package org.opennms.protocols.radius.monitor;

import java.net.InetAddress;
import java.util.Map;
import net.jradius.client.RadiusClient;
import net.jradius.client.auth.CHAPAuthenticator;
import net.jradius.client.auth.EAPMD5Authenticator;
import net.jradius.client.auth.EAPMSCHAPv2Authenticator;
import net.jradius.client.auth.EAPTTLSAuthenticator;
import net.jradius.client.auth.MSCHAPv1Authenticator;
import net.jradius.client.auth.MSCHAPv2Authenticator;
import net.jradius.client.auth.PAPAuthenticator;
import net.jradius.dictionary.Attr_NASIdentifier;
import net.jradius.dictionary.Attr_Password;
import net.jradius.dictionary.Attr_UserName;
import net.jradius.dictionary.Attr_UserPassword;
import net.jradius.packet.AccessAccept;
import net.jradius.packet.AccessRequest;
import net.jradius.packet.RadiusResponse;
import net.jradius.packet.attribute.AttributeFactory;
import net.jradius.packet.attribute.AttributeList;
import org.opennms.core.utils.ParameterMap;
import org.opennms.core.utils.TimeoutTracker;
import org.opennms.netmgt.poller.Distributable;
import org.opennms.netmgt.poller.MonitoredService;
import org.opennms.netmgt.poller.PollStatus;
import org.opennms.netmgt.poller.support.AbstractServiceMonitor;
import org.opennms.protocols.radius.utils.RadiusUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Distributable
/* loaded from: input_file:org/opennms/protocols/radius/monitor/RadiusAuthMonitor.class */
public final class RadiusAuthMonitor extends AbstractServiceMonitor {
    private static final Logger LOG = LoggerFactory.getLogger(RadiusAuthMonitor.class);
    public static final int DEFAULT_TIMEOUT = 5000;
    public static final int DEFAULT_RETRY = 0;
    public static final int DEFAULT_AUTH_PORT = 1812;
    public static final int DEFAULT_ACCT_PORT = 1813;
    public static final String DEFAULT_AUTH_TYPE = "pap";
    public static final String DEFAULT_USER = "OpenNMS";
    public static final String DEFAULT_PASSWORD = "OpenNMS";
    public static final String DEFAULT_SECRET = "secret";
    public static final String DEFAULT_NASID = "opennms";
    public static final String DEFAULT_INNER_USER = "Inner-OpenNMS";
    public static final String DEFAULT_TTLS_INNER_AUTH_TYPE = "pap";

    public RadiusAuthMonitor() throws ClassNotFoundException, InstantiationException, IllegalAccessException {
        LOG.info("RadiusAuthMonitor class loaded");
    }

    public PollStatus poll(MonitoredService monitoredService, Map<String, Object> map) {
        CHAPAuthenticator eAPMD5Authenticator;
        PollStatus unavailable = PollStatus.unavailable();
        if (map == null) {
            throw new NullPointerException();
        }
        TimeoutTracker timeoutTracker = new TimeoutTracker(map, 0, DEFAULT_TIMEOUT);
        int keyedInteger = ParameterMap.getKeyedInteger(map, "authport", 1812);
        int keyedInteger2 = ParameterMap.getKeyedInteger(map, "acctport", 1813);
        String keyedString = ParameterMap.getKeyedString(map, "user", "OpenNMS");
        String keyedString2 = ParameterMap.getKeyedString(map, "password", "OpenNMS");
        String keyedString3 = ParameterMap.getKeyedString(map, "secret", "secret");
        String keyedString4 = ParameterMap.getKeyedString(map, "authtype", "pap");
        String keyedString5 = ParameterMap.getKeyedString(map, "nasid", "opennms");
        String keyedString6 = ParameterMap.getKeyedString(map, "inner-protocol", "pap");
        String keyedString7 = ParameterMap.getKeyedString(map, "inner-user", "Inner-OpenNMS");
        String keyedString8 = ParameterMap.getKeyedString(map, "certificate", (String) null);
        InetAddress address = monitoredService.getAddress();
        AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl");
        try {
            RadiusClient radiusClient = new RadiusClient(address, keyedString3, keyedInteger, keyedInteger2, convertTimeoutToSeconds(ParameterMap.getKeyedInteger(map, "timeout", DEFAULT_TIMEOUT)));
            timeoutTracker.reset();
            while (true) {
                if (!timeoutTracker.shouldRetry()) {
                    break;
                }
                AttributeList attributeList = new AttributeList();
                attributeList.add(new Attr_UserName(keyedString));
                attributeList.add(new Attr_NASIdentifier(keyedString5));
                attributeList.add(new Attr_UserPassword(keyedString2));
                AccessRequest accessRequest = new AccessRequest(radiusClient, attributeList);
                if (keyedString4.equalsIgnoreCase("chap")) {
                    eAPMD5Authenticator = new CHAPAuthenticator();
                } else if (keyedString4.equalsIgnoreCase("pap")) {
                    eAPMD5Authenticator = new PAPAuthenticator();
                } else if (keyedString4.equalsIgnoreCase("mschapv1")) {
                    eAPMD5Authenticator = new MSCHAPv1Authenticator();
                } else if (keyedString4.equalsIgnoreCase("mschapv2")) {
                    eAPMD5Authenticator = new MSCHAPv2Authenticator();
                } else if (keyedString4.equalsIgnoreCase("eapmd5") || keyedString4.equalsIgnoreCase("eap-md5")) {
                    eAPMD5Authenticator = new EAPMD5Authenticator();
                } else if (keyedString4.equalsIgnoreCase("eapmschapv2") || keyedString4.equalsIgnoreCase("eap-mschapv2")) {
                    eAPMD5Authenticator = new EAPMSCHAPv2Authenticator();
                } else {
                    if (!RadiusUtils.isTunneling(keyedString4)) {
                        String str = "Unknown authenticator type '" + keyedString4 + "'";
                        LOG.debug(str);
                        return PollStatus.unavailable(str);
                    }
                    if (keyedString7 == null) {
                        String str2 = "TLS AAA type requested but no inner user defined. Authtype: '" + keyedString4 + "'";
                        LOG.debug(str2);
                        return PollStatus.unavailable(str2);
                    }
                    CHAPAuthenticator cHAPAuthenticator = null;
                    if (RadiusUtils.isEAPTTLS(keyedString4)) {
                        cHAPAuthenticator = new EAPTTLSAuthenticator();
                        EAPTTLSAuthenticator eAPTTLSAuthenticator = (EAPTTLSAuthenticator) cHAPAuthenticator;
                        if (keyedString6 != "pap") {
                            String str3 = "RadiusMonitor can only use 'pap' as inner auth protocol, not " + keyedString6;
                            LOG.debug(str3);
                            return PollStatus.unavailable(str3);
                        }
                        eAPTTLSAuthenticator.setInnerProtocol(keyedString6);
                        AttributeList attributeList2 = new AttributeList();
                        attributeList2.add(new Attr_UserName(keyedString7));
                        attributeList2.add(new Attr_Password(keyedString2));
                        eAPTTLSAuthenticator.setTunneledAttributes(attributeList2);
                    } else if (keyedString4.equalsIgnoreCase("peap")) {
                        LOG.debug("Support for eap peap is not ready yet");
                        return PollStatus.unavailable("Support for eap peap is not ready yet");
                    }
                    LOG.warn("Server certificate will be trusted");
                    if (keyedString8 == null) {
                        cHAPAuthenticator.setTrustAll(true);
                    }
                    eAPMD5Authenticator = cHAPAuthenticator;
                }
                timeoutTracker.startAttempt();
                RadiusResponse authenticate = radiusClient.authenticate(accessRequest, eAPMD5Authenticator, ParameterMap.getKeyedInteger(map, "retry", 0));
                if (authenticate instanceof AccessAccept) {
                    double elapsedTimeInMillis = timeoutTracker.elapsedTimeInMillis();
                    unavailable = PollStatus.available(Double.valueOf(elapsedTimeInMillis));
                    LOG.debug("Radius service is AVAILABLE on: {}", address.getCanonicalHostName());
                    LOG.debug("poll: responseTime= {}", Double.valueOf(elapsedTimeInMillis));
                    break;
                }
                if (authenticate != null) {
                    LOG.debug("response returned, but request was not accepted: {}", authenticate);
                }
                String str4 = "Invalid RADIUS reply: " + authenticate;
                LOG.debug(str4);
                unavailable = PollStatus.unavailable(str4);
                timeoutTracker.nextAttempt();
            }
        } catch (Throwable th) {
            String str5 = "Error while attempting to connect to the RADIUS service on " + address.getCanonicalHostName();
            LOG.debug(str5, th);
            unavailable = PollStatus.unavailable(str5);
        }
        return unavailable;
    }

    private int convertTimeoutToSeconds(int i) {
        if (i / 1000 > 0) {
            return i / 1000;
        }
        return 1;
    }

    static {
        RadiusUtils.loadSecurityProvider();
    }
}
