package org.apache.a.i.a;

import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.a.i.a.p;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* compiled from: CredSspScheme.java */
/* loaded from: classes.dex */
public class d extends org.apache.a.i.a.a {
    public static final String b = "CredSSP";
    private static final Charset c = org.apache.a.p.e.a("UnicodeLittleUnmarked");
    private static final byte[] n = new byte[0];
    private final Log d = LogFactory.getLog(d.class);
    private b e = b.UNINITIATED;
    private SSLEngine f;
    private p.g g;
    private p.h h;
    private p.i i;
    private a j;
    private p.c k;
    private p.c l;
    private byte[] m;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: CredSspScheme.java */
    /* loaded from: classes.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        private static final int f1240a = 3;
        private byte[] b;
        private byte[] c;
        private byte[] d;

        protected a() {
        }

        public static a a(ByteBuffer byteBuffer) throws org.apache.a.b.q {
            a aVar = new a();
            aVar.b(byteBuffer);
            return aVar;
        }

        public static a a(byte[] bArr) {
            a aVar = new a();
            aVar.b = bArr;
            return aVar;
        }

        public static a b(byte[] bArr) {
            a aVar = new a();
            aVar.c = bArr;
            return aVar;
        }

        private void d(ByteBuffer byteBuffer) throws org.apache.a.b.q {
            d.a(byteBuffer, 2, "version type");
            d.b(byteBuffer, 1, "version length");
            d.a(byteBuffer, 3, "wrong protocol version");
        }

        private void e(ByteBuffer byteBuffer) throws org.apache.a.b.q {
            d.a(byteBuffer, 48, "negoTokens sequence");
            d.a(byteBuffer);
            byte b = byteBuffer.get();
            if (b == 48) {
                d.a(byteBuffer);
                b = byteBuffer.get();
            }
            if ((b & 255) != 160) {
                d.b(byteBuffer, "negoTokens: wrong content-specific tag " + String.format("%02X", Byte.valueOf(b)));
            }
            d.a(byteBuffer);
            d.a(byteBuffer, 4, "negoToken type");
            this.b = new byte[d.a(byteBuffer)];
            byteBuffer.get(this.b);
        }

        private void f(ByteBuffer byteBuffer) throws org.apache.a.b.q {
            d.a(byteBuffer, 4, "authInfo type");
            this.c = new byte[d.a(byteBuffer)];
            byteBuffer.get(this.c);
        }

        private void g(ByteBuffer byteBuffer) throws org.apache.a.b.q {
            d.a(byteBuffer, 4, "pubKeyAuth type");
            this.d = new byte[d.a(byteBuffer)];
            byteBuffer.get(this.d);
        }

        private void h(ByteBuffer byteBuffer) throws org.apache.a.b.q {
            d.b(byteBuffer, 3, "error code length");
            d.a(byteBuffer, 2, "error code type");
            d.b(byteBuffer, 1, "error code length");
            d.b(byteBuffer, "Error code " + ((int) byteBuffer.get()));
        }

        public byte[] a() {
            return this.b;
        }

        public void b(ByteBuffer byteBuffer) throws org.apache.a.b.q {
            this.b = null;
            this.c = null;
            this.d = null;
            d.a(byteBuffer, 48, "initial sequence");
            d.a(byteBuffer);
            while (byteBuffer.hasRemaining()) {
                int a2 = d.a(byteBuffer, "content tag");
                d.a(byteBuffer);
                switch (a2) {
                    case 0:
                        d(byteBuffer);
                        break;
                    case 1:
                        e(byteBuffer);
                        break;
                    case 2:
                        f(byteBuffer);
                        break;
                    case 3:
                        g(byteBuffer);
                        break;
                    case 4:
                        h(byteBuffer);
                        break;
                    default:
                        d.b(byteBuffer, "unexpected content tag " + a2);
                        break;
                }
            }
        }

        public byte[] b() {
            return this.c;
        }

        public void c(ByteBuffer byteBuffer) {
            ByteBuffer allocate = ByteBuffer.allocate(byteBuffer.capacity());
            allocate.put((byte) -96);
            allocate.put((byte) 3);
            allocate.put((byte) 2);
            allocate.put((byte) 1);
            allocate.put((byte) 3);
            if (this.b != null) {
                int length = this.b.length;
                byte[] a2 = d.a(length);
                int length2 = length + a2.length + 1;
                byte[] a3 = d.a(length2);
                int length3 = length2 + a3.length + 1;
                byte[] a4 = d.a(length3);
                int length4 = length3 + a4.length + 1;
                byte[] a5 = d.a(length4);
                byte[] a6 = d.a(length4 + a5.length + 1);
                allocate.put((byte) -95);
                allocate.put(a6);
                allocate.put((byte) 48);
                allocate.put(a5);
                allocate.put((byte) 48);
                allocate.put(a4);
                allocate.put((byte) -96);
                allocate.put(a3);
                allocate.put((byte) 4);
                allocate.put(a2);
                allocate.put(this.b);
            }
            if (this.c != null) {
                byte[] a7 = d.a(this.c.length);
                allocate.put((byte) -94);
                allocate.put(d.a(a7.length + 1 + this.c.length));
                allocate.put((byte) 4);
                allocate.put(a7);
                allocate.put(this.c);
            }
            if (this.d != null) {
                byte[] a8 = d.a(this.d.length);
                allocate.put((byte) -93);
                allocate.put(d.a(a8.length + 1 + this.d.length));
                allocate.put((byte) 4);
                allocate.put(a8);
                allocate.put(this.d);
            }
            allocate.flip();
            byteBuffer.put((byte) 48);
            byteBuffer.put(d.a(allocate.limit()));
            byteBuffer.put(allocate);
        }

        public void c(byte[] bArr) {
            this.b = bArr;
        }

        public byte[] c() {
            return this.d;
        }

        public String d() {
            StringBuilder sb = new StringBuilder("TsRequest\n");
            sb.append("  negoToken:\n");
            sb.append("    ");
            f.a(sb, this.b);
            sb.append("\n");
            sb.append("  authInfo:\n");
            sb.append("    ");
            f.a(sb, this.c);
            sb.append("\n");
            sb.append("  pubKeyAuth:\n");
            sb.append("    ");
            f.a(sb, this.d);
            return sb.toString();
        }

        public void d(byte[] bArr) {
            this.c = bArr;
        }

        public void e(byte[] bArr) {
            this.d = bArr;
        }

        public String toString() {
            return "TsRequest(negoToken=" + Arrays.toString(this.b) + ", authInfo=" + Arrays.toString(this.c) + ", pubKeyAuth=" + Arrays.toString(this.d) + ")";
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: CredSspScheme.java */
    /* loaded from: classes.dex */
    public enum b {
        UNINITIATED,
        TLS_HANDSHAKE,
        TLS_HANDSHAKE_FINISHED,
        NEGO_TOKEN_SENT,
        NEGO_TOKEN_RECEIVED,
        PUB_KEY_AUTH_SENT,
        PUB_KEY_AUTH_RECEIVED,
        CREDENTIALS_SENT
    }

    static int a(ByteBuffer byteBuffer) {
        int i = 0;
        byte b2 = byteBuffer.get();
        if (b2 == 128) {
            return -1;
        }
        if ((b2 & 128) != 128) {
            return b2;
        }
        int i2 = b2 & Byte.MAX_VALUE;
        int i3 = 0;
        while (i < i2) {
            i++;
            i3 = (byteBuffer.get() & 255) + (i3 << 8);
        }
        return i3;
    }

    static int a(ByteBuffer byteBuffer, String str) throws org.apache.a.b.q {
        byte b2 = byteBuffer.get();
        if ((b2 & 224) != 160) {
            b(byteBuffer, str + ": wrong content-specific tag " + String.format("%02X", Byte.valueOf(b2)));
        }
        return b2 & 31;
    }

    private static String a(int i, int i2) {
        return "(expected " + String.format("%02X", Integer.valueOf(i)) + ", got " + String.format("%02X", Integer.valueOf(i2)) + ")";
    }

    static void a(ByteBuffer byteBuffer, int i, String str) throws org.apache.a.b.q {
        byte b2 = byteBuffer.get();
        if (b2 != i) {
            b(byteBuffer, str + a(i, b2));
        }
    }

    private void a(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws org.apache.a.b.j {
        try {
            SSLEngineResult wrap = g().wrap(byteBuffer, byteBuffer2);
            if (wrap.getStatus() != SSLEngineResult.Status.OK) {
                throw new org.apache.a.b.j("SSL Engine error status: " + wrap.getStatus());
            }
        } catch (SSLException e) {
            throw new org.apache.a.b.j("SSL Engine wrap error: " + e.getMessage(), e);
        }
    }

    private void a(byte[] bArr) throws org.apache.a.b.j {
        byte[] b2 = this.l.b(bArr);
        if (this.m.length != b2.length) {
            throw new org.apache.a.b.j("Public key mismatch in pubKeyAuth response");
        }
        if (this.m[0] + 1 != b2[0]) {
            throw new org.apache.a.b.j("Public key mismatch in pubKeyAuth response");
        }
        for (int i = 1; i < this.m.length; i++) {
            if (this.m[i] != b2[i]) {
                throw new org.apache.a.b.j("Public key mismatch in pubKeyAuth response");
            }
        }
        this.d.trace("Received public key response is valid");
    }

    static byte[] a(int i) {
        if (i < 128) {
            return new byte[]{(byte) i};
        }
        int i2 = 1;
        int i3 = i;
        while (true) {
            i3 >>>= 8;
            if (i3 == 0) {
                break;
            }
            i2++;
        }
        byte[] bArr = new byte[i2 + 1];
        bArr[0] = (byte) (i2 | 128);
        int i4 = (i2 - 1) * 8;
        for (int i5 = 0; i5 < i2; i5++) {
            bArr[i5 + 1] = (byte) (i >> i4);
            i4 -= 8;
        }
        return bArr;
    }

    private byte[] a(PublicKey publicKey) throws org.apache.a.b.j {
        try {
            ByteBuffer wrap = ByteBuffer.wrap(publicKey.getEncoded());
            a(wrap, 48, "initial sequence");
            a(wrap);
            a(wrap, 48, "AlgorithmIdentifier sequence");
            wrap.position(a(wrap) + wrap.position());
            a(wrap, 3, "subjectPublicKey type");
            int a2 = a(wrap);
            if (wrap.get() == 0) {
                a2--;
            } else {
                wrap.position(wrap.position() - 1);
            }
            byte[] bArr = new byte[a2];
            wrap.get(bArr);
            return bArr;
        } catch (org.apache.a.b.q e) {
            throw new org.apache.a.b.j(e.getMessage(), e);
        }
    }

    private byte[] a(org.apache.a.b.r rVar) throws org.apache.a.b.j {
        byte[] b2 = b(rVar.d());
        byte[] a2 = a(b2.length);
        int length = a2.length + 1 + b2.length;
        byte[] a3 = a(length);
        byte[] b3 = b(rVar.c());
        byte[] a4 = a(b3.length);
        int length2 = a4.length + 1 + b3.length;
        byte[] a5 = a(length2);
        byte[] b4 = b(rVar.b());
        byte[] a6 = a(b4.length);
        int length3 = a6.length + 1 + b4.length;
        byte[] a7 = a(length3);
        int length4 = length + a3.length + 1 + 1 + a5.length + length2 + 1 + a7.length + length3;
        byte[] a8 = a(length4);
        int length5 = length4 + a8.length + 1;
        byte[] a9 = a(length5);
        int length6 = length5 + a9.length + 1;
        byte[] a10 = a(length6);
        int length7 = length6 + a10.length + 6;
        byte[] a11 = a(length7);
        ByteBuffer allocate = ByteBuffer.allocate(length7 + a11.length + 1);
        allocate.put((byte) 48);
        allocate.put(a11);
        allocate.put((byte) -96);
        allocate.put((byte) 3);
        allocate.put((byte) 2);
        allocate.put((byte) 1);
        allocate.put((byte) 1);
        allocate.put((byte) -95);
        allocate.put(a10);
        allocate.put((byte) 4);
        allocate.put(a9);
        allocate.put((byte) 48);
        allocate.put(a8);
        allocate.put((byte) -96);
        allocate.put(a3);
        allocate.put((byte) 4);
        allocate.put(a2);
        allocate.put(b2);
        allocate.put((byte) -95);
        allocate.put(a5);
        allocate.put((byte) 4);
        allocate.put(a4);
        allocate.put(b3);
        allocate.put((byte) -94);
        allocate.put(a7);
        allocate.put((byte) 4);
        allocate.put(a6);
        allocate.put(b4);
        try {
            return this.k.a(allocate.array());
        } catch (o e) {
            throw new org.apache.a.b.j(e.getMessage(), e);
        }
    }

    private String b(ByteBuffer byteBuffer) throws org.apache.a.b.j {
        ByteBuffer allocate = ByteBuffer.allocate(g().getSession().getPacketBufferSize());
        a(byteBuffer, allocate);
        allocate.flip();
        return c(allocate);
    }

    static void b(ByteBuffer byteBuffer, int i, String str) throws org.apache.a.b.q {
        int a2 = a(byteBuffer);
        if (i != a2) {
            b(byteBuffer, str + a(i, a2));
        }
    }

    static void b(ByteBuffer byteBuffer, String str) throws org.apache.a.b.q {
        throw new org.apache.a.b.q("Error parsing TsRequest (position:" + byteBuffer.position() + "): " + str);
    }

    private void b(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws org.apache.a.b.q {
        try {
            SSLEngineResult unwrap = this.f.unwrap(byteBuffer, byteBuffer2);
            if (unwrap.getStatus() != SSLEngineResult.Status.OK) {
                throw new org.apache.a.b.q("SSL Engine error status: " + unwrap.getStatus());
            }
            if (this.f.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                this.f.getDelegatedTask().run();
            }
        } catch (SSLException e) {
            throw new org.apache.a.b.q("SSL Engine unwrap error: " + e.getMessage(), e);
        }
    }

    private byte[] b(String str) {
        return str == null ? n : str.getBytes(c);
    }

    private String c(ByteBuffer byteBuffer) {
        byte[] bArr = new byte[byteBuffer.limit()];
        byteBuffer.get(bArr);
        return new String(org.apache.commons.a.a.a.d(bArr), org.apache.a.c.f);
    }

    private void c(String str) throws org.apache.a.b.q {
        SSLEngine g = g();
        SSLSession session = g.getSession();
        ByteBuffer e = e(str);
        ByteBuffer allocate = ByteBuffer.allocate(session.getApplicationBufferSize());
        while (g.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
            b(e, allocate);
        }
    }

    private ByteBuffer d(String str) throws org.apache.a.b.q {
        SSLSession session = g().getSession();
        ByteBuffer e = e(str);
        ByteBuffer allocate = ByteBuffer.allocate(session.getApplicationBufferSize());
        b(e, allocate);
        allocate.flip();
        return allocate;
    }

    private ByteBuffer e(String str) {
        return ByteBuffer.wrap(org.apache.commons.a.a.a.f(str.getBytes(org.apache.a.c.f)));
    }

    private SSLEngine g() {
        if (this.f == null) {
            this.f = h();
        }
        return this.f;
    }

    private SSLEngine h() {
        try {
            SSLContext b2 = org.apache.a.o.d.c().b();
            try {
                b2.init(null, new TrustManager[]{new X509TrustManager() { // from class: org.apache.a.i.a.d.1
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                }}, null);
                SSLEngine createSSLEngine = b2.createSSLEngine();
                createSSLEngine.setUseClientMode(true);
                return createSSLEngine;
            } catch (KeyManagementException e) {
                throw new RuntimeException("SSL Context initialization error: " + e.getMessage(), e);
            }
        } catch (KeyManagementException e2) {
            throw new RuntimeException("Error creating SSL Context: " + e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new RuntimeException("Error creating SSL Context: " + e3.getMessage(), e3);
        }
    }

    private int i() {
        return -494366670;
    }

    private Certificate j() throws org.apache.a.b.j {
        try {
            for (Certificate certificate : this.f.getSession().getPeerCertificates()) {
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if (x509Certificate.getBasicConstraints() == -1) {
                        return x509Certificate;
                    }
                }
            }
            return null;
        } catch (SSLPeerUnverifiedException e) {
            throw new org.apache.a.b.j(e.getMessage(), e);
        }
    }

    private byte[] k() throws org.apache.a.b.j {
        return this.k.a(this.m);
    }

    private void l() throws org.apache.a.b.j {
        try {
            g().beginHandshake();
        } catch (SSLException e) {
            throw new org.apache.a.b.j("SSL Engine error: " + e.getMessage(), e);
        }
    }

    private ByteBuffer m() {
        return ByteBuffer.allocate(g().getSession().getApplicationBufferSize());
    }

    private String n() throws org.apache.a.b.j {
        ByteBuffer m = m();
        m.flip();
        SSLEngine g = g();
        ByteBuffer allocate = ByteBuffer.allocate(g.getSession().getPacketBufferSize() * 2);
        while (g.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
            a(m, allocate);
        }
        allocate.flip();
        return c(allocate);
    }

    @Override // org.apache.a.b.d
    public String a() {
        return "CredSSP";
    }

    @Override // org.apache.a.b.d
    public String a(String str) {
        return null;
    }

    @Override // org.apache.a.b.d
    @Deprecated
    public org.apache.a.g a(org.apache.a.b.n nVar, org.apache.a.v vVar) throws org.apache.a.b.j {
        return a(nVar, vVar, (org.apache.a.n.g) null);
    }

    @Override // org.apache.a.i.a.a, org.apache.a.b.m
    public org.apache.a.g a(org.apache.a.b.n nVar, org.apache.a.v vVar, org.apache.a.n.g gVar) throws org.apache.a.b.j {
        String b2;
        try {
            org.apache.a.b.r rVar = (org.apache.a.b.r) nVar;
            if (this.e == b.UNINITIATED) {
                l();
                b2 = n();
                this.e = b.TLS_HANDSHAKE;
            } else if (this.e == b.TLS_HANDSHAKE) {
                b2 = n();
            } else if (this.e == b.TLS_HANDSHAKE_FINISHED) {
                int i = i();
                ByteBuffer m = m();
                this.g = new p.g(rVar.d(), rVar.e(), Integer.valueOf(i));
                a.a(this.g.d()).c(m);
                m.flip();
                b2 = b(m);
                this.e = b.NEGO_TOKEN_SENT;
            } else if (this.e == b.NEGO_TOKEN_RECEIVED) {
                ByteBuffer m2 = m();
                this.h = new p.h(this.j.a());
                Certificate j = j();
                this.i = new p.i(rVar.d(), rVar.e(), rVar.c(), rVar.b(), this.h.f(), this.h.i(), this.h.g(), this.h.h(), j, this.g.d(), this.h.d());
                byte[] d = this.i.d();
                byte[] g = this.i.g();
                this.k = new p.c(g, p.e.CLIENT, true);
                this.l = new p.c(g, p.e.SERVER, true);
                a a2 = a.a(d);
                this.m = a(j.getPublicKey());
                a2.e(k());
                a2.c(m2);
                m2.flip();
                b2 = b(m2);
                this.e = b.PUB_KEY_AUTH_SENT;
            } else {
                if (this.e != b.PUB_KEY_AUTH_RECEIVED) {
                    throw new org.apache.a.b.j("Wrong state " + this.e);
                }
                a(this.j.c());
                a b3 = a.b(a(rVar));
                ByteBuffer m3 = m();
                b3.c(m3);
                m3.flip();
                b2 = b(m3);
                this.e = b.CREDENTIALS_SENT;
            }
            org.apache.a.p.d dVar = new org.apache.a.p.d(32);
            if (e()) {
                dVar.a("Proxy-Authorization");
            } else {
                dVar.a("Authorization");
            }
            dVar.a(": CredSSP ");
            dVar.a(b2);
            return new org.apache.a.k.r(dVar);
        } catch (ClassCastException e) {
            throw new org.apache.a.b.o("Credentials cannot be used for CredSSP authentication: " + nVar.getClass().getName());
        }
    }

    @Override // org.apache.a.i.a.a
    protected void a(org.apache.a.p.d dVar, int i, int i2) throws org.apache.a.b.q {
        String b2 = dVar.b(i, i2);
        if (b2.isEmpty() && this.e != b.UNINITIATED) {
            String str = "Received unexpected empty input in state " + this.e;
            this.d.error(str);
            throw new org.apache.a.b.q(str);
        }
        if (this.e == b.TLS_HANDSHAKE) {
            c(b2);
            if (g().getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
                this.d.trace("TLS handshake finished");
                this.e = b.TLS_HANDSHAKE_FINISHED;
            }
        }
        if (this.e == b.NEGO_TOKEN_SENT) {
            ByteBuffer d = d(b2);
            this.e = b.NEGO_TOKEN_RECEIVED;
            this.j = a.a(d);
        }
        if (this.e == b.PUB_KEY_AUTH_SENT) {
            ByteBuffer d2 = d(b2);
            this.e = b.PUB_KEY_AUTH_RECEIVED;
            this.j = a.a(d2);
        }
    }

    @Override // org.apache.a.b.d
    public String b() {
        return null;
    }

    @Override // org.apache.a.b.d
    public boolean c() {
        return true;
    }

    @Override // org.apache.a.b.d
    public boolean d() {
        return this.e == b.CREDENTIALS_SENT;
    }
}
