com.hierynomus.mssmb2.SMB2MessageCommandCode;
import com.hierynomus.mssmb2.SMB2Packet;
import com.hierynomus.mssmb2.SMB2PacketHeader;
import com.hierynomus.mssmb2.SMBApiException;
import com.hierynomus.mssmb2.messages.SMB2SessionSetup;
import com.hierynomus.protocol.commons.Factory;
import com.hierynomus.protocol.commons.Objects;
import com.hierynomus.protocol.commons.buffer.Buffer;
import com.hierynomus.protocol.commons.buffer.Endian$Big;
import com.hierynomus.protocol.commons.concurrent.CancellableFuture;
import com.hierynomus.protocol.transport.TransportException;
import com.hierynomus.security.SecurityException;
import com.hierynomus.security.bc.BCDerivationFunctionFactory;
import com.hierynomus.security.bc.BCDerivationFunctionFactory$1$1;
import com.hierynomus.security.bc.BCMessageDigest;
import com.hierynomus.smbj.SmbConfig;
import com.hierynomus.smbj.auth.Authenticator;
import com.hierynomus.smbj.session.Session;
import com.hierynomus.smbj.session.SessionContext;
import com.hierynomus.spnego.NegTokenInit;
import com.hierynomus.spnego.ObjectIdentifiers;
import com.koushikdutta.async.Util$8;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import kotlin.io.ByteStreamsKt;
import kotlin.io.ExceptionsKt;
import kotlin.math.MathKt;
import org.bouncycastle.crypto.params.KDFCounterParameters;
import org.jsoup.helper.UrlBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public final class SMBSessionBuilder {
    public final SmbConfig config;
    public final Connection connection;
    public final ConnectionContext connectionContext;
    public final UrlBuilder preauthSessionTable;
    public final Splitter.AnonymousClass1 sessionFactory;
    public final UrlBuilder sessionTable;
    public static final byte[] KDF_ENC_LABEL_SMB311 = BitmapsKt.nullTerminatedBytes("SMBC2SCipherKey");
    public static final byte[] KDF_DEC_LABEL_SMB311 = BitmapsKt.nullTerminatedBytes("SMBS2CCipherKey");
    public static final byte[] KDF_ENCDEC_LABEL = BitmapsKt.nullTerminatedBytes("SMB2AESCCM");
    public static final byte[] KDF_ENC_CONTEXT = BitmapsKt.nullTerminatedBytes("ServerIn ");
    public static final byte[] KDF_DEC_CONTEXT = BitmapsKt.nullTerminatedBytes("ServerOut");
    public static final byte[] KDF_SIGN_CONTEXT = BitmapsKt.nullTerminatedBytes("SmbSign");
    public static final byte[] KDF_SIGN_LABEL = BitmapsKt.nullTerminatedBytes("SMB2AESCMAC");
    public static final byte[] KDF_SIGN_LABEL_SMB311 = BitmapsKt.nullTerminatedBytes("SMBSigningKey");
    public static final byte[] KDF_APP_CONTEXT = BitmapsKt.nullTerminatedBytes("SmbRpc");
    public static final byte[] KDF_APP_LABEL = BitmapsKt.nullTerminatedBytes("SMB2APP");
    public static final byte[] KDF_APP_LABEL_SMB311 = BitmapsKt.nullTerminatedBytes("SMBAppKey");
    public static final Logger logger = LoggerFactory.getLogger((Class<?>) SMBSessionBuilder.class);

    /* loaded from: classes2.dex */
    public final class BuilderContext {
        public Util$8 authContext;
        public Authenticator authenticator;
        public BCMessageDigest digest;
        public SMB2SessionSetup request;
        public SMB2SessionSetup response;
        public byte[] securityContext;
        public long sessionId;
        public byte[] sessionKey;
    }

    public SMBSessionBuilder(Connection connection, SmbConfig smbConfig, Splitter.AnonymousClass1 anonymousClass1) {
        this.connection = connection;
        this.config = smbConfig;
        this.connectionContext = connection.connectionContext;
        this.sessionTable = connection.sessionTable;
        this.preauthSessionTable = connection.preauthSessionTable;
        this.sessionFactory = anonymousClass1;
    }

    public final SecretKeySpec deriveKey(SecretKey secretKey, byte[] bArr, byte[] bArr2, String str) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(25);
        try {
            byteArrayOutputStream.write(bArr);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(bArr2);
            byteArrayOutputStream.write(new byte[]{0, 0, 0, Byte.MIN_VALUE});
            try {
                this.config.securityProvider.getClass();
                Factory factory = (Factory) BCDerivationFunctionFactory.lookup.get("KDF/Counter/HMACSHA256");
                if (factory == null) {
                    throw new IllegalArgumentException("Unknown DerivationFunction KDF/Counter/HMACSHA256");
                }
                BCDerivationFunctionFactory$1$1 bCDerivationFunctionFactory$1$1 = (BCDerivationFunctionFactory$1$1) factory.create();
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                byte[] encoded = secretKey.getEncoded();
                if (encoded == null || encoded.length == 0) {
                    throw new IllegalArgumentException("Missing Seed for KDF");
                }
                bCDerivationFunctionFactory$1$1.function.init(new KDFCounterParameters(Arrays.copyOf(encoded, encoded.length), byteArray == null ? new byte[0] : Arrays.copyOf(byteArray, byteArray.length), 32));
                byte[] bArr3 = new byte[16];
                bCDerivationFunctionFactory$1$1.function.generateBytes(bArr3, 0, 16);
                return new SecretKeySpec(bArr3, str);
            } catch (SecurityException e) {
                throw new RuntimeException(e);
            }
        } catch (IOException e2) {
            logger.error("Unable to format suffix, error occur : ", (Throwable) e2);
            return null;
        }
    }

    /* JADX WARN: Type inference failed for: r3v9, types: [com.hierynomus.protocol.commons.buffer.Buffer, com.hierynomus.protocol.commons.buffer.Buffer$PlainBuffer] */
    /* JADX WARN: Type inference failed for: r7v0, types: [com.google.crypto.tink.Registry$4, com.hierynomus.asn1.encodingrules.der.DERDecoder] */
    public final Authenticator getAuthenticator(Util$8 util$8) {
        SmbConfig smbConfig = this.config;
        smbConfig.getClass();
        ArrayList arrayList = new ArrayList(new ArrayList(smbConfig.authenticators));
        ArrayList arrayList2 = new ArrayList();
        ConnectionContext connectionContext = this.connectionContext;
        byte[] bArr = connectionContext.gssNegotiateToken;
        if (Arrays.copyOf(bArr, bArr.length).length > 0) {
            NegTokenInit negTokenInit = new NegTokenInit();
            byte[] bArr2 = connectionContext.gssNegotiateToken;
            try {
                ASN1InputStream aSN1InputStream = new ASN1InputStream((DERDecoder) new Registry.AnonymousClass4(14, false), new Buffer.AnonymousClass1((Buffer.PlainBuffer) new Buffer(Arrays.copyOf(bArr2, bArr2.length), true, Endian$Big.LE)));
                try {
                    ASN1TaggedObject aSN1TaggedObject = (ASN1TaggedObject) aSN1InputStream.readObject();
                    if (aSN1TaggedObject.tag.asn1TagClass != ASN1TagClass.APPLICATION) {
                        throw new Exception("Incorrect GSS-API ASN.1 token received, expected to find an [APPLICATION 0], not: " + aSN1TaggedObject);
                    }
                    ArrayList arrayList3 = ((ASN1Sequence) aSN1TaggedObject.getObject(ASN1Tag.SEQUENCE)).objects;
                    ASN1Object aSN1Object = (ASN1Object) arrayList3.get(0);
                    if (!(aSN1Object instanceof ASN1ObjectIdentifier)) {
                        throw new Exception("Expected to find the SPNEGO OID (" + ObjectIdentifiers.SPNEGO + "), not: " + aSN1Object);
                    }
                    negTokenInit.parseSpnegoToken((ASN1Object) arrayList3.get(1));
                    aSN1InputStream.close();
                    arrayList2 = (ArrayList) negTokenInit.mechTypes;
                } catch (Throwable th) {
                    try {
                        aSN1InputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (IOException e) {
                throw new Exception("Could not read NegTokenInit from buffer", e);
            }
        }
        Iterator it = new ArrayList(arrayList).iterator();
        while (it.hasNext()) {
            Factory.Named named = (Factory.Named) it.next();
            if (arrayList2.isEmpty() || arrayList2.contains(new ASN1ObjectIdentifier(named.getName()))) {
                Authenticator authenticator = (Authenticator) named.create();
                if (authenticator.supports(util$8)) {
                    return authenticator;
                }
            }
        }
        throw new RuntimeException("Could not find a configured authenticator for mechtypes: " + arrayList2 + " and authentication context: " + util$8);
    }

    public final Session newSession(BuilderContext builderContext) {
        Util$8 util$8 = builderContext.authContext;
        Connection connection = (Connection) this.sessionFactory.val$separatorMatcher;
        Session session = new Session(connection, connection.config, util$8, connection.bus, connection.pathResolver, connection.signatory, connection.encryptor);
        session.sessionId = builderContext.sessionId;
        byte[] bArr = this.connectionContext.preauthIntegrityHashValue;
        SessionContext sessionContext = session.sessionContext;
        sessionContext.getClass();
        sessionContext.preauthIntegrityHashValue = Arrays.copyOf(bArr, bArr.length);
        return session;
    }

    public final void processAuthenticationToken(BuilderContext builderContext, byte[] bArr) {
        UrlBuilder authenticate = builderContext.authenticator.authenticate(builderContext.authContext, bArr);
        if (authenticate == null) {
            return;
        }
        this.connectionContext.getClass();
        builderContext.sessionKey = (byte[]) authenticate.q;
        builderContext.securityContext = (byte[]) authenticate.u;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v0, types: [com.hierynomus.mssmb2.SMB2Packet, com.hierynomus.mssmb2.messages.SMB2SessionSetup, com.hierynomus.smb.SMBPacket] */
    public final Session setupSession(BuilderContext builderContext) {
        byte[] bArr = builderContext.securityContext;
        ConnectionContext connectionContext = this.connectionContext;
        SMB2Dialect sMB2Dialect = (SMB2Dialect) connectionContext.negotiatedProtocol.elements;
        EnumSet of = EnumSet.of((connectionContext.server.securityMode & 2) > 0 ? SMB2SessionSetup.SMB2SecurityMode.SMB2_NEGOTIATE_SIGNING_REQUIRED : SMB2SessionSetup.SMB2SecurityMode.SMB2_NEGOTIATE_SIGNING_ENABLED);
        EnumSet enumSet = connectionContext.clientCapabilities;
        ?? sMB2Packet = new SMB2Packet(25, sMB2Dialect, SMB2MessageCommandCode.SMB2_SESSION_SETUP, 0L, 0L);
        sMB2Packet.negotiatedDialect = sMB2Dialect;
        sMB2Packet.securityMode = (byte) Objects.toLong(of);
        sMB2Packet.clientCapabilities = Objects.toLong(enumSet);
        sMB2Packet.securityBuffer = bArr;
        ((SMB2PacketHeader) sMB2Packet.header).sessionId = builderContext.sessionId;
        builderContext.request = sMB2Packet;
        Connection connection = this.connection;
        CancellableFuture send = connection.send(sMB2Packet);
        long j = connection.config.transactTimeout;
        TimeUnit timeUnit = TimeUnit.MILLISECONDS;
        Registry.AnonymousClass4 anonymousClass4 = TransportException.Wrapper;
        SMB2SessionSetup sMB2SessionSetup = (SMB2SessionSetup) ((SMB2Packet) ByteStreamsKt.get(send, j));
        builderContext.response = sMB2SessionSetup;
        SMB2PacketHeader sMB2PacketHeader = (SMB2PacketHeader) sMB2SessionSetup.header;
        long j2 = sMB2PacketHeader.sessionId;
        builderContext.sessionId = j2;
        SMB2Dialect sMB2Dialect2 = (SMB2Dialect) connectionContext.negotiatedProtocol.elements;
        long j3 = sMB2PacketHeader.statusCode;
        SMB2Dialect sMB2Dialect3 = SMB2Dialect.SMB_3_1_1;
        UrlBuilder urlBuilder = this.preauthSessionTable;
        if (j3 == 3221225494L) {
            if (sMB2Dialect2 == sMB2Dialect3) {
                Session find = urlBuilder.find(Long.valueOf(j2));
                if (find == null) {
                    find = newSession(builderContext);
                    Long valueOf = Long.valueOf(builderContext.sessionId);
                    ((ReentrantLock) urlBuilder.u).lock();
                    try {
                        ((HashMap) urlBuilder.q).put(valueOf, find);
                    } finally {
                    }
                }
                SessionContext sessionContext = find.sessionContext;
                updatePreauthIntegrityValue(builderContext, sessionContext, builderContext.request);
                updatePreauthIntegrityValue(builderContext, sessionContext, builderContext.response);
            }
            logger.debug("More processing required for authentication of {} using {}", (String) builderContext.authContext.val$sink, builderContext.authenticator);
            processAuthenticationToken(builderContext, sMB2SessionSetup.securityBuffer);
            return setupSession(builderContext);
        }
        if (j3 != 0) {
            throw new SMBApiException((SMB2PacketHeader) sMB2SessionSetup.header, String.format("Authentication failed for '%s' using %s", (String) builderContext.authContext.val$sink, builderContext.authenticator));
        }
        Session find2 = urlBuilder.find(Long.valueOf(j2));
        if (sMB2Dialect2 != sMB2Dialect3 || find2 == null) {
            find2 = newSession(builderContext);
        } else {
            Long valueOf2 = Long.valueOf(find2.sessionId);
            ((ReentrantLock) urlBuilder.u).lock();
            try {
            } finally {
            }
        }
        SessionContext sessionContext2 = find2.sessionContext;
        processAuthenticationToken(builderContext, sMB2SessionSetup.securityBuffer);
        sessionContext2.sessionKey = new SecretKeySpec(builderContext.sessionKey, "HmacSHA256");
        if (sMB2Dialect2 == sMB2Dialect3) {
            updatePreauthIntegrityValue(builderContext, sessionContext2, builderContext.request);
        }
        this.config.getClass();
        sessionContext2.signingRequired = (connection.connectionContext.server.securityMode & 2) > 0;
        EnumSet enumSet2 = builderContext.response.sessionFlags;
        SMB2SessionSetup.SMB2SessionFlags sMB2SessionFlags = SMB2SessionSetup.SMB2SessionFlags.SMB2_SESSION_FLAG_IS_NULL;
        if (enumSet2.contains(sMB2SessionFlags)) {
            sessionContext2.signingRequired = false;
        }
        EnumSet enumSet3 = builderContext.response.sessionFlags;
        SMB2SessionSetup.SMB2SessionFlags sMB2SessionFlags2 = SMB2SessionSetup.SMB2SessionFlags.SMB2_SESSION_FLAG_IS_GUEST;
        boolean contains = enumSet3.contains(sMB2SessionFlags2);
        if (contains && sessionContext2.signingRequired) {
            throw new RuntimeException("Cannot require message signing when authenticating with a guest account");
        }
        if (contains) {
            sessionContext2.signingRequired = false;
        }
        if (((SMB2Dialect) connection.connectionContext.negotiatedProtocol.elements).isSmb3x() && connection.connectionContext.supportsEncryption() && builderContext.response.sessionFlags.contains(SMB2SessionSetup.SMB2SessionFlags.SMB2_SESSION_FLAG_ENCRYPT_DATA)) {
            sessionContext2.encryptData = true;
            sessionContext2.signingRequired = false;
        }
        if (sMB2Dialect2.isSmb3x() && !sMB2SessionSetup.sessionFlags.contains(sMB2SessionFlags) && !sMB2SessionSetup.sessionFlags.contains(sMB2SessionFlags2)) {
            if (sMB2Dialect2 == sMB2Dialect3) {
                sessionContext2.signingKey = deriveKey((SecretKeySpec) sessionContext2.sessionKey, KDF_SIGN_LABEL_SMB311, (byte[]) sessionContext2.preauthIntegrityHashValue, "AesCmac");
            } else {
                sessionContext2.signingKey = deriveKey((SecretKeySpec) sessionContext2.sessionKey, KDF_SIGN_LABEL, KDF_SIGN_CONTEXT, "AesCmac");
            }
            if (connectionContext.supportsEncryption()) {
                String str = connectionContext.cipherId.algorithmName;
                if (sMB2Dialect2 == sMB2Dialect3) {
                    sessionContext2.encryptionKey = deriveKey((SecretKeySpec) sessionContext2.sessionKey, KDF_ENC_LABEL_SMB311, (byte[]) sessionContext2.preauthIntegrityHashValue, str);
                    sessionContext2.decryptionKey = deriveKey((SecretKeySpec) sessionContext2.sessionKey, KDF_DEC_LABEL_SMB311, (byte[]) sessionContext2.preauthIntegrityHashValue, str);
                    deriveKey((SecretKeySpec) sessionContext2.sessionKey, KDF_APP_LABEL_SMB311, (byte[]) sessionContext2.preauthIntegrityHashValue, str);
                    return find2;
                }
                SecretKeySpec secretKeySpec = (SecretKeySpec) sessionContext2.sessionKey;
                byte[] bArr2 = KDF_ENC_CONTEXT;
                byte[] bArr3 = KDF_ENCDEC_LABEL;
                sessionContext2.encryptionKey = deriveKey(secretKeySpec, bArr3, bArr2, str);
                sessionContext2.decryptionKey = deriveKey((SecretKeySpec) sessionContext2.sessionKey, bArr3, KDF_DEC_CONTEXT, str);
                deriveKey((SecretKeySpec) sessionContext2.sessionKey, KDF_APP_LABEL, KDF_APP_CONTEXT, str);
            }
        }
        return find2;
    }

    public final void updatePreauthIntegrityValue(BuilderContext builderContext, SessionContext sessionContext, SMB2Packet sMB2Packet) {
        if (builderContext.digest == null) {
            this.connection.connectionContext.preauthIntegrityHashId.getClass();
            try {
                this.config.securityProvider.getClass();
                builderContext.digest = new BCMessageDigest("SHA-512");
            } catch (SecurityException e) {
                throw new RuntimeException("Cannot get the message digest for SHA-512", e);
            }
        }
        byte[] digest = MathKt.digest(builderContext.digest, (byte[]) sessionContext.preauthIntegrityHashValue, ExceptionsKt.getPacketBytes(sMB2Packet));
        sessionContext.preauthIntegrityHashValue = Arrays.copyOf(digest, digest.length);
    }
}
