package org.opennms.web.springframework.security;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Iterator;
import net.jradius.client.RadiusClient;
import net.jradius.client.auth.PAPAuthenticator;
import net.jradius.client.auth.RadiusAuthenticator;
import net.jradius.dictionary.Attr_UserName;
import net.jradius.dictionary.Attr_UserPassword;
import net.jradius.exception.RadiusException;
import net.jradius.packet.AccessAccept;
import net.jradius.packet.AccessRequest;
import net.jradius.packet.RadiusResponse;
import net.jradius.packet.attribute.AttributeFactory;
import net.jradius.packet.attribute.AttributeList;
import net.jradius.packet.attribute.RadiusAttribute;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationServiceException;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/opennms/web/springframework/security/RadiusAuthenticationProvider.class */
public class RadiusAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
    private static final Log logger = LogFactory.getLog(RadiusAuthenticationProvider.class);
    private String server;
    private String secret;
    private int port = 1812;
    private int timeout = 5;
    private int retries = 3;
    private RadiusAuthenticator authTypeClass = new PAPAuthenticator();
    private String defaultRoles = Authentication.USER_ROLE;
    private String rolesAttribute;

    public RadiusAuthenticationProvider(String str, String str2) {
        Assert.hasLength(str, "A server must be specified");
        this.server = str;
        Assert.hasLength(str, "A shared secret must be specified");
        this.secret = str2;
    }

    protected void doAfterPropertiesSet() throws Exception {
        Assert.notNull(Integer.valueOf(this.port), "A port number must be specified");
        Assert.notNull(Integer.valueOf(this.timeout), "A timeout must be specified");
        Assert.notNull(Integer.valueOf(this.retries), "A retry count must be specified");
        Assert.notNull(this.authTypeClass, "A RadiusAuthenticator object must be supplied in authTypeClass");
        Assert.notNull(this.defaultRoles, "Default Roles must be supplied in defaultRoles");
    }

    public void setPort(int i) {
        this.port = i;
    }

    public void setTimeout(int i) {
        this.timeout = i;
    }

    public void setRetries(int i) {
        this.retries = i;
    }

    public void setAuthTypeClass(RadiusAuthenticator radiusAuthenticator) {
        this.authTypeClass = radiusAuthenticator;
    }

    public void setDefaultRoles(String str) {
        this.defaultRoles = str;
    }

    public void setRolesAttribute(String str) {
        this.rolesAttribute = str;
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        if (!userDetails.getPassword().equals(usernamePasswordAuthenticationToken.getCredentials().toString())) {
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), userDetails);
        }
    }

    protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        if (!StringUtils.hasLength(str)) {
            logger.info("Authentication attempted with empty username");
            throw new BadCredentialsException(this.messages.getMessage("RadiusAuthenticationProvider.emptyUsername", "Username cannot be empty"));
        }
        String str2 = (String) usernamePasswordAuthenticationToken.getCredentials();
        if (!StringUtils.hasLength(str2)) {
            logger.info("Authentication attempted with empty password");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        try {
            InetAddress byName = InetAddress.getByName(this.server);
            AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl");
            AttributeList attributeList = new AttributeList();
            attributeList.add(new Attr_UserName(str));
            attributeList.add(new Attr_UserPassword(str2));
            RadiusClient radiusClient = new RadiusClient(byName, this.secret, this.port, this.port + 1, this.timeout);
            AccessRequest accessRequest = new AccessRequest(radiusClient, attributeList);
            try {
                logger.debug("Sending AccessRequest message to " + byName.getHostAddress() + ":" + this.port + " using " + this.authTypeClass.getAuthName() + " protocol with timeout = " + this.timeout + ", retries = " + this.retries + ", attributes:\n" + attributeList.toString());
                RadiusResponse authenticate = radiusClient.authenticate(accessRequest, this.authTypeClass, this.retries);
                if (authenticate == null) {
                    logger.error("Timed out connecting to radius server " + this.server);
                    throw new AuthenticationServiceException(this.messages.getMessage("RadiusAuthenticationProvider.radiusTimeout", "Timed out connecting to radius server"));
                }
                if (!(authenticate instanceof AccessAccept)) {
                    logger.info("Received a reply other than AccessAccept from radius server " + this.server + " for user " + str + " :\n" + authenticate.toString());
                    throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
                }
                logger.debug("Received AccessAccept message from " + byName.getHostAddress() + ":" + this.port + " for user " + str + " with attributes:\n" + authenticate.getAttributes().toString());
                String str3 = null;
                if (StringUtils.hasLength(this.rolesAttribute)) {
                    Iterator it = authenticate.getAttributes().getAttributeList().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        RadiusAttribute radiusAttribute = (RadiusAttribute) it.next();
                        if (this.rolesAttribute.equals(radiusAttribute.getAttributeName())) {
                            str3 = new String(radiusAttribute.getValue().getBytes());
                            break;
                        }
                    }
                    if (str3 == null) {
                        logger.info("Radius attribute " + this.rolesAttribute + " not found, using default roles (" + this.defaultRoles + ") for user " + str);
                        str3 = new String(this.defaultRoles);
                    }
                } else {
                    logger.debug("rolesAttribute not set, using default roles (" + this.defaultRoles + ") for user " + str);
                    str3 = new String(this.defaultRoles);
                }
                String[] split = str3.replaceAll("\\s*", "").split(",");
                GrantedAuthority[] grantedAuthorityArr = new GrantedAuthority[split.length];
                for (int i = 0; i < split.length; i++) {
                    grantedAuthorityArr[i] = new GrantedAuthorityImpl(split[i]);
                }
                if (logger.isDebugEnabled()) {
                    StringBuffer stringBuffer = new StringBuffer();
                    for (GrantedAuthority grantedAuthority : grantedAuthorityArr) {
                        stringBuffer.append(grantedAuthority.toString() + ", ");
                    }
                    if (stringBuffer.length() > 0) {
                        stringBuffer.delete(stringBuffer.length() - 2, stringBuffer.length());
                    }
                    logger.debug("Parsed roles " + ((Object) stringBuffer) + " for user " + str);
                }
                return new org.springframework.security.userdetails.User(str, str2, true, true, true, true, grantedAuthorityArr);
            } catch (RadiusException e) {
                logger.error("Error connecting to radius server " + this.server + " : " + e);
                throw new AuthenticationServiceException(this.messages.getMessage("RadiusAuthenticationProvider.radiusError", new Object[]{e}, "Error connecting to radius server: " + e));
            }
        } catch (UnknownHostException e2) {
            logger.error("Could not resolve radius server address " + this.server + " : " + e2);
            throw new AuthenticationServiceException(this.messages.getMessage("RadiusAuthenticationProvider.unknownServer", "Could not resolve radius server address"));
        }
    }
}
