package org.alfresco.jlan.server.auth.passthru;

import com.google.zxing.client.result.a;
import io.netty.handler.codec.http.cookie.CookieHeaderNames;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.StringTokenizer;
import org.alfresco.config.ConfigElement;
import org.alfresco.jlan.debug.Debug;
import org.alfresco.jlan.server.SessionListener;
import org.alfresco.jlan.server.SrvSession;
import org.alfresco.jlan.server.auth.AuthContext;
import org.alfresco.jlan.server.auth.CifsAuthenticator;
import org.alfresco.jlan.server.auth.ClientInfo;
import org.alfresco.jlan.server.auth.NTLanManAuthContext;
import org.alfresco.jlan.server.auth.UserAccount;
import org.alfresco.jlan.server.auth.ntlm.NTLMMessage;
import org.alfresco.jlan.server.auth.ntlm.TargetInfo;
import org.alfresco.jlan.server.auth.ntlm.Type1NTLMMessage;
import org.alfresco.jlan.server.auth.ntlm.Type2NTLMMessage;
import org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage;
import org.alfresco.jlan.server.auth.spnego.NegTokenInit;
import org.alfresco.jlan.server.auth.spnego.NegTokenTarg;
import org.alfresco.jlan.server.auth.spnego.OID;
import org.alfresco.jlan.server.auth.spnego.SPNEGO;
import org.alfresco.jlan.server.config.InvalidConfigurationException;
import org.alfresco.jlan.server.config.ServerConfiguration;
import org.alfresco.jlan.server.core.SharedDevice;
import org.alfresco.jlan.smb.Protocol;
import org.alfresco.jlan.smb.server.SMBServer;
import org.alfresco.jlan.smb.server.SMBSrvException;
import org.alfresco.jlan.smb.server.SMBSrvPacket;
import org.alfresco.jlan.smb.server.SMBSrvSession;
import org.alfresco.jlan.util.HexDump;

/* loaded from: classes4.dex */
public class PassthruAuthenticator extends CifsAuthenticator implements SessionListener {
    public static final int DefaultSessionTmo = 5000;
    public static final int MaxCheckInterval = 900;
    public static final int MaxSessionTmo = 30000;
    public static final int MinCheckInterval = 10;
    public static final int MinSessionTmo = 2000;
    private static final int NTLM_FLAGS = -1610612095;
    public static final long PassthruKeepAliveInterval = 60000;
    private PassthruServers m_passthruServers;
    private SMBServer m_server;
    private Hashtable m_sessions = new Hashtable();

    public PassthruAuthenticator() {
        setExtendedSecurity(true);
    }

    /* JADX WARN: Removed duplicated region for block: B:32:0x00b8 A[Catch: Exception -> 0x00cc, TRY_LEAVE, TryCatch #1 {Exception -> 0x00cc, blocks: (B:30:0x00ab, B:32:0x00b8), top: B:29:0x00ab }] */
    /* JADX WARN: Removed duplicated region for block: B:35:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private final void doNTLMv1Logon(org.alfresco.jlan.smb.server.SMBSrvSession r10, org.alfresco.jlan.server.auth.ClientInfo r11, org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage r12) {
        /*
            Method dump skipped, instructions count: 337
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.alfresco.jlan.server.auth.passthru.PassthruAuthenticator.doNTLMv1Logon(org.alfresco.jlan.smb.server.SMBSrvSession, org.alfresco.jlan.server.auth.ClientInfo, org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage):void");
    }

    private final byte[] doNtlmsspSessionSetup(SMBSrvSession sMBSrvSession, ClientInfo clientInfo, byte[] bArr, int i2, int i3, boolean z2) {
        int isNTLMType = NTLMMessage.isNTLMType(bArr, i2);
        if (isNTLMType == -1) {
            if (hasDebug()) {
                Debug.println("Invalid NTLMSSP token received");
                Debug.println("  Token=" + HexDump.hexString(bArr, i2, i3, " "));
            }
            throw new SMBSrvException(-1073741715, 1, 5);
        }
        if (isNTLMType == 1) {
            new Type1NTLMMessage(bArr, i2, i3).getFlags();
            NTLanManAuthContext nTLanManAuthContext = (NTLanManAuthContext) getAuthContext(sMBSrvSession);
            if (nTLanManAuthContext == null) {
                throw new SMBSrvException(-1073741715, 1, 5);
            }
            String serverName = sMBSrvSession.getSMBServer().getServerName();
            ArrayList arrayList = new ArrayList();
            arrayList.add(new TargetInfo(2, serverName));
            arrayList.add(new TargetInfo(1, sMBSrvSession.getServerName()));
            arrayList.add(new TargetInfo(4, serverName));
            arrayList.add(new TargetInfo(3, serverName));
            Type2NTLMMessage type2NTLMMessage = new Type2NTLMMessage();
            type2NTLMMessage.buildType2(-1065221627, serverName, nTLanManAuthContext.getChallenge(), null, arrayList);
            sMBSrvSession.setSetupObject(clientInfo.getProcessId(), type2NTLMMessage);
            return type2NTLMMessage.getBytes();
        }
        if (isNTLMType == 3) {
            Type3NTLMMessage type3NTLMMessage = new Type3NTLMMessage(bArr, i2, i3, z2);
            if (!sMBSrvSession.hasSetupObject(clientInfo.getProcessId()) || !(sMBSrvSession.getSetupObject(clientInfo.getProcessId()) instanceof Type2NTLMMessage)) {
                sMBSrvSession.removeSetupObject(clientInfo.getProcessId());
                throw new SMBSrvException(-1073741715, 1, 5);
            }
            if (type3NTLMMessage.hasFlag(536870912) && type3NTLMMessage.hasFlag(524288)) {
                if (hasDebug()) {
                    Debug.println("Received NTLMSSP/NTLMv2, not supported");
                }
                throw new SMBSrvException(-1073741715, 1, 5);
            }
            doNTLMv1Logon(sMBSrvSession, clientInfo, type3NTLMMessage);
            if (hasDebug()) {
                Debug.println("Logged on using NTLMSSP/NTLMv1");
            }
        }
        return null;
    }

    private final byte[] doSpnegoSessionSetup(SMBSrvSession sMBSrvSession, ClientInfo clientInfo, byte[] bArr, int i2, int i3, boolean z2) {
        int i4;
        NegTokenTarg negTokenTarg;
        try {
            i4 = SPNEGO.checkTokenType(bArr, i2, i3);
        } catch (IOException unused) {
            i4 = -1;
        }
        if (i4 == 1 && sMBSrvSession.hasSetupObject(clientInfo.getProcessId()) && (sMBSrvSession.getSetupObject(clientInfo.getProcessId()) instanceof Type2NTLMMessage)) {
            NegTokenTarg negTokenTarg2 = new NegTokenTarg();
            try {
                negTokenTarg2.decode(bArr, i2, i3);
                byte[] responseToken = negTokenTarg2.getResponseToken();
                negTokenTarg = new NegTokenTarg(sMBSrvSession.hasSetupObject(clientInfo.getProcessId()) ? 1 : 0, null, doNtlmsspSessionSetup(sMBSrvSession, clientInfo, responseToken, 0, responseToken.length, z2));
            } catch (IOException e3) {
                if (hasDebug()) {
                    Debug.println("Passthru error on session startup: " + e3.getMessage());
                }
                throw new SMBSrvException(-1073741715, 1, 5);
            }
        } else {
            if (i4 != 0) {
                if (hasDebug()) {
                    Debug.println("Unknown SPNEGO token type");
                }
                throw new SMBSrvException(-1073741715, 1, 5);
            }
            NegTokenInit negTokenInit = new NegTokenInit();
            try {
                negTokenInit.decode(bArr, i2, i3);
                String oid = negTokenInit.numberOfOids() > 0 ? negTokenInit.getOidAt(0).toString() : null;
                if (oid == null || !oid.equals("1.3.6.1.4.1.311.2.2.10")) {
                    if (hasDebug()) {
                        Debug.println("No matching authentication OID found");
                        Debug.println("  " + negTokenInit.toString());
                    }
                    throw new SMBSrvException(-1073741715, 1, 5);
                }
                byte[] mechtoken = negTokenInit.getMechtoken();
                negTokenTarg = new NegTokenTarg(sMBSrvSession.hasSetupObject(clientInfo.getProcessId()) ? 1 : 0, OID.NTLMSSP, doNtlmsspSessionSetup(sMBSrvSession, clientInfo, mechtoken, 0, mechtoken.length, z2));
            } catch (IOException e4) {
                if (hasDebug()) {
                    Debug.println("Passthru error on session startup: " + e4.getMessage());
                }
                throw new SMBSrvException(-1073741715, 1, 5);
            }
        }
        try {
            return negTokenTarg.encode();
        } catch (IOException e5) {
            if (hasDebug()) {
                Debug.println("Failed to encode NegTokenTarg: " + e5.getMessage());
            }
            throw new SMBSrvException(-1073741715, 1, 5);
        }
    }

    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    public int authenticateShareConnect(ClientInfo clientInfo, SharedDevice sharedDevice, String str, SrvSession srvSession) {
        if (getAccessMode() == 0 || sharedDevice.getType() == 3) {
            return 2;
        }
        UserAccount userDetails = clientInfo != null ? getUserDetails(clientInfo.getUserName()) : null;
        return userDetails == null ? allowGuest() ? 2 : 0 : !userDetails.hasShare(sharedDevice.getName()) ? 0 : 2;
    }

    /* JADX WARN: Removed duplicated region for block: B:34:0x00b1  */
    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public int authenticateUser(org.alfresco.jlan.server.auth.ClientInfo r8, org.alfresco.jlan.server.SrvSession r9, int r10) {
        /*
            Method dump skipped, instructions count: 323
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.alfresco.jlan.server.auth.passthru.PassthruAuthenticator.authenticateUser(org.alfresco.jlan.server.auth.ClientInfo, org.alfresco.jlan.server.SrvSession, int):int");
    }

    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    public void closeAuthenticator() {
        PassthruServers passthruServers = this.m_passthruServers;
        if (passthruServers != null) {
            passthruServers.shutdown();
        }
    }

    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    public void generateNegotiateResponse(SMBSrvSession sMBSrvSession, SMBSrvPacket sMBSrvPacket, boolean z2) {
        if (!z2) {
            super.generateNegotiateResponse(sMBSrvSession, sMBSrvPacket, z2);
            return;
        }
        if ((sMBSrvPacket.getFlags2() & 2048) == 0) {
            sMBSrvPacket.setFlags2(sMBSrvPacket.getFlags2() + 2048);
        }
        int byteOffset = sMBSrvPacket.getByteOffset();
        sMBSrvSession.getSMBServer().getServerGUID().storeUUID(sMBSrvPacket.getBuffer(), byteOffset, false);
        sMBSrvPacket.setByteCount((byteOffset + 16) - sMBSrvPacket.getByteOffset());
    }

    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    public AuthContext getAuthContext(SMBSrvSession sMBSrvSession) {
        if (this.m_server == null && (sMBSrvSession instanceof SMBSrvSession)) {
            SMBServer sMBServer = sMBSrvSession.getSMBServer();
            this.m_server = sMBServer;
            sMBServer.addSessionListener(this);
        }
        NTLanManAuthContext nTLanManAuthContext = null;
        try {
            AuthenticateSession openSession = this.m_passthruServers.openSession();
            if (openSession == null) {
                return null;
            }
            this.m_sessions.put(sMBSrvSession.getUniqueId(), new PassthruDetails(sMBSrvSession, openSession));
            NTLanManAuthContext nTLanManAuthContext2 = new NTLanManAuthContext(openSession.getEncryptionKey());
            try {
                sMBSrvSession.setAuthenticationContext(nTLanManAuthContext2);
                if (hasDebug()) {
                    Debug.println("Passthru sessId=" + openSession.getSessionId() + ", auth ctx=" + nTLanManAuthContext2);
                }
                return nTLanManAuthContext2;
            } catch (Exception e3) {
                e = e3;
                nTLanManAuthContext = nTLanManAuthContext2;
                Debug.println("Passthru error getting challenge " + e.getMessage());
                return nTLanManAuthContext;
            }
        } catch (Exception e4) {
            e = e4;
        }
    }

    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    public int getServerCapabilities() {
        return -2147433860;
    }

    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    public void initialize(ServerConfiguration serverConfiguration, ConfigElement configElement) {
        int i2;
        super.initialize(serverConfiguration, configElement);
        ConfigElement child = configElement.getChild("protocolOrder");
        if (child != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(child.getValue(), ",");
            int i3 = 2;
            if (stringTokenizer.countTokens() > 2) {
                throw new InvalidConfigurationException("Invalid protocol order list, " + child.getValue());
            }
            int i4 = -1;
            if (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if (nextToken.equalsIgnoreCase("TCPIP")) {
                    i2 = 2;
                } else {
                    if (!nextToken.equalsIgnoreCase("NetBIOS")) {
                        throw new InvalidConfigurationException(a.a("Invalid protocol type, ", nextToken));
                    }
                    i2 = 1;
                }
                if (stringTokenizer.hasMoreTokens()) {
                    String nextToken2 = stringTokenizer.nextToken();
                    if (!nextToken2.equalsIgnoreCase("TCPIP") || i2 == 2) {
                        if (!nextToken2.equalsIgnoreCase("NetBIOS") || i2 == 1) {
                            throw new InvalidConfigurationException(a.a("Invalid secondary protocol, ", nextToken2));
                        }
                        i4 = i2;
                        i3 = 1;
                    }
                } else {
                    i3 = -1;
                }
                i4 = i2;
            } else {
                i3 = -1;
            }
            AuthSessionFactory.setProtocolOrder(i4, i3);
            if (hasDebug()) {
                Debug.println("Protocol order primary=" + Protocol.asString(i4) + ", secondary=" + Protocol.asString(i3));
            }
        }
        ConfigElement child2 = configElement.getChild("offlineCheckInterval");
        if (child2 != null) {
            try {
                int parseInt = Integer.parseInt(child2.getValue());
                if (parseInt < 10 || parseInt > 900) {
                    throw new InvalidConfigurationException("Invalid offline check interval, valid range is 10 to 900");
                }
                this.m_passthruServers = new PassthruServers(parseInt);
                if (hasDebug()) {
                    Debug.println("Using offline check interval of " + parseInt + " seconds");
                }
            } catch (NumberFormatException unused) {
                throw new InvalidConfigurationException("Invalid offline check interval specified");
            }
        } else {
            this.m_passthruServers = new PassthruServers();
        }
        if (hasDebug()) {
            this.m_passthruServers.setDebug(true);
        }
        ConfigElement child3 = configElement.getChild("Timeout");
        if (child3 != null) {
            try {
                int parseInt2 = Integer.parseInt(child3.getValue());
                if (parseInt2 < 2000 || parseInt2 > 30000) {
                    throw new InvalidConfigurationException("Invalid session timeout, valid range is 2000 to 30000");
                }
                this.m_passthruServers.setConnectionTimeout(parseInt2);
            } catch (NumberFormatException unused2) {
                throw new InvalidConfigurationException("Invalid timeout value specified");
            }
        }
        ConfigElement child4 = configElement.getChild("Server");
        String str = null;
        String value = (child4 == null || child4.getValue().length() <= 0) ? null : child4.getValue();
        if (value != null) {
            this.m_passthruServers.setServerList(value);
        } else {
            ConfigElement child5 = configElement.getChild(CookieHeaderNames.DOMAIN);
            if (child5 != null && child5.getValue().length() > 0) {
                if (value != null) {
                    throw new InvalidConfigurationException("Specify server or domain name for passthru authentication");
                }
                str = child5.getValue();
            }
            if (str != null) {
                try {
                    this.m_passthruServers.setDomain(str);
                } catch (IOException e3) {
                    throw new InvalidConfigurationException("Failed to set domain, " + e3.getMessage());
                }
            }
        }
        if (this.m_passthruServers.getTotalServerCount() == 0) {
            throw new InvalidConfigurationException("No valid authentication servers found for passthru");
        }
        SMBServer sMBServer = (SMBServer) serverConfiguration.findServer("SMB");
        if (sMBServer != null) {
            sMBServer.addSessionListener(this);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:100:0x01ef  */
    /* JADX WARN: Removed duplicated region for block: B:103:0x023c  */
    /* JADX WARN: Removed duplicated region for block: B:105:0x0207 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:113:0x01f7  */
    /* JADX WARN: Removed duplicated region for block: B:114:0x01a3  */
    /* JADX WARN: Removed duplicated region for block: B:117:0x011d A[Catch: SMBSrvException -> 0x0320, TRY_LEAVE, TryCatch #2 {SMBSrvException -> 0x0320, blocks: (B:47:0x0118, B:117:0x011d), top: B:40:0x00d1 }] */
    /* JADX WARN: Removed duplicated region for block: B:42:0x00d3 A[Catch: SMBSrvException -> 0x0324, TryCatch #1 {SMBSrvException -> 0x0324, blocks: (B:27:0x00b2, B:30:0x00b8, B:32:0x00bd, B:34:0x00c6, B:37:0x00c9, B:42:0x00d3, B:44:0x00d9), top: B:26:0x00b2 }] */
    /* JADX WARN: Removed duplicated region for block: B:50:0x013c  */
    /* JADX WARN: Removed duplicated region for block: B:65:0x01a1  */
    /* JADX WARN: Removed duplicated region for block: B:73:0x024c  */
    /* JADX WARN: Removed duplicated region for block: B:89:0x02cb  */
    /* JADX WARN: Removed duplicated region for block: B:92:0x02db  */
    /* JADX WARN: Removed duplicated region for block: B:94:0x02e3  */
    /* JADX WARN: Removed duplicated region for block: B:97:0x02ad  */
    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void processSessionSetup(org.alfresco.jlan.smb.server.SMBSrvSession r24, org.alfresco.jlan.smb.server.SMBSrvPacket r25) {
        /*
            Method dump skipped, instructions count: 823
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.alfresco.jlan.server.auth.passthru.PassthruAuthenticator.processSessionSetup(org.alfresco.jlan.smb.server.SMBSrvSession, org.alfresco.jlan.smb.server.SMBSrvPacket):void");
    }

    @Override // org.alfresco.jlan.server.SessionListener
    public void sessionClosed(SrvSession srvSession) {
        PassthruDetails passthruDetails = (PassthruDetails) this.m_sessions.get(srvSession.getUniqueId());
        if (passthruDetails != null) {
            this.m_sessions.remove(srvSession.getUniqueId());
            try {
                AuthenticateSession authenticateSession = passthruDetails.getAuthenticateSession();
                authenticateSession.CloseSession();
                if (hasDebug()) {
                    Debug.println("Closed auth session, sessId=" + authenticateSession.getSessionId());
                }
            } catch (Exception e3) {
                if (hasDebug()) {
                    Debug.println("Passthru error closing session (closed) " + e3.getMessage());
                }
            }
        }
    }

    @Override // org.alfresco.jlan.server.SessionListener
    public void sessionCreated(SrvSession srvSession) {
    }

    @Override // org.alfresco.jlan.server.SessionListener
    public void sessionLoggedOn(SrvSession srvSession) {
        PassthruDetails passthruDetails = (PassthruDetails) this.m_sessions.get(srvSession.getUniqueId());
        if (passthruDetails != null) {
            this.m_sessions.remove(srvSession.getUniqueId());
            try {
                AuthenticateSession authenticateSession = passthruDetails.getAuthenticateSession();
                authenticateSession.CloseSession();
                if (hasDebug()) {
                    Debug.println("Closed auth session, sessId=" + authenticateSession.getSessionId());
                }
            } catch (Exception e3) {
                if (hasDebug()) {
                    Debug.println("Passthru error closing session (logon) " + e3.getMessage());
                }
            }
        }
    }
}
