package net.schmizz.sshj.userauth.method;

import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.transport.TransportException;
import net.schmizz.sshj.userauth.UserAuthException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;

/* loaded from: classes5.dex */
public class b extends net.schmizz.sshj.userauth.method.a {

    /* renamed from: e, reason: collision with root package name */
    private final LoginContext f93475e;

    /* renamed from: f, reason: collision with root package name */
    private final List<Oid> f93476f;

    /* renamed from: g, reason: collision with root package name */
    private final GSSManager f93477g;

    /* renamed from: h, reason: collision with root package name */
    private GSSContext f93478h;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes5.dex */
    public class a implements PrivilegedExceptionAction<GSSContext> {

        /* renamed from: a, reason: collision with root package name */
        private final Oid f93479a;

        public a(Oid oid) {
            this.f93479a = oid;
        }

        @Override // java.security.PrivilegedExceptionAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public GSSContext run() throws GSSException {
            GSSContext createContext = b.this.f93477g.createContext(b.this.f93477g.createName("host@" + b.this.f93474d.e().D(), GSSName.NT_HOSTBASED_SERVICE), this.f93479a, b.this.f93477g.createCredential(b.this.f93477g.createName(b.this.f93474d.b(), GSSName.NT_USER_NAME), 0, this.f93479a, 1), 0);
            createContext.requestMutualAuth(true);
            createContext.requestInteg(true);
            return createContext;
        }
    }

    public b(LoginContext loginContext, List<Oid> list) {
        this(loginContext, list, GSSManager.getInstance());
    }

    public b(LoginContext loginContext, List<Oid> list, GSSManager gSSManager) {
        super("gssapi-with-mic");
        this.f93475e = loginContext;
        this.f93476f = list;
        this.f93477g = gSSManager;
        this.f93478h = null;
    }

    private byte[] q() throws UserAuthException {
        byte[] g10 = new Buffer.a().w(this.f93474d.e().c()).l(net.schmizz.sshj.common.j.USERAUTH_REQUEST.i()).u(this.f93474d.b()).u(this.f93474d.a()).u(getName()).g();
        try {
            return this.f93478h.getMIC(g10, 0, g10.length, (MessageProp) null);
        } catch (GSSException e10) {
            throw new UserAuthException("Exception getting message integrity code", (Throwable) e10);
        }
    }

    private void s(net.schmizz.sshj.common.k kVar) throws UserAuthException, TransportException {
        try {
            try {
                Oid oid = new Oid(kVar.E());
                this.f93472b.e0("Server selected OID: {}", oid.toString());
                this.f93472b.b("Initializing GSSAPI context");
                try {
                    this.f93478h = (GSSContext) Subject.doAs(this.f93475e.getSubject(), new a(oid));
                    this.f93472b.b("Sending initial token");
                    try {
                        v(this.f93478h.initSecContext(new byte[0], 0, 0));
                    } catch (GSSException e10) {
                        throw new UserAuthException("Exception sending initial token", (Throwable) e10);
                    }
                } catch (PrivilegedActionException e11) {
                    throw new UserAuthException("Exception during context initialization", e11);
                }
            } catch (GSSException e12) {
                throw new UserAuthException("Exception constructing OID from server response", (Throwable) e12);
            }
        } catch (Buffer.BufferException e13) {
            throw new UserAuthException("Failed to read byte array from message buffer", e13);
        }
    }

    private byte[] t(net.schmizz.sshj.common.k kVar) throws UserAuthException {
        try {
            byte[] L = kVar.L();
            try {
                return this.f93478h.initSecContext(L, 0, L.length);
            } catch (GSSException e10) {
                throw new UserAuthException("Exception during token exchange", (Throwable) e10);
            }
        } catch (Buffer.BufferException e11) {
            throw new UserAuthException("Failed to read string from message buffer", e11);
        }
    }

    private void v(byte[] bArr) throws TransportException {
        this.f93474d.e().V(new net.schmizz.sshj.common.k(net.schmizz.sshj.common.j.USERAUTH_INFO_RESPONSE).w(bArr));
    }

    @Override // net.schmizz.sshj.userauth.method.a
    public net.schmizz.sshj.common.k e() throws UserAuthException {
        net.schmizz.sshj.common.k y10 = super.e().y(this.f93476f.size());
        for (Oid oid : this.f93476f) {
            try {
                y10.w(oid.getDER());
            } catch (GSSException e10) {
                throw new UserAuthException("Mechanism OID could not be encoded: " + oid.toString(), (Throwable) e10);
            }
        }
        return y10;
    }

    @Override // net.schmizz.sshj.userauth.method.a, net.schmizz.sshj.common.l
    public void o(net.schmizz.sshj.common.j jVar, net.schmizz.sshj.common.k kVar) throws UserAuthException, TransportException {
        if (jVar == net.schmizz.sshj.common.j.USERAUTH_60) {
            s(kVar);
            return;
        }
        if (jVar != net.schmizz.sshj.common.j.USERAUTH_INFO_RESPONSE) {
            super.o(jVar, kVar);
            return;
        }
        byte[] t10 = t(kVar);
        if (!this.f93478h.isEstablished()) {
            this.f93472b.b("Sending token");
            v(t10);
        } else if (this.f93478h.getIntegState()) {
            this.f93472b.b("Per-message integrity protection available: finalizing authentication with message integrity code");
            this.f93474d.e().V(new net.schmizz.sshj.common.k(net.schmizz.sshj.common.j.USERAUTH_GSSAPI_MIC).w(q()));
        } else {
            this.f93472b.b("Per-message integrity protection unavailable: finalizing authentication");
            this.f93474d.e().V(new net.schmizz.sshj.common.k(net.schmizz.sshj.common.j.USERAUTH_GSSAPI_EXCHANGE_COMPLETE));
        }
    }
}
