package com.icbc.api.internal.apache.http.impl.auth;

import com.icbc.api.internal.apache.http.InterfaceC0128g;
import com.icbc.api.internal.apache.http.annotation.NotThreadSafe;
import com.icbc.api.internal.apache.http.j.InterfaceC0201g;
import com.icbc.api.internal.apache.http.util.Args;
import com.icbc.api.internal.apache.http.util.CharArrayBuffer;
import com.icbc.api.internal.apache.http.v;
import com.icbc.api.internal.util.codec.Base64;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Locale;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

@NotThreadSafe
/* loaded from: input_file:BOOT-INF/lib/icbc-api-sdk-cop-3.1.1.jar:com/icbc/api/internal/apache/http/impl/auth/GGSSchemeBase.class */
public abstract class GGSSchemeBase extends a {
    private final Log cy;
    private final Base64 hd;
    private final boolean he;
    private final boolean hf;
    private State hg;
    private byte[] hh;
    private String hi;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/icbc-api-sdk-cop-3.1.1.jar:com/icbc/api/internal/apache/http/impl/auth/GGSSchemeBase$State.class */
    public enum State {
        UNINITIATED,
        CHALLENGE_RECEIVED,
        TOKEN_GENERATED,
        FAILED
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GGSSchemeBase(boolean z, boolean z2) {
        this.cy = LogFactory.getLog(getClass());
        this.hd = new Base64(0);
        this.he = z;
        this.hf = z2;
        this.hg = State.UNINITIATED;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GGSSchemeBase(boolean z) {
        this(z, true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GGSSchemeBase() {
        this(true, true);
    }

    protected GSSManager cU() {
        return GSSManager.getInstance();
    }

    protected byte[] a(byte[] bArr, Oid oid, String str) throws GSSException {
        return a(bArr, oid, str, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] a(byte[] bArr, Oid oid, String str, com.icbc.api.internal.apache.http.auth.l lVar) throws GSSException {
        byte[] bArr2 = bArr;
        if (bArr2 == null) {
            bArr2 = new byte[0];
        }
        GSSManager cU = cU();
        GSSContext createContext = cU.createContext(cU.createName(this.hi + "@" + str, GSSName.NT_HOSTBASED_SERVICE).canonicalize(oid), oid, lVar instanceof com.icbc.api.internal.apache.http.auth.n ? ((com.icbc.api.internal.apache.http.auth.n) lVar).O() : null, 0);
        createContext.requestMutualAuth(true);
        createContext.requestCredDeleg(true);
        return createContext.initSecContext(bArr2, 0, bArr2.length);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Deprecated
    public byte[] a(byte[] bArr, String str) throws GSSException {
        return null;
    }

    protected byte[] a(byte[] bArr, String str, com.icbc.api.internal.apache.http.auth.l lVar) throws GSSException {
        return a(bArr, str);
    }

    @Override // com.icbc.api.internal.apache.http.auth.c
    public boolean isComplete() {
        return this.hg == State.TOKEN_GENERATED || this.hg == State.FAILED;
    }

    @Override // com.icbc.api.internal.apache.http.auth.c
    @Deprecated
    public InterfaceC0128g a(com.icbc.api.internal.apache.http.auth.l lVar, v vVar) throws com.icbc.api.internal.apache.http.auth.i {
        return a(lVar, vVar, (InterfaceC0201g) null);
    }

    @Override // com.icbc.api.internal.apache.http.impl.auth.a, com.icbc.api.internal.apache.http.auth.k
    public InterfaceC0128g a(com.icbc.api.internal.apache.http.auth.l lVar, v vVar, InterfaceC0201g interfaceC0201g) throws com.icbc.api.internal.apache.http.auth.i {
        com.icbc.api.internal.apache.http.s bV;
        Args.notNull(vVar, "HTTP request");
        switch (this.hg) {
            case UNINITIATED:
                throw new com.icbc.api.internal.apache.http.auth.i(getSchemeName() + " authentication has not been initiated");
            case FAILED:
                throw new com.icbc.api.internal.apache.http.auth.i(getSchemeName() + " authentication has failed");
            case CHALLENGE_RECEIVED:
                try {
                    com.icbc.api.internal.apache.http.conn.routing.b bVar = (com.icbc.api.internal.apache.http.conn.routing.b) interfaceC0201g.getAttribute("http.route");
                    if (bVar != null) {
                        if (isProxy()) {
                            bV = bVar.ca();
                            if (bV == null) {
                                bV = bVar.bV();
                            }
                        } else {
                            bV = bVar.bV();
                        }
                        String hostName = bV.getHostName();
                        if (this.hf) {
                            try {
                                hostName = aj(hostName);
                            } catch (UnknownHostException e) {
                            }
                        }
                        String str = this.he ? hostName : hostName + ":" + bV.getPort();
                        this.hi = bV.getSchemeName().toUpperCase(Locale.ROOT);
                        if (this.cy.isDebugEnabled()) {
                            this.cy.debug("init " + str);
                        }
                        this.hh = a(this.hh, str, lVar);
                        this.hg = State.TOKEN_GENERATED;
                        break;
                    } else {
                        throw new com.icbc.api.internal.apache.http.auth.i("Connection route is not available");
                    }
                } catch (GSSException e2) {
                    this.hg = State.FAILED;
                    if (e2.getMajor() == 9 || e2.getMajor() == 8) {
                        throw new com.icbc.api.internal.apache.http.auth.m(e2.getMessage(), e2);
                    }
                    if (e2.getMajor() == 13) {
                        throw new com.icbc.api.internal.apache.http.auth.m(e2.getMessage(), e2);
                    }
                    if (e2.getMajor() == 10 || e2.getMajor() == 19 || e2.getMajor() == 20) {
                        throw new com.icbc.api.internal.apache.http.auth.i(e2.getMessage(), e2);
                    }
                    throw new com.icbc.api.internal.apache.http.auth.i(e2.getMessage());
                }
                break;
            case TOKEN_GENERATED:
                break;
            default:
                throw new IllegalStateException("Illegal state: " + this.hg);
        }
        String str2 = new String(this.hd.encode(this.hh));
        if (this.cy.isDebugEnabled()) {
            this.cy.debug("Sending response '" + str2 + "' back to the auth server");
        }
        CharArrayBuffer charArrayBuffer = new CharArrayBuffer(32);
        if (isProxy()) {
            charArrayBuffer.append("Proxy-Authorization");
        } else {
            charArrayBuffer.append("Authorization");
        }
        charArrayBuffer.append(": Negotiate ");
        charArrayBuffer.append(str2);
        return new com.icbc.api.internal.apache.http.g.r(charArrayBuffer);
    }

    @Override // com.icbc.api.internal.apache.http.impl.auth.a
    protected void a(CharArrayBuffer charArrayBuffer, int i, int i2) throws com.icbc.api.internal.apache.http.auth.o {
        String substringTrimmed = charArrayBuffer.substringTrimmed(i, i2);
        if (this.cy.isDebugEnabled()) {
            this.cy.debug("Received challenge '" + substringTrimmed + "' from the auth server");
        }
        if (this.hg == State.UNINITIATED) {
            this.hh = Base64.decodeBase64(substringTrimmed.getBytes());
            this.hg = State.CHALLENGE_RECEIVED;
        } else {
            this.cy.debug("Authentication already attempted");
            this.hg = State.FAILED;
        }
    }

    private String aj(String str) throws UnknownHostException {
        InetAddress byName = InetAddress.getByName(str);
        String canonicalHostName = byName.getCanonicalHostName();
        return byName.getHostAddress().contentEquals(canonicalHostName) ? str : canonicalHostName;
    }
}
