package org.apache.sshd.server.auth.gss;

import A1.AbstractC0018j;
import java.util.Objects;
import org.apache.sshd.common.SshConstants;
import org.apache.sshd.common.SshException;
import org.apache.sshd.common.util.NumberUtils;
import org.apache.sshd.common.util.ValidateUtils;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.apache.sshd.server.auth.AbstractUserAuth;
import org.apache.sshd.server.session.ServerSession;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;

/* loaded from: classes.dex */
public class UserAuthGSS extends AbstractUserAuth {
    public static final Oid KRB5_MECH = createOID("1.2.840.113554.1.2.2");
    public static final Oid KRB5_NT_PRINCIPAL = createOID("1.2.840.113554.1.2.2.1");
    public static final String NAME = "gssapi-with-mic";
    private GSSContext context;
    private String identity;

    public UserAuthGSS() {
        super("gssapi-with-mic");
    }

    public static Oid createOID(String str) {
        try {
            return new Oid(str);
        } catch (GSSException unused) {
            return null;
        }
    }

    @Override // org.apache.sshd.server.auth.AbstractUserAuth, org.apache.sshd.server.auth.UserAuth
    public void destroy() {
        GSSContext gSSContext = this.context;
        if (gSSContext != null) {
            try {
                try {
                    gSSContext.dispose();
                } catch (GSSException e3) {
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("Failed ({}) to dispose of context: {}", e3.getClass().getSimpleName(), e3.getMessage());
                    }
                }
            } finally {
                this.context = null;
            }
        }
    }

    @Override // org.apache.sshd.server.auth.AbstractUserAuth
    public Boolean doAuth(Buffer buffer, boolean z2) {
        GSSManager gSSManager;
        GSSCredential gSSCredential;
        ServerSession serverSession = getServerSession();
        GSSAuthenticator gSSAuthenticator = serverSession.getGSSAuthenticator();
        Objects.requireNonNull(gSSAuthenticator, "No GSSAuthenticator configured");
        String username = getUsername();
        boolean isDebugEnabled = this.log.isDebugEnabled();
        if (z2) {
            int i3 = buffer.getInt();
            if (i3 < 0 || i3 > 32768) {
                this.log.error("doAuth({}@{}) Illogical OID entries count: {}", username, serverSession, Integer.valueOf(i3));
                throw new IndexOutOfBoundsException(AbstractC0018j.t(i3, "Illogical OID entries count: "));
            }
            boolean isTraceEnabled = this.log.isTraceEnabled();
            for (int i4 = 1; i4 <= i3; i4++) {
                Oid oid = new Oid(buffer.getBytes());
                if (oid.equals(KRB5_MECH)) {
                    if (isDebugEnabled) {
                        this.log.debug("doAuth({}@{}) found Kerberos 5 after {}/{} OID(s)", username, serverSession, Integer.valueOf(i4), Integer.valueOf(i3));
                    }
                    if (gSSAuthenticator.validateInitialUser(serverSession, username) && (gSSCredential = gSSAuthenticator.getGSSCredential((gSSManager = gSSAuthenticator.getGSSManager()))) != null) {
                        this.context = gSSManager.createContext(gSSCredential);
                        byte[] der = oid.getDER();
                        Buffer createBuffer = serverSession.createBuffer((byte) 60, der.length + 32);
                        createBuffer.putBytes(der);
                        serverSession.writePacket(createBuffer);
                        return null;
                    }
                    return Boolean.FALSE;
                }
                if (isTraceEnabled) {
                    this.log.trace("doAuth({}@{}) skip OID {}/{}: {}", username, serverSession, Integer.valueOf(i4), Integer.valueOf(i3), oid);
                }
            }
            return Boolean.FALSE;
        }
        int uByte = buffer.getUByte();
        if (uByte != 61 && (uByte != 66 || !this.context.isEstablished())) {
            throw new SshException(2, "Packet not supported by user authentication method: " + SshConstants.getCommandMessageName(uByte));
        }
        if (isDebugEnabled) {
            this.log.debug("doAuth({}@{}) In krb5.next: msg = {}", username, serverSession, SshConstants.getCommandMessageName(uByte));
        }
        if (!this.context.isEstablished()) {
            byte[] bytes = buffer.getBytes();
            byte[] acceptSecContext = this.context.acceptSecContext(bytes, 0, bytes.length);
            boolean isEstablished = this.context.isEstablished();
            if (isEstablished && this.identity == null) {
                String obj = this.context.getSrcName().toString();
                this.identity = obj;
                if (isDebugEnabled) {
                    this.log.debug("doAuth({}@{}) GSS identity is {}", username, serverSession, obj);
                }
                if (!gSSAuthenticator.validateIdentity(serverSession, this.identity)) {
                    return Boolean.FALSE;
                }
            }
            if (NumberUtils.length(acceptSecContext) <= 0) {
                return Boolean.valueOf(isEstablished);
            }
            Buffer createBuffer2 = serverSession.createBuffer(SshConstants.SSH_MSG_USERAUTH_INFO_RESPONSE, acceptSecContext.length + 32);
            createBuffer2.putBytes(acceptSecContext);
            serverSession.writePacket(createBuffer2);
            return null;
        }
        if (uByte != 66) {
            return Boolean.FALSE;
        }
        ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer();
        byteArrayBuffer.putBytes(ValidateUtils.checkNotNullAndNotEmpty(serverSession.getSessionId(), "No current session ID"));
        byteArrayBuffer.putByte(SshConstants.SSH_MSG_USERAUTH_REQUEST);
        byteArrayBuffer.putString(getUsername());
        byteArrayBuffer.putString(getService());
        byteArrayBuffer.putString(getName());
        byte[] compactData = byteArrayBuffer.getCompactData();
        byte[] bytes2 = buffer.getBytes();
        try {
            this.context.verifyMIC(bytes2, 0, bytes2.length, compactData, 0, compactData.length, new MessageProp(false));
            if (isDebugEnabled) {
                this.log.debug("doAuth({}@{}) MIC verified", getUsername(), serverSession);
            }
            return Boolean.TRUE;
        } catch (GSSException e3) {
            if (isDebugEnabled) {
                this.log.debug("doAuth({}@{}) GSS verification {} error: {}", username, serverSession, e3.getClass().getSimpleName(), e3.getMessage());
            }
            return Boolean.FALSE;
        }
    }
}
