package org.apache.hc.client5.http.impl.auth;

import a.a.a.i.f;
import b.a.a.a.a.g;
import b.a.a.a.a.i.c;
import b.a.a.a.a.i.e;
import b.a.a.a.a.i.h;
import b.a.a.b.c.a0.d;
import b.a.a.b.c.n;
import b.b.b;
import com.facebook.internal.security.CertificateUtil;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.Principal;
import java.util.Locale;
import java.util.Objects;
import org.apache.commons.codec.binary.Base64;
import org.apache.hc.client5.http.auth.AuthenticationException;
import org.apache.hc.client5.http.auth.InvalidCredentialsException;
import org.apache.hc.client5.http.auth.KerberosConfig;
import org.apache.hc.client5.http.auth.KerberosCredentials;
import org.apache.hc.client5.http.auth.MalformedChallengeException;
import org.apache.hc.core5.http.HttpHost;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: classes2.dex */
public abstract class GGSSchemeBase implements c {

    /* renamed from: a, reason: collision with root package name */
    public final b f887a = b.b.c.a(getClass());

    /* renamed from: b, reason: collision with root package name */
    public final KerberosConfig f888b;
    public final b.a.a.a.a.c c;
    public State d;
    public GSSCredential e;
    public String f;
    public byte[] g;

    /* loaded from: classes2.dex */
    public enum State {
        UNINITIATED,
        CHALLENGE_RECEIVED,
        TOKEN_GENERATED,
        FAILED
    }

    public GGSSchemeBase(KerberosConfig kerberosConfig, b.a.a.a.a.c cVar) {
        this.f888b = kerberosConfig == null ? KerberosConfig.d : kerberosConfig;
        this.c = cVar == null ? g.f153a : cVar;
        this.d = State.UNINITIATED;
    }

    @Override // b.a.a.a.a.i.c
    public String a(HttpHost httpHost, n nVar, d dVar) {
        f.a(httpHost, "HTTP host");
        f.a(nVar, "HTTP request");
        int ordinal = this.d.ordinal();
        if (ordinal == 0) {
            throw new AuthenticationException(getName() + " authentication has not been initiated");
        }
        if (ordinal == 1) {
            try {
                String str = httpHost.f905a;
                if (this.f888b.f873b != KerberosConfig.Option.DISABLE) {
                    try {
                        b.a.a.a.a.c cVar = this.c;
                        String str2 = httpHost.f905a;
                        Objects.requireNonNull((g) cVar);
                        if (str2 == null) {
                            str = null;
                        } else {
                            InetAddress byName = InetAddress.getByName(str2);
                            String canonicalHostName = byName.getCanonicalHostName();
                            str = byName.getHostAddress().contentEquals(canonicalHostName) ? str2 : canonicalHostName;
                        }
                    } catch (UnknownHostException unused) {
                    }
                }
                if (this.f888b.f872a == KerberosConfig.Option.DISABLE) {
                    str = str + CertificateUtil.DELIMITER + httpHost.c;
                }
                String upperCase = httpHost.d.toUpperCase(Locale.ROOT);
                if (this.f887a.c()) {
                    this.f887a.c("init " + str);
                }
                this.g = a(this.g, upperCase, str);
                this.d = State.TOKEN_GENERATED;
            } catch (GSSException e) {
                this.d = State.FAILED;
                if (e.getMajor() == 9 || e.getMajor() == 8) {
                    throw new InvalidCredentialsException(e.getMessage(), e);
                }
                if (e.getMajor() == 13) {
                    throw new InvalidCredentialsException(e.getMessage(), e);
                }
                if (e.getMajor() == 10 || e.getMajor() == 19 || e.getMajor() == 20) {
                    throw new AuthenticationException(e.getMessage(), e);
                }
                throw new AuthenticationException(e.getMessage());
            }
        } else if (ordinal != 2) {
            if (ordinal != 3) {
                throw new IllegalStateException("Illegal state: " + this.d);
            }
            throw new AuthenticationException(getName() + " authentication has failed");
        }
        String str3 = new String(new Base64(0).encode(this.g));
        if (this.f887a.c()) {
            this.f887a.c("Sending response '" + str3 + "' back to the auth server");
        }
        return "Negotiate " + str3;
    }

    @Override // b.a.a.a.a.i.c
    public Principal a() {
        return null;
    }

    public GSSContext a(GSSManager gSSManager, Oid oid, GSSName gSSName, GSSCredential gSSCredential) {
        GSSContext createContext = gSSManager.createContext(gSSName.canonicalize(oid), oid, gSSCredential, 0);
        createContext.requestMutualAuth(true);
        KerberosConfig.Option option = this.f888b.c;
        if (option != KerberosConfig.Option.DEFAULT) {
            createContext.requestCredDeleg(option == KerberosConfig.Option.ENABLE);
        }
        return createContext;
    }

    @Override // b.a.a.a.a.i.c
    public void a(b.a.a.a.a.i.b bVar, d dVar) {
        f.a(bVar, "AuthChallenge");
        String str = bVar.f155b;
        if (str == null) {
            throw new MalformedChallengeException("Missing auth challenge");
        }
        this.f = str;
        if (this.d == State.UNINITIATED) {
            this.g = Base64.decodeBase64(str.getBytes());
            this.d = State.CHALLENGE_RECEIVED;
        } else {
            this.f887a.c("Authentication already attempted");
            this.d = State.FAILED;
        }
    }

    @Override // b.a.a.a.a.i.c
    public boolean a(HttpHost httpHost, h hVar, d dVar) {
        f.a(httpHost, "Auth host");
        f.a(hVar, "CredentialsProvider");
        b.a.a.a.a.i.g a2 = hVar.a(new e(httpHost, null, getName()), dVar);
        if (!(a2 instanceof KerberosCredentials)) {
            this.e = null;
            return true;
        }
        Objects.requireNonNull((KerberosCredentials) a2);
        this.e = null;
        return true;
    }

    public abstract byte[] a(byte[] bArr, String str, String str2);

    public byte[] a(byte[] bArr, Oid oid, String str, String str2) {
        GSSManager d = d();
        GSSContext a2 = a(d, oid, d.createName(str + "@" + str2, GSSName.NT_HOSTBASED_SERVICE), this.e);
        return bArr != null ? a2.initSecContext(bArr, 0, bArr.length) : a2.initSecContext(new byte[0], 0, 0);
    }

    @Override // b.a.a.a.a.i.c
    public boolean b() {
        State state = this.d;
        return state == State.TOKEN_GENERATED || state == State.FAILED;
    }

    public GSSManager d() {
        return GSSManager.getInstance();
    }

    public String toString() {
        return getName() + "{" + this.d + " " + this.f + '}';
    }
}
