package com.sina.org.apache.http.impl.auth;

import com.sina.org.apache.http.HttpRequest;
import com.sina.org.apache.http.auth.AuthenticationException;
import com.sina.org.apache.http.auth.InvalidCredentialsException;
import com.sina.org.apache.http.auth.MalformedChallengeException;
import com.sina.org.apache.http.auth.j;
import com.sina.org.apache.http.l;
import com.sina.org.apache.http.message.BufferedHeader;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: classes4.dex */
public abstract class GGSSchemeBase extends AuthSchemeBase {
    private final Base64 base64codec;
    private final Log log;
    private b state;
    private final boolean stripPort;
    private byte[] token;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f14590a;

        static {
            int[] iArr = new int[b.values().length];
            f14590a = iArr;
            try {
                iArr[b.UNINITIATED.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f14590a[b.FAILED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f14590a[b.CHALLENGE_RECEIVED.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f14590a[b.TOKEN_GENERATED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public enum b {
        UNINITIATED,
        CHALLENGE_RECEIVED,
        TOKEN_GENERATED,
        FAILED
    }

    GGSSchemeBase() {
        this(false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GGSSchemeBase(boolean z) {
        this.log = LogFactory.getLog(getClass());
        this.base64codec = new Base64(0);
        this.stripPort = z;
        this.state = b.UNINITIATED;
    }

    @Override // com.sina.org.apache.http.auth.c
    @Deprecated
    public com.sina.org.apache.http.d authenticate(j jVar, HttpRequest httpRequest) throws AuthenticationException {
        return authenticate(jVar, httpRequest, null);
    }

    @Override // com.sina.org.apache.http.impl.auth.AuthSchemeBase, com.sina.org.apache.http.auth.ContextAwareAuthScheme
    public com.sina.org.apache.http.d authenticate(j jVar, HttpRequest httpRequest, com.sina.org.apache.http.protocol.b bVar) throws AuthenticationException {
        if (httpRequest == null) {
            throw new IllegalArgumentException("HTTP request may not be null");
        }
        int i2 = a.f14590a[this.state.ordinal()];
        if (i2 == 1) {
            throw new AuthenticationException(getSchemeName() + " authentication has not been initiated");
        }
        if (i2 == 2) {
            throw new AuthenticationException(getSchemeName() + " authentication has failed");
        }
        if (i2 == 3) {
            try {
                l lVar = (l) bVar.getAttribute(isProxy() ? "http.proxy_host" : "http.target_host");
                if (lVar == null) {
                    throw new AuthenticationException("Authentication host is not set in the execution context");
                }
                String a2 = (this.stripPort || lVar.b() <= 0) ? lVar.a() : lVar.d();
                if (this.log.isDebugEnabled()) {
                    this.log.debug("init " + a2);
                }
                this.token = generateToken(this.token, a2);
                this.state = b.TOKEN_GENERATED;
            } catch (GSSException e2) {
                this.state = b.FAILED;
                if (e2.getMajor() == 9 || e2.getMajor() == 8) {
                    throw new InvalidCredentialsException(e2.getMessage(), e2);
                }
                if (e2.getMajor() == 13) {
                    throw new InvalidCredentialsException(e2.getMessage(), e2);
                }
                if (e2.getMajor() == 10 || e2.getMajor() == 19 || e2.getMajor() == 20) {
                    throw new AuthenticationException(e2.getMessage(), e2);
                }
                throw new AuthenticationException(e2.getMessage());
            }
        } else if (i2 != 4) {
            throw new IllegalStateException("Illegal state: " + this.state);
        }
        String str = new String(this.base64codec.encode(this.token));
        if (this.log.isDebugEnabled()) {
            this.log.debug("Sending response '" + str + "' back to the auth server");
        }
        com.sina.org.apache.http.b0.b bVar2 = new com.sina.org.apache.http.b0.b(32);
        if (isProxy()) {
            bVar2.a("Proxy-Authorization");
        } else {
            bVar2.a("Authorization");
        }
        bVar2.a(": Negotiate ");
        bVar2.a(str);
        return new BufferedHeader(bVar2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] generateGSSToken(byte[] bArr, Oid oid, String str) throws GSSException {
        if (bArr == null) {
            bArr = new byte[0];
        }
        GSSManager manager = getManager();
        GSSContext createContext = manager.createContext(manager.createName("HTTP@" + str, GSSName.NT_HOSTBASED_SERVICE).canonicalize(oid), oid, (GSSCredential) null, 0);
        createContext.requestMutualAuth(true);
        createContext.requestCredDeleg(true);
        return createContext.initSecContext(bArr, 0, bArr.length);
    }

    protected abstract byte[] generateToken(byte[] bArr, String str) throws GSSException;

    protected GSSManager getManager() {
        return GSSManager.getInstance();
    }

    @Override // com.sina.org.apache.http.auth.c
    public boolean isComplete() {
        b bVar = this.state;
        return bVar == b.TOKEN_GENERATED || bVar == b.FAILED;
    }

    @Override // com.sina.org.apache.http.impl.auth.AuthSchemeBase
    protected void parseChallenge(com.sina.org.apache.http.b0.b bVar, int i2, int i3) throws MalformedChallengeException {
        String b2 = bVar.b(i2, i3);
        if (this.log.isDebugEnabled()) {
            this.log.debug("Received challenge '" + b2 + "' from the auth server");
        }
        if (this.state == b.UNINITIATED) {
            this.token = Base64.decodeBase64(b2.getBytes());
            this.state = b.CHALLENGE_RECEIVED;
        } else {
            this.log.debug("Authentication already attempted");
            this.state = b.FAILED;
        }
    }
}
