package org.apache.hc.client5.http.impl.auth;

import defpackage.C0597Gd;
import defpackage.C2452bV1;
import defpackage.C2689ca2;
import defpackage.C3467gV1;
import defpackage.C3665hV1;
import defpackage.C3863iV1;
import defpackage.C4465lY1;
import defpackage.C6015tN1;
import defpackage.C7026yU1;
import defpackage.InterfaceC2350b02;
import defpackage.InterfaceC2468ba2;
import defpackage.InterfaceC2874dV1;
import defpackage.InterfaceC3071eV1;
import defpackage.InterfaceC4861nY1;
import defpackage.LU1;
import defpackage.RU1;
import defpackage.WU1;
import defpackage.XU1;
import defpackage.ZU1;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.Principal;
import java.util.Locale;
import org.apache.hc.client5.http.auth.KerberosConfig;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: classes2.dex */
public abstract class GGSSchemeBase implements XU1 {
    public final InterfaceC2468ba2 G = C2689ca2.e(getClass());
    public final KerberosConfig H;
    public final LU1 I;
    public State J;
    public GSSCredential K;
    public String L;
    public byte[] M;

    /* loaded from: classes2.dex */
    public enum State {
        UNINITIATED,
        CHALLENGE_RECEIVED,
        TOKEN_GENERATED,
        FAILED
    }

    public GGSSchemeBase(KerberosConfig kerberosConfig, LU1 lu1) {
        this.H = kerberosConfig == null ? KerberosConfig.J : kerberosConfig;
        this.I = lu1 == null ? RU1.a : lu1;
        this.J = State.UNINITIATED;
    }

    @Override // defpackage.XU1
    public boolean a(C4465lY1 c4465lY1, InterfaceC3071eV1 interfaceC3071eV1, InterfaceC2350b02 interfaceC2350b02) {
        C6015tN1.E1(c4465lY1, "Auth host");
        C6015tN1.E1(interfaceC3071eV1, "CredentialsProvider");
        InterfaceC2874dV1 b = interfaceC3071eV1.b(new ZU1(c4465lY1, null, getName()), interfaceC2350b02);
        if (!(b instanceof C3665hV1)) {
            this.K = null;
            return true;
        }
        if (((C3665hV1) b) == null) {
            throw null;
        }
        this.K = null;
        return true;
    }

    @Override // defpackage.XU1
    public String b(C4465lY1 c4465lY1, InterfaceC4861nY1 interfaceC4861nY1, InterfaceC2350b02 interfaceC2350b02) {
        C6015tN1.E1(c4465lY1, "HTTP host");
        C6015tN1.E1(interfaceC4861nY1, "HTTP request");
        int ordinal = this.J.ordinal();
        if (ordinal == 0) {
            throw new C2452bV1(getName() + " authentication has not been initiated");
        }
        if (ordinal == 1) {
            try {
                String str = c4465lY1.G;
                if (this.H.H != KerberosConfig.Option.DISABLE) {
                    try {
                        LU1 lu1 = this.I;
                        String str2 = c4465lY1.G;
                        String str3 = null;
                        if (((RU1) lu1) == null) {
                            throw null;
                        }
                        if (str2 != null) {
                            InetAddress byName = InetAddress.getByName(str2);
                            str3 = byName.getCanonicalHostName();
                            if (byName.getHostAddress().contentEquals(str3)) {
                                str = str2;
                            }
                        }
                        str = str3;
                    } catch (UnknownHostException unused) {
                    }
                }
                if (this.H.G == KerberosConfig.Option.DISABLE) {
                    str = str + ":" + c4465lY1.I;
                }
                String upperCase = c4465lY1.J.toUpperCase(Locale.ROOT);
                if (this.G.a()) {
                    this.G.f("init " + str);
                }
                this.M = i(this.M, upperCase, str);
                this.J = State.TOKEN_GENERATED;
            } catch (GSSException e) {
                this.J = State.FAILED;
                if (e.getMajor() == 9 || e.getMajor() == 8) {
                    throw new C3467gV1(e.getMessage(), e);
                }
                if (e.getMajor() == 13) {
                    throw new C3467gV1(e.getMessage(), e);
                }
                if (e.getMajor() == 10 || e.getMajor() == 19 || e.getMajor() == 20) {
                    throw new C2452bV1(e.getMessage(), e);
                }
                throw new C2452bV1(e.getMessage());
            }
        } else if (ordinal != 2) {
            if (ordinal != 3) {
                StringBuilder Q = C0597Gd.Q("Illegal state: ");
                Q.append(this.J);
                throw new IllegalStateException(Q.toString());
            }
            throw new C2452bV1(getName() + " authentication has failed");
        }
        String str4 = new String(new C7026yU1(0).c(this.M));
        if (this.G.a()) {
            this.G.f("Sending response '" + str4 + "' back to the auth server");
        }
        return C0597Gd.D("Negotiate ", str4);
    }

    @Override // defpackage.XU1
    public boolean c() {
        State state = this.J;
        return state == State.TOKEN_GENERATED || state == State.FAILED;
    }

    @Override // defpackage.XU1
    public void d(WU1 wu1, InterfaceC2350b02 interfaceC2350b02) {
        C6015tN1.E1(wu1, "AuthChallenge");
        String str = wu1.b;
        if (str == null) {
            throw new C3863iV1("Missing auth challenge");
        }
        this.L = str;
        if (this.J == State.UNINITIATED) {
            this.M = C7026yU1.f(str.getBytes());
            this.J = State.CHALLENGE_RECEIVED;
        } else {
            this.G.f("Authentication already attempted");
            this.J = State.FAILED;
        }
    }

    @Override // defpackage.XU1
    public Principal e() {
        return null;
    }

    public GSSContext g(GSSManager gSSManager, Oid oid, GSSName gSSName, GSSCredential gSSCredential) {
        GSSContext createContext = gSSManager.createContext(gSSName.canonicalize(oid), oid, gSSCredential, 0);
        createContext.requestMutualAuth(true);
        KerberosConfig.Option option = this.H.I;
        if (option != KerberosConfig.Option.DEFAULT) {
            createContext.requestCredDeleg(option == KerberosConfig.Option.ENABLE);
        }
        return createContext;
    }

    public byte[] h(byte[] bArr, Oid oid, String str, String str2) {
        GSSManager j = j();
        GSSContext g = g(j, oid, j.createName(C0597Gd.E(str, "@", str2), GSSName.NT_HOSTBASED_SERVICE), this.K);
        return bArr != null ? g.initSecContext(bArr, 0, bArr.length) : g.initSecContext(new byte[0], 0, 0);
    }

    public abstract byte[] i(byte[] bArr, String str, String str2);

    public GSSManager j() {
        return GSSManager.getInstance();
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append(getName());
        sb.append("{");
        sb.append(this.J);
        sb.append(" ");
        return C0597Gd.H(sb, this.L, '}');
    }
}
