package net.schmizz.sshj.userauth.method;

import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.Message;
import net.schmizz.sshj.common.SSHPacket;
import net.schmizz.sshj.transport.TransportException;
import net.schmizz.sshj.userauth.UserAuthException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;

/* loaded from: classes5.dex */
public class AuthGssApiWithMic extends AbstractAuthMethod {
    private final LoginContext loginContext;
    private final GSSManager manager;
    private final List<Oid> mechanismOids;
    private GSSContext secContext;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes5.dex */
    public class InitializeContextAction implements PrivilegedExceptionAction<GSSContext> {
        private final Oid selectedOid;

        public InitializeContextAction(Oid oid) {
            this.selectedOid = oid;
        }

        @Override // java.security.PrivilegedExceptionAction
        public GSSContext run() throws GSSException {
            GSSContext createContext = AuthGssApiWithMic.this.manager.createContext(AuthGssApiWithMic.this.manager.createName("host@" + AuthGssApiWithMic.this.params.getTransport().getRemoteHost(), GSSName.NT_HOSTBASED_SERVICE), this.selectedOid, AuthGssApiWithMic.this.manager.createCredential(1), 0);
            createContext.requestMutualAuth(true);
            createContext.requestInteg(true);
            return createContext;
        }
    }

    public AuthGssApiWithMic(LoginContext loginContext, List<Oid> list) {
        this(loginContext, list, GSSManager.getInstance());
    }

    public AuthGssApiWithMic(LoginContext loginContext, List<Oid> list, GSSManager gSSManager) {
        super("gssapi-with-mic");
        this.loginContext = loginContext;
        this.mechanismOids = list;
        this.manager = gSSManager;
        this.secContext = null;
    }

    private byte[] generateMIC() throws UserAuthException {
        byte[] compactData = new Buffer.PlainBuffer().putString(this.params.getTransport().getSessionID()).putByte(Message.USERAUTH_REQUEST.toByte()).putString(this.params.getUsername()).putString(this.params.getNextServiceName()).putString(getName()).getCompactData();
        try {
            return this.secContext.getMIC(compactData, 0, compactData.length, (MessageProp) null);
        } catch (GSSException e) {
            throw new UserAuthException("Exception getting message integrity code", (Throwable) e);
        }
    }

    private void handleContextInitialization(SSHPacket sSHPacket) throws UserAuthException, TransportException {
        try {
            try {
                Oid oid = new Oid(sSHPacket.readBytes());
                this.log.debug("Server selected OID: {}", oid.toString());
                this.log.debug("Initializing GSSAPI context");
                try {
                    this.secContext = (GSSContext) Subject.doAs(this.loginContext.getSubject(), new InitializeContextAction(oid));
                    this.log.debug("Sending initial token");
                    try {
                        sendToken(this.secContext.initSecContext(new byte[0], 0, 0));
                    } catch (GSSException e) {
                        throw new UserAuthException("Exception sending initial token", (Throwable) e);
                    }
                } catch (PrivilegedActionException e2) {
                    throw new UserAuthException("Exception during context initialization", e2);
                }
            } catch (GSSException e3) {
                throw new UserAuthException("Exception constructing OID from server response", (Throwable) e3);
            }
        } catch (Buffer.BufferException e4) {
            throw new UserAuthException("Failed to read byte array from message buffer", e4);
        }
    }

    private byte[] handleTokenFromServer(SSHPacket sSHPacket) throws UserAuthException {
        try {
            byte[] readStringAsBytes = sSHPacket.readStringAsBytes();
            try {
                return this.secContext.initSecContext(readStringAsBytes, 0, readStringAsBytes.length);
            } catch (GSSException e) {
                throw new UserAuthException("Exception during token exchange", (Throwable) e);
            }
        } catch (Buffer.BufferException e2) {
            throw new UserAuthException("Failed to read string from message buffer", e2);
        }
    }

    private void sendToken(byte[] bArr) throws TransportException {
        this.params.getTransport().write(new SSHPacket(Message.USERAUTH_INFO_RESPONSE).putString(bArr));
    }

    @Override // net.schmizz.sshj.userauth.method.AbstractAuthMethod
    public SSHPacket buildReq() throws UserAuthException {
        SSHPacket putUInt32 = super.buildReq().putUInt32(this.mechanismOids.size());
        for (Oid oid : this.mechanismOids) {
            try {
                putUInt32.putString(oid.getDER());
            } catch (GSSException e) {
                throw new UserAuthException("Mechanism OID could not be encoded: " + oid.toString(), (Throwable) e);
            }
        }
        return putUInt32;
    }

    @Override // net.schmizz.sshj.userauth.method.AbstractAuthMethod, net.schmizz.sshj.common.SSHPacketHandler
    public void handle(Message message, SSHPacket sSHPacket) throws UserAuthException, TransportException {
        if (message == Message.USERAUTH_60) {
            handleContextInitialization(sSHPacket);
            return;
        }
        if (message != Message.USERAUTH_INFO_RESPONSE) {
            super.handle(message, sSHPacket);
            return;
        }
        byte[] handleTokenFromServer = handleTokenFromServer(sSHPacket);
        if (!this.secContext.isEstablished()) {
            this.log.debug("Sending token");
            sendToken(handleTokenFromServer);
        } else if (this.secContext.getIntegState()) {
            this.log.debug("Per-message integrity protection available: finalizing authentication with message integrity code");
            this.params.getTransport().write(new SSHPacket(Message.USERAUTH_GSSAPI_MIC).putString(generateMIC()));
        } else {
            this.log.debug("Per-message integrity protection unavailable: finalizing authentication");
            this.params.getTransport().write(new SSHPacket(Message.USERAUTH_GSSAPI_EXCHANGE_COMPLETE));
        }
    }
}
