package com.sun.identity.authentication.modules.radius;

import com.iplanet.am.util.Debug;
import com.iplanet.am.util.Locale;
import com.iplanet.am.util.Misc;
import com.sun.identity.authentication.modules.radius.client.ChallengeException;
import com.sun.identity.authentication.modules.radius.client.RadiusConn;
import com.sun.identity.authentication.modules.radius.client.RejectException;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.spi.InvalidPasswordException;
import java.io.IOException;
import java.net.SocketException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.HashSet;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.StringTokenizer;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;

/* loaded from: input_file:119465-06/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/authentication/modules/radius/RADIUS.class */
public class RADIUS extends AMLoginModule {
    private Map sharedState;
    private static String adminDN;
    private static String hostName;
    private String challengeID;
    private static final int MSG_INFORMATION = 0;
    private static final int MSG_WARNING = 1;
    private static final int MSG_ERROR = 2;
    private static Debug debug;
    private static final String DEFAULT_TIMEOUT = "5";
    private static final String DEFAULT_SERVER_PORT = "1645";
    private String server1;
    private String server2;
    private String sharedSecret;
    private int screenState;
    private static final String amAuthRadius = "amAuthRadius";
    private boolean getCredentialsFromSharedState;
    private static HashSet orgHash = new HashSet();
    private static boolean helperConfigDone = false;
    private static Locale locale = null;
    private String userTokenId = null;
    private boolean primary = true;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private RADIUSPrincipal userPrincipal = null;
    private ResourceBundle bundle = null;
    private int iServerPort = 1645;
    private int iTimeOut = 5;
    private RadiusConn _radiusConn = null;
    private boolean radiusSSL = false;

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public void init(Subject subject, Map map, Map map2) {
        try {
            this.bundle = AMLoginModule.amCache.getResBundle(amAuthRadius, getLoginLocale());
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("Radius resbundle locale=").append(getLoginLocale()).toString());
            }
            this.sharedState = map;
            if (map2 != null) {
                try {
                    this.server1 = Misc.getServerMapAttr(map2, "iplanet-am-auth-radius-server1");
                    if (this.server1 == null) {
                        this.server1 = "localhost";
                        debug.error("Error: primary server attribute misconfigured using localhost");
                    }
                    this.server2 = Misc.getServerMapAttr(map2, "iplanet-am-auth-radius-server2");
                    if (this.server1 == null) {
                        this.server1 = "localhost";
                        debug.error("Error: primary server attribute misconfigured using localhost");
                    }
                    this.sharedSecret = Misc.getMapAttr(map2, "iplanet-am-auth-radius-secret");
                    String mapAttr = Misc.getMapAttr(map2, "iplanet-am-auth-radius-server-port", DEFAULT_SERVER_PORT);
                    this.iServerPort = Integer.parseInt(mapAttr);
                    String mapAttr2 = Misc.getMapAttr(map2, "iplanet-am-auth-radius-timeout", "5");
                    this.iTimeOut = Integer.parseInt(mapAttr2);
                    String mapAttr3 = Misc.getMapAttr(map2, "iplanet-am-auth-radius-auth-level");
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("server1: ").append(this.server1).append(" server2: ").append(this.server2).append(" serverPort: ").append(mapAttr).append(" timeOut: ").append(mapAttr2).append(" authLevel: ").append(mapAttr3).toString());
                    }
                    if (this.sharedSecret == null || this.sharedSecret.equals("")) {
                        debug.error("RADIUS initialization failure; no Shared Secret");
                    }
                } catch (Exception e) {
                    debug.error("RADIUS parameters initialization failure", e);
                }
            } else {
                debug.error("options not initialized");
            }
        } catch (Exception e2) {
            debug.error("RADIUS init Error....", e2);
        }
    }

    private void setDynamicText(int i) throws AuthLoginException {
        Callback[] callback = getCallback(i);
        String prompt = ((PasswordCallback) callback[0]).getPrompt();
        boolean isEchoOn = ((PasswordCallback) callback[0]).isEchoOn();
        if (this.challengeID != null) {
            prompt = new StringBuffer().append(prompt).append("[").append(this.challengeID).append("]: ").toString();
        }
        callback[0] = new PasswordCallback(prompt, isEchoOn);
        replaceCallback(i, 0, callback[0]);
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public int process(Callback[] callbackArr, int i) throws AuthLoginException {
        String charToString;
        String str = null;
        switch (i) {
            case 1:
                try {
                    this._radiusConn = new RadiusConn(this.server1, this.server2, this.iServerPort, this.sharedSecret, this.iTimeOut);
                    if (callbackArr == null || callbackArr.length != 0) {
                        str = ((NameCallback) callbackArr[0]).getName();
                        charToString = charToString(((PasswordCallback) callbackArr[1]).getPassword(), callbackArr[1]);
                        if (debug.messageEnabled()) {
                            debug.message(new StringBuffer().append("username: ").append(str).toString());
                        }
                    } else {
                        str = (String) this.sharedState.get(getUserKey());
                        charToString = (String) this.sharedState.get(getPwdKey());
                        if (str == null || charToString == null) {
                            return 1;
                        }
                        this.getCredentialsFromSharedState = true;
                    }
                    storeUsernamePasswd(str, charToString);
                    try {
                        this.succeeded = false;
                        this._radiusConn.authenticate(str, charToString);
                        this.succeeded = true;
                        break;
                    } catch (ChallengeException e) {
                        if (this.getCredentialsFromSharedState) {
                            this.getCredentialsFromSharedState = false;
                            return 1;
                        }
                        if (e.getState() == null) {
                            debug.error("Radius failure - no state returned in challenge");
                            shutdown();
                            setFailureID(str);
                            throw new AuthLoginException(amAuthRadius, "RadiusAuth", null);
                        }
                        this.challengeID = e.getReplyMessage();
                        if (debug.messageEnabled()) {
                            debug.message(new StringBuffer().append("Server challenge with challengeID: ").append(this.challengeID).toString());
                        }
                        setDynamicText(2);
                        return 2;
                    } catch (RejectException e2) {
                        if (this.getCredentialsFromSharedState) {
                            this.getCredentialsFromSharedState = false;
                            return 1;
                        }
                        debug.message("Radius login request rejected", e2);
                        shutdown();
                        setFailureID(str);
                        throw new InvalidPasswordException(amAuthRadius, "RadiusLoginFailed", null, str, e2);
                    } catch (IOException e3) {
                        if (this.getCredentialsFromSharedState) {
                            this.getCredentialsFromSharedState = false;
                            return 1;
                        }
                        debug.error("Radius request IOException", e3);
                        shutdown();
                        setFailureID(str);
                        throw new AuthLoginException(amAuthRadius, "RadiusLoginFailed", null);
                    } catch (NoSuchAlgorithmException e4) {
                        if (this.getCredentialsFromSharedState) {
                            this.getCredentialsFromSharedState = false;
                            return 1;
                        }
                        debug.error("Radius No Such Algorithm Exception", e4);
                        shutdown();
                        setFailureID(str);
                        throw new AuthLoginException(amAuthRadius, "RadiusLoginFailed", null);
                    } catch (Exception e5) {
                        if (this.getCredentialsFromSharedState) {
                            this.getCredentialsFromSharedState = false;
                            return 1;
                        }
                        shutdown();
                        setFailureID(str);
                        throw new AuthLoginException(amAuthRadius, "RadiusLoginFailed", null, e5);
                    }
                } catch (SocketException e6) {
                    debug.error("RADIUS login failure; Socket Exception se == ", e6);
                    shutdown();
                    throw new AuthLoginException(amAuthRadius, "RadiusNoServer", null);
                } catch (Exception e7) {
                    debug.error("RADIUS login failure; Can't connect to RADIUS server", e7);
                    shutdown();
                    throw new AuthLoginException(amAuthRadius, "RadiusNoServer", null);
                }
                break;
            case 2:
                String challengePassword = getChallengePassword(callbackArr);
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("reply to challenge--username: ").append((String) null).toString());
                }
                try {
                    this.succeeded = false;
                    this._radiusConn.replyChallenge((String) null, challengePassword, (ChallengeException) null);
                    this.succeeded = true;
                    break;
                } catch (ChallengeException e8) {
                    if (e8.getState() == null) {
                        debug.error("handle Challenge failure - no state returned");
                        shutdown();
                        setFailureID(null);
                        throw new AuthLoginException(amAuthRadius, "RadiusLoginFailed", null);
                    }
                    resetCallback(2, 1);
                    this.challengeID = e8.getReplyMessage();
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("Server challenge again with challengeID: ").append(this.challengeID).toString());
                    }
                    setDynamicText(2);
                    return 2;
                } catch (RejectException e9) {
                    debug.error("Radius challenge response rejected", e9);
                    shutdown();
                    setFailureID(null);
                    throw new InvalidPasswordException(amAuthRadius, "RadiusLoginFailed", null, null, e9);
                } catch (IOException e10) {
                    debug.error("Radius challenge IOException", e10);
                    shutdown();
                    setFailureID(null);
                    throw new AuthLoginException(amAuthRadius, "RadiusLoginFailed", null);
                } catch (NoSuchAlgorithmException e11) {
                    debug.error("Radius No Such Algorithm Exception", e11);
                    shutdown();
                    setFailureID(null);
                    throw new AuthLoginException(amAuthRadius, "RadiusLoginFailed", null);
                } catch (Exception e12) {
                    debug.error("RADIUS challenge Authentication Failed ", e12);
                    shutdown();
                    setFailureID(null);
                    throw new AuthLoginException(amAuthRadius, "RadiusLoginFailed", null);
                }
            default:
                debug.error(new StringBuffer().append("RADIUS Authentication Failed - invalid state").append(i).toString());
                shutdown();
                this.succeeded = false;
                setFailureID(null);
                throw new AuthLoginException(amAuthRadius, "RadiusLoginFailed", null);
        }
        if (!this.succeeded) {
            if (!debug.messageEnabled()) {
                return 0;
            }
            debug.message("RADIUS authentication to be ignored");
            return 0;
        }
        if (debug.messageEnabled()) {
            debug.message("RADIUS authentication successful");
        }
        if (str != null) {
            this.userTokenId = new StringTokenizer(str, ",").nextToken();
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("userTokenID: ").append(this.userTokenId).toString());
        }
        shutdown();
        return -1;
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public Principal getPrincipal() {
        if (this.userPrincipal != null) {
            return this.userPrincipal;
        }
        if (this.userTokenId == null) {
            return null;
        }
        this.userPrincipal = new RADIUSPrincipal(this.userTokenId);
        return this.userPrincipal;
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public void destroyModuleState() {
        this.userTokenId = null;
        this.userPrincipal = null;
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public void nullifyUsedVars() {
        this.sharedState = null;
        this.challengeID = null;
        this.bundle = null;
        this.server1 = null;
        this.server2 = null;
        this.sharedSecret = null;
    }

    private String getChallengePassword(Callback[] callbackArr) throws AuthLoginException {
        char[] password = ((PasswordCallback) callbackArr[0]).getPassword();
        if (password == null) {
            password = new char[0];
        }
        char[] cArr = new char[password.length];
        System.arraycopy(password, 0, cArr, 0, password.length);
        ((PasswordCallback) callbackArr[0]).clearPassword();
        return new String(cArr);
    }

    private String charToString(char[] cArr, Callback callback) {
        if (cArr == null) {
            cArr = new char[0];
        }
        char[] cArr2 = new char[cArr.length];
        System.arraycopy(cArr, 0, cArr2, 0, cArr.length);
        ((PasswordCallback) callback).clearPassword();
        return new String(cArr2);
    }

    public void shutdown() {
        try {
            this._radiusConn.disconnect();
        } catch (IOException e) {
        }
        this._radiusConn = null;
    }

    static {
        debug = null;
        if (debug == null) {
            debug = Debug.getInstance(amAuthRadius);
        }
    }
}
