package org.owasp.webscarab.httpclient;

import flex.messaging.config.SecurityConstraint;
import flex.messaging.messages.CommandMessage;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import jcifs.ntlmssp.NtlmMessage;
import jcifs.ntlmssp.Type1Message;
import jcifs.ntlmssp.Type2Message;
import jcifs.ntlmssp.Type3Message;
import jcifs.util.Base64;
import org.apache.xml.serialize.LineSeparator;
import org.openid4java.association.Association;
import org.owasp.webscarab.model.HttpUrl;
import org.owasp.webscarab.model.NamedValue;
import org.owasp.webscarab.model.Request;
import org.owasp.webscarab.model.Response;
import org.owasp.webscarab.util.Glob;

/* loaded from: input_file:main/WebScarab-1.0.0-SNAPSHOT.jar:org/owasp/webscarab/httpclient/URLFetcher.class */
public class URLFetcher implements HTTPClient {
    private String _keyFingerprint = null;
    private SSLContextManager _sslContextManager = null;
    private Logger _logger = Logger.getLogger(getClass().getName());
    private String _httpProxy = "";
    private int _httpProxyPort = -1;
    private String _httpsProxy = "";
    private int _httpsProxyPort = -1;
    private String[] _noProxy = new String[0];
    private Socket _socket = null;
    private boolean _direct = false;
    private Response _response = null;
    private InputStream _in = null;
    private OutputStream _out = null;
    private String _host = null;
    private int _port = 0;
    private long _lastRequestTime = 0;
    private int _timeout = 0;
    private int _connectTimeout = CommandMessage.UNKNOWN_OPERATION;
    private Authenticator _authenticator = null;
    private String _authCreds = null;
    private String _proxyAuthCreds = null;

    public void setHttpProxy(String str, int i) {
        this._httpProxy = str;
        if (this._httpProxy == null) {
            this._httpProxy = "";
        }
        this._httpProxyPort = i;
    }

    public void setHttpsProxy(String str, int i) {
        this._httpsProxy = str;
        if (this._httpsProxy == null) {
            this._httpsProxy = "";
        }
        this._httpsProxyPort = i;
    }

    public void setNoProxy(String[] strArr) {
        if (strArr == null) {
            this._noProxy = new String[0];
        } else if (strArr.length == 0) {
            this._noProxy = strArr;
        } else {
            this._noProxy = new String[strArr.length];
            System.arraycopy(strArr, 0, this._noProxy, 0, strArr.length);
        }
    }

    public void setSSLContextManager(SSLContextManager sSLContextManager) {
        this._sslContextManager = sSLContextManager;
    }

    public void setTimeouts(int i, int i2) {
        this._connectTimeout = i;
        this._timeout = i2;
    }

    public void setAuthenticator(Authenticator authenticator) {
        this._authenticator = authenticator;
    }

    public Authenticator getAuthenticator() {
        return this._authenticator;
    }

    @Override // org.owasp.webscarab.httpclient.HTTPClient
    public Response fetchResponse(Request request) throws IOException {
        String status;
        if (this._response != null) {
            this._response.flushContentStream();
            this._response = null;
        }
        if (request == null) {
            this._logger.severe("Asked to fetch a null request");
            return null;
        }
        HttpUrl url = request.getURL();
        if (url == null) {
            this._logger.severe("Asked to fetch a request with a null URL");
            return null;
        }
        if (this._authCreds != null && !this._authCreds.startsWith(SecurityConstraint.BASIC_AUTH_METHOD)) {
            this._lastRequestTime = 0L;
        }
        if (this._proxyAuthCreds != null && !this._proxyAuthCreds.startsWith(SecurityConstraint.BASIC_AUTH_METHOD)) {
            this._lastRequestTime = 0L;
        }
        this._authCreds = request.getHeader("Authorization");
        this._proxyAuthCreds = request.getHeader("Proxy-Authorization");
        String header = request.getHeader("X-SSLClientCertificate");
        request.deleteHeader("X-SSLClientCertificate");
        if ((header != null || this._keyFingerprint != null) && (header == null || this._keyFingerprint == null || !header.equals(this._keyFingerprint))) {
            this._keyFingerprint = header;
            this._lastRequestTime = 0L;
        }
        if (this._proxyAuthCreds == null && this._authenticator != null && useProxy(url)) {
            this._proxyAuthCreds = this._authenticator.getProxyCredentials(url.toString().startsWith("https") ? this._httpsProxy : this._httpProxy, null);
        }
        String constructAuthenticationHeader = constructAuthenticationHeader(null, this._proxyAuthCreds);
        if (this._authCreds == null && this._authenticator != null) {
            this._authCreds = this._authenticator.getCredentials(url, null);
        }
        String constructAuthenticationHeader2 = constructAuthenticationHeader(null, this._authCreds);
        int i = 0;
        while (true) {
            request.deleteHeader("Authorization");
            request.deleteHeader("Proxy-Authorization");
            this._response = null;
            connect(url);
            if (this._response != null) {
                return this._response;
            }
            if (constructAuthenticationHeader2 != null) {
                request.setHeader("Authorization", constructAuthenticationHeader2);
                if (constructAuthenticationHeader2.startsWith("NTLM") || constructAuthenticationHeader2.startsWith("Negotiate")) {
                    if (request.getVersion().equals("HTTP/1.0")) {
                        request.setHeader("Connection", "Keep-Alive");
                    } else {
                        request.deleteHeader("Connection");
                    }
                }
            }
            if (this._direct) {
                request.writeDirect(this._out);
            } else {
                if (constructAuthenticationHeader != null) {
                    request.setHeader("Proxy-Authorization", constructAuthenticationHeader);
                    if (constructAuthenticationHeader.startsWith("NTLM") || constructAuthenticationHeader.startsWith("Negotiate")) {
                        if (request.getVersion().equals("HTTP/1.0")) {
                            request.setHeader("Connection", "Keep-Alive");
                        } else {
                            request.deleteHeader("Connection");
                        }
                    }
                }
                request.write(this._out);
            }
            this._out.flush();
            this._logger.finest("Request : \n" + request.toString());
            this._response = new Response();
            this._response.setRequest(request);
            this._logger.fine("Reading the response");
            do {
                this._response.read(this._in);
                status = this._response.getStatus();
            } while (status.equals("100"));
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(this._response.getStatusLine()).append("\n");
            NamedValue[] headers = this._response.getHeaders();
            if (headers != null) {
                for (int i2 = 0; i2 < headers.length; i2++) {
                    stringBuffer.append(headers[i2].getName()).append(": ").append(headers[i2].getValue()).append("\n");
                }
            }
            this._logger.finest("Response:\n" + stringBuffer.toString());
            if (status.equals("407")) {
                this._response.flushContentStream();
                String str = constructAuthenticationHeader;
                String[] headers2 = this._response.getHeaders("Proxy-Authenticate");
                if (this._proxyAuthCreds == null && this._authenticator != null) {
                    this._proxyAuthCreds = this._authenticator.getProxyCredentials(this._httpProxy, headers2);
                }
                constructAuthenticationHeader = constructAuthenticationHeader(headers2, this._proxyAuthCreds);
                if (constructAuthenticationHeader != null && str != null && str.equals(constructAuthenticationHeader)) {
                    this._logger.info("No possible authentication");
                    constructAuthenticationHeader = null;
                }
            }
            if (status.equals("401")) {
                this._response.flushContentStream();
                String str2 = constructAuthenticationHeader2;
                String[] headers3 = this._response.getHeaders("WWW-Authenticate");
                if (this._authCreds == null && this._authenticator != null) {
                    this._authCreds = this._authenticator.getCredentials(url, headers3);
                }
                this._logger.finer("Auth creds are " + this._authCreds);
                constructAuthenticationHeader2 = constructAuthenticationHeader(headers3, this._authCreds);
                this._logger.finer("Auth header is " + constructAuthenticationHeader2);
                if (constructAuthenticationHeader2 != null && str2 != null && str2.equals(constructAuthenticationHeader2)) {
                    this._logger.info("No possible authentication");
                    constructAuthenticationHeader2 = null;
                }
            }
            if (request.getMethod().equals("HEAD")) {
                this._response.setNoBody();
            }
            this._logger.info(request.getURL() + " : " + this._response.getStatusLine());
            String header2 = this._response.getHeader("Proxy-Connection");
            if (header2 == null || !"close".equalsIgnoreCase(header2)) {
                String header3 = this._response.getHeader("Connection");
                String version = request.getVersion();
                if (version.equals("HTTP/1.0") && "Keep-alive".equalsIgnoreCase(header3)) {
                    this._lastRequestTime = System.currentTimeMillis();
                } else if (!version.equals("HTTP/1.1") || (header3 != null && header3.equalsIgnoreCase("Close"))) {
                    this._logger.info("Closing connection!");
                    this._in = null;
                    this._out = null;
                } else {
                    this._lastRequestTime = System.currentTimeMillis();
                }
            } else {
                this._in = null;
                this._out = null;
            }
            i++;
            if (i >= 3) {
                break;
            }
            if (!status.equals("401") || constructAuthenticationHeader2 == null) {
                if (!status.equals("407") || constructAuthenticationHeader == null) {
                    break;
                }
            }
        }
        if (this._authCreds != null) {
            request.setHeader("Authorization", this._authCreds);
        }
        if (this._proxyAuthCreds != null) {
            request.setHeader("Proxy-Authorization", this._proxyAuthCreds);
        }
        if (this._keyFingerprint != null) {
            request.setHeader("X-SSLClientCertificate", this._keyFingerprint);
        }
        return this._response;
    }

    private void connect(HttpUrl httpUrl) throws IOException {
        if (invalidSocket(httpUrl)) {
            this._logger.fine("Opening a new connection");
            this._socket = new Socket();
            this._socket.setSoTimeout(this._timeout);
            this._direct = true;
            this._host = httpUrl.getHost();
            this._port = httpUrl.getPort();
            boolean equalsIgnoreCase = httpUrl.getScheme().equalsIgnoreCase("https");
            if (!useProxy(httpUrl)) {
                this._logger.fine("Connect to " + this._host + ":" + this._port);
                this._socket.connect(new InetSocketAddress(this._host, this._port), this._connectTimeout);
            } else if (equalsIgnoreCase) {
                this._socket.connect(new InetSocketAddress(this._httpsProxy, this._httpsProxyPort), this._connectTimeout);
                this._in = this._socket.getInputStream();
                this._out = this._socket.getOutputStream();
                String constructAuthenticationHeader = constructAuthenticationHeader(null, this._proxyAuthCreds);
                do {
                    this._out.write(("CONNECT " + this._host + ":" + this._port + " HTTP/1.0\r\n").getBytes());
                    if (constructAuthenticationHeader != null) {
                        this._out.write(("Proxy-Authorization: " + constructAuthenticationHeader + LineSeparator.Windows).getBytes());
                    }
                    this._out.write(LineSeparator.Windows.getBytes());
                    this._out.flush();
                    this._logger.fine("Sent CONNECT, reading Proxy response");
                    Response response = new Response();
                    response.read(this._in);
                    this._logger.fine("Got proxy response " + response.getStatusLine());
                    String status = response.getStatus();
                    if (status.equals("407")) {
                        response.flushContentStream();
                        String str = constructAuthenticationHeader;
                        String[] headers = response.getHeaders("Proxy-Authenticate");
                        if (this._proxyAuthCreds == null && this._authenticator != null) {
                            this._proxyAuthCreds = this._authenticator.getProxyCredentials(this._httpsProxy, headers);
                        }
                        if (this._proxyAuthCreds == null) {
                            this._response = response;
                            return;
                        }
                        constructAuthenticationHeader = constructAuthenticationHeader(headers, this._proxyAuthCreds);
                        if (constructAuthenticationHeader == null || (str != null && str.equals(constructAuthenticationHeader))) {
                            this._response = response;
                            return;
                        }
                    }
                    if (!status.equals("407")) {
                        break;
                    }
                } while (constructAuthenticationHeader != null);
                this._logger.fine("HTTPS CONNECT successful");
            } else {
                this._logger.fine("Connect to " + this._httpProxy + ":" + this._httpProxyPort);
                this._socket.connect(new InetSocketAddress(this._httpProxy, this._httpProxyPort), this._connectTimeout);
                this._in = this._socket.getInputStream();
                this._out = this._socket.getOutputStream();
                this._direct = false;
            }
            if (equalsIgnoreCase) {
                if (this._keyFingerprint == null) {
                    this._keyFingerprint = this._sslContextManager.getDefaultKey();
                }
                this._logger.fine("Key fingerprint is " + this._keyFingerprint);
                SSLContext sSLContext = this._sslContextManager.getSSLContext(this._keyFingerprint);
                if (sSLContext == null) {
                    throw new IOException("No SSL cert found matching fingerprint: " + this._keyFingerprint);
                }
                try {
                    SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(this._socket, this._socket.getInetAddress().getHostName(), this._socket.getPort(), true);
                    sSLSocket.setEnabledProtocols(new String[]{"SSLv3"});
                    sSLSocket.setUseClientMode(true);
                    this._socket = sSLSocket;
                    this._socket.setSoTimeout(this._timeout);
                    this._logger.fine("Finished negotiating SSL");
                } catch (IOException e) {
                    this._logger.severe("Error layering SSL over the existing socket: " + e);
                    throw e;
                }
            }
            this._in = this._socket.getInputStream();
            this._out = this._socket.getOutputStream();
        }
    }

    private boolean useProxy(HttpUrl httpUrl) {
        String host = httpUrl.getHost();
        boolean equalsIgnoreCase = httpUrl.getScheme().equalsIgnoreCase("https");
        if (equalsIgnoreCase && "".equals(this._httpsProxy)) {
            return false;
        }
        if (!equalsIgnoreCase && "".equals(this._httpProxy)) {
            return false;
        }
        for (int i = 0; i < this._noProxy.length; i++) {
            if (this._noProxy[i].startsWith(".") && host.endsWith(this._noProxy[i])) {
                return false;
            }
            if ((this._noProxy[i].equals("<local>") && host.indexOf(46) < 0) || host.equals(this._noProxy[i])) {
                return false;
            }
            if (host.matches(Glob.globToRE(this._noProxy[i]))) {
                return false;
            }
        }
        return true;
    }

    private boolean invalidSocket(HttpUrl httpUrl) {
        if (this._host == null || this._in == null) {
            return true;
        }
        if (!httpUrl.getHost().equals(this._host)) {
            this._logger.fine("Previous request was to a different host");
            return true;
        }
        if (httpUrl.getPort() != this._port) {
            this._logger.fine("Previous request was to a different port");
            return true;
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - this._lastRequestTime > 1000) {
            this._logger.fine("Socket has expired (" + (currentTimeMillis - this._lastRequestTime) + "), open a new one!");
            return true;
        }
        if (this._socket.isOutputShutdown() || this._socket.isClosed()) {
            this._logger.fine("Existing socket is closed");
            return true;
        }
        this._logger.fine("Existing socket is valid, reusing it!");
        return false;
    }

    private String constructAuthenticationHeader(String[] strArr, String str) {
        if (str == null) {
            return null;
        }
        if (str.startsWith(SecurityConstraint.BASIC_AUTH_METHOD)) {
            return str;
        }
        if (strArr == null) {
            return null;
        }
        for (int i = 0; i < strArr.length; i++) {
            this._logger.fine("Challenge: " + strArr[i]);
            if (strArr[i].startsWith("NTLM") && str.startsWith("NTLM")) {
                return attemptNegotiation(strArr[i], str);
            }
            if (strArr[i].startsWith("Negotiate") && str.startsWith("Negotiate")) {
                this._logger.fine("Attempting 'Negotiate' Authentication");
                return attemptNegotiation(strArr[i], str);
            }
            this._logger.info("Can't do auth for " + strArr[i]);
        }
        return null;
    }

    private String attemptNegotiation(String str, String str2) {
        NtlmMessage type3Message;
        String str3 = null;
        String str4 = null;
        if (str.startsWith("NTLM")) {
            if (str.length() == 4) {
                str3 = "NTLM";
            }
            if (str.indexOf(32) == 4) {
                str3 = "NTLM";
                str4 = str.substring(5).trim();
            }
        } else if (str.startsWith("Negotiate")) {
            if (str.length() == 9) {
                str3 = "Negotiate";
            }
            if (str.indexOf(32) == 9) {
                str3 = "Negotiate";
                str4 = str.substring(10).trim();
            }
        }
        if (str3 == null) {
            return null;
        }
        Type2Message type2Message = null;
        if (str4 != null) {
            try {
                type2Message = new Type2Message(Base64.decode(str4));
            } catch (IOException e) {
                e.printStackTrace();
                return null;
            }
        }
        if (type2Message == null) {
            type3Message = new Type1Message(557575, null, null);
        } else {
            String str5 = new String(Base64.decode(str2.substring(str3.length() + 1)));
            String substring = str5.substring(0, str5.indexOf("\\"));
            String substring2 = str5.substring(substring.length() + 1, str5.indexOf(":"));
            type3Message = new Type3Message(type2Message, str5.substring(substring.length() + substring2.length() + 2), substring, substring2, (String) null, 557575 ^ 2);
        }
        return str3 + Association.FAILED_ASSOC_HANDLE + Base64.encode(type3Message.toByteArray());
    }
}
