package org.eclipse.jgit.internal.transport.sshd.proxy;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.text.MessageFormat;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.io.IoSession;
import org.apache.sshd.common.util.Readable;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.BufferUtils;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.internal.transport.sshd.GssApiMechanisms;
import org.eclipse.jgit.internal.transport.sshd.SshdText;
import org.eclipse.jgit.internal.transport.sshd.auth.AuthenticationHandler;
import org.eclipse.jgit.internal.transport.sshd.auth.BasicAuthentication;
import org.eclipse.jgit.internal.transport.sshd.auth.GssApiAuthentication;
import org.ietf.jgss.GSSContext;

/* loaded from: input_file:BOOT-INF/lib/org.eclipse.jgit.ssh.apache-5.13.1.202206130422-r.jar:org/eclipse/jgit/internal/transport/sshd/proxy/Socks5ClientConnector.class */
public class Socks5ClientConnector extends AbstractClientProxyConnector {
    private static final byte SOCKS_VERSION_5 = 5;
    private static final byte SOCKS_CMD_CONNECT = 1;
    private static final byte SOCKS_ADDRESS_IPv4 = 1;
    private static final byte SOCKS_ADDRESS_FQDN = 3;
    private static final byte SOCKS_ADDRESS_IPv6 = 4;
    private static final byte SOCKS_REPLY_SUCCESS = 0;
    private static final byte SOCKS_REPLY_FAILURE = 1;
    private static final byte SOCKS_REPLY_FORBIDDEN = 2;
    private static final byte SOCKS_REPLY_NETWORK_UNREACHABLE = 3;
    private static final byte SOCKS_REPLY_HOST_UNREACHABLE = 4;
    private static final byte SOCKS_REPLY_CONNECTION_REFUSED = 5;
    private static final byte SOCKS_REPLY_TTL_EXPIRED = 6;
    private static final byte SOCKS_REPLY_COMMAND_UNSUPPORTED = 7;
    private static final byte SOCKS_REPLY_ADDRESS_UNSUPPORTED = 8;
    private ProtocolState state;
    private AuthenticationHandler<Buffer, Buffer> authenticator;
    private GSSContext context;
    private byte[] authenticationProposals;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/org.eclipse.jgit.ssh.apache-5.13.1.202206130422-r.jar:org/eclipse/jgit/internal/transport/sshd/proxy/Socks5ClientConnector$ProtocolState.class */
    public enum ProtocolState {
        NONE,
        INIT { // from class: org.eclipse.jgit.internal.transport.sshd.proxy.Socks5ClientConnector.ProtocolState.1
            private static volatile /* synthetic */ int[] $SWITCH_TABLE$org$eclipse$jgit$internal$transport$sshd$proxy$Socks5ClientConnector$SocksAuthenticationMethod;

            @Override // org.eclipse.jgit.internal.transport.sshd.proxy.Socks5ClientConnector.ProtocolState
            public void handleMessage(Socks5ClientConnector socks5ClientConnector, IoSession ioSession, Buffer buffer) throws Exception {
                socks5ClientConnector.versionCheck(buffer.getByte());
                switch ($SWITCH_TABLE$org$eclipse$jgit$internal$transport$sshd$proxy$Socks5ClientConnector$SocksAuthenticationMethod()[socks5ClientConnector.getAuthMethod(buffer.getByte()).ordinal()]) {
                    case 1:
                        socks5ClientConnector.sendConnectInfo(ioSession);
                        return;
                    case 2:
                        socks5ClientConnector.doGssApiAuth(ioSession);
                        return;
                    case 3:
                        socks5ClientConnector.doPasswordAuth(ioSession);
                        return;
                    default:
                        throw new IOException(MessageFormat.format(SshdText.get().proxyCannotAuthenticate, socks5ClientConnector.proxyAddress));
                }
            }

            static /* synthetic */ int[] $SWITCH_TABLE$org$eclipse$jgit$internal$transport$sshd$proxy$Socks5ClientConnector$SocksAuthenticationMethod() {
                int[] iArr = $SWITCH_TABLE$org$eclipse$jgit$internal$transport$sshd$proxy$Socks5ClientConnector$SocksAuthenticationMethod;
                if (iArr != null) {
                    return iArr;
                }
                int[] iArr2 = new int[SocksAuthenticationMethod.valuesCustom().length];
                try {
                    iArr2[SocksAuthenticationMethod.ANONYMOUS.ordinal()] = 1;
                } catch (NoSuchFieldError unused) {
                }
                try {
                    iArr2[SocksAuthenticationMethod.GSSAPI.ordinal()] = 2;
                } catch (NoSuchFieldError unused2) {
                }
                try {
                    iArr2[SocksAuthenticationMethod.NONE_ACCEPTABLE.ordinal()] = 4;
                } catch (NoSuchFieldError unused3) {
                }
                try {
                    iArr2[SocksAuthenticationMethod.PASSWORD.ordinal()] = 3;
                } catch (NoSuchFieldError unused4) {
                }
                $SWITCH_TABLE$org$eclipse$jgit$internal$transport$sshd$proxy$Socks5ClientConnector$SocksAuthenticationMethod = iArr2;
                return iArr2;
            }
        },
        AUTHENTICATING { // from class: org.eclipse.jgit.internal.transport.sshd.proxy.Socks5ClientConnector.ProtocolState.2
            @Override // org.eclipse.jgit.internal.transport.sshd.proxy.Socks5ClientConnector.ProtocolState
            public void handleMessage(Socks5ClientConnector socks5ClientConnector, IoSession ioSession, Buffer buffer) throws Exception {
                socks5ClientConnector.authStep(ioSession, buffer);
            }
        },
        CONNECTING { // from class: org.eclipse.jgit.internal.transport.sshd.proxy.Socks5ClientConnector.ProtocolState.3
            @Override // org.eclipse.jgit.internal.transport.sshd.proxy.Socks5ClientConnector.ProtocolState
            public void handleMessage(Socks5ClientConnector socks5ClientConnector, IoSession ioSession, Buffer buffer) throws Exception {
                if (buffer.available() != 4) {
                    socks5ClientConnector.versionCheck(buffer.getByte());
                    socks5ClientConnector.establishConnection(buffer);
                }
            }
        },
        CONNECTED,
        FAILED;

        public void handleMessage(Socks5ClientConnector socks5ClientConnector, IoSession ioSession, Buffer buffer) throws Exception {
            throw new IOException(MessageFormat.format(SshdText.get().proxySocksUnexpectedMessage, socks5ClientConnector.proxyAddress, this, BufferUtils.toHex(buffer.array())));
        }

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static ProtocolState[] valuesCustom() {
            ProtocolState[] valuesCustom = values();
            int length = valuesCustom.length;
            ProtocolState[] protocolStateArr = new ProtocolState[length];
            System.arraycopy(valuesCustom, 0, protocolStateArr, 0, length);
            return protocolStateArr;
        }

        /* synthetic */ ProtocolState(ProtocolState protocolState) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/org.eclipse.jgit.ssh.apache-5.13.1.202206130422-r.jar:org/eclipse/jgit/internal/transport/sshd/proxy/Socks5ClientConnector$SocksAuthenticationMethod.class */
    public enum SocksAuthenticationMethod {
        ANONYMOUS(0),
        GSSAPI(1),
        PASSWORD(2),
        NONE_ACCEPTABLE(255);

        private byte value;

        SocksAuthenticationMethod(int i) {
            this.value = (byte) i;
        }

        public byte getValue() {
            return this.value;
        }

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static SocksAuthenticationMethod[] valuesCustom() {
            SocksAuthenticationMethod[] valuesCustom = values();
            int length = valuesCustom.length;
            SocksAuthenticationMethod[] socksAuthenticationMethodArr = new SocksAuthenticationMethod[length];
            System.arraycopy(valuesCustom, 0, socksAuthenticationMethodArr, 0, length);
            return socksAuthenticationMethodArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/org.eclipse.jgit.ssh.apache-5.13.1.202206130422-r.jar:org/eclipse/jgit/internal/transport/sshd/proxy/Socks5ClientConnector$SocksBasicAuthentication.class */
    public class SocksBasicAuthentication extends BasicAuthentication<Buffer, Buffer> {
        private static final byte SOCKS_BASIC_PROTOCOL_VERSION = 1;
        private static final byte SOCKS_BASIC_AUTH_SUCCESS = 0;

        public SocksBasicAuthentication() {
            super(Socks5ClientConnector.this.proxyAddress, Socks5ClientConnector.this.proxyUser, Socks5ClientConnector.this.proxyPassword);
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.eclipse.jgit.internal.transport.sshd.auth.BasicAuthentication, org.eclipse.jgit.internal.transport.sshd.auth.AuthenticationHandler
        public void process() throws Exception {
            this.done = true;
            if (((Buffer) this.params).getByte() != 1 || ((Buffer) this.params).getByte() != 0) {
                throw new IOException(MessageFormat.format(SshdText.get().proxySocksAuthenticationFailed, this.proxy));
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.eclipse.jgit.internal.transport.sshd.auth.BasicAuthentication
        public void askCredentials() {
            super.askCredentials();
            Socks5ClientConnector.this.adjustTimeout();
        }

        @Override // org.eclipse.jgit.internal.transport.sshd.auth.AuthenticationHandler
        public Buffer getToken() throws IOException {
            if (this.done) {
                return null;
            }
            try {
                byte[] bytes = this.user.getBytes(StandardCharsets.UTF_8);
                if (bytes.length > 255) {
                    throw new IOException(MessageFormat.format(SshdText.get().proxySocksUsernameTooLong, this.proxy, Integer.toString(bytes.length), this.user));
                }
                if (this.password.length > 255) {
                    throw new IOException(MessageFormat.format(SshdText.get().proxySocksPasswordTooLong, this.proxy, Integer.toString(this.password.length)));
                }
                ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer(3 + bytes.length + this.password.length, false);
                byteArrayBuffer.putByte((byte) 1);
                byteArrayBuffer.putByte((byte) bytes.length);
                byteArrayBuffer.putRawBytes(bytes);
                byteArrayBuffer.putByte((byte) this.password.length);
                byteArrayBuffer.putRawBytes(this.password);
                return byteArrayBuffer;
            } finally {
                clearPassword();
                this.done = true;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/org.eclipse.jgit.ssh.apache-5.13.1.202206130422-r.jar:org/eclipse/jgit/internal/transport/sshd/proxy/Socks5ClientConnector$SocksGssApiAuthentication.class */
    public class SocksGssApiAuthentication extends GssApiAuthentication<Buffer, Buffer> {
        private static final byte SOCKS5_GSSAPI_VERSION = 1;
        private static final byte SOCKS5_GSSAPI_TOKEN = 1;
        private static final int SOCKS5_GSSAPI_FAILURE = 255;

        public SocksGssApiAuthentication() {
            super(Socks5ClientConnector.this.proxyAddress);
        }

        @Override // org.eclipse.jgit.internal.transport.sshd.auth.GssApiAuthentication
        protected GSSContext createContext() throws Exception {
            return Socks5ClientConnector.this.context;
        }

        @Override // org.eclipse.jgit.internal.transport.sshd.auth.AuthenticationHandler
        public Buffer getToken() throws Exception {
            if (this.token == null) {
                return null;
            }
            ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer(4 + this.token.length, false);
            byteArrayBuffer.putByte((byte) 1);
            byteArrayBuffer.putByte((byte) 1);
            byteArrayBuffer.putByte((byte) ((this.token.length >> 8) & 255));
            byteArrayBuffer.putByte((byte) (this.token.length & 255));
            byteArrayBuffer.putRawBytes(this.token);
            return byteArrayBuffer;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.eclipse.jgit.internal.transport.sshd.auth.GssApiAuthentication
        public byte[] extractToken(Buffer buffer) throws Exception {
            int uByte;
            if (Socks5ClientConnector.this.context == null) {
                return null;
            }
            int uByte2 = buffer.getUByte();
            if (uByte2 != 1) {
                throw new IOException(MessageFormat.format(SshdText.get().proxySocksGssApiVersionMismatch, Socks5ClientConnector.this.remoteAddress, Integer.toString(uByte2)));
            }
            int uByte3 = buffer.getUByte();
            if (uByte3 == 255) {
                throw new IOException(MessageFormat.format(SshdText.get().proxySocksGssApiFailure, Socks5ClientConnector.this.remoteAddress));
            }
            if (uByte3 != 1) {
                throw new IOException(MessageFormat.format(SshdText.get().proxySocksGssApiUnknownMessage, Socks5ClientConnector.this.remoteAddress, Integer.toHexString(uByte3 & 255)));
            }
            if (buffer.available() < 2 || buffer.available() < (uByte = (buffer.getUByte() << 8) + buffer.getUByte())) {
                throw new IOException(MessageFormat.format(SshdText.get().proxySocksGssApiMessageTooShort, Socks5ClientConnector.this.remoteAddress));
            }
            byte[] bArr = new byte[uByte];
            if (uByte > 0) {
                buffer.getRawBytes(bArr);
            }
            return bArr;
        }
    }

    public Socks5ClientConnector(@NonNull InetSocketAddress inetSocketAddress, @NonNull InetSocketAddress inetSocketAddress2) {
        this(inetSocketAddress, inetSocketAddress2, null, null);
    }

    public Socks5ClientConnector(@NonNull InetSocketAddress inetSocketAddress, @NonNull InetSocketAddress inetSocketAddress2, String str, char[] cArr) {
        super(inetSocketAddress, inetSocketAddress2, str, cArr);
        this.state = ProtocolState.NONE;
    }

    @Override // org.apache.sshd.client.session.ClientProxyConnector
    public void sendClientProxyMetadata(ClientSession clientSession) throws Exception {
        init(clientSession);
        IoSession ioSession = clientSession.getIoSession();
        ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer(5, false);
        byteArrayBuffer.putByte((byte) 5);
        this.context = getGSSContext(this.remoteAddress);
        this.authenticationProposals = getAuthenticationProposals();
        byteArrayBuffer.putByte((byte) this.authenticationProposals.length);
        byteArrayBuffer.putRawBytes(this.authenticationProposals);
        this.state = ProtocolState.INIT;
        ioSession.writeBuffer(byteArrayBuffer).verify(getTimeout());
    }

    private byte[] getAuthenticationProposals() {
        byte[] bArr = new byte[3];
        int i = 0 + 1;
        bArr[0] = SocksAuthenticationMethod.ANONYMOUS.getValue();
        int i2 = i + 1;
        bArr[i] = SocksAuthenticationMethod.PASSWORD.getValue();
        if (this.context != null) {
            i2++;
            bArr[i2] = SocksAuthenticationMethod.GSSAPI.getValue();
        }
        if (i2 == bArr.length) {
            return bArr;
        }
        byte[] bArr2 = new byte[i2];
        System.arraycopy(bArr, 0, bArr2, 0, i2);
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void sendConnectInfo(IoSession ioSession) throws Exception {
        int length;
        byte b;
        GssApiMechanisms.closeContextSilently(this.context);
        byte[] rawAddress = getRawAddress(this.remoteAddress);
        byte[] bArr = null;
        if (rawAddress == null) {
            bArr = this.remoteAddress.getHostString().getBytes(StandardCharsets.US_ASCII);
            if (bArr == null || bArr.length == 0) {
                throw new IOException(MessageFormat.format(SshdText.get().proxySocksNoRemoteHostName, this.remoteAddress));
            }
            if (bArr.length > 255) {
                throw new IOException(MessageFormat.format("Proxy host name too long for SOCKS (at most 255 characters): {0}", this.remoteAddress.getHostString()));
            }
            b = 3;
            length = bArr.length + 1;
        } else {
            length = rawAddress.length;
            b = length == 4 ? (byte) 1 : (byte) 4;
        }
        ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer(4 + length + 2, false);
        byteArrayBuffer.putByte((byte) 5);
        byteArrayBuffer.putByte((byte) 1);
        byteArrayBuffer.putByte((byte) 0);
        byteArrayBuffer.putByte(b);
        if (bArr != null) {
            byteArrayBuffer.putByte((byte) bArr.length);
            byteArrayBuffer.putRawBytes(bArr);
        } else {
            byteArrayBuffer.putRawBytes(rawAddress);
        }
        int port = this.remoteAddress.getPort();
        if (port <= 0) {
            port = 22;
        }
        byteArrayBuffer.putByte((byte) ((port >> 8) & 255));
        byteArrayBuffer.putByte((byte) (port & 255));
        this.state = ProtocolState.CONNECTING;
        ioSession.writeBuffer(byteArrayBuffer).verify(getTimeout());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void doPasswordAuth(IoSession ioSession) throws Exception {
        GssApiMechanisms.closeContextSilently(this.context);
        this.authenticator = new SocksBasicAuthentication();
        ioSession.addCloseFutureListener(closeFuture -> {
            close();
        });
        startAuth(ioSession);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void doGssApiAuth(IoSession ioSession) throws Exception {
        this.authenticator = new SocksGssApiAuthentication();
        ioSession.addCloseFutureListener(closeFuture -> {
            close();
        });
        startAuth(ioSession);
    }

    private void close() {
        AuthenticationHandler<Buffer, Buffer> authenticationHandler = this.authenticator;
        this.authenticator = null;
        if (authenticationHandler != null) {
            authenticationHandler.close();
        }
    }

    private void startAuth(IoSession ioSession) throws Exception {
        Buffer buffer = null;
        try {
            this.authenticator.setParams(null);
            this.authenticator.start();
            Buffer token = this.authenticator.getToken();
            this.state = ProtocolState.AUTHENTICATING;
            if (token == null) {
                throw new IOException("No data for proxy authentication with " + this.proxyAddress);
            }
            ioSession.writeBuffer(token).verify(getTimeout());
            if (token != null) {
                token.clear(true);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                buffer.clear(true);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void authStep(IoSession ioSession, Buffer buffer) throws Exception {
        Buffer buffer2 = null;
        try {
            this.authenticator.setParams(buffer);
            this.authenticator.process();
            buffer2 = this.authenticator.getToken();
            if (buffer2 != null) {
                ioSession.writeBuffer(buffer2).verify(getTimeout());
            }
            if (buffer2 != null) {
                buffer2.clear(true);
            }
            if (this.authenticator.isDone()) {
                sendConnectInfo(ioSession);
            }
        } catch (Throwable th) {
            if (buffer2 != null) {
                buffer2.clear(true);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void establishConnection(Buffer buffer) throws Exception {
        switch (buffer.getByte()) {
            case 0:
                this.state = ProtocolState.CONNECTED;
                setDone(true);
                return;
            case 1:
                throw new IOException(MessageFormat.format(SshdText.get().proxySocksFailureGeneral, this.proxyAddress));
            case 2:
                throw new IOException(MessageFormat.format(SshdText.get().proxySocksFailureForbidden, this.proxyAddress, this.remoteAddress));
            case 3:
                throw new IOException(MessageFormat.format(SshdText.get().proxySocksFailureNetworkUnreachable, this.proxyAddress, this.remoteAddress));
            case 4:
                throw new IOException(MessageFormat.format(SshdText.get().proxySocksFailureHostUnreachable, this.proxyAddress, this.remoteAddress));
            case 5:
                throw new IOException(MessageFormat.format(SshdText.get().proxySocksFailureRefused, this.proxyAddress, this.remoteAddress));
            case 6:
                throw new IOException(MessageFormat.format(SshdText.get().proxySocksFailureTTL, this.proxyAddress));
            case 7:
                throw new IOException(MessageFormat.format(SshdText.get().proxySocksFailureUnsupportedCommand, this.proxyAddress));
            case 8:
                throw new IOException(MessageFormat.format(SshdText.get().proxySocksFailureUnsupportedAddress, this.proxyAddress));
            default:
                throw new IOException(MessageFormat.format(SshdText.get().proxySocksFailureUnspecified, this.proxyAddress));
        }
    }

    @Override // org.eclipse.jgit.internal.transport.sshd.proxy.StatefulProxyConnector
    public void messageReceived(IoSession ioSession, Readable readable) throws Exception {
        try {
            ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer(readable.available(), false);
            byteArrayBuffer.putBuffer(readable);
            byteArrayBuffer.compact();
            this.state.handleMessage(this, ioSession, byteArrayBuffer);
        } catch (Exception e) {
            this.state = ProtocolState.FAILED;
            if (this.authenticator != null) {
                this.authenticator.close();
                this.authenticator = null;
            }
            try {
                setDone(false);
            } catch (Exception e2) {
                e.addSuppressed(e2);
            }
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void versionCheck(byte b) throws Exception {
        if (b != 5) {
            throw new IOException(MessageFormat.format(SshdText.get().proxySocksUnexpectedVersion, Integer.toString(b & 255)));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SocksAuthenticationMethod getAuthMethod(byte b) {
        if (b != SocksAuthenticationMethod.NONE_ACCEPTABLE.getValue()) {
            byte[] bArr = this.authenticationProposals;
            int length = bArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (bArr[i] == b) {
                    for (SocksAuthenticationMethod socksAuthenticationMethod : SocksAuthenticationMethod.valuesCustom()) {
                        if (socksAuthenticationMethod.getValue() == b) {
                            return socksAuthenticationMethod;
                        }
                    }
                } else {
                    i++;
                }
            }
        }
        return SocksAuthenticationMethod.NONE_ACCEPTABLE;
    }

    private static byte[] getRawAddress(@NonNull InetSocketAddress inetSocketAddress) {
        InetAddress resolve = GssApiMechanisms.resolve(inetSocketAddress);
        if (resolve == null) {
            return null;
        }
        return resolve.getAddress();
    }

    private static GSSContext getGSSContext(@NonNull InetSocketAddress inetSocketAddress) {
        if (GssApiMechanisms.getSupportedMechanisms().contains(GssApiMechanisms.KERBEROS_5)) {
            return GssApiMechanisms.createContext(GssApiMechanisms.KERBEROS_5, GssApiMechanisms.getCanonicalName(inetSocketAddress));
        }
        return null;
    }
}
