package com.liferay.portal.security.sso.ntlm.internal;

import com.liferay.portal.kernel.io.BigEndianCodec;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.module.configuration.ConfigurationException;
import com.liferay.portal.kernel.module.configuration.ConfigurationProvider;
import com.liferay.portal.kernel.security.SecureRandomUtil;
import com.liferay.portal.kernel.security.auth.CompanyThreadLocal;
import com.liferay.portal.kernel.settings.CompanyServiceSettingsLocator;
import com.liferay.portal.security.sso.ntlm.configuration.NtlmConfiguration;
import com.liferay.portal.security.sso.ntlm.internal.msrpc.NetrServerAuthenticate3;
import com.liferay.portal.security.sso.ntlm.internal.msrpc.NetrServerReqChallenge;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import jcifs.dcerpc.DcerpcHandle;
import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SmbConstants;
import jcifs.util.HMACT64;
import jcifs.util.MD4;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(configurationPid = {"com.liferay.portal.security.sso.ntlm.configuration.NtlmConfiguration"}, immediate = true, service = {NetlogonConnectionManager.class})
/* loaded from: input_file:com/liferay/portal/security/sso/ntlm/internal/NetlogonConnectionManagerImpl.class */
public class NetlogonConnectionManagerImpl implements NetlogonConnectionManager {
    private static final Log _log = LogFactoryUtil.getLog(NetlogonConnectionManagerImpl.class);
    private ConfigurationProvider _configurationProvider;

    @Override // com.liferay.portal.security.sso.ntlm.internal.NetlogonConnectionManager
    public NetlogonConnection connect(String str, String str2, NtlmServiceAccount ntlmServiceAccount) throws IOException, NoSuchAlgorithmException, NtlmLogonException {
        DcerpcHandle handle = DcerpcHandle.getHandle("ncacn_np:" + str + "[\\PIPE\\NETLOGON]", new NtlmPasswordAuthentication(null, ntlmServiceAccount.getAccount(), ntlmServiceAccount.getPassword()));
        handle.bind();
        byte[] bArr = new byte[8];
        BigEndianCodec.putLong(bArr, 0, SecureRandomUtil.nextLong());
        NetrServerReqChallenge netrServerReqChallenge = new NetrServerReqChallenge(str2, ntlmServiceAccount.getComputerName(), bArr, new byte[8]);
        handle.sendrecv(netrServerReqChallenge);
        MD4 md4 = new MD4();
        md4.update(ntlmServiceAccount.getPassword().getBytes(SmbConstants.UNI_ENCODING));
        byte[] computeSessionKey = computeSessionKey(md4.digest(), bArr, netrServerReqChallenge.getServerChallenge());
        byte[] computeNetlogonCredential = NetlogonCredentialUtil.computeNetlogonCredential(bArr, computeSessionKey);
        NetrServerAuthenticate3 netrServerAuthenticate3 = new NetrServerAuthenticate3(str2, ntlmServiceAccount.getAccountName(), 2, ntlmServiceAccount.getComputerName(), computeNetlogonCredential, new byte[8], getNegotiateFlags());
        handle.sendrecv(netrServerAuthenticate3);
        if (!Arrays.equals(NetlogonCredentialUtil.computeNetlogonCredential(netrServerReqChallenge.getServerChallenge(), computeSessionKey), netrServerAuthenticate3.getServerCredential())) {
            throw new NtlmLogonException("Session key negotiation failed");
        }
        NetlogonConnection netlogonConnection = new NetlogonConnection(computeNetlogonCredential, computeSessionKey);
        netlogonConnection.setDcerpcHandle(handle);
        return netlogonConnection;
    }

    protected byte[] computeSessionKey(byte[] bArr, byte[] bArr2, byte[] bArr3) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        messageDigest.update(new byte[]{0, 0, 0, 0}, 0, 4);
        messageDigest.update(bArr2, 0, 8);
        messageDigest.update(bArr3, 0, 8);
        HMACT64 hmact64 = new HMACT64(bArr);
        hmact64.update(messageDigest.digest());
        return hmact64.digest();
    }

    protected int getNegotiateFlags() {
        int i = 1611661311;
        try {
            String negotiateFlags = ((NtlmConfiguration) this._configurationProvider.getConfiguration(NtlmConfiguration.class, new CompanyServiceSettingsLocator(CompanyThreadLocal.getCompanyId().longValue(), "com.liferay.portal.security.sso.ntlm"))).negotiateFlags();
            if (negotiateFlags.startsWith("0x")) {
                i = Integer.valueOf(negotiateFlags.substring(2), 16).intValue();
            }
        } catch (ConfigurationException e) {
            _log.error("Unable to get NTLM configuration", e);
        }
        return i;
    }

    @Reference(unbind = "-")
    protected void setConfigurationProvider(ConfigurationProvider configurationProvider) {
        this._configurationProvider = configurationProvider;
    }
}
