package modules

import (
	"regexp"
	"strings"

	"github.com/bettercap/bettercap/core"
	"github.com/bettercap/bettercap/packets"

	"github.com/google/gopacket"
	"github.com/google/gopacket/layers"
)

var (
	ntlmRe  = regexp.MustCompile("(WWW-|Proxy-|)(Authenticate|Authorization): (NTLM|Negotiate)")
	challRe = regexp.MustCompile("(WWW-|Proxy-|)(Authenticate): (NTLM|Negotiate)")
	respRe  = regexp.MustCompile("(WWW-|Proxy-|)(Authorization): (NTLM|Negotiate)")
	ntlm    = packets.NewNTLMState()
)

func isNtlm(s string) bool {
	return ntlmRe.FindString(s) != ""
}

func isChallenge(s string) bool {
	return challRe.FindString(s) != ""
}

func isResponse(s string) bool {
	return respRe.FindString(s) != ""
}

func ntlmParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
	data := tcp.Payload
	ok := false

	for _, line := range strings.Split(string(data), "\r\n") {
		if isNtlm(line) {
			tokens := strings.Split(line, " ")
			if len(tokens) != 3 {
				continue
			}
			if isChallenge(line) {
				ok = true
				ntlm.AddServerResponse(tcp.Ack, tokens[2])
			} else if isResponse(line) {
				ok = true
				ntlm.AddClientResponse(tcp.Seq, tokens[2], func(data packets.NTLMChallengeResponseParsed) {
					NewSnifferEvent(
						pkt.Metadata().Timestamp,
						"ntlm.response",
						ip.SrcIP.String(),
						ip.DstIP.String(),
						nil,
						"%s %s > %s | %s",
						core.W(core.BG_DGRAY+core.FG_WHITE, "ntlm.response"),
						vIP(ip.SrcIP),
						vIP(ip.DstIP),
						data.LcString(),
					).Push()
				})
			}
		}
	}
	return ok
}