package org.apache.hc.client5.http.impl.auth;

import com.facebook.internal.security.CertificateUtil;
import java.net.UnknownHostException;
import java.security.Principal;
import java.util.Locale;
import org.apache.commons.codec.binary.Base64;
import org.apache.hc.client5.http.DnsResolver;
import org.apache.hc.client5.http.SystemDefaultDnsResolver;
import org.apache.hc.client5.http.auth.AuthChallenge;
import org.apache.hc.client5.http.auth.AuthScheme;
import org.apache.hc.client5.http.auth.AuthScope;
import org.apache.hc.client5.http.auth.AuthenticationException;
import org.apache.hc.client5.http.auth.Credentials;
import org.apache.hc.client5.http.auth.CredentialsProvider;
import org.apache.hc.client5.http.auth.InvalidCredentialsException;
import org.apache.hc.client5.http.auth.KerberosConfig;
import org.apache.hc.client5.http.auth.KerberosCredentials;
import org.apache.hc.client5.http.auth.MalformedChallengeException;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.HttpRequest;
import org.apache.hc.core5.http.protocol.HttpContext;
import org.apache.hc.core5.util.Args;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes4.dex */
public abstract class GGSSchemeBase implements AuthScheme {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) GGSSchemeBase.class);
    private String challenge;
    private final KerberosConfig config;
    private final DnsResolver dnsResolver;
    private GSSCredential gssCredential;
    private State state;
    private byte[] token;

    /* renamed from: org.apache.hc.client5.http.impl.auth.GGSSchemeBase$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$hc$client5$http$impl$auth$GGSSchemeBase$State;

        static {
            int[] iArr = new int[State.values().length];
            $SwitchMap$org$apache$hc$client5$http$impl$auth$GGSSchemeBase$State = iArr;
            try {
                iArr[State.UNINITIATED.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$apache$hc$client5$http$impl$auth$GGSSchemeBase$State[State.FAILED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$apache$hc$client5$http$impl$auth$GGSSchemeBase$State[State.CHALLENGE_RECEIVED.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$org$apache$hc$client5$http$impl$auth$GGSSchemeBase$State[State.TOKEN_GENERATED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    /* loaded from: classes4.dex */
    enum State {
        UNINITIATED,
        CHALLENGE_RECEIVED,
        TOKEN_GENERATED,
        FAILED
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GGSSchemeBase() {
        this(KerberosConfig.DEFAULT, SystemDefaultDnsResolver.INSTANCE);
    }

    GGSSchemeBase(KerberosConfig kerberosConfig) {
        this(kerberosConfig, SystemDefaultDnsResolver.INSTANCE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GGSSchemeBase(KerberosConfig kerberosConfig, DnsResolver dnsResolver) {
        this.config = kerberosConfig == null ? KerberosConfig.DEFAULT : kerberosConfig;
        this.dnsResolver = dnsResolver == null ? SystemDefaultDnsResolver.INSTANCE : dnsResolver;
        this.state = State.UNINITIATED;
    }

    protected GSSContext createGSSContext(GSSManager gSSManager, Oid oid, GSSName gSSName, GSSCredential gSSCredential) throws GSSException {
        GSSContext createContext = gSSManager.createContext(gSSName.canonicalize(oid), oid, gSSCredential, 0);
        createContext.requestMutualAuth(true);
        if (this.config.getRequestDelegCreds() != KerberosConfig.Option.DEFAULT) {
            createContext.requestCredDeleg(this.config.getRequestDelegCreds() == KerberosConfig.Option.ENABLE);
        }
        return createContext;
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public String generateAuthResponse(HttpHost httpHost, HttpRequest httpRequest, HttpContext httpContext) throws AuthenticationException {
        Args.notNull(httpHost, "HTTP host");
        Args.notNull(httpRequest, "HTTP request");
        int i = AnonymousClass1.$SwitchMap$org$apache$hc$client5$http$impl$auth$GGSSchemeBase$State[this.state.ordinal()];
        if (i == 1) {
            throw new AuthenticationException(getName() + " authentication has not been initiated");
        }
        if (i == 2) {
            throw new AuthenticationException(getName() + " authentication has failed");
        }
        if (i == 3) {
            try {
                String hostName = httpHost.getHostName();
                if (this.config.getUseCanonicalHostname() != KerberosConfig.Option.DISABLE) {
                    try {
                        hostName = this.dnsResolver.resolveCanonicalHostname(httpHost.getHostName());
                    } catch (UnknownHostException unused) {
                    }
                }
                if (this.config.getStripPort() == KerberosConfig.Option.DISABLE) {
                    hostName = hostName + CertificateUtil.DELIMITER + httpHost.getPort();
                }
                String upperCase = httpHost.getSchemeName().toUpperCase(Locale.ROOT);
                Logger logger = LOG;
                if (logger.isDebugEnabled()) {
                    logger.debug("init {}", hostName);
                }
                this.token = generateToken(this.token, upperCase, hostName);
                this.state = State.TOKEN_GENERATED;
            } catch (GSSException e) {
                this.state = State.FAILED;
                if (e.getMajor() == 9 || e.getMajor() == 8) {
                    throw new InvalidCredentialsException(e.getMessage(), e);
                }
                if (e.getMajor() == 13) {
                    throw new InvalidCredentialsException(e.getMessage(), e);
                }
                if (e.getMajor() == 10 || e.getMajor() == 19 || e.getMajor() == 20) {
                    throw new AuthenticationException(e.getMessage(), e);
                }
                throw new AuthenticationException(e.getMessage());
            }
        } else if (i != 4) {
            throw new IllegalStateException("Illegal state: " + this.state);
        }
        String str = new String(new Base64(0).encode(this.token));
        Logger logger2 = LOG;
        if (logger2.isDebugEnabled()) {
            logger2.debug("Sending response '{}' back to the auth server", str);
        }
        return "Negotiate " + str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] generateGSSToken(byte[] bArr, Oid oid, String str, String str2) throws GSSException {
        GSSManager manager = getManager();
        GSSContext createGSSContext = createGSSContext(manager, oid, manager.createName(str + "@" + str2, GSSName.NT_HOSTBASED_SERVICE), this.gssCredential);
        return bArr != null ? createGSSContext.initSecContext(bArr, 0, bArr.length) : createGSSContext.initSecContext(new byte[0], 0, 0);
    }

    protected abstract byte[] generateToken(byte[] bArr, String str, String str2) throws GSSException;

    protected GSSManager getManager() {
        return GSSManager.getInstance();
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public Principal getPrincipal() {
        return null;
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public String getRealm() {
        return null;
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public boolean isChallengeComplete() {
        return this.state == State.TOKEN_GENERATED || this.state == State.FAILED;
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public boolean isResponseReady(HttpHost httpHost, CredentialsProvider credentialsProvider, HttpContext httpContext) throws AuthenticationException {
        Args.notNull(httpHost, "Auth host");
        Args.notNull(credentialsProvider, "CredentialsProvider");
        Credentials credentials = credentialsProvider.getCredentials(new AuthScope(httpHost, null, getName()), httpContext);
        if (credentials instanceof KerberosCredentials) {
            this.gssCredential = ((KerberosCredentials) credentials).getGSSCredential();
            return true;
        }
        this.gssCredential = null;
        return true;
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public void processChallenge(AuthChallenge authChallenge, HttpContext httpContext) throws MalformedChallengeException {
        Args.notNull(authChallenge, "AuthChallenge");
        if (authChallenge.getValue() == null) {
            throw new MalformedChallengeException("Missing auth challenge");
        }
        this.challenge = authChallenge.getValue();
        if (this.state == State.UNINITIATED) {
            this.token = Base64.decodeBase64(this.challenge.getBytes());
            this.state = State.CHALLENGE_RECEIVED;
        } else {
            LOG.debug("Authentication already attempted");
            this.state = State.FAILED;
        }
    }

    public String toString() {
        return getName() + "{" + this.state + " " + this.challenge + '}';
    }
}
