package org.apache.http.impl.auth.win;

import com.sun.jna.platform.win32.Secur32;
import com.sun.jna.platform.win32.Sspi;
import com.sun.jna.platform.win32.Win32Exception;
import com.sun.jna.platform.win32.WinError;
import com.sun.jna.ptr.IntByReference;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.InvalidCredentialsException;
import org.apache.http.auth.MalformedChallengeException;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.conn.routing.RouteInfo;
import org.apache.http.impl.auth.AuthSchemeBase;
import org.apache.http.message.BufferedHeader;
import org.apache.http.protocol.HttpContext;
import org.apache.http.util.CharArrayBuffer;

/* loaded from: classes.dex */
public class WindowsNegotiateScheme extends AuthSchemeBase {
    private String challenge;
    private Sspi.CredHandle clientCred;
    private boolean continueNeeded;
    private final Log log = LogFactory.getLog(getClass());
    private final String scheme;
    private final String servicePrincipalName;
    private Sspi.CtxtHandle sspiContext;

    public WindowsNegotiateScheme(String str, String str2) {
        this.scheme = str == null ? "Negotiate" : str;
        this.challenge = null;
        this.continueNeeded = true;
        this.servicePrincipalName = str2;
        if (this.log.isDebugEnabled()) {
            this.log.debug("Created WindowsNegotiateScheme using " + this.scheme);
        }
    }

    private void failAuthCleanup() {
        dispose();
        this.continueNeeded = false;
    }

    private String getServicePrincipalName(HttpContext httpContext) {
        String str;
        if (this.servicePrincipalName != null) {
            str = this.servicePrincipalName;
        } else if (isProxy()) {
            RouteInfo httpRoute = HttpClientContext.adapt(httpContext).getHttpRoute();
            str = httpRoute != null ? "HTTP/" + httpRoute.getProxyHost().getHostName() : null;
        } else {
            HttpClientContext adapt = HttpClientContext.adapt(httpContext);
            HttpHost targetHost = adapt.getTargetHost();
            if (targetHost != null) {
                str = "HTTP/" + targetHost.getHostName();
            } else {
                RouteInfo httpRoute2 = adapt.getHttpRoute();
                str = httpRoute2 != null ? "HTTP/" + httpRoute2.getTargetHost().getHostName() : null;
            }
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("Using SPN: " + str);
        }
        return str;
    }

    @Override // org.apache.http.auth.AuthScheme
    @Deprecated
    public Header authenticate(Credentials credentials, HttpRequest httpRequest) throws AuthenticationException {
        return authenticate(credentials, httpRequest, null);
    }

    @Override // org.apache.http.impl.auth.AuthSchemeBase, org.apache.http.auth.ContextAwareAuthScheme
    public Header authenticate(Credentials credentials, HttpRequest httpRequest, HttpContext httpContext) throws AuthenticationException {
        String token;
        if (this.clientCred == null) {
            if (!(credentials instanceof CurrentWindowsCredentials)) {
                throw new InvalidCredentialsException("Credentials cannot be used for " + getSchemeName() + " authentication: " + credentials.getClass().getName());
            }
            try {
                String currentUsername = CurrentWindowsCredentials.getCurrentUsername();
                Sspi.TimeStamp timeStamp = new Sspi.TimeStamp();
                this.clientCred = new Sspi.CredHandle();
                int AcquireCredentialsHandle = Secur32.INSTANCE.AcquireCredentialsHandle(currentUsername, this.scheme, 2, null, null, null, null, this.clientCred, timeStamp);
                if (AcquireCredentialsHandle != 0) {
                    throw new Win32Exception(AcquireCredentialsHandle);
                }
                token = getToken(null, null, getServicePrincipalName(httpContext));
            } catch (RuntimeException e) {
                failAuthCleanup();
                if (e instanceof Win32Exception) {
                    throw new AuthenticationException("Authentication Failed", e);
                }
                throw e;
            }
        } else {
            if (this.challenge == null || this.challenge.isEmpty()) {
                failAuthCleanup();
                throw new AuthenticationException("Authentication Failed");
            }
            try {
                token = getToken(this.sspiContext, new Sspi.SecBufferDesc(2, Base64.decodeBase64(this.challenge)), getServicePrincipalName(httpContext));
            } catch (RuntimeException e2) {
                failAuthCleanup();
                if (e2 instanceof Win32Exception) {
                    throw new AuthenticationException("Authentication Failed", e2);
                }
                throw e2;
            }
        }
        CharArrayBuffer charArrayBuffer = new CharArrayBuffer(this.scheme.length() + 30);
        if (isProxy()) {
            charArrayBuffer.append("Proxy-Authorization");
        } else {
            charArrayBuffer.append("Authorization");
        }
        charArrayBuffer.append(": ");
        charArrayBuffer.append(this.scheme);
        charArrayBuffer.append(" ");
        charArrayBuffer.append(token);
        return new BufferedHeader(charArrayBuffer);
    }

    public void dispose() {
        int DeleteSecurityContext;
        int FreeCredentialsHandle;
        if (this.clientCred != null && !this.clientCred.isNull() && (FreeCredentialsHandle = Secur32.INSTANCE.FreeCredentialsHandle(this.clientCred)) != 0) {
            throw new Win32Exception(FreeCredentialsHandle);
        }
        if (this.sspiContext != null && !this.sspiContext.isNull() && (DeleteSecurityContext = Secur32.INSTANCE.DeleteSecurityContext(this.sspiContext)) != 0) {
            throw new Win32Exception(DeleteSecurityContext);
        }
        this.continueNeeded = true;
        this.clientCred = null;
        this.sspiContext = null;
    }

    public void finalize() throws Throwable {
        dispose();
        super.finalize();
    }

    @Override // org.apache.http.auth.AuthScheme
    public String getParameter(String str) {
        return null;
    }

    @Override // org.apache.http.auth.AuthScheme
    public String getRealm() {
        return null;
    }

    @Override // org.apache.http.auth.AuthScheme
    public String getSchemeName() {
        return this.scheme;
    }

    String getToken(Sspi.CtxtHandle ctxtHandle, Sspi.SecBufferDesc secBufferDesc, String str) {
        IntByReference intByReference = new IntByReference();
        Sspi.SecBufferDesc secBufferDesc2 = new Sspi.SecBufferDesc(2, Sspi.MAX_TOKEN_SIZE);
        this.sspiContext = new Sspi.CtxtHandle();
        int InitializeSecurityContext = Secur32.INSTANCE.InitializeSecurityContext(this.clientCred, ctxtHandle, str, 3, 0, 16, secBufferDesc, 0, this.sspiContext, secBufferDesc2, intByReference, null);
        switch (InitializeSecurityContext) {
            case 0:
                dispose();
                this.continueNeeded = false;
                break;
            case WinError.SEC_I_CONTINUE_NEEDED /* 590610 */:
                this.continueNeeded = true;
                break;
            default:
                dispose();
                throw new Win32Exception(InitializeSecurityContext);
        }
        return Base64.encodeBase64String(secBufferDesc2.getBytes());
    }

    @Override // org.apache.http.auth.AuthScheme
    public boolean isComplete() {
        return !this.continueNeeded;
    }

    @Override // org.apache.http.auth.AuthScheme
    public boolean isConnectionBased() {
        return true;
    }

    @Override // org.apache.http.impl.auth.AuthSchemeBase
    protected void parseChallenge(CharArrayBuffer charArrayBuffer, int i, int i2) throws MalformedChallengeException {
        this.challenge = charArrayBuffer.substringTrimmed(i, i2);
        if (!this.challenge.isEmpty() || this.clientCred == null) {
            return;
        }
        dispose();
        if (this.continueNeeded) {
            throw new RuntimeException("Unexpected token");
        }
    }
}
