package org.apache.hc.client5.http.impl.auth;

import java.net.UnknownHostException;
import java.security.Principal;
import java.util.Locale;
import org.apache.hc.client5.http.auth.AuthenticationException;
import org.apache.hc.client5.http.auth.InvalidCredentialsException;
import org.apache.hc.client5.http.auth.KerberosConfig;
import org.apache.hc.client5.http.auth.KerberosCredentials;
import org.apache.hc.client5.http.auth.MalformedChallengeException;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.o;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: classes.dex */
public abstract class GGSSchemeBase implements org.apache.hc.client5.http.auth.c {
    private static final org.slf4j.b p = org.slf4j.c.i(GGSSchemeBase.class);

    /* renamed from: a, reason: collision with root package name */
    private final KerberosConfig f2102a;

    /* renamed from: b, reason: collision with root package name */
    private final org.apache.hc.client5.http.d f2103b;

    /* renamed from: c, reason: collision with root package name */
    private State f2104c;
    private GSSCredential m;
    private String n;
    private byte[] o;

    /* loaded from: classes.dex */
    enum State {
        UNINITIATED,
        CHALLENGE_RECEIVED,
        TOKEN_GENERATED,
        FAILED
    }

    /* loaded from: classes.dex */
    static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f2105a;

        static {
            int[] iArr = new int[State.values().length];
            f2105a = iArr;
            try {
                iArr[State.UNINITIATED.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f2105a[State.FAILED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f2105a[State.CHALLENGE_RECEIVED.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f2105a[State.TOKEN_GENERATED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    GGSSchemeBase() {
        this(KerberosConfig.m, org.apache.hc.client5.http.i.f2101a);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GGSSchemeBase(KerberosConfig kerberosConfig, org.apache.hc.client5.http.d dVar) {
        this.f2102a = kerberosConfig == null ? KerberosConfig.m : kerberosConfig;
        this.f2103b = dVar == null ? org.apache.hc.client5.http.i.f2101a : dVar;
        this.f2104c = State.UNINITIATED;
    }

    @Override // org.apache.hc.client5.http.auth.c
    public void a(org.apache.hc.client5.http.auth.b bVar, org.apache.hc.core5.http.protocol.d dVar) {
        org.apache.hc.core5.util.a.o(bVar, "AuthChallenge");
        if (bVar.c() == null) {
            throw new MalformedChallengeException("Missing auth challenge");
        }
        String c2 = bVar.c();
        this.n = c2;
        if (this.f2104c == State.UNINITIATED) {
            this.o = org.apache.commons.codec.b.a.n(c2.getBytes());
            this.f2104c = State.CHALLENGE_RECEIVED;
        } else {
            p.g("Authentication already attempted");
            this.f2104c = State.FAILED;
        }
    }

    @Override // org.apache.hc.client5.http.auth.c
    public boolean b(HttpHost httpHost, org.apache.hc.client5.http.auth.h hVar, org.apache.hc.core5.http.protocol.d dVar) {
        org.apache.hc.core5.util.a.o(httpHost, "Auth host");
        org.apache.hc.core5.util.a.o(hVar, "CredentialsProvider");
        org.apache.hc.client5.http.auth.g b2 = hVar.b(new org.apache.hc.client5.http.auth.e(httpHost, null, getName()), dVar);
        if (b2 instanceof KerberosCredentials) {
            this.m = ((KerberosCredentials) b2).c();
            return true;
        }
        this.m = null;
        return true;
    }

    @Override // org.apache.hc.client5.http.auth.c
    public String c(HttpHost httpHost, o oVar, org.apache.hc.core5.http.protocol.d dVar) {
        org.apache.hc.core5.util.a.o(httpHost, "HTTP host");
        org.apache.hc.core5.util.a.o(oVar, "HTTP request");
        int i = a.f2105a[this.f2104c.ordinal()];
        if (i == 1) {
            throw new AuthenticationException(getName() + " authentication has not been initiated");
        }
        if (i == 2) {
            throw new AuthenticationException(getName() + " authentication has failed");
        }
        if (i == 3) {
            try {
                String a2 = httpHost.a();
                if (this.f2102a.d() != KerberosConfig.Option.DISABLE) {
                    try {
                        a2 = this.f2103b.a(httpHost.a());
                    } catch (UnknownHostException unused) {
                    }
                }
                if (this.f2102a.c() == KerberosConfig.Option.DISABLE) {
                    a2 = a2 + ":" + httpHost.b();
                }
                String upperCase = httpHost.d().toUpperCase(Locale.ROOT);
                org.slf4j.b bVar = p;
                if (bVar.isDebugEnabled()) {
                    bVar.y("init {}", a2);
                }
                this.o = i(this.o, upperCase, a2);
                this.f2104c = State.TOKEN_GENERATED;
            } catch (GSSException e) {
                this.f2104c = State.FAILED;
                if (e.getMajor() == 9 || e.getMajor() == 8) {
                    throw new InvalidCredentialsException(e.getMessage(), e);
                }
                if (e.getMajor() == 13) {
                    throw new InvalidCredentialsException(e.getMessage(), e);
                }
                if (e.getMajor() == 10 || e.getMajor() == 19 || e.getMajor() == 20) {
                    throw new AuthenticationException(e.getMessage(), e);
                }
                throw new AuthenticationException(e.getMessage());
            }
        } else if (i != 4) {
            throw new IllegalStateException("Illegal state: " + this.f2104c);
        }
        String str = new String(new org.apache.commons.codec.b.a(0).f(this.o));
        org.slf4j.b bVar2 = p;
        if (bVar2.isDebugEnabled()) {
            bVar2.y("Sending response '{}' back to the auth server", str);
        }
        return "Negotiate " + str;
    }

    @Override // org.apache.hc.client5.http.auth.c
    public Principal d() {
        return null;
    }

    @Override // org.apache.hc.client5.http.auth.c
    public boolean e() {
        State state = this.f2104c;
        return state == State.TOKEN_GENERATED || state == State.FAILED;
    }

    protected GSSContext g(GSSManager gSSManager, Oid oid, GSSName gSSName, GSSCredential gSSCredential) {
        GSSContext createContext = gSSManager.createContext(gSSName.canonicalize(oid), oid, gSSCredential, 0);
        createContext.requestMutualAuth(true);
        if (this.f2102a.b() != KerberosConfig.Option.DEFAULT) {
            createContext.requestCredDeleg(this.f2102a.b() == KerberosConfig.Option.ENABLE);
        }
        return createContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] h(byte[] bArr, Oid oid, String str, String str2) {
        GSSManager j = j();
        GSSContext g = g(j, oid, j.createName(str + "@" + str2, GSSName.NT_HOSTBASED_SERVICE), this.m);
        return bArr != null ? g.initSecContext(bArr, 0, bArr.length) : g.initSecContext(new byte[0], 0, 0);
    }

    protected abstract byte[] i(byte[] bArr, String str, String str2);

    protected GSSManager j() {
        return GSSManager.getInstance();
    }

    public String toString() {
        return getName() + "{" + this.f2104c + " " + this.n + '}';
    }
}
