package org.openmdx.uses.net.sourceforge.jradiusclient;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigDecimal;
import java.math.BigInteger;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
import java.net.InetAddress;
import java.net.SocketException;
import java.net.UnknownHostException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Random;
import java.util.logging.Logger;
import org.openmdx.kernel.collection.ArraysExtension;
import org.openmdx.kernel.text.MultiLineStringRepresentation;
import org.openmdx.kernel.text.format.ByteArrayFormatter;
import org.openmdx.kernel.text.format.DatagramPacketFormatter;
import org.openmdx.kernel.text.format.IndentingFormatter;
import org.openmdx.uses.net.sourceforge.jradiusclient.exception.InvalidParameterException;
import org.openmdx.uses.net.sourceforge.jradiusclient.exception.RadiusException;

/* loaded from: input_file:org/openmdx/uses/net/sourceforge/jradiusclient/RadiusClient.class */
public class RadiusClient extends AbstractRadiusClient implements RadiusConnection, MultiLineStringRepresentation {
    private static byte[] NAS_ID;
    private static final int AUTH_LOOP_COUNT = 3;
    private static final int ACCT_LOOP_COUNT = 3;
    private static final int DEFAULT_AUTH_PORT = 1812;
    private static final int DEFAULT_ACCT_PORT = 1813;
    public static final int DEFAULT_SOCKET_TIMEOUT = 6000;
    private byte[] sharedSecret;
    private InetAddress[] hostname;
    private int[] authenticationPort;
    private int[] accountingPort;
    private DatagramSocket socket;
    private int socketTimeout;
    private MessageDigest md5MessageDigest;
    private final byte[] NAS_IP;
    private boolean valid;
    public static final String ENCODING = "UTF-8";
    private int authenticationRetries;
    private int accountingRetries;

    public RadiusClient(String str, String str2) throws RadiusException, InvalidParameterException {
        this(str, DEFAULT_AUTH_PORT, DEFAULT_ACCT_PORT, str2, DEFAULT_SOCKET_TIMEOUT);
    }

    public RadiusClient(String str, int i, int i2, String str2) throws RadiusException, InvalidParameterException {
        this(str, i, i2, str2, DEFAULT_SOCKET_TIMEOUT);
    }

    public RadiusClient(String str, int i, int i2, String str2, int i3) throws RadiusException, InvalidParameterException {
        this(new String[]{str}, new int[]{i}, new int[]{i2}, str2, new BigDecimal(BigInteger.valueOf(i3), 3), Logger.getLogger("org.openmdx.uses.net.sourceforge.jradiusclient"), false, null);
    }

    public RadiusClient(String[] strArr, int[] iArr, int[] iArr2, String str, BigDecimal bigDecimal, Logger logger, boolean z, InetAddress inetAddress) throws RadiusException, InvalidParameterException {
        super(logger, z);
        this.sharedSecret = null;
        this.hostname = null;
        this.authenticationPort = null;
        this.accountingPort = null;
        this.socket = null;
        this.socketTimeout = DEFAULT_SOCKET_TIMEOUT;
        this.authenticationRetries = 3;
        this.accountingRetries = 3;
        setProvider(strArr, iArr, iArr2);
        if (strArr.length > 1) {
            this.authenticationRetries = strArr.length;
            this.accountingRetries = strArr.length;
        }
        setSharedSecret(str);
        try {
            this.socket = new DatagramSocket();
            setTimeout(bigDecimal == null ? DEFAULT_SOCKET_TIMEOUT : bigDecimal.scaleByPowerOfTen(3).intValue());
            try {
                this.md5MessageDigest = MessageDigest.getInstance("MD5");
                this.NAS_IP = inetAddress == null ? null : inetAddress.getAddress();
                this.valid = true;
                logInfo("Radius client instance #{0} created");
            } catch (NoSuchAlgorithmException e) {
                throw new RadiusException(e);
            }
        } catch (SocketException e2) {
            throw new RadiusException(e2);
        }
    }

    @Override // org.openmdx.uses.net.sourceforge.jradiusclient.RadiusConnection
    public RadiusPacket authenticate(RadiusPacket radiusPacket) throws RadiusException, InvalidParameterException {
        return authenticate(radiusPacket, this.authenticationRetries);
    }

    public RadiusPacket authenticate(RadiusPacket radiusPacket, int i) throws RadiusException, InvalidParameterException {
        if (null == radiusPacket) {
            throw new InvalidParameterException("accessRequest parameter cannot be null");
        }
        if (i < 0) {
            throw new InvalidParameterException("retries must be zero or greater!");
        }
        if (i == 0) {
            i = 3;
        }
        byte packetType = radiusPacket.getPacketType();
        if (packetType != 1) {
            throw new InvalidParameterException("Invalid packet type submitted to authenticate");
        }
        byte packetIdentifier = radiusPacket.getPacketIdentifier();
        byte[] makeRFC2865RequestAuthenticator = makeRFC2865RequestAuthenticator();
        try {
            byte[] value = radiusPacket.getAttribute(2).getValue();
            if (value.length > 0) {
                radiusPacket.setAttribute(new RadiusAttribute(2, encodePapPassword(value, makeRFC2865RequestAuthenticator)));
            }
        } catch (RadiusException e) {
        }
        if (this.NAS_IP == null) {
            radiusPacket.setAttribute(new RadiusAttribute(32, NAS_ID));
        } else {
            radiusPacket.setAttribute(new RadiusAttribute(4, this.NAS_IP));
        }
        byte[] attributeBytes = radiusPacket.getAttributeBytes(4, 61, 1, 2);
        return sendReceivePacket(packetType, packetIdentifier, (short) (20 + attributeBytes.length), makeRFC2865RequestAuthenticator, attributeBytes, i, radiusPacket.getSocketIndex(), getHostname(), getAuthPort());
    }

    @Override // org.openmdx.uses.net.sourceforge.jradiusclient.RadiusConnection
    public RadiusPacket account(RadiusPacket radiusPacket) throws InvalidParameterException, RadiusException {
        if (null == radiusPacket) {
            throw new InvalidParameterException("requestPacket parameter cannot be null");
        }
        byte packetType = radiusPacket.getPacketType();
        if (packetType != 4) {
            throw new InvalidParameterException("Invalid type passed in for RadiusPacket");
        }
        try {
            radiusPacket.getAttribute(1);
            radiusPacket.getAttribute(40);
            radiusPacket.getAttribute(44);
            radiusPacket.getAttribute(6);
            byte packetIdentifier = radiusPacket.getPacketIdentifier();
            if (this.NAS_IP == null) {
                radiusPacket.setAttribute(new RadiusAttribute(32, NAS_ID));
            } else {
                radiusPacket.setAttribute(new RadiusAttribute(4, this.NAS_IP));
            }
            byte[] attributeBytes = radiusPacket.getAttributeBytes();
            short length = (short) (20 + attributeBytes.length);
            RadiusPacket sendReceivePacket = sendReceivePacket(packetType, packetIdentifier, length, makeRFC2866RequestAuthenticator(packetType, packetIdentifier, length, attributeBytes), attributeBytes, this.accountingRetries, radiusPacket.getSocketIndex(), getHostname(), getAcctPort());
            if (5 != sendReceivePacket.getPacketType()) {
                throw new RadiusException("The radius Server responded with an incorrect response type.");
            }
            return sendReceivePacket;
        } catch (RadiusException e) {
            throw new InvalidParameterException("Missing RadiusAttribute in Accounting RequestPacket: " + e.getMessage());
        }
    }

    private byte[] encodePapPassword(byte[] bArr, byte[] bArr2) {
        byte[] bArr3;
        if (bArr.length > 128) {
            bArr3 = new byte[128];
            System.arraycopy(bArr, 0, bArr3, 0, 128);
        } else {
            bArr3 = bArr;
        }
        byte[] bArr4 = bArr3.length < 128 ? bArr3.length % 16 == 0 ? new byte[bArr3.length] : new byte[((bArr3.length / 16) * 16) + 16] : new byte[128];
        System.arraycopy(bArr3, 0, bArr4, 0, bArr3.length);
        for (int length = bArr3.length; length < bArr4.length; length++) {
            bArr4[length] = 0;
        }
        this.md5MessageDigest.reset();
        this.md5MessageDigest.update(this.sharedSecret);
        this.md5MessageDigest.update(bArr2);
        byte[] digest = this.md5MessageDigest.digest();
        for (int i = 0; i < 16; i++) {
            bArr4[i] = (byte) (digest[i] ^ bArr4[i]);
        }
        if (bArr4.length > 16) {
            for (int i2 = 16; i2 < bArr4.length; i2 += 16) {
                this.md5MessageDigest.reset();
                this.md5MessageDigest.update(this.sharedSecret);
                this.md5MessageDigest.update(bArr4, i2 - 16, 16);
                byte[] digest2 = this.md5MessageDigest.digest();
                for (int i3 = 0; i3 < 16; i3++) {
                    bArr4[i2 + i3] = (byte) (digest2[i3] ^ bArr4[i2 + i3]);
                }
            }
        }
        return bArr4;
    }

    private byte[] makeRFC2865RequestAuthenticator() {
        byte[] bArr = new byte[16];
        Random random = new Random();
        for (int i = 0; i < 16; i++) {
            bArr[i] = (byte) random.nextInt();
        }
        this.md5MessageDigest.reset();
        this.md5MessageDigest.update(this.sharedSecret);
        this.md5MessageDigest.update(bArr);
        return this.md5MessageDigest.digest();
    }

    private byte[] makeRFC2865ResponseAuthenticator(byte b, byte b2, short s, byte[] bArr, byte[] bArr2) {
        this.md5MessageDigest.reset();
        this.md5MessageDigest.update(b);
        this.md5MessageDigest.update(b2);
        this.md5MessageDigest.update((byte) (s >> 8));
        this.md5MessageDigest.update((byte) (s & 255));
        this.md5MessageDigest.update(bArr, 0, bArr.length);
        this.md5MessageDigest.update(bArr2, 0, bArr2.length);
        this.md5MessageDigest.update(this.sharedSecret);
        return this.md5MessageDigest.digest();
    }

    private byte[] makeRFC2866RequestAuthenticator(byte b, byte b2, short s, byte[] bArr) {
        byte[] bArr2 = new byte[16];
        for (int i = 0; i < 16; i++) {
            bArr2[i] = 0;
        }
        this.md5MessageDigest.reset();
        this.md5MessageDigest.update(b);
        this.md5MessageDigest.update(b2);
        this.md5MessageDigest.update((byte) (s >> 8));
        this.md5MessageDigest.update((byte) (s & 255));
        this.md5MessageDigest.update(bArr2, 0, bArr2.length);
        this.md5MessageDigest.update(bArr, 0, bArr.length);
        this.md5MessageDigest.update(this.sharedSecret);
        return this.md5MessageDigest.digest();
    }

    private void setProvider(String[] strArr, int[] iArr, int[] iArr2) throws InvalidParameterException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        if (strArr == null) {
            arrayList.add("Hostname array can not be null");
        } else if (iArr == null || iArr2 == null) {
            arrayList.add("Port array can not be null");
        } else if (strArr.length == 0) {
            arrayList.add("Hostname array can't be empty");
        } else if (strArr.length != iArr.length || strArr.length != iArr2.length) {
            arrayList.add("Hostname and port arrays must have the same length");
        }
        if (arrayList.isEmpty()) {
            for (int i = 0; i < strArr.length; i++) {
                int size = arrayList.size();
                if (iArr[i] < 0 || iArr[i] > 65535) {
                    arrayList.add("authorizationPort[" + i + "] out of range: " + iArr[i]);
                }
                if (iArr2[i] < 0 || iArr2[i] > 65535) {
                    arrayList.add("accountingPort[" + i + "] out of range: " + iArr2[i]);
                }
                if (null == strArr[i]) {
                    arrayList.add("Hostname[" + i + "] is null");
                } else if (RadiusPacket.EMPTYSTRING.equals(strArr[i].trim())) {
                    arrayList.add("Hostname[" + i + "] is empty or blank");
                }
                if (size == arrayList.size()) {
                    try {
                        arrayList2.add(InetAddress.getByName(strArr[i]));
                        arrayList4.add(Integer.valueOf(iArr[i]));
                        arrayList3.add(Integer.valueOf(iArr2[i]));
                    } catch (UnknownHostException e) {
                        arrayList.add("Hostname[" + i + "] could not be resolved: " + strArr[i]);
                    }
                }
            }
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                super.logWarning("Radius Client #{0}: {1}", it.next());
            }
            int size2 = arrayList2.size();
            if (size2 == 0) {
                logSevere("Radius Client #{0}: None of the host configurations was acceptable");
                throw new InvalidParameterException("None of the host configurations was acceptable: " + arrayList);
            }
            this.hostname = new InetAddress[size2];
            this.authenticationPort = new int[size2];
            this.accountingPort = new int[size2];
            for (int i2 = 0; i2 < size2; i2++) {
                this.hostname[i2] = (InetAddress) arrayList2.get(i2);
                this.authenticationPort[i2] = ((Number) arrayList4.get(i2)).intValue();
                this.accountingPort[i2] = ((Number) arrayList3.get(i2)).intValue();
            }
        }
    }

    public InetAddress[] getHostname() {
        return this.hostname;
    }

    public int[] getAuthPort() {
        return this.authenticationPort;
    }

    public int[] getAcctPort() {
        return this.accountingPort;
    }

    protected byte[] getSharedSecret() {
        return this.sharedSecret;
    }

    private void setSharedSecret(String str) throws InvalidParameterException {
        if (str == null) {
            throw new InvalidParameterException("Shared secret can not be null!");
        }
        if (str.equals(RadiusPacket.EMPTYSTRING)) {
            throw new InvalidParameterException("Shared secret can not be an empty string!");
        }
        try {
            this.sharedSecret = str.getBytes(ENCODING);
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Unsupported encoding \"UTF-8\": " + e.getMessage());
        }
    }

    public int getTimeout() {
        return this.socketTimeout;
    }

    private void setTimeout(int i) throws InvalidParameterException {
        if (i < 0) {
            throw new InvalidParameterException("A negative timeout value is not allowed!");
        }
        this.socketTimeout = i;
        try {
            if (null == this.socket) {
                this.socket = new DatagramSocket();
            }
            this.socket.setSoTimeout(this.socketTimeout);
        } catch (SocketException e) {
        }
    }

    private RadiusPacket checkRadiusPacket(DatagramPacket datagramPacket, byte b, byte[] bArr, int i) throws RadiusException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(datagramPacket.getData());
            try {
                DataInputStream dataInputStream = new DataInputStream(byteArrayInputStream);
                try {
                    datagramPacket.getLength();
                    byte readByte = dataInputStream.readByte();
                    int i2 = readByte & 255;
                    byte readByte2 = dataInputStream.readByte();
                    if (readByte2 != b) {
                        throw new RadiusException("The RADIUS Server returned the wrong Identifier.");
                    }
                    short readShort = (short) (dataInputStream.readShort() & 65535);
                    byte[] bArr2 = new byte[16];
                    dataInputStream.readFully(bArr2);
                    byte[] bArr3 = new byte[readShort - 20];
                    dataInputStream.readFully(bArr3);
                    byte[] makeRFC2865ResponseAuthenticator = makeRFC2865ResponseAuthenticator(readByte, readByte2, readShort, bArr, bArr3);
                    if (bArr2.length != 16 || makeRFC2865ResponseAuthenticator.length != 16) {
                        throw new RadiusException("Authenticator length is incorrect.");
                    }
                    for (int i3 = 0; i3 < bArr2.length; i3++) {
                        if (bArr2[i3] != makeRFC2865ResponseAuthenticator[i3]) {
                            logWarning("Radius Client #{0}: Response Authenticator Mismatch (Identifier={1})\n{2}\n{3}", readByte2, new ByteArrayFormatter(makeRFC2865ResponseAuthenticator, 0, makeRFC2865ResponseAuthenticator.length, "Calculated Response Authenticator"), new ByteArrayFormatter(bArr2, 0, bArr2.length, "Received Response Authenticator"));
                            throw new RadiusException("Authenticators do not match, response packet not validated!");
                        }
                    }
                    RadiusPacket radiusPacket = new RadiusPacket(i2, readByte2, i);
                    int length = bArr3.length;
                    if (length > 0) {
                        dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr3));
                        int i4 = 0;
                        while (i4 < length) {
                            try {
                                int readByte3 = dataInputStream.readByte() & 255;
                                int readByte4 = dataInputStream.readByte() & 255;
                                byte[] bArr4 = new byte[readByte4 - 2];
                                dataInputStream.read(bArr4, 0, readByte4 - 2);
                                radiusPacket.setAttribute(new RadiusAttribute(readByte3, bArr4));
                                i4 += readByte4;
                            } finally {
                                try {
                                    dataInputStream.close();
                                } catch (Throwable th) {
                                    th.addSuppressed(th);
                                }
                            }
                        }
                        dataInputStream.close();
                    }
                    dataInputStream.close();
                    byteArrayInputStream.close();
                    return radiusPacket;
                } catch (Throwable th2) {
                    throw th2;
                }
            } catch (Throwable th3) {
                try {
                    byteArrayInputStream.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
                throw th3;
            }
        } catch (IOException e) {
            throw new RadiusException(e);
        } catch (InvalidParameterException e2) {
            throw new RadiusException(e2, "Invalid response attributes sent back from server.");
        }
    }

    private DatagramPacket composeRadiusPacket(byte b, byte b2, short s, byte[] bArr, byte[] bArr2) throws RadiusException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
                try {
                    dataOutputStream.writeByte(b);
                    dataOutputStream.writeByte(b2);
                    dataOutputStream.writeShort(s);
                    dataOutputStream.write(bArr, 0, 16);
                    dataOutputStream.write(bArr2, 0, bArr2.length);
                    DatagramPacket datagramPacket = new DatagramPacket(new byte[s], s);
                    datagramPacket.setLength(s);
                    datagramPacket.setData(byteArrayOutputStream.toByteArray());
                    dataOutputStream.close();
                    byteArrayOutputStream.close();
                    return datagramPacket;
                } catch (Throwable th) {
                    try {
                        dataOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new RadiusException(e);
        }
    }

    private RadiusPacket sendReceivePacket(byte b, byte b2, short s, byte[] bArr, byte[] bArr2, int i, int i2, InetAddress[] inetAddressArr, int[] iArr) throws RadiusException {
        int length;
        try {
            DatagramPacket composeRadiusPacket = composeRadiusPacket(b, b2, s, bArr, bArr2);
            if (composeRadiusPacket.getLength() > 4096) {
                throw new RadiusException("Packet too big!");
            }
            if (composeRadiusPacket.getLength() < 20) {
                throw new RadiusException("Packet too short !");
            }
            DatagramPacket datagramPacket = new DatagramPacket(new byte[RadiusPacket.MAX_PACKET_LENGTH], RadiusPacket.MAX_PACKET_LENGTH);
            IOException iOException = null;
            for (int i3 = 0; i3 < i; i3++) {
                if (i2 < 0) {
                    try {
                        length = i3 % inetAddressArr.length;
                    } catch (IOException e) {
                        iOException = e;
                    }
                } else {
                    length = i2;
                }
                int i4 = length;
                composeRadiusPacket.setAddress(inetAddressArr[i4]);
                composeRadiusPacket.setPort(iArr[i4]);
                if (i3 == 0) {
                    logDebug("RadiusClient #{0}: Send\n{1}", new DatagramPacketFormatter(composeRadiusPacket));
                } else {
                    logDebug("RadiusClient #{0}: Retry {1}\n{2}", i3, new DatagramPacketFormatter(composeRadiusPacket));
                }
                this.socket.send(composeRadiusPacket);
                this.socket.receive(datagramPacket);
                logDebug("RadiusClient #{0}: Receive\n{1}", new DatagramPacketFormatter(datagramPacket));
                return checkRadiusPacket(datagramPacket, b2, bArr, i2);
            }
            throw new RadiusException(iOException);
        } catch (RadiusException e2) {
            this.valid = false;
            throw e2;
        }
    }

    public String toString() {
        return getClass().getName() + ": " + IndentingFormatter.toString(ArraysExtension.asMap(new String[]{"HostName", "AuthenticationPort", "AccountingPort"}, new Object[]{getHostname(), getAuthPort(), getAcctPort()}));
    }

    public boolean equals(Object obj) {
        if (obj == null) {
            return false;
        }
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof RadiusClient)) {
            return false;
        }
        RadiusClient radiusClient = (RadiusClient) obj;
        return Arrays.equals(getHostname(), radiusClient.getHostname()) && Arrays.equals(getAuthPort(), radiusClient.getAuthPort()) && Arrays.equals(getAcctPort(), radiusClient.getAcctPort()) && Arrays.equals(getSharedSecret(), radiusClient.getSharedSecret());
    }

    public int hashCode() {
        InetAddress[] hostname = getHostname();
        int[] acctPort = getAcctPort();
        int[] authPort = getAuthPort();
        int hashCode = Arrays.hashCode(getSharedSecret());
        for (int i = 0; i < hostname.length; i++) {
            hashCode = (31 * ((31 * ((31 * hashCode) + hostname[i].hashCode())) + acctPort[i])) + authPort[i];
        }
        return hashCode;
    }

    @Override // org.openmdx.uses.net.sourceforge.jradiusclient.RadiusConnection, java.lang.AutoCloseable
    public void close() {
        this.socket.close();
    }

    public void finalize() throws Throwable {
        close();
        super.finalize();
    }

    public boolean isValid() {
        if (!this.valid) {
            logInfo("Radius client instance #{0} is invalid");
        }
        return this.valid;
    }

    static {
        try {
            NAS_ID = InetAddress.getLocalHost().getHostName().getBytes(ENCODING);
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Unsupported encoding \"UTF-8\": " + e.getMessage());
        } catch (UnknownHostException e2) {
            throw new RuntimeException("Local host could not be determined: " + e2.getMessage());
        }
    }
}
