package jcifs.smb;

import androidx.activity.result.d;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.Cipher;
import jcifs.CIFSContext;
import jcifs.CIFSException;
import jcifs.internal.util.SMBUtil;
import jcifs.ntlmssp.Type1Message;
import jcifs.ntlmssp.Type2Message;
import jcifs.ntlmssp.Type3Message;
import jcifs.spnego.SpnegoConstants;
import jcifs.util.Crypto;
import jcifs.util.Hexdump;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.util.Arrays;
import wc.a;
import wc.b;

/* loaded from: classes.dex */
public class NtlmContext implements SSPContext {
    private static final String C2S_SEAL_CONSTANT = "session key to client-to-server sealing key magic constant";
    private static final String C2S_SIGN_CONSTANT = "session key to client-to-server signing key magic constant";
    public static ASN1ObjectIdentifier NTLMSSP_OID = null;
    private static final String S2C_SEAL_CONSTANT = "session key to server-to-client sealing key magic constant";
    private static final String S2C_SIGN_CONSTANT = "session key to server-to-client signing key magic constant";
    private static final a log = b.d(NtlmContext.class);
    private NtlmPasswordAuthenticator auth;
    private int ntlmsspFlags;
    private final boolean requireKeyExchange;
    private Cipher sealClientHandle;
    private byte[] sealClientKey;
    private Cipher sealServerHandle;
    private byte[] sealServerKey;
    private byte[] signKey;
    private String targetName;
    private CIFSContext transportContext;
    private byte[] type1Bytes;
    private byte[] verifyKey;
    private String workstation;
    private boolean isEstablished = false;
    private byte[] serverChallenge = null;
    private byte[] masterKey = null;
    private String netbiosName = null;
    private final AtomicInteger signSequence = new AtomicInteger(0);
    private final AtomicInteger verifySequence = new AtomicInteger(0);
    private int state = 1;

    static {
        try {
            NTLMSSP_OID = new ASN1ObjectIdentifier(SpnegoConstants.NTLMSSP_MECHANISM);
        } catch (IllegalArgumentException e10) {
            log.error("Failed to parse OID", (Throwable) e10);
        }
    }

    public NtlmContext(CIFSContext cIFSContext, NtlmPasswordAuthenticator ntlmPasswordAuthenticator, boolean z5) {
        int i5;
        int i10;
        int i11;
        this.transportContext = cIFSContext;
        this.auth = ntlmPasswordAuthenticator;
        this.ntlmsspFlags = this.ntlmsspFlags | 4 | 524288 | 536870912;
        if (!ntlmPasswordAuthenticator.b()) {
            i10 = this.ntlmsspFlags;
            i11 = 1073774608;
        } else {
            if (!ntlmPasswordAuthenticator.c()) {
                i5 = this.ntlmsspFlags | 2048;
                this.ntlmsspFlags = i5;
                this.requireKeyExchange = z5;
                this.workstation = cIFSContext.e().X();
            }
            i10 = this.ntlmsspFlags;
            i11 = 1073741824;
        }
        i5 = i10 | i11;
        this.ntlmsspFlags = i5;
        this.requireKeyExchange = z5;
        this.workstation = cIFSContext.e().X();
    }

    public static byte[] n(String str, byte[] bArr) {
        MessageDigest e10 = Crypto.e();
        e10.update(bArr);
        e10.update(str.getBytes(StandardCharsets.US_ASCII));
        e10.update((byte) 0);
        return e10.digest();
    }

    @Override // jcifs.smb.SSPContext
    public final int a() {
        return 0;
    }

    @Override // jcifs.smb.SSPContext
    public final boolean b() {
        return true;
    }

    @Override // jcifs.smb.SSPContext
    public final byte[] c(int i5, byte[] bArr) throws SmbException {
        int i10 = this.state;
        if (i10 == 1) {
            Type1Message type1Message = new Type1Message(this.transportContext, this.ntlmsspFlags, this.auth.d(), this.workstation);
            byte[] f10 = type1Message.f();
            this.type1Bytes = f10;
            a aVar = log;
            if (aVar.isTraceEnabled()) {
                aVar.trace(type1Message.toString());
                aVar.trace(Hexdump.c(f10, 0, f10.length));
            }
            this.state++;
            return f10;
        }
        if (i10 != 2) {
            throw new SmbException("Invalid state");
        }
        try {
            Type2Message type2Message = new Type2Message(bArr);
            a aVar2 = log;
            if (aVar2.isTraceEnabled()) {
                aVar2.trace(type2Message.toString());
                aVar2.trace(Hexdump.c(bArr, 0, bArr.length));
            }
            this.serverChallenge = type2Message.j();
            if (this.requireKeyExchange) {
                if (this.transportContext.e().G() && (!type2Message.a(1073741824) || !type2Message.a(524288))) {
                    throw new SmbUnsupportedOperationException("Server does not support extended NTLMv2 key exchange");
                }
                if (!type2Message.a(536870912)) {
                    throw new SmbUnsupportedOperationException("Server does not support 128-bit keys");
                }
            }
            this.ntlmsspFlags &= type2Message.b();
            Type3Message m10 = m(type2Message);
            m10.k(this.type1Bytes, bArr);
            byte[] f11 = m10.f();
            if (aVar2.isTraceEnabled()) {
                aVar2.trace(m10.toString());
                aVar2.trace(Hexdump.c(bArr, 0, bArr.length));
            }
            byte[] j5 = m10.j();
            this.masterKey = j5;
            if (j5 != null && (this.ntlmsspFlags & 524288) != 0) {
                o(m10.j());
            }
            this.isEstablished = true;
            this.state++;
            return f11;
        } catch (SmbException e10) {
            throw e10;
        } catch (Exception e11) {
            throw new SmbException(e11.getMessage(), e11);
        }
    }

    @Override // jcifs.smb.SSPContext
    public final boolean d() {
        return (this.auth.c() || this.signKey == null || this.verifyKey == null) ? false : true;
    }

    @Override // jcifs.smb.SSPContext
    public final boolean e() {
        return this.isEstablished;
    }

    @Override // jcifs.smb.SSPContext
    public final ASN1ObjectIdentifier[] f() {
        return new ASN1ObjectIdentifier[]{NTLMSSP_OID};
    }

    @Override // jcifs.smb.SSPContext
    public final boolean g(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return this.auth.t(aSN1ObjectIdentifier);
    }

    @Override // jcifs.smb.SSPContext
    public final String h() {
        return this.netbiosName;
    }

    @Override // jcifs.smb.SSPContext
    public final byte[] i() {
        return this.masterKey;
    }

    @Override // jcifs.smb.SSPContext
    public final byte[] j(byte[] bArr) throws CIFSException {
        byte[] bArr2 = this.signKey;
        if (bArr2 == null) {
            throw new CIFSException("Signing is not initialized");
        }
        byte[] bArr3 = new byte[4];
        long andIncrement = this.signSequence.getAndIncrement();
        SMBUtil.f(0, andIncrement, bArr3);
        MessageDigest c10 = Crypto.c(bArr2);
        c10.update(bArr3);
        c10.update(bArr);
        byte[] digest = c10.digest();
        byte[] bArr4 = new byte[8];
        System.arraycopy(digest, 0, bArr4, 0, 8);
        a aVar = log;
        if (aVar.isDebugEnabled()) {
            aVar.debug("Digest ".concat(Hexdump.b(digest)));
            aVar.debug("Truncated ".concat(Hexdump.c(bArr4, 0, 8)));
        }
        if ((this.ntlmsspFlags & 1073741824) != 0) {
            try {
                bArr4 = this.sealClientHandle.doFinal(bArr4);
                if (aVar.isDebugEnabled()) {
                    aVar.debug("Encrypted ".concat(Hexdump.b(bArr4)));
                }
            } catch (GeneralSecurityException e10) {
                throw new CIFSException("Failed to encrypt MIC", e10);
            }
        }
        byte[] bArr5 = new byte[16];
        SMBUtil.f(0, 1L, bArr5);
        System.arraycopy(bArr4, 0, bArr5, 4, 8);
        SMBUtil.f(12, andIncrement, bArr5);
        return bArr5;
    }

    @Override // jcifs.smb.SSPContext
    public final boolean k(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return NTLMSSP_OID.o(aSN1ObjectIdentifier);
    }

    @Override // jcifs.smb.SSPContext
    public final void l(byte[] bArr, byte[] bArr2) throws CIFSException {
        byte[] bArr3 = this.verifyKey;
        if (bArr3 == null) {
            throw new CIFSException("Signing is not initialized");
        }
        int b10 = SMBUtil.b(0, bArr2);
        if (b10 != 1) {
            throw new SmbUnsupportedOperationException("Invalid signature version");
        }
        MessageDigest c10 = Crypto.c(bArr3);
        int b11 = SMBUtil.b(12, bArr2);
        c10.update(bArr2, 12, 4);
        byte[] digest = c10.digest(bArr);
        byte[] n = Arrays.n(8, digest);
        a aVar = log;
        if (aVar.isDebugEnabled()) {
            aVar.debug("Digest ".concat(Hexdump.c(digest, 0, digest.length)));
            aVar.debug("Truncated ".concat(Hexdump.c(n, 0, n.length)));
        }
        boolean z5 = (this.ntlmsspFlags & 1073741824) != 0;
        if (z5) {
            try {
                n = this.sealServerHandle.doFinal(n);
                if (aVar.isDebugEnabled()) {
                    aVar.debug("Decrypted ".concat(Hexdump.b(n)));
                }
            } catch (GeneralSecurityException e10) {
                throw new CIFSException("Failed to decrypt MIC", e10);
            }
        }
        int andIncrement = this.verifySequence.getAndIncrement();
        if (andIncrement != b11) {
            throw new CIFSException(String.format("Invalid MIC sequence, expect %d have %d", Integer.valueOf(andIncrement), Integer.valueOf(b11)));
        }
        byte[] bArr4 = new byte[8];
        System.arraycopy(bArr2, 4, bArr4, 0, 8);
        if (MessageDigest.isEqual(n, bArr4)) {
            return;
        }
        if (aVar.isDebugEnabled()) {
            aVar.debug(String.format("Seq = %d ver = %d encrypted = %s", Integer.valueOf(b11), Integer.valueOf(b10), Boolean.valueOf(z5)));
            aVar.debug(String.format("Expected MIC %s != %s", Hexdump.b(n), Hexdump.c(bArr4, 0, 8)));
        }
        throw new CIFSException("Invalid MIC");
    }

    public final Type3Message m(Type2Message type2Message) throws GeneralSecurityException, CIFSException {
        NtlmPasswordAuthenticator ntlmPasswordAuthenticator = this.auth;
        if (ntlmPasswordAuthenticator instanceof NtlmNtHashAuthenticator) {
            return new Type3Message(this.transportContext, type2Message, this.targetName, ntlmPasswordAuthenticator.h(), null, this.auth.d(), this.auth.r(), this.workstation, this.ntlmsspFlags, true);
        }
        return new Type3Message(this.transportContext, type2Message, this.targetName, ntlmPasswordAuthenticator.c() ? this.transportContext.e().m() : this.auth.i(), this.auth.c() ? null : this.auth.d(), this.auth.c() ? this.transportContext.e().W() : this.auth.r(), this.workstation, this.ntlmsspFlags, this.auth.c() || !this.auth.b());
    }

    public final void o(byte[] bArr) {
        this.signKey = n(C2S_SIGN_CONSTANT, bArr);
        this.verifyKey = n(S2C_SIGN_CONSTANT, bArr);
        a aVar = log;
        if (aVar.isDebugEnabled()) {
            aVar.debug("Sign key is ".concat(Hexdump.b(this.signKey)));
            aVar.debug("Verify key is ".concat(Hexdump.b(this.verifyKey)));
        }
        byte[] n = n(C2S_SEAL_CONSTANT, bArr);
        this.sealClientKey = n;
        this.sealClientHandle = Crypto.a(n);
        if (aVar.isDebugEnabled()) {
            aVar.debug("Seal key is ".concat(Hexdump.b(this.sealClientKey)));
        }
        byte[] n5 = n(S2C_SEAL_CONSTANT, bArr);
        this.sealServerKey = n5;
        this.sealServerHandle = Crypto.a(n5);
        if (aVar.isDebugEnabled()) {
            aVar.debug("Server seal key is ".concat(Hexdump.b(this.sealServerKey)));
        }
    }

    public final void p(String str) {
        this.targetName = str;
    }

    public final String toString() {
        StringBuilder f10;
        StringBuilder f11;
        StringBuilder sb2 = new StringBuilder("NtlmContext[auth=");
        sb2.append(this.auth);
        sb2.append(",ntlmsspFlags=0x");
        d.u(this.ntlmsspFlags, 8, sb2, ",workstation=");
        sb2.append(this.workstation);
        sb2.append(",isEstablished=");
        sb2.append(this.isEstablished);
        sb2.append(",state=");
        String c10 = org.bouncycastle.jcajce.provider.digest.a.c(sb2, this.state, ",serverChallenge=");
        if (this.serverChallenge == null) {
            f10 = org.bouncycastle.jcajce.provider.digest.a.e(c10, "null");
        } else {
            f10 = org.bouncycastle.pqc.crypto.xmss.a.f(c10);
            f10.append(Hexdump.b(this.serverChallenge));
        }
        String j5 = d.j(f10.toString(), ",signingKey=");
        if (this.masterKey == null) {
            f11 = org.bouncycastle.jcajce.provider.digest.a.e(j5, "null");
        } else {
            f11 = org.bouncycastle.pqc.crypto.xmss.a.f(j5);
            f11.append(Hexdump.b(this.masterKey));
        }
        return d.j(f11.toString(), "]");
    }
}
