package org.apache.hc.client5.http.impl.win;

import com.sun.jna.Pointer;
import com.sun.jna.platform.win32.Secur32;
import com.sun.jna.platform.win32.Secur32Util;
import com.sun.jna.platform.win32.Sspi;
import com.sun.jna.platform.win32.SspiUtil;
import com.sun.jna.platform.win32.Win32Exception;
import com.sun.jna.platform.win32.WinNT;
import com.sun.jna.ptr.IntByReference;
import java.security.Principal;
import org.apache.commons.codec.binary.Base64;
import org.apache.hc.client5.http.RouteInfo;
import org.apache.hc.client5.http.auth.AuthChallenge;
import org.apache.hc.client5.http.auth.AuthScheme;
import org.apache.hc.client5.http.auth.AuthenticationException;
import org.apache.hc.client5.http.auth.BasicUserPrincipal;
import org.apache.hc.client5.http.auth.ChallengeType;
import org.apache.hc.client5.http.auth.CredentialsProvider;
import org.apache.hc.client5.http.auth.MalformedChallengeException;
import org.apache.hc.client5.http.auth.StandardAuthScheme;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.core5.annotation.Experimental;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.HttpRequest;
import org.apache.hc.core5.http.protocol.HttpContext;
import org.apache.hc.core5.net.URIAuthority;
import org.apache.hc.core5.util.Args;
import org.apache.hc.core5.util.TextUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Experimental
/* loaded from: input_file:org/apache/hc/client5/http/impl/win/WindowsNegotiateScheme.class */
public class WindowsNegotiateScheme implements AuthScheme {
    private static final Logger LOG = LoggerFactory.getLogger(WindowsNegotiateScheme.class);
    private final String schemeName;
    private final String servicePrincipalName;
    private ChallengeType challengeType;
    private String challenge;
    private Sspi.CredHandle clientCred;
    private Sspi.CtxtHandle sspiContext;
    private boolean continueNeeded;

    /* JADX INFO: Access modifiers changed from: package-private */
    public WindowsNegotiateScheme(String str, String str2) {
        this.schemeName = str == null ? StandardAuthScheme.SPNEGO : str;
        this.continueNeeded = true;
        this.servicePrincipalName = str2;
        if (LOG.isDebugEnabled()) {
            LOG.debug("Created WindowsNegotiateScheme using {}", this.schemeName);
        }
    }

    public void dispose() {
        int DeleteSecurityContext;
        int FreeCredentialsHandle;
        if (this.clientCred != null && !this.clientCred.isNull() && 0 != (FreeCredentialsHandle = Secur32.INSTANCE.FreeCredentialsHandle(this.clientCred))) {
            throw new Win32Exception(FreeCredentialsHandle);
        }
        if (this.sspiContext != null && !this.sspiContext.isNull() && 0 != (DeleteSecurityContext = Secur32.INSTANCE.DeleteSecurityContext(this.sspiContext))) {
            throw new Win32Exception(DeleteSecurityContext);
        }
        this.continueNeeded = true;
        this.clientCred = null;
        this.sspiContext = null;
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public String getName() {
        return this.schemeName;
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public boolean isConnectionBased() {
        return true;
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public String getRealm() {
        return null;
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public void processChallenge(AuthChallenge authChallenge, HttpContext httpContext) throws MalformedChallengeException {
        Args.notNull(authChallenge, "AuthChallenge");
        this.challengeType = authChallenge.getChallengeType();
        this.challenge = authChallenge.getValue();
        if (!TextUtils.isBlank(this.challenge) || this.clientCred == null) {
            return;
        }
        dispose();
        if (this.continueNeeded) {
            throw new IllegalStateException("Unexpected token");
        }
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public boolean isResponseReady(HttpHost httpHost, CredentialsProvider credentialsProvider, HttpContext httpContext) throws AuthenticationException {
        return true;
    }

    public static String getCurrentUsername() {
        return Secur32Util.getUserNameEx(2);
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public Principal getPrincipal() {
        return new BasicUserPrincipal(getCurrentUsername());
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public String generateAuthResponse(HttpHost httpHost, HttpRequest httpRequest, HttpContext httpContext) throws AuthenticationException {
        String token;
        HttpClientContext adapt = HttpClientContext.adapt(httpContext);
        if (this.clientCred == null) {
            try {
                String currentUsername = getCurrentUsername();
                Sspi.TimeStamp timeStamp = new Sspi.TimeStamp();
                this.clientCred = new Sspi.CredHandle();
                int AcquireCredentialsHandle = Secur32.INSTANCE.AcquireCredentialsHandle(currentUsername, this.schemeName, 2, (WinNT.LUID) null, (Pointer) null, (Pointer) null, (Pointer) null, this.clientCred, timeStamp);
                if (0 != AcquireCredentialsHandle) {
                    throw new Win32Exception(AcquireCredentialsHandle);
                }
                token = getToken(null, null, getServicePrincipalName(httpRequest, adapt));
            } catch (RuntimeException e) {
                failAuthCleanup();
                if (e instanceof Win32Exception) {
                    throw new AuthenticationException("Authentication Failed", e);
                }
                throw e;
            }
        } else {
            if (this.challenge == null || this.challenge.isEmpty()) {
                failAuthCleanup();
                throw new AuthenticationException("Authentication Failed");
            }
            try {
                token = getToken(this.sspiContext, new SspiUtil.ManagedSecBufferDesc(2, Base64.decodeBase64(this.challenge)), getServicePrincipalName(httpRequest, adapt));
            } catch (RuntimeException e2) {
                failAuthCleanup();
                if (e2 instanceof Win32Exception) {
                    throw new AuthenticationException("Authentication Failed", e2);
                }
                throw e2;
            }
        }
        return this.schemeName + " " + token;
    }

    private void failAuthCleanup() {
        dispose();
        this.continueNeeded = false;
    }

    private String getServicePrincipalName(HttpRequest httpRequest, HttpClientContext httpClientContext) {
        String str;
        if (this.servicePrincipalName != null) {
            str = this.servicePrincipalName;
        } else if (this.challengeType == ChallengeType.PROXY) {
            RouteInfo httpRoute = httpClientContext.getHttpRoute();
            str = httpRoute != null ? "HTTP/" + httpRoute.getProxyHost().getHostName() : null;
        } else {
            URIAuthority authority = httpRequest.getAuthority();
            if (authority != null) {
                str = "HTTP/" + authority.getHostName();
            } else {
                RouteInfo httpRoute2 = httpClientContext.getHttpRoute();
                str = httpRoute2 != null ? "HTTP/" + httpRoute2.getTargetHost().getHostName() : null;
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Using SPN: {}", str);
        }
        return str;
    }

    String getToken(Sspi.CtxtHandle ctxtHandle, Sspi.SecBufferDesc secBufferDesc, String str) {
        IntByReference intByReference = new IntByReference();
        SspiUtil.ManagedSecBufferDesc managedSecBufferDesc = new SspiUtil.ManagedSecBufferDesc(2, 12288);
        this.sspiContext = new Sspi.CtxtHandle();
        int InitializeSecurityContext = Secur32.INSTANCE.InitializeSecurityContext(this.clientCred, ctxtHandle, str, 3, 0, 16, secBufferDesc, 0, this.sspiContext, managedSecBufferDesc, intByReference, (Sspi.TimeStamp) null);
        switch (InitializeSecurityContext) {
            case 0:
                dispose();
                this.continueNeeded = false;
                break;
            case 590610:
                this.continueNeeded = true;
                break;
            default:
                dispose();
                throw new Win32Exception(InitializeSecurityContext);
        }
        return Base64.encodeBase64String(managedSecBufferDesc.getBuffer(0).getBytes());
    }

    @Override // org.apache.hc.client5.http.auth.AuthScheme
    public boolean isChallengeComplete() {
        return !this.continueNeeded;
    }
}
