package org.wbemservices.wbem.spi.radius;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.MessageDigest;
import java.util.Random;
import javax.wbem.cim.CIMException;
import javax.wbem.client.Debug;
import org.wbemservices.wbem.bootstrap.StartWBEMServices;
import org.wbemservices.wbem.cimom.security.UserPasswordProvider;

/* loaded from: input_file:118651-18/SUNWseput/reloc/wsi/server/jws/lib/cimxmlcpa.jar:org/wbemservices/wbem/spi/radius/RadiusUserPasswordProvider.class */
public final class RadiusUserPasswordProvider implements UserPasswordProvider {
    private DatagramSocket socket;
    private MessageDigest md5;
    private final int PACKET_RETRIES = 3;
    private final int SOCKET_TIMEOUT = 6000;
    private final int PACKET_HEADER_LENGTH = 20;
    private final int MIN_PACKET_LENGTH = 20;
    private final int MAX_PACKET_LENGTH = 4096;
    private final int DEFAULT_AUTH_PORT = 1812;
    private final int MIN_AUTH_PORT = 0;
    private final int MAX_AUTH_PORT = 65536;
    private final String DEFAULT_SERVER = "localhost";
    private final int ATTR_USER_NAME = 1;
    private final int ATTR_USER_PASSWORD = 2;
    private final int ATTR_IP_ADDRESS = 4;
    private final int CODE_ACCESS_REQUEST = 1;
    private final int CODE_ACCESS_ACCEPT = 2;
    private final String SYS_PROP_AUTH_PORT = StartWBEMServices.RADIUS_AUTH_PORT;
    private final String SYS_PROP_SERVER = StartWBEMServices.RADIUS_SERVER;
    private final String SYS_PROP_SHARED_SECRET = StartWBEMServices.RADIUS_SHARED_SECRET;
    private Random rand = new Random();
    private String sharedSecret = getSharedSecret();
    private int authPort = getAuthPort();
    private String localHost = getLocalHost();
    private String radiusServer = getRadiusServer();

    public RadiusUserPasswordProvider() {
        this.socket = null;
        try {
            this.md5 = MessageDigest.getInstance("MD5");
            this.socket = new DatagramSocket();
            this.socket.setSoTimeout(6000);
        } catch (Exception e) {
            Debug.trace1("RadiusUserPasswordProvider: error setting socket timeout");
        }
    }

    @Override // org.wbemservices.wbem.cimom.security.UserPasswordProvider
    public String getEncryptedPassword(String str, int i) throws CIMException {
        throw new CIMException(CIMException.CIM_ERR_NOT_SUPPORTED);
    }

    @Override // org.wbemservices.wbem.cimom.security.UserPasswordProvider
    public String writeLocalAuthenticator(String str, String str2, String str3) throws CIMException {
        return null;
    }

    @Override // org.wbemservices.wbem.cimom.security.UserPasswordProvider
    public boolean authenticateUser(String str, String str2) throws CIMException {
        DatagramPacket packetExchange;
        boolean z = false;
        if (str2 == null || str2.trim().length() == 0) {
            Debug.trace2("RadiusUserPasswordProvider: NULL or empty password when authenticating user");
            return false;
        }
        try {
            byte[] requestAuthenticator = getRequestAuthenticator();
            byte randomByte = getRandomByte();
            DatagramPacket createRequestPacket = createRequestPacket(str, str2, randomByte, requestAuthenticator);
            if (createRequestPacket != null && (packetExchange = packetExchange(createRequestPacket)) != null) {
                int verifyRespPacket = verifyRespPacket(randomByte, packetExchange, requestAuthenticator);
                if (verifyRespPacket != 2) {
                    Debug.trace2(new StringBuffer().append("RadiusUserPasswordProvider: NOT Access Accept, response code = ").append(verifyRespPacket).toString());
                } else {
                    Debug.trace3("RadiusUserPasswordProvider: Access Accept!");
                    z = true;
                }
            }
        } catch (Exception e) {
            Debug.trace1("RadiusUserPasswordProvider: caught exception authenticating user");
        }
        return z;
    }

    @Override // org.wbemservices.wbem.cimom.security.UserPasswordProvider
    public boolean authenticateRole(String str, String str2, String str3) throws CIMException {
        return (str2 == null || str2.trim().length() == 0 || str3 == null || str3.trim().length() == 0) ? false : true;
    }

    @Override // org.wbemservices.wbem.cimom.security.UserPasswordProvider
    public void auditLogin(String str, String str2, long j) throws CIMException {
    }

    private byte getRandomByte() {
        return (byte) this.rand.nextInt();
    }

    private byte[] getRequestAuthenticator() {
        byte[] bArr = new byte[16];
        for (int i = 0; i < 16; i++) {
            bArr[i] = getRandomByte();
        }
        this.md5.reset();
        this.md5.update(this.sharedSecret.getBytes());
        this.md5.update(bArr);
        return this.md5.digest();
    }

    private void updateRequestAttribute(int i, byte[] bArr, ByteArrayOutputStream byteArrayOutputStream) {
        short length = (short) bArr.length;
        byteArrayOutputStream.write(i);
        byteArrayOutputStream.write(length + 2);
        byteArrayOutputStream.write(bArr, 0, length);
    }

    private DatagramPacket createRequestPacket(String str, String str2, byte b, byte[] bArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        byte[] encryptPass = encryptPass(str2, bArr);
        updateRequestAttribute(1, str.getBytes(), byteArrayOutputStream2);
        updateRequestAttribute(2, encryptPass, byteArrayOutputStream2);
        updateRequestAttribute(4, this.localHost.getBytes(), byteArrayOutputStream2);
        int size = (short) (20 + byteArrayOutputStream2.size());
        byte[] byteArray = byteArrayOutputStream2.toByteArray();
        try {
            dataOutputStream.writeByte(1);
            dataOutputStream.writeByte(b);
            dataOutputStream.writeShort(size);
            dataOutputStream.write(bArr, 0, 16);
            dataOutputStream.write(byteArray, 0, byteArray.length);
            DatagramPacket datagramPacket = new DatagramPacket(new byte[size], size);
            datagramPacket.setPort(this.authPort);
            datagramPacket.setAddress(InetAddress.getByName(this.radiusServer));
            datagramPacket.setLength(size);
            datagramPacket.setData(byteArrayOutputStream.toByteArray());
            dataOutputStream.close();
            byteArrayOutputStream.close();
            return datagramPacket;
        } catch (Exception e) {
            Debug.trace1("RadiusUserPasswordProvider: caught exception creating request packet");
            return null;
        }
    }

    private DatagramPacket packetExchange(DatagramPacket datagramPacket) {
        int length = datagramPacket.getLength();
        if (length < 20 || length > 4096) {
            Debug.trace1(new StringBuffer().append("RadiusUserPasswordProvider: send packet has invalid length: ").append(length).toString());
            return null;
        }
        DatagramPacket datagramPacket2 = new DatagramPacket(new byte[4096], 4096);
        for (int i = 1; i <= 3; i++) {
            try {
                this.socket.send(datagramPacket);
                this.socket.receive(datagramPacket2);
                return datagramPacket2;
            } catch (Exception e) {
            }
        }
        Debug.trace1("RadiusUserPasswordProvider: couldn't send or receive packet in 3 tries");
        return null;
    }

    private int verifyRespPacket(byte b, DatagramPacket datagramPacket, byte[] bArr) {
        int i = -1;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(datagramPacket.getData());
        DataInputStream dataInputStream = new DataInputStream(byteArrayInputStream);
        try {
            byte readByte = dataInputStream.readByte();
            i = readByte & 255;
            if (b != dataInputStream.readByte()) {
                Debug.trace2("RadiusUserPasswordProvider: request and response packet identifers don't match!");
            }
            short readShort = (short) (dataInputStream.readShort() & 65535);
            byte[] bArr2 = new byte[16];
            dataInputStream.readFully(bArr2);
            byte[] bArr3 = new byte[readShort - 20];
            dataInputStream.readFully(bArr3);
            byte[] makeResponseAuthenticator = makeResponseAuthenticator(readByte, b, readShort, bArr, bArr3);
            if (bArr2.length == 16 && makeResponseAuthenticator.length == 16) {
                for (int i2 = 0; i2 < bArr2.length; i2++) {
                    if (bArr2[i2] != makeResponseAuthenticator[i2]) {
                        Debug.trace2("RadiusUserPasswordProvider: request and response authenticators don't match");
                    }
                }
            } else {
                Debug.trace2("RadiusUserPasswordProvider: packet authentication length invalid");
            }
            dataInputStream.close();
            byteArrayInputStream.close();
        } catch (IOException e) {
        }
        return i;
    }

    private byte[] encryptPass(String str, byte[] bArr) {
        if (str.length() > 128) {
            str = str.substring(0, 128);
        }
        byte[] bytes = str.getBytes();
        byte[] bArr2 = bytes.length < 128 ? bytes.length % 16 == 0 ? new byte[bytes.length] : new byte[((bytes.length / 16) * 16) + 16] : new byte[128];
        System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
        for (int length = bytes.length; length < bArr2.length; length++) {
            bArr2[length] = 0;
        }
        this.md5.reset();
        this.md5.update(this.sharedSecret.getBytes());
        this.md5.update(bArr);
        byte[] digest = this.md5.digest();
        for (int i = 0; i < 16; i++) {
            bArr2[i] = (byte) (digest[i] ^ bArr2[i]);
        }
        if (bArr2.length > 16) {
            for (int i2 = 16; i2 < bArr2.length; i2 += 16) {
                this.md5.reset();
                this.md5.update(this.sharedSecret.getBytes());
                this.md5.update(bArr2, i2 - 16, 16);
                byte[] digest2 = this.md5.digest();
                for (int i3 = 0; i3 < 16; i3++) {
                    bArr2[i2 + i3] = (byte) (digest2[i3] ^ bArr2[i2 + i3]);
                }
            }
        }
        return bArr2;
    }

    private byte[] makeResponseAuthenticator(byte b, byte b2, short s, byte[] bArr, byte[] bArr2) {
        this.md5.reset();
        this.md5.update(b);
        this.md5.update(b2);
        this.md5.update((byte) (s >> 8));
        this.md5.update((byte) (s & 255));
        this.md5.update(bArr, 0, bArr.length);
        this.md5.update(bArr2, 0, bArr2.length);
        this.md5.update(this.sharedSecret.getBytes());
        return this.md5.digest();
    }

    private String getLocalHost() {
        String str = "localhost";
        try {
            str = InetAddress.getLocalHost().getHostAddress();
        } catch (UnknownHostException e) {
        }
        return str;
    }

    private String getRadiusServer() {
        String str = "localhost";
        String property = System.getProperty(StartWBEMServices.RADIUS_SERVER);
        if (property != null) {
            str = property;
            Debug.trace3(new StringBuffer().append("RadiusUserPasswordProvider: Using specified radius server: ").append(str).toString());
        } else {
            Debug.trace3(new StringBuffer().append("RadiusUserPasswordProvider: No Radius server specified, using default server: ").append(str).toString());
        }
        return str;
    }

    private int getAuthPort() {
        int i = 1812;
        String property = System.getProperty(StartWBEMServices.RADIUS_AUTH_PORT);
        if (property != null) {
            try {
                i = Integer.decode(property).intValue();
                if (i < 0 || i > 65536) {
                    throw new NumberFormatException();
                }
                Debug.trace3(new StringBuffer().append("RadiusUserPasswordProvider: Using specified authorization port: ").append(i).toString());
            } catch (NumberFormatException e) {
                Debug.trace1(new StringBuffer().append("RadiusUserPasswordProvider: Invalid authorization port specified: ").append(property).toString());
                return -1;
            }
        } else {
            Debug.trace3(new StringBuffer().append("RadiusUserPasswordProvider: No authorization port specified, using default port: ").append(1812).toString());
        }
        return i;
    }

    private String getSharedSecret() {
        String property = System.getProperty(StartWBEMServices.RADIUS_SHARED_SECRET);
        if (property == null) {
            Debug.trace1("RadiusUserPasswordProvider: No Radius shared secret specified");
        }
        return property;
    }
}
