package org.alfresco.jlan.server.auth;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Vector;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.sasl.RealmCallback;
import org.alfresco.config.ConfigElement;
import org.alfresco.jlan.debug.Debug;
import org.alfresco.jlan.server.auth.kerberos.KerberosApReq;
import org.alfresco.jlan.server.auth.kerberos.KerberosDetails;
import org.alfresco.jlan.server.auth.kerberos.KrbAuthContext;
import org.alfresco.jlan.server.auth.kerberos.SessionSetupPrivilegedAction;
import org.alfresco.jlan.server.auth.ntlm.NTLM;
import org.alfresco.jlan.server.auth.ntlm.NTLMMessage;
import org.alfresco.jlan.server.auth.ntlm.NTLMv2Blob;
import org.alfresco.jlan.server.auth.ntlm.TargetInfo;
import org.alfresco.jlan.server.auth.ntlm.Type1NTLMMessage;
import org.alfresco.jlan.server.auth.ntlm.Type2NTLMMessage;
import org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage;
import org.alfresco.jlan.server.auth.spnego.NegTokenInit;
import org.alfresco.jlan.server.auth.spnego.NegTokenTarg;
import org.alfresco.jlan.server.auth.spnego.OID;
import org.alfresco.jlan.server.auth.spnego.SPNEGO;
import org.alfresco.jlan.server.config.InvalidConfigurationException;
import org.alfresco.jlan.server.config.ServerConfiguration;
import org.alfresco.jlan.server.core.NoPooledMemoryException;
import org.alfresco.jlan.smb.SMBStatus;
import org.alfresco.jlan.smb.server.CIFSConfigSection;
import org.alfresco.jlan.smb.server.SMBSrvException;
import org.alfresco.jlan.smb.server.SMBSrvPacket;
import org.alfresco.jlan.smb.server.SMBSrvSession;
import org.alfresco.jlan.smb.server.VirtualCircuit;
import org.alfresco.jlan.util.DataPacker;
import org.alfresco.jlan.util.HexDump;
import org.apache.axiom.om.util.DigestGenerator;
import org.ietf.jgss.Oid;
import org.springframework.beans.factory.support.PropertiesBeanDefinitionReader;

/* loaded from: input_file:WEB-INF/lib/alfresco-jlan-embed.jar:org/alfresco/jlan/server/auth/EnterpriseCifsAuthenticator.class */
public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements CallbackHandler {
    private static final String LoginConfigEntry = "JLANServerCIFS";
    private static final int NTLM_FLAGS = -1610087807;
    private boolean m_useRawNTLMSSP;
    private boolean m_acceptNTLMv1;
    private String m_accountName;
    private String m_password;
    private String m_krbRealm;
    private String m_krbKDC;
    private String m_loginEntryName = LoginConfigEntry;
    private LoginContext m_loginContext;
    private byte[] m_negTokenInit;

    public EnterpriseCifsAuthenticator() {
        setExtendedSecurity(true);
    }

    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    public void initialize(ServerConfiguration serverConfiguration, ConfigElement configElement) throws InvalidConfigurationException {
        super.initialize(serverConfiguration, configElement);
        if (configElement.getChild("kerberosDebug") != null) {
            System.setProperty("sun.security.jgss.debug", "true");
            System.setProperty("sun.security.krb5.debug", "true");
        }
        CIFSConfigSection cIFSConfigSection = (CIFSConfigSection) serverConfiguration.getConfigSection(CIFSConfigSection.SectionName);
        ConfigElement child = configElement.getChild("KDC");
        if (child != null && child.getValue() != null && child.getValue().length() > 0) {
            this.m_krbKDC = child.getValue();
            ConfigElement child2 = configElement.getChild("Realm");
            if (child2 == null || child2.getValue() == null || child2.getValue().length() <= 0) {
                throw new InvalidConfigurationException("Kerberos realm not specified");
            }
            this.m_krbRealm = child2.getValue();
            ConfigElement child3 = configElement.getChild("Password");
            if (child3 == null || child3.getValue() == null || child3.getValue().length() <= 0) {
                throw new InvalidConfigurationException("CIFS service account password not specified");
            }
            this.m_password = child3.getValue();
            ConfigElement child4 = configElement.getChild("LoginEntry");
            if (child4 != null) {
                if (child4.getValue() == null || child4.getValue().length() <= 0) {
                    throw new InvalidConfigurationException("Invalid login entry specified");
                }
                this.m_loginEntryName = child4.getValue();
            }
            ConfigElement child5 = configElement.getChild("Principal");
            if (child5 != null) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append(child5.getValue());
                stringBuffer.append("@");
                stringBuffer.append(this.m_krbRealm);
                this.m_accountName = stringBuffer.toString();
            } else {
                StringBuffer stringBuffer2 = new StringBuffer();
                stringBuffer2.append("cifs/");
                stringBuffer2.append(cIFSConfigSection.getServerName().toLowerCase());
                stringBuffer2.append("@");
                stringBuffer2.append(this.m_krbRealm);
                this.m_accountName = stringBuffer2.toString();
            }
            if (hasDebug()) {
                Debug.println("[SMB] Using principal - " + this.m_accountName);
            }
            try {
                this.m_loginContext = new LoginContext(this.m_loginEntryName, this);
                this.m_loginContext.login();
                if (hasDebug()) {
                    Debug.println("[SMB] Enabling mechTypes :-");
                    Debug.println("       Kerberos5");
                    Debug.println("       MS-Kerberos5");
                }
                Vector vector = new Vector();
                vector.add(OID.KERBEROS5);
                vector.add(OID.MSKERBEROS5);
                if (configElement.getChild("disableNTLM") == null) {
                    vector.add(OID.NTLMSSP);
                    if (hasDebug()) {
                        Debug.println("       NTLMSSP");
                    }
                }
                try {
                    StringBuffer stringBuffer3 = new StringBuffer();
                    stringBuffer3.append(cIFSConfigSection.getServerName().toLowerCase());
                    stringBuffer3.append("$@");
                    stringBuffer3.append(this.m_krbRealm);
                    this.m_negTokenInit = new NegTokenInit(vector, stringBuffer3.toString()).encode();
                    this.m_useRawNTLMSSP = false;
                } catch (IOException e) {
                    if (hasDebug()) {
                        Debug.println("[SMB] Error creating SPNEGO NegTokenInit blob - " + e.getMessage());
                    }
                    throw new InvalidConfigurationException("Failed to create SPNEGO NegTokenInit blob");
                }
            } catch (LoginException e2) {
                if (hasDebug()) {
                    Debug.println("[SMB] CIFS Kerberos authenticator error - " + e2.getMessage());
                }
                throw new InvalidConfigurationException("Failed to login CIFS server service");
            }
        } else if (configElement.getChild("useSPNEGO") != null) {
            Vector vector2 = new Vector();
            vector2.add(OID.NTLMSSP);
            try {
                this.m_negTokenInit = new NegTokenInit(vector2, (String) null).encode();
                this.m_useRawNTLMSSP = false;
            } catch (IOException e3) {
                if (hasDebug()) {
                    Debug.println("[SMB] Error creating SPNEGO NegTokenInit blob - " + e3.getMessage());
                }
                throw new InvalidConfigurationException("Failed to create SPNEGO NegTokenInit blob");
            }
        } else {
            this.m_useRawNTLMSSP = true;
        }
        this.m_acceptNTLMv1 = configElement.getChild("disallowNTLMv1") == null;
    }

    private final boolean useRawNTLMSSP() {
        return this.m_useRawNTLMSSP;
    }

    private final boolean acceptNTLMv1Logon() {
        return this.m_acceptNTLMv1;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbackArr.length; i++) {
            if (callbackArr[i] instanceof NameCallback) {
                ((NameCallback) callbackArr[i]).setName(this.m_accountName);
            } else if (callbackArr[i] instanceof PasswordCallback) {
                ((PasswordCallback) callbackArr[i]).setPassword(this.m_password.toCharArray());
            } else {
                if (!(callbackArr[i] instanceof RealmCallback)) {
                    throw new UnsupportedCallbackException(callbackArr[i]);
                }
                ((RealmCallback) callbackArr[i]).setText(this.m_krbRealm);
            }
        }
    }

    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    public int getEncryptionKeyLength() {
        return 8;
    }

    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    public int getServerCapabilities() {
        return -2147433860;
    }

    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    public void generateNegotiateResponse(SMBSrvSession sMBSrvSession, SMBSrvPacket sMBSrvPacket, boolean z) throws AuthenticatorException {
        if (!z) {
            super.generateNegotiateResponse(sMBSrvSession, sMBSrvPacket, z);
            return;
        }
        sMBSrvPacket.setFlags2(sMBSrvPacket.getFlags2() | 18432);
        int byteOffset = sMBSrvPacket.getByteOffset();
        byte[] buffer = sMBSrvPacket.getBuffer();
        System.arraycopy(sMBSrvSession.getSMBServer().getServerGUID().getBytes(), 0, buffer, byteOffset, 16);
        int i = byteOffset + 16;
        if (!useRawNTLMSSP()) {
            System.arraycopy(this.m_negTokenInit, 0, buffer, i, this.m_negTokenInit.length);
            i += this.m_negTokenInit.length;
        }
        sMBSrvPacket.setByteCount(i - sMBSrvPacket.getByteOffset());
    }

    @Override // org.alfresco.jlan.server.auth.CifsAuthenticator
    public void processSessionSetup(SMBSrvSession sMBSrvSession, SMBSrvPacket sMBSrvPacket) throws SMBSrvException {
        if (!sMBSrvPacket.checkPacketIsValid(12, 0)) {
            throw new SMBSrvException(SMBStatus.NTInvalidParameter, 1, 2);
        }
        if (sMBSrvPacket.getParameterCount() == 13) {
            try {
                doHashedPasswordLogon(sMBSrvSession, sMBSrvPacket);
                return;
            } catch (SMBSrvException e) {
                throw e;
            }
        }
        int parameter = sMBSrvPacket.getParameter(2);
        int parameter2 = sMBSrvPacket.getParameter(3);
        int parameter3 = sMBSrvPacket.getParameter(4);
        int parameter4 = sMBSrvPacket.getParameter(7);
        int parameterLong = sMBSrvPacket.getParameterLong(10);
        int byteOffset = sMBSrvPacket.getByteOffset();
        byte[] buffer = sMBSrvPacket.getBuffer();
        boolean isUnicode = sMBSrvPacket.isUnicode();
        sMBSrvPacket.setPosition(byteOffset + parameter4);
        String str = "";
        if (sMBSrvPacket.hasMoreData()) {
            str = sMBSrvPacket.unpackString(isUnicode);
            if (str == null) {
                throw new SMBSrvException(SMBStatus.NTInvalidParameter, 1, 2);
            }
        }
        String str2 = "";
        if (sMBSrvPacket.hasMoreData()) {
            str2 = sMBSrvPacket.unpackString(isUnicode);
            if (str2 == null) {
                throw new SMBSrvException(SMBStatus.NTInvalidParameter, 1, 2);
            }
        }
        if (hasDebug()) {
            Debug.println("[SMB] NT Session setup " + (useRawNTLMSSP() ? "NTLMSSP" : "SPNEGO") + ", MID=" + sMBSrvPacket.getMultiplexId() + ", UID=" + sMBSrvPacket.getUserId() + ", PID=" + sMBSrvPacket.getProcessId());
        }
        sMBSrvSession.setClientMaximumBufferSize(parameter != 0 ? parameter : 65540);
        sMBSrvSession.setClientMaximumMultiplex(parameter2);
        sMBSrvSession.setClientCapabilities(parameterLong);
        ClientInfo createInfo = ClientInfo.createInfo(null, null);
        createInfo.setDomain(str);
        createInfo.setOperatingSystem(str2);
        createInfo.setLogonType(0);
        if (sMBSrvSession.hasRemoteAddress()) {
            createInfo.setClientAddress(sMBSrvSession.getRemoteAddress().getHostAddress());
        }
        createInfo.setProcessId(sMBSrvPacket.getProcessId());
        Object setupObject = sMBSrvSession.getSetupObject(createInfo.getProcessId());
        boolean z = false;
        try {
            if (parameter4 >= NTLM.Signature.length) {
                int i = 0;
                while (i < NTLM.Signature.length && buffer[byteOffset + i] == NTLM.Signature[i]) {
                    i++;
                }
                if (i == NTLM.Signature.length) {
                    z = true;
                }
            }
            byte[] doNtlmsspSessionSetup = z ? doNtlmsspSessionSetup(sMBSrvSession, createInfo, buffer, byteOffset, parameter4, isUnicode) : doSpnegoSessionSetup(sMBSrvSession, createInfo, buffer, byteOffset, parameter4, isUnicode);
            if (sMBSrvSession.hasDebug(32)) {
                if (doNtlmsspSessionSetup == null) {
                    Debug.println("[SMB] User " + createInfo.getUserName() + " logged on " + (createInfo != null ? " (type " + createInfo.getLogonTypeString() + ")" : ""));
                } else {
                    Debug.println("[SMB] Two stage logon (" + (z ? "NTLMSSP" : "SPNEGO") + ")");
                }
            }
            int length = doNtlmsspSessionSetup != null ? doNtlmsspSessionSetup.length : 0;
            SMBSrvPacket sMBSrvPacket2 = sMBSrvPacket;
            boolean z2 = false;
            if (doNtlmsspSessionSetup == null && !sMBSrvSession.hasSetupObject(createInfo.getProcessId()) && setupObject == null) {
                sMBSrvPacket2.setLongErrorCode(0);
                sMBSrvPacket2.setParameterCount(12);
                sMBSrvPacket2.setParameter(0, 255);
                sMBSrvPacket2.setParameter(1, 0);
                sMBSrvPacket2.setParameter(2, 65540);
                sMBSrvPacket2.setParameter(3, 4);
                sMBSrvPacket2.setParameter(4, parameter3);
                sMBSrvPacket2.setParameterLong(5, 0);
                sMBSrvPacket2.setParameter(7, length);
                sMBSrvPacket2.setParameterLong(8, 0);
                sMBSrvPacket2.setParameterLong(10, getServerCapabilities());
                z2 = true;
            } else {
                if (sMBSrvSession.hasSetupObject(createInfo.getProcessId())) {
                    sMBSrvPacket2.setLongErrorCode(SMBStatus.NTMoreProcessingRequired);
                } else {
                    sMBSrvPacket2.setLongErrorCode(0);
                    z2 = true;
                }
                sMBSrvPacket2.setParameterCount(4);
                int i2 = length + 100;
                if (i2 > sMBSrvPacket2.getAvailableLength()) {
                    try {
                        sMBSrvPacket2 = sMBSrvSession.getPacketPool().allocatePacket(sMBSrvPacket2.getByteOffset() + i2, sMBSrvPacket);
                    } catch (NoPooledMemoryException e2) {
                        if (hasDebug()) {
                            Debug.println("Authenticator failed to allocate packet from pool, reqSiz=" + (sMBSrvPacket2.getByteOffset() + length));
                        }
                        throw new SMBSrvException(SMBStatus.NTInvalidParameter, 83, 2);
                    }
                }
                sMBSrvPacket2.setParameter(0, 255);
                sMBSrvPacket2.setParameter(1, 0);
                sMBSrvPacket2.setParameter(2, 0);
                sMBSrvPacket2.setParameter(3, length);
            }
            int i3 = 0;
            if (z2) {
                sMBSrvSession.removeSetupObject(createInfo.getProcessId());
                VirtualCircuit virtualCircuit = new VirtualCircuit(parameter3, createInfo);
                i3 = sMBSrvSession.addVirtualCircuit(virtualCircuit);
                if (i3 == -1) {
                    if (sMBSrvSession.hasDebug(32)) {
                        Debug.println("[SMB] Failed to allocate UID for virtual circuit, " + virtualCircuit);
                    }
                    throw new SMBSrvException(SMBStatus.NTLogonFailure, 5, 1);
                }
                if (sMBSrvSession.hasDebug(32)) {
                    Debug.println("[SMB] Allocated UID=" + i3 + " for VC=" + virtualCircuit);
                }
            }
            sMBSrvPacket2.setCommand(sMBSrvPacket.getCommand());
            sMBSrvPacket2.setByteCount(0);
            sMBSrvPacket2.setTreeId(0);
            sMBSrvPacket2.setUserId(i3);
            sMBSrvPacket2.setFlags(sMBSrvPacket2.getFlags() & (-9));
            int i4 = 18433;
            if (isUnicode) {
                i4 = 18433 + 32768;
            }
            sMBSrvPacket2.setFlags2(i4);
            int byteOffset2 = sMBSrvPacket2.getByteOffset();
            byte[] buffer2 = sMBSrvPacket2.getBuffer();
            if (doNtlmsspSessionSetup != null) {
                System.arraycopy(doNtlmsspSessionSetup, 0, buffer2, byteOffset2, doNtlmsspSessionSetup.length);
                byteOffset2 += doNtlmsspSessionSetup.length;
            }
            if (isUnicode) {
                byteOffset2 = DataPacker.wordAlign(byteOffset2);
            }
            int putString = DataPacker.putString("Alfresco CIFS Server " + sMBSrvSession.getServer().isVersion(), buffer2, DataPacker.putString("Java", buffer2, byteOffset2, true, isUnicode), true, isUnicode);
            if (doNtlmsspSessionSetup == null) {
                putString = DataPacker.putString(sMBSrvSession.getSMBServer().getCIFSConfiguration().getDomainName(), buffer2, putString, true, isUnicode);
            }
            sMBSrvPacket2.setByteCount(putString - sMBSrvPacket2.getByteOffset());
            sMBSrvPacket2.setParameter(1, putString - 4);
        } catch (SMBSrvException e3) {
            sMBSrvSession.removeSetupObject(createInfo.getProcessId());
            throw e3;
        }
    }

    private final byte[] doNtlmsspSessionSetup(SMBSrvSession sMBSrvSession, ClientInfo clientInfo, byte[] bArr, int i, int i2, boolean z) throws SMBSrvException {
        int isNTLMType = NTLMMessage.isNTLMType(bArr, i);
        byte[] bArr2 = null;
        if (isNTLMType == -1) {
            if (hasDebug()) {
                Debug.println("[SMB] Invalid NTLMSSP token received");
                Debug.println("[SMB]   Token=" + HexDump.hexString(bArr, i, i2, " "));
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        if (isNTLMType == 1) {
            int flags = new Type1NTLMMessage(bArr, i, i2).getFlags() & NTLM_FLAGS;
            NTLanManAuthContext nTLanManAuthContext = new NTLanManAuthContext();
            String serverName = sMBSrvSession.getSMBServer().getServerName();
            ArrayList arrayList = new ArrayList();
            arrayList.add(new TargetInfo(2, serverName));
            arrayList.add(new TargetInfo(1, sMBSrvSession.getServerName()));
            arrayList.add(new TargetInfo(4, serverName.toLowerCase()));
            arrayList.add(new TargetInfo(3, serverName.toLowerCase()));
            int i3 = 1619657221;
            if (acceptNTLMv1Logon()) {
                i3 = 1619657221 - Integer.MIN_VALUE;
            }
            Type2NTLMMessage type2NTLMMessage = new Type2NTLMMessage();
            type2NTLMMessage.buildType2(i3, serverName, nTLanManAuthContext.getChallenge(), null, arrayList);
            sMBSrvSession.setSetupObject(clientInfo.getProcessId(), type2NTLMMessage);
            bArr2 = type2NTLMMessage.getBytes();
        } else if (isNTLMType == 3) {
            Type3NTLMMessage type3NTLMMessage = new Type3NTLMMessage(bArr, i, i2, z);
            if (!sMBSrvSession.hasSetupObject(clientInfo.getProcessId()) || !(sMBSrvSession.getSetupObject(clientInfo.getProcessId()) instanceof Type2NTLMMessage)) {
                sMBSrvSession.removeSetupObject(clientInfo.getProcessId());
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
            if (!type3NTLMMessage.hasFlag(536870912) || !type3NTLMMessage.hasFlag(524288)) {
                doNTLMv1Logon(sMBSrvSession, clientInfo, type3NTLMMessage);
                if (hasDebug()) {
                    Debug.println("[SMB] Logged on using NTLMSSP/NTLMv1");
                }
            } else if (type3NTLMMessage.getNTLMHashLength() > 24) {
                doNTLMv2Logon(sMBSrvSession, clientInfo, type3NTLMMessage);
                if (hasDebug()) {
                    Debug.println("[SMB] Logged on using NTLMSSP/NTLMv2");
                }
            } else {
                doNTLMv2SessionKeyLogon(sMBSrvSession, clientInfo, type3NTLMMessage);
                if (hasDebug()) {
                    Debug.println("[SMB] Logged on using NTLMSSP/NTLMv2SessKey");
                }
            }
        }
        return bArr2;
    }

    private final byte[] doSpnegoSessionSetup(SMBSrvSession sMBSrvSession, ClientInfo clientInfo, byte[] bArr, int i, int i2, boolean z) throws SMBSrvException {
        NegTokenTarg doKerberosLogon;
        int i3 = -1;
        try {
            i3 = SPNEGO.checkTokenType(bArr, i, i2);
        } catch (IOException e) {
        }
        if (i3 == 1 && sMBSrvSession.hasSetupObject(clientInfo.getProcessId()) && (sMBSrvSession.getSetupObject(clientInfo.getProcessId()) instanceof Type2NTLMMessage)) {
            NegTokenTarg negTokenTarg = new NegTokenTarg();
            try {
                negTokenTarg.decode(bArr, i, i2);
                byte[] responseToken = negTokenTarg.getResponseToken();
                byte[] doNtlmsspSessionSetup = doNtlmsspSessionSetup(sMBSrvSession, clientInfo, responseToken, 0, responseToken.length, z);
                int i4 = 0;
                if (sMBSrvSession.hasSetupObject(clientInfo.getProcessId())) {
                    i4 = 1;
                }
                doKerberosLogon = new NegTokenTarg(i4, null, doNtlmsspSessionSetup);
            } catch (IOException e2) {
                if (hasDebug()) {
                    Debug.println((Exception) e2);
                }
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
        } else {
            if (i3 != 0) {
                if (hasDebug()) {
                    Debug.println("[SMB] Unknown SPNEGO token type");
                }
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
            NegTokenInit negTokenInit = new NegTokenInit();
            try {
                negTokenInit.decode(bArr, i, i2);
                String str = null;
                if (negTokenInit.numberOfOids() > 0) {
                    str = negTokenInit.getOidAt(0).toString();
                }
                if (str != null && str.equals(OID.ID_NTLMSSP)) {
                    byte[] mechtoken = negTokenInit.getMechtoken();
                    byte[] doNtlmsspSessionSetup2 = doNtlmsspSessionSetup(sMBSrvSession, clientInfo, mechtoken, 0, mechtoken.length, z);
                    int i5 = 0;
                    if (sMBSrvSession.hasSetupObject(clientInfo.getProcessId())) {
                        i5 = 1;
                    }
                    doKerberosLogon = new NegTokenTarg(i5, OID.NTLMSSP, doNtlmsspSessionSetup2);
                } else {
                    if (str == null || !(str.equals(OID.ID_MSKERBEROS5) || str.equals(OID.ID_KERBEROS5))) {
                        if (hasDebug()) {
                            Debug.println("[SMB] No matching authentication OID found");
                            Debug.println("[SMB]   " + negTokenInit.toString());
                        }
                        throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
                    }
                    doKerberosLogon = doKerberosLogon(sMBSrvSession, negTokenInit, clientInfo);
                }
            } catch (IOException e3) {
                if (hasDebug()) {
                    Debug.println((Exception) e3);
                }
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
        }
        try {
            return doKerberosLogon.encode();
        } catch (IOException e4) {
            if (hasDebug()) {
                Debug.println("[SMB] Failed to encode NegTokenTarg - " + e4.getMessage());
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
    }

    private final NegTokenTarg doKerberosLogon(SMBSrvSession sMBSrvSession, NegTokenInit negTokenInit, ClientInfo clientInfo) throws SMBSrvException {
        Oid oid;
        NegTokenTarg negTokenTarg = null;
        try {
            KerberosApReq kerberosApReq = new KerberosApReq();
            kerberosApReq.parseMechToken(negTokenInit.getMechtoken());
            if (hasDebug()) {
                Debug.println("[SMB] Kerberos AP-REQ - " + kerberosApReq);
            }
            KrbAuthContext krbAuthContext = null;
            if (kerberosApReq.hasMutualAuthentication()) {
                krbAuthContext = new KrbAuthContext();
                krbAuthContext.setDebug(hasDebug());
                if (hasDebug()) {
                    Debug.println("[SMB] Kerberos mutual auth required, parsing AP-REQ");
                }
                try {
                    krbAuthContext.parseKerberosApReq(this.m_loginContext.getSubject(), kerberosApReq);
                } catch (IOException e) {
                    if (hasDebug()) {
                        Debug.println("[SMB] Failed to parse AP-REQ, " + e.toString());
                    }
                    throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
                }
            }
            Object doAs = Subject.doAs(this.m_loginContext.getSubject(), new SessionSetupPrivilegedAction(this.m_accountName, negTokenInit.getMechtoken()));
            if (doAs == null) {
                if (hasDebug()) {
                    Debug.println("[SMB] No SPNEGO response, Kerberos logon failed");
                }
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
            KerberosDetails kerberosDetails = (KerberosDetails) doAs;
            if (negTokenInit.hasOid(OID.MSKERBEROS5)) {
                oid = OID.MSKERBEROS5;
                if (hasDebug()) {
                    Debug.println("[SMB] Using OID MS Kerberos5 for NegTokenTarg");
                }
            } else {
                oid = OID.KERBEROS5;
                if (hasDebug()) {
                    Debug.println("[SMB] Using OID Kerberos5 for NegTokenTarg");
                }
            }
            if (krbAuthContext != null) {
                try {
                    kerberosDetails.setResponseToken(krbAuthContext.parseKerberosApRep(kerberosDetails.getResponseToken()));
                    negTokenTarg = new NegTokenTarg(0, oid, kerberosDetails.getResponseToken());
                    if (hasDebug()) {
                        Debug.println("[SMB] Created NegTokenTarg using updated AP-REP, added subkey");
                    }
                } catch (Exception e2) {
                    if (hasDebug()) {
                        Debug.println("[SMB] AP-REP Error:");
                        Debug.println(e2);
                    }
                }
            } else {
                negTokenTarg = new NegTokenTarg(0, oid, kerberosDetails.getResponseToken());
                if (hasDebug()) {
                    Debug.println("[SMB] Created NegTokenTarg using standard Krb5 API response");
                }
            }
            String userName = kerberosDetails.getUserName();
            if (userName == null) {
                clientInfo.setLogonType(2);
            } else if (userName.endsWith(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX) && userName.equals(userName.toUpperCase())) {
                clientInfo.setLogonType(2);
                if (hasDebug()) {
                    Debug.println("[SMB] Machine account logon, " + userName + ", as null logon");
                }
            } else {
                clientInfo.setUserName(kerberosDetails.getSourceName());
                clientInfo.setGuest(false);
                sMBSrvSession.setLoggedOn(true);
            }
            sMBSrvSession.setLoggedOn(true);
            if (hasDebug()) {
                Debug.println("[SMB] Logged on using Kerberos, user " + userName);
            }
            return negTokenTarg;
        } catch (Exception e3) {
            if (hasDebug()) {
                Debug.println("[SMB] Kerberos logon error");
                Debug.println(e3);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
    }

    private final void doNTLMv1Logon(SMBSrvSession sMBSrvSession, ClientInfo clientInfo, Type3NTLMMessage type3NTLMMessage) throws SMBSrvException {
        if (!acceptNTLMv1Logon()) {
            if (hasDebug()) {
                Debug.println("[SMB] NTLMv1 not accepted, client " + sMBSrvSession.getRemoteName());
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        sMBSrvSession.removeSetupObject(clientInfo.getProcessId());
        String userName = type3NTLMMessage.getUserName();
        if (userName.length() == 0) {
            if (hasDebug()) {
                Debug.println("[SMB] Null logon");
            }
            clientInfo.setLogonType(2);
        } else {
            if (getUserDetails(userName) == null) {
                if (hasDebug()) {
                    Debug.println("[SMB] User does not exist, " + userName);
                }
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
            int authenticateUser = authenticateUser(clientInfo, sMBSrvSession, 1);
            if (authenticateUser < 0) {
                throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
            }
            clientInfo.setUserName(userName);
            clientInfo.setGuest(authenticateUser == 268435456);
            sMBSrvSession.setLoggedOn(true);
        }
    }

    private final void doNTLMv1Logon(SMBSrvSession sMBSrvSession, ClientInfo clientInfo) throws SMBSrvException {
        if (!acceptNTLMv1Logon()) {
            if (hasDebug()) {
                Debug.println("[SMB] NTLMv1 not accepted, client " + sMBSrvSession.getRemoteName());
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        String userName = clientInfo.getUserName();
        if (getUserDetails(userName) == null) {
            if (hasDebug()) {
                Debug.println("[SMB] User does not exist, " + userName);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        int authenticateUser = authenticateUser(clientInfo, sMBSrvSession, 1);
        if (authenticateUser < 0) {
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        clientInfo.setUserName(userName);
        clientInfo.setGuest(authenticateUser == 268435456);
        sMBSrvSession.setLoggedOn(true);
    }

    private final void doNTLMv2Logon(SMBSrvSession sMBSrvSession, ClientInfo clientInfo, Type3NTLMMessage type3NTLMMessage) throws SMBSrvException {
        byte[] generateEncryptedPassword;
        Type2NTLMMessage type2NTLMMessage = (Type2NTLMMessage) sMBSrvSession.getSetupObject(clientInfo.getProcessId());
        sMBSrvSession.removeSetupObject(clientInfo.getProcessId());
        String userName = type3NTLMMessage.getUserName();
        if (userName.length() == 0) {
            if (hasDebug()) {
                Debug.println("[SMB] Null logon");
            }
            clientInfo.setLogonType(2);
            return;
        }
        UserAccount userDetails = getUserDetails(userName);
        if (userDetails == null) {
            if (hasDebug()) {
                Debug.println("[SMB] User does not exist, " + userName);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        try {
            if (userDetails.hasMD4Password()) {
                generateEncryptedPassword = userDetails.getMD4Password();
            } else {
                generateEncryptedPassword = getEncryptor().generateEncryptedPassword(userDetails.getPassword(), type2NTLMMessage.getChallenge(), 3, null, null);
                userDetails.setMD4Password(generateEncryptedPassword);
            }
            byte[] doNTLM2Encryption = getEncryptor().doNTLM2Encryption(generateEncryptedPassword, type3NTLMMessage.getUserName(), type3NTLMMessage.getDomain());
            NTLMv2Blob nTLMv2Blob = new NTLMv2Blob(type3NTLMMessage.getNTLMHash());
            byte[] calculateHMAC = nTLMv2Blob.calculateHMAC(type2NTLMMessage.getChallenge(), doNTLM2Encryption);
            byte[] hmac = nTLMv2Blob.getHMAC();
            if (hmac != null && calculateHMAC != null && hmac.length == calculateHMAC.length) {
                int i = 0;
                while (i < hmac.length && hmac[i] == calculateHMAC[i]) {
                    i++;
                }
                if (i != hmac.length) {
                    throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
                }
            }
            clientInfo.setUserName(userName);
            clientInfo.setGuest(false);
            sMBSrvSession.setLoggedOn(true);
        } catch (Exception e) {
            if (hasDebug()) {
                Debug.println(e);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
    }

    private final void doNTLMv2Logon(SMBSrvSession sMBSrvSession, ClientInfo clientInfo) throws SMBSrvException {
        byte[] generateEncryptedPassword;
        if (clientInfo.getUserName().length() == 0) {
            if (hasDebug()) {
                Debug.println("[SMB] Null logon");
            }
            clientInfo.setLogonType(2);
            return;
        }
        UserAccount userDetails = getUserDetails(clientInfo.getUserName());
        if (userDetails == null) {
            if (hasDebug()) {
                Debug.println("[SMB] User does not exist, " + clientInfo.getUserName());
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        try {
            byte[] bArr = null;
            if (sMBSrvSession.hasAuthenticationContext()) {
                bArr = ((NTLanManAuthContext) sMBSrvSession.getAuthenticationContext()).getChallenge();
            }
            if (userDetails.hasMD4Password()) {
                generateEncryptedPassword = userDetails.getMD4Password();
            } else {
                generateEncryptedPassword = getEncryptor().generateEncryptedPassword(userDetails.getPassword(), bArr, 3, null, null);
                userDetails.setMD4Password(generateEncryptedPassword);
            }
            NTLMv2Blob nTLMv2Blob = new NTLMv2Blob(clientInfo.getPassword());
            byte[] calculateHMAC = nTLMv2Blob.calculateHMAC(bArr, getEncryptor().doNTLM2Encryption(generateEncryptedPassword, clientInfo.getUserName(), clientInfo.getDomain()));
            byte[] hmac = nTLMv2Blob.getHMAC();
            if (hmac != null && calculateHMAC != null && hmac.length == calculateHMAC.length) {
                int i = 0;
                while (i < hmac.length && hmac[i] == calculateHMAC[i]) {
                    i++;
                }
                if (i != hmac.length) {
                    throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
                }
            }
            clientInfo.setGuest(false);
            sMBSrvSession.setLoggedOn(true);
        } catch (Exception e) {
            if (hasDebug()) {
                Debug.println(e);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
    }

    private final void doNTLMv2SessionKeyLogon(SMBSrvSession sMBSrvSession, ClientInfo clientInfo, Type3NTLMMessage type3NTLMMessage) throws SMBSrvException {
        byte[] generateEncryptedPassword;
        Type2NTLMMessage type2NTLMMessage = (Type2NTLMMessage) sMBSrvSession.getSetupObject(clientInfo.getProcessId());
        sMBSrvSession.removeSetupObject(clientInfo.getProcessId());
        String userName = type3NTLMMessage.getUserName();
        if (userName.length() == 0) {
            if (hasDebug()) {
                Debug.println("[SMB] Null logon");
            }
            clientInfo.setLogonType(2);
            return;
        }
        UserAccount userDetails = getUserDetails(userName);
        if (userDetails == null) {
            if (hasDebug()) {
                Debug.println("[SMB] User does not exist, " + userName);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        byte[] bArr = new byte[16];
        System.arraycopy(type2NTLMMessage.getChallenge(), 0, bArr, 0, 8);
        System.arraycopy(type3NTLMMessage.getLMHash(), 0, bArr, 8, 8);
        byte[] bArr2 = new byte[8];
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(DigestGenerator.md5DigestAlgorithm);
            messageDigest.update(bArr);
            System.arraycopy(messageDigest.digest(), 0, bArr2, 0, 8);
            byte[] bArr3 = new byte[21];
            if (userDetails.hasMD4Password()) {
                generateEncryptedPassword = userDetails.getMD4Password();
            } else {
                try {
                    generateEncryptedPassword = getEncryptor().generateEncryptedPassword(userDetails.getPassword(), null, 3, null, null);
                } catch (Exception e) {
                    if (hasDebug()) {
                        Debug.println(e);
                    }
                    throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
                }
            }
            System.arraycopy(generateEncryptedPassword, 0, bArr3, 0, 16);
            byte[] bArr4 = null;
            try {
                bArr4 = getEncryptor().doNTLM1Encryption(bArr3, bArr2);
            } catch (NoSuchAlgorithmException e2) {
                if (hasDebug()) {
                    Debug.println((Exception) e2);
                }
            }
            byte[] nTLMHash = type3NTLMMessage.getNTLMHash();
            if (nTLMHash != null && bArr4 != null && nTLMHash.length == bArr4.length) {
                int i = 0;
                while (i < nTLMHash.length && nTLMHash[i] == bArr4[i]) {
                    i++;
                }
                if (i != nTLMHash.length) {
                    throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
                }
            }
            clientInfo.setUserName(userName);
            clientInfo.setGuest(false);
            sMBSrvSession.setLoggedOn(true);
        } catch (NoSuchAlgorithmException e3) {
            if (hasDebug()) {
                Debug.println((Exception) e3);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
    }

    private final void doHashedPasswordLogon(SMBSrvSession sMBSrvSession, SMBSrvPacket sMBSrvPacket) throws SMBSrvException {
        if (!sMBSrvPacket.checkPacketIsValid(13, 0)) {
            throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
        }
        int parameter = sMBSrvPacket.getParameter(2);
        int parameter2 = sMBSrvPacket.getParameter(3);
        int parameter3 = sMBSrvPacket.getParameter(4);
        int parameter4 = sMBSrvPacket.getParameter(7);
        int parameter5 = sMBSrvPacket.getParameter(8);
        int parameterLong = sMBSrvPacket.getParameterLong(11);
        sMBSrvPacket.getBuffer();
        boolean isUnicode = sMBSrvPacket.isUnicode();
        byte[] unpackBytes = sMBSrvPacket.unpackBytes(parameter4);
        byte[] unpackBytes2 = sMBSrvPacket.unpackBytes(parameter5);
        String unpackString = sMBSrvPacket.unpackString(isUnicode);
        if (unpackString == null) {
            throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
        }
        String str = "";
        if (sMBSrvPacket.hasMoreData()) {
            str = sMBSrvPacket.unpackString(isUnicode);
            if (str == null) {
                throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
            }
        }
        String str2 = "";
        if (sMBSrvPacket.hasMoreData()) {
            str2 = sMBSrvPacket.unpackString(isUnicode);
            if (str2 == null) {
                throw new SMBSrvException(SMBStatus.NTInvalidParameter, 2, 1);
            }
        }
        if (sMBSrvSession.hasDebug(32)) {
            Debug.println("[SMB] NT Session setup from user=" + unpackString + ", password=" + (unpackBytes2 != null ? HexDump.hexString(unpackBytes2) : "none") + ", ANSIpwd=" + (unpackBytes != null ? HexDump.hexString(unpackBytes) : "none") + ", domain=" + str + ", os=" + str2 + ", VC=" + parameter3 + ", maxBuf=" + parameter + ", maxMpx=" + parameter2 + ", authCtx=" + sMBSrvSession.getAuthenticationContext());
            Debug.println("[SMB]   MID=" + sMBSrvPacket.getMultiplexId() + ", UID=" + sMBSrvPacket.getUserId() + ", PID=" + sMBSrvPacket.getProcessId());
        }
        sMBSrvSession.setClientMaximumBufferSize(parameter != 0 ? parameter : 65540);
        sMBSrvSession.setClientMaximumMultiplex(parameter2);
        sMBSrvSession.setClientCapabilities(parameterLong);
        ClientInfo createInfo = ClientInfo.getFactory().createInfo(unpackString, unpackBytes2);
        createInfo.setANSIPassword(unpackBytes);
        createInfo.setDomain(str);
        createInfo.setOperatingSystem(str2);
        if (sMBSrvSession.hasRemoteAddress()) {
            createInfo.setClientAddress(sMBSrvSession.getRemoteAddress().getHostAddress());
        }
        if (unpackString.length() == 0 && str.length() == 0 && parameter5 == 0) {
            createInfo.setLogonType(2);
        }
        boolean z = false;
        if (unpackBytes2 != null) {
            if (unpackBytes2.length == 24) {
                doNTLMv1Logon(sMBSrvSession, createInfo);
                if (hasDebug()) {
                    Debug.println("[SMB] Logged on using Hashed/NTLMv1");
                }
            } else if (unpackBytes2.length > 0) {
                doNTLMv2Logon(sMBSrvSession, createInfo);
                if (hasDebug()) {
                    Debug.println("[SMB] Logged on using Hashed/NTLMv2");
                }
            }
        }
        if (createInfo.isGuest()) {
            z = true;
            if (sMBSrvSession.hasDebug(32)) {
                Debug.println("[SMB] User " + unpackString + ", logged on as guest");
            }
        }
        VirtualCircuit virtualCircuit = new VirtualCircuit(parameter3, createInfo);
        int addVirtualCircuit = sMBSrvSession.addVirtualCircuit(virtualCircuit);
        if (addVirtualCircuit == -1) {
            if (sMBSrvSession.hasDebug(32)) {
                Debug.println("[SMB] Failed to allocate UID for virtual circuit, " + virtualCircuit);
            }
            throw new SMBSrvException(SMBStatus.NTLogonFailure, 1, 5);
        }
        if (sMBSrvSession.hasDebug(32)) {
            Debug.println("[SMB] Allocated UID=" + addVirtualCircuit + " for VC=" + virtualCircuit);
        }
        createInfo.setGuest(z);
        sMBSrvSession.setLoggedOn(true);
        sMBSrvPacket.setParameterCount(3);
        sMBSrvPacket.setParameter(0, 0);
        sMBSrvPacket.setParameter(1, 0);
        sMBSrvPacket.setParameter(2, z ? 1 : 0);
        sMBSrvPacket.setByteCount(0);
        sMBSrvPacket.setTreeId(0);
        sMBSrvPacket.setUserId(addVirtualCircuit);
        sMBSrvPacket.setFlags(sMBSrvPacket.getFlags() & (-9));
        int i = 1;
        if (isUnicode) {
            i = 1 + 32768;
        }
        sMBSrvPacket.setFlags2(i);
        int byteOffset = sMBSrvPacket.getByteOffset();
        byte[] buffer = sMBSrvPacket.getBuffer();
        if (isUnicode) {
            byteOffset = DataPacker.wordAlign(byteOffset);
        }
        sMBSrvPacket.setByteCount(DataPacker.putString(sMBSrvSession.getSMBServer().getCIFSConfiguration().getDomainName(), buffer, DataPacker.putString("Alfresco CIFS Server " + sMBSrvSession.getServer().isVersion(), buffer, DataPacker.putString("Java", buffer, byteOffset, true, isUnicode), true, isUnicode), true, isUnicode) - sMBSrvPacket.getByteOffset());
    }
}
