package org.eclipse.jgit.internal.transport.sshd;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.net.UnknownHostException;
import java.text.MessageFormat;
import java.util.Collection;
import java.util.Iterator;
import org.apache.sshd.client.auth.AbstractUserAuth;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;

/* loaded from: input_file:WEB-INF/lib/org.eclipse.jgit.ssh.apache-5.11.1.202105131744-r.jar:org/eclipse/jgit/internal/transport/sshd/GssApiWithMicAuthentication.class */
public class GssApiWithMicAuthentication extends AbstractUserAuth {
    private static final byte SSH_MSG_USERAUTH_GSSAPI_RESPONSE = 60;
    private static final byte SSH_MSG_USERAUTH_GSSAPI_TOKEN = 61;
    private Collection<Oid> mechanisms;
    private Iterator<Oid> nextMechanism;
    private Oid currentMechanism;
    private ProtocolState state;
    private GSSContext context;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/org.eclipse.jgit.ssh.apache-5.11.1.202105131744-r.jar:org/eclipse/jgit/internal/transport/sshd/GssApiWithMicAuthentication$ProtocolState.class */
    public enum ProtocolState {
        STARTED,
        TOKENS,
        MIC_SENT,
        FAILED;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static ProtocolState[] valuesCustom() {
            ProtocolState[] valuesCustom = values();
            int length = valuesCustom.length;
            ProtocolState[] protocolStateArr = new ProtocolState[length];
            System.arraycopy(valuesCustom, 0, protocolStateArr, 0, length);
            return protocolStateArr;
        }
    }

    public GssApiWithMicAuthentication() {
        super("gssapi-with-mic");
    }

    @Override // org.apache.sshd.client.auth.AbstractUserAuth
    protected boolean sendAuthDataRequest(ClientSession clientSession, String str) throws Exception {
        if (this.mechanisms == null) {
            this.mechanisms = GssApiMechanisms.getSupportedMechanisms();
            this.nextMechanism = this.mechanisms.iterator();
        }
        if (this.context != null) {
            close(false);
        }
        if (!this.nextMechanism.hasNext()) {
            return false;
        }
        this.state = ProtocolState.STARTED;
        this.currentMechanism = this.nextMechanism.next();
        while (GssApiMechanisms.SPNEGO.equals(this.currentMechanism)) {
            if (!this.nextMechanism.hasNext()) {
                return false;
            }
            this.currentMechanism = this.nextMechanism.next();
        }
        try {
            this.context = GssApiMechanisms.createContext(this.currentMechanism, getHostName(clientSession));
            this.context.requestMutualAuth(true);
            this.context.requestConf(true);
            this.context.requestInteg(true);
            this.context.requestCredDeleg(true);
            this.context.requestAnonymity(false);
            Buffer createBuffer = clientSession.createBuffer((byte) 50);
            createBuffer.putString(clientSession.getUsername());
            createBuffer.putString(str);
            createBuffer.putString(getName());
            createBuffer.putInt(1L);
            createBuffer.putBytes(this.currentMechanism.getDER());
            clientSession.writePacket(createBuffer);
            return true;
        } catch (GSSException | NullPointerException e) {
            close(true);
            if (this.log.isDebugEnabled()) {
                this.log.debug(MessageFormat.format(SshdText.get().gssapiInitFailure, this.currentMechanism.toString()));
            }
            this.currentMechanism = null;
            this.state = ProtocolState.FAILED;
            return false;
        }
    }

    @Override // org.apache.sshd.client.auth.AbstractUserAuth
    protected boolean processAuthDataRequest(ClientSession clientSession, String str, Buffer buffer) throws Exception {
        int uByte = buffer.getUByte();
        if (this.context == null) {
            return false;
        }
        try {
            switch (uByte) {
                case 60:
                    if (this.state != ProtocolState.STARTED) {
                        return unexpectedMessage(uByte);
                    }
                    if (!this.currentMechanism.equals(new Oid(buffer.getBytes()))) {
                        return false;
                    }
                    replyToken(clientSession, str, new byte[0]);
                    return true;
                case 61:
                    if (this.context.isEstablished() || this.state != ProtocolState.TOKENS) {
                        return unexpectedMessage(uByte);
                    }
                    replyToken(clientSession, str, buffer.getBytes());
                    return true;
                default:
                    return unexpectedMessage(uByte);
            }
        } catch (GSSException e) {
            this.log.warn(MessageFormat.format(SshdText.get().gssapiFailure, this.currentMechanism.toString()), e);
            this.state = ProtocolState.FAILED;
            return false;
        }
    }

    @Override // org.apache.sshd.client.auth.AbstractUserAuth, org.apache.sshd.client.auth.UserAuth
    public void destroy() {
        try {
            close(false);
        } finally {
            super.destroy();
        }
    }

    private void close(boolean z) {
        try {
            if (this.context != null) {
                this.context.dispose();
                this.context = null;
            }
        } catch (GSSException e) {
            if (z) {
                return;
            }
            this.log.warn(SshdText.get().gssapiFailure, e);
        }
    }

    private void sendToken(ClientSession clientSession, byte[] bArr) throws IOException, GSSException {
        this.state = ProtocolState.TOKENS;
        byte[] initSecContext = this.context.initSecContext(bArr, 0, bArr.length);
        if (initSecContext != null) {
            Buffer createBuffer = clientSession.createBuffer((byte) 61);
            createBuffer.putBytes(initSecContext);
            clientSession.writePacket(createBuffer);
        }
    }

    private void sendMic(ClientSession clientSession, String str) throws IOException, GSSException {
        this.state = ProtocolState.MIC_SENT;
        ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer();
        byteArrayBuffer.putBytes(clientSession.getSessionId());
        byteArrayBuffer.putByte((byte) 50);
        byteArrayBuffer.putString(clientSession.getUsername());
        byteArrayBuffer.putString(str);
        byteArrayBuffer.putString(getName());
        byte[] compactData = byteArrayBuffer.getCompactData();
        byte[] mic = this.context.getMIC(compactData, 0, compactData.length, new MessageProp(0, true));
        Buffer createBuffer = clientSession.createBuffer((byte) 66);
        createBuffer.putBytes(mic);
        clientSession.writePacket(createBuffer);
    }

    private void replyToken(ClientSession clientSession, String str, byte[] bArr) throws IOException, GSSException {
        sendToken(clientSession, bArr);
        if (this.context.isEstablished()) {
            sendMic(clientSession, str);
        }
    }

    private String getHostName(ClientSession clientSession) {
        InetAddress resolve;
        SocketAddress connectAddress = clientSession.getConnectAddress();
        if ((connectAddress instanceof InetSocketAddress) && (resolve = GssApiMechanisms.resolve((InetSocketAddress) connectAddress)) != null) {
            return resolve.getCanonicalHostName();
        }
        if (!(clientSession instanceof JGitClientSession)) {
            throw new IllegalStateException("Wrong session class :" + clientSession.getClass().getName());
        }
        String hostName = ((JGitClientSession) clientSession).getHostConfigEntry().getHostName();
        try {
            hostName = InetAddress.getByName(hostName).getCanonicalHostName();
        } catch (UnknownHostException e) {
        }
        return hostName;
    }

    private boolean unexpectedMessage(int i) {
        this.log.warn(MessageFormat.format(SshdText.get().gssapiUnexpectedMessage, getName(), Integer.toString(i)));
        return false;
    }
}
