package com.wikidsystems.radius.access;

import com.theorem.radserver3.AccessDropException;
import com.theorem.radserver3.AccessImpl;
import com.theorem.radserver3.AccessRejectException;
import com.theorem.radserver3.Attribute;
import com.theorem.radserver3.AttributeDataType;
import com.theorem.radserver3.AttributeList;
import com.theorem.radserver3.AuthInfo;
import com.theorem.radserver3.EAPInfo;
import com.theorem.radserver3.EAPPacket;
import com.theorem.radserver3.LogImpl;
import com.theorem.radserver3.RADIUSEncrypt;
import com.theorem.radserver3.eap.EAPMD5Auth;
import com.wikidsystems.client.wClient;
import com.wikidsystems.radius.util.WikidDBConn;
import java.io.ByteArrayOutputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.SecureRandom;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.TreeSet;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/wikidsystems/radius/access/WikidAccess4.class */
public class WikidAccess4 extends AccessImpl {
    private wClient wc;
    public static final int SHUTDOWN = 66;
    private ListAttributes listattributes;
    private static final int PAP = 1;
    private static final int CHAP = 2;
    private static final int MSCHAP = 3;
    private static final int MSCHAP2 = 4;
    private static final int EAPMD5 = 5;
    private static final int EAPT = 6;
    private static final int LEAP = 7;
    private static final int DIGEST = 8;
    private static boolean DEBUG = true;
    private static final TreeSet AUTHTYPE_LIST = new TreeSet();
    private static final Logger log = Logger.getLogger(WikidAccess4.class);
    private String name = "";
    private String keyfile = "";
    private String pass = "";
    private int port = 0;
    String ccode = "";
    private LogImpl svr = null;
    private LogImpl dbg = null;
    private WikidDBConn dbConn = new WikidDBConn();
    private Properties p = null;
    String msg = "Access Denied";
    private String currentAuthType = "";
    private int AUTH_TYPE = 0;

    public void setPort(int i) {
        this.port = i;
    }

    public void setDatabasePassword(String str) {
        this.pass = str;
    }

    public void setDataBaseURL(String str) {
        this.name = str;
    }

    public void set(String str, int i, String str2, String str3) {
        this.name = str;
        this.keyfile = str2;
        this.pass = str3;
        this.port = i;
        try {
            this.wc = new wClient(this.name, this.port, this.keyfile, this.pass);
        } catch (Exception e) {
            log.error("Problem constructing wClient ", e);
            System.out.println("Problem constructing wClient " + e);
        }
    }

    public void setProperties(Properties properties) {
        this.p = properties;
    }

    public void addNas(String str, String str2) {
        if (this.p == null) {
            this.p = new Properties();
        }
        this.p.setProperty(str, str2);
    }

    public void setFileName(String str) {
        this.keyfile = str;
    }

    public void logs(LogImpl logImpl, LogImpl logImpl2) {
        this.svr = logImpl;
    }

    public void authenticate(AuthInfo authInfo) throws AccessDropException, AccessRejectException {
        AttributeList requestAttributeList = authInfo.getRequestAttributeList();
        debug(requestAttributeList);
        String userName = authInfo.getUserName();
        byte[] secret = authInfo.getSecret();
        byte[] authenticator = authInfo.getAuthenticator();
        InetAddress sourceAddress = authInfo.getSourceAddress();
        if (sourceAddress == null) {
            error("Sorry: your NAS didn't supply IP address");
            throw new AccessRejectException("Sorry: your NAS didn't supply IP address");
        }
        String hostAddress = sourceAddress.getHostAddress();
        debug("NASip is '" + hostAddress + "'");
        String property = this.p.getProperty("/" + hostAddress);
        boolean z = false;
        if (property == null || property.equals("")) {
            error("The NAS IP supplied does not match the NAS table");
            throw new AccessRejectException("The NAS IP supplied does not match the NAS table");
        }
        AttributeList attributeList = new AttributeList();
        EAPInfo eap = authInfo.getEAP();
        if (!authInfo.isAccessRequest()) {
            if (!authInfo.isAccessChallengeResponse()) {
                debug("Unknown/Unsupported request");
                throw new AccessRejectException("Unknown/Unsupported request");
            }
            if (eap != null) {
                try {
                    WikidDBConn.DbResult checkCredentials = this.dbConn.checkCredentials(property, userName);
                    byte[] convertToBytes = convertToBytes(checkCredentials.getPasscode());
                    populateCustomAttributes(attributeList, sourceAddress.getHostAddress(), property, userName);
                    doEAP(authInfo, convertToBytes, attributeList);
                    this.dbConn.loginSucceeds(property, userName, checkCredentials);
                    log.info("Access granted for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                    return;
                } catch (AccessDropException e) {
                    log.info("Access denied for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                    throw e;
                } catch (AccessRejectException e2) {
                    log.info("Access denied for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                    throw e2;
                }
            }
            String stringAttribute = requestAttributeList.getStringAttribute(24);
            debug("state is " + stringAttribute);
            byte[] userPassword = authInfo.getUserPassword();
            try {
                String str = new String(RADIUSEncrypt.decrypt(userPassword, secret, authenticator));
                debug("Checking " + userName + " :: " + stringAttribute + " :: " + str + " :: " + property);
                if (requestAttributeList.exists(3)) {
                    if (!this.wc.chapVerify(userName, property, stringAttribute, userPassword, getPassword(authInfo))) {
                        this.svr.write("Bad offline challenge response for user " + userName);
                        log.info("Access denied for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                        throw new AccessRejectException("Access Denied");
                    }
                } else {
                    int indexOf = str.indexOf(0);
                    if (indexOf != -1) {
                        str = str.substring(0, indexOf);
                    }
                    if (!this.wc.CheckCredentials(userName, stringAttribute, str, property)) {
                        this.svr.write("Bad offline challenge response for user " + userName);
                        log.info("Access denied for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                        throw new AccessRejectException("Access Denied");
                    }
                }
                attributeList.addAttribute(18, "Access Granted");
                populateCustomAttributes(attributeList, sourceAddress.getHostAddress(), property, userName);
                authInfo.setResponseAttributes(attributeList);
                authInfo.setAccessAccept();
                log.info("Access granted for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                return;
            } catch (Exception e3) {
                log.info("Access denied for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                throw new AccessRejectException("Access Denied");
            }
        }
        int testForMSCHAP = authInfo.testForMSCHAP();
        if (testForMSCHAP == 1) {
            this.AUTH_TYPE = 3;
        } else if (testForMSCHAP == 2) {
            this.AUTH_TYPE = 4;
        } else if (testForMSCHAP == 3) {
            if (requestAttributeList.exists(3)) {
                this.AUTH_TYPE = 2;
            } else if (eap != null) {
                this.AUTH_TYPE = 5;
            } else {
                this.AUTH_TYPE = 1;
            }
        }
        if (this.AUTH_TYPE == 2) {
            debug("This is a CHAP Request");
            byte[] binaryAttribute = requestAttributeList.getBinaryAttribute(3);
            if (binaryAttribute == null || secret == null || authenticator == null) {
                error("This CHAP request is null.");
                throw new AccessRejectException("Access Denied");
            }
            String str2 = new String(RADIUSEncrypt.decrypt(binaryAttribute, secret, authenticator));
            boolean cmpCHAP = authInfo.cmpCHAP("".getBytes());
            int indexOf2 = str2.indexOf(0);
            if (indexOf2 != -1) {
                str2 = str2.substring(0, indexOf2);
            }
            debug("RADIUS client supplied passcode is " + str2);
            if (cmpCHAP) {
                debug("This CHAP Challenge.");
                String challengePrompt = getChallengePrompt();
                attributeList.addAttribute(18, "Offline Challenge " + challengePrompt + ": ");
                attributeList.addAttribute(24, challengePrompt);
                populateCustomAttributes(attributeList, sourceAddress.getHostAddress(), property, userName);
                authInfo.setResponseAttributes(attributeList);
                authInfo.setAccessChallenge();
                return;
            }
            WikidDBConn.DbResult dbResult = null;
            try {
                debug("name " + userName + " sc " + property + " pwd " + binaryAttribute.toString() + " ChapCh " + getPassword(authInfo).toString());
                dbResult = this.dbConn.checkCredentials(property, userName);
                z = authInfo.cmpCHAP(convertToBytes(dbResult.getPasscode()));
            } catch (Exception e4) {
                error("CHAP check bombed with " + e4);
            }
            if (!z) {
                log.info("Access denied for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                throw new AccessRejectException("Access Denied");
            }
            attributeList.addAttribute(18, "Access Granted");
            populateCustomAttributes(attributeList, sourceAddress.getHostAddress(), property, userName);
            authInfo.setResponseAttributes(attributeList);
            authInfo.setAccessAccept();
            this.dbConn.loginSucceeds(property, userName, dbResult);
            log.info("Access granted for " + userName + ", domain code: " + property + " client: " + sourceAddress);
            return;
        }
        if (this.AUTH_TYPE == 1) {
            debug("PAP Request");
            byte[] userPassword2 = authInfo.getUserPassword();
            if (userPassword2 == null || secret == null || authenticator == null) {
                log.info("Access denied for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                throw new AccessRejectException("Access Denied");
            }
            String str3 = new String(RADIUSEncrypt.decrypt(userPassword2, secret, authenticator));
            int indexOf3 = str3.indexOf(0);
            if (indexOf3 != -1) {
                str3 = str3.substring(0, indexOf3);
            }
            debug("RADIUS client supplied passcode is " + str3);
            if (str3 == null || str3.equals("")) {
                String challengePrompt2 = getChallengePrompt();
                attributeList.addAttribute(18, "Offline Challenge " + challengePrompt2 + ": ");
                attributeList.addAttribute(24, challengePrompt2);
                populateCustomAttributes(attributeList, sourceAddress.getHostAddress(), property, userName);
                authInfo.setResponseAttributes(attributeList);
                authInfo.setAccessChallenge();
                return;
            }
            WikidDBConn.DbResult dbResult2 = null;
            try {
                try {
                    new Integer(str3);
                    debug("Checking " + userName + ":" + str3 + ":" + property);
                    dbResult2 = this.dbConn.checkCredentials(property, userName);
                    debug("Server returns passcode: " + dbResult2);
                    z = authInfo.cmp(authInfo.trim(authInfo.getDecodedUserPassword()), convertToBytes(dbResult2.getPasscode()));
                    debug("Check returned " + z);
                } catch (NumberFormatException e5) {
                    debug("Passcode is not a number.");
                    throw new AccessRejectException("Access Denied");
                }
            } catch (Exception e6) {
                debug("Check PAP bombed with " + e6);
            }
            if (!z) {
                log.info("Access denied for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                throw new AccessRejectException("Access Denied");
            }
            attributeList.addAttribute(18, "Access Granted");
            populateCustomAttributes(attributeList, sourceAddress.getHostAddress(), property, userName);
            authInfo.setResponseAttributes(attributeList);
            authInfo.setAccessAccept();
            this.dbConn.loginSucceeds(property, userName, dbResult2);
            log.info("Access granted for " + userName + ", domain code: " + property + " client: " + sourceAddress);
            return;
        }
        if (this.AUTH_TYPE == 3) {
            debug("This is a MSCHAP version 1 request");
            if (requestAttributeList.getVendorSpecific(311).length == 0) {
                log.warn("Missing Microsoft Vendor-Specific attribute.");
                throw new AccessDropException("Missing Microsoft Vendor-Specific attribute.");
            }
            WikidDBConn.DbResult checkCredentials2 = this.dbConn.checkCredentials(property, userName);
            try {
                authInfo.cmpMSCHAP(convertToBytes(checkCredentials2.getPasscode()));
                attributeList.addAttribute(18, "Access Granted");
                AttributeList attributeList2 = new AttributeList();
                populateCustomAttributes(attributeList2, sourceAddress.getHostAddress(), property, userName);
                attributeList2.mergeAttributes(requestAttributeList.getVendorSpecific(311, 26));
                attributeList2.mergeAttributes(requestAttributeList.getVendorSpecific(311, 2));
                authInfo.appendResponseAttributes(attributeList2);
                authInfo.setAccessAccept();
                this.dbConn.loginSucceeds(property, userName, checkCredentials2);
                log.info("Access granted for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                return;
            } catch (AccessRejectException e7) {
                log.info("Access denied for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                throw new AccessRejectException(e7.getMessage());
            } catch (AccessDropException e8) {
                log.info("Access denied for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                throw new AccessDropException(e8.getMessage());
            }
        }
        if (this.AUTH_TYPE != 4) {
            if (this.AUTH_TYPE == 5) {
                try {
                    doEAP(authInfo, new byte[4], attributeList);
                    log.info("Access granted for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                    return;
                } catch (AccessRejectException e9) {
                    log.info("Access denied for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                    throw e9;
                } catch (AccessDropException e10) {
                    log.info("Access denied for " + userName + ", domain code: " + property + " client: " + sourceAddress);
                    throw e10;
                }
            }
            return;
        }
        debug("This is a MSCHAPV2 request");
        if (requestAttributeList.getVendorSpecific(311).length == 0) {
            log.warn("Missing Microsoft Vendor-Specific attribute.");
            throw new AccessDropException("Missing Microsoft Vendor-Specific attribute.");
        }
        WikidDBConn.DbResult checkCredentials3 = this.dbConn.checkCredentials(property, userName);
        byte[] bytes = Long.toString(checkCredentials3.getPasscode()).getBytes();
        try {
            try {
                authInfo.cmpMSCHAP(bytes, false);
            } catch (AccessRejectException e11) {
                authInfo.cmpMSCHAP(bytes, true);
            }
            attributeList.addAttribute(18, "Access Granted");
            AttributeList attributeList3 = new AttributeList();
            populateCustomAttributes(attributeList3, sourceAddress.getHostAddress(), property, userName);
            attributeList3.mergeAttributes(requestAttributeList.getVendorSpecific(311, 26));
            attributeList3.mergeAttributes(requestAttributeList.getVendorSpecific(311, 2));
            authInfo.appendResponseAttributes(attributeList3);
            authInfo.setAccessAccept();
            this.dbConn.loginSucceeds(property, userName, checkCredentials3);
            log.info("Access granted for " + userName + ", domain code: " + property + " client: " + sourceAddress);
        } catch (AccessRejectException e12) {
            log.info("Access denied for " + userName + ", domain code: " + property + " client: " + sourceAddress);
            throw new AccessRejectException(e12.getMessage());
        } catch (AccessDropException e13) {
            log.info("Access denied for " + userName + ", domain code: " + property + " client: " + sourceAddress);
            throw new AccessDropException(e13.getMessage());
        }
    }

    private void populateCustomAttributes(AttributeList attributeList, String str, String str2, String str3) {
        Hashtable<String, String> returnAttributes = this.dbConn.getReturnAttributes(str);
        returnAttributes.putAll(this.dbConn.getGroupReturnAttributes(str2, str3));
        for (Map.Entry<String, String> entry : returnAttributes.entrySet()) {
            int i = Integer.MIN_VALUE;
            try {
                i = Integer.parseInt(entry.getKey().trim());
            } catch (Exception e) {
                this.svr.write("Invalid RADIUS attribute key for NAS " + str + ": " + entry.getKey());
            }
            if (AttributeDataType.getDataType(i) == 16 || AttributeDataType.getDataType(i) == 512) {
                try {
                    attributeList.addAttribute(i, stringToIP(entry.getValue()));
                } catch (UnknownHostException e2) {
                    log.debug("Invalid IP address for attribute " + i);
                }
            } else if (AttributeDataType.getDataType(i) == 1) {
                try {
                    attributeList.addAttribute(i, Integer.parseInt(entry.getValue()));
                } catch (NumberFormatException e3) {
                    log.debug("Invalid Integer value for attribute " + i);
                }
            } else if (AttributeDataType.getDataType(i) == 2) {
                try {
                    attributeList.addAttribute(i, stringToOctets(entry.getValue()));
                } catch (Exception e4) {
                    log.debug("Invalid Octet value for attribute " + i);
                }
            } else if (AttributeDataType.getDataType(i) == 8) {
                try {
                    attributeList.addAttribute(i, stringToDate(entry.getValue()));
                } catch (ParseException e5) {
                    log.debug("Invalid Date value for attribute " + i + " Date format is yyyy/MM/dd HH:mm");
                }
            } else if (i != Integer.MIN_VALUE) {
                attributeList.addAttribute(i, entry.getValue());
            }
        }
        Iterator<Attribute> it = this.dbConn.getGroupVendorReturnAttributes(str2, str3).iterator();
        while (it.hasNext()) {
            attributeList.addAttribute(it.next());
        }
    }

    private Date stringToDate(String str) throws ParseException {
        return new SimpleDateFormat("yyyy/MM/dd HH:mm").parse(str);
    }

    private byte[] stringToOctets(String str) {
        return str.getBytes();
    }

    private InetAddress stringToIP(String str) throws UnknownHostException {
        String[] split = str.trim().split("\\.");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (String str2 : split) {
            byteArrayOutputStream.write(Integer.parseInt(str2));
        }
        return InetAddress.getByAddress(byteArrayOutputStream.toByteArray());
    }

    byte[] getPassword(AuthInfo authInfo) {
        AttributeList requestAttributeList = authInfo.getRequestAttributeList();
        byte[] binaryAttribute = requestAttributeList.getBinaryAttribute(2);
        if (binaryAttribute == null) {
            binaryAttribute = requestAttributeList.getBinaryAttribute(60);
            if (binaryAttribute == null) {
                binaryAttribute = new byte[16];
                System.arraycopy(authInfo.getAuthenticator(), 0, binaryAttribute, 0, 16);
            }
        }
        return binaryAttribute;
    }

    void debug(String str) {
        if (DEBUG) {
            log.debug(str);
            System.out.println(str);
        }
    }

    void error(String str) {
        if (DEBUG) {
            log.error(str);
            System.out.println(str);
        }
    }

    void debug(AttributeList attributeList) {
        if (DEBUG) {
            log.debug(attributeList.toString());
            System.out.println(attributeList.toString());
        }
    }

    private static String getChallengePrompt() {
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.generateSeed(12);
        String d = Double.toString(secureRandom.nextDouble());
        if (d.length() > 10) {
            d = d.substring(d.length() - 10);
        }
        return d;
    }

    private AttributeList extractMSCHAPSuccess(AttributeList attributeList) {
        AttributeList attributeList2 = new AttributeList();
        attributeList2.mergeAttributes(attributeList.getVendorSpecific(311, 26));
        attributeList2.mergeAttributes(attributeList.getVendorSpecific(311, 2));
        return attributeList2;
    }

    private byte[] convertToBytes(long j) {
        return new Long(j).toString().getBytes();
    }

    private void doEAP(AuthInfo authInfo, byte[] bArr, AttributeList attributeList) throws AccessRejectException, AccessDropException {
        debug("This is a EAPMD5 request");
        EAPInfo eap = authInfo.getEAP();
        if (eap == null) {
            throw new AccessDropException("Expecting an EAP-MD5 authentication. No EAP-Message attribute found in packet.");
        }
        if (eap.handleStartPacket((String) null)) {
            return;
        }
        EAPPacket packet = eap.getPacket();
        EAPMD5Auth eAPMD5Auth = new EAPMD5Auth(authInfo, packet);
        if (eAPMD5Auth.MD5(bArr, attributeList)) {
            attributeList.addAttribute(18, "Access Granted");
            return;
        }
        debug("Call to EAPMD5Auth.MD5() returned false.  Password was not verified.");
        eAPMD5Auth.getNAK();
        this.msg = "Unknown EAP authentication  type requested: " + packet.getTypeName();
        AccessRejectException accessRejectException = new AccessRejectException(this.msg);
        accessRejectException.setAttributes(packet.createFailure(packet.getPacketIdentifier()));
        throw accessRejectException;
    }
}
