package org.filesys.server.auth;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.io.Writer;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.StringTokenizer;
import java.util.zip.CRC32;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.sasl.RealmCallback;
import org.filesys.debug.Debug;
import org.filesys.server.auth.ClientInfo;
import org.filesys.server.auth.ISMBAuthenticator;
import org.filesys.server.auth.SecurityBlob;
import org.filesys.server.auth.kerberos.KerberosDetails;
import org.filesys.server.auth.kerberos.SessionSetupPrivilegedAction;
import org.filesys.server.auth.ntlm.NTLM;
import org.filesys.server.auth.ntlm.NTLMMessage;
import org.filesys.server.auth.ntlm.NTLMv2Blob;
import org.filesys.server.auth.ntlm.StringTargetInfo;
import org.filesys.server.auth.ntlm.TargetInfo;
import org.filesys.server.auth.ntlm.TimestampTargetInfo;
import org.filesys.server.auth.ntlm.Type1NTLMMessage;
import org.filesys.server.auth.ntlm.Type2NTLMMessage;
import org.filesys.server.auth.ntlm.Type3NTLMMessage;
import org.filesys.server.auth.spnego.NegTokenInit;
import org.filesys.server.auth.spnego.NegTokenTarg;
import org.filesys.server.auth.spnego.OID;
import org.filesys.server.auth.spnego.SPNEGO;
import org.filesys.server.config.InvalidConfigurationException;
import org.filesys.server.config.ServerConfiguration;
import org.filesys.server.core.NoPooledMemoryException;
import org.filesys.smb.SMBStatus;
import org.filesys.smb.server.KeyType;
import org.filesys.smb.server.SMBConfigSection;
import org.filesys.smb.server.SMBSrvException;
import org.filesys.smb.server.SMBSrvPacket;
import org.filesys.smb.server.SMBSrvSession;
import org.filesys.smb.server.SMBV1Parser;
import org.filesys.smb.server.SetupObjectType;
import org.filesys.smb.server.VirtualCircuit;
import org.filesys.util.DataBuffer;
import org.filesys.util.DataPacker;
import org.filesys.util.HexDump;
import org.ietf.jgss.Oid;
import org.springframework.extensions.config.ConfigElement;

/* loaded from: input_file:org/filesys/server/auth/EnterpriseSMBAuthenticator.class */
public class EnterpriseSMBAuthenticator extends SMBAuthenticator implements CallbackHandler {
    private static final String LoginConfigEntry = "FileServerSMB";
    private static final String LineSeperator = System.getProperty("line.separator");
    private static final int NTLM_UNSUPPORTED_FLAGS = 0;
    private static final int NTLM_SERVER_FLAGS = 1653244469;
    private static final int MIC_TOKEN_LENGTH = 16;
    private static final int MIC_TOKEN_VERSION = 0;
    private static final int MIC_TOKEN_DIGEST = 4;
    private static final int MIC_TOKEN_SEQNO = 12;
    private static final int MIC_TOKEN_VER_NTLMSSP = 1;
    private static final boolean EXTRA_DEBUG = true;
    protected boolean m_useRawNTLMSSP;
    protected boolean m_acceptNTLMv1;
    protected String m_accountName;
    protected String m_password;
    protected String m_krbRealm;
    protected LoginContext m_loginContext;
    protected byte[] m_negTokenInit;
    protected boolean m_allowNTLM = true;
    protected String m_loginEntryName = LoginConfigEntry;

    public EnterpriseSMBAuthenticator() {
        setExtendedSecurity(true);
    }

    @Override // org.filesys.server.auth.SMBAuthenticator
    public void initialize(ServerConfiguration serverConfiguration, ConfigElement configElement) throws InvalidConfigurationException {
        super.initialize(serverConfiguration, configElement);
        if (configElement.getChild("disableSessionCleanup") != null) {
            setSessionCleanup(false);
            if (hasDebugOutput()) {
                debugOutput("[SMB] Disabled session cleanup (for virtual circuit zero logons)");
            }
        }
        if (configElement.getChild("kerberosDebug") != null) {
            System.setProperty("sun.security.jgss.debug", "true");
            System.setProperty("sun.security.krb5.debug", "true");
            System.setProperty("com.ibm.security.jgss.debug", "all");
        }
        SMBConfigSection sMBConfigSection = (SMBConfigSection) serverConfiguration.getConfigSection(SMBConfigSection.SectionName);
        ConfigElement child = configElement.getChild("Realm");
        if (child != null && child.getValue() != null && child.getValue().length() > 0) {
            this.m_krbRealm = child.getValue();
            ConfigElement child2 = configElement.getChild("Password");
            if (child2 != null && child2.getValue() != null && child2.getValue().length() > 0) {
                this.m_password = child2.getValue();
            }
            ConfigElement child3 = configElement.getChild("KerberosConfig");
            if (child3 != null) {
                String value = child3.getValue();
                if (!Files.exists(Paths.get(value, new String[0]), LinkOption.NOFOLLOW_LINKS)) {
                    throw new InvalidConfigurationException("Kerberos configuration file does not exist - " + value);
                }
                System.setProperty("java.security.krb5.conf", value);
            }
            ConfigElement child4 = configElement.getChild("LoginConfig");
            if (child4 != null) {
                String value2 = child4.getValue();
                if (!Files.exists(Paths.get(value2, new String[0]), LinkOption.NOFOLLOW_LINKS)) {
                    throw new InvalidConfigurationException("Login configuration file does not exist - " + value2);
                }
                System.setProperty("java.security.auth.login.config", value2);
            }
            ConfigElement child5 = configElement.getChild("LoginEntry");
            if (child5 != null) {
                if (child5.getValue() == null || child5.getValue().length() <= 0) {
                    throw new InvalidConfigurationException("Invalid login entry specified");
                }
                this.m_loginEntryName = child5.getValue();
            }
            try {
                this.m_loginContext = new LoginContext(this.m_loginEntryName, this);
                this.m_loginContext.login();
                this.m_accountName = this.m_loginContext.getSubject().getPrincipals().iterator().next().getName();
                if (hasDebugOutput()) {
                    debugOutput("[SMB] Logged on using principal " + this.m_accountName);
                }
                if (hasDebugOutput()) {
                    debugOutput("[SMB] Enabling mechTypes :-");
                    debugOutput("       Kerberos5");
                    debugOutput("       MS-Kerberos5");
                }
                ArrayList arrayList = new ArrayList();
                arrayList.add(OID.MSKERBEROS5);
                arrayList.add(OID.KERBEROS5);
                if (configElement.getChild("disableNTLM") == null) {
                    arrayList.add(OID.NTLMSSP);
                    if (hasDebug()) {
                        debugOutput("       NTLMSSP");
                    }
                    this.m_allowNTLM = true;
                } else {
                    this.m_allowNTLM = false;
                }
                try {
                    this.m_negTokenInit = new NegTokenInit(arrayList, "cifs/" + sMBConfigSection.getServerName().toLowerCase() + "@" + this.m_krbRealm).encode();
                    this.m_useRawNTLMSSP = false;
                } catch (IOException e) {
                    if (hasDebugOutput()) {
                        debugOutput("[SMB] Error creating SPNEGO NegTokenInit blob - " + e.getMessage());
                    }
                    throw new InvalidConfigurationException("Failed to create SPNEGO NegTokenInit blob");
                }
            } catch (LoginException e2) {
                if (hasDebugOutput()) {
                    debugOutput("[SMB] Kerberos authenticator error - " + e2.getMessage());
                }
                throw new InvalidConfigurationException("Failed to login SMB server service");
            }
        } else if (configElement.getChild("useSPNEGO") != null) {
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(OID.NTLMSSP);
            try {
                this.m_negTokenInit = new NegTokenInit(arrayList2, (String) null).encode();
                this.m_useRawNTLMSSP = false;
            } catch (IOException e3) {
                if (hasDebugOutput()) {
                    debugOutput("[SMB] Error creating SPNEGO NegTokenInit blob - " + e3.getMessage());
                }
                throw new InvalidConfigurationException("Failed to create SPNEGO NegTokenInit blob");
            }
        } else {
            this.m_useRawNTLMSSP = true;
        }
        if (configElement.getChild("disableNTLM") != null) {
            this.m_allowNTLM = false;
            if (hasDebugOutput()) {
                debugOutput("[SMB] NTLM logons disabled");
            }
        }
        this.m_acceptNTLMv1 = configElement.getChild("disallowNTLMv1") == null;
        if (allowNTLMLogon() || this.m_loginContext != null) {
            return;
        }
        if (hasDebugOutput()) {
            debugOutput("[SMB] No authentication methods enabled");
        }
        throw new InvalidConfigurationException("No authentication methods enabled, require NTLMSSP or SPNEGO");
    }

    @Override // org.filesys.server.auth.SMBAuthenticator, org.filesys.server.auth.ISMBAuthenticator
    public boolean usingSPNEGO() {
        return !this.m_useRawNTLMSSP;
    }

    @Override // org.filesys.server.auth.SMBAuthenticator, org.filesys.server.auth.ISMBAuthenticator
    public byte[] getNegTokenInit() {
        return this.m_negTokenInit;
    }

    private final boolean allowNTLMLogon() {
        return this.m_allowNTLM;
    }

    private final boolean acceptNTLMv1Logon() {
        return this.m_acceptNTLMv1;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbackArr.length; i++) {
            if (callbackArr[i] instanceof NameCallback) {
                ((NameCallback) callbackArr[i]).setName(this.m_accountName);
            } else if (callbackArr[i] instanceof PasswordCallback) {
                PasswordCallback passwordCallback = (PasswordCallback) callbackArr[i];
                if (this.m_password != null) {
                    passwordCallback.setPassword(this.m_password.toCharArray());
                } else {
                    passwordCallback.setPassword("".toCharArray());
                }
            } else {
                if (!(callbackArr[i] instanceof RealmCallback)) {
                    throw new UnsupportedCallbackException(callbackArr[i]);
                }
                ((RealmCallback) callbackArr[i]).setText(this.m_krbRealm);
            }
        }
    }

    @Override // org.filesys.server.auth.SMBAuthenticator, org.filesys.server.auth.ISMBAuthenticator
    public int getEncryptionKeyLength() {
        return 8;
    }

    @Override // org.filesys.server.auth.SMBAuthenticator, org.filesys.server.auth.ISMBAuthenticator
    public int getServerCapabilities() {
        return -2147425540;
    }

    @Override // org.filesys.server.auth.SMBAuthenticator, org.filesys.server.auth.ISMBAuthenticator
    public void processSessionSetup(SMBSrvSession sMBSrvSession, SMBSrvPacket sMBSrvPacket) throws SMBSrvException {
        int disconnectClientSessions;
        SMBV1Parser sMBV1Parser = (SMBV1Parser) sMBSrvPacket.getParser();
        if (!sMBV1Parser.checkPacketIsValid(12, 0)) {
            throw new SMBSrvException(SMBStatus.NTInvalidParameter, 1, 2);
        }
        if (sMBV1Parser.getParameterCount() == 13) {
            try {
                doHashedPasswordLogon(sMBSrvSession, sMBSrvPacket);
                return;
            } catch (SMBSrvException e) {
                throw e;
            }
        }
        int parameter = sMBV1Parser.getParameter(2);
        int parameter2 = sMBV1Parser.getParameter(3);
        int parameter3 = sMBV1Parser.getParameter(4);
        int parameter4 = sMBV1Parser.getParameter(7);
        int parameterLong = sMBV1Parser.getParameterLong(10);
        int byteOffset = sMBV1Parser.getByteOffset();
        byte[] buffer = sMBV1Parser.getBuffer();
        boolean isUnicode = sMBV1Parser.isUnicode();
        sMBV1Parser.setPosition(byteOffset + parameter4);
        String str = "";
        if (sMBV1Parser.hasMoreData()) {
            str = sMBV1Parser.unpackString(isUnicode);
            if (str == null) {
                throw new SMBSrvException(SMBStatus.NTInvalidParameter, 1, 2);
            }
        }
        String str2 = "";
        if (sMBV1Parser.hasMoreData()) {
            str2 = sMBV1Parser.unpackString(isUnicode);
            if (str2 == null) {
                throw new SMBSrvException(SMBStatus.NTInvalidParameter, 1, 2);
            }
        }
        if (hasDebugOutput()) {
            debugOutput("[SMB] NT Session setup " + (usingSPNEGO() ? "SPNEGO" : "NTLMSSP") + ", MID=" + sMBV1Parser.getMultiplexId() + ", UID=" + sMBV1Parser.getUserId() + ", PID=" + sMBV1Parser.getProcessId());
        }
        sMBSrvSession.setClientMaximumBufferSize(parameter != 0 ? parameter : 65540);
        sMBSrvSession.setClientMaximumMultiplex(parameter2);
        sMBSrvSession.setClientCapabilities(parameterLong);
        ClientInfo createInfo = ClientInfo.createInfo(null, null);
        createInfo.setDomain(str);
        createInfo.setOperatingSystem(str2);
        createInfo.setLogonType(ClientInfo.LogonType.Normal);
        if (sMBSrvSession.hasRemoteAddress()) {
            createInfo.setClientAddress(sMBSrvSession.getRemoteAddress().getHostAddress());
        }
        createInfo.setProcessId(sMBV1Parser.getProcessId());
        Object setupObject = sMBSrvSession.getSetupObject(createInfo.getProcessId(), SetupObjectType.Type2Message);
        boolean z = false;
        ISMBAuthenticator.AuthStatus authStatus = ISMBAuthenticator.AuthStatus.DISALLOW;
        try {
            if (parameter4 >= NTLM.Signature.length) {
                int i = 0;
                while (i < NTLM.Signature.length && buffer[byteOffset + i] == NTLM.Signature[i]) {
                    i++;
                }
                if (i == NTLM.Signature.length) {
                    z = true;
                }
            }
            SecurityBlob securityBlob = new SecurityBlob(z ? SecurityBlob.SecurityBlobType.NTLMSSP : SecurityBlob.SecurityBlobType.SPNEGO, buffer, byteOffset, parameter4, isUnicode);
            if (processSecurityBlob(sMBSrvSession, createInfo, securityBlob) == ISMBAuthenticator.AuthStatus.DISALLOW) {
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
            if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
                if (securityBlob.hasResponseBlob()) {
                    debugOutput("[SMB] Two stage logon (" + (z ? "NTLMSSP" : "SPNEGO") + ")");
                } else {
                    debugOutput("[SMB] User " + createInfo.getUserName() + " logged on " + (createInfo != null ? " (type " + createInfo.getLogonTypeString() + ")" : ""));
                }
            }
            int responseLength = securityBlob.hasResponseBlob() ? securityBlob.getResponseLength() : 0;
            boolean z2 = false;
            if (securityBlob.hasResponseBlob() || sMBSrvSession.hasSetupObject(createInfo.getProcessId(), SetupObjectType.Type2Message) || setupObject != null) {
                if (sMBSrvSession.hasSetupObject(createInfo.getProcessId(), SetupObjectType.Type2Message)) {
                    sMBV1Parser.setLongErrorCode(SMBStatus.NTMoreProcessingRequired);
                } else {
                    onSuccessfulLogon(createInfo);
                    sMBV1Parser.setLongErrorCode(0);
                    z2 = true;
                }
                sMBV1Parser.setParameterCount(4);
                int i2 = responseLength + 100;
                if (i2 > sMBV1Parser.getAvailableLength()) {
                    try {
                        SMBSrvPacket allocatePacket = sMBSrvSession.getPacketPool().allocatePacket(sMBV1Parser.getByteOffset() + i2, sMBSrvPacket);
                        allocatePacket.setParser(SMBSrvPacket.Version.V1);
                        sMBV1Parser = (SMBV1Parser) allocatePacket.getParser();
                    } catch (NoPooledMemoryException e2) {
                        if (hasDebug()) {
                            debugOutput("Authenticator failed to allocate packet from pool, reqSiz=" + (sMBV1Parser.getByteOffset() + responseLength));
                        }
                        throw new SMBSrvException(SMBStatus.NTInvalidParameter, 83, 2);
                    }
                }
                sMBV1Parser.setParameter(0, 255);
                sMBV1Parser.setParameter(1, 0);
                sMBV1Parser.setParameter(2, 0);
                sMBV1Parser.setParameter(3, responseLength);
            } else {
                onSuccessfulLogon(createInfo);
                sMBV1Parser.setLongErrorCode(0);
                sMBV1Parser.setParameterCount(12);
                sMBV1Parser.setParameter(0, 255);
                sMBV1Parser.setParameter(1, 0);
                sMBV1Parser.setParameter(2, 65540);
                sMBV1Parser.setParameter(3, 4);
                sMBV1Parser.setParameter(4, parameter3);
                sMBV1Parser.setParameterLong(5, 0);
                sMBV1Parser.setParameter(7, responseLength);
                sMBV1Parser.setParameterLong(8, 0);
                sMBV1Parser.setParameterLong(10, getServerCapabilities());
                z2 = true;
            }
            int i3 = 65535;
            if (z2) {
                if (parameter3 == 0 && hasSessionCleanup() && (disconnectClientSessions = sMBSrvSession.disconnectClientSessions()) > 0 && sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
                    debugOutput("[SMB] Disconnected " + disconnectClientSessions + " existing sessions from client, sess=" + sMBSrvSession);
                }
                sMBSrvSession.removeAllSetupObjects(createInfo.getProcessId());
                VirtualCircuit virtualCircuit = new VirtualCircuit(parameter3, createInfo);
                i3 = sMBSrvSession.addVirtualCircuit(virtualCircuit);
                if (i3 == -1) {
                    if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
                        debugOutput("[SMB] Failed to allocate UID for virtual circuit, " + virtualCircuit);
                    }
                    throw new SMBSrvException(SMBStatus.NTTooManySessions, 90, 2);
                }
                if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
                    debugOutput("[SMB] Allocated UID=" + i3 + " for VC=" + virtualCircuit);
                }
            }
            sMBV1Parser.setCommand(sMBV1Parser.getCommand());
            sMBV1Parser.setByteCount(0);
            sMBV1Parser.setTreeId(z2 ? 0 : 65535);
            sMBV1Parser.setUserId(i3);
            sMBV1Parser.setFlags(sMBV1Parser.getFlags() & (-9));
            sMBV1Parser.setResponse();
            int i4 = 18433;
            if (isUnicode) {
                i4 = 18433 + 32768;
            }
            sMBV1Parser.setFlags2(i4);
            int byteOffset2 = sMBV1Parser.getByteOffset();
            byte[] buffer2 = sMBV1Parser.getBuffer();
            if (securityBlob.hasResponseBlob()) {
                System.arraycopy(securityBlob.getResponseBlob(), 0, buffer2, byteOffset2, securityBlob.getResponseLength());
                byteOffset2 += securityBlob.getResponseLength();
            }
            if (isUnicode) {
                byteOffset2 = DataPacker.wordAlign(byteOffset2);
            }
            int putString = DataPacker.putString("Java File Server " + sMBSrvSession.getServer().isVersion(), buffer2, DataPacker.putString("Java", buffer2, byteOffset2, true, isUnicode), true, isUnicode);
            if (!securityBlob.hasResponseBlob()) {
                putString = DataPacker.putString(sMBSrvSession.getSMBServer().getSMBConfiguration().getDomainName(), buffer2, putString, true, isUnicode);
            }
            sMBV1Parser.setByteCount(putString - sMBV1Parser.getByteOffset());
            sMBV1Parser.setParameter(1, putString - 4);
        } catch (SMBSrvException e3) {
            sMBSrvSession.removeAllSetupObjects(createInfo.getProcessId());
            throw e3;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.filesys.server.auth.SMBAuthenticator, org.filesys.server.auth.ISMBAuthenticator
    public ISMBAuthenticator.AuthStatus processSecurityBlob(SMBSrvSession sMBSrvSession, ClientInfo clientInfo, SecurityBlob securityBlob) throws SMBSrvException {
        ISMBAuthenticator.AuthStatus authStatus = ISMBAuthenticator.AuthStatus.DISALLOW;
        return this instanceof TransactionalSMBAuthenticator ? ((TransactionalSMBAuthenticator) this).processSecurityBlobInTransaction(sMBSrvSession, clientInfo, securityBlob) : processSecurityBlobInternal(sMBSrvSession, clientInfo, securityBlob);
    }

    public final ISMBAuthenticator.AuthStatus processSecurityBlobInternal(SMBSrvSession sMBSrvSession, ClientInfo clientInfo, SecurityBlob securityBlob) throws SMBSrvException {
        sMBSrvSession.getSetupObject(clientInfo.getProcessId(), SetupObjectType.Type2Message);
        if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
            debugOutput("[SMB] Process security blob=" + securityBlob);
        }
        ISMBAuthenticator.AuthStatus authStatus = ISMBAuthenticator.AuthStatus.DISALLOW;
        try {
            ISMBAuthenticator.AuthStatus doNtlmsspSessionSetup = securityBlob.isNTLMSSP() ? doNtlmsspSessionSetup(sMBSrvSession, clientInfo, securityBlob, false) : doSpnegoSessionSetup(sMBSrvSession, clientInfo, securityBlob);
            if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
                if (doNtlmsspSessionSetup == ISMBAuthenticator.AuthStatus.AUTHENTICATED) {
                    debugOutput("[SMB] User " + clientInfo.getUserName() + " logged on " + (clientInfo != null ? " (type " + clientInfo.getLogonTypeString() + ")" : ""));
                } else {
                    debugOutput("[SMB] Two stage logon (" + securityBlob.isType().name() + ")");
                }
            }
            int responseLength = securityBlob.hasResponseBlob() ? securityBlob.getResponseLength() : 0;
            if (doNtlmsspSessionSetup == ISMBAuthenticator.AuthStatus.AUTHENTICATED) {
                sMBSrvSession.removeAllSetupObjects(clientInfo.getProcessId());
                onSuccessfulLogon(clientInfo);
            }
            return doNtlmsspSessionSetup;
        } catch (SMBSrvException e) {
            sMBSrvSession.removeAllSetupObjects(clientInfo.getProcessId());
            throw e;
        }
    }

    private final ISMBAuthenticator.AuthStatus doNtlmsspSessionSetup(SMBSrvSession sMBSrvSession, ClientInfo clientInfo, SecurityBlob securityBlob, boolean z) throws SMBSrvException {
        if (!allowNTLMLogon()) {
            if (hasDebugOutput()) {
                debugOutput("[SMB] NTLM disabled, received NTLM logon from client (NTLMSSP)");
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        ISMBAuthenticator.AuthStatus authStatus = ISMBAuthenticator.AuthStatus.DISALLOW;
        NTLMMessage.Type isNTLMType = NTLMMessage.isNTLMType(securityBlob.getSecurityBlob(), securityBlob.getSecurityOffset());
        if (isNTLMType == NTLMMessage.Type.Invalid) {
            if (hasDebugOutput()) {
                debugOutput("[SMB] Invalid NTLMSSP token received");
                debugOutput("[SMB]   Token=" + HexDump.hexString(securityBlob.getSecurityBlob(), securityBlob.getSecurityOffset(), securityBlob.getSecurityLength(), " "));
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        if (isNTLMType == NTLMMessage.Type.Negotiate) {
            Type1NTLMMessage type1NTLMMessage = new Type1NTLMMessage(securityBlob.getSecurityBlob(), securityBlob.getSecurityOffset(), securityBlob.getSecurityLength());
            if (hasDebugOutput()) {
                debugOutput("[SMB] Received NTLM Type1/Negotiate - " + type1NTLMMessage.toString());
            }
            if (z || type1NTLMMessage.hasFlag(16) || type1NTLMMessage.hasFlag(32768)) {
                type1NTLMMessage = type1NTLMMessage.m94clone();
                sMBSrvSession.setSetupObject(clientInfo.getProcessId(), type1NTLMMessage, SetupObjectType.Type1Message);
                if (hasDebugOutput()) {
                    debugOutput("[SMB] Signing required/SPNEGO, saved Type1");
                }
            }
            int flags = type1NTLMMessage.getFlags() & 0;
            NTLanManAuthContext nTLanManAuthContext = new NTLanManAuthContext();
            String serverName = sMBSrvSession.getSMBServer().getServerName();
            ArrayList arrayList = new ArrayList();
            arrayList.add(new StringTargetInfo(TargetInfo.Type.DOMAIN, serverName));
            arrayList.add(new StringTargetInfo(TargetInfo.Type.SERVER, sMBSrvSession.getServerName()));
            arrayList.add(new StringTargetInfo(TargetInfo.Type.DNS_DOMAIN, serverName.toLowerCase()));
            arrayList.add(new StringTargetInfo(TargetInfo.Type.FULL_DNS, serverName.toLowerCase()));
            arrayList.add(new TimestampTargetInfo());
            int i = NTLM_SERVER_FLAGS;
            if (acceptNTLMv1Logon()) {
                i -= Integer.MIN_VALUE;
            }
            Type2NTLMMessage type2NTLMMessage = new Type2NTLMMessage();
            type2NTLMMessage.buildType2(i, serverName, nTLanManAuthContext.getChallenge(), null, arrayList);
            sMBSrvSession.setSetupObject(clientInfo.getProcessId(), type2NTLMMessage, SetupObjectType.Type2Message);
            securityBlob.setResponseBlob(type2NTLMMessage.getBytes());
            authStatus = ISMBAuthenticator.AuthStatus.MORE_PROCESSING;
        } else if (isNTLMType == NTLMMessage.Type.Authenticate) {
            Type3NTLMMessage type3NTLMMessage = new Type3NTLMMessage(securityBlob.getSecurityBlob(), securityBlob.getSecurityOffset(), securityBlob.getSecurityLength(), securityBlob.isUnicode());
            if (hasDebugOutput()) {
                debugOutput("[SMB] Received NTLM Type3/Authenticate - " + type3NTLMMessage.toString());
            }
            if (!sMBSrvSession.hasSetupObject(clientInfo.getProcessId(), SetupObjectType.Type2Message)) {
                sMBSrvSession.removeAllSetupObjects(clientInfo.getProcessId());
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
            if (z || type3NTLMMessage.hasFlag(16) || type3NTLMMessage.hasFlag(32768)) {
                type3NTLMMessage = type3NTLMMessage.m97clone();
                sMBSrvSession.setSetupObject(clientInfo.getProcessId(), type3NTLMMessage, SetupObjectType.Type3Message);
                if (hasDebugOutput()) {
                    debugOutput("[SMB] Signing required/SPNEGO, saved Type3");
                }
            }
            if (!type3NTLMMessage.hasFlag(536870912) && !type3NTLMMessage.hasFlag(524288)) {
                doNTLMv1Logon(sMBSrvSession, clientInfo, type3NTLMMessage);
                if (hasDebugOutput()) {
                    debugOutput("[SMB] Logged on using NTLMSSP/NTLMv1");
                }
            } else if (type3NTLMMessage.getNTLMHashLength() > 24) {
                doNTLMv2Logon(sMBSrvSession, clientInfo, type3NTLMMessage);
                if (hasDebugOutput()) {
                    debugOutput("[SMB] Logged on using NTLMSSP/NTLMv2");
                }
            } else {
                doNTLMv2SessionKeyLogon(sMBSrvSession, clientInfo, type3NTLMMessage);
                if (hasDebugOutput()) {
                    debugOutput("[SMB] Logged on using NTLMSSP/NTLMv2SessKey");
                }
            }
            authStatus = ISMBAuthenticator.AuthStatus.AUTHENTICATED;
        }
        return authStatus;
    }

    private final ISMBAuthenticator.AuthStatus doSpnegoSessionSetup(SMBSrvSession sMBSrvSession, ClientInfo clientInfo, SecurityBlob securityBlob) throws SMBSrvException {
        NegTokenTarg doKerberosLogon;
        ISMBAuthenticator.AuthStatus authStatus;
        ISMBAuthenticator.AuthStatus authStatus2 = ISMBAuthenticator.AuthStatus.DISALLOW;
        int i = -1;
        try {
            i = SPNEGO.checkTokenType(securityBlob);
        } catch (IOException e) {
        }
        if (i == 1 && sMBSrvSession.hasSetupObject(clientInfo.getProcessId(), SetupObjectType.Type2Message)) {
            NegTokenTarg negTokenTarg = new NegTokenTarg();
            try {
                negTokenTarg.decode(securityBlob);
                SecurityBlob securityBlob2 = new SecurityBlob(SecurityBlob.SecurityBlobType.NTLMSSP, negTokenTarg.getResponseToken(), securityBlob.isUnicode());
                authStatus = doNtlmsspSessionSetup(sMBSrvSession, clientInfo, securityBlob2, true);
                SPNEGO.Result result = SPNEGO.Result.AcceptCompleted;
                byte[] bArr = null;
                if (authStatus == ISMBAuthenticator.AuthStatus.MORE_PROCESSING) {
                    result = SPNEGO.Result.AcceptIncomplete;
                } else if (negTokenTarg.hasMechListMIC() && sMBSrvSession.hasSessionKey(KeyType.SessionKey) && sMBSrvSession.hasSetupObject(clientInfo.getProcessId(), SetupObjectType.NegTokenInit)) {
                    NegTokenInit negTokenInit = (NegTokenInit) sMBSrvSession.getSetupObject(clientInfo.getProcessId(), SetupObjectType.NegTokenInit);
                    if (negTokenInit.hasMechListBytes()) {
                        byte[] mechListBytes = negTokenInit.getMechListBytes();
                        if (!verifyMIC(sMBSrvSession, mechListBytes, 0, mechListBytes.length, negTokenTarg.getMechListMIC(), clientInfo.getProcessId())) {
                            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
                        }
                    }
                    NegTokenInit negTokenInit2 = (NegTokenInit) sMBSrvSession.getSetupObject(clientInfo.getProcessId(), SetupObjectType.NegTokenInit);
                    if (negTokenInit2.hasMechListBytes()) {
                        byte[] mechListBytes2 = negTokenInit2.getMechListBytes();
                        bArr = generateMIC(sMBSrvSession, mechListBytes2, 0, mechListBytes2.length, 0);
                    }
                    sMBSrvSession.removeAllSetupObjects(clientInfo.getProcessId());
                }
                doKerberosLogon = new NegTokenTarg(result, null, securityBlob2.getResponseBlob());
                doKerberosLogon.setMechListMIC(bArr);
            } catch (IOException e2) {
                if (hasDebug()) {
                    debugOutput(e2);
                }
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
        } else {
            if (i != 0) {
                if (hasDebugOutput()) {
                    debugOutput("[SMB] Unknown SPNEGO token type=" + i);
                }
                sMBSrvSession.removeAllSetupObjects(clientInfo.getProcessId());
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
            NegTokenInit negTokenInit3 = new NegTokenInit();
            try {
                negTokenInit3.decode(securityBlob);
                sMBSrvSession.setSetupObject(clientInfo.getProcessId(), negTokenInit3, SetupObjectType.NegTokenInit);
                String str = null;
                if (negTokenInit3.numberOfOids() > 0) {
                    str = negTokenInit3.getOidAt(0).toString();
                }
                if (str == null || !str.equals(OID.ID_NTLMSSP)) {
                    if (str == null || !(str.equals(OID.ID_MSKERBEROS5) || str.equals(OID.ID_KERBEROS5))) {
                        if (hasDebugOutput()) {
                            debugOutput("[SMB] No matching authentication OID found");
                            debugOutput("[SMB]   " + negTokenInit3.toString());
                        }
                        sMBSrvSession.removeAllSetupObjects(clientInfo.getProcessId());
                        throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
                    }
                    doKerberosLogon = doKerberosLogon(sMBSrvSession, negTokenInit3, clientInfo);
                    authStatus = ISMBAuthenticator.AuthStatus.AUTHENTICATED;
                } else {
                    if (!allowNTLMLogon()) {
                        if (hasDebugOutput()) {
                            debugOutput("[SMB] NTLM disabled, received NTLM logon from client (SPNEGO)");
                        }
                        throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
                    }
                    SecurityBlob securityBlob3 = new SecurityBlob(SecurityBlob.SecurityBlobType.NTLMSSP, negTokenInit3.getMechtoken(), securityBlob.isUnicode());
                    authStatus = doNtlmsspSessionSetup(sMBSrvSession, clientInfo, securityBlob3, true);
                    SPNEGO.Result result2 = SPNEGO.Result.AcceptCompleted;
                    if (authStatus == ISMBAuthenticator.AuthStatus.MORE_PROCESSING) {
                        result2 = SPNEGO.Result.AcceptIncomplete;
                    }
                    doKerberosLogon = new NegTokenTarg(result2, OID.NTLMSSP, securityBlob3.getResponseBlob());
                }
            } catch (IOException e3) {
                if (hasDebug()) {
                    debugOutput(e3);
                }
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
        }
        try {
            securityBlob.setResponseBlob(doKerberosLogon.encode());
            return authStatus;
        } catch (IOException e4) {
            if (hasDebugOutput()) {
                debugOutput("[SMB] Failed to encode NegTokenTarg - " + e4.getMessage());
            }
            sMBSrvSession.removeAllSetupObjects(clientInfo.getProcessId());
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
    }

    private final NegTokenTarg doKerberosLogon(SMBSrvSession sMBSrvSession, NegTokenInit negTokenInit, ClientInfo clientInfo) throws SMBSrvException {
        Oid oid;
        try {
            Object doAs = Subject.doAs(this.m_loginContext.getSubject(), (PrivilegedAction<Object>) getKerberosPrivilegedAction(negTokenInit));
            if (doAs == null) {
                if (hasDebug()) {
                    debugOutput("[SMB] No SPNEGO response, Kerberos logon failed");
                }
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
            KerberosDetails kerberosDetails = (KerberosDetails) doAs;
            if (negTokenInit.hasOid(OID.MSKERBEROS5)) {
                oid = OID.MSKERBEROS5;
                if (hasDebug()) {
                    debugOutput("[SMB] Using OID MS Kerberos5 for NegTokenTarg");
                }
            } else {
                oid = OID.KERBEROS5;
                if (hasDebug()) {
                    debugOutput("[SMB] Using OID Kerberos5 for NegTokenTarg");
                }
            }
            NegTokenTarg negTokenTarg = new NegTokenTarg(SPNEGO.Result.AcceptCompleted, oid, kerberosDetails.getResponseToken());
            if (hasDebug()) {
                debugOutput("[SMB] Created NegTokenTarg using standard Krb5 API response");
            }
            String userName = kerberosDetails.getUserName();
            if (userName == null) {
                clientInfo.setLogonType(ClientInfo.LogonType.Null);
            } else if (userName.endsWith("$") && userName.equals(userName.toUpperCase())) {
                clientInfo.setLogonType(ClientInfo.LogonType.Null);
                if (hasDebug()) {
                    debugOutput("[SMB] Machine account logon, " + userName + ", as null logon");
                }
            } else {
                clientInfo.setUserName(userName);
                clientInfo.setLoggedOnName(kerberosDetails.getSourceName());
                clientInfo.setGuest(false);
                sMBSrvSession.setLoggedOn(true);
            }
            postKerberosLogon(sMBSrvSession, kerberosDetails, clientInfo);
            sMBSrvSession.setLoggedOn(true);
            if (hasDebug()) {
                debugOutput("[SMB] Logged on using Kerberos, user " + userName);
            }
            return negTokenTarg;
        } catch (Exception e) {
            if (hasDebug()) {
                debugOutput("[SMB] Kerberos logon error");
                debugOutput(e);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
    }

    private final void doNTLMv1Logon(SMBSrvSession sMBSrvSession, ClientInfo clientInfo, Type3NTLMMessage type3NTLMMessage) throws SMBSrvException {
        if (!acceptNTLMv1Logon()) {
            if (hasDebug()) {
                debugOutput("[SMB] NTLMv1 not accepted, client " + sMBSrvSession.getRemoteName());
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        String userName = type3NTLMMessage.getUserName();
        if (userName.length() == 0) {
            if (hasDebugOutput()) {
                debugOutput("[SMB] Null logon");
            }
            clientInfo.setLogonType(ClientInfo.LogonType.Null);
        } else {
            if (getUserDetails(userName) == null) {
                if (hasDebug()) {
                    debugOutput("[SMB] User does not exist, " + userName);
                }
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
            ISMBAuthenticator.AuthStatus authenticateUser = authenticateUser(clientInfo, sMBSrvSession, ISMBAuthenticator.PasswordAlgorithm.NTLM1);
            if (authenticateUser.isError()) {
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
            clientInfo.setUserName(userName);
            clientInfo.setGuest(authenticateUser == ISMBAuthenticator.AuthStatus.GUEST_LOGON);
            sMBSrvSession.setLoggedOn(true);
        }
    }

    private final void doNTLMv1Logon(SMBSrvSession sMBSrvSession, ClientInfo clientInfo) throws SMBSrvException {
        if (!acceptNTLMv1Logon()) {
            if (hasDebug()) {
                debugOutput("[SMB] NTLMv1 not accepted, client " + sMBSrvSession.getRemoteName());
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        String userName = clientInfo.getUserName();
        if (getUserDetails(userName) == null) {
            if (hasDebug()) {
                debugOutput("[SMB] User does not exist, " + userName);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        ISMBAuthenticator.AuthStatus authenticateUser = authenticateUser(clientInfo, sMBSrvSession, ISMBAuthenticator.PasswordAlgorithm.NTLM1);
        if (authenticateUser.isError()) {
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        clientInfo.setUserName(userName);
        clientInfo.setGuest(authenticateUser == ISMBAuthenticator.AuthStatus.GUEST_LOGON);
        sMBSrvSession.setLoggedOn(true);
    }

    private final void doNTLMv2Logon(SMBSrvSession sMBSrvSession, ClientInfo clientInfo, Type3NTLMMessage type3NTLMMessage) throws SMBSrvException {
        byte[] generateEncryptedPassword;
        Type2NTLMMessage type2NTLMMessage = (Type2NTLMMessage) sMBSrvSession.getSetupObject(clientInfo.getProcessId(), SetupObjectType.Type2Message);
        String userName = type3NTLMMessage.getUserName();
        if (userName.length() == 0) {
            if (hasDebugOutput()) {
                debugOutput("[SMB] Null logon");
            }
            clientInfo.setLogonType(ClientInfo.LogonType.Null);
            return;
        }
        UserAccount userDetails = getUserDetails(userName);
        if (userDetails == null) {
            if (hasDebugOutput()) {
                debugOutput("[SMB] User does not exist, " + userName);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        try {
            if (userDetails.hasMD4Password()) {
                generateEncryptedPassword = userDetails.getMD4Password();
            } else {
                generateEncryptedPassword = getEncryptor().generateEncryptedPassword(userDetails.getPassword(), type2NTLMMessage.getChallenge(), 3, null, null);
                userDetails.setMD4Password(generateEncryptedPassword);
            }
            byte[] doNTLM2Encryption = getEncryptor().doNTLM2Encryption(generateEncryptedPassword, type3NTLMMessage.getUserName(), type3NTLMMessage.getDomain());
            debugOutput("[SMB] Generate v2hash user=" + type3NTLMMessage.getUserName() + ", domain=" + type3NTLMMessage.getDomain() + ", v2hash=" + HexDump.hexString(doNTLM2Encryption));
            NTLMv2Blob nTLMv2Blob = new NTLMv2Blob(type3NTLMMessage.getNTLMHash());
            byte[] challenge = type2NTLMMessage.getChallenge();
            debugOutput("[SMB] v2blob= len=" + nTLMv2Blob.getLength() + ",data=" + HexDump.hexString(nTLMv2Blob.getBuffer(), 16, "") + "..., challenge=" + HexDump.hexString(challenge));
            byte[] calculateHMAC = nTLMv2Blob.calculateHMAC(challenge, doNTLM2Encryption);
            byte[] hmac = nTLMv2Blob.getHMAC();
            if (hmac != null && calculateHMAC != null && hmac.length == calculateHMAC.length) {
                int i = 0;
                while (i < hmac.length && hmac[i] == calculateHMAC[i]) {
                    i++;
                }
                if (i != hmac.length) {
                    debugOutput("[SMB] HMac does not match, client=" + HexDump.hexString(hmac) + ", server=" + HexDump.hexString(calculateHMAC));
                    throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
                }
            }
            if (NTLM.hasFlag(type3NTLMMessage.getFlags(), 1073741824)) {
                debugOutput("[SMB] Type3 session key=" + HexDump.hexString(type3NTLMMessage.getSessionKey()));
                if (!type3NTLMMessage.hasSessionKey()) {
                    throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
                }
                generateSessionKeys(sMBSrvSession, type3NTLMMessage, doNTLM2Encryption, calculateHMAC, hmac);
            }
            clientInfo.setUserName(userName);
            clientInfo.setGuest(false);
            sMBSrvSession.setLoggedOn(true);
        } catch (Exception e) {
            if (hasDebug()) {
                debugOutput(e);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
    }

    private final void doNTLMv2Logon(SMBSrvSession sMBSrvSession, ClientInfo clientInfo) throws SMBSrvException {
        byte[] generateEncryptedPassword;
        if (clientInfo.getUserName().length() == 0) {
            if (hasDebugOutput()) {
                debugOutput("[SMB] Null logon");
            }
            clientInfo.setLogonType(ClientInfo.LogonType.Null);
            return;
        }
        UserAccount userDetails = getUserDetails(clientInfo.getUserName());
        if (userDetails == null) {
            if (hasDebugOutput()) {
                debugOutput("[SMB] User does not exist, " + clientInfo.getUserName());
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        try {
            byte[] bArr = null;
            if (sMBSrvSession.hasAuthenticationContext()) {
                bArr = ((NTLanManAuthContext) sMBSrvSession.getAuthenticationContext()).getChallenge();
            }
            if (userDetails.hasMD4Password()) {
                generateEncryptedPassword = userDetails.getMD4Password();
            } else {
                generateEncryptedPassword = getEncryptor().generateEncryptedPassword(userDetails.getPassword(), bArr, 3, null, null);
                userDetails.setMD4Password(generateEncryptedPassword);
            }
            NTLMv2Blob nTLMv2Blob = new NTLMv2Blob(clientInfo.getPassword());
            byte[] calculateHMAC = nTLMv2Blob.calculateHMAC(bArr, getEncryptor().doNTLM2Encryption(generateEncryptedPassword, clientInfo.getUserName(), clientInfo.getDomain()));
            byte[] hmac = nTLMv2Blob.getHMAC();
            if (hmac != null && calculateHMAC != null && hmac.length == calculateHMAC.length && !Arrays.equals(hmac, calculateHMAC)) {
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
            clientInfo.setGuest(false);
            sMBSrvSession.setLoggedOn(true);
        } catch (Exception e) {
            if (hasDebug()) {
                debugOutput(e);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
    }

    private final void doNTLMv2SessionKeyLogon(SMBSrvSession sMBSrvSession, ClientInfo clientInfo, Type3NTLMMessage type3NTLMMessage) throws SMBSrvException {
        byte[] generateEncryptedPassword;
        Type2NTLMMessage type2NTLMMessage = (Type2NTLMMessage) sMBSrvSession.removeSetupObject(clientInfo.getProcessId(), SetupObjectType.Type2Message);
        String userName = type3NTLMMessage.getUserName();
        if (userName.length() == 0) {
            if (hasDebugOutput()) {
                debugOutput("[SMB] Null logon");
            }
            clientInfo.setLogonType(ClientInfo.LogonType.Null);
            return;
        }
        UserAccount userDetails = getUserDetails(userName);
        if (userDetails == null) {
            if (hasDebugOutput()) {
                debugOutput("[SMB] User does not exist, " + userName);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        byte[] bArr = new byte[16];
        System.arraycopy(type2NTLMMessage.getChallenge(), 0, bArr, 0, 8);
        System.arraycopy(type3NTLMMessage.getLMHash(), 0, bArr, 8, 8);
        byte[] bArr2 = new byte[8];
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(bArr);
            System.arraycopy(messageDigest.digest(), 0, bArr2, 0, 8);
            byte[] bArr3 = new byte[21];
            if (userDetails.hasMD4Password()) {
                generateEncryptedPassword = userDetails.getMD4Password();
            } else {
                try {
                    generateEncryptedPassword = getEncryptor().generateEncryptedPassword(userDetails.getPassword(), null, 3, null, null);
                } catch (Exception e) {
                    if (hasDebug()) {
                        debugOutput(e);
                    }
                    throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
                }
            }
            System.arraycopy(generateEncryptedPassword, 0, bArr3, 0, 16);
            byte[] bArr4 = null;
            try {
                bArr4 = getEncryptor().doNTLM1Encryption(bArr3, bArr2);
            } catch (NoSuchAlgorithmException e2) {
                if (hasDebug()) {
                    debugOutput(e2);
                }
            }
            byte[] nTLMHash = type3NTLMMessage.getNTLMHash();
            if (nTLMHash != null && bArr4 != null && nTLMHash.length == bArr4.length && !Arrays.equals(nTLMHash, bArr4)) {
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
            clientInfo.setUserName(userName);
            clientInfo.setGuest(false);
            sMBSrvSession.setLoggedOn(true);
        } catch (NoSuchAlgorithmException e3) {
            if (hasDebug()) {
                debugOutput(e3);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
    }

    private final void doHashedPasswordLogon(SMBSrvSession sMBSrvSession, SMBSrvPacket sMBSrvPacket) throws SMBSrvException {
        SMBV1Parser sMBV1Parser = (SMBV1Parser) sMBSrvPacket.getParser();
        if (!sMBV1Parser.checkPacketIsValid(13, 0)) {
            throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
        }
        int parameter = sMBV1Parser.getParameter(2);
        int parameter2 = sMBV1Parser.getParameter(3);
        int parameter3 = sMBV1Parser.getParameter(4);
        int parameter4 = sMBV1Parser.getParameter(7);
        int parameter5 = sMBV1Parser.getParameter(8);
        int parameterLong = sMBV1Parser.getParameterLong(11);
        sMBV1Parser.getBuffer();
        boolean isUnicode = sMBV1Parser.isUnicode();
        byte[] unpackBytes = sMBV1Parser.unpackBytes(parameter4);
        byte[] unpackBytes2 = sMBV1Parser.unpackBytes(parameter5);
        String unpackString = sMBV1Parser.unpackString(isUnicode);
        if (unpackString == null) {
            throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
        }
        String str = "";
        if (sMBV1Parser.hasMoreData()) {
            str = sMBV1Parser.unpackString(isUnicode);
            if (str == null) {
                throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
            }
        }
        String str2 = "";
        if (sMBV1Parser.hasMoreData()) {
            str2 = sMBV1Parser.unpackString(isUnicode);
            if (str2 == null) {
                throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
            }
        }
        if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
            debugOutput("[SMB] NT Session setup from user=" + unpackString + ", password=" + (unpackBytes2 != null ? HexDump.hexString(unpackBytes2) : "none") + ", ANSIpwd=" + (unpackBytes != null ? HexDump.hexString(unpackBytes) : "none") + ", domain=" + str + ", os=" + str2 + ", VC=" + parameter3 + ", maxBuf=" + parameter + ", maxMpx=" + parameter2 + ", authCtx=" + sMBSrvSession.getAuthenticationContext());
            debugOutput("[SMB]   MID=" + sMBV1Parser.getMultiplexId() + ", UID=" + sMBV1Parser.getUserId() + ", PID=" + sMBV1Parser.getProcessId());
        }
        sMBSrvSession.setClientMaximumBufferSize(parameter != 0 ? parameter : 65540);
        sMBSrvSession.setClientMaximumMultiplex(parameter2);
        sMBSrvSession.setClientCapabilities(parameterLong);
        ClientInfo createInfo = ClientInfo.getFactory().createInfo(unpackString, unpackBytes2);
        createInfo.setANSIPassword(unpackBytes);
        createInfo.setDomain(str);
        createInfo.setOperatingSystem(str2);
        if (sMBSrvSession.hasRemoteAddress()) {
            createInfo.setClientAddress(sMBSrvSession.getRemoteAddress().getHostAddress());
        }
        if (unpackString.length() == 0 && str.length() == 0 && parameter5 == 0) {
            createInfo.setLogonType(ClientInfo.LogonType.Null);
        }
        boolean z = false;
        if (unpackBytes2 == null) {
            createInfo.setLogonType(ClientInfo.LogonType.Null);
        } else if (unpackBytes2.length == 24) {
            doNTLMv1Logon(sMBSrvSession, createInfo);
            if (hasDebugOutput()) {
                debugOutput("[SMB] Logged on using Hashed/NTLMv1");
            }
        } else if (unpackBytes2.length > 0) {
            doNTLMv2Logon(sMBSrvSession, createInfo);
            if (hasDebugOutput()) {
                debugOutput("[SMB] Logged on using Hashed/NTLMv2");
            }
        }
        if (createInfo.isGuest()) {
            z = true;
            if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
                debugOutput("[SMB] User " + unpackString + ", logged on as guest");
            }
        }
        VirtualCircuit virtualCircuit = new VirtualCircuit(parameter3, createInfo);
        int addVirtualCircuit = sMBSrvSession.addVirtualCircuit(virtualCircuit);
        if (addVirtualCircuit == -1) {
            if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
                debugOutput("[SMB] Failed to allocate UID for virtual circuit, " + virtualCircuit);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.NEGOTIATE)) {
            debugOutput("[SMB] Allocated UID=" + addVirtualCircuit + " for VC=" + virtualCircuit);
        }
        if (z) {
            createInfo.setLogonType(ClientInfo.LogonType.Guest);
        }
        sMBSrvSession.setLoggedOn(true);
        onSuccessfulLogon(createInfo);
        sMBV1Parser.setParameterCount(3);
        sMBV1Parser.setParameter(0, 0);
        sMBV1Parser.setParameter(1, 0);
        sMBV1Parser.setParameter(2, z ? 1 : 0);
        sMBV1Parser.setByteCount(0);
        sMBV1Parser.setTreeId(0);
        sMBV1Parser.setUserId(addVirtualCircuit);
        sMBV1Parser.setFlags(sMBV1Parser.getFlags() & (-9));
        int i = 1;
        if (isUnicode) {
            i = 1 + 32768;
        }
        sMBV1Parser.setFlags2(i);
        int byteOffset = sMBV1Parser.getByteOffset();
        byte[] buffer = sMBV1Parser.getBuffer();
        if (isUnicode) {
            byteOffset = DataPacker.wordAlign(byteOffset);
        }
        sMBV1Parser.setByteCount(DataPacker.putString(sMBSrvSession.getSMBServer().getSMBConfiguration().getDomainName(), buffer, DataPacker.putString("Java File Server " + sMBSrvSession.getServer().isVersion(), buffer, DataPacker.putString("Java", buffer, byteOffset, true, isUnicode), true, isUnicode), true, isUnicode) - sMBV1Parser.getByteOffset());
    }

    private void generateSessionKeys(SMBSrvSession sMBSrvSession, Type3NTLMMessage type3NTLMMessage, byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        if (hasDebugOutput()) {
            debugOutput("[SMB] Generate session keys, v2hash=" + HexDump.hexString(bArr));
        }
        Mac mac = Mac.getInstance("HMACMD5");
        mac.init(new SecretKeySpec(bArr, "MD5"));
        byte[] doFinal = mac.doFinal(bArr3);
        if (hasDebugOutput()) {
            debugOutput("  Session base key=" + HexDump.hexString(doFinal));
        }
        byte[] sessionKey = type3NTLMMessage.getSessionKey();
        if (hasDebugOutput()) {
            debugOutput("  Random session key=" + HexDump.hexString(sessionKey));
        }
        Cipher cipher = Cipher.getInstance("RC4");
        cipher.init(2, new SecretKeySpec(doFinal, "RC4"));
        byte[] doFinal2 = cipher.doFinal(sessionKey);
        sMBSrvSession.addSessionKey(KeyType.SessionKey, doFinal2);
        if (sMBSrvSession.hasDebug(SMBSrvSession.Dbg.SIGNING)) {
            sMBSrvSession.debugPrintln("Set session key=" + HexDump.hexString(doFinal2));
        }
        if (type3NTLMMessage.hasFlag(524288)) {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(doFinal2);
            messageDigest.update(NTLM.SERVER_SIGNING_KEY_CONST);
            sMBSrvSession.addSessionKey(KeyType.NTLMServerSigningKey, messageDigest.digest());
            messageDigest.reset();
            messageDigest.update(doFinal2);
            messageDigest.update(NTLM.CLIENT_SIGNING_KEY_CONST);
            sMBSrvSession.addSessionKey(KeyType.NTLMClientSigningKey, messageDigest.digest());
            messageDigest.reset();
            messageDigest.update(doFinal2);
            messageDigest.update(NTLM.SERVER_SEALING_KEY_CONST);
            byte[] digest = messageDigest.digest();
            sMBSrvSession.addSessionKey(KeyType.NTLMServerSealingKey, digest);
            messageDigest.reset();
            messageDigest.update(doFinal2);
            messageDigest.update(NTLM.CLIENT_SEALING_KEY_CONST);
            byte[] digest2 = messageDigest.digest();
            sMBSrvSession.addSessionKey(KeyType.NTLMClientSealingKey, digest2);
            Cipher cipher2 = Cipher.getInstance("RC4");
            cipher2.init(1, new SecretKeySpec(digest, "RC4"));
            sMBSrvSession.addSessionKey(KeyType.NTLMServerRC4Context, cipher2);
            Cipher cipher3 = Cipher.getInstance("RC4");
            cipher3.init(2, new SecretKeySpec(digest2, "RC4"));
            sMBSrvSession.addSessionKey(KeyType.NTLMClientRC4Context, cipher3);
        }
    }

    protected final boolean verifyMIC(SMBSrvSession sMBSrvSession, byte[] bArr, int i, int i2, byte[] bArr2, int i3) {
        if (bArr2 == null || bArr2.length != 16) {
            return false;
        }
        DataBuffer dataBuffer = new DataBuffer(bArr2, 0, bArr2.length);
        if (dataBuffer.getInt() != 1) {
            return false;
        }
        boolean z = false;
        try {
            byte[] bArr3 = (byte[]) sMBSrvSession.getSessionKey(KeyType.NTLMClientSigningKey);
            Cipher cipher = (Cipher) sMBSrvSession.getSessionKey(KeyType.NTLMClientRC4Context);
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr3, "MD5");
            Mac mac = Mac.getInstance("HMACMD5");
            byte[] bArr4 = {0, 0, 0, 0};
            mac.init(secretKeySpec);
            mac.update(dataBuffer.getBuffer(), 12, 4);
            mac.update(bArr, i, i2);
            byte[] update = cipher.update(mac.doFinal(), 0, 8);
            DataBuffer dataBuffer2 = new DataBuffer(16);
            dataBuffer2.putInt(1);
            dataBuffer2.appendData(update);
            dataBuffer2.putInt(0);
            if (Arrays.equals(bArr2, dataBuffer2.getBuffer())) {
                z = true;
            }
            if (!z && hasDebugOutput()) {
                sMBSrvSession.debugPrintln("Verify MIC, generated MIC token=" + HexDump.hexString(dataBuffer2.getBuffer()));
                sMBSrvSession.debugPrintln("             Received MIC token=" + HexDump.hexString(bArr2));
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return z;
    }

    protected final byte[] generateMIC(SMBSrvSession sMBSrvSession, byte[] bArr, int i, int i2, int i3) {
        byte[] bArr2 = (byte[]) sMBSrvSession.getSessionKey(KeyType.NTLMServerSigningKey);
        DataBuffer dataBuffer = null;
        try {
            if (bArr2 != null) {
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "MD5");
                Mac mac = Mac.getInstance("HMACMD5");
                byte[] bArr3 = new byte[4];
                DataPacker.putInt(i3, bArr3, 0);
                mac.init(secretKeySpec);
                mac.update(bArr3);
                mac.update(bArr, i, i2);
                byte[] update = ((Cipher) sMBSrvSession.getSessionKey(KeyType.NTLMServerRC4Context)).update(mac.doFinal(), 0, 8);
                dataBuffer = new DataBuffer(16);
                dataBuffer.putInt(1);
                dataBuffer.appendData(update, 0, 8);
                dataBuffer.putInt(i3);
            } else {
                CRC32 crc32 = new CRC32();
                crc32.update(bArr, i, i2);
                dataBuffer = new DataBuffer(16);
                dataBuffer.putInt(1);
                dataBuffer.putZeros(4);
                dataBuffer.putInt((int) (crc32.getValue() & (-1)));
                dataBuffer.putInt(i3);
            }
        } catch (Exception e) {
        }
        if (dataBuffer == null) {
            return null;
        }
        if (hasDebugOutput()) {
            debugOutput("[SMB] Generate micToken (" + (bArr2 != null ? "key" : "crc") + ")=" + HexDump.hexString(dataBuffer.getBuffer()));
        }
        return dataBuffer.getBuffer();
    }

    protected NegTokenInit buildNegTokenInit(String str, List<Oid> list) {
        return new NegTokenInit(list, "cifs/" + str.toLowerCase() + "@" + this.m_krbRealm);
    }

    protected void onSuccessfulLogon(ClientInfo clientInfo) {
    }

    protected String normalizeUserId(String str) throws SMBSrvException {
        return str;
    }

    protected PrivilegedAction getKerberosPrivilegedAction(NegTokenInit negTokenInit) {
        return new SessionSetupPrivilegedAction(this.m_accountName, negTokenInit.getMechtoken());
    }

    protected void postKerberosLogon(SMBSrvSession sMBSrvSession, KerberosDetails kerberosDetails, ClientInfo clientInfo) throws SMBSrvException {
    }

    protected void postNTLMLogon(SMBSrvSession sMBSrvSession, ClientInfo clientInfo) throws SMBSrvException {
    }

    public boolean hasDebugOutput() {
        return hasDebug();
    }

    public void debugOutput(String str) {
        Debug.println(str);
    }

    public void debugOutput(Exception exc) {
        StringWriter stringWriter = new StringWriter();
        exc.printStackTrace(new PrintWriter((Writer) stringWriter, true));
        StringTokenizer stringTokenizer = new StringTokenizer(stringWriter.toString(), LineSeperator);
        while (stringTokenizer.hasMoreTokens()) {
            debugOutput(stringTokenizer.nextToken());
        }
    }

    @Override // org.filesys.server.auth.SMBAuthenticator
    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append(getClass().getName());
        sb.append(" - ");
        if (this.m_useRawNTLMSSP) {
            sb.append("NTLMSSP");
        } else {
            sb.append("SPNEGO");
        }
        if (!allowNTLMLogon()) {
            sb.append(",NoNTLM");
        }
        if (!acceptNTLMv1Logon()) {
            sb.append(",NoNTLMv1");
        }
        if (this.m_loginContext != null && this.m_krbRealm != null) {
            sb.append(",Kerberos=");
            sb.append(this.m_krbRealm);
        }
        return sb.toString();
    }
}
