package net.jradius.radsec;

import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import net.jradius.dictionary.Attr_SharedSecret;
import net.jradius.exception.RadiusException;
import net.jradius.packet.AccountingRequest;
import net.jradius.packet.NullResponse;
import net.jradius.packet.PacketFactory;
import net.jradius.packet.RadiusFormat;
import net.jradius.packet.RadiusPacket;
import net.jradius.packet.RadiusRequest;
import net.jradius.packet.attribute.AttributeList;
import net.jradius.server.JRadiusEvent;
import net.jradius.server.ListenerRequest;
import net.jradius.server.TCPListener;
import net.jradius.util.MessageAuthenticator;

/* loaded from: input_file:net/jradius/radsec/RadSecListener.class */
public class RadSecListener extends TCPListener {
    private String tunnelSharedSecret = "radsec";

    public RadSecListener() {
        this.sslWantClientAuth = true;
        this.sslNeedClientAuth = true;
        this.keepAlive = true;
        this.requiresSSL = true;
        this.port = 2083;
    }

    public JRadiusEvent parseRequest(ListenerRequest listenerRequest, ByteBuffer byteBuffer, InputStream inputStream) throws IOException, RadiusException {
        RadiusRequest parseUDP;
        RadSecRequest radSecRequest = new RadSecRequest();
        ByteBuffer byteBuffer2 = radSecRequest.buffer_in;
        int readUnsignedByte = RadiusFormat.readUnsignedByte(inputStream);
        int readUnsignedByte2 = RadiusFormat.readUnsignedByte(inputStream);
        int readUnsignedShort = RadiusFormat.readUnsignedShort(inputStream) - 4;
        if (readUnsignedShort <= 0) {
            return null;
        }
        byteBuffer2.clear();
        byteBuffer2.limit(inputStream.read(byteBuffer2.array(), 0, readUnsignedShort));
        if (byteBuffer2.limit() != readUnsignedShort || (parseUDP = PacketFactory.parseUDP(readUnsignedByte, readUnsignedByte2, readUnsignedShort, byteBuffer2, false)) == null) {
            return null;
        }
        if (parseUDP instanceof AccountingRequest) {
            if (!parseUDP.verifyAuthenticator(this.tunnelSharedSecret)) {
                throw new RadiusException("Bad RadSec tunnel shared secret, set to " + this.tunnelSharedSecret);
            }
            parseUDP.addAttribute(new Attr_SharedSecret(this.tunnelSharedSecret));
        } else if (parseUDP instanceof RadiusRequest) {
            try {
                Boolean verifyRequest = MessageAuthenticator.verifyRequest(parseUDP, this.tunnelSharedSecret);
                if (verifyRequest == null) {
                    throw new RadiusException("Message-Authenticator required");
                }
                if (!Boolean.TRUE.equals(verifyRequest)) {
                    throw new RadiusException("Bad RadSec tunnel shared secret, set to " + this.tunnelSharedSecret);
                }
                parseUDP.addAttribute(new Attr_SharedSecret(this.tunnelSharedSecret));
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        parseUDP.addAttribute(new Attr_SharedSecret(this.tunnelSharedSecret));
        radSecRequest.setSender("RadSec");
        radSecRequest.setPackets(new RadiusPacket[]{parseUDP, new NullResponse()});
        radSecRequest.setConfigItems(new AttributeList());
        return radSecRequest;
    }

    public void setTunnelSharedSecret(String str) {
        this.tunnelSharedSecret = str;
    }
}
