package com.hierynomus.smbj.auth;

import com.hierynomus.protocol.commons.ByteArrayUtils;
import com.hierynomus.protocol.commons.Factory;
import com.hierynomus.protocol.transport.TransportException;
import com.hierynomus.smbj.GSSContextConfig;
import com.hierynomus.smbj.SmbConfig;
import com.hierynomus.smbj.connection.ConnectionContext;
import com.hierynomus.spnego.RawToken;
import gg.b;
import gg.d;
import java.io.IOException;
import java.security.Key;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import javax.security.auth.Subject;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: classes3.dex */
public class SpnegoAuthenticator implements Authenticator {
    private static final b logger = d.b(SpnegoAuthenticator.class);
    private GSSContext gssContext;
    private GSSContextConfig gssContextConfig;

    /* loaded from: classes3.dex */
    public static class Factory implements Factory.Named<Authenticator> {
        @Override // com.hierynomus.protocol.commons.Factory
        public SpnegoAuthenticator create() {
            return new SpnegoAuthenticator();
        }

        @Override // com.hierynomus.protocol.commons.Factory.Named
        public String getName() {
            return "1.3.6.1.4.1.311.2.2.30";
        }
    }

    private byte[] adjustSessionKeyLength(byte[] bArr) {
        if (bArr.length > 16) {
            return Arrays.copyOfRange(bArr, 0, 16);
        }
        if (bArr.length >= 16) {
            return bArr;
        }
        byte[] bArr2 = new byte[16];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        Arrays.fill(bArr2, bArr.length, 15, (byte) 0);
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AuthenticateResponse authenticateSession(GSSAuthenticationContext gSSAuthenticationContext, byte[] bArr, ConnectionContext connectionContext) throws TransportException {
        Key krb5GetSessionKey;
        try {
            b bVar = logger;
            bVar.e("Authenticating {} on {} using SPNEGO", gSSAuthenticationContext.getUsername(), connectionContext.getServerName());
            if (this.gssContext == null) {
                GSSManager gSSManager = GSSManager.getInstance();
                GSSContext createContext = gSSManager.createContext(gSSManager.createName("cifs@" + connectionContext.getServerName(), GSSName.NT_HOSTBASED_SERVICE), new Oid("1.3.6.1.5.5.2"), gSSAuthenticationContext.getCreds(), 0);
                this.gssContext = createContext;
                createContext.requestMutualAuth(this.gssContextConfig.isRequestMutualAuth());
                this.gssContext.requestCredDeleg(this.gssContextConfig.isRequestCredDeleg());
            }
            byte[] initSecContext = this.gssContext.initSecContext(bArr, 0, bArr.length);
            if (initSecContext != null) {
                bVar.h("Received token: {}", ByteArrayUtils.printHex(initSecContext));
            }
            AuthenticateResponse authenticateResponse = new AuthenticateResponse(new RawToken(initSecContext));
            if (this.gssContext.isEstablished() && (krb5GetSessionKey = ExtendedGSSContext.krb5GetSessionKey(this.gssContext)) != null) {
                authenticateResponse.setSessionKey(adjustSessionKeyLength(krb5GetSessionKey.getEncoded()));
            }
            return authenticateResponse;
        } catch (GSSException e10) {
            throw new TransportException((Throwable) e10);
        }
    }

    @Override // com.hierynomus.smbj.auth.Authenticator
    public AuthenticateResponse authenticate(AuthenticationContext authenticationContext, final byte[] bArr, final ConnectionContext connectionContext) throws IOException {
        final GSSAuthenticationContext gSSAuthenticationContext = (GSSAuthenticationContext) authenticationContext;
        try {
            return (AuthenticateResponse) Subject.doAs(gSSAuthenticationContext.getSubject(), new PrivilegedExceptionAction<AuthenticateResponse>() { // from class: com.hierynomus.smbj.auth.SpnegoAuthenticator.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public AuthenticateResponse run() throws Exception {
                    return SpnegoAuthenticator.this.authenticateSession(gSSAuthenticationContext, bArr, connectionContext);
                }
            });
        } catch (PrivilegedActionException e10) {
            throw new TransportException(e10);
        }
    }

    @Override // com.hierynomus.smbj.auth.Authenticator
    public void init(SmbConfig smbConfig) {
        this.gssContextConfig = smbConfig.getClientGSSContextConfig();
    }

    @Override // com.hierynomus.smbj.auth.Authenticator
    public boolean supports(AuthenticationContext authenticationContext) {
        return authenticationContext.getClass().equals(GSSAuthenticationContext.class);
    }
}
