package org.tmatesoft.svn.core.internal.io.dav.http;

import java.io.IOException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.tmatesoft.svn.core.SVNErrorCode;
import org.tmatesoft.svn.core.SVNErrorMessage;
import org.tmatesoft.svn.core.SVNException;
import org.tmatesoft.svn.core.internal.util.SVNBase64;
import org.tmatesoft.svn.core.internal.wc.SVNErrorManager;
import org.tmatesoft.svn.util.SVNLogType;

/* loaded from: input_file:bluej-dist.jar:lib/svnkit.jar:org/tmatesoft/svn/core/internal/io/dav/http/HTTPNegotiateAuthentication.class */
class HTTPNegotiateAuthentication extends HTTPAuthentication {
    private static volatile Boolean ourIsNegotiateSupported;
    private GSSManager myGSSManager;
    private GSSContext myGSSContext;
    private Oid mySpnegoOid;
    private Subject mySubject;
    private byte[] myToken;
    private int myTokenLength;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:bluej-dist.jar:lib/svnkit.jar:org/tmatesoft/svn/core/internal/io/dav/http/HTTPNegotiateAuthentication$SVNKitCallbackHandler.class */
    public class SVNKitCallbackHandler implements CallbackHandler {
        private final HTTPNegotiateAuthentication this$0;

        private SVNKitCallbackHandler(HTTPNegotiateAuthentication hTTPNegotiateAuthentication) {
            this.this$0 = hTTPNegotiateAuthentication;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (int i = 0; i < callbackArr.length; i++) {
                if (callbackArr[i] instanceof NameCallback) {
                    ((NameCallback) callbackArr[i]).setName(this.this$0.getUserName());
                } else if (callbackArr[i] instanceof PasswordCallback) {
                    ((PasswordCallback) callbackArr[i]).setPassword(this.this$0.getPassword() == null ? null : this.this$0.getPassword().toCharArray());
                }
            }
        }

        SVNKitCallbackHandler(HTTPNegotiateAuthentication hTTPNegotiateAuthentication, AnonymousClass1 anonymousClass1) {
            this(hTTPNegotiateAuthentication);
        }
    }

    public HTTPNegotiateAuthentication(HTTPNegotiateAuthentication hTTPNegotiateAuthentication) {
        this.myGSSManager = GSSManager.getInstance();
        if (hTTPNegotiateAuthentication != null) {
            this.mySubject = hTTPNegotiateAuthentication.mySubject;
        }
    }

    public HTTPNegotiateAuthentication() {
        this(null);
    }

    public static synchronized boolean isSupported() {
        if (ourIsNegotiateSupported == null) {
            try {
                ourIsNegotiateSupported = Boolean.valueOf(Arrays.asList(GSSManager.getInstance().getMechs()).contains(new Oid("1.3.6.1.5.5.2")));
            } catch (GSSException e) {
                ourIsNegotiateSupported = Boolean.FALSE;
            }
        }
        return ourIsNegotiateSupported.booleanValue();
    }

    @Override // org.tmatesoft.svn.core.internal.io.dav.http.HTTPAuthentication
    public String getAuthenticationScheme() {
        return "Negotiate";
    }

    private String getServerPrincipalName() {
        return new StringBuffer().append("HTTP@").append(getChallengeParameter("host")).toString();
    }

    public void respondTo(String str) {
        if (str == null) {
            this.myToken = new byte[0];
            this.myTokenLength = 0;
        } else {
            this.myToken = new byte[((str.length() * 3) + 3) / 4];
            this.myTokenLength = SVNBase64.base64ToByteArray(new StringBuffer(str), this.myToken);
        }
    }

    private void initializeSubject() {
        if (this.mySubject != null) {
            return;
        }
        try {
            LoginContext loginContext = new LoginContext("com.sun.security.jgss.krb5.initiate", new SVNKitCallbackHandler(this, null));
            loginContext.login();
            this.mySubject = loginContext.getSubject();
        } catch (LoginException e) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initializeContext() throws GSSException {
        if (this.mySpnegoOid == null) {
            this.mySpnegoOid = new Oid("1.3.6.1.5.5.2");
        }
        this.myGSSContext = this.myGSSManager.createContext(this.myGSSManager.createName(getServerPrincipalName(), GSSName.NT_HOSTBASED_SERVICE), this.mySpnegoOid, (GSSCredential) null, 0);
    }

    @Override // org.tmatesoft.svn.core.internal.io.dav.http.HTTPAuthentication
    public String authenticate() throws SVNException {
        if (!isStarted()) {
            initializeSubject();
        }
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction(this) { // from class: org.tmatesoft.svn.core.internal.io.dav.http.HTTPNegotiateAuthentication.1
            private final HTTPNegotiateAuthentication this$0;

            {
                this.this$0 = this;
            }

            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws SVNException {
                if (!this.this$0.isStarted()) {
                    try {
                        this.this$0.initializeContext();
                    } catch (GSSException e) {
                        SVNErrorManager.error(SVNErrorMessage.create(SVNErrorCode.RA_DAV_REQUEST_FAILED, "Negotiate authentication failed: ''{0}''", e.getMajorString()), SVNLogType.NETWORK);
                        return null;
                    }
                }
                try {
                    byte[] initSecContext = this.this$0.myGSSContext.initSecContext(this.this$0.myToken, 0, this.this$0.myTokenLength);
                    if (this.this$0.myToken != null) {
                        return new StringBuffer().append("Negotiate ").append(SVNBase64.byteArrayToBase64(initSecContext)).toString();
                    }
                    return null;
                } catch (GSSException e2) {
                    SVNErrorManager.error(SVNErrorMessage.create(SVNErrorCode.RA_DAV_REQUEST_FAILED, "Negotiate authentication failed: ''{0}''", e2.getMajorString()), SVNLogType.NETWORK);
                    return null;
                }
            }
        };
        if (this.mySubject == null) {
            try {
                return (String) privilegedExceptionAction.run();
            } catch (Exception e) {
                if (e instanceof SVNException) {
                    throw ((SVNException) e);
                }
                throw new RuntimeException(e);
            }
        }
        try {
            return (String) Subject.doAs(this.mySubject, privilegedExceptionAction);
        } catch (PrivilegedActionException e2) {
            Throwable cause = e2.getCause();
            if (cause instanceof SVNException) {
                throw ((SVNException) cause);
            }
            throw new RuntimeException(cause);
        }
    }

    public boolean isStarted() {
        return this.myGSSContext != null;
    }

    public boolean needsLogin() {
        initializeSubject();
        return this.mySubject == null;
    }
}
