package org.apache.cxf.transport.http.auth;

import java.net.InetAddress;
import java.net.URI;
import java.security.PrivilegedExceptionAction;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.staxutils.PropertiesExpandingStreamReader;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;

/* loaded from: classes3.dex */
public abstract class AbstractSpnegoAuthSupplier {
    private static final String KERBEROS_OID = "1.2.840.113554.1.2.2";
    protected static final Logger LOG = LogUtils.getL7dLogger(AbstractSpnegoAuthSupplier.class);
    private static final String PROPERTY_REQUIRE_CRED_DELEGATION = "auth.spnego.requireCredDelegation";
    private static final String PROPERTY_USE_KERBEROS_OID = "auth.spnego.useKerberosOid";
    private static final String SPNEGO_OID = "1.3.6.1.5.5.2";
    private boolean credDelegation;
    private Configuration loginConfig;
    private String realm;
    private Oid serviceNameType;
    private String servicePrincipalName;
    private boolean useCanonicalHostname;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public final class CreateServiceTicketAction implements PrivilegedExceptionAction<byte[]> {
        private final GSSContext context;
        private final byte[] token;

        private CreateServiceTicketAction(GSSContext gSSContext, byte[] bArr) {
            this.context = gSSContext;
            this.token = bArr;
        }

        @Override // java.security.PrivilegedExceptionAction
        public byte[] run() throws GSSException {
            GSSContext gSSContext = this.context;
            byte[] bArr = this.token;
            return gSSContext.initSecContext(bArr, 0, bArr.length);
        }
    }

    private String getCanonicalHostname(String str) {
        String str2;
        Exception e;
        try {
            str2 = InetAddress.getByName(str).getCanonicalHostName();
        } catch (Exception e2) {
            str2 = str;
            e = e2;
        }
        try {
            LOG.fine("resolved hostname=" + str + " to canonicalHostname=" + str2);
        } catch (Exception e3) {
            e = e3;
            LOG.log(Level.WARNING, "unable to resolve canonical hostname", (Throwable) e);
            return str2;
        }
        return str2;
    }

    /* JADX WARN: Removed duplicated region for block: B:16:0x0067  */
    /* JADX WARN: Removed duplicated region for block: B:19:0x006c A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private byte[] getToken(org.apache.cxf.configuration.security.AuthorizationPolicy r6, java.lang.String r7, org.ietf.jgss.Oid r8, org.apache.cxf.message.Message r9) throws org.ietf.jgss.GSSException, javax.security.auth.login.LoginException {
        /*
            r5 = this;
            java.lang.Class<org.ietf.jgss.GSSCredential> r0 = org.ietf.jgss.GSSCredential.class
            java.lang.String r0 = r0.getName()
            java.lang.Object r0 = r9.getContextualProperty(r0)
            org.ietf.jgss.GSSCredential r0 = (org.ietf.jgss.GSSCredential) r0
            r1 = 0
            if (r6 == 0) goto L48
            if (r0 != 0) goto L48
            java.lang.String r2 = r6.getAuthorization()
            if (r2 != 0) goto L19
            java.lang.String r2 = ""
        L19:
            java.lang.String r3 = r6.getUserName()
            boolean r3 = org.apache.cxf.common.util.StringUtils.isEmpty(r3)
            if (r3 == 0) goto L2d
            boolean r3 = org.apache.cxf.common.util.StringUtils.isEmpty(r2)
            if (r3 == 0) goto L2d
            javax.security.auth.login.Configuration r3 = r5.loginConfig
            if (r3 == 0) goto L48
        L2d:
            java.lang.String r3 = r6.getUserName()
            java.lang.String r6 = r6.getPassword()
            javax.security.auth.callback.CallbackHandler r6 = r5.getUsernamePasswordHandler(r3, r6)
            javax.security.auth.login.LoginContext r3 = new javax.security.auth.login.LoginContext
            javax.security.auth.login.Configuration r4 = r5.loginConfig
            r3.<init>(r2, r1, r6, r4)
            r3.login()
            javax.security.auth.Subject r6 = r3.getSubject()
            goto L49
        L48:
            r6 = r1
        L49:
            org.ietf.jgss.GSSManager r2 = org.ietf.jgss.GSSManager.getInstance()
            org.ietf.jgss.Oid r3 = r5.serviceNameType
            org.ietf.jgss.GSSName r7 = r2.createName(r7, r3)
            org.ietf.jgss.GSSName r7 = r7.canonicalize(r8)
            r3 = 0
            org.ietf.jgss.GSSContext r7 = r2.createContext(r7, r8, r0, r3)
            boolean r8 = r5.isCredDelegationRequired(r9)
            r7.requestCredDeleg(r8)
            byte[] r8 = new byte[r3]
            if (r0 == 0) goto L6c
            byte[] r6 = r7.initSecContext(r8, r3, r3)
            return r6
        L6c:
            org.apache.cxf.transport.http.auth.AbstractSpnegoAuthSupplier$CreateServiceTicketAction r9 = new org.apache.cxf.transport.http.auth.AbstractSpnegoAuthSupplier$CreateServiceTicketAction     // Catch: java.security.PrivilegedActionException -> L7a
            r9.<init>(r7, r8)     // Catch: java.security.PrivilegedActionException -> L7a
            java.lang.Object r6 = javax.security.auth.Subject.doAs(r6, r9)     // Catch: java.security.PrivilegedActionException -> L7a
            byte[] r6 = (byte[]) r6     // Catch: java.security.PrivilegedActionException -> L7a
            byte[] r6 = (byte[]) r6     // Catch: java.security.PrivilegedActionException -> L7a
            return r6
        L7a:
            r6 = move-exception
            java.lang.Throwable r7 = r6.getCause()
            boolean r7 = r7 instanceof org.ietf.jgss.GSSException
            if (r7 != 0) goto L8d
            java.util.logging.Logger r7 = org.apache.cxf.transport.http.auth.AbstractSpnegoAuthSupplier.LOG
            java.util.logging.Level r8 = java.util.logging.Level.SEVERE
            java.lang.String r9 = "initSecContext"
            r7.log(r8, r9, r6)
            return r1
        L8d:
            java.lang.Throwable r6 = r6.getCause()
            org.ietf.jgss.GSSException r6 = (org.ietf.jgss.GSSException) r6
            throw r6
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.cxf.transport.http.auth.AbstractSpnegoAuthSupplier.getToken(org.apache.cxf.configuration.security.AuthorizationPolicy, java.lang.String, org.ietf.jgss.Oid, org.apache.cxf.message.Message):byte[]");
    }

    public String getAuthorization(AuthorizationPolicy authorizationPolicy, URI uri, Message message) {
        if (!"Negotiate".equals(authorizationPolicy.getAuthorizationType())) {
            return null;
        }
        try {
            return "Negotiate " + Base64Utility.encode(getToken(authorizationPolicy, getCompleteServicePrincipalName(uri), new Oid(MessageUtils.isTrue(message.getContextualProperty(PROPERTY_USE_KERBEROS_OID)) ? KERBEROS_OID : SPNEGO_OID), message));
        } catch (GSSException e) {
            throw new RuntimeException(e.getMessage(), e);
        } catch (LoginException e2) {
            throw new RuntimeException(e2.getMessage(), e2);
        }
    }

    protected String getCompleteServicePrincipalName(URI uri) {
        String str = this.servicePrincipalName;
        if (str == null) {
            String host = uri.getHost();
            if (this.useCanonicalHostname) {
                host = getCanonicalHostname(host);
            }
            str = "HTTP/" + host;
        }
        if (this.realm != null) {
            str = str + PropertiesExpandingStreamReader.DELIMITER + this.realm;
        }
        Logger logger = LOG;
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Service Principal Name is " + str);
        }
        return str;
    }

    public Oid getServiceNameType() {
        return this.serviceNameType;
    }

    public CallbackHandler getUsernamePasswordHandler(String str, String str2) {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        return new NamePasswordCallbackHandler(str, str2);
    }

    protected boolean isCredDelegationRequired(Message message) {
        Object contextualProperty = message.getContextualProperty(PROPERTY_REQUIRE_CRED_DELEGATION);
        return contextualProperty == null ? this.credDelegation : MessageUtils.isTrue(contextualProperty);
    }

    public boolean isUseCanonicalHostname() {
        return this.useCanonicalHostname;
    }

    public void setCredDelegation(boolean z) {
        this.credDelegation = z;
    }

    public void setLoginConfig(Configuration configuration) {
        this.loginConfig = configuration;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public void setServiceNameType(Oid oid) {
        this.serviceNameType = oid;
    }

    public void setServicePrincipalName(String str) {
        this.servicePrincipalName = str;
    }

    public void setUseCanonicalHostname(boolean z) {
        this.useCanonicalHostname = z;
    }
}
