package org.opennms.protocols.radius.springsecurity;

import java.io.IOException;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.Iterator;
import net.jradius.client.RadiusClient;
import net.jradius.client.auth.PAPAuthenticator;
import net.jradius.client.auth.RadiusAuthenticator;
import net.jradius.dictionary.Attr_UserName;
import net.jradius.dictionary.Attr_UserPassword;
import net.jradius.exception.RadiusException;
import net.jradius.packet.AccessAccept;
import net.jradius.packet.AccessRequest;
import net.jradius.packet.RadiusResponse;
import net.jradius.packet.attribute.AttributeFactory;
import net.jradius.packet.attribute.AttributeList;
import net.jradius.packet.attribute.RadiusAttribute;
import org.opennms.core.utils.InetAddressUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/opennms/protocols/radius/springsecurity/RadiusAuthenticationProvider.class */
public class RadiusAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
    private static final Logger LOG = LoggerFactory.getLogger(RadiusAuthenticationProvider.class);
    private String server;
    private String secret;
    private int port = 1812;
    private int timeout = 5;
    private int retries = 3;
    private RadiusAuthenticator authTypeClass = null;
    private String defaultRoles = "ROLE_USER";
    private String rolesAttribute;

    public RadiusAuthenticationProvider(String str, String str2) {
        Assert.hasLength(str, "A server must be specified");
        this.server = str;
        Assert.hasLength(str2, "A shared secret must be specified");
        this.secret = str2;
    }

    protected void doAfterPropertiesSet() throws Exception {
        Assert.notNull(Integer.valueOf(this.port), "A port number must be specified");
        Assert.notNull(Integer.valueOf(this.timeout), "A timeout must be specified");
        Assert.notNull(Integer.valueOf(this.retries), "A retry count must be specified");
        Assert.notNull(this.defaultRoles, "Default Roles must be supplied in defaultRoles");
    }

    public void setPort(int i) {
        this.port = i;
    }

    public void setTimeout(int i) {
        this.timeout = i;
    }

    public void setRetries(int i) {
        this.retries = i;
    }

    public void setAuthTypeClass(RadiusAuthenticator radiusAuthenticator) {
        if (radiusAuthenticator instanceof PAPAuthenticator) {
            this.authTypeClass = null;
        } else {
            this.authTypeClass = radiusAuthenticator;
        }
    }

    public void setDefaultRoles(String str) {
        this.defaultRoles = str;
    }

    public void setRolesAttribute(String str) {
        this.rolesAttribute = str;
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        if (!userDetails.getPassword().equals(usernamePasswordAuthenticationToken.getCredentials().toString())) {
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), userDetails);
        }
    }

    protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        if (!StringUtils.hasLength(str)) {
            LOG.info("Authentication attempted with empty username");
            throw new BadCredentialsException(this.messages.getMessage("RadiusAuthenticationProvider.emptyUsername", "Username cannot be empty"));
        }
        String str2 = (String) usernamePasswordAuthenticationToken.getCredentials();
        if (!StringUtils.hasLength(str2)) {
            LOG.info("Authentication attempted with empty password");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        InetAddress addr = InetAddressUtils.addr(this.server);
        if (addr == null) {
            LOG.error("Could not resolve radius server address {}", this.server);
            throw new AuthenticationServiceException(this.messages.getMessage("RadiusAuthenticationProvider.unknownServer", "Could not resolve radius server address"));
        }
        AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl");
        AttributeList attributeList = new AttributeList();
        attributeList.add(new Attr_UserName(str));
        attributeList.add(new Attr_UserPassword(str2));
        try {
            RadiusClient radiusClient = new RadiusClient(addr, this.secret, this.port, this.port + 1, this.timeout);
            AccessRequest accessRequest = new AccessRequest(radiusClient, attributeList);
            Logger logger = LOG;
            Object[] objArr = new Object[6];
            objArr[0] = InetAddressUtils.str(addr);
            objArr[1] = Integer.valueOf(this.port);
            objArr[2] = this.authTypeClass == null ? "PAP" : this.authTypeClass.getAuthName();
            objArr[3] = Integer.valueOf(this.timeout);
            objArr[4] = Integer.valueOf(this.retries);
            objArr[5] = attributeList.toString();
            logger.debug("Sending AccessRequest message to {}:{} using {} protocol with timeout = {}, retries = {}, attributes:\n{}", objArr);
            RadiusResponse authenticate = radiusClient.authenticate(accessRequest, this.authTypeClass, this.retries);
            if (authenticate == null) {
                LOG.error("Timed out connecting to radius server {}", this.server);
                throw new AuthenticationServiceException(this.messages.getMessage("RadiusAuthenticationProvider.radiusTimeout", "Timed out connecting to radius server"));
            }
            if (!(authenticate instanceof AccessAccept)) {
                LOG.info("Received a reply other than AccessAccept from radius server {} for user {} :\n{}", new Object[]{this.server, str, authenticate.toString()});
                throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
            }
            LOG.debug("Received AccessAccept message from {}:{} for user {} with attributes:\n{}", new Object[]{InetAddressUtils.str(addr), Integer.valueOf(this.port), str, authenticate.getAttributes().toString()});
            String str3 = null;
            if (StringUtils.hasLength(this.rolesAttribute)) {
                Iterator it = authenticate.getAttributes().getAttributeList().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    RadiusAttribute radiusAttribute = (RadiusAttribute) it.next();
                    if (this.rolesAttribute.equals(radiusAttribute.getAttributeName())) {
                        str3 = new String(radiusAttribute.getValue().getBytes());
                        break;
                    }
                }
                if (str3 == null) {
                    LOG.info("Radius attribute {} not found, using default roles ({}) for user {}", new Object[]{this.rolesAttribute, this.defaultRoles, str});
                    str3 = new String(this.defaultRoles);
                }
            } else {
                LOG.debug("rolesAttribute not set, using default roles ({}) for user {}", this.defaultRoles, str);
                str3 = new String(this.defaultRoles);
            }
            String[] split = str3.replaceAll("\\s*", "").split(",");
            ArrayList arrayList = new ArrayList(split.length);
            for (String str4 : split) {
                arrayList.add(new SimpleGrantedAuthority(str4));
            }
            StringBuffer stringBuffer = new StringBuffer();
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                stringBuffer.append(((GrantedAuthority) it2.next()).toString() + ", ");
            }
            if (stringBuffer.length() > 0) {
                stringBuffer.delete(stringBuffer.length() - 2, stringBuffer.length());
            }
            LOG.debug("Parsed roles {} for user {}", stringBuffer, str);
            return new User(str, str2, true, true, true, true, arrayList);
        } catch (RadiusException e) {
            LOG.error("Error connecting to radius server {} : {}", this.server, e);
            throw new AuthenticationServiceException(this.messages.getMessage("RadiusAuthenticationProvider.radiusError", new Object[]{e}, "Error connecting to radius server: " + e));
        } catch (IOException e2) {
            LOG.error("Error connecting to radius server {} : {}", this.server, e2);
            throw new AuthenticationServiceException(this.messages.getMessage("RadiusAuthenticationProvider.radiusError", new Object[]{e2}, "Error connecting to radius server: " + e2));
        }
    }
}
