package org.apache.http.impl.auth;

import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.Consts;
import org.apache.http.Header;
import org.apache.http.HttpRequest;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.InvalidCredentialsException;
import org.apache.http.auth.MalformedChallengeException;
import org.apache.http.auth.NTCredentials;
import org.apache.http.impl.auth.NTLMEngineImpl;
import org.apache.http.message.BufferedHeader;
import org.apache.http.protocol.HttpContext;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.CharArrayBuffer;
import org.apache.http.util.CharsetUtils;

/* loaded from: input_file:META-INF/lib/httpclient-4.5.4.jar:org/apache/http/impl/auth/CredSspScheme.class */
public class CredSspScheme extends AuthSchemeBase {
    public static final String SCHEME_NAME = "CredSSP";
    private final Log log = LogFactory.getLog(CredSspScheme.class);
    private State state = State.UNINITIATED;
    private SSLEngine sslEngine;
    private NTLMEngineImpl.Type1Message type1Message;
    private NTLMEngineImpl.Type2Message type2Message;
    private NTLMEngineImpl.Type3Message type3Message;
    private CredSspTsRequest lastReceivedTsRequest;
    private NTLMEngineImpl.Handle ntlmOutgoingHandle;
    private NTLMEngineImpl.Handle ntlmIncomingHandle;
    private byte[] peerPublicKey;
    private static final Charset UNICODE_LITTLE_UNMARKED = CharsetUtils.lookup("UnicodeLittleUnmarked");
    private static final byte[] EMPTYBUFFER = new byte[0];

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:META-INF/lib/httpclient-4.5.4.jar:org/apache/http/impl/auth/CredSspScheme$CredSspTsRequest.class */
    public static class CredSspTsRequest {
        private static final int VERSION = 3;
        private byte[] negoToken;
        private byte[] authInfo;
        private byte[] pubKeyAuth;

        protected CredSspTsRequest() {
        }

        public static CredSspTsRequest createNegoToken(byte[] bArr) {
            CredSspTsRequest credSspTsRequest = new CredSspTsRequest();
            credSspTsRequest.negoToken = bArr;
            return credSspTsRequest;
        }

        public static CredSspTsRequest createAuthInfo(byte[] bArr) {
            CredSspTsRequest credSspTsRequest = new CredSspTsRequest();
            credSspTsRequest.authInfo = bArr;
            return credSspTsRequest;
        }

        public static CredSspTsRequest createDecoded(ByteBuffer byteBuffer) throws MalformedChallengeException {
            CredSspTsRequest credSspTsRequest = new CredSspTsRequest();
            credSspTsRequest.decode(byteBuffer);
            return credSspTsRequest;
        }

        public byte[] getNegoToken() {
            return this.negoToken;
        }

        public void setNegoToken(byte[] bArr) {
            this.negoToken = bArr;
        }

        public byte[] getAuthInfo() {
            return this.authInfo;
        }

        public void setAuthInfo(byte[] bArr) {
            this.authInfo = bArr;
        }

        public byte[] getPubKeyAuth() {
            return this.pubKeyAuth;
        }

        public void setPubKeyAuth(byte[] bArr) {
            this.pubKeyAuth = bArr;
        }

        public void decode(ByteBuffer byteBuffer) throws MalformedChallengeException {
            this.negoToken = null;
            this.authInfo = null;
            this.pubKeyAuth = null;
            CredSspScheme.getByteAndAssert(byteBuffer, 48, "initial sequence");
            CredSspScheme.parseLength(byteBuffer);
            while (byteBuffer.hasRemaining()) {
                int andAssertContentSpecificTag = CredSspScheme.getAndAssertContentSpecificTag(byteBuffer, "content tag");
                CredSspScheme.parseLength(byteBuffer);
                switch (andAssertContentSpecificTag) {
                    case 0:
                        processVersion(byteBuffer);
                        break;
                    case 1:
                        parseNegoTokens(byteBuffer);
                        break;
                    case 2:
                        parseAuthInfo(byteBuffer);
                        break;
                    case 3:
                        parsePubKeyAuth(byteBuffer);
                        break;
                    case 4:
                        processErrorCode(byteBuffer);
                        break;
                    default:
                        CredSspScheme.parseError(byteBuffer, "unexpected content tag " + andAssertContentSpecificTag);
                        break;
                }
            }
        }

        private void processVersion(ByteBuffer byteBuffer) throws MalformedChallengeException {
            CredSspScheme.getByteAndAssert(byteBuffer, 2, "version type");
            CredSspScheme.getLengthAndAssert(byteBuffer, 1, "version length");
            CredSspScheme.getByteAndAssert(byteBuffer, 3, "wrong protocol version");
        }

        private void parseNegoTokens(ByteBuffer byteBuffer) throws MalformedChallengeException {
            CredSspScheme.getByteAndAssert(byteBuffer, 48, "negoTokens sequence");
            CredSspScheme.parseLength(byteBuffer);
            byte b = byteBuffer.get();
            if (b == 48) {
                CredSspScheme.parseLength(byteBuffer);
                b = byteBuffer.get();
            }
            if ((b & 255) != 160) {
                CredSspScheme.parseError(byteBuffer, "negoTokens: wrong content-specific tag " + String.format("%02X", Byte.valueOf(b)));
            }
            CredSspScheme.parseLength(byteBuffer);
            CredSspScheme.getByteAndAssert(byteBuffer, 4, "negoToken type");
            this.negoToken = new byte[CredSspScheme.parseLength(byteBuffer)];
            byteBuffer.get(this.negoToken);
        }

        private void parseAuthInfo(ByteBuffer byteBuffer) throws MalformedChallengeException {
            CredSspScheme.getByteAndAssert(byteBuffer, 4, "authInfo type");
            this.authInfo = new byte[CredSspScheme.parseLength(byteBuffer)];
            byteBuffer.get(this.authInfo);
        }

        private void parsePubKeyAuth(ByteBuffer byteBuffer) throws MalformedChallengeException {
            CredSspScheme.getByteAndAssert(byteBuffer, 4, "pubKeyAuth type");
            this.pubKeyAuth = new byte[CredSspScheme.parseLength(byteBuffer)];
            byteBuffer.get(this.pubKeyAuth);
        }

        private void processErrorCode(ByteBuffer byteBuffer) throws MalformedChallengeException {
            CredSspScheme.getLengthAndAssert(byteBuffer, 3, "error code length");
            CredSspScheme.getByteAndAssert(byteBuffer, 2, "error code type");
            CredSspScheme.getLengthAndAssert(byteBuffer, 1, "error code length");
            CredSspScheme.parseError(byteBuffer, "Error code " + ((int) byteBuffer.get()));
        }

        public void encode(ByteBuffer byteBuffer) {
            ByteBuffer allocate = ByteBuffer.allocate(byteBuffer.capacity());
            allocate.put((byte) -96);
            allocate.put((byte) 3);
            allocate.put((byte) 2);
            allocate.put((byte) 1);
            allocate.put((byte) 3);
            if (this.negoToken != null) {
                int length = this.negoToken.length;
                byte[] encodeLength = CredSspScheme.encodeLength(length);
                int length2 = length + 1 + encodeLength.length;
                byte[] encodeLength2 = CredSspScheme.encodeLength(length2);
                int length3 = length2 + 1 + encodeLength2.length;
                byte[] encodeLength3 = CredSspScheme.encodeLength(length3);
                int length4 = length3 + 1 + encodeLength3.length;
                byte[] encodeLength4 = CredSspScheme.encodeLength(length4);
                byte[] encodeLength5 = CredSspScheme.encodeLength(length4 + 1 + encodeLength4.length);
                allocate.put((byte) -95);
                allocate.put(encodeLength5);
                allocate.put((byte) 48);
                allocate.put(encodeLength4);
                allocate.put((byte) 48);
                allocate.put(encodeLength3);
                allocate.put((byte) -96);
                allocate.put(encodeLength2);
                allocate.put((byte) 4);
                allocate.put(encodeLength);
                allocate.put(this.negoToken);
            }
            if (this.authInfo != null) {
                byte[] encodeLength6 = CredSspScheme.encodeLength(this.authInfo.length);
                allocate.put((byte) -94);
                allocate.put(CredSspScheme.encodeLength(1 + encodeLength6.length + this.authInfo.length));
                allocate.put((byte) 4);
                allocate.put(encodeLength6);
                allocate.put(this.authInfo);
            }
            if (this.pubKeyAuth != null) {
                byte[] encodeLength7 = CredSspScheme.encodeLength(this.pubKeyAuth.length);
                allocate.put((byte) -93);
                allocate.put(CredSspScheme.encodeLength(1 + encodeLength7.length + this.pubKeyAuth.length));
                allocate.put((byte) 4);
                allocate.put(encodeLength7);
                allocate.put(this.pubKeyAuth);
            }
            allocate.flip();
            byteBuffer.put((byte) 48);
            byteBuffer.put(CredSspScheme.encodeLength(allocate.limit()));
            byteBuffer.put(allocate);
        }

        public String debugDump() {
            StringBuilder sb = new StringBuilder("TsRequest\n");
            sb.append("  negoToken:\n");
            sb.append("    ");
            DebugUtil.dump(sb, this.negoToken);
            sb.append("\n");
            sb.append("  authInfo:\n");
            sb.append("    ");
            DebugUtil.dump(sb, this.authInfo);
            sb.append("\n");
            sb.append("  pubKeyAuth:\n");
            sb.append("    ");
            DebugUtil.dump(sb, this.pubKeyAuth);
            return sb.toString();
        }

        public String toString() {
            return "TsRequest(negoToken=" + Arrays.toString(this.negoToken) + ", authInfo=" + Arrays.toString(this.authInfo) + ", pubKeyAuth=" + Arrays.toString(this.pubKeyAuth) + ")";
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:META-INF/lib/httpclient-4.5.4.jar:org/apache/http/impl/auth/CredSspScheme$State.class */
    public enum State {
        UNINITIATED,
        TLS_HANDSHAKE,
        TLS_HANDSHAKE_FINISHED,
        NEGO_TOKEN_SENT,
        NEGO_TOKEN_RECEIVED,
        PUB_KEY_AUTH_SENT,
        PUB_KEY_AUTH_RECEIVED,
        CREDENTIALS_SENT
    }

    @Override // org.apache.http.auth.AuthScheme
    public String getSchemeName() {
        return "CredSSP";
    }

    @Override // org.apache.http.auth.AuthScheme
    public String getParameter(String str) {
        return null;
    }

    @Override // org.apache.http.auth.AuthScheme
    public String getRealm() {
        return null;
    }

    @Override // org.apache.http.auth.AuthScheme
    public boolean isConnectionBased() {
        return true;
    }

    private SSLEngine getSSLEngine() {
        if (this.sslEngine == null) {
            this.sslEngine = createSSLEngine();
        }
        return this.sslEngine;
    }

    private SSLEngine createSSLEngine() {
        try {
            SSLContext build = SSLContexts.custom().build();
            try {
                build.init(null, new TrustManager[]{new X509TrustManager() { // from class: org.apache.http.impl.auth.CredSspScheme.1
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                }}, null);
                SSLEngine createSSLEngine = build.createSSLEngine();
                createSSLEngine.setUseClientMode(true);
                return createSSLEngine;
            } catch (KeyManagementException e) {
                throw new RuntimeException("SSL Context initialization error: " + e.getMessage(), e);
            }
        } catch (KeyManagementException e2) {
            throw new RuntimeException("Error creating SSL Context: " + e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new RuntimeException("Error creating SSL Context: " + e3.getMessage(), e3);
        }
    }

    @Override // org.apache.http.impl.auth.AuthSchemeBase
    protected void parseChallenge(CharArrayBuffer charArrayBuffer, int i, int i2) throws MalformedChallengeException {
        String substringTrimmed = charArrayBuffer.substringTrimmed(i, i2);
        if (substringTrimmed.isEmpty() && this.state != State.UNINITIATED) {
            String str = "Received unexpected empty input in state " + this.state;
            this.log.error(str);
            throw new MalformedChallengeException(str);
        }
        if (this.state == State.TLS_HANDSHAKE) {
            unwrapHandshake(substringTrimmed);
            if (getSSLEngine().getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
                this.log.trace("TLS handshake finished");
                this.state = State.TLS_HANDSHAKE_FINISHED;
            }
        }
        if (this.state == State.NEGO_TOKEN_SENT) {
            ByteBuffer unwrap = unwrap(substringTrimmed);
            this.state = State.NEGO_TOKEN_RECEIVED;
            this.lastReceivedTsRequest = CredSspTsRequest.createDecoded(unwrap);
        }
        if (this.state == State.PUB_KEY_AUTH_SENT) {
            ByteBuffer unwrap2 = unwrap(substringTrimmed);
            this.state = State.PUB_KEY_AUTH_RECEIVED;
            this.lastReceivedTsRequest = CredSspTsRequest.createDecoded(unwrap2);
        }
    }

    @Override // org.apache.http.auth.AuthScheme
    @Deprecated
    public Header authenticate(Credentials credentials, HttpRequest httpRequest) throws AuthenticationException {
        return authenticate(credentials, httpRequest, null);
    }

    @Override // org.apache.http.impl.auth.AuthSchemeBase, org.apache.http.auth.ContextAwareAuthScheme
    public Header authenticate(Credentials credentials, HttpRequest httpRequest, HttpContext httpContext) throws AuthenticationException {
        String wrap;
        try {
            NTCredentials nTCredentials = (NTCredentials) credentials;
            if (this.state == State.UNINITIATED) {
                beginTlsHandshake();
                wrap = wrapHandshake();
                this.state = State.TLS_HANDSHAKE;
            } else if (this.state == State.TLS_HANDSHAKE) {
                wrap = wrapHandshake();
            } else if (this.state == State.TLS_HANDSHAKE_FINISHED) {
                int ntlmFlags = getNtlmFlags();
                ByteBuffer allocateOutBuffer = allocateOutBuffer();
                this.type1Message = new NTLMEngineImpl.Type1Message(nTCredentials.getDomain(), nTCredentials.getWorkstation(), Integer.valueOf(ntlmFlags));
                CredSspTsRequest.createNegoToken(this.type1Message.getBytes()).encode(allocateOutBuffer);
                allocateOutBuffer.flip();
                wrap = wrap(allocateOutBuffer);
                this.state = State.NEGO_TOKEN_SENT;
            } else if (this.state == State.NEGO_TOKEN_RECEIVED) {
                ByteBuffer allocateOutBuffer2 = allocateOutBuffer();
                this.type2Message = new NTLMEngineImpl.Type2Message(this.lastReceivedTsRequest.getNegoToken());
                Certificate peerServerCertificate = getPeerServerCertificate();
                this.type3Message = new NTLMEngineImpl.Type3Message(nTCredentials.getDomain(), nTCredentials.getWorkstation(), nTCredentials.getUserName(), nTCredentials.getPassword(), this.type2Message.getChallenge(), this.type2Message.getFlags(), this.type2Message.getTarget(), this.type2Message.getTargetInfo(), peerServerCertificate, this.type1Message.getBytes(), this.type2Message.getBytes());
                byte[] bytes = this.type3Message.getBytes();
                byte[] exportedSessionKey = this.type3Message.getExportedSessionKey();
                this.ntlmOutgoingHandle = new NTLMEngineImpl.Handle(exportedSessionKey, NTLMEngineImpl.Mode.CLIENT, true);
                this.ntlmIncomingHandle = new NTLMEngineImpl.Handle(exportedSessionKey, NTLMEngineImpl.Mode.SERVER, true);
                CredSspTsRequest createNegoToken = CredSspTsRequest.createNegoToken(bytes);
                this.peerPublicKey = getSubjectPublicKeyDer(peerServerCertificate.getPublicKey());
                createNegoToken.setPubKeyAuth(createPubKeyAuth());
                createNegoToken.encode(allocateOutBuffer2);
                allocateOutBuffer2.flip();
                wrap = wrap(allocateOutBuffer2);
                this.state = State.PUB_KEY_AUTH_SENT;
            } else {
                if (this.state != State.PUB_KEY_AUTH_RECEIVED) {
                    throw new AuthenticationException("Wrong state " + this.state);
                }
                verifyPubKeyAuthResponse(this.lastReceivedTsRequest.getPubKeyAuth());
                CredSspTsRequest createAuthInfo = CredSspTsRequest.createAuthInfo(createAuthInfo(nTCredentials));
                ByteBuffer allocateOutBuffer3 = allocateOutBuffer();
                createAuthInfo.encode(allocateOutBuffer3);
                allocateOutBuffer3.flip();
                wrap = wrap(allocateOutBuffer3);
                this.state = State.CREDENTIALS_SENT;
            }
            CharArrayBuffer charArrayBuffer = new CharArrayBuffer(32);
            if (isProxy()) {
                charArrayBuffer.append("Proxy-Authorization");
            } else {
                charArrayBuffer.append("Authorization");
            }
            charArrayBuffer.append(": CredSSP ");
            charArrayBuffer.append(wrap);
            return new BufferedHeader(charArrayBuffer);
        } catch (ClassCastException e) {
            throw new InvalidCredentialsException("Credentials cannot be used for CredSSP authentication: " + credentials.getClass().getName());
        }
    }

    private int getNtlmFlags() {
        return -494366670;
    }

    private Certificate getPeerServerCertificate() throws AuthenticationException {
        try {
            for (Certificate certificate : this.sslEngine.getSession().getPeerCertificates()) {
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if (x509Certificate.getBasicConstraints() == -1) {
                        return x509Certificate;
                    }
                }
            }
            return null;
        } catch (SSLPeerUnverifiedException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    private byte[] createPubKeyAuth() throws AuthenticationException {
        return this.ntlmOutgoingHandle.signAndEncryptMessage(this.peerPublicKey);
    }

    private void verifyPubKeyAuthResponse(byte[] bArr) throws AuthenticationException {
        byte[] decryptAndVerifySignedMessage = this.ntlmIncomingHandle.decryptAndVerifySignedMessage(bArr);
        if (this.peerPublicKey.length != decryptAndVerifySignedMessage.length) {
            throw new AuthenticationException("Public key mismatch in pubKeyAuth response");
        }
        if (this.peerPublicKey[0] + 1 != decryptAndVerifySignedMessage[0]) {
            throw new AuthenticationException("Public key mismatch in pubKeyAuth response");
        }
        for (int i = 1; i < this.peerPublicKey.length; i++) {
            if (this.peerPublicKey[i] != decryptAndVerifySignedMessage[i]) {
                throw new AuthenticationException("Public key mismatch in pubKeyAuth response");
            }
        }
        this.log.trace("Received public key response is valid");
    }

    private byte[] createAuthInfo(NTCredentials nTCredentials) throws AuthenticationException {
        byte[] encodeUnicode = encodeUnicode(nTCredentials.getDomain());
        byte[] encodeLength = encodeLength(encodeUnicode.length);
        int length = 1 + encodeLength.length + encodeUnicode.length;
        byte[] encodeLength2 = encodeLength(length);
        byte[] encodeUnicode2 = encodeUnicode(nTCredentials.getUserName());
        byte[] encodeLength3 = encodeLength(encodeUnicode2.length);
        int length2 = 1 + encodeLength3.length + encodeUnicode2.length;
        byte[] encodeLength4 = encodeLength(length2);
        byte[] encodeUnicode3 = encodeUnicode(nTCredentials.getPassword());
        byte[] encodeLength5 = encodeLength(encodeUnicode3.length);
        int length3 = 1 + encodeLength5.length + encodeUnicode3.length;
        byte[] encodeLength6 = encodeLength(length3);
        int length4 = 1 + encodeLength2.length + length + 1 + encodeLength4.length + length2 + 1 + encodeLength6.length + length3;
        byte[] encodeLength7 = encodeLength(length4);
        int length5 = 1 + encodeLength7.length + length4;
        byte[] encodeLength8 = encodeLength(length5);
        int length6 = 1 + encodeLength8.length + length5;
        byte[] encodeLength9 = encodeLength(length6);
        int length7 = 6 + encodeLength9.length + length6;
        byte[] encodeLength10 = encodeLength(length7);
        ByteBuffer allocate = ByteBuffer.allocate(1 + encodeLength10.length + length7);
        allocate.put((byte) 48);
        allocate.put(encodeLength10);
        allocate.put((byte) -96);
        allocate.put((byte) 3);
        allocate.put((byte) 2);
        allocate.put((byte) 1);
        allocate.put((byte) 1);
        allocate.put((byte) -95);
        allocate.put(encodeLength9);
        allocate.put((byte) 4);
        allocate.put(encodeLength8);
        allocate.put((byte) 48);
        allocate.put(encodeLength7);
        allocate.put((byte) -96);
        allocate.put(encodeLength2);
        allocate.put((byte) 4);
        allocate.put(encodeLength);
        allocate.put(encodeUnicode);
        allocate.put((byte) -95);
        allocate.put(encodeLength4);
        allocate.put((byte) 4);
        allocate.put(encodeLength3);
        allocate.put(encodeUnicode2);
        allocate.put((byte) -94);
        allocate.put(encodeLength6);
        allocate.put((byte) 4);
        allocate.put(encodeLength5);
        allocate.put(encodeUnicode3);
        try {
            return this.ntlmOutgoingHandle.signAndEncryptMessage(allocate.array());
        } catch (NTLMEngineException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    private byte[] encodeUnicode(String str) {
        return str == null ? EMPTYBUFFER : str.getBytes(UNICODE_LITTLE_UNMARKED);
    }

    private byte[] getSubjectPublicKeyDer(PublicKey publicKey) throws AuthenticationException {
        try {
            ByteBuffer wrap = ByteBuffer.wrap(publicKey.getEncoded());
            getByteAndAssert(wrap, 48, "initial sequence");
            parseLength(wrap);
            getByteAndAssert(wrap, 48, "AlgorithmIdentifier sequence");
            wrap.position(wrap.position() + parseLength(wrap));
            getByteAndAssert(wrap, 3, "subjectPublicKey type");
            int parseLength = parseLength(wrap);
            if (wrap.get() == 0) {
                parseLength--;
            } else {
                wrap.position(wrap.position() - 1);
            }
            byte[] bArr = new byte[parseLength];
            wrap.get(bArr);
            return bArr;
        } catch (MalformedChallengeException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    private void beginTlsHandshake() throws AuthenticationException {
        try {
            getSSLEngine().beginHandshake();
        } catch (SSLException e) {
            throw new AuthenticationException("SSL Engine error: " + e.getMessage(), e);
        }
    }

    private ByteBuffer allocateOutBuffer() {
        return ByteBuffer.allocate(getSSLEngine().getSession().getApplicationBufferSize());
    }

    private String wrapHandshake() throws AuthenticationException {
        ByteBuffer allocateOutBuffer = allocateOutBuffer();
        allocateOutBuffer.flip();
        SSLEngine sSLEngine = getSSLEngine();
        ByteBuffer allocate = ByteBuffer.allocate(sSLEngine.getSession().getPacketBufferSize() * 2);
        while (sSLEngine.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
            wrap(allocateOutBuffer, allocate);
        }
        allocate.flip();
        return encodeBase64(allocate);
    }

    private String wrap(ByteBuffer byteBuffer) throws AuthenticationException {
        ByteBuffer allocate = ByteBuffer.allocate(getSSLEngine().getSession().getPacketBufferSize());
        wrap(byteBuffer, allocate);
        allocate.flip();
        return encodeBase64(allocate);
    }

    private void wrap(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws AuthenticationException {
        try {
            SSLEngineResult wrap = getSSLEngine().wrap(byteBuffer, byteBuffer2);
            if (wrap.getStatus() != SSLEngineResult.Status.OK) {
                throw new AuthenticationException("SSL Engine error status: " + wrap.getStatus());
            }
        } catch (SSLException e) {
            throw new AuthenticationException("SSL Engine wrap error: " + e.getMessage(), e);
        }
    }

    private void unwrapHandshake(String str) throws MalformedChallengeException {
        SSLEngine sSLEngine = getSSLEngine();
        SSLSession session = sSLEngine.getSession();
        ByteBuffer decodeBase64 = decodeBase64(str);
        ByteBuffer allocate = ByteBuffer.allocate(session.getApplicationBufferSize());
        while (sSLEngine.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
            unwrap(decodeBase64, allocate);
        }
    }

    private ByteBuffer unwrap(String str) throws MalformedChallengeException {
        SSLSession session = getSSLEngine().getSession();
        ByteBuffer decodeBase64 = decodeBase64(str);
        ByteBuffer allocate = ByteBuffer.allocate(session.getApplicationBufferSize());
        unwrap(decodeBase64, allocate);
        allocate.flip();
        return allocate;
    }

    private void unwrap(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws MalformedChallengeException {
        try {
            SSLEngineResult unwrap = this.sslEngine.unwrap(byteBuffer, byteBuffer2);
            if (unwrap.getStatus() != SSLEngineResult.Status.OK) {
                throw new MalformedChallengeException("SSL Engine error status: " + unwrap.getStatus());
            }
            if (this.sslEngine.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                this.sslEngine.getDelegatedTask().run();
            }
        } catch (SSLException e) {
            throw new MalformedChallengeException("SSL Engine unwrap error: " + e.getMessage(), e);
        }
    }

    private String encodeBase64(ByteBuffer byteBuffer) {
        byte[] bArr = new byte[byteBuffer.limit()];
        byteBuffer.get(bArr);
        return new String(Base64.encodeBase64(bArr), Consts.ASCII);
    }

    private ByteBuffer decodeBase64(String str) {
        return ByteBuffer.wrap(Base64.decodeBase64(str.getBytes(Consts.ASCII)));
    }

    @Override // org.apache.http.auth.AuthScheme
    public boolean isComplete() {
        return this.state == State.CREDENTIALS_SENT;
    }

    static void getByteAndAssert(ByteBuffer byteBuffer, int i, String str) throws MalformedChallengeException {
        byte b = byteBuffer.get();
        if (b != i) {
            parseError(byteBuffer, str + expectMessage(i, b));
        }
    }

    private static String expectMessage(int i, int i2) {
        return "(expected " + String.format("%02X", Integer.valueOf(i)) + ", got " + String.format("%02X", Integer.valueOf(i2)) + ")";
    }

    static int parseLength(ByteBuffer byteBuffer) {
        byte b = byteBuffer.get();
        if (b == 128) {
            return -1;
        }
        if ((b & 128) != 128) {
            return b;
        }
        int i = b & Byte.MAX_VALUE;
        int i2 = 0;
        for (int i3 = 0; i3 < i; i3++) {
            i2 = (i2 << 8) + (byteBuffer.get() & 255);
        }
        return i2;
    }

    static void getLengthAndAssert(ByteBuffer byteBuffer, int i, String str) throws MalformedChallengeException {
        int parseLength = parseLength(byteBuffer);
        if (i != parseLength) {
            parseError(byteBuffer, str + expectMessage(i, parseLength));
        }
    }

    static int getAndAssertContentSpecificTag(ByteBuffer byteBuffer, String str) throws MalformedChallengeException {
        byte b = byteBuffer.get();
        if ((b & 224) != 160) {
            parseError(byteBuffer, str + ": wrong content-specific tag " + String.format("%02X", Byte.valueOf(b)));
        }
        return b & 31;
    }

    static void parseError(ByteBuffer byteBuffer, String str) throws MalformedChallengeException {
        throw new MalformedChallengeException("Error parsing TsRequest (position:" + byteBuffer.position() + "): " + str);
    }

    static byte[] encodeLength(int i) {
        if (i < 128) {
            return new byte[]{(byte) i};
        }
        int i2 = 1;
        int i3 = i;
        while (true) {
            int i4 = i3 >>> 8;
            i3 = i4;
            if (i4 == 0) {
                break;
            }
            i2++;
        }
        byte[] bArr = new byte[1 + i2];
        bArr[0] = (byte) (i2 | 128);
        int i5 = (i2 - 1) * 8;
        for (int i6 = 0; i6 < i2; i6++) {
            bArr[i6 + 1] = (byte) (i >> i5);
            i5 -= 8;
        }
        return bArr;
    }
}
