package jcifs.spnego;

import java.net.UnknownHostException;
import java.security.AccessControlContext;
import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import java.util.Properties;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.LoginContext;
import jcifs.Config;
import jcifs.UniAddress;
import jcifs.netbios.NbtAddress;
import jcifs.ntlmssp.Type1Message;
import jcifs.ntlmssp.Type2Message;
import jcifs.ntlmssp.Type3Message;
import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SmbSession;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:jcifs/spnego/Authentication.class */
public class Authentication {
    private static final byte[] NTLMSSP_SIGNATURE = {78, 84, 76, 77, 83, 83, 80, 0};
    private Properties properties;
    private boolean client;
    private byte[] challenge;
    private byte[] nextToken;
    private Subject subject;
    private Principal principal;
    private GSSContext context;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jcifs/spnego/Authentication$ClientAction.class */
    public class ClientAction implements PrivilegedExceptionAction {
        private byte[] token;

        public ClientAction(byte[] bArr) {
            this.token = bArr != null ? bArr : new byte[0];
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            if (Authentication.this.context == null) {
                Oid oid = new Oid(SpnegoConstants.KERBEROS_MECHANISM);
                GSSManager gSSManager = GSSManager.getInstance();
                GSSName createName = gSSManager.createName(Authentication.this.getProperty("jcifs.spnego.servicePrincipal"), (Oid) null);
                GSSCredential gSSCredential = null;
                String property = Authentication.this.getProperty("javax.security.auth.login.name");
                if (property != null) {
                    gSSCredential = gSSManager.createCredential(gSSManager.createName(property, (Oid) null), 0, oid, 1);
                }
                Authentication.this.context = gSSManager.createContext(createName, oid, gSSCredential, 0);
            }
            return Authentication.this.context.initSecContext(this.token, 0, this.token.length);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jcifs/spnego/Authentication$ServerAction.class */
    public class ServerAction implements PrivilegedExceptionAction {
        private byte[] token;

        public ServerAction(byte[] bArr) {
            this.token = bArr != null ? bArr : new byte[0];
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            if (Authentication.this.context == null) {
                Oid oid = new Oid(SpnegoConstants.KERBEROS_MECHANISM);
                GSSManager gSSManager = GSSManager.getInstance();
                GSSCredential createCredential = gSSManager.createCredential(gSSManager.createName(Authentication.this.getProperty("jcifs.spnego.servicePrincipal"), (Oid) null), 0, oid, 2);
                Authentication.this.context = gSSManager.createContext(createCredential);
            }
            return Authentication.this.context.acceptSecContext(this.token, 0, this.token.length);
        }
    }

    public Authentication() {
        this(null);
    }

    public Authentication(Properties properties) {
        this.properties = new Properties();
        setProperties(properties);
    }

    public byte[] getNextToken() {
        return this.nextToken;
    }

    public Principal getPrincipal() {
        return this.principal;
    }

    public Properties getProperties() {
        return this.properties;
    }

    public void setProperties(Properties properties) {
        this.properties = properties != null ? properties : new Properties();
    }

    public String getProperty(String str) {
        String property = getProperties().getProperty(str);
        if (property == null) {
            property = Config.getProperty(str);
        }
        return property != null ? property : System.getProperty(str);
    }

    public void setProperty(String str, String str2) {
        if (str2 != null) {
            getProperties().setProperty(str, str2);
        } else {
            getProperties().remove(str);
        }
    }

    public void init(String[] strArr) throws AuthenticationException {
        byte[] bArr;
        reset();
        this.client = true;
        if (strArr == null || strArr.length == 0) {
            String property = getProperty("jcifs.smb.client.useUnicode");
            int i = 512 | (property != null ? Boolean.valueOf(property).booleanValue() : true ? 1 : 2);
            String property2 = getProperty("jcifs.smb.client.domain");
            String str = null;
            try {
                str = NbtAddress.getLocalHost().getHostName();
            } catch (UnknownHostException e) {
            }
            this.nextToken = new Type1Message(i, property2, str).toByteArray();
            return;
        }
        int i2 = 0;
        String str2 = strArr[0];
        if (SpnegoConstants.NTLMSSP_MECHANISM.equals(str2)) {
            String property3 = getProperty("jcifs.smb.client.useUnicode");
            int i3 = 512 | (property3 != null ? Boolean.valueOf(property3).booleanValue() : true ? 1 : 2);
            String property4 = getProperty("jcifs.smb.client.domain");
            String str3 = null;
            try {
                str3 = NbtAddress.getLocalHost().getHostName();
            } catch (UnknownHostException e2) {
            }
            bArr = new Type1Message(i3, property4, str3).toByteArray();
        } else {
            if (!SpnegoConstants.KERBEROS_MECHANISM.equals(str2) && !SpnegoConstants.LEGACY_KERBEROS_MECHANISM.equals(str2)) {
                throw new UnsupportedMechanismException("Unsupported initial mechanism: " + str2);
            }
            ClientAction clientAction = new ClientAction(null);
            String property5 = getProperty("javax.security.auth.useSubjectCredsOnly");
            if (property5 == null ? true : Boolean.valueOf(property5).booleanValue()) {
                try {
                    LoginContext loginContext = new LoginContext("jcifs.spnego.initiate", new SpnegoLoginHandler(getProperty("javax.security.auth.login.name"), getProperty("javax.security.auth.login.password")));
                    loginContext.login();
                    this.subject = loginContext.getSubject();
                } catch (Exception e3) {
                    throw new AuthenticationException("Unable to login: " + e3, e3);
                }
            }
            try {
                bArr = (byte[]) (this.subject != null ? Subject.doAsPrivileged(this.subject, clientAction, (AccessControlContext) null) : clientAction.run());
                if (this.context.getCredDelegState()) {
                    i2 = 0 | 64;
                }
                if (this.context.getMutualAuthState()) {
                    i2 |= 32;
                }
                if (this.context.getReplayDetState()) {
                    i2 |= 16;
                }
                if (this.context.getSequenceDetState()) {
                    i2 |= 8;
                }
                if (this.context.getAnonymityState()) {
                    i2 |= 4;
                }
                if (this.context.getConfState()) {
                    i2 |= 2;
                }
                if (this.context.getIntegState()) {
                    i2 |= 1;
                }
            } catch (Exception e4) {
                throw new AuthenticationException("Error processing token: " + e4, e4);
            }
        }
        this.nextToken = new NegTokenInit(strArr, i2, bArr, null).toByteArray();
    }

    public void reset() {
        this.client = false;
        this.challenge = null;
        this.nextToken = null;
        this.subject = null;
        this.principal = null;
        this.context = null;
    }

    public void process(byte[] bArr) throws AuthenticationException {
        if (bArr == null) {
            throw new NullPointerException("Null token.");
        }
        if (getPrincipal() != null) {
            throw new IllegalStateException("Context already completed.");
        }
        if (isNtlm(bArr)) {
            processNtlm(bArr);
        } else {
            processSpnego(bArr);
        }
    }

    private void processNtlm(byte[] bArr) throws AuthenticationException {
        try {
            switch (bArr[8]) {
                case 1:
                    if (!this.client) {
                        boolean z = false;
                        String property = getProperty("jcifs.http.domainController");
                        if (property == null) {
                            property = getProperty("jcifs.smb.client.domain");
                            String property2 = getProperty("jcifs.http.loadBalance");
                            z = property2 != null ? Boolean.valueOf(property2).booleanValue() : true;
                        }
                        this.challenge = SmbSession.getChallenge(z ? new UniAddress(NbtAddress.getByName(property, 28, null)) : UniAddress.getByName(property, true));
                        this.nextToken = new Type2Message(new Type1Message(bArr), this.challenge, (String) null).toByteArray();
                        break;
                    } else {
                        throw new AuthenticationException("NTLM Type 1 message received by client.");
                    }
                case 2:
                    if (!this.client) {
                        throw new AuthenticationException("NTLM Type 2 message received by server.");
                    }
                    String str = null;
                    try {
                        str = NbtAddress.getLocalHost().getHostName();
                    } catch (UnknownHostException e) {
                    }
                    this.nextToken = new Type3Message(new Type2Message(bArr), getProperty("jcifs.smb.client.password"), getProperty("jcifs.smb.client.domain"), getProperty("jcifs.smb.client.username"), str).toByteArray();
                    break;
                case 3:
                    if (!this.client) {
                        Type3Message type3Message = new Type3Message(bArr);
                        byte[] lMResponse = type3Message.getLMResponse();
                        if (lMResponse == null) {
                            lMResponse = new byte[0];
                        }
                        byte[] nTResponse = type3Message.getNTResponse();
                        if (nTResponse == null) {
                            nTResponse = new byte[0];
                        }
                        this.principal = new NtlmPasswordAuthentication(type3Message.getDomain(), type3Message.getUser(), this.challenge, lMResponse, nTResponse);
                        this.nextToken = null;
                        break;
                    } else {
                        throw new AuthenticationException("NTLM Type 3 message received by client.");
                    }
                default:
                    throw new AuthenticationException("Unrecognized NTLM Token Type: " + ((int) bArr[8]));
            }
        } catch (AuthenticationException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new AuthenticationException("Error performing Kerberos authentication: " + e3, e3);
        }
    }

    private void processSpnego(byte[] bArr) throws AuthenticationException {
        byte[] mechanismToken;
        String mechanism;
        try {
            switch (bArr[0]) {
                case -95:
                    NegTokenTarg negTokenTarg = new NegTokenTarg(bArr);
                    mechanismToken = negTokenTarg.getMechanismToken();
                    mechanism = negTokenTarg.getMechanism();
                    break;
                case 96:
                    NegTokenInit negTokenInit = new NegTokenInit(bArr);
                    mechanismToken = negTokenInit.getMechanismToken();
                    mechanism = mechanismToken != null ? negTokenInit.getMechanisms()[0] : null;
                    break;
                default:
                    throw new AuthenticationException("Unrecognized SPNEGO Token.");
            }
            if (isNtlm(mechanismToken)) {
                processNtlm(mechanismToken);
                if (getNextToken() == null) {
                } else {
                    this.nextToken = new NegTokenTarg(getPrincipal() == null ? 1 : 0, SpnegoConstants.NTLMSSP_MECHANISM, mechanismToken, null).toByteArray();
                }
            } else {
                try {
                    processKerberos(mechanism, mechanismToken);
                } catch (UnsupportedMechanismException e) {
                    this.nextToken = new NegTokenTarg(2, null, null, null).toByteArray();
                }
            }
        } catch (AuthenticationException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new AuthenticationException("Error performing SPNEGO negotiation: " + e3, e3);
        }
    }

    private void processKerberos(String str, byte[] bArr) throws AuthenticationException {
        int i;
        int i2;
        try {
            if (this.client) {
                ClientAction clientAction = new ClientAction(bArr);
                byte[] bArr2 = (byte[]) (this.subject != null ? Subject.doAsPrivileged(this.subject, clientAction, (AccessControlContext) null) : clientAction.run());
                if (this.context.isEstablished()) {
                    i2 = 0;
                    this.principal = new KerberosPrincipal(this.context.getSrcName().toString());
                } else {
                    i2 = 1;
                }
                this.nextToken = new NegTokenTarg(i2, str, bArr2, null).toByteArray();
            } else {
                ServerAction serverAction = new ServerAction(bArr);
                if (this.subject == null) {
                    String property = getProperty("javax.security.auth.useSubjectCredsOnly");
                    if (property == null ? true : Boolean.valueOf(property).booleanValue()) {
                        LoginContext loginContext = new LoginContext("jcifs.spnego.accept", new SpnegoLoginHandler(getProperty("jcifs.spnego.servicePrincipal"), getProperty("jcifs.spnego.servicePassword")));
                        loginContext.login();
                        this.subject = loginContext.getSubject();
                    }
                }
                byte[] bArr3 = (byte[]) (this.subject != null ? Subject.doAsPrivileged(this.subject, serverAction, (AccessControlContext) null) : serverAction.run());
                if (this.context.isEstablished()) {
                    i = 0;
                    this.principal = new KerberosPrincipal(this.context.getSrcName().toString());
                } else {
                    i = 1;
                }
                this.nextToken = new NegTokenTarg(i, str, bArr3, null).toByteArray();
            }
        } catch (Exception e) {
            throw new AuthenticationException("Error performing Kerberos authentication: " + e, e);
        }
    }

    private static boolean isNtlm(byte[] bArr) {
        if (bArr == null || bArr.length < 8) {
            return false;
        }
        for (int i = 0; i < 8; i++) {
            if (NTLMSSP_SIGNATURE[i] != bArr[i]) {
                return false;
            }
        }
        return true;
    }
}
