package org.apache.hc.client5.http.impl.auth;

import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.apache.hc.client5.http.auth.AuthenticationException;
import org.apache.hc.client5.http.auth.MalformedChallengeException;
import org.apache.hc.client5.http.auth.NTCredentials;
import org.apache.hc.client5.http.impl.auth.NTLMEngineImpl;
import org.apache.hc.core5.http.HttpHost;

/* loaded from: classes.dex */
public class CredSspScheme implements org.apache.hc.client5.http.auth.c {
    private static final Charset n = Charset.forName("UnicodeLittleUnmarked");
    private static final byte[] o = new byte[0];

    /* renamed from: b, reason: collision with root package name */
    private final org.slf4j.b f1658b = org.slf4j.c.a((Class<?>) CredSspScheme.class);

    /* renamed from: c, reason: collision with root package name */
    private final SSLContext f1659c;
    private State d;
    private SSLEngine e;
    private NTCredentials f;
    private NTLMEngineImpl.f g;
    private NTLMEngineImpl.g h;
    private NTLMEngineImpl.h i;
    private a j;
    private NTLMEngineImpl.c k;
    private NTLMEngineImpl.c l;
    private byte[] m;

    /* loaded from: classes.dex */
    enum State {
        UNINITIATED,
        TLS_HANDSHAKE,
        TLS_HANDSHAKE_FINISHED,
        NEGO_TOKEN_SENT,
        NEGO_TOKEN_RECEIVED,
        PUB_KEY_AUTH_SENT,
        PUB_KEY_AUTH_RECEIVED,
        CREDENTIALS_SENT
    }

    /* loaded from: classes.dex */
    static class a {

        /* renamed from: a, reason: collision with root package name */
        private byte[] f1662a;

        /* renamed from: b, reason: collision with root package name */
        private byte[] f1663b;

        /* renamed from: c, reason: collision with root package name */
        private byte[] f1664c;

        protected a() {
        }

        public static a b(byte[] bArr) {
            a aVar = new a();
            aVar.f1663b = bArr;
            return aVar;
        }

        public static a c(ByteBuffer byteBuffer) {
            a aVar = new a();
            aVar.a(byteBuffer);
            return aVar;
        }

        public static a c(byte[] bArr) {
            a aVar = new a();
            aVar.f1662a = bArr;
            return aVar;
        }

        private void d(ByteBuffer byteBuffer) {
            CredSspScheme.a(byteBuffer, 4, "authInfo type");
            this.f1663b = new byte[CredSspScheme.b(byteBuffer)];
            byteBuffer.get(this.f1663b);
        }

        private void e(ByteBuffer byteBuffer) {
            CredSspScheme.a(byteBuffer, 48, "negoTokens sequence");
            CredSspScheme.b(byteBuffer);
            byte b2 = byteBuffer.get();
            if (b2 == 48) {
                CredSspScheme.b(byteBuffer);
                b2 = byteBuffer.get();
            }
            if ((b2 & 255) == 160) {
                CredSspScheme.b(byteBuffer);
                CredSspScheme.a(byteBuffer, 4, "negoToken type");
                this.f1662a = new byte[CredSspScheme.b(byteBuffer)];
                byteBuffer.get(this.f1662a);
                return;
            }
            CredSspScheme.b(byteBuffer, "negoTokens: wrong content-specific tag " + String.format("%02X", Byte.valueOf(b2)));
            throw null;
        }

        private void f(ByteBuffer byteBuffer) {
            CredSspScheme.a(byteBuffer, 4, "pubKeyAuth type");
            this.f1664c = new byte[CredSspScheme.b(byteBuffer)];
            byteBuffer.get(this.f1664c);
        }

        private void g(ByteBuffer byteBuffer) {
            CredSspScheme.b(byteBuffer, 3, "error code length");
            CredSspScheme.a(byteBuffer, 2, "error code type");
            CredSspScheme.b(byteBuffer, 1, "error code length");
            CredSspScheme.b(byteBuffer, "Error code " + ((int) byteBuffer.get()));
            throw null;
        }

        private void h(ByteBuffer byteBuffer) {
            CredSspScheme.a(byteBuffer, 2, "version type");
            CredSspScheme.b(byteBuffer, 1, "version length");
            CredSspScheme.a(byteBuffer, 3, "wrong protocol version");
        }

        public void a(ByteBuffer byteBuffer) {
            this.f1662a = null;
            this.f1663b = null;
            this.f1664c = null;
            CredSspScheme.a(byteBuffer, 48, "initial sequence");
            CredSspScheme.b(byteBuffer);
            while (byteBuffer.hasRemaining()) {
                int a2 = CredSspScheme.a(byteBuffer, "content tag");
                CredSspScheme.b(byteBuffer);
                if (a2 == 0) {
                    h(byteBuffer);
                } else if (a2 == 1) {
                    e(byteBuffer);
                } else if (a2 == 2) {
                    d(byteBuffer);
                } else {
                    if (a2 != 3) {
                        if (a2 == 4) {
                            g(byteBuffer);
                            throw null;
                        }
                        CredSspScheme.b(byteBuffer, "unexpected content tag " + a2);
                        throw null;
                    }
                    f(byteBuffer);
                }
            }
        }

        public void a(byte[] bArr) {
            this.f1664c = bArr;
        }

        public byte[] a() {
            return this.f1662a;
        }

        public void b(ByteBuffer byteBuffer) {
            ByteBuffer allocate = ByteBuffer.allocate(byteBuffer.capacity());
            allocate.put((byte) -96);
            allocate.put((byte) 3);
            allocate.put((byte) 2);
            allocate.put((byte) 1);
            allocate.put((byte) 3);
            byte[] bArr = this.f1662a;
            if (bArr != null) {
                int length = bArr.length;
                byte[] a2 = CredSspScheme.a(length);
                int length2 = length + a2.length + 1;
                byte[] a3 = CredSspScheme.a(length2);
                int length3 = length2 + a3.length + 1;
                byte[] a4 = CredSspScheme.a(length3);
                int length4 = length3 + a4.length + 1;
                byte[] a5 = CredSspScheme.a(length4);
                byte[] a6 = CredSspScheme.a(length4 + a5.length + 1);
                allocate.put((byte) -95);
                allocate.put(a6);
                allocate.put((byte) 48);
                allocate.put(a5);
                allocate.put((byte) 48);
                allocate.put(a4);
                allocate.put((byte) -96);
                allocate.put(a3);
                allocate.put((byte) 4);
                allocate.put(a2);
                allocate.put(this.f1662a);
            }
            byte[] bArr2 = this.f1663b;
            if (bArr2 != null) {
                byte[] a7 = CredSspScheme.a(bArr2.length);
                allocate.put((byte) -94);
                allocate.put(CredSspScheme.a(a7.length + 1 + this.f1663b.length));
                allocate.put((byte) 4);
                allocate.put(a7);
                allocate.put(this.f1663b);
            }
            byte[] bArr3 = this.f1664c;
            if (bArr3 != null) {
                byte[] a8 = CredSspScheme.a(bArr3.length);
                allocate.put((byte) -93);
                allocate.put(CredSspScheme.a(a8.length + 1 + this.f1664c.length));
                allocate.put((byte) 4);
                allocate.put(a8);
                allocate.put(this.f1664c);
            }
            allocate.flip();
            byteBuffer.put((byte) 48);
            byteBuffer.put(CredSspScheme.a(allocate.limit()));
            byteBuffer.put(allocate);
        }

        public byte[] b() {
            return this.f1664c;
        }

        public String toString() {
            return "TsRequest(negoToken=" + Arrays.toString(this.f1662a) + ", authInfo=" + Arrays.toString(this.f1663b) + ", pubKeyAuth=" + Arrays.toString(this.f1664c) + ")";
        }
    }

    public CredSspScheme(SSLContext sSLContext) {
        org.apache.hc.core5.util.a.a(sSLContext, "SSL context");
        this.f1659c = sSLContext;
        this.d = State.UNINITIATED;
    }

    static int a(ByteBuffer byteBuffer, String str) {
        byte b2 = byteBuffer.get();
        if ((b2 & 224) == 160) {
            return b2 & 31;
        }
        b(byteBuffer, str + ": wrong content-specific tag " + String.format("%02X", Byte.valueOf(b2)));
        throw null;
    }

    private static String a(int i, int i2) {
        return "(expected " + String.format("%02X", Integer.valueOf(i)) + ", got " + String.format("%02X", Integer.valueOf(i2)) + ")";
    }

    private String a(ByteBuffer byteBuffer) {
        byte[] bArr = new byte[byteBuffer.limit()];
        byteBuffer.get(bArr);
        return new String(c.a.a.a.f.a.f(bArr), StandardCharsets.US_ASCII);
    }

    private ByteBuffer a(String str) {
        return ByteBuffer.wrap(c.a.a.a.f.a.e(str.getBytes(StandardCharsets.US_ASCII)));
    }

    static void a(ByteBuffer byteBuffer, int i, String str) {
        byte b2 = byteBuffer.get();
        if (b2 == i) {
            return;
        }
        b(byteBuffer, str + a(i, b2));
        throw null;
    }

    private void a(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) {
        try {
            SSLEngineResult unwrap = this.e.unwrap(byteBuffer, byteBuffer2);
            if (unwrap.getStatus() == SSLEngineResult.Status.OK) {
                if (this.e.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                    this.e.getDelegatedTask().run();
                }
            } else {
                throw new MalformedChallengeException("SSL Engine error status: " + unwrap.getStatus());
            }
        } catch (SSLException e) {
            throw new MalformedChallengeException("SSL Engine unwrap error: " + e.getMessage(), e);
        }
    }

    private void a(byte[] bArr) {
        byte[] a2 = this.l.a(bArr);
        byte[] bArr2 = this.m;
        if (bArr2.length != a2.length) {
            throw new AuthenticationException("Public key mismatch in pubKeyAuth response");
        }
        int i = 1;
        if (bArr2[0] + 1 != a2[0]) {
            throw new AuthenticationException("Public key mismatch in pubKeyAuth response");
        }
        while (true) {
            byte[] bArr3 = this.m;
            if (i >= bArr3.length) {
                this.f1658b.e("Received public key response is valid");
                return;
            } else {
                if (bArr3[i] != a2[i]) {
                    throw new AuthenticationException("Public key mismatch in pubKeyAuth response");
                }
                i++;
            }
        }
    }

    static byte[] a(int i) {
        int i2 = 0;
        int i3 = 1;
        if (i < 128) {
            return new byte[]{(byte) i};
        }
        int i4 = i;
        while (true) {
            i4 >>>= 8;
            if (i4 == 0) {
                break;
            }
            i3++;
        }
        byte[] bArr = new byte[i3 + 1];
        bArr[0] = (byte) (i3 | 128);
        int i5 = (i3 - 1) * 8;
        while (i2 < i3) {
            i2++;
            bArr[i2] = (byte) (i >> i5);
            i5 -= 8;
        }
        return bArr;
    }

    private byte[] a(CharBuffer charBuffer) {
        if (charBuffer == null) {
            return o;
        }
        ByteBuffer encode = n.encode(charBuffer);
        if (!encode.hasRemaining()) {
            return o;
        }
        byte[] bArr = new byte[encode.remaining()];
        encode.get(bArr);
        return bArr;
    }

    private byte[] a(PublicKey publicKey) {
        try {
            ByteBuffer wrap = ByteBuffer.wrap(publicKey.getEncoded());
            a(wrap, 48, "initial sequence");
            b(wrap);
            a(wrap, 48, "AlgorithmIdentifier sequence");
            wrap.position(wrap.position() + b(wrap));
            a(wrap, 3, "subjectPublicKey type");
            int b2 = b(wrap);
            if (wrap.get() == 0) {
                b2--;
            } else {
                wrap.position(wrap.position() - 1);
            }
            byte[] bArr = new byte[b2];
            wrap.get(bArr);
            return bArr;
        } catch (MalformedChallengeException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    private byte[] a(NTCredentials nTCredentials) {
        byte[] b2 = b(nTCredentials.c());
        byte[] a2 = a(b2.length);
        int length = a2.length + 1 + b2.length;
        byte[] a3 = a(length);
        byte[] b3 = b(nTCredentials.e());
        byte[] a4 = a(b3.length);
        int length2 = a4.length + 1 + b3.length;
        byte[] a5 = a(length2);
        byte[] a6 = a(nTCredentials.b());
        byte[] a7 = a(a6.length);
        int length3 = a7.length + 1 + a6.length;
        byte[] a8 = a(length3);
        int length4 = a3.length + 1 + length + 1 + a5.length + length2 + 1 + a8.length + length3;
        byte[] a9 = a(length4);
        int length5 = a9.length + 1 + length4;
        byte[] a10 = a(length5);
        int length6 = a10.length + 1 + length5;
        byte[] a11 = a(length6);
        int length7 = a11.length + 6 + length6;
        byte[] a12 = a(length7);
        ByteBuffer allocate = ByteBuffer.allocate(a12.length + 1 + length7);
        allocate.put((byte) 48);
        allocate.put(a12);
        allocate.put((byte) -96);
        allocate.put((byte) 3);
        allocate.put((byte) 2);
        allocate.put((byte) 1);
        allocate.put((byte) 1);
        allocate.put((byte) -95);
        allocate.put(a11);
        allocate.put((byte) 4);
        allocate.put(a10);
        allocate.put((byte) 48);
        allocate.put(a9);
        allocate.put((byte) -96);
        allocate.put(a3);
        allocate.put((byte) 4);
        allocate.put(a2);
        allocate.put(b2);
        allocate.put((byte) -95);
        allocate.put(a5);
        allocate.put((byte) 4);
        allocate.put(a4);
        allocate.put(b3);
        allocate.put((byte) -94);
        allocate.put(a8);
        allocate.put((byte) 4);
        allocate.put(a7);
        allocate.put(a6);
        try {
            return this.k.b(allocate.array());
        } catch (NTLMEngineException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    private byte[] a(char[] cArr) {
        return cArr == null ? o : a(CharBuffer.wrap(cArr));
    }

    static int b(ByteBuffer byteBuffer) {
        byte b2 = byteBuffer.get();
        if (b2 == 128) {
            return -1;
        }
        if ((b2 & 128) != 128) {
            return b2;
        }
        int i = b2 & Byte.MAX_VALUE;
        int i2 = 0;
        for (int i3 = 0; i3 < i; i3++) {
            i2 = (i2 << 8) + (byteBuffer.get() & 255);
        }
        return i2;
    }

    static void b(ByteBuffer byteBuffer, int i, String str) {
        int b2 = b(byteBuffer);
        if (i == b2) {
            return;
        }
        b(byteBuffer, str + a(i, b2));
        throw null;
    }

    static void b(ByteBuffer byteBuffer, String str) {
        throw new MalformedChallengeException("Error parsing TsRequest (position:" + byteBuffer.position() + "): " + str);
    }

    private void b(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) {
        try {
            SSLEngineResult wrap = j().wrap(byteBuffer, byteBuffer2);
            if (wrap.getStatus() == SSLEngineResult.Status.OK) {
                return;
            }
            throw new AuthenticationException("SSL Engine error status: " + wrap.getStatus());
        } catch (SSLException e) {
            throw new AuthenticationException("SSL Engine wrap error: " + e.getMessage(), e);
        }
    }

    private byte[] b(String str) {
        return str == null ? o : a(CharBuffer.wrap(str));
    }

    private String c(ByteBuffer byteBuffer) {
        ByteBuffer allocate = ByteBuffer.allocate(j().getSession().getPacketBufferSize());
        b(byteBuffer, allocate);
        allocate.flip();
        return a(allocate);
    }

    private ByteBuffer c(String str) {
        SSLSession session = j().getSession();
        ByteBuffer a2 = a(str);
        ByteBuffer allocate = ByteBuffer.allocate(session.getApplicationBufferSize());
        a(a2, allocate);
        allocate.flip();
        return allocate;
    }

    private ByteBuffer d() {
        return ByteBuffer.allocate(j().getSession().getApplicationBufferSize());
    }

    private void d(String str) {
        SSLEngine j = j();
        SSLSession session = j.getSession();
        ByteBuffer a2 = a(str);
        ByteBuffer allocate = ByteBuffer.allocate(session.getApplicationBufferSize());
        while (j.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
            a(a2, allocate);
        }
    }

    private void e() {
        try {
            j().beginHandshake();
        } catch (SSLException e) {
            throw new AuthenticationException("SSL Engine error: " + e.getMessage(), e);
        }
    }

    private byte[] f() {
        return this.k.b(this.m);
    }

    private SSLEngine g() {
        SSLEngine createSSLEngine = this.f1659c.createSSLEngine();
        createSSLEngine.setUseClientMode(true);
        return createSSLEngine;
    }

    private int h() {
        return -494366670;
    }

    private Certificate i() {
        try {
            for (Certificate certificate : this.e.getSession().getPeerCertificates()) {
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if (x509Certificate.getBasicConstraints() == -1) {
                        return x509Certificate;
                    }
                }
            }
            return null;
        } catch (SSLPeerUnverifiedException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    private SSLEngine j() {
        if (this.e == null) {
            this.e = g();
        }
        return this.e;
    }

    private String k() {
        ByteBuffer d = d();
        d.flip();
        SSLEngine j = j();
        ByteBuffer allocate = ByteBuffer.allocate(j.getSession().getPacketBufferSize() * 2);
        while (j.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
            b(d, allocate);
        }
        allocate.flip();
        return a(allocate);
    }

    @Override // org.apache.hc.client5.http.auth.c
    public String a(HttpHost httpHost, org.apache.hc.core5.http.n nVar, org.apache.hc.core5.http.y.d dVar) {
        String c2;
        State state;
        if (this.f == null) {
            throw new AuthenticationException("NT credentials not available");
        }
        State state2 = this.d;
        if (state2 == State.UNINITIATED) {
            e();
            c2 = k();
            state = State.TLS_HANDSHAKE;
        } else {
            if (state2 == State.TLS_HANDSHAKE) {
                return k();
            }
            if (state2 == State.TLS_HANDSHAKE_FINISHED) {
                int h = h();
                ByteBuffer d = d();
                this.g = new NTLMEngineImpl.f(this.f.d(), this.f.f(), Integer.valueOf(h));
                a.c(this.g.b()).b(d);
                d.flip();
                c2 = c(d);
                state = State.NEGO_TOKEN_SENT;
            } else if (state2 == State.NEGO_TOKEN_RECEIVED) {
                ByteBuffer d2 = d();
                this.h = new NTLMEngineImpl.g(this.j.a());
                Certificate i = i();
                this.i = new NTLMEngineImpl.h(this.f.d(), this.f.f(), this.f.e(), this.f.b(), this.h.e(), this.h.f(), this.h.g(), this.h.h(), i, this.g.b(), this.h.b());
                byte[] b2 = this.i.b();
                byte[] e = this.i.e();
                this.k = new NTLMEngineImpl.c(e, NTLMEngineImpl.Mode.CLIENT, true);
                this.l = new NTLMEngineImpl.c(e, NTLMEngineImpl.Mode.SERVER, true);
                a c3 = a.c(b2);
                this.m = a(i.getPublicKey());
                c3.a(f());
                c3.b(d2);
                d2.flip();
                c2 = c(d2);
                state = State.PUB_KEY_AUTH_SENT;
            } else {
                if (state2 != State.PUB_KEY_AUTH_RECEIVED) {
                    throw new AuthenticationException("Wrong state " + this.d);
                }
                a(this.j.b());
                a b3 = a.b(a(this.f));
                ByteBuffer d3 = d();
                b3.b(d3);
                d3.flip();
                c2 = c(d3);
                state = State.CREDENTIALS_SENT;
            }
        }
        this.d = state;
        return c2;
    }

    @Override // org.apache.hc.client5.http.auth.c
    public void a(org.apache.hc.client5.http.auth.b bVar, org.apache.hc.core5.http.y.d dVar) {
        String c2 = bVar.c();
        if (c2.isEmpty() && this.d != State.UNINITIATED) {
            String str = "Received unexpected empty input in state " + this.d;
            this.f1658b.a(str);
            throw new MalformedChallengeException(str);
        }
        if (this.d == State.TLS_HANDSHAKE) {
            d(c2);
            if (j().getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
                this.f1658b.e("TLS handshake finished");
                this.d = State.TLS_HANDSHAKE_FINISHED;
            }
        }
        if (this.d == State.NEGO_TOKEN_SENT) {
            ByteBuffer c3 = c(c2);
            this.d = State.NEGO_TOKEN_RECEIVED;
            this.j = a.c(c3);
        }
        if (this.d == State.PUB_KEY_AUTH_SENT) {
            ByteBuffer c4 = c(c2);
            this.d = State.PUB_KEY_AUTH_RECEIVED;
            this.j = a.c(c4);
        }
    }

    @Override // org.apache.hc.client5.http.auth.c
    public boolean a() {
        return true;
    }

    @Override // org.apache.hc.client5.http.auth.c
    public boolean a(HttpHost httpHost, org.apache.hc.client5.http.auth.h hVar, org.apache.hc.core5.http.y.d dVar) {
        org.apache.hc.core5.util.a.a(httpHost, "Auth host");
        org.apache.hc.core5.util.a.a(hVar, "CredentialsProvider");
        org.apache.hc.client5.http.auth.g a2 = hVar.a(new org.apache.hc.client5.http.auth.e(httpHost, null, getName()), dVar);
        if (!(a2 instanceof NTCredentials)) {
            return false;
        }
        this.f = (NTCredentials) a2;
        return true;
    }

    @Override // org.apache.hc.client5.http.auth.c
    public Principal b() {
        NTCredentials nTCredentials = this.f;
        if (nTCredentials != null) {
            return nTCredentials.a();
        }
        return null;
    }

    @Override // org.apache.hc.client5.http.auth.c
    public boolean c() {
        return this.d == State.CREDENTIALS_SENT;
    }

    @Override // org.apache.hc.client5.http.auth.c
    public String getName() {
        return "CredSSP";
    }
}
