package org.apache.http.impl.auth;

import com.facebook.internal.security.CertificateUtil;
import com.google.common.net.HttpHeaders;
import java.net.InetAddress;
import java.net.UnknownHostException;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.InvalidCredentialsException;
import org.apache.http.auth.KerberosCredentials;
import org.apache.http.auth.MalformedChallengeException;
import org.apache.http.message.BufferedHeader;
import org.apache.http.util.CharArrayBuffer;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import s.a.a.b.h;
import s.a.b.b0.q.b;
import s.a.b.d;
import s.a.b.j0.e;
import s.a.b.n;
import s.a.b.x.i;

/* loaded from: classes.dex */
public abstract class GGSSchemeBase extends s.a.b.e0.g.a {

    /* renamed from: c, reason: collision with root package name */
    public final boolean f19461c;

    /* renamed from: d, reason: collision with root package name */
    public final boolean f19462d;

    /* renamed from: f, reason: collision with root package name */
    public byte[] f19464f;
    public final s.a.a.b.a a = h.n(getClass());
    public final s.a.a.a.b.a b = new s.a.a.a.b.a(0);

    /* renamed from: e, reason: collision with root package name */
    public State f19463e = State.UNINITIATED;

    /* loaded from: classes6.dex */
    public enum State {
        UNINITIATED,
        CHALLENGE_RECEIVED,
        TOKEN_GENERATED,
        FAILED
    }

    /* loaded from: classes.dex */
    public static /* synthetic */ class a {
        public static final /* synthetic */ int[] a;

        static {
            int[] iArr = new int[State.values().length];
            a = iArr;
            try {
                iArr[State.UNINITIATED.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                a[State.FAILED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                a[State.CHALLENGE_RECEIVED.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                a[State.TOKEN_GENERATED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    public GGSSchemeBase(boolean z, boolean z2) {
        this.f19461c = z;
        this.f19462d = z2;
    }

    public GSSContext a(GSSManager gSSManager, Oid oid, GSSName gSSName, GSSCredential gSSCredential) throws GSSException {
        GSSContext createContext = gSSManager.createContext(gSSName.canonicalize(oid), oid, gSSCredential, 0);
        createContext.requestMutualAuth(true);
        return createContext;
    }

    @Override // s.a.b.x.b
    @Deprecated
    public d authenticate(i iVar, n nVar) throws AuthenticationException {
        return authenticate(iVar, nVar, null);
    }

    @Override // s.a.b.e0.g.a, s.a.b.x.h
    public d authenticate(i iVar, n nVar, e eVar) throws AuthenticationException {
        HttpHost h2;
        s.a.b.l0.a.i(nVar, "HTTP request");
        int i2 = a.a[this.f19463e.ordinal()];
        if (i2 == 1) {
            throw new AuthenticationException(getSchemeName() + " authentication has not been initiated");
        }
        if (i2 == 2) {
            throw new AuthenticationException(getSchemeName() + " authentication has failed");
        }
        if (i2 == 3) {
            try {
                b bVar = (b) eVar.getAttribute("http.route");
                if (bVar == null) {
                    throw new AuthenticationException("Connection route is not available");
                }
                if (isProxy()) {
                    h2 = bVar.e();
                    if (h2 == null) {
                        h2 = bVar.h();
                    }
                } else {
                    h2 = bVar.h();
                }
                String hostName = h2.getHostName();
                if (this.f19462d) {
                    try {
                        hostName = e(hostName);
                    } catch (UnknownHostException unused) {
                    }
                }
                if (!this.f19461c) {
                    hostName = hostName + CertificateUtil.DELIMITER + h2.getPort();
                }
                if (this.a.isDebugEnabled()) {
                    this.a.debug("init " + hostName);
                }
                this.f19464f = c(this.f19464f, hostName, iVar);
                this.f19463e = State.TOKEN_GENERATED;
            } catch (GSSException e2) {
                this.f19463e = State.FAILED;
                if (e2.getMajor() == 9 || e2.getMajor() == 8) {
                    throw new InvalidCredentialsException(e2.getMessage(), e2);
                }
                if (e2.getMajor() == 13) {
                    throw new InvalidCredentialsException(e2.getMessage(), e2);
                }
                if (e2.getMajor() == 10 || e2.getMajor() == 19 || e2.getMajor() == 20) {
                    throw new AuthenticationException(e2.getMessage(), e2);
                }
                throw new AuthenticationException(e2.getMessage());
            }
        } else if (i2 != 4) {
            throw new IllegalStateException("Illegal state: " + this.f19463e);
        }
        String str = new String(this.b.f(this.f19464f));
        if (this.a.isDebugEnabled()) {
            this.a.debug("Sending response '" + str + "' back to the auth server");
        }
        CharArrayBuffer charArrayBuffer = new CharArrayBuffer(32);
        if (isProxy()) {
            charArrayBuffer.append(HttpHeaders.PROXY_AUTHORIZATION);
        } else {
            charArrayBuffer.append("Authorization");
        }
        charArrayBuffer.append(": Negotiate ");
        charArrayBuffer.append(str);
        return new BufferedHeader(charArrayBuffer);
    }

    public byte[] b(byte[] bArr, Oid oid, String str, i iVar) throws GSSException {
        GSSManager d2 = d();
        GSSContext a2 = a(d2, oid, d2.createName("HTTP@" + str, GSSName.NT_HOSTBASED_SERVICE), iVar instanceof KerberosCredentials ? ((KerberosCredentials) iVar).getGSSCredential() : null);
        return bArr != null ? a2.initSecContext(bArr, 0, bArr.length) : a2.initSecContext(new byte[0], 0, 0);
    }

    public abstract byte[] c(byte[] bArr, String str, i iVar) throws GSSException;

    public GSSManager d() {
        return GSSManager.getInstance();
    }

    public final String e(String str) throws UnknownHostException {
        InetAddress byName = InetAddress.getByName(str);
        String canonicalHostName = byName.getCanonicalHostName();
        return byName.getHostAddress().contentEquals(canonicalHostName) ? str : canonicalHostName;
    }

    @Override // s.a.b.x.b
    public boolean isComplete() {
        State state = this.f19463e;
        return state == State.TOKEN_GENERATED || state == State.FAILED;
    }

    @Override // s.a.b.e0.g.a
    public void parseChallenge(CharArrayBuffer charArrayBuffer, int i2, int i3) throws MalformedChallengeException {
        String substringTrimmed = charArrayBuffer.substringTrimmed(i2, i3);
        if (this.a.isDebugEnabled()) {
            this.a.debug("Received challenge '" + substringTrimmed + "' from the auth server");
        }
        if (this.f19463e == State.UNINITIATED) {
            this.f19464f = s.a.a.a.b.a.n(substringTrimmed.getBytes());
            this.f19463e = State.CHALLENGE_RECEIVED;
        } else {
            this.a.debug("Authentication already attempted");
            this.f19463e = State.FAILED;
        }
    }
}
