package org.tinyradius.packet;

import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.tinyradius.attribute.RadiusAttribute;
import org.tinyradius.attribute.StringAttribute;
import org.tinyradius.util.RadiusException;
import org.tinyradius.util.RadiusUtil;

/* loaded from: input_file:org/tinyradius/packet/AccessRequest.class */
public class AccessRequest extends RadiusPacket {
    public static final String AUTH_PAP = "pap";
    public static final String AUTH_CHAP = "chap";
    private String password;
    private String authProtocol;
    private byte[] chapPassword;
    private byte[] chapChallenge;
    private static final int USER_NAME = 1;
    private static final int USER_PASSWORD = 2;
    public static final int CLEARTEXT_PASSWORD = 1100;
    private static final int CHAP_PASSWORD = 3;
    private static final int CHAP_CHALLENGE = 60;
    private static SecureRandom random = new SecureRandom();
    private static Log logger = LogFactory.getLog(AccessRequest.class);

    public AccessRequest() {
        this.authProtocol = AUTH_PAP;
    }

    public AccessRequest(String str, String str2) {
        super(1, getNextPacketIdentifier());
        this.authProtocol = AUTH_PAP;
        setUserName(str);
        setUserPassword(str2);
    }

    public void setUserName(String str) {
        if (str == null) {
            throw new NullPointerException("user name not set");
        }
        if (str.length() == 0) {
            throw new IllegalArgumentException("empty user name not allowed");
        }
        removeAttributes(1);
        addAttribute(new StringAttribute(1, str));
    }

    public void setUserPassword(String str) {
        this.password = str;
    }

    public String getUserPassword() {
        return this.password;
    }

    public String getUserName() {
        List attributes = getAttributes(1);
        if (attributes.size() < 1 || attributes.size() > 1) {
            throw new RuntimeException("exactly one User-Name attribute required");
        }
        return ((StringAttribute) ((RadiusAttribute) attributes.get(0))).getAttributeValue();
    }

    public String getAuthProtocol() {
        return this.authProtocol;
    }

    public void setAuthProtocol(String str) {
        if (str == null || !(str.equals(AUTH_PAP) || str.equals(AUTH_CHAP))) {
            throw new IllegalArgumentException("protocol must be pap or chap");
        }
        this.authProtocol = str;
    }

    public boolean verifyPassword(String str) throws RadiusException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("password is empty");
        }
        return getAuthProtocol().equals(AUTH_CHAP) ? verifyChapPassword(str) : getUserPassword().equals(str);
    }

    @Override // org.tinyradius.packet.RadiusPacket
    protected void decodeRequestAttributes(String str) throws RadiusException {
        RadiusAttribute attribute = getAttribute(2);
        RadiusAttribute attribute2 = getAttribute(3);
        RadiusAttribute attribute3 = getAttribute(CHAP_CHALLENGE);
        if (attribute != null) {
            setAuthProtocol(AUTH_PAP);
            this.password = decodePapPassword(attribute.getAttributeData(), RadiusUtil.getUtf8Bytes(str));
            attribute.setAttributeData(RadiusUtil.getUtf8Bytes(this.password));
        } else {
            if (attribute2 == null || attribute3 == null) {
                throw new RadiusException("Access-Request: User-Password or CHAP-Password/CHAP-Challenge missing");
            }
            setAuthProtocol(AUTH_CHAP);
            this.chapPassword = attribute2.getAttributeData();
            this.chapChallenge = attribute3.getAttributeData();
        }
    }

    @Override // org.tinyradius.packet.RadiusPacket
    protected void encodeRequestAttributes(String str) {
        String attributeValue;
        if (this.password == null || this.password.length() == 0) {
            RadiusAttribute attribute = getAttribute(CLEARTEXT_PASSWORD);
            if (attribute == null || (attributeValue = attribute.getAttributeValue()) == null) {
                return;
            }
            removeAttributes(CLEARTEXT_PASSWORD);
            removeAttributes(2);
            addAttribute(new StringAttribute(2, attributeValue));
            return;
        }
        if (getAuthProtocol().equals(AUTH_PAP)) {
            byte[] encodePapPassword = encodePapPassword(RadiusUtil.getUtf8Bytes(this.password), RadiusUtil.getUtf8Bytes(str));
            removeAttributes(2);
            addAttribute(new RadiusAttribute(2, encodePapPassword));
        } else if (getAuthProtocol().equals(AUTH_CHAP)) {
            byte[] createChapChallenge = createChapChallenge();
            byte[] encodeChapPassword = encodeChapPassword(this.password, createChapChallenge);
            removeAttributes(3);
            removeAttributes(CHAP_CHALLENGE);
            addAttribute(new RadiusAttribute(3, encodeChapPassword));
            addAttribute(new RadiusAttribute(CHAP_CHALLENGE, createChapChallenge));
        }
    }

    private byte[] encodePapPassword(byte[] bArr, byte[] bArr2) {
        byte[] bArr3;
        if (bArr.length > 128) {
            bArr3 = new byte[128];
            System.arraycopy(bArr, 0, bArr3, 0, 128);
        } else {
            bArr3 = bArr;
        }
        byte[] bArr4 = bArr3.length < 128 ? bArr3.length % 16 == 0 ? new byte[bArr3.length] : new byte[((bArr3.length / 16) * 16) + 16] : new byte[128];
        System.arraycopy(bArr3, 0, bArr4, 0, bArr3.length);
        for (int length = bArr3.length; length < bArr4.length; length++) {
            bArr4[length] = 0;
        }
        MessageDigest md5Digest = getMd5Digest();
        byte[] bArr5 = new byte[16];
        int i = 0;
        while (i < bArr4.length) {
            md5Digest.reset();
            md5Digest.update(bArr2);
            md5Digest.update(i == 0 ? getAuthenticator() : bArr5);
            byte[] digest = md5Digest.digest();
            System.arraycopy(bArr4, i, bArr5, 0, 16);
            for (int i2 = 0; i2 < 16; i2++) {
                bArr4[i + i2] = (byte) (digest[i2] ^ bArr4[i + i2]);
            }
            i += 16;
        }
        return bArr4;
    }

    private String decodePapPassword(byte[] bArr, byte[] bArr2) throws RadiusException {
        if (bArr == null || bArr.length < 16) {
            logger.warn("invalid Radius packet: User-Password attribute with malformed PAP password, length = " + bArr.length + ", but length must be greater than 15");
            throw new RadiusException("malformed User-Password attribute");
        }
        MessageDigest md5Digest = getMd5Digest();
        byte[] bArr3 = new byte[16];
        int i = 0;
        while (i < bArr.length) {
            md5Digest.reset();
            md5Digest.update(bArr2);
            md5Digest.update(i == 0 ? getAuthenticator() : bArr3);
            byte[] digest = md5Digest.digest();
            System.arraycopy(bArr, i, bArr3, 0, 16);
            for (int i2 = 0; i2 < 16; i2++) {
                bArr[i + i2] = (byte) (digest[i2] ^ bArr[i + i2]);
            }
            i += 16;
        }
        int length = bArr.length;
        while (length > 0 && bArr[length - 1] == 0) {
            length--;
        }
        byte[] bArr4 = new byte[length];
        System.arraycopy(bArr, 0, bArr4, 0, length);
        return RadiusUtil.getStringFromUtf8(bArr4);
    }

    private byte[] createChapChallenge() {
        byte[] bArr = new byte[16];
        random.nextBytes(bArr);
        return bArr;
    }

    private byte[] encodeChapPassword(String str, byte[] bArr) {
        byte nextInt = (byte) random.nextInt(256);
        byte[] bArr2 = new byte[17];
        bArr2[0] = nextInt;
        MessageDigest md5Digest = getMd5Digest();
        md5Digest.reset();
        md5Digest.update(nextInt);
        md5Digest.update(RadiusUtil.getUtf8Bytes(str));
        System.arraycopy(md5Digest.digest(bArr), 0, bArr2, 1, 16);
        return bArr2;
    }

    private boolean verifyChapPassword(String str) throws RadiusException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("plaintext must not be empty");
        }
        if (this.chapChallenge == null || this.chapChallenge.length != 16) {
            throw new RadiusException("CHAP challenge must be 16 bytes");
        }
        if (this.chapPassword == null || this.chapPassword.length != 17) {
            throw new RadiusException("CHAP password must be 17 bytes");
        }
        byte b = this.chapPassword[0];
        MessageDigest md5Digest = getMd5Digest();
        md5Digest.reset();
        md5Digest.update(b);
        md5Digest.update(RadiusUtil.getUtf8Bytes(str));
        byte[] digest = md5Digest.digest(this.chapChallenge);
        for (int i = 0; i < 16; i++) {
            if (digest[i] != this.chapPassword[i + 1]) {
                return false;
            }
        }
        return true;
    }
}
