package software.netcore.unimus.common.aaa.impl;

import java.io.IOException;
import java.net.SocketException;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.tinyradius.packet.AccessRequest;
import org.tinyradius.packet.AccountingRequest;
import org.tinyradius.packet.RadiusPacket;
import org.tinyradius.util.RadiusClient;
import org.tinyradius.util.RadiusException;
import software.netcore.unimus.common.aaa.spi.AAAStorage;
import software.netcore.unimus.common.aaa.spi.AccountingException;
import software.netcore.unimus.common.aaa.spi.data.Account;
import software.netcore.unimus.common.aaa.spi.data.AuthenticationType;
import software.netcore.unimus.common.aaa.spi.data.RadiusConfig;
import software.netcore.unimus.common.aaa.spi.event.RadiusUnreachableEvent;

/* loaded from: input_file:BOOT-INF/lib/unimus-common-aaa-impl-3.10.1-STAGE.jar:software/netcore/unimus/common/aaa/impl/RadiusAAAProvider.class */
public class RadiusAAAProvider implements AAAProvider {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) RadiusAAAProvider.class);
    private final AAAProperties properties;
    private final ApplicationEventPublisher eventPublisher;
    private final AAAStorage aaaStorage;

    @Override // software.netcore.unimus.common.aaa.impl.AAAProvider
    public AuthenticationType getAuthenticationType() {
        return AuthenticationType.RADIUS;
    }

    @Override // software.netcore.unimus.common.aaa.impl.AAAProvider
    public boolean authentication(Account account, String str) {
        RadiusConfig config = getConfig();
        return checkConfig(config) && authentication(account.getUsername(), str, config);
    }

    public boolean authentication(String str, String str2, RadiusConfig radiusConfig) {
        String str3;
        log.trace("'{}' authenticating user '{}' with {} character password.", RadiusAAAProvider.class.getSimpleName(), str, Integer.valueOf(str2.length()));
        RadiusClient radiusClient = getRadiusClient(radiusConfig);
        switch (radiusConfig.getAuthProtocol()) {
            case CHAP:
                str3 = AccessRequest.AUTH_CHAP;
                break;
            case PAP:
                str3 = AccessRequest.AUTH_PAP;
                break;
            default:
                throw new IllegalArgumentException("Unknown radius auth protocol!");
        }
        log.trace("Radius using '{}' auth protocol", str3);
        AccessRequest accessRequest = new AccessRequest(str, str2);
        accessRequest.setPacketType(1);
        accessRequest.setAuthProtocol(str3);
        accessRequest.addAttribute("Service-Type", "Login-User");
        accessRequest.addAttribute("NAS-Identifier", this.properties.getRadiusNasId());
        try {
            RadiusPacket authenticate = radiusClient.authenticate(accessRequest);
            log.trace("Radius response = '{}'", authenticate);
            return authenticate.getPacketType() == 2;
        } catch (IOException | RadiusException e) {
            log.warn("Radius timeout or communication problem to '{}' - error '{}'", radiusConfig.getServerAddress(), e.getMessage());
            this.eventPublisher.publishEvent((ApplicationEvent) new RadiusUnreachableEvent(this, e.getMessage()));
            return false;
        }
    }

    @Override // software.netcore.unimus.common.aaa.impl.AAAProvider
    public void accounting(@NonNull AccountingType accountingType, @NonNull String str, @NonNull String str2, AAAProvider aAAProvider, long j) throws AccountingException {
        String str3;
        if (accountingType == null) {
            throw new NullPointerException("type is marked non-null but is null");
        }
        if (str == null) {
            throw new NullPointerException("username is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("sessionId is marked non-null but is null");
        }
        RadiusConfig config = getConfig();
        if (checkConfig(config)) {
            log.trace("'{}' processing accounting for user '{}', type '{}'.", RadiusAAAProvider.class.getSimpleName(), str, accountingType);
            RadiusClient radiusClient = getRadiusClient(config);
            AccountingRequest accountingRequest = new AccountingRequest();
            accountingRequest.setPacketType(4);
            accountingRequest.setUserName(str);
            accountingRequest.addAttribute("Acct-Session-Id", str2);
            if (accountingType == AccountingType.START) {
                if (aAAProvider.getAuthenticationType() == AuthenticationType.LOCAL) {
                    str3 = "Local";
                } else if (aAAProvider.getAuthenticationType() == AuthenticationType.RADIUS) {
                    str3 = "RADIUS";
                } else {
                    if (aAAProvider.getAuthenticationType() != AuthenticationType.LDAP) {
                        throw new IllegalArgumentException("Used AAAProvider not supported by Radius accounting");
                    }
                    str3 = "Remote";
                }
                accountingRequest.setAcctStatusType(1);
                accountingRequest.addAttribute("Service-Type", "Administrative-User");
                accountingRequest.addAttribute("NAS-Port-Type", "Virtual");
                accountingRequest.addAttribute("Acct-Authentic", str3);
            } else {
                if (accountingType != AccountingType.STOP) {
                    throw new IllegalStateException("Unsupported accounting type");
                }
                accountingRequest.setAcctStatusType(2);
                accountingRequest.addAttribute("Acct-Session-Time", Long.toString(j));
            }
            try {
                radiusClient.account(accountingRequest);
            } catch (IOException | RadiusException e) {
                log.warn("Radius timeout or communication problem to '{}' - error '{}'", config.getServerAddress(), e.getMessage());
            }
        }
    }

    private RadiusConfig getConfig() {
        try {
            return this.aaaStorage.findRadiusConfig();
        } catch (Exception e) {
            log.warn("Failed to get radius configuration. Reason = '{}'.", e.getMessage());
            return null;
        }
    }

    private boolean checkConfig(RadiusConfig radiusConfig) {
        return (radiusConfig == null || !radiusConfig.getEnabled().booleanValue() || radiusConfig.getServerAddress().trim().isEmpty() || radiusConfig.getSharedSecret().trim().isEmpty()) ? false : true;
    }

    private RadiusClient getRadiusClient(RadiusConfig radiusConfig) {
        RadiusClient radiusClient = new RadiusClient(radiusConfig.getServerAddress(), radiusConfig.getSharedSecret());
        try {
            radiusClient.setSocketTimeout(this.properties.getRadiusTimeout());
            radiusClient.setRetryCount(this.properties.getRadiusRetryCount());
            radiusClient.setAuthPort(radiusConfig.getAuthPort().intValue());
            radiusClient.setAcctPort(radiusConfig.getAcctPort().intValue());
            return radiusClient;
        } catch (SocketException e) {
            throw new IllegalArgumentException("Radius port, timeout or retry value invalid");
        }
    }

    public RadiusAAAProvider(AAAProperties aAAProperties, ApplicationEventPublisher applicationEventPublisher, AAAStorage aAAStorage) {
        this.properties = aAAProperties;
        this.eventPublisher = applicationEventPublisher;
        this.aaaStorage = aAAStorage;
    }
}
