package com.liferay.portal.security.ntlm;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.security.ntlm.msrpc.NetlogonAuthenticator;
import com.liferay.portal.security.ntlm.msrpc.NetlogonIdentityInfo;
import com.liferay.portal.security.ntlm.msrpc.NetlogonNetworkInfo;
import com.liferay.portal.security.ntlm.msrpc.NetlogonValidationSamInfo;
import com.liferay.portal.security.ntlm.msrpc.NetrLogonSamLogon;
import com.liferay.portal.security.ntlm.msrpc.NetrServerAuthenticate3;
import com.liferay.portal.security.ntlm.msrpc.NetrServerReqChallenge;
import com.liferay.portal.security.pwd.PwdEncryptor;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import jcifs.dcerpc.DcerpcBinding;
import jcifs.dcerpc.DcerpcHandle;
import jcifs.dcerpc.UnicodeString;
import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SmbException;
import jcifs.util.DES;
import jcifs.util.Encdec;
import jcifs.util.HMACT64;
import jcifs.util.MD4;

/* loaded from: input_file:com/liferay/portal/security/ntlm/Netlogon.class */
public class Netlogon {
    private static Log _log = LogFactoryUtil.getLog(Netlogon.class);
    private byte[] _clientCredential;
    private String _domainController;
    private String _domainControllerName;
    private DcerpcHandle _handle;
    private NtlmServiceAccount _ntlmServiceAccount;
    private SecureRandom _secureRandom = new SecureRandom();
    private byte[] _sessionKey;

    public Netlogon() {
        DcerpcBinding.addInterface("netlogon", "12345678-1234-abcd-ef00-01234567cffb:1.0");
    }

    public NtlmUserAccount logon(String str, String str2, String str3, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            try {
                connect();
                NetrLogonSamLogon netrLogonSamLogon = new NetrLogonSamLogon(this._domainControllerName, this._ntlmServiceAccount.getComputerName(), computeNetlogonAuthenticator(), new NetlogonAuthenticator(), 2, new NetlogonNetworkInfo(new NetlogonIdentityInfo(str, 2080, 0, 0, str2, str3), bArr, bArr2, bArr3), 2, new NetlogonValidationSamInfo(), 0);
                this._handle.sendrecv(netrLogonSamLogon);
                if (netrLogonSamLogon.getStatus() == 0) {
                    return new NtlmUserAccount(new UnicodeString(netrLogonSamLogon.getNetlogonValidationSamInfo().getEffectiveName(), false).toString());
                }
                _log.warn(new SmbException(netrLogonSamLogon.getStatus(), false));
                try {
                    disconnect();
                    return null;
                } catch (Exception e) {
                    _log.error(e);
                    return null;
                }
            } catch (Exception e2) {
                _log.error(e2);
                try {
                    disconnect();
                    return null;
                } catch (Exception e3) {
                    _log.error(e3);
                    return null;
                }
            }
        } finally {
            try {
                disconnect();
            } catch (Exception e4) {
                _log.error(e4);
            }
        }
    }

    public void setConfiguration(String str, String str2, NtlmServiceAccount ntlmServiceAccount) {
        this._domainController = str;
        this._domainControllerName = str2;
        this._ntlmServiceAccount = ntlmServiceAccount;
    }

    protected NetlogonAuthenticator computeNetlogonAuthenticator() {
        int currentTimeMillis = (int) System.currentTimeMillis();
        Encdec.enc_uint32le(Encdec.dec_uint32le(this._clientCredential, 0) + currentTimeMillis, this._clientCredential, 0);
        return new NetlogonAuthenticator(computeNetlogonCredential(this._clientCredential, this._sessionKey), currentTimeMillis);
    }

    protected byte[] computeNetlogonCredential(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[7];
        byte[] bArr4 = new byte[7];
        System.arraycopy(bArr2, 0, bArr3, 0, 7);
        System.arraycopy(bArr2, 7, bArr4, 0, 7);
        DES des = new DES(bArr3);
        DES des2 = new DES(bArr4);
        byte[] bArr5 = new byte[8];
        byte[] bArr6 = new byte[8];
        des.encrypt(bArr, bArr5);
        des2.encrypt(bArr5, bArr6);
        return bArr6;
    }

    protected byte[] computeSessionKey(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(PwdEncryptor.TYPE_MD5);
            messageDigest.update(new byte[]{0, 0, 0, 0}, 0, 4);
            messageDigest.update(bArr2, 0, 8);
            messageDigest.update(bArr3, 0, 8);
            HMACT64 hmact64 = new HMACT64(bArr);
            hmact64.update(messageDigest.digest());
            return hmact64.digest();
        } catch (NoSuchAlgorithmException e) {
            _log.error(e);
            return null;
        }
    }

    protected void connect() throws IOException {
        this._handle = DcerpcHandle.getHandle("ncacn_np:" + this._domainController + "[\\PIPE\\NETLOGON]", new NtlmPasswordAuthentication((String) null, this._ntlmServiceAccount.getAccount(), this._ntlmServiceAccount.getPassword()));
        this._handle.bind();
        byte[] bArr = new byte[8];
        this._secureRandom.nextBytes(bArr);
        NetrServerReqChallenge netrServerReqChallenge = new NetrServerReqChallenge(this._domainControllerName, this._ntlmServiceAccount.getComputerName(), bArr, new byte[8]);
        this._handle.sendrecv(netrServerReqChallenge);
        MD4 md4 = new MD4();
        md4.update(this._ntlmServiceAccount.getPassword().getBytes("UTF-16LE"));
        byte[] computeSessionKey = computeSessionKey(md4.digest(), bArr, netrServerReqChallenge.getServerChallenge());
        byte[] computeNetlogonCredential = computeNetlogonCredential(bArr, computeSessionKey);
        NetrServerAuthenticate3 netrServerAuthenticate3 = new NetrServerAuthenticate3(this._domainControllerName, this._ntlmServiceAccount.getAccountName(), 2, this._ntlmServiceAccount.getComputerName(), computeNetlogonCredential, new byte[8], -1);
        this._handle.sendrecv(netrServerAuthenticate3);
        if (!Arrays.equals(computeNetlogonCredential(netrServerReqChallenge.getServerChallenge(), computeSessionKey), netrServerAuthenticate3.getServerCredential())) {
            _log.error("Session key negotiation failed");
        } else {
            this._clientCredential = computeNetlogonCredential;
            this._sessionKey = computeSessionKey;
        }
    }

    protected void disconnect() throws IOException {
        if (this._handle != null) {
            this._handle.close();
            this._handle = null;
        }
    }
}
