package tt;

import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.Message;
import net.schmizz.sshj.userauth.UserAuthException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;

/* loaded from: classes4.dex */
public class hu extends h3 {
    private final LoginContext d;
    private final List e;
    private final GSSManager f;
    private GSSContext g;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public class a implements PrivilegedExceptionAction<GSSContext> {
        private final Oid a;

        public a(Oid oid) {
            this.a = oid;
        }

        @Override // java.security.PrivilegedExceptionAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public GSSContext run() {
            GSSContext createContext = hu.this.f.createContext(hu.this.f.createName("host@" + hu.this.c.c().y(), GSSName.NT_HOSTBASED_SERVICE), this.a, hu.this.f.createCredential(1), 0);
            createContext.requestMutualAuth(true);
            createContext.requestInteg(true);
            return createContext;
        }
    }

    private byte[] p() {
        byte[] f = ((Buffer.a) ((Buffer.a) ((Buffer.a) ((Buffer.a) ((Buffer.a) new Buffer.a().v(this.c.c().getSessionID())).k(Message.USERAUTH_REQUEST.toByte())).t(this.c.getUsername())).t(this.c.d())).t(getName())).f();
        try {
            return this.g.getMIC(f, 0, f.length, (MessageProp) null);
        } catch (GSSException e) {
            throw new UserAuthException("Exception getting message integrity code", (Throwable) e);
        }
    }

    private void q(net.schmizz.sshj.common.c cVar) {
        try {
            try {
                Oid oid = new Oid(cVar.E());
                this.a.debug("Server selected OID: {}", oid.toString());
                this.a.debug("Initializing GSSAPI context");
                try {
                    this.g = (GSSContext) Subject.doAs(this.d.getSubject(), new a(oid));
                    this.a.debug("Sending initial token");
                    try {
                        w(this.g.initSecContext(new byte[0], 0, 0));
                    } catch (GSSException e) {
                        throw new UserAuthException("Exception sending initial token", (Throwable) e);
                    }
                } catch (PrivilegedActionException e2) {
                    throw new UserAuthException("Exception during context initialization", e2);
                }
            } catch (GSSException e3) {
                throw new UserAuthException("Exception constructing OID from server response", (Throwable) e3);
            }
        } catch (Buffer.BufferException e4) {
            throw new UserAuthException("Failed to read byte array from message buffer", e4);
        }
    }

    private byte[] r(net.schmizz.sshj.common.c cVar) {
        try {
            byte[] L = cVar.L();
            try {
                return this.g.initSecContext(L, 0, L.length);
            } catch (GSSException e) {
                throw new UserAuthException("Exception during token exchange", (Throwable) e);
            }
        } catch (Buffer.BufferException e2) {
            throw new UserAuthException("Failed to read string from message buffer", e2);
        }
    }

    private void w(byte[] bArr) {
        this.c.c().D((net.schmizz.sshj.common.c) new net.schmizz.sshj.common.c(Message.USERAUTH_INFO_RESPONSE).v(bArr));
    }

    @Override // tt.h3
    public net.schmizz.sshj.common.c c() {
        net.schmizz.sshj.common.c cVar = (net.schmizz.sshj.common.c) super.c().x(this.e.size());
        for (Oid oid : this.e) {
            try {
                cVar.v(oid.getDER());
            } catch (GSSException e) {
                throw new UserAuthException("Mechanism OID could not be encoded: " + oid.toString(), (Throwable) e);
            }
        }
        return cVar;
    }

    @Override // tt.h3, tt.x19
    public void o(Message message, net.schmizz.sshj.common.c cVar) {
        if (message == Message.USERAUTH_60) {
            q(cVar);
            return;
        }
        if (message != Message.USERAUTH_INFO_RESPONSE) {
            super.o(message, cVar);
            return;
        }
        byte[] r = r(cVar);
        if (!this.g.isEstablished()) {
            this.a.debug("Sending token");
            w(r);
        } else if (this.g.getIntegState()) {
            this.a.debug("Per-message integrity protection available: finalizing authentication with message integrity code");
            this.c.c().D((net.schmizz.sshj.common.c) new net.schmizz.sshj.common.c(Message.USERAUTH_GSSAPI_MIC).v(p()));
        } else {
            this.a.debug("Per-message integrity protection unavailable: finalizing authentication");
            this.c.c().D(new net.schmizz.sshj.common.c(Message.USERAUTH_GSSAPI_EXCHANGE_COMPLETE));
        }
    }
}
