package com.hierynomus.smbj.auth;

import com.hierynomus.mserref.NtStatus;
import com.hierynomus.mssmb2.messages.SMB2SessionSetup;
import com.hierynomus.ntlm.NtlmException;
import com.hierynomus.ntlm.functions.NtlmFunctions;
import com.hierynomus.ntlm.messages.NtlmAuthenticate;
import com.hierynomus.ntlm.messages.NtlmChallenge;
import com.hierynomus.ntlm.messages.NtlmNegotiate;
import com.hierynomus.ntlm.messages.NtlmNegotiateFlag;
import com.hierynomus.protocol.commons.ByteArrayUtils;
import com.hierynomus.protocol.commons.Factory;
import com.hierynomus.protocol.commons.buffer.Buffer;
import com.hierynomus.protocol.commons.buffer.Endian;
import com.hierynomus.protocol.commons.concurrent.Futures;
import com.hierynomus.smbj.connection.Connection;
import com.hierynomus.smbj.transport.TransportException;
import com.hierynomus.spnego.NegTokenInit;
import com.hierynomus.spnego.NegTokenTarg;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.EnumSet;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.microsoft.MicrosoftObjectIdentifiers;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/hierynomus/smbj/auth/NtlmAuthenticator.class */
public class NtlmAuthenticator implements Authenticator {
    private static final Logger logger = LoggerFactory.getLogger(NtlmAuthenticator.class);
    private static final ASN1ObjectIdentifier NTLMSSP = MicrosoftObjectIdentifiers.microsoft.branch("2.2.10");

    /* loaded from: input_file:com/hierynomus/smbj/auth/NtlmAuthenticator$Factory.class */
    public static class Factory implements Factory.Named<NtlmAuthenticator> {
        @Override // com.hierynomus.protocol.commons.Factory.Named
        public String getName() {
            return "1.3.6.1.4.1.311.2.2.10";
        }

        @Override // com.hierynomus.protocol.commons.Factory
        public NtlmAuthenticator create() {
            return new NtlmAuthenticator();
        }
    }

    /* JADX WARN: Type inference failed for: r1v30, types: [byte[], byte[][]] */
    public long authenticate(Connection connection, AuthenticationContext authenticationContext) throws TransportException {
        try {
            logger.info("Authenticating {} on {} using NTLM", authenticationContext.getUsername(), connection.getRemoteHostname());
            EnumSet of = EnumSet.of(SMB2SessionSetup.SMB2SecurityMode.SMB2_NEGOTIATE_SIGNING_ENABLED);
            SMB2SessionSetup sMB2SessionSetup = new SMB2SessionSetup(connection.getNegotiatedProtocol().getDialect(), of);
            sMB2SessionSetup.setSecurityBuffer(negTokenInit(new NtlmNegotiate()));
            SMB2SessionSetup sMB2SessionSetup2 = (SMB2SessionSetup) Futures.get(connection.send(sMB2SessionSetup), TransportException.Wrapper);
            long sessionId = sMB2SessionSetup2.getHeader().getSessionId();
            if (sMB2SessionSetup2.getHeader().getStatus() == NtStatus.STATUS_MORE_PROCESSING_REQUIRED) {
                logger.debug("More processing required for authentication of {}", authenticationContext.getUsername());
                byte[] securityBuffer = sMB2SessionSetup2.getSecurityBuffer();
                logger.debug("Received token: {}", ByteArrayUtils.printHex(securityBuffer));
                NegTokenTarg read = new NegTokenTarg().read(securityBuffer);
                read.getNegotiationResult();
                NtlmChallenge ntlmChallenge = (NtlmChallenge) new NtlmChallenge().read(new Buffer.PlainBuffer(read.getResponseToken(), Endian.LE));
                logger.debug("Received NTLM challenge from: {}", ntlmChallenge.getTargetName());
                byte[] serverChallenge = ntlmChallenge.getServerChallenge();
                byte[] NTOWFv2 = NtlmFunctions.NTOWFv2(String.valueOf(authenticationContext.getPassword()), authenticationContext.getUsername(), authenticationContext.getDomain());
                byte[] nTLMv2Response = NtlmFunctions.getNTLMv2Response(NTOWFv2, serverChallenge, NtlmFunctions.getNTLMv2ClientChallenge(ntlmChallenge.getTargetInfo()));
                byte[] bArr = null;
                if (ntlmChallenge.getNegotiateFlags().contains(NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_SIGN)) {
                    byte[] hmac_md5 = NtlmFunctions.hmac_md5(NTOWFv2, new byte[]{ByteBuffer.wrap(nTLMv2Response, 0, 16).array()});
                    if (ntlmChallenge.getNegotiateFlags().contains(NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_KEY_EXCH)) {
                        byte[] bArr2 = new byte[16];
                        NtlmFunctions.getRandom().nextBytes(bArr2);
                        bArr = NtlmFunctions.encryptRc4(hmac_md5, bArr2);
                    } else {
                        bArr = hmac_md5;
                    }
                }
                SMB2SessionSetup sMB2SessionSetup3 = new SMB2SessionSetup(connection.getNegotiatedProtocol().getDialect(), of);
                sMB2SessionSetup3.getHeader().setSessionId(sessionId);
                sMB2SessionSetup3.setSecurityBuffer(negTokenTarg(new NtlmAuthenticate(new byte[0], nTLMv2Response, authenticationContext.getUsername(), authenticationContext.getDomain(), null, bArr, NtlmNegotiate.DEFAULT_FLAGS), read.getResponseToken()));
                SMB2SessionSetup sMB2SessionSetup4 = (SMB2SessionSetup) Futures.get(connection.send(sMB2SessionSetup3), TransportException.Wrapper);
                if (sMB2SessionSetup4.getHeader().getStatus() != NtStatus.STATUS_SUCCESS) {
                    throw new NtlmException("Setup failed with " + sMB2SessionSetup4.getHeader().getStatus());
                }
            }
            return sessionId;
        } catch (Buffer.BufferException | IOException e) {
            throw new TransportException(e);
        }
    }

    private byte[] negTokenInit(NtlmNegotiate ntlmNegotiate) {
        NegTokenInit negTokenInit = new NegTokenInit();
        negTokenInit.addSupportedMech(NTLMSSP);
        Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer(Endian.LE);
        ntlmNegotiate.write(plainBuffer);
        negTokenInit.setMechToken(plainBuffer.getCompactData());
        Buffer.PlainBuffer plainBuffer2 = new Buffer.PlainBuffer(Endian.LE);
        negTokenInit.write(plainBuffer2);
        return plainBuffer2.getCompactData();
    }

    private byte[] negTokenTarg(NtlmAuthenticate ntlmAuthenticate, byte[] bArr) {
        NegTokenTarg negTokenTarg = new NegTokenTarg();
        negTokenTarg.setResponseToken(bArr);
        Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer(Endian.LE);
        ntlmAuthenticate.write(plainBuffer);
        negTokenTarg.setResponseToken(plainBuffer.getCompactData());
        Buffer.PlainBuffer plainBuffer2 = new Buffer.PlainBuffer(Endian.LE);
        negTokenTarg.write(plainBuffer2);
        return plainBuffer2.getCompactData();
    }
}
