package org.apache.http.impl.auth;

import java.net.InetAddress;
import java.net.UnknownHostException;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.InvalidCredentialsException;
import org.apache.http.auth.KerberosCredentials;
import org.apache.http.message.BufferedHeader;
import org.apache.http.util.CharArrayBuffer;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: classes2.dex */
public abstract class d extends org.apache.http.impl.auth.a {
    private final boolean h;
    private final boolean i;
    private byte[] k;
    private final org.apache.commons.logging.a f = org.apache.commons.logging.h.n(getClass());
    private final org.apache.commons.codec.b.a g = new org.apache.commons.codec.b.a(0);
    private b j = b.UNINITIATED;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f7805a;

        static {
            int[] iArr = new int[b.values().length];
            f7805a = iArr;
            try {
                iArr[b.UNINITIATED.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f7805a[b.FAILED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f7805a[b.CHALLENGE_RECEIVED.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f7805a[b.TOKEN_GENERATED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public enum b {
        UNINITIATED,
        CHALLENGE_RECEIVED,
        TOKEN_GENERATED,
        FAILED
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public d(boolean z, boolean z2) {
        this.h = z;
        this.i = z2;
    }

    private String o(String str) {
        InetAddress byName = InetAddress.getByName(str);
        String canonicalHostName = byName.getCanonicalHostName();
        return byName.getHostAddress().contentEquals(canonicalHostName) ? str : canonicalHostName;
    }

    @Override // org.apache.http.impl.auth.a, org.apache.http.auth.h
    public org.apache.http.d a(org.apache.http.auth.i iVar, org.apache.http.n nVar, org.apache.http.b0.e eVar) {
        HttpHost f;
        org.apache.http.util.a.i(nVar, "HTTP request");
        int i = a.f7805a[this.j.ordinal()];
        if (i == 1) {
            throw new AuthenticationException(g() + " authentication has not been initiated");
        }
        if (i == 2) {
            throw new AuthenticationException(g() + " authentication has failed");
        }
        if (i == 3) {
            try {
                org.apache.http.conn.routing.b bVar = (org.apache.http.conn.routing.b) eVar.a("http.route");
                if (bVar == null) {
                    throw new AuthenticationException("Connection route is not available");
                }
                if (h()) {
                    f = bVar.i();
                    if (f == null) {
                        f = bVar.f();
                    }
                } else {
                    f = bVar.f();
                }
                String b2 = f.b();
                if (this.i) {
                    try {
                        b2 = o(b2);
                    } catch (UnknownHostException unused) {
                    }
                }
                if (!this.h) {
                    b2 = b2 + ":" + f.c();
                }
                if (this.f.d()) {
                    this.f.a("init " + b2);
                }
                this.k = l(this.k, b2, iVar);
                this.j = b.TOKEN_GENERATED;
            } catch (GSSException e) {
                this.j = b.FAILED;
                if (e.getMajor() == 9 || e.getMajor() == 8) {
                    throw new InvalidCredentialsException(e.getMessage(), e);
                }
                if (e.getMajor() == 13) {
                    throw new InvalidCredentialsException(e.getMessage(), e);
                }
                if (e.getMajor() == 10 || e.getMajor() == 19 || e.getMajor() == 20) {
                    throw new AuthenticationException(e.getMessage(), e);
                }
                throw new AuthenticationException(e.getMessage());
            }
        } else if (i != 4) {
            throw new IllegalStateException("Illegal state: " + this.j);
        }
        String str = new String(this.g.f(this.k));
        if (this.f.d()) {
            this.f.a("Sending response '" + str + "' back to the auth server");
        }
        CharArrayBuffer charArrayBuffer = new CharArrayBuffer(32);
        if (h()) {
            charArrayBuffer.b("Proxy-Authorization");
        } else {
            charArrayBuffer.b("Authorization");
        }
        charArrayBuffer.b(": Negotiate ");
        charArrayBuffer.b(str);
        return new BufferedHeader(charArrayBuffer);
    }

    @Override // org.apache.http.auth.b
    public boolean b() {
        b bVar = this.j;
        return bVar == b.TOKEN_GENERATED || bVar == b.FAILED;
    }

    @Override // org.apache.http.auth.b
    @Deprecated
    public org.apache.http.d d(org.apache.http.auth.i iVar, org.apache.http.n nVar) {
        return a(iVar, nVar, null);
    }

    @Override // org.apache.http.impl.auth.a
    protected void i(CharArrayBuffer charArrayBuffer, int i, int i2) {
        String p = charArrayBuffer.p(i, i2);
        if (this.f.d()) {
            this.f.a("Received challenge '" + p + "' from the auth server");
        }
        if (this.j == b.UNINITIATED) {
            this.k = org.apache.commons.codec.b.a.m(p.getBytes());
            this.j = b.CHALLENGE_RECEIVED;
        } else {
            this.f.a("Authentication already attempted");
            this.j = b.FAILED;
        }
    }

    GSSContext j(GSSManager gSSManager, Oid oid, GSSName gSSName, GSSCredential gSSCredential) {
        GSSContext createContext = gSSManager.createContext(gSSName.canonicalize(oid), oid, gSSCredential, 0);
        createContext.requestMutualAuth(true);
        return createContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] k(byte[] bArr, Oid oid, String str, org.apache.http.auth.i iVar) {
        GSSManager m = m();
        GSSContext j = j(m, oid, m.createName("HTTP@" + str, GSSName.NT_HOSTBASED_SERVICE), iVar instanceof KerberosCredentials ? ((KerberosCredentials) iVar).c() : null);
        return bArr != null ? j.initSecContext(bArr, 0, bArr.length) : j.initSecContext(new byte[0], 0, 0);
    }

    protected abstract byte[] l(byte[] bArr, String str, org.apache.http.auth.i iVar);

    protected GSSManager m() {
        return GSSManager.getInstance();
    }
}
