package edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.contrib.auth;

import edu.internet2.middleware.grouperClientExt.org.apache.commons.codec.binary.Base64;
import edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.Credentials;
import edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.HttpMethod;
import edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.URIException;
import edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.auth.AuthChallengeException;
import edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.auth.AuthScheme;
import edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.auth.AuthenticationException;
import edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.auth.CredentialsNotAvailableException;
import edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.auth.InvalidCredentialsException;
import edu.internet2.middleware.grouperClientExt.org.apache.commons.logging.Log;
import edu.internet2.middleware.grouperClientExt.org.apache.commons.logging.LogFactory;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;

/* loaded from: input_file:WEB-INF/lib/grouperClient-4.7.2.jar:edu/internet2/middleware/grouperClientExt/org/apache/commons/httpclient/contrib/auth/NegotiateScheme.class */
public class NegotiateScheme implements AuthScheme {
    private static final Log LOG = LogFactory.getLog(NegotiateScheme.class);
    private String challenge;
    private static final int UNINITIATED = 0;
    private static final int INITIATED = 1;
    private static final int NEGOTIATING = 3;
    private static final int ESTABLISHED = 4;
    private static final int FAILED = Integer.MAX_VALUE;
    private GSSContext context;
    private int state;
    byte[] token;

    protected void init(String str) throws GSSException {
        LOG.debug("init " + str);
        Oid oid = new Oid("1.2.840.113554.1.2.2");
        GSSManager gSSManager = GSSManager.getInstance();
        this.context = gSSManager.createContext(gSSManager.createName("HTTP/" + str, (Oid) null), oid, (GSSCredential) null, 0);
        this.context.requestMutualAuth(true);
        this.context.requestCredDeleg(true);
        this.state = 1;
    }

    public NegotiateScheme() {
        this.challenge = null;
        this.context = null;
        this.token = new byte[0];
        this.state = 0;
    }

    public NegotiateScheme(String str) {
        this.challenge = null;
        this.context = null;
        this.token = new byte[0];
        LOG.debug("enter NegotiateScheme(" + str + ")");
        processChallenge(str);
    }

    @Override // edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.auth.AuthScheme
    public void processChallenge(String str) {
        LOG.debug("enter processChallenge(challenge=\"" + str + "\")");
        if (str.startsWith("Negotiate")) {
            if (!isComplete()) {
                this.state = 3;
            }
            if (str.startsWith("Negotiate ")) {
                this.token = new Base64().decode(str.substring(10).getBytes());
            } else {
                this.token = new byte[0];
            }
        }
    }

    @Override // edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.auth.AuthScheme
    public boolean isComplete() {
        LOG.debug("enter isComplete()");
        return this.state == 4 || this.state == Integer.MAX_VALUE;
    }

    @Override // edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.auth.AuthScheme
    public String getSchemeName() {
        return "Negotiate";
    }

    @Override // edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.auth.AuthScheme
    public String getRealm() {
        return null;
    }

    @Override // edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.auth.AuthScheme
    public String getID() {
        LOG.debug("enter getID(): " + this.challenge);
        return this.challenge;
    }

    @Override // edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.auth.AuthScheme
    public String getParameter(String str) {
        LOG.debug("enter getParameter(" + str + ")");
        if (str == null) {
            throw new IllegalArgumentException("Parameter name may not be null");
        }
        return null;
    }

    @Override // edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.auth.AuthScheme
    public boolean isConnectionBased() {
        LOG.info("enter isConnectionBased()");
        return true;
    }

    @Override // edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.auth.AuthScheme
    public String authenticate(Credentials credentials, String str, String str2) throws AuthenticationException {
        throw new AuthenticationException("method not supported by Negotiate scheme");
    }

    @Override // edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.auth.AuthScheme
    public String authenticate(Credentials credentials, HttpMethod httpMethod) throws AuthenticationException {
        LOG.debug("enter NegotiateScheme.authenticate(Credentials, HttpMethod)");
        try {
            if (this.state == 0) {
                throw new IllegalStateException("Negotiation authentication process has not been initiated");
            }
            try {
                if (this.context == null) {
                    LOG.info("host: " + httpMethod.getURI().getHost());
                    init(httpMethod.getURI().getHost());
                }
                this.token = this.context.initSecContext(this.token, 0, this.token.length);
                LOG.info("got token, sending " + this.token.length + " to server");
                return "Negotiate " + new String(new Base64().encode(this.token));
            } catch (URIException e) {
                LOG.error(e.getMessage());
                this.state = Integer.MAX_VALUE;
                throw new AuthenticationException(e.getMessage());
            }
        } catch (GSSException e2) {
            LOG.fatal(e2.getMessage());
            this.state = Integer.MAX_VALUE;
            if (e2.getMajor() == 9 || e2.getMajor() == 8) {
                throw new InvalidCredentialsException(e2.getMessage(), e2);
            }
            if (e2.getMajor() == 13) {
                throw new CredentialsNotAvailableException(e2.getMessage(), e2);
            }
            if (e2.getMajor() == 10 || e2.getMajor() == 19 || e2.getMajor() == 20) {
                throw new AuthChallengeException(e2.getMessage(), e2);
            }
            throw new AuthenticationException(e2.getMessage());
        }
    }
}
