package org.tinyradius.packet;

import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.tinyradius.attribute.Attributes;
import org.tinyradius.attribute.RadiusAttribute;
import org.tinyradius.dictionary.Dictionary;
import org.tinyradius.util.RadiusPacketException;

/* loaded from: input_file:org/tinyradius/packet/AccessRequest.class */
public class AccessRequest extends RadiusPacket {
    private static final Logger logger = LoggerFactory.getLogger(AccessRequest.class);
    private static final SecureRandom random = new SecureRandom();
    public static final String AUTH_PAP = "pap";
    public static final String AUTH_CHAP = "chap";
    public static final String AUTH_MS_CHAP_V2 = "mschapv2";
    public static final String AUTH_EAP = "eap";
    public static final Set<String> AUTH_PROTOCOLS = new HashSet(Arrays.asList(AUTH_PAP, AUTH_CHAP, AUTH_MS_CHAP_V2, AUTH_EAP));
    private String authProtocol;
    private transient String password;
    private transient byte[] chapPassword;
    private transient byte[] chapChallenge;
    private static final int USER_NAME = 1;
    private static final int USER_PASSWORD = 2;
    private static final int CHAP_PASSWORD = 3;
    private static final int CHAP_CHALLENGE = 60;
    private static final int EAP_MESSAGE = 79;
    private static final int MICROSOFT = 311;
    private static final int MS_CHAP_CHALLENGE = 11;
    private static final int MS_CHAP2_RESPONSE = 25;
    private static final int MS_CHAP_RESPONSE = 1;

    public AccessRequest(Dictionary dictionary, int i, byte[] bArr) {
        this(dictionary, i, bArr, new ArrayList());
    }

    public AccessRequest(Dictionary dictionary, int i, byte[] bArr, List<RadiusAttribute> list) {
        super(dictionary, 1, i, bArr, list);
        this.authProtocol = AUTH_PAP;
    }

    public AccessRequest(Dictionary dictionary, int i, byte[] bArr, String str, String str2) {
        this(dictionary, i, bArr);
        setUserName(str);
        setUserPassword(str2);
    }

    public void setUserName(String str) {
        Objects.requireNonNull(str, "User name not set");
        if (str.isEmpty()) {
            throw new IllegalArgumentException("Empty user name not allowed");
        }
        removeAttributes(1);
        addAttribute(Attributes.createAttribute(getDictionary(), -1, 1, str));
    }

    public void setUserPassword(String str) {
        Objects.requireNonNull(str, "User password not set");
        if (str.isEmpty()) {
            throw new IllegalArgumentException("Password is empty");
        }
        this.password = str;
    }

    public String getUserPassword() {
        return this.password;
    }

    public String getUserName() {
        RadiusAttribute attribute = getAttribute(1);
        if (attribute == null) {
            return null;
        }
        return attribute.getValueString();
    }

    public String getAuthProtocol() {
        return this.authProtocol;
    }

    public void setAuthProtocol(String str) {
        if (str == null || !AUTH_PROTOCOLS.contains(str)) {
            throw new IllegalArgumentException("protocol must be in " + AUTH_PROTOCOLS);
        }
        this.authProtocol = str;
    }

    @Override // org.tinyradius.packet.RadiusPacket
    public void verify(String str, byte[] bArr) throws RadiusPacketException {
        if (!decryptPasswords(str)) {
            throw new RadiusPacketException("Access-Request: User-Password or CHAP-Password/CHAP-Challenge missing");
        }
    }

    public boolean decryptPasswords(String str) throws RadiusPacketException {
        RadiusAttribute attribute = getAttribute(2);
        if (attribute != null) {
            setAuthProtocol(AUTH_PAP);
            this.password = decodePapPassword(attribute.getValue(), str.getBytes(StandardCharsets.UTF_8));
            return true;
        }
        RadiusAttribute attribute2 = getAttribute(3);
        RadiusAttribute attribute3 = getAttribute(CHAP_CHALLENGE);
        if (attribute2 != null) {
            setAuthProtocol(AUTH_CHAP);
            this.chapPassword = attribute2.getValue();
            this.chapChallenge = attribute3 != null ? attribute3.getValue() : getAuthenticator();
            return true;
        }
        RadiusAttribute attribute4 = getAttribute(MICROSOFT, 11);
        RadiusAttribute attribute5 = getAttribute(MICROSOFT, MS_CHAP2_RESPONSE);
        if (attribute5 == null) {
            attribute5 = getAttribute(MICROSOFT, 1);
        }
        if (attribute4 == null || attribute5 == null) {
            if (getAttributes(EAP_MESSAGE).size() <= 0) {
                return false;
            }
            setAuthProtocol(AUTH_EAP);
            return true;
        }
        setAuthProtocol(AUTH_MS_CHAP_V2);
        this.chapPassword = attribute5.getValue();
        this.chapChallenge = attribute4.getValue();
        return true;
    }

    public boolean verifyPassword(String str) throws UnsupportedOperationException {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("password is empty");
        }
        String authProtocol = getAuthProtocol();
        boolean z = -1;
        switch (authProtocol.hashCode()) {
            case -1390160394:
                if (authProtocol.equals(AUTH_MS_CHAP_V2)) {
                    z = true;
                    break;
                }
                break;
            case 100180:
                if (authProtocol.equals(AUTH_EAP)) {
                    z = 2;
                    break;
                }
                break;
            case 110751:
                if (authProtocol.equals(AUTH_PAP)) {
                    z = 3;
                    break;
                }
                break;
            case 3052372:
                if (authProtocol.equals(AUTH_CHAP)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return verifyChapPassword(str);
            case true:
                throw new UnsupportedOperationException("mschapv2 verification not supported yet");
            case true:
                throw new UnsupportedOperationException("eap verification not supported yet");
            case true:
            default:
                return getUserPassword().equals(str);
        }
    }

    @Override // org.tinyradius.packet.RadiusPacket
    public AccessRequest encodeRequest(String str) throws UnsupportedOperationException {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("shared secret cannot be null/empty");
        }
        byte[] random16bytes = getAuthenticator() == null ? random16bytes() : getAuthenticator();
        AccessRequest accessRequest = new AccessRequest(getDictionary(), getIdentifier(), random16bytes, new ArrayList(getAttributes()));
        copyTransientFields(accessRequest);
        encodeRequestAttributes(random16bytes, str).forEach(radiusAttribute -> {
            accessRequest.removeAttributes(radiusAttribute.getType());
            accessRequest.addAttribute(radiusAttribute);
        });
        return accessRequest;
    }

    @Override // org.tinyradius.packet.RadiusPacket
    public RadiusPacket encodeResponse(String str, byte[] bArr) {
        throw new UnsupportedOperationException();
    }

    protected List<RadiusAttribute> encodeRequestAttributes(byte[] bArr, String str) throws UnsupportedOperationException {
        if (this.password != null && !this.password.isEmpty()) {
            String authProtocol = getAuthProtocol();
            boolean z = -1;
            switch (authProtocol.hashCode()) {
                case -1390160394:
                    if (authProtocol.equals(AUTH_MS_CHAP_V2)) {
                        z = 2;
                        break;
                    }
                    break;
                case 100180:
                    if (authProtocol.equals(AUTH_EAP)) {
                        z = 3;
                        break;
                    }
                    break;
                case 110751:
                    if (authProtocol.equals(AUTH_PAP)) {
                        z = false;
                        break;
                    }
                    break;
                case 3052372:
                    if (authProtocol.equals(AUTH_CHAP)) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return Collections.singletonList(Attributes.createAttribute(getDictionary(), -1, 2, encodePapPassword(bArr, this.password.getBytes(StandardCharsets.UTF_8), str.getBytes(StandardCharsets.UTF_8))));
                case true:
                    byte[] random16bytes = random16bytes();
                    return Arrays.asList(Attributes.createAttribute(getDictionary(), -1, CHAP_CHALLENGE, random16bytes), Attributes.createAttribute(getDictionary(), -1, 3, computeChapPassword((byte) random.nextInt(256), this.password, random16bytes)));
                case true:
                    throw new UnsupportedOperationException("Encoding not supported for mschapv2");
                case true:
                    throw new UnsupportedOperationException("Encoding not supported for eap");
            }
        }
        return Collections.emptyList();
    }

    private byte[] encodePapPassword(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        Objects.requireNonNull(bArr2, "userPass cannot be null");
        Objects.requireNonNull(bArr3, "sharedSecret cannot be null");
        byte[] bArr4 = bArr;
        byte[] pad = pad(bArr2);
        ByteBuffer allocate = ByteBuffer.allocate(pad.length);
        for (int i = 0; i < pad.length; i += 16) {
            bArr4 = xor16(pad, i, md5(bArr3, bArr4));
            allocate.put(bArr4);
        }
        return allocate.array();
    }

    private String decodePapPassword(byte[] bArr, byte[] bArr2) throws RadiusPacketException {
        if (bArr.length < 16) {
            logger.warn("Malformed packet: User-Password attribute length must be greater than 15, actual {}", Integer.valueOf(bArr.length));
            throw new RadiusPacketException("Malformed User-Password attribute");
        }
        ByteBuffer allocate = ByteBuffer.allocate(bArr.length);
        byte[] authenticator = getAuthenticator();
        for (int i = 0; i < bArr.length; i += 16) {
            allocate.put(xor16(bArr, i, md5(bArr2, authenticator)));
            authenticator = Arrays.copyOfRange(bArr, i, 16);
        }
        return stripNullPadding(new String(allocate.array(), StandardCharsets.UTF_8));
    }

    private byte[] computeChapPassword(byte b, String str, byte[] bArr) {
        MessageDigest md5Digest = getMd5Digest();
        md5Digest.update(b);
        md5Digest.update(str.getBytes(StandardCharsets.UTF_8));
        md5Digest.update(bArr);
        return ByteBuffer.allocate(17).put(b).put(md5Digest.digest()).array();
    }

    private boolean verifyChapPassword(String str) {
        if (str == null || str.isEmpty()) {
            logger.warn("plaintext must not be empty");
            return false;
        }
        if (this.chapChallenge == null) {
            logger.warn("CHAP challenge is null");
            return false;
        }
        if (this.chapPassword != null && this.chapPassword.length == 17) {
            return Arrays.equals(this.chapPassword, computeChapPassword(this.chapPassword[0], str, this.chapChallenge));
        }
        logger.warn("CHAP password must be 17 bytes");
        return false;
    }

    private byte[] md5(byte[] bArr, byte[] bArr2) {
        MessageDigest md5Digest = getMd5Digest();
        md5Digest.update(bArr);
        return md5Digest.digest(bArr2);
    }

    private byte[] random16bytes() {
        byte[] bArr = new byte[16];
        random.nextBytes(bArr);
        return bArr;
    }

    private static byte[] xor16(byte[] bArr, int i, byte[] bArr2) {
        byte[] bArr3 = new byte[16];
        Objects.requireNonNull(bArr, "src1 is null");
        Objects.requireNonNull(bArr2, "src2 is null");
        if (i < 0) {
            throw new IndexOutOfBoundsException("src1offset is less than 0");
        }
        if (i + 16 > bArr.length) {
            throw new IndexOutOfBoundsException("bytes in src1 is less than src1offset plus 16");
        }
        if (16 > bArr2.length) {
            throw new IndexOutOfBoundsException("bytes in src2 is less than 16");
        }
        for (int i2 = 0; i2 < 16; i2++) {
            bArr3[i2] = (byte) (bArr[i2 + i] ^ bArr2[i2]);
        }
        return bArr3;
    }

    static byte[] pad(byte[] bArr) {
        Objects.requireNonNull(bArr, "value cannot be null");
        byte[] bArr2 = new byte[Math.max((int) (Math.ceil(bArr.length / 16.0d) * 16.0d), 16)];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        return bArr2;
    }

    private static String stripNullPadding(String str) {
        int indexOf = str.indexOf(0);
        return indexOf > 0 ? str.substring(0, indexOf) : str;
    }

    private AccessRequest copyTransientFields(AccessRequest accessRequest) {
        accessRequest.password = this.password;
        accessRequest.chapPassword = this.chapPassword;
        accessRequest.chapChallenge = this.chapChallenge;
        return accessRequest;
    }

    @Override // org.tinyradius.packet.RadiusPacket
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof AccessRequest) || !super.equals(obj)) {
            return false;
        }
        AccessRequest accessRequest = (AccessRequest) obj;
        return Objects.equals(this.authProtocol, accessRequest.authProtocol) && Objects.equals(this.password, accessRequest.password) && Arrays.equals(this.chapPassword, accessRequest.chapPassword) && Arrays.equals(this.chapChallenge, accessRequest.chapChallenge);
    }

    @Override // org.tinyradius.packet.RadiusPacket
    public int hashCode() {
        return (31 * ((31 * Objects.hash(Integer.valueOf(super.hashCode()), this.authProtocol, this.password)) + Arrays.hashCode(this.chapPassword))) + Arrays.hashCode(this.chapChallenge);
    }

    @Override // org.tinyradius.packet.RadiusPacket
    public AccessRequest copy() {
        return copyTransientFields((AccessRequest) super.copy());
    }
}
