package sa;

import java.io.File;
import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.LinkedHashMap;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.LifecycleException;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import ra.z;

/* loaded from: classes2.dex */
public class i extends sa.a {

    /* renamed from: p0, reason: collision with root package name */
    public static final String f11902p0 = "Negotiate";

    /* renamed from: k0, reason: collision with root package name */
    public final dc.b f11903k0 = dc.c.d(i.class);

    /* renamed from: l0, reason: collision with root package name */
    public String f11904l0 = sa.c.f11879i;

    /* renamed from: m0, reason: collision with root package name */
    public boolean f11905m0 = true;

    /* renamed from: n0, reason: collision with root package name */
    public Pattern f11906n0 = null;

    /* renamed from: o0, reason: collision with root package name */
    public boolean f11907o0 = true;

    /* loaded from: classes2.dex */
    public class a implements PrivilegedExceptionAction<GSSCredential> {
        public final /* synthetic */ GSSManager a;
        public final /* synthetic */ int b;

        public a(GSSManager gSSManager, int i10) {
            this.a = gSSManager;
            this.b = i10;
        }

        @Override // java.security.PrivilegedExceptionAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public GSSCredential run() throws GSSException {
            return this.a.createCredential((GSSName) null, this.b, new Oid("1.3.6.1.5.5.2"), 2);
        }
    }

    /* loaded from: classes2.dex */
    public static class b implements PrivilegedExceptionAction<byte[]> {
        public GSSContext a;
        public byte[] b;

        public b(GSSContext gSSContext, byte[] bArr) {
            this.a = gSSContext;
            this.b = bArr;
        }

        @Override // java.security.PrivilegedExceptionAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public byte[] run() throws GSSException {
            GSSContext gSSContext = this.a;
            byte[] bArr = this.b;
            return gSSContext.acceptSecContext(bArr, 0, bArr.length);
        }
    }

    /* loaded from: classes2.dex */
    public static class c implements PrivilegedAction<Principal> {
        public final z a;
        public final GSSContext b;

        /* renamed from: c, reason: collision with root package name */
        public final boolean f11909c;

        public c(z zVar, GSSContext gSSContext, boolean z10) {
            this.a = zVar;
            this.b = gSSContext;
            this.f11909c = z10;
        }

        @Override // java.security.PrivilegedAction
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Principal run() {
            return this.a.Z0(this.b, this.f11909c);
        }
    }

    /* loaded from: classes2.dex */
    public static class d {
        public final byte[] a;
        public int b = 0;

        public d(byte[] bArr) {
            this.a = bArr;
        }

        private void a() {
            int i10;
            if (g(96) && c() && e("1.3.6.1.5.5.2") && g(160) && c() && g(48) && c() && g(160)) {
                d();
                if (g(48)) {
                    int d10 = d();
                    int i11 = this.b;
                    LinkedHashMap linkedHashMap = new LinkedHashMap();
                    while (true) {
                        int i12 = this.b;
                        if (i12 >= i11 + d10) {
                            break;
                        }
                        String f10 = f();
                        int[] iArr = {i12, this.b - iArr[0]};
                        linkedHashMap.put(f10, iArr);
                    }
                    byte[] bArr = new byte[d10];
                    int[] iArr2 = (int[]) linkedHashMap.remove("1.2.840.113554.1.2.2");
                    if (iArr2 != null) {
                        System.arraycopy(this.a, iArr2[0], bArr, 0, iArr2[1]);
                        i10 = iArr2[1] + 0;
                    } else {
                        i10 = 0;
                    }
                    for (int[] iArr3 : linkedHashMap.values()) {
                        System.arraycopy(this.a, iArr3[0], bArr, i10, iArr3[1]);
                        i10 += iArr3[1];
                    }
                    System.arraycopy(bArr, 0, this.a, i11, d10);
                }
            }
        }

        public static void b(byte[] bArr) {
            new d(bArr).a();
        }

        private boolean c() {
            return this.b + d() == this.a.length;
        }

        private int d() {
            byte[] bArr = this.a;
            int i10 = this.b;
            this.b = i10 + 1;
            int i11 = bArr[i10] & 255;
            if (i11 <= 127) {
                return i11;
            }
            int i12 = i11 - 128;
            int i13 = 0;
            for (int i14 = 0; i14 < i12; i14++) {
                byte[] bArr2 = this.a;
                int i15 = this.b;
                this.b = i15 + 1;
                i13 = (i13 << 8) + (bArr2[i15] & 255);
            }
            return i13;
        }

        private boolean e(String str) {
            return str.equals(f());
        }

        private String f() {
            if (!g(6)) {
                return null;
            }
            StringBuilder sb2 = new StringBuilder();
            int d10 = d();
            byte[] bArr = this.a;
            int i10 = this.b;
            this.b = i10 + 1;
            int i11 = bArr[i10] & 255;
            int i12 = i11 % 40;
            sb2.append((i11 - i12) / 40);
            sb2.append(pb.i.b);
            sb2.append(i12);
            int i13 = 0;
            boolean z10 = false;
            for (int i14 = 1; i14 < d10; i14++) {
                byte[] bArr2 = this.a;
                int i15 = this.b;
                this.b = i15 + 1;
                int i16 = bArr2[i15] & 255;
                if (i16 > 127) {
                    i16 -= 128;
                } else {
                    z10 = true;
                }
                i13 = (i13 << 7) + i16;
                if (z10) {
                    sb2.append(pb.i.b);
                    sb2.append(i13);
                    i13 = 0;
                    z10 = false;
                }
            }
            return sb2.toString();
        }

        private boolean g(int i10) {
            byte[] bArr = this.a;
            int i11 = this.b;
            this.b = i11 + 1;
            return (bArr[i11] & 255) == i10;
        }
    }

    @Override // sa.a
    public String A8() {
        return sa.c.a;
    }

    public boolean c9() {
        return this.f11907o0;
    }

    public String d9() {
        return this.f11904l0;
    }

    public String e9() {
        Pattern pattern = this.f11906n0;
        if (pattern == null) {
            return null;
        }
        return pattern.pattern();
    }

    public boolean f9() {
        return this.f11905m0;
    }

    public void g9(boolean z10) {
        this.f11907o0 = z10;
    }

    @Override // lb.p, kb.l, kb.k
    public void h8() throws LifecycleException {
        super.h8();
        if (System.getProperty(sa.c.f11875e) == null) {
            System.setProperty(sa.c.f11875e, new File(this.f8949f.q(), sa.c.f11876f).getAbsolutePath());
        }
        if (System.getProperty(sa.c.f11877g) == null) {
            System.setProperty(sa.c.f11877g, new File(this.f8949f.q(), sa.c.f11878h).getAbsolutePath());
        }
    }

    public void h9(String str) {
        this.f11904l0 = str;
    }

    public void i9(String str) {
        if (str == null || str.length() == 0) {
            this.f11906n0 = null;
        } else {
            this.f11906n0 = Pattern.compile(str);
        }
    }

    public void j9(boolean z10) {
        this.f11905m0 = z10;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r11v13 */
    /* JADX WARN: Type inference failed for: r11v6, types: [int] */
    /* JADX WARN: Type inference failed for: r11v8 */
    /* JADX WARN: Type inference failed for: r12v0, types: [int] */
    /* JADX WARN: Type inference failed for: r12v2 */
    /* JADX WARN: Type inference failed for: r12v9, types: [javax.security.auth.login.LoginContext] */
    @Override // sa.a
    public boolean w8(ua.h hVar, HttpServletResponse httpServletResponse) throws IOException {
        GSSContext gSSContext;
        MessageBytes k10;
        if (u8(hVar, httpServletResponse, true)) {
            return true;
        }
        MessageBytes k11 = hVar.x0().u().k("authorization");
        if (k11 == null) {
            if (this.f11903k0.e()) {
                this.f11903k0.a(sa.a.f11849h0.g("authenticator.noAuthHeader"));
            }
            httpServletResponse.d(sa.a.f11850i0, f11902p0);
            httpServletResponse.y(401);
            return false;
        }
        k11.toBytes();
        ByteChunk byteChunk = k11.getByteChunk();
        if (!byteChunk.startsWithIgnoreCase("negotiate ", 0)) {
            if (this.f11903k0.e()) {
                this.f11903k0.a(sa.a.f11849h0.g("spnegoAuthenticator.authHeaderNotNego"));
            }
            httpServletResponse.d(sa.a.f11850i0, f11902p0);
            httpServletResponse.y(401);
            return false;
        }
        byteChunk.setOffset(byteChunk.getOffset() + 10);
        byte[] buffer = byteChunk.getBuffer();
        LoginContext offset = byteChunk.getOffset();
        byte[] x10 = nc.a.x(buffer, offset, byteChunk.getLength());
        if (c9()) {
            d.b(x10);
        }
        GSSContext length = x10.length;
        try {
            if (length == 0) {
                if (this.f11903k0.e()) {
                    this.f11903k0.a(sa.a.f11849h0.g("spnegoAuthenticator.authHeaderNoToken"));
                }
                httpServletResponse.d(sa.a.f11850i0, f11902p0);
                httpServletResponse.y(401);
                return false;
            }
            try {
                offset = new LoginContext(d9());
                try {
                    try {
                        offset.login();
                        Subject subject = offset.getSubject();
                        GSSManager gSSManager = GSSManager.getInstance();
                        gSSContext = gSSManager.createContext((GSSCredential) Subject.doAs(subject, new a(gSSManager, pc.d.b ? Integer.MAX_VALUE : 0)));
                        try {
                            byte[] bArr = (byte[]) Subject.doAs(offset.getSubject(), new b(gSSContext, x10));
                            if (bArr == null) {
                                if (this.f11903k0.e()) {
                                    this.f11903k0.a(sa.a.f11849h0.g("spnegoAuthenticator.ticketValidateFail"));
                                }
                                httpServletResponse.d(sa.a.f11850i0, f11902p0);
                                httpServletResponse.y(401);
                                if (gSSContext != null) {
                                    try {
                                        gSSContext.dispose();
                                    } catch (GSSException unused) {
                                    }
                                }
                                try {
                                    offset.logout();
                                } catch (LoginException unused2) {
                                }
                                return false;
                            }
                            Principal principal = (Principal) Subject.doAs(subject, new c(this.f11862n.a7(), gSSContext, this.f11905m0));
                            if (gSSContext != null) {
                                try {
                                    gSSContext.dispose();
                                } catch (GSSException unused3) {
                                }
                            }
                            try {
                                offset.logout();
                            } catch (LoginException unused4) {
                            }
                            httpServletResponse.d(sa.a.f11850i0, "Negotiate " + nc.a.E(bArr));
                            if (principal == null) {
                                httpServletResponse.y(401);
                                return false;
                            }
                            Q8(hVar, httpServletResponse, principal, sa.c.a, principal.getName(), null);
                            Pattern pattern = this.f11906n0;
                            if (pattern != null && (k10 = hVar.x0().u().k("user-agent")) != null && pattern.matcher(k10.toString()).matches()) {
                                httpServletResponse.d(yb.c.f15713n, yb.c.f15714o);
                            }
                            return true;
                        } catch (GSSException e10) {
                            e = e10;
                            if (this.f11903k0.e()) {
                                this.f11903k0.b(sa.a.f11849h0.g("spnegoAuthenticator.ticketValidateFail"), e);
                            }
                            httpServletResponse.d(sa.a.f11850i0, f11902p0);
                            httpServletResponse.y(401);
                            if (gSSContext != null) {
                                try {
                                    gSSContext.dispose();
                                } catch (GSSException unused5) {
                                }
                            }
                            if (offset == 0) {
                                return false;
                            }
                            try {
                                offset.logout();
                                return false;
                            } catch (LoginException unused6) {
                                return false;
                            }
                        } catch (PrivilegedActionException e11) {
                            e = e11;
                            if (!(e.getCause() instanceof GSSException)) {
                                this.f11903k0.l(sa.a.f11849h0.g("spnegoAuthenticator.serviceLoginFail"), e);
                            } else if (this.f11903k0.e()) {
                                this.f11903k0.b(sa.a.f11849h0.g("spnegoAuthenticator.serviceLoginFail"), e);
                            }
                            httpServletResponse.d(sa.a.f11850i0, f11902p0);
                            httpServletResponse.y(401);
                            if (gSSContext != null) {
                                try {
                                    gSSContext.dispose();
                                } catch (GSSException unused7) {
                                }
                            }
                            if (offset == 0) {
                                return false;
                            }
                            try {
                                offset.logout();
                                return false;
                            } catch (LoginException unused8) {
                                return false;
                            }
                        }
                    } catch (LoginException e12) {
                        e = e12;
                        this.f11903k0.l(sa.a.f11849h0.g("spnegoAuthenticator.serviceLoginFail"), e);
                        httpServletResponse.y(500);
                        if (offset == 0) {
                            return false;
                        }
                        try {
                            offset.logout();
                            return false;
                        } catch (LoginException unused9) {
                            return false;
                        }
                    }
                } catch (GSSException e13) {
                    e = e13;
                    gSSContext = null;
                } catch (PrivilegedActionException e14) {
                    e = e14;
                    gSSContext = null;
                } catch (Throwable th) {
                    th = th;
                    length = 0;
                    if (length != 0) {
                        try {
                            length.dispose();
                        } catch (GSSException unused10) {
                        }
                    }
                    if (offset == 0) {
                        throw th;
                    }
                    try {
                        offset.logout();
                        throw th;
                    } catch (LoginException unused11) {
                        throw th;
                    }
                }
            } catch (PrivilegedActionException e15) {
                e = e15;
                gSSContext = null;
                offset = 0;
            } catch (LoginException e16) {
                e = e16;
                offset = 0;
            } catch (GSSException e17) {
                e = e17;
                gSSContext = null;
                offset = 0;
            } catch (Throwable th2) {
                th = th2;
                length = 0;
                offset = 0;
            }
        } catch (Throwable th3) {
            th = th3;
        }
    }
}
