package org.apache.hc.client5.http.impl.auth;

import b0.n;
import com.facebook.internal.security.CertificateUtil;
import f.f;
import i.d;
import i.g;
import j.c;
import j.e;
import j.h;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.Principal;
import java.util.Locale;
import o0.b;
import org.apache.commons.codec.binary.Base64;
import org.apache.hc.client5.http.auth.AuthenticationException;
import org.apache.hc.client5.http.auth.InvalidCredentialsException;
import org.apache.hc.client5.http.auth.KerberosConfig;
import org.apache.hc.client5.http.auth.KerberosCredentials;
import org.apache.hc.client5.http.auth.MalformedChallengeException;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.util.a;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: classes2.dex */
public abstract class GGSSchemeBase implements c {

    /* renamed from: a, reason: collision with root package name */
    public final b f2023a = o0.c.a(getClass());

    /* renamed from: b, reason: collision with root package name */
    public final KerberosConfig f2024b;

    /* renamed from: c, reason: collision with root package name */
    public final d f2025c;

    /* renamed from: d, reason: collision with root package name */
    public State f2026d;

    /* renamed from: e, reason: collision with root package name */
    public String f2027e;

    /* renamed from: f, reason: collision with root package name */
    public byte[] f2028f;

    /* loaded from: classes2.dex */
    public enum State {
        UNINITIATED,
        CHALLENGE_RECEIVED,
        TOKEN_GENERATED,
        FAILED
    }

    public GGSSchemeBase(KerberosConfig kerberosConfig, d dVar) {
        this.f2024b = kerberosConfig == null ? KerberosConfig.f1987d : kerberosConfig;
        this.f2025c = dVar == null ? g.f1848a : dVar;
        this.f2026d = State.UNINITIATED;
    }

    @Override // j.c
    public String a(HttpHost httpHost, n nVar, org.apache.hc.core5.http.protocol.c cVar) {
        a.a(httpHost, "HTTP host");
        a.a(nVar, "HTTP request");
        int ordinal = this.f2026d.ordinal();
        if (ordinal == 0) {
            throw new AuthenticationException(getName() + " authentication has not been initiated");
        }
        if (ordinal == 1) {
            try {
                String str = httpHost.f2130a;
                if (this.f2024b.f1989b != KerberosConfig.Option.DISABLE) {
                    try {
                        ((g) this.f2025c).getClass();
                        if (str == null) {
                            str = null;
                        } else {
                            InetAddress byName = InetAddress.getByName(str);
                            String canonicalHostName = byName.getCanonicalHostName();
                            if (!byName.getHostAddress().contentEquals(canonicalHostName)) {
                                str = canonicalHostName;
                            }
                        }
                    } catch (UnknownHostException unused) {
                    }
                }
                if (this.f2024b.f1988a == KerberosConfig.Option.DISABLE) {
                    str = str + CertificateUtil.DELIMITER + httpHost.f2132c;
                }
                String upperCase = httpHost.f2133d.toUpperCase(Locale.ROOT);
                if (this.f2023a.c()) {
                    this.f2023a.c("init " + str);
                }
                this.f2028f = a(this.f2028f, upperCase, str);
                this.f2026d = State.TOKEN_GENERATED;
            } catch (GSSException e2) {
                this.f2026d = State.FAILED;
                if (e2.getMajor() == 9 || e2.getMajor() == 8) {
                    throw new InvalidCredentialsException(e2.getMessage(), e2);
                }
                if (e2.getMajor() == 13) {
                    throw new InvalidCredentialsException(e2.getMessage(), e2);
                }
                if (e2.getMajor() == 10 || e2.getMajor() == 19 || e2.getMajor() == 20) {
                    throw new AuthenticationException(e2.getMessage(), e2);
                }
                throw new AuthenticationException(e2.getMessage());
            }
        } else if (ordinal != 2) {
            if (ordinal != 3) {
                StringBuilder a2 = a.b.a("Illegal state: ");
                a2.append(this.f2026d);
                throw new IllegalStateException(a2.toString());
            }
            throw new AuthenticationException(getName() + " authentication has failed");
        }
        String str2 = new String(new Base64(0).encode(this.f2028f));
        if (this.f2023a.c()) {
            this.f2023a.c("Sending response '" + str2 + "' back to the auth server");
        }
        return f.a("Negotiate ", str2);
    }

    @Override // j.c
    public Principal a() {
        return null;
    }

    public GSSContext a(GSSManager gSSManager, Oid oid, GSSName gSSName, GSSCredential gSSCredential) {
        GSSContext createContext = gSSManager.createContext(gSSName.canonicalize(oid), oid, (GSSCredential) null, 0);
        createContext.requestMutualAuth(true);
        KerberosConfig.Option option = this.f2024b.f1990c;
        if (option != KerberosConfig.Option.DEFAULT) {
            createContext.requestCredDeleg(option == KerberosConfig.Option.ENABLE);
        }
        return createContext;
    }

    @Override // j.c
    public void a(j.b bVar, org.apache.hc.core5.http.protocol.c cVar) {
        a.a(bVar, "AuthChallenge");
        String str = bVar.f1850b;
        if (str == null) {
            throw new MalformedChallengeException("Missing auth challenge");
        }
        this.f2027e = str;
        if (this.f2026d == State.UNINITIATED) {
            this.f2028f = Base64.decodeBase64(str.getBytes());
            this.f2026d = State.CHALLENGE_RECEIVED;
        } else {
            this.f2023a.c("Authentication already attempted");
            this.f2026d = State.FAILED;
        }
    }

    @Override // j.c
    public boolean a(HttpHost httpHost, h hVar, org.apache.hc.core5.http.protocol.c cVar) {
        a.a(httpHost, "Auth host");
        j.g a2 = hVar.a(new e(httpHost, null, getName()), cVar);
        if (!(a2 instanceof KerberosCredentials)) {
            return true;
        }
        ((KerberosCredentials) a2).getClass();
        return true;
    }

    public abstract byte[] a(byte[] bArr, String str, String str2);

    public byte[] a(byte[] bArr, Oid oid, String str, String str2) {
        GSSManager d2 = d();
        GSSContext a2 = a(d2, oid, d2.createName(str + "@" + str2, GSSName.NT_HOSTBASED_SERVICE), (GSSCredential) null);
        return bArr != null ? a2.initSecContext(bArr, 0, bArr.length) : a2.initSecContext(new byte[0], 0, 0);
    }

    @Override // j.c
    public boolean b() {
        State state = this.f2026d;
        return state == State.TOKEN_GENERATED || state == State.FAILED;
    }

    public GSSManager d() {
        return GSSManager.getInstance();
    }

    public String toString() {
        return getName() + "{" + this.f2026d + " " + this.f2027e + '}';
    }
}
