package com.good.gd.apachehttp.impl.auth;

import com.good.gd.apachehttp.auth.Kerberos5Credentials;
import com.good.gd.apachehttp.impl.auth.a;
import com.good.gd.ndkproxy.GDLog;
import org.apache.http.Header;
import org.apache.http.HeaderElement;
import org.apache.http.HttpRequest;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.MalformedChallengeException;
import org.apache.http.impl.auth.AuthSchemeBase;
import org.apache.http.message.BasicHeader;
import org.apache.http.protocol.HttpContext;
import org.apache.http.util.CharArrayBuffer;

/* loaded from: classes.dex */
public final class NegotiateScheme extends AuthSchemeBase {
    private final e a;
    private final boolean b;
    private b c;
    private boolean d;
    private String e;
    private int f;
    protected long nativeNetogiateDataPtr;
    protected static long GSS_S_COMPLETE = -1;
    protected static long GSS_S_CONTINUE_NEEDED = -1;
    protected static long GSS_S_BAD_MECH = -1;
    protected static long GSS_S_BAD_NAME = -1;
    protected static long GSS_S_BAD_NAMETYPE = -1;
    protected static long GSS_S_BAD_BINDINGS = -1;
    protected static long GSS_S_BAD_STATUS = -1;
    protected static long GSS_S_BAD_SIG = -1;
    protected static long GSS_S_BAD_MIC = -1;
    protected static long GSS_S_NO_CRED = -1;
    protected static long GSS_S_NO_CONTEXT = -1;
    protected static long GSS_S_DEFECTIVE_TOKEN = -1;
    protected static long GSS_S_DEFECTIVE_CREDENTIAL = -1;
    protected static long GSS_S_CREDENTIALS_EXPIRED = -1;
    protected static long GSS_S_CONTEXT_EXPIRED = -1;
    protected static long GSS_S_FAILURE = -1;
    protected static long GSS_S_BAD_QOP = -1;
    protected static long GSS_S_UNAUTHORIZED = -1;
    protected static long GSS_S_UNAVAILABLE = -1;
    protected static long GSS_S_DUPLICATE_ELEMENT = -1;
    protected static long GSS_S_NAME_NOT_MN = -1;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public final class a implements Runnable {
        private final boolean b;
        private final String c;
        private String d;
        private Exception f = null;
        private String e = "";

        public a(String str, boolean z, String str2) {
            this.b = z;
            this.c = str;
            this.d = str2;
        }

        public final Exception a() {
            return this.f;
        }

        public final String b() {
            return this.e;
        }

        @Override // java.lang.Runnable
        public final void run() {
            GDLog.a(16, "Generate_GSS_Kerberos_token_Task: saved token:'" + this.d + "'");
            try {
                byte[] generateGssApiData = NegotiateScheme.this.generateGssApiData(this.c, this.b, this.d.getBytes());
                if (generateGssApiData != null) {
                    this.e = new String(generateGssApiData);
                }
            } catch (com.good.gd.apachehttp.impl.auth.a e) {
                this.f = e;
                GDLog.a(12, "Generate_GSS_Kerberos_token_Task: GSS exception took place:" + e.toString());
            } catch (Exception e2) {
                this.f = e2;
            }
            GDLog.a(16, "Generate_GSS_Kerberos_token_Task: new token:'" + this.e + "'");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public enum b {
        UNINITIATED,
        CHALLENGE_RECEIVED,
        TOKEN_GENERATED,
        COMPLETE,
        FAILED
    }

    public NegotiateScheme() {
        this(null, false);
    }

    public NegotiateScheme(e eVar) {
        this(eVar, false);
    }

    public NegotiateScheme(e eVar, boolean z) {
        this.d = false;
        this.nativeNetogiateDataPtr = 0L;
        this.f = 0;
        GDLog.a(16, "NegotiateScheme::NegotiateScheme() IN");
        this.c = b.UNINITIATED;
        this.a = eVar;
        this.b = z;
        ndkInit();
        GDLog.a(16, "NegotiateScheme::NegotiateScheme() OUT");
    }

    private static String a(HttpRequest httpRequest, int[] iArr) {
        if (httpRequest == null) {
            throw new IllegalArgumentException("null request provided");
        }
        if (iArr == null || iArr.length <= 0) {
            throw new IllegalArgumentException("invalid port argument provided");
        }
        GDLog.a(16, "NegotiateScheme::getFromRequest");
        Header[] allHeaders = httpRequest.getAllHeaders();
        if (allHeaders != null) {
            for (Header header : allHeaders) {
                if (header.getName() != null && header.getName().equalsIgnoreCase("HOST")) {
                    HeaderElement[] elements = header.getElements();
                    if (elements != null) {
                        for (HeaderElement headerElement : elements) {
                            GDLog.a(16, "NegotiateScheme::getFromRequest name is " + headerElement.getName());
                            GDLog.a(16, "NegotiateScheme::getFromRequest value is " + headerElement.getValue());
                            if (!headerElement.getName().contains(":")) {
                                iArr[0] = 80;
                                return headerElement.getName();
                            }
                            String[] split = headerElement.getName().split(":");
                            if (split != null && split.length > 1) {
                                iArr[0] = Integer.valueOf(split[1]).intValue();
                                return split[0];
                            }
                        }
                    } else {
                        GDLog.a(16, "NegotiateScheme::getFromRequest - no headerElems");
                    }
                }
            }
        } else {
            GDLog.a(16, "NegotiateScheme::getFromRequest - no headers");
        }
        iArr[0] = 80;
        return "";
    }

    private String a(Credentials credentials, HttpRequest httpRequest) throws AuthenticationException {
        String str;
        int i;
        boolean z;
        GDLog.a(16, "NegotiateScheme::processAuthenticationToken(credentials=[" + credentials.toString() + "], /nrequest=[" + (httpRequest == null ? "null" : httpRequest.toString()) + "]) IN: state=" + this.c);
        GDLog.a(16, "NegotiateScheme::processAuthenticationToken(): current token:'" + this.e + "'");
        try {
            int[] iArr = new int[1];
            if (!(credentials instanceof Kerberos5Credentials)) {
                throw new AuthenticationException("Supplied Credentials object is not Kerberos5Credentials.");
            }
            Kerberos5Credentials kerberos5Credentials = (Kerberos5Credentials) credentials;
            if (httpRequest == null || (kerberos5Credentials.getHost() != null && kerberos5Credentials.getHost().length() > 0)) {
                str = new String(kerberos5Credentials.getHost());
                i = 0;
            } else if (httpRequest != null) {
                str = a(httpRequest, iArr);
                i = iArr[0];
            } else {
                str = null;
                i = 0;
            }
            if (this.c != b.CHALLENGE_RECEIVED) {
                GDLog.a(16, "NegotiateScheme::processAuthenticationToken() - we are redirecting. new authServer=" + str);
                this.e = "";
                this.c = b.UNINITIATED;
                clearNegotiateData(this.nativeNetogiateDataPtr, true);
                return "";
            }
            GDLog.a(16, "NegotiateScheme::processAuthenticationToken() authServer " + str + " Using Kerberos MECH 1.2.840.113554.1.2.2");
            KerberosHandler kerberosHandler = KerberosHandler.getInstance();
            a aVar = new a(str, kerberosHandler.delegationAllowed(), this.e);
            if (kerberos5Credentials.getUserName() != null && kerberos5Credentials.getUserName().length() > 0) {
                kerberosHandler.setupTGT_and_executeGSSTask(kerberos5Credentials.getUserName(), kerberos5Credentials.getPassword(), aVar);
                z = true;
            } else if (httpRequest != null) {
                kerberosHandler.setupKerberosTicket_and_executeGSSTask(str, i, aVar);
                z = true;
            } else {
                z = false;
            }
            if (!z) {
                GDLog.a(16, "NegotiateScheme::processAuthenticationToken() : submitting GSS task= " + aVar);
                kerberosHandler.executeGSSTask(aVar);
            }
            if (aVar.a() != null) {
                Exception a2 = aVar.a();
                if (a2 instanceof com.good.gd.apachehttp.impl.auth.a) {
                    throw ((com.good.gd.apachehttp.impl.auth.a) a2);
                }
                GDLog.a(12, "NegotiateScheme::processAuthenticationToken() : unexpected exception thrown= " + a2);
            }
            long gssStatus = getGssStatus(this.nativeNetogiateDataPtr);
            if (gssStatus == GSS_S_COMPLETE) {
                this.c = b.COMPLETE;
            } else {
                if (gssStatus != GSS_S_CONTINUE_NEEDED) {
                    this.c = b.FAILED;
                    if (gssStatus == GSS_S_BAD_MECH) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.BAD_BINDINGS);
                    }
                    if (gssStatus == GSS_S_BAD_NAME) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.BAD_NAME);
                    }
                    if (gssStatus == GSS_S_BAD_NAMETYPE) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.BAD_NAMETYPE);
                    }
                    if (gssStatus == GSS_S_BAD_BINDINGS) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.BAD_BINDINGS);
                    }
                    if (gssStatus == GSS_S_BAD_STATUS) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.BAD_STATUS);
                    }
                    if (gssStatus == GSS_S_BAD_MIC) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.BAD_MIC);
                    }
                    if (gssStatus == GSS_S_NO_CRED) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.NO_CRED);
                    }
                    if (gssStatus == GSS_S_NO_CONTEXT) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.NO_CONTEXT);
                    }
                    if (gssStatus == GSS_S_DEFECTIVE_TOKEN) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.DEFECTIVE_TOKEN);
                    }
                    if (gssStatus == GSS_S_DEFECTIVE_CREDENTIAL) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.DEFECTIVE_CREDENTIAL);
                    }
                    if (gssStatus == GSS_S_CREDENTIALS_EXPIRED) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.CREDENTIALS_EXPIRED);
                    }
                    if (gssStatus == GSS_S_CONTEXT_EXPIRED) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.CONTEXT_EXPIRED);
                    }
                    if (gssStatus == GSS_S_FAILURE) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.FAILURE);
                    }
                    if (gssStatus == GSS_S_BAD_QOP) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.BAD_QOP);
                    }
                    if (gssStatus == GSS_S_UNAUTHORIZED) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.UNAUTHORIZED);
                    }
                    if (gssStatus == GSS_S_UNAVAILABLE) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.UNAVAILABLE);
                    }
                    if (gssStatus == GSS_S_DUPLICATE_ELEMENT) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.DUPLICATE_ELEMENT);
                    }
                    if (gssStatus == GSS_S_NAME_NOT_MN) {
                        throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.NAME_NOT_MN);
                    }
                    throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.FAILURE);
                }
                this.c = b.TOKEN_GENERATED;
                GDLog.a(16, "NegotiateScheme::processAuthenticationToken(): GSS_S_CONTINUE_NEEDED");
            }
            if (gssStatus != GSS_S_CONTINUE_NEEDED && gssStatus != GSS_S_COMPLETE) {
                return "";
            }
            String b2 = aVar.b();
            if (gssStatus == GSS_S_CONTINUE_NEEDED && b2.length() <= 0) {
                this.c = b.FAILED;
                throw new AuthenticationException("GSS security context initialization failed");
            }
            GDLog.a(19, "Sending response '" + b2 + "' back to the auth server");
            GDLog.a(16, "NegotiateScheme::processAuthenticationToken() OUT");
            return b2;
        } catch (com.good.gd.apachehttp.impl.auth.a e) {
            GDLog.a(16, "NegotiateScheme::processAuthenticationToken() OUT: Failed: gss exception: " + e.getMessage());
            this.c = b.FAILED;
            return "";
        }
    }

    private native void clearNegotiateData(long j, boolean z);

    /* JADX INFO: Access modifiers changed from: private */
    public native byte[] generateGssApiData(String str, boolean z, byte[] bArr) throws com.good.gd.apachehttp.impl.auth.a;

    private native long getGssStatus(long j);

    @Override // org.apache.http.auth.AuthScheme
    @Deprecated
    public final Header authenticate(Credentials credentials, HttpRequest httpRequest) throws AuthenticationException {
        return authenticate(credentials, httpRequest, null);
    }

    @Override // org.apache.http.impl.auth.AuthSchemeBase, org.apache.http.auth.ContextAwareAuthScheme
    public final Header authenticate(Credentials credentials, HttpRequest httpRequest, HttpContext httpContext) throws AuthenticationException {
        GDLog.a(16, "NegotiateScheme::authenticate() IN: state=" + this.c);
        if (httpRequest == null) {
            throw new IllegalArgumentException("HTTP request may not be null");
        }
        if (getGssStatus(this.nativeNetogiateDataPtr) == GSS_S_COMPLETE) {
            throw new com.good.gd.apachehttp.impl.auth.a(a.EnumC0002a.DEFECTIVE_CREDENTIAL);
        }
        return new BasicHeader("Authorization", "Negotiate " + a(credentials, httpRequest));
    }

    public final boolean authenticateReponse(Credentials credentials, HttpContext httpContext) throws AuthenticationException {
        GDLog.a(16, "NegotiateScheme::authenticateReponse(credentials=[" + credentials.toString() + "]) IN: state=" + this.c);
        a(credentials, (HttpRequest) null);
        boolean isComplete = isComplete();
        if (isComplete) {
            clearNegotiateData(this.nativeNetogiateDataPtr, false);
        }
        GDLog.a(16, "NegotiateScheme::authenticate() OUT 1");
        return isComplete;
    }

    @Override // org.apache.http.auth.AuthScheme
    public final String getParameter(String str) {
        if (str == null) {
            throw new IllegalArgumentException("Parameter name may not be null");
        }
        return null;
    }

    @Override // org.apache.http.auth.AuthScheme
    public final String getRealm() {
        return null;
    }

    @Override // org.apache.http.auth.AuthScheme
    public final String getSchemeName() {
        return "Negotiate";
    }

    @Override // org.apache.http.auth.AuthScheme
    public final boolean isComplete() {
        return this.c == b.COMPLETE || this.c == b.FAILED;
    }

    @Override // org.apache.http.auth.AuthScheme
    public final boolean isConnectionBased() {
        return true;
    }

    final native void ndkInit();

    @Override // org.apache.http.impl.auth.AuthSchemeBase
    public final void parseChallenge(CharArrayBuffer charArrayBuffer, int i, int i2) throws MalformedChallengeException {
        this.f++;
        String substringTrimmed = charArrayBuffer.substringTrimmed(i, i2);
        GDLog.a(16, "NegotiateScheme::parseChallenge() Received challenge '" + substringTrimmed + "' from the auth server, count:" + this.f);
        if ((this.c == b.UNINITIATED || this.c == b.TOKEN_GENERATED) && this.f < 100) {
            this.e = substringTrimmed;
            this.c = b.CHALLENGE_RECEIVED;
        } else {
            GDLog.a(12, "NegotiateScheme::parseChallenge() Authentication already attempted");
            this.c = b.FAILED;
            this.e = "";
        }
        GDLog.a(16, "NegotiateScheme::parseChallenge() OUT");
    }
}
