package cz.pumpitup.driver8.http;

import io.netty.channel.ChannelDuplexHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelPromise;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpResponseStatus;
import java.io.IOException;
import java.util.Base64;
import jcifs.ntlmssp.Type1Message;
import jcifs.ntlmssp.Type2Message;
import jcifs.ntlmssp.Type3Message;
import org.tinylog.Logger;

/* loaded from: input_file:cz/pumpitup/driver8/http/AuthNtlmHandler.class */
public class AuthNtlmHandler extends ChannelDuplexHandler {
    private FullHttpRequest request;
    private final String domain;
    private final String workstation;
    private final String username;
    private final String password;
    private STATE state = STATE.initial;

    /* loaded from: input_file:cz/pumpitup/driver8/http/AuthNtlmHandler$STATE.class */
    private enum STATE {
        initial,
        message1sent,
        message3sent
    }

    public AuthNtlmHandler(String str, String str2, String str3, String str4) {
        this.domain = str;
        this.workstation = str2;
        this.username = str3;
        this.password = str4;
    }

    public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
        releaseRequest();
        super.channelInactive(channelHandlerContext);
    }

    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        if (obj instanceof FullHttpResponse) {
            String obj2 = channelHandlerContext.channel().id().toString();
            FullHttpResponse fullHttpResponse = (FullHttpResponse) obj;
            HttpResponseStatus status = fullHttpResponse.status();
            if (!status.equals(HttpResponseStatus.UNAUTHORIZED)) {
                Logger.debug("[{}] Received a {} response code which does not indicate any NTLM authentication needs to be done", new Object[]{obj2, status});
                removeSelfAndReleaseRequest(channelHandlerContext);
            } else if (this.state == STATE.initial) {
                if (ntlmAuthenticationAdvertised(fullHttpResponse)) {
                    HttpForwardClientHandler.logFullHttpResponse(obj2, fullHttpResponse);
                    if (channelHandlerContext.channel().isOpen()) {
                        this.request.headers().set(HttpHeaderNames.AUTHORIZATION, "NTLM " + generateType1Message(this.domain, this.workstation));
                        sendRequest(channelHandlerContext);
                        fullHttpResponse.release();
                        this.state = STATE.message1sent;
                        return;
                    }
                    Logger.warn("[{}] Channel closed before NTLM Message Type 1 could be sent", new Object[]{obj2});
                    removeSelfAndReleaseRequest(channelHandlerContext);
                } else {
                    Logger.warn("[{}] NTLM Authentication not advertised in the response", new Object[]{obj2});
                    removeSelfAndReleaseRequest(channelHandlerContext);
                }
            } else if (this.state == STATE.message1sent) {
                String ntlmMessage2FromHeaderValue = getNtlmMessage2FromHeaderValue(fullHttpResponse);
                if (ntlmMessage2FromHeaderValue != null) {
                    HttpForwardClientHandler.logFullHttpResponse(obj2, fullHttpResponse);
                    if (channelHandlerContext.channel().isOpen()) {
                        try {
                            this.request.headers().set(HttpHeaderNames.AUTHORIZATION, "NTLM " + generateType3Message(ntlmMessage2FromHeaderValue, this.domain, this.workstation, this.username, this.password));
                            sendRequest(channelHandlerContext);
                            fullHttpResponse.release();
                            return;
                        } catch (IOException e) {
                            Logger.warn("[{}] Could not parse NTLM Type 2 message", new Object[]{obj2});
                            removeSelfAndReleaseRequest(channelHandlerContext);
                        }
                    } else {
                        Logger.warn("[{}] Channel closed before NTLM Message Type 3 could be sent", new Object[]{obj2});
                        removeSelfAndReleaseRequest(channelHandlerContext);
                    }
                } else {
                    Logger.warn("[{}] NTLM Message Type 2 not in response after sending NTLM Message Type 1", new Object[]{obj2});
                    removeSelfAndReleaseRequest(channelHandlerContext);
                }
            } else if (this.state == STATE.message3sent) {
                Logger.warn("[{}] Still getting 401 response code after sending NTLM Message Type 3", new Object[]{obj2});
                removeSelfAndReleaseRequest(channelHandlerContext);
            }
        }
        super.channelRead(channelHandlerContext, obj);
    }

    public static String generateType1Message(String str, String str2) {
        return Base64.getEncoder().encodeToString(new Type1Message(Type1Message.getDefaultFlags(), str, str2).toByteArray());
    }

    public static String generateType2Message(byte[] bArr, String str) throws IOException {
        return Base64.getEncoder().encodeToString(new Type2Message(Type1Message.getDefaultFlags() | 65536, bArr, str).toByteArray());
    }

    public static String generateType3Message(String str, String str2, String str3, String str4, String str5) throws IOException {
        return Base64.getEncoder().encodeToString(new Type3Message(new Type2Message(Base64.getDecoder().decode(str)), str5, str2, str4, str3, Type3Message.getDefaultFlags()).toByteArray());
    }

    private void removeSelfAndReleaseRequest(ChannelHandlerContext channelHandlerContext) {
        Logger.debug("[{}] Removing self from the channel pipeline and continuing flow without further authentication on this channel", new Object[]{channelHandlerContext.channel().id()});
        channelHandlerContext.pipeline().remove(this);
        releaseRequest();
    }

    public static String getNtlmMessage2FromHeaderValue(FullHttpResponse fullHttpResponse) {
        return getNtlmMessage2FromHeaderValue(fullHttpResponse.headers().get(HttpHeaderNames.WWW_AUTHENTICATE));
    }

    public static String getNtlmMessage2FromHeaderValue(String str) {
        if (str == null) {
            return null;
        }
        String[] split = str.split(" ");
        if (split.length != 2) {
            return null;
        }
        return split[1];
    }

    private static boolean ntlmAuthenticationAdvertised(FullHttpResponse fullHttpResponse) {
        String str = "ntlm";
        return fullHttpResponse.headers().getAll(HttpHeaderNames.WWW_AUTHENTICATE).stream().anyMatch(str::equalsIgnoreCase);
    }

    public void write(ChannelHandlerContext channelHandlerContext, Object obj, ChannelPromise channelPromise) throws Exception {
        if (obj instanceof FullHttpRequest) {
            if (this.request != null) {
                Logger.warn("[{}] Releasing previous request... this indicates that the previous flow has not completed and new request was triggered to the same channel", new Object[]{channelHandlerContext.channel().id()});
                releaseRequest();
            }
            this.request = (FullHttpRequest) obj;
            this.request.retain();
        }
        super.write(channelHandlerContext, obj, channelPromise);
    }

    private void sendRequest(ChannelHandlerContext channelHandlerContext) {
        this.request.retain();
        channelHandlerContext.writeAndFlush(this.request);
    }

    private void releaseRequest() {
        if (this.request != null) {
            this.request.release();
            this.request = null;
        }
    }
}
