package org.apache.hc.client5.http.impl.auth;

import h.a.a.a.a.g;
import h.a.a.a.a.o;
import h.a.a.a.a.s.b;
import h.a.a.a.a.s.c;
import h.a.a.a.a.s.e;
import h.a.a.a.a.s.i;
import h.a.a.a.a.s.j;
import h.a.a.a.a.s.l;
import h.a.a.a.a.s.m;
import h.a.a.a.a.s.n;
import h.a.a.b.d.w;
import h.a.a.b.d.y;
import h.g.d;
import h.g.i.f;
import java.net.UnknownHostException;
import java.security.Principal;
import java.util.Locale;
import org.apache.commons.codec.binary.Base64;
import org.apache.hc.client5.http.auth.KerberosConfig;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: classes2.dex */
public abstract class GGSSchemeBase implements c {

    /* renamed from: g, reason: collision with root package name */
    private static final h.g.c f12772g = d.i(GGSSchemeBase.class);

    /* renamed from: a, reason: collision with root package name */
    private final KerberosConfig f12773a;

    /* renamed from: b, reason: collision with root package name */
    private final g f12774b;

    /* renamed from: c, reason: collision with root package name */
    private State f12775c;

    /* renamed from: d, reason: collision with root package name */
    private GSSCredential f12776d;

    /* renamed from: e, reason: collision with root package name */
    private String f12777e;

    /* renamed from: f, reason: collision with root package name */
    private byte[] f12778f;

    /* loaded from: classes2.dex */
    public enum State {
        UNINITIATED,
        CHALLENGE_RECEIVED,
        TOKEN_GENERATED,
        FAILED
    }

    /* loaded from: classes2.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f12779a;

        static {
            int[] iArr = new int[State.values().length];
            f12779a = iArr;
            try {
                iArr[State.UNINITIATED.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f12779a[State.FAILED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f12779a[State.CHALLENGE_RECEIVED.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f12779a[State.TOKEN_GENERATED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    public GGSSchemeBase() {
        this(KerberosConfig.f12701d, o.f10100a);
    }

    public GGSSchemeBase(KerberosConfig kerberosConfig) {
        this(kerberosConfig, o.f10100a);
    }

    public GGSSchemeBase(KerberosConfig kerberosConfig, g gVar) {
        this.f12773a = kerberosConfig == null ? KerberosConfig.f12701d : kerberosConfig;
        this.f12774b = gVar == null ? o.f10100a : gVar;
        this.f12775c = State.UNINITIATED;
    }

    @Override // h.a.a.a.a.s.c
    public boolean a(w wVar, j jVar, h.a.a.b.d.g1.d dVar) throws h.a.a.a.a.s.g {
        h.a.a.b.k.a.p(wVar, "Auth host");
        h.a.a.b.k.a.p(jVar, "CredentialsProvider");
        i b2 = jVar.b(new e(wVar, null, getName()), dVar);
        if (b2 instanceof m) {
            this.f12776d = ((m) b2).b();
            return true;
        }
        this.f12776d = null;
        return true;
    }

    @Override // h.a.a.a.a.s.c
    public String b(w wVar, y yVar, h.a.a.b.d.g1.d dVar) throws h.a.a.a.a.s.g {
        h.a.a.b.k.a.p(wVar, "HTTP host");
        h.a.a.b.k.a.p(yVar, "HTTP request");
        int i2 = a.f12779a[this.f12775c.ordinal()];
        if (i2 == 1) {
            throw new h.a.a.a.a.s.g(getName() + " authentication has not been initiated");
        }
        if (i2 == 2) {
            throw new h.a.a.a.a.s.g(getName() + " authentication has failed");
        }
        if (i2 == 3) {
            try {
                String b2 = wVar.b();
                if (this.f12773a.f() != KerberosConfig.Option.DISABLE) {
                    try {
                        b2 = this.f12774b.b(wVar.b());
                    } catch (UnknownHostException unused) {
                    }
                }
                if (this.f12773a.e() == KerberosConfig.Option.DISABLE) {
                    b2 = b2 + ":" + wVar.a();
                }
                String upperCase = wVar.f().toUpperCase(Locale.ROOT);
                h.g.c cVar = f12772g;
                if (cVar.f()) {
                    cVar.G("init {}", b2);
                }
                this.f12778f = j(this.f12778f, upperCase, b2);
                this.f12775c = State.TOKEN_GENERATED;
            } catch (GSSException e2) {
                this.f12775c = State.FAILED;
                if (e2.getMajor() == 9 || e2.getMajor() == 8) {
                    throw new l(e2.getMessage(), e2);
                }
                if (e2.getMajor() == 13) {
                    throw new l(e2.getMessage(), e2);
                }
                if (e2.getMajor() == 10 || e2.getMajor() == 19 || e2.getMajor() == 20) {
                    throw new h.a.a.a.a.s.g(e2.getMessage(), e2);
                }
                throw new h.a.a.a.a.s.g(e2.getMessage());
            }
        } else if (i2 != 4) {
            throw new IllegalStateException("Illegal state: " + this.f12775c);
        }
        String str = new String(new Base64(0).encode(this.f12778f));
        h.g.c cVar2 = f12772g;
        if (cVar2.f()) {
            cVar2.G("Sending response '{}' back to the auth server", str);
        }
        return "Negotiate " + str;
    }

    @Override // h.a.a.a.a.s.c
    public boolean c() {
        State state = this.f12775c;
        return state == State.TOKEN_GENERATED || state == State.FAILED;
    }

    @Override // h.a.a.a.a.s.c
    public void d(b bVar, h.a.a.b.d.g1.d dVar) throws n {
        h.a.a.b.k.a.p(bVar, "AuthChallenge");
        if (bVar.d() == null) {
            throw new n("Missing auth challenge");
        }
        String d2 = bVar.d();
        this.f12777e = d2;
        if (this.f12775c == State.UNINITIATED) {
            this.f12778f = Base64.decodeBase64(d2.getBytes());
            this.f12775c = State.CHALLENGE_RECEIVED;
        } else {
            f12772g.A("Authentication already attempted");
            this.f12775c = State.FAILED;
        }
    }

    @Override // h.a.a.a.a.s.c
    public Principal e() {
        return null;
    }

    @Override // h.a.a.a.a.s.c
    public String f() {
        return null;
    }

    public GSSContext h(GSSManager gSSManager, Oid oid, GSSName gSSName, GSSCredential gSSCredential) throws GSSException {
        GSSContext createContext = gSSManager.createContext(gSSName.canonicalize(oid), oid, gSSCredential, 0);
        createContext.requestMutualAuth(true);
        if (this.f12773a.d() != KerberosConfig.Option.DEFAULT) {
            createContext.requestCredDeleg(this.f12773a.d() == KerberosConfig.Option.ENABLE);
        }
        return createContext;
    }

    public byte[] i(byte[] bArr, Oid oid, String str, String str2) throws GSSException {
        GSSManager k = k();
        GSSContext h2 = h(k, oid, k.createName(str + "@" + str2, GSSName.NT_HOSTBASED_SERVICE), this.f12776d);
        return bArr != null ? h2.initSecContext(bArr, 0, bArr.length) : h2.initSecContext(new byte[0], 0, 0);
    }

    public abstract byte[] j(byte[] bArr, String str, String str2) throws GSSException;

    public GSSManager k() {
        return GSSManager.getInstance();
    }

    public String toString() {
        return getName() + "{" + this.f12775c + " " + this.f12777e + f.f12447b;
    }
}
