package org.metricshub.winrm.service.client.encryption;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.function.Function;
import java.util.function.UnaryOperator;
import java.util.zip.CRC32;
import org.apache.cxf.message.Message;
import org.apache.http.auth.Credentials;
import org.metricshub.winrm.service.client.auth.ntlm.NTCredentialsWithEncryption;
import org.metricshub.winrm.service.client.auth.ntlm.NTLMEngineUtils;

/* loaded from: input_file:org/metricshub/winrm/service/client/encryption/NtlmEncryptionUtils.class */
public class NtlmEncryptionUtils {
    public static final String ENCRYPTED_BOUNDARY_PREFIX = "--Encrypted Boundary";
    public static final String ENCRYPTED_BOUNDARY_CR = "--Encrypted Boundary\r\n";
    public static final String ENCRYPTED_BOUNDARY_END = "--Encrypted Boundary--\r\n";
    protected final NTCredentialsWithEncryption credentials;

    private NtlmEncryptionUtils(NTCredentialsWithEncryption nTCredentialsWithEncryption) {
        this.credentials = nTCredentialsWithEncryption;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static NtlmEncryptionUtils of(Credentials credentials) {
        if (credentials instanceof NTCredentialsWithEncryption) {
            return new NtlmEncryptionUtils((NTCredentialsWithEncryption) credentials);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static NtlmEncryptionUtils of(Message message) {
        return of((Credentials) message.getExchange().get(Credentials.class.getName()));
    }

    public byte[] encryptAndSign(Message message, byte[] bArr) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                byteArrayOutputStream.write(ENCRYPTED_BOUNDARY_CR.getBytes());
                byteArrayOutputStream.write("\tContent-Type: application/HTTP-SPNEGO-session-encrypted\r\n".getBytes());
                byteArrayOutputStream.write(String.format("\tOriginalContent: type=application/soap+xml;charset=UTF-8;Length=%d\r\n", Integer.valueOf(bArr.length)).getBytes());
                byteArrayOutputStream.write(ENCRYPTED_BOUNDARY_CR.getBytes());
                byteArrayOutputStream.write("\tContent-Type: application/octet-stream\r\n".getBytes());
                writeNtlmEncrypted(bArr, byteArrayOutputStream);
                byteArrayOutputStream.write(ENCRYPTED_BOUNDARY_END.getBytes());
                message.put("Content-Type", "multipart/encrypted;protocol=\"application/HTTP-SPNEGO-session-encrypted\";boundary=\"Encrypted Boundary\"");
                message.put(Message.ENCODING, (Object) null);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                byteArrayOutputStream.close();
                return byteArray;
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalStateException("Cannot encrypt WinRM message", e);
        }
    }

    private byte[] seal(byte[] bArr) {
        return this.credentials.getStatefulEncryptor().update(bArr);
    }

    private void writeNtlmEncrypted(byte[] bArr, ByteArrayOutputStream byteArrayOutputStream) throws IOException {
        long incrementAndGet = this.credentials.getSequenceNumberOutgoing().incrementAndGet();
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        try {
            ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
            try {
                byteArrayOutputStream3.write(seal(bArr));
                calculateSignature(bArr, incrementAndGet, byteArrayOutputStream2, this.credentials, (v0) -> {
                    return v0.getClientSigningKey();
                }, this::seal);
                byteArrayOutputStream.write(ByteArrayUtils.getLittleEndianUnsignedInt(byteArrayOutputStream2.size()));
                byteArrayOutputStream.write(byteArrayOutputStream2.toByteArray());
                byteArrayOutputStream.write(byteArrayOutputStream3.toByteArray());
                byteArrayOutputStream3.close();
                byteArrayOutputStream2.close();
            } finally {
            }
        } catch (Throwable th) {
            try {
                byteArrayOutputStream2.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public void decrypt(Message message) {
        new Decryptor(this.credentials).handle(message);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Type inference failed for: r1v16, types: [byte[], byte[][]] */
    public static void calculateSignature(byte[] bArr, long j, ByteArrayOutputStream byteArrayOutputStream, NTCredentialsWithEncryption nTCredentialsWithEncryption, Function<NTCredentialsWithEncryption, byte[]> function, UnaryOperator<byte[]> unaryOperator) throws IOException {
        if (nTCredentialsWithEncryption.hasNegotiateFlag(NTLMEngineUtils.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)) {
            byte[] copyOfRange = Arrays.copyOfRange(EncryptionUtils.hmacMd5(function.apply(nTCredentialsWithEncryption), ByteArrayUtils.concat(new byte[]{ByteArrayUtils.getLittleEndianUnsignedInt(j), bArr})), 0, 8);
            if (nTCredentialsWithEncryption.hasNegotiateFlag(NTLMEngineUtils.NTLMSSP_NEGOTIATE_KEY_EXCH)) {
                copyOfRange = (byte[]) unaryOperator.apply(copyOfRange);
            }
            byteArrayOutputStream.write(new byte[]{1, 0, 0, 0});
            byteArrayOutputStream.write(copyOfRange);
            byteArrayOutputStream.write(ByteArrayUtils.getLittleEndianUnsignedInt(j));
            return;
        }
        CRC32 crc32 = new CRC32();
        crc32.update(bArr);
        long value = crc32.getValue();
        byteArrayOutputStream.write(new byte[]{1, 0, 0, 0});
        byteArrayOutputStream.write((byte[]) unaryOperator.apply(ByteArrayUtils.getLittleEndianUnsignedInt(0L)));
        byteArrayOutputStream.write((byte[]) unaryOperator.apply(ByteArrayUtils.getLittleEndianUnsignedInt(value)));
        byteArrayOutputStream.write((byte[]) unaryOperator.apply(ByteArrayUtils.getLittleEndianUnsignedInt(j)));
    }
}
