package net.unicon.cas.mfa.authentication.radius;

import java.net.InetAddress;
import java.net.UnknownHostException;
import net.jradius.client.RadiusClient;
import net.jradius.client.auth.RadiusAuthenticator;
import net.jradius.dictionary.Attr_NASIPAddress;
import net.jradius.dictionary.Attr_NASIdentifier;
import net.jradius.dictionary.Attr_NASPort;
import net.jradius.dictionary.Attr_NASPortType;
import net.jradius.dictionary.Attr_UserName;
import net.jradius.dictionary.Attr_UserPassword;
import net.jradius.dictionary.AttributeDictionaryImpl;
import net.jradius.exception.RadiusException;
import net.jradius.exception.UnknownAttributeException;
import net.jradius.packet.AccessAccept;
import net.jradius.packet.AccessRequest;
import net.jradius.packet.attribute.AttributeFactory;
import net.jradius.packet.attribute.AttributeList;
import net.unicon.cas.mfa.web.flow.util.MultiFactorRequestContextUtils;
import org.apache.commons.lang.StringUtils;
import org.jasig.cas.adaptors.radius.RadiusServer;
import org.jasig.cas.authentication.principal.Principal;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;
import org.springframework.webflow.execution.RequestContextHolder;

/* loaded from: input_file:WEB-INF/classes/net/unicon/cas/mfa/authentication/radius/JRadiusServerImpl.class */
public final class JRadiusServerImpl implements RadiusServer {
    private static final Logger LOGGER = LoggerFactory.getLogger(JRadiusServerImpl.class);
    protected final int accountingPort;
    protected final int authenticationPort;
    protected final int socketTimeout;
    protected final InetAddress inetAddress;
    protected final String sharedSecret;
    protected final int retries;
    protected final RadiusAuthenticator radiusAuthenticator;
    protected final String nasIpAddress;
    protected final long nasPort;
    protected final long nasIdentifier;
    protected final Long nasPortType;
    protected boolean enableNas = false;
    protected boolean caseSensitive = true;

    static {
        AttributeFactory.loadAttributeDictionary(AttributeDictionaryImpl.class.getCanonicalName());
    }

    public JRadiusServerImpl(String str, String str2, RadiusAuthenticator radiusAuthenticator, int i, int i2, int i3, int i4, String str3, long j, long j2, Long l) throws UnknownHostException {
        this.sharedSecret = str2;
        this.authenticationPort = i;
        this.accountingPort = i2;
        this.socketTimeout = i3;
        this.retries = i4;
        this.radiusAuthenticator = radiusAuthenticator;
        this.inetAddress = InetAddress.getByName(str);
        this.nasIpAddress = str3;
        this.nasPort = j;
        this.nasIdentifier = j2;
        this.nasPortType = l;
    }

    @Override // org.jasig.cas.adaptors.radius.RadiusServer
    public boolean authenticate(UsernamePasswordCredentials usernamePasswordCredentials) {
        AttributeList prepareRadiusAttributeList = prepareRadiusAttributeList(prepareRadiusOneTimeCredentials(usernamePasswordCredentials));
        try {
            RadiusClient newRadiusClient = getNewRadiusClient();
            if (newRadiusClient.authenticate(new AccessRequest(newRadiusClient, prepareRadiusAttributeList), this.radiusAuthenticator, this.retries) instanceof AccessAccept) {
                LOGGER.debug("Authentication request succeeded for host: [{}] and username [{}]", this.inetAddress.getCanonicalHostName(), usernamePasswordCredentials.getUsername());
                return true;
            }
            LOGGER.debug("Authentication request failed for host: [{}] and username [{}]", this.inetAddress.getCanonicalHostName(), usernamePasswordCredentials.getUsername());
            return false;
        } catch (UnknownAttributeException e) {
            throw new IllegalArgumentException("Passed an unknown attribute to radius client", e);
        } catch (RadiusException e2) {
            throw new IllegalStateException("Received response that puts radius client into illegal state", e2);
        }
    }

    protected AttributeList prepareRadiusAttributeList(UsernamePasswordCredentials usernamePasswordCredentials) {
        AttributeList attributeList = new AttributeList();
        attributeList.add(new Attr_UserName(usernamePasswordCredentials.getUsername()));
        attributeList.add(new Attr_UserPassword(usernamePasswordCredentials.getPassword()));
        if (this.enableNas) {
            if (StringUtils.isNotBlank(this.nasIpAddress)) {
                LOGGER.debug("Adding NAS ip address [{}] to the radius attribute list", this.nasIpAddress);
                attributeList.add(new Attr_NASIPAddress(new String(this.nasIpAddress)));
            } else {
                try {
                    LOGGER.debug("Adding auto-configured NAS ip address [{}] the radius attribute list", InetAddress.getLocalHost().getHostAddress());
                } catch (Exception e) {
                    throw new RuntimeException(e.getMessage(), e);
                }
            }
            if (this.nasPort > 0) {
                LOGGER.debug("Adding NAS port [{}] to the radius attribute list", Long.valueOf(this.nasPort));
                attributeList.add(new Attr_NASPort(new Long(this.nasPort)));
            }
            if (this.nasIdentifier > 0) {
                LOGGER.debug("Adding NAS Identifier [{}] to the radius attribute list", Long.valueOf(this.nasIdentifier));
                attributeList.add(new Attr_NASIdentifier(new Long(this.nasIdentifier)));
            }
            if (this.nasPortType != null) {
                LOGGER.debug("Adding NAS port type [{}] to the radius attribute list", this.nasPortType);
                attributeList.add(new Attr_NASPortType(this.nasPortType));
            }
        } else {
            LOGGER.debug("NAS is not enabled. Skipping over settings...");
        }
        return attributeList;
    }

    protected UsernamePasswordCredentials prepareRadiusOneTimeCredentials(UsernamePasswordCredentials usernamePasswordCredentials) {
        RequestContext requestContext = RequestContextHolder.getRequestContext();
        String username = usernamePasswordCredentials.getUsername();
        if (this.caseSensitive) {
            username = username.toLowerCase();
            LOGGER.debug("Treating pin as case sensitive. Converted to [{}]", username);
        }
        String concat = username.concat(usernamePasswordCredentials.getPassword());
        LOGGER.debug("Concatenated pin and password upon radius authentication for [{}]", username);
        UsernamePasswordCredentials usernamePasswordCredentials2 = new UsernamePasswordCredentials();
        LOGGER.debug("Attempting to get user id for radius authentication...");
        Principal multiFactorPrimaryPrincipal = MultiFactorRequestContextUtils.getMultiFactorPrimaryPrincipal(requestContext);
        if (this.caseSensitive) {
            usernamePasswordCredentials2.setUsername(multiFactorPrimaryPrincipal.getId().toLowerCase());
            LOGGER.debug("Treating user id as case sensitive. Converted to [{}]", multiFactorPrimaryPrincipal);
        } else {
            usernamePasswordCredentials2.setUsername(multiFactorPrimaryPrincipal.getId());
        }
        usernamePasswordCredentials2.setPassword(concat);
        LOGGER.trace("Using [{}]:[{}] as credentials for radius authentication...", usernamePasswordCredentials2.getUsername(), usernamePasswordCredentials2.getPassword());
        return usernamePasswordCredentials2;
    }

    protected RadiusClient getNewRadiusClient() {
        return new RadiusClient(this.inetAddress, this.sharedSecret, this.authenticationPort, this.accountingPort, this.socketTimeout);
    }

    public void setEnableNas(boolean z) {
        this.enableNas = z;
    }

    public void setCaseSensitive(boolean z) {
        this.caseSensitive = z;
    }
}
