package com.hierynomus.smbj.connection;

import ch.b;
import ch.c;
import com.hierynomus.asn1.types.primitive.ASN1ObjectIdentifier;
import com.hierynomus.mserref.NtStatus;
import com.hierynomus.mssmb2.SMB2Dialect;
import com.hierynomus.mssmb2.SMB2Packet;
import com.hierynomus.mssmb2.SMBApiException;
import com.hierynomus.mssmb2.messages.SMB2SessionSetup;
import com.hierynomus.protocol.commons.Factory;
import com.hierynomus.security.DerivationFunction;
import com.hierynomus.security.MessageDigest;
import com.hierynomus.security.SecurityException;
import com.hierynomus.security.jce.derivationfunction.CounterDerivationParameters;
import com.hierynomus.smb.Packets;
import com.hierynomus.smbj.SmbConfig;
import com.hierynomus.smbj.auth.AuthenticateResponse;
import com.hierynomus.smbj.auth.AuthenticationContext;
import com.hierynomus.smbj.auth.Authenticator;
import com.hierynomus.smbj.common.SMBRuntimeException;
import com.hierynomus.smbj.session.SMB2GuestSigningRequiredException;
import com.hierynomus.smbj.session.Session;
import com.hierynomus.smbj.session.SessionContext;
import com.hierynomus.smbj.utils.DigestUtil;
import com.hierynomus.spnego.NegTokenInit2;
import com.hierynomus.spnego.SpnegoException;
import com.hierynomus.utils.Strings;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class SMBSessionBuilder {

    /* renamed from: g, reason: collision with root package name */
    static final byte[] f4384g = Strings.c("SMBC2SCipherKey");

    /* renamed from: h, reason: collision with root package name */
    static final byte[] f4385h = Strings.c("SMBS2CCipherKey");

    /* renamed from: i, reason: collision with root package name */
    static final byte[] f4386i = Strings.c("SMB2AESCCM");

    /* renamed from: j, reason: collision with root package name */
    static final byte[] f4387j = Strings.c("ServerIn ");

    /* renamed from: k, reason: collision with root package name */
    static final byte[] f4388k = Strings.c("ServerOut");

    /* renamed from: l, reason: collision with root package name */
    static final byte[] f4389l = Strings.c("SmbSign");

    /* renamed from: m, reason: collision with root package name */
    static final byte[] f4390m = Strings.c("SMB2AESCMAC");

    /* renamed from: n, reason: collision with root package name */
    static final byte[] f4391n = Strings.c("SMBSigningKey");

    /* renamed from: o, reason: collision with root package name */
    static final byte[] f4392o = Strings.c("SmbRpc");

    /* renamed from: p, reason: collision with root package name */
    static final byte[] f4393p = Strings.c("SMB2APP");

    /* renamed from: q, reason: collision with root package name */
    static final byte[] f4394q = Strings.c("SMBAppKey");

    /* renamed from: r, reason: collision with root package name */
    private static final b f4395r = c.i(SMBSessionBuilder.class);

    /* renamed from: a, reason: collision with root package name */
    private final SmbConfig f4396a;

    /* renamed from: b, reason: collision with root package name */
    private final ConnectionContext f4397b;

    /* renamed from: c, reason: collision with root package name */
    private final SessionFactory f4398c;

    /* renamed from: d, reason: collision with root package name */
    private final SessionTable f4399d;

    /* renamed from: e, reason: collision with root package name */
    private final SessionTable f4400e;

    /* renamed from: f, reason: collision with root package name */
    private final Connection f4401f;

    /* loaded from: classes.dex */
    public static class BuilderContext {

        /* renamed from: a, reason: collision with root package name */
        private Authenticator f4402a;

        /* renamed from: b, reason: collision with root package name */
        private long f4403b;

        /* renamed from: c, reason: collision with root package name */
        private byte[] f4404c;

        /* renamed from: d, reason: collision with root package name */
        private AuthenticationContext f4405d;

        /* renamed from: e, reason: collision with root package name */
        private byte[] f4406e;

        /* renamed from: f, reason: collision with root package name */
        private SMB2SessionSetup f4407f;

        /* renamed from: g, reason: collision with root package name */
        private SMB2SessionSetup f4408g;

        /* renamed from: h, reason: collision with root package name */
        private MessageDigest f4409h;
    }

    /* loaded from: classes.dex */
    public interface SessionFactory {
        Session a(AuthenticationContext authenticationContext);
    }

    public SMBSessionBuilder(Connection connection, SmbConfig smbConfig, SessionFactory sessionFactory) {
        this.f4401f = connection;
        this.f4396a = smbConfig;
        this.f4397b = connection.L();
        this.f4399d = connection.h0();
        this.f4400e = connection.c0();
        this.f4398c = sessionFactory;
    }

    private SecretKey a(SecretKey secretKey, byte[] bArr, byte[] bArr2, String str) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(25);
        try {
            byteArrayOutputStream.write(bArr);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(bArr2);
            byteArrayOutputStream.write(new byte[]{0, 0, 0, Byte.MIN_VALUE});
            try {
                DerivationFunction e10 = this.f4396a.E().e("KDF/Counter/HMACSHA256");
                e10.b(new CounterDerivationParameters(secretKey.getEncoded(), byteArrayOutputStream.toByteArray(), 32));
                byte[] bArr3 = new byte[16];
                e10.a(bArr3, 0, 16);
                return new SecretKeySpec(bArr3, str);
            } catch (SecurityException e11) {
                throw new SMBRuntimeException(e11);
            }
        } catch (IOException e12) {
            f4395r.n("Unable to format suffix, error occur : ", e12);
            return null;
        }
    }

    private void b(SMB2SessionSetup sMB2SessionSetup, SMB2Dialect sMB2Dialect, SessionContext sessionContext) {
        SecretKey a10;
        if (!sMB2Dialect.b() || sMB2SessionSetup.o().contains(SMB2SessionSetup.SMB2SessionFlags.SMB2_SESSION_FLAG_IS_NULL) || sMB2SessionSetup.o().contains(SMB2SessionSetup.SMB2SessionFlags.SMB2_SESSION_FLAG_IS_GUEST)) {
            return;
        }
        SMB2Dialect sMB2Dialect2 = SMB2Dialect.SMB_3_1_1;
        SecretKey e10 = sessionContext.e();
        sessionContext.o(sMB2Dialect == sMB2Dialect2 ? a(e10, f4391n, sessionContext.d(), "AesCmac") : a(e10, f4390m, f4389l, "AesCmac"));
        if (this.f4397b.q()) {
            String a11 = this.f4397b.b().a();
            if (sMB2Dialect == sMB2Dialect2) {
                sessionContext.l(a(sessionContext.e(), f4384g, sessionContext.d(), a11));
                sessionContext.j(a(sessionContext.e(), f4385h, sessionContext.d(), a11));
                a10 = a(sessionContext.e(), f4394q, sessionContext.d(), a11);
            } else {
                SecretKey e11 = sessionContext.e();
                byte[] bArr = f4386i;
                sessionContext.l(a(e11, bArr, f4387j, a11));
                sessionContext.j(a(sessionContext.e(), bArr, f4388k, a11));
                a10 = a(sessionContext.e(), f4393p, f4392o, a11);
            }
            sessionContext.i(a10);
        }
    }

    private Authenticator d(AuthenticationContext authenticationContext) {
        ArrayList arrayList = new ArrayList(this.f4396a.H());
        List<ASN1ObjectIdentifier> arrayList2 = new ArrayList<>();
        if (this.f4397b.e().length > 0) {
            arrayList2 = new NegTokenInit2().i(this.f4397b.e()).g();
        }
        Iterator it = new ArrayList(arrayList).iterator();
        while (it.hasNext()) {
            Factory.Named named = (Factory.Named) it.next();
            if (arrayList2.isEmpty() || arrayList2.contains(new ASN1ObjectIdentifier(named.getName()))) {
                Authenticator authenticator = (Authenticator) named.b();
                if (authenticator.a(authenticationContext)) {
                    return authenticator;
                }
            }
        }
        throw new SMBRuntimeException("Could not find a configured authenticator for mechtypes: " + arrayList2 + " and authentication context: " + authenticationContext);
    }

    private BuilderContext e(BuilderContext builderContext, byte[] bArr) {
        SMB2SessionSetup sMB2SessionSetup = new SMB2SessionSetup(this.f4397b.f().a(), EnumSet.of(this.f4397b.k() ? SMB2SessionSetup.SMB2SecurityMode.SMB2_NEGOTIATE_SIGNING_REQUIRED : SMB2SessionSetup.SMB2SecurityMode.SMB2_NEGOTIATE_SIGNING_ENABLED), this.f4397b.c());
        sMB2SessionSetup.r(bArr);
        sMB2SessionSetup.c().x(builderContext.f4403b);
        builderContext.f4407f = sMB2SessionSetup;
        builderContext.f4408g = (SMB2SessionSetup) this.f4401f.r0(sMB2SessionSetup);
        return builderContext;
    }

    private BuilderContext f(AuthenticationContext authenticationContext, Authenticator authenticator) {
        BuilderContext builderContext = new BuilderContext();
        builderContext.f4402a = authenticator;
        builderContext.f4405d = authenticationContext;
        return builderContext;
    }

    private Session g(BuilderContext builderContext) {
        Session a10 = this.f4398c.a(builderContext.f4405d);
        a10.z(builderContext.f4403b);
        a10.p().m(this.f4397b.h());
        return a10;
    }

    private void h(BuilderContext builderContext, byte[] bArr) {
        AuthenticateResponse c10 = builderContext.f4402a.c(builderContext.f4405d, bArr, this.f4397b);
        if (c10 == null) {
            return;
        }
        this.f4397b.n(c10.d());
        this.f4397b.m(c10.b());
        builderContext.f4404c = c10.c();
        builderContext.f4406e = c10.a();
    }

    private Session i(BuilderContext builderContext) {
        e(builderContext, builderContext.f4406e);
        SMB2SessionSetup sMB2SessionSetup = builderContext.f4408g;
        builderContext.f4403b = sMB2SessionSetup.c().k();
        SMB2Dialect a10 = this.f4397b.f().a();
        if (sMB2SessionSetup.c().m() == NtStatus.STATUS_MORE_PROCESSING_REQUIRED.getValue()) {
            if (a10 == SMB2Dialect.SMB_3_1_1) {
                Session b10 = this.f4400e.b(Long.valueOf(builderContext.f4403b));
                if (b10 == null) {
                    b10 = g(builderContext);
                    this.f4400e.c(Long.valueOf(builderContext.f4403b), b10);
                }
                j(builderContext, b10.p(), builderContext.f4407f);
                j(builderContext, b10.p(), builderContext.f4408g);
            }
            f4395r.a("More processing required for authentication of {} using {}", builderContext.f4405d.d(), builderContext.f4402a);
            h(builderContext, sMB2SessionSetup.n());
            return i(builderContext);
        }
        if (sMB2SessionSetup.c().m() != NtStatus.STATUS_SUCCESS.getValue()) {
            throw new SMBApiException(sMB2SessionSetup.c(), String.format("Authentication failed for '%s' using %s", builderContext.f4405d.d(), builderContext.f4402a));
        }
        Session b11 = this.f4400e.b(Long.valueOf(builderContext.f4403b));
        SMB2Dialect sMB2Dialect = SMB2Dialect.SMB_3_1_1;
        if (a10 != sMB2Dialect || b11 == null) {
            b11 = g(builderContext);
        } else {
            this.f4400e.d(Long.valueOf(b11.r()));
        }
        SessionContext p10 = b11.p();
        h(builderContext, sMB2SessionSetup.n());
        p10.n(new SecretKeySpec(builderContext.f4404c, "HmacSHA256"));
        if (a10 == sMB2Dialect) {
            j(builderContext, p10, builderContext.f4407f);
        }
        k(builderContext, p10);
        b(sMB2SessionSetup, a10, p10);
        p10.a(sMB2SessionSetup);
        return b11;
    }

    private void j(BuilderContext builderContext, SessionContext sessionContext, SMB2Packet sMB2Packet) {
        if (builderContext.f4409h == null) {
            String a10 = this.f4401f.L().g().a();
            try {
                builderContext.f4409h = this.f4396a.E().b(a10);
            } catch (SecurityException e10) {
                throw new SMBRuntimeException("Cannot get the message digest for " + a10, e10);
            }
        }
        sessionContext.m(DigestUtil.a(builderContext.f4409h, sessionContext.d(), Packets.a(sMB2Packet)));
    }

    private void k(BuilderContext builderContext, SessionContext sessionContext) {
        boolean R = this.f4396a.R();
        sessionContext.p(R || this.f4401f.L().k());
        if (builderContext.f4408g.o().contains(SMB2SessionSetup.SMB2SessionFlags.SMB2_SESSION_FLAG_IS_NULL)) {
            sessionContext.p(false);
        }
        boolean contains = builderContext.f4408g.o().contains(SMB2SessionSetup.SMB2SessionFlags.SMB2_SESSION_FLAG_IS_GUEST);
        if (contains && sessionContext.h()) {
            throw new SMB2GuestSigningRequiredException();
        }
        if (contains && !R) {
            sessionContext.p(false);
        }
        if (this.f4401f.U().a().b() && this.f4401f.L().q() && builderContext.f4408g.o().contains(SMB2SessionSetup.SMB2SessionFlags.SMB2_SESSION_FLAG_ENCRYPT_DATA)) {
            sessionContext.k(true);
            sessionContext.p(false);
        }
    }

    public Session c(AuthenticationContext authenticationContext) {
        try {
            Authenticator d10 = d(authenticationContext);
            BuilderContext f10 = f(authenticationContext, d10);
            d10.b(this.f4396a);
            h(f10, this.f4397b.e());
            Session i10 = i(f10);
            f4395r.B("Successfully authenticated {} on {}, session is {}", authenticationContext.d(), this.f4401f.f0(), Long.valueOf(i10.r()));
            this.f4399d.c(Long.valueOf(i10.r()), i10);
            return i10;
        } catch (SpnegoException | IOException e10) {
            throw new SMBRuntimeException(e10);
        }
    }
}
