package org.apache.http.impl.auth;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.InvalidCredentialsException;
import org.apache.http.auth.MalformedChallengeException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: classes.dex */
public abstract class f extends org.apache.http.impl.auth.a {

    /* renamed from: a, reason: collision with root package name */
    private final Log f13794a;

    /* renamed from: b, reason: collision with root package name */
    private final Base64 f13795b;

    /* renamed from: c, reason: collision with root package name */
    private final boolean f13796c;

    /* renamed from: d, reason: collision with root package name */
    private a f13797d;

    /* renamed from: e, reason: collision with root package name */
    private byte[] f13798e;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public enum a {
        UNINITIATED,
        CHALLENGE_RECEIVED,
        TOKEN_GENERATED,
        FAILED
    }

    f() {
        this(false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public f(boolean z2) {
        this.f13794a = LogFactory.getLog(getClass());
        this.f13795b = new Base64(0);
        this.f13796c = z2;
        this.f13797d = a.UNINITIATED;
    }

    @Override // org.apache.http.auth.d
    @Deprecated
    public org.apache.http.d a(org.apache.http.auth.l lVar, org.apache.http.q qVar) throws AuthenticationException {
        return a(lVar, qVar, (gm.f) null);
    }

    @Override // org.apache.http.impl.auth.a, org.apache.http.auth.k
    public org.apache.http.d a(org.apache.http.auth.l lVar, org.apache.http.q qVar, gm.f fVar) throws AuthenticationException {
        if (qVar == null) {
            throw new IllegalArgumentException("HTTP request may not be null");
        }
        switch (this.f13797d) {
            case UNINITIATED:
                throw new AuthenticationException(a() + " authentication has not been initiated");
            case FAILED:
                throw new AuthenticationException(a() + " authentication has failed");
            case CHALLENGE_RECEIVED:
                try {
                    org.apache.http.n nVar = (org.apache.http.n) fVar.a(e() ? gm.d.f13414e : gm.d.f13413d);
                    if (nVar != null) {
                        String a2 = (this.f13796c || nVar.b() <= 0) ? nVar.a() : nVar.e();
                        if (this.f13794a.isDebugEnabled()) {
                            this.f13794a.debug("init " + a2);
                        }
                        this.f13798e = a(this.f13798e, a2);
                        this.f13797d = a.TOKEN_GENERATED;
                        break;
                    } else {
                        throw new AuthenticationException("Authentication host is not set in the execution context");
                    }
                } catch (GSSException e2) {
                    this.f13797d = a.FAILED;
                    if (e2.getMajor() == 9 || e2.getMajor() == 8) {
                        throw new InvalidCredentialsException(e2.getMessage(), e2);
                    }
                    if (e2.getMajor() == 13) {
                        throw new InvalidCredentialsException(e2.getMessage(), e2);
                    }
                    if (e2.getMajor() == 10 || e2.getMajor() == 19 || e2.getMajor() == 20) {
                        throw new AuthenticationException(e2.getMessage(), e2);
                    }
                    throw new AuthenticationException(e2.getMessage());
                }
                break;
            case TOKEN_GENERATED:
                break;
            default:
                throw new IllegalStateException("Illegal state: " + this.f13797d);
        }
        String str = new String(this.f13795b.encode(this.f13798e));
        if (this.f13794a.isDebugEnabled()) {
            this.f13794a.debug("Sending response '" + str + "' back to the auth server");
        }
        gn.b bVar = new gn.b(32);
        if (e()) {
            bVar.a("Proxy-Authorization");
        } else {
            bVar.a("Authorization");
        }
        bVar.a(": Negotiate ");
        bVar.a(str);
        return new gj.r(bVar);
    }

    @Override // org.apache.http.impl.auth.a
    protected void a(gn.b bVar, int i2, int i3) throws MalformedChallengeException {
        String b2 = bVar.b(i2, i3);
        if (this.f13794a.isDebugEnabled()) {
            this.f13794a.debug("Received challenge '" + b2 + "' from the auth server");
        }
        if (this.f13797d == a.UNINITIATED) {
            this.f13798e = Base64.decodeBase64(b2.getBytes());
            this.f13797d = a.CHALLENGE_RECEIVED;
        } else {
            this.f13794a.debug("Authentication already attempted");
            this.f13797d = a.FAILED;
        }
    }

    protected abstract byte[] a(byte[] bArr, String str) throws GSSException;

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] a(byte[] bArr, Oid oid, String str) throws GSSException {
        if (bArr == null) {
            bArr = new byte[0];
        }
        GSSManager g2 = g();
        GSSContext createContext = g2.createContext(g2.createName("HTTP@" + str, GSSName.NT_HOSTBASED_SERVICE).canonicalize(oid), oid, (GSSCredential) null, 0);
        createContext.requestMutualAuth(true);
        createContext.requestCredDeleg(true);
        return createContext.initSecContext(bArr, 0, bArr.length);
    }

    @Override // org.apache.http.auth.d
    public boolean d() {
        return this.f13797d == a.TOKEN_GENERATED || this.f13797d == a.FAILED;
    }

    protected GSSManager g() {
        return GSSManager.getInstance();
    }
}
