package org.apache.http.impl.auth.ntlm;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.http.impl.auth.DebugUtil;
import org.apache.http.impl.auth.ntlm.NTLMEngineImpl;

/* loaded from: input_file:org/apache/http/impl/auth/ntlm/NTLMHandle.class */
public class NTLMHandle {
    private final byte[] exportedSessionKey;
    private byte[] signingKey;
    private byte[] sealingKey;
    private Cipher rc4;
    final NTLMEngineImpl.Mode mode;
    private final boolean isConnection;
    int sequenceNumber = 0;

    /* JADX INFO: Access modifiers changed from: package-private */
    public NTLMHandle(byte[] bArr, NTLMEngineImpl.Mode mode, boolean z) {
        this.exportedSessionKey = bArr;
        this.isConnection = z;
        this.mode = mode;
    }

    public byte[] getSigningKey() {
        return this.signingKey;
    }

    public byte[] getSealingKey() {
        return this.sealingKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void init() throws NTLMEngineException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            MessageDigest messageDigest2 = MessageDigest.getInstance("MD5");
            messageDigest.update(this.exportedSessionKey);
            messageDigest2.update(this.exportedSessionKey);
            if (this.mode == NTLMEngineImpl.Mode.CLIENT) {
                messageDigest.update(NTLMEngineImpl.SIGN_MAGIC_CLIENT);
                messageDigest2.update(NTLMEngineImpl.SEAL_MAGIC_CLIENT);
            } else {
                messageDigest.update(NTLMEngineImpl.SIGN_MAGIC_SERVER);
                messageDigest2.update(NTLMEngineImpl.SEAL_MAGIC_SERVER);
            }
            this.signingKey = messageDigest.digest();
            this.sealingKey = messageDigest2.digest();
            if (NTLMEngineImpl.develTrace) {
                NTLMEngineImpl.log.trace("signingKey(" + this.mode + "): " + DebugUtil.dump(this.signingKey));
                NTLMEngineImpl.log.trace("sealingKey(" + this.mode + "): " + DebugUtil.dump(this.sealingKey));
            }
            this.rc4 = initCipher();
        } catch (Exception e) {
            throw new NTLMEngineException(e.getMessage(), e);
        }
    }

    private Cipher initCipher() throws NTLMEngineException {
        try {
            Cipher cipher = Cipher.getInstance("RC4");
            if (this.mode == NTLMEngineImpl.Mode.CLIENT) {
                cipher.init(1, new SecretKeySpec(this.sealingKey, "RC4"));
            } else {
                cipher.init(2, new SecretKeySpec(this.sealingKey, "RC4"));
            }
            return cipher;
        } catch (Exception e) {
            throw new NTLMEngineException(e.getMessage(), e);
        }
    }

    private void advanceMessageSequence() throws NTLMEngineException {
        if (!this.isConnection) {
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                messageDigest.update(this.sealingKey);
                byte[] bArr = new byte[4];
                NTLMEngineImpl.writeULong(bArr, this.sequenceNumber, 0);
                messageDigest.update(bArr);
                this.sealingKey = messageDigest.digest();
                initCipher();
            } catch (NoSuchAlgorithmException e) {
                throw new NTLMEngineException(e.getMessage(), e);
            }
        }
        this.sequenceNumber++;
    }

    private byte[] encrypt(byte[] bArr) throws NTLMEngineException {
        return this.rc4.update(bArr);
    }

    private byte[] decrypt(byte[] bArr) throws NTLMEngineException {
        return this.rc4.update(bArr);
    }

    private byte[] computeSignature(byte[] bArr) throws NTLMEngineException {
        byte[] bArr2 = new byte[16];
        bArr2[0] = 1;
        bArr2[1] = 0;
        bArr2[2] = 0;
        bArr2[3] = 0;
        NTLMEngineImpl.HMACMD5 hmacmd5 = new NTLMEngineImpl.HMACMD5(this.signingKey);
        hmacmd5.update(encodeLong(this.sequenceNumber));
        hmacmd5.update(bArr);
        byte[] output = hmacmd5.getOutput();
        byte[] bArr3 = new byte[8];
        System.arraycopy(output, 0, bArr3, 0, 8);
        System.arraycopy(encrypt(bArr3), 0, bArr2, 4, 8);
        encodeLong(bArr2, 12, this.sequenceNumber);
        return bArr2;
    }

    private boolean validateSignature(byte[] bArr, byte[] bArr2) throws NTLMEngineException {
        return Arrays.equals(bArr, computeSignature(bArr2));
    }

    public byte[] signAndEcryptMessage(byte[] bArr) throws NTLMEngineException {
        byte[] encrypt = encrypt(bArr);
        byte[] computeSignature = computeSignature(bArr);
        byte[] bArr2 = new byte[computeSignature.length + encrypt.length];
        System.arraycopy(computeSignature, 0, bArr2, 0, computeSignature.length);
        System.arraycopy(encrypt, 0, bArr2, computeSignature.length, encrypt.length);
        advanceMessageSequence();
        return bArr2;
    }

    public byte[] decryptAndVerifySignedMessage(byte[] bArr) throws NTLMEngineException {
        byte[] bArr2 = new byte[16];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        byte[] bArr3 = new byte[bArr.length - 16];
        System.arraycopy(bArr, 16, bArr3, 0, bArr3.length);
        byte[] decrypt = decrypt(bArr3);
        if (!validateSignature(bArr2, decrypt)) {
            throw new NTLMEngineException("Wrong signature");
        }
        advanceMessageSequence();
        return decrypt;
    }

    private byte[] encodeLong(int i) {
        byte[] bArr = new byte[4];
        encodeLong(bArr, 0, i);
        return bArr;
    }

    private void encodeLong(byte[] bArr, int i, int i2) {
        bArr[i + 0] = (byte) (i2 & 255);
        bArr[i + 1] = (byte) ((i2 >> 8) & 255);
        bArr[i + 2] = (byte) ((i2 >> 16) & 255);
        bArr[i + 3] = (byte) ((i2 >> 24) & 255);
    }
}
