package org.mule.service.http.netty.impl.client.auth.ntlm;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.util.Base64;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.mule.service.http.netty.impl.client.auth.AuthHeaderFactory;
import org.mule.service.http.netty.impl.client.auth.ntlm.message.Type1Message;
import org.mule.service.http.netty.impl.client.auth.ntlm.message.Type2Message;
import org.mule.service.http.netty.impl.client.auth.ntlm.message.Type3Message;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/mule-netty-http-service-0.1.3-SNAPSHOT.jar:org/mule/service/http/netty/impl/client/auth/ntlm/NtlmMessageFactory.class */
public class NtlmMessageFactory implements AuthHeaderFactory {
    private static final int TYPE_1_MESSAGE_FLAGS = -1576500735;
    private static final String NTLM_MESSAGES_PREFIX = "NTLM ";
    private static final String STARTING_NTLM_WWW_AUTHENTICATE_HEADER = "NTLM";
    private final String domain;
    private final String workstation;
    private final String username;
    private final String password;
    private Status status = Status.NOT_STARTED;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) NtlmMessageFactory.class);
    private static final byte[] MAGIC_CONSTANT = "KGS!@#$%".getBytes(StandardCharsets.US_ASCII);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/mule-netty-http-service-0.1.3-SNAPSHOT.jar:org/mule/service/http/netty/impl/client/auth/ntlm/NtlmMessageFactory$RawType1MessageHolder.class */
    public static final class RawType1MessageHolder {
        private static final byte[] RAW_TYPE_1_MESSAGE = doCalculateType1Message();

        private RawType1MessageHolder() {
        }

        private static byte[] doCalculateType1Message() {
            return new Type1Message(NtlmMessageFactory.TYPE_1_MESSAGE_FLAGS).toByteArray();
        }
    }

    /* loaded from: input_file:lib/mule-netty-http-service-0.1.3-SNAPSHOT.jar:org/mule/service/http/netty/impl/client/auth/ntlm/NtlmMessageFactory$Status.class */
    enum Status {
        NOT_STARTED,
        WAITING_FOR_CHALLENGE,
        FINISHED
    }

    public NtlmMessageFactory(String str, String str2, String str3, String str4) {
        this.domain = str;
        this.workstation = str2;
        this.username = str3;
        this.password = str4;
    }

    public byte[] createType1Message() {
        return RawType1MessageHolder.RAW_TYPE_1_MESSAGE;
    }

    public byte[] createType3Message(byte[] bArr) throws IOException, GeneralSecurityException {
        Type2Message type2Message = new Type2Message(bArr);
        if (type2Message.getChallenge() == null) {
            type2Message.setChallenge(new byte[0]);
        }
        return new Type3Message(type2Message, null, lmHash(this.password), this.password, this.domain, this.username, this.workstation, type2Message.getFlags(), false).toByteArray();
    }

    protected String secondChallenge(String str) throws GeneralSecurityException, IOException {
        if (str == null) {
            return null;
        }
        return createHeaderValue(createType3Message(Base64.getDecoder().decode(str.substring(5))));
    }

    private boolean mustSendType1(String str) {
        return STARTING_NTLM_WWW_AUTHENTICATE_HEADER.equals(str.trim());
    }

    private boolean mustSendType3(String str) {
        return str.startsWith(NTLM_MESSAGES_PREFIX);
    }

    private String createHeaderValue(byte[] bArr) {
        return NTLM_MESSAGES_PREFIX + Base64.getEncoder().encodeToString(bArr);
    }

    @Override // org.mule.service.http.netty.impl.client.auth.AuthHeaderFactory
    public boolean hasFinished() {
        return Status.FINISHED == this.status;
    }

    @Override // org.mule.service.http.netty.impl.client.auth.AuthHeaderFactory
    public String getNextHeader(String str) throws Exception {
        if (str == null) {
            return null;
        }
        String str2 = null;
        if (this.status == Status.NOT_STARTED) {
            if (mustSendType1(str)) {
                str2 = createHeaderValue(createType1Message());
            }
            this.status = Status.WAITING_FOR_CHALLENGE;
        } else if (this.status == Status.WAITING_FOR_CHALLENGE) {
            if (mustSendType3(str)) {
                str2 = secondChallenge(str);
            }
            this.status = Status.FINISHED;
        }
        return str2;
    }

    private static byte[] lmHash(String str) {
        try {
            byte[] bytes = str.toUpperCase(Locale.ROOT).getBytes(StandardCharsets.US_ASCII);
            int min = Math.min(bytes.length, 14);
            byte[] bArr = new byte[14];
            System.arraycopy(bytes, 0, bArr, 0, min);
            Key createDESKey = createDESKey(bArr, 0);
            Key createDESKey2 = createDESKey(bArr, 7);
            Cipher cipher = Cipher.getInstance("DES/ECB/NoPadding");
            cipher.init(1, createDESKey);
            byte[] doFinal = cipher.doFinal(MAGIC_CONSTANT);
            cipher.init(1, createDESKey2);
            byte[] doFinal2 = cipher.doFinal(MAGIC_CONSTANT);
            byte[] bArr2 = new byte[16];
            System.arraycopy(doFinal, 0, bArr2, 0, 8);
            System.arraycopy(doFinal2, 0, bArr2, 8, 8);
            return bArr2;
        } catch (Exception e) {
            LOGGER.warn("Error found while calculating the NTLM password hash. Delegating the hashing to JCIFS default cipher", (Throwable) e);
            return null;
        }
    }

    private static Key createDESKey(byte[] bArr, int i) {
        byte[] bArr2 = new byte[7];
        System.arraycopy(bArr, i, bArr2, 0, 7);
        byte[] bArr3 = {bArr2[0], (byte) ((bArr2[0] << 7) | ((bArr2[1] & 255) >>> 1)), (byte) ((bArr2[1] << 6) | ((bArr2[2] & 255) >>> 2)), (byte) ((bArr2[2] << 5) | ((bArr2[3] & 255) >>> 3)), (byte) ((bArr2[3] << 4) | ((bArr2[4] & 255) >>> 4)), (byte) ((bArr2[4] << 3) | ((bArr2[5] & 255) >>> 5)), (byte) ((bArr2[5] << 2) | ((bArr2[6] & 255) >>> 6)), (byte) (bArr2[6] << 1)};
        oddParity(bArr3);
        return new SecretKeySpec(bArr3, "DES");
    }

    private static void oddParity(byte[] bArr) {
        for (int i = 0; i < bArr.length; i++) {
            byte b = bArr[i];
            if (((((((((b >>> 7) ^ (b >>> 6)) ^ (b >>> 5)) ^ (b >>> 4)) ^ (b >>> 3)) ^ (b >>> 2)) ^ (b >>> 1)) & 1) == 0) {
                int i2 = i;
                bArr[i2] = (byte) (bArr[i2] | 1);
            } else {
                int i3 = i;
                bArr[i3] = (byte) (bArr[i3] & (-2));
            }
        }
    }
}
