package net.sf.jradius.client.auth;

import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import net.sf.jradius.client.RadiusClient;
import net.sf.jradius.exception.RadiusException;
import net.sf.jradius.packet.RadiusPacket;

/* loaded from: input_file:net/sf/jradius/client/auth/EAPTLSAuthenticator.class */
public class EAPTLSAuthenticator extends EAPAuthenticator {
    public static final String NAME = "eap-tls";
    private SSLContext r;
    private SSLEngine i;
    private SSLSession v;
    private ByteBuffer q;
    private ByteBuffer g;
    private ByteBuffer s;
    private ByteBuffer m;
    private String l;
    private String n;
    private String t;
    private String p;
    private String f;
    private String o;
    protected static final byte TLS_START = 32;
    protected static final byte TLS_MORE_FRAGMENTS = 64;
    protected static final byte TLS_HAS_LENGTH = Byte.MIN_VALUE;
    private ByteArrayOutputStream j = new ByteArrayOutputStream();
    private ByteArrayOutputStream k = new ByteArrayOutputStream();
    private ByteArrayOutputStream u = new ByteArrayOutputStream();
    private Boolean h = Boolean.FALSE;
    protected int None = 0;
    protected int Handshaking = 1;
    protected int Finished = 2;
    private int e = this.None;
    protected byte[] eapFragmentedReply = null;
    protected int eapFragmentedOffset = 0;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/sf/jradius/client/auth/EAPTLSAuthenticator$_b.class */
    public class _b implements X509TrustManager {
        private _b() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public EAPTLSAuthenticator() {
        setEAPType(13);
        this.l = "pkcs12";
        this.t = "";
        this.p = "pkcs12";
        this.o = "";
    }

    @Override // net.sf.jradius.client.auth.RadiusAuthenticator
    public void setupRequest(RadiusClient radiusClient, RadiusPacket radiusPacket) throws RadiusException {
        super.setupRequest(radiusClient, radiusPacket);
        init();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void init() throws RadiusException {
        try {
            KeyManager[] keyManagerArr = null;
            TrustManager[] trustManagerArr = null;
            if (getKeyFile() != null) {
                KeyStore keyStore = KeyStore.getInstance(getKeyFileType());
                keyStore.load(new FileInputStream(getKeyFile()), getKeyPassword().toCharArray());
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                keyManagerFactory.init(keyStore, getKeyPassword().toCharArray());
                keyManagerArr = keyManagerFactory.getKeyManagers();
            }
            if (getCaFile() != null) {
                KeyStore keyStore2 = KeyStore.getInstance(getCaFileType());
                keyStore2.load(new FileInputStream(getCaFile()), getCaPassword().toCharArray());
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } else if (getTrustAll().booleanValue()) {
                trustManagerArr = new TrustManager[]{new _b()};
            }
            this.r = SSLContext.getInstance("TLS");
            this.r.init(keyManagerArr, trustManagerArr, null);
            this.i = this.r.createSSLEngine();
            this.i.setEnableSessionCreation(true);
            this.i.setUseClientMode(true);
            this.i.setWantClientAuth(true);
            this.i.setNeedClientAuth(true);
            this.i.setEnabledProtocols(new String[]{"TLSv1"});
            this.i.setEnabledCipherSuites(new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"});
            this.v = this.i.getSession();
            this.q = ByteBuffer.allocate(this.v.getApplicationBufferSize());
            this.g = ByteBuffer.allocate(this.v.getApplicationBufferSize());
            this.s = ByteBuffer.allocate(this.v.getPacketBufferSize());
            this.m = ByteBuffer.allocate(this.v.getPacketBufferSize());
        } catch (Exception e) {
            throw new RadiusException(e);
        }
    }

    @Override // net.sf.jradius.client.auth.RadiusAuthenticator
    public String getAuthName() {
        return NAME;
    }

    /* JADX WARN: Code restructure failed: missing block: B:58:0x004e, code lost:
    
        r5.e = r5.Finished;
     */
    /* JADX WARN: Code restructure failed: missing block: B:59:0x005a, code lost:
    
        return r5.e;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected int tlsHandshake() throws javax.net.ssl.SSLException {
        /*
            Method dump skipped, instructions count: 300
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: net.sf.jradius.client.auth.EAPTLSAuthenticator.tlsHandshake():int");
    }

    protected void updatePacketBuffer(byte[] bArr) {
        try {
            if (this.e == this.Finished) {
                this.j.write(bArr);
            } else {
                putPacketBuffer(bArr);
            }
        } catch (IOException e) {
        }
    }

    protected void putPacketBuffer(byte[] bArr) throws SSLException {
        int capacity = this.s.capacity();
        int length = bArr.length;
        int i = 0;
        while (true) {
            int i2 = i;
            if (length <= 0) {
                return;
            }
            if (length < capacity) {
                capacity = length;
            }
            length -= capacity;
            this.s.put(bArr, i2, capacity);
            if (this.e == this.Finished) {
                this.s.flip();
                SSLEngineResult sSLEngineResult = null;
                while (true) {
                    if ((sSLEngineResult == null || sSLEngineResult.getStatus() == SSLEngineResult.Status.OK) && this.s.hasRemaining()) {
                        sSLEngineResult = this.i.unwrap(this.s, this.q);
                        if (sSLEngineResult.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                            while (true) {
                                Runnable delegatedTask = this.i.getDelegatedTask();
                                if (delegatedTask == null) {
                                    break;
                                } else {
                                    delegatedTask.run();
                                }
                            }
                        }
                        this.q.flip();
                        if (this.q.hasRemaining()) {
                            this.u.write(this.q.array(), this.q.arrayOffset(), this.q.remaining());
                        }
                        this.q.clear();
                    }
                }
                this.s.clear();
            }
            i = i2 + capacity;
        }
    }

    protected byte[] getPacketInputBuffer() {
        byte[] byteArray = this.j.toByteArray();
        this.j = new ByteArrayOutputStream();
        return byteArray;
    }

    protected byte[] getPacketOutputBuffer() {
        this.m.flip();
        if (this.m.hasRemaining()) {
            this.k.write(this.m.array(), this.m.arrayOffset(), this.m.remaining());
        }
        this.m.clear();
        byte[] byteArray = this.k.toByteArray();
        this.k = new ByteArrayOutputStream();
        return byteArray;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void putAppBuffer(byte[] bArr) throws SSLException {
        int capacity = this.g.capacity();
        int length = bArr.length;
        int i = 0;
        while (true) {
            int i2 = i;
            if (length <= 0) {
                return;
            }
            if (length < capacity) {
                capacity = length;
            }
            length -= capacity;
            this.g.clear();
            this.g.put(bArr, i2, capacity);
            this.g.flip();
            while (this.g.hasRemaining()) {
                if (this.i.wrap(this.g, this.m).getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                    while (true) {
                        Runnable delegatedTask = this.i.getDelegatedTask();
                        if (delegatedTask == null) {
                            break;
                        } else {
                            delegatedTask.run();
                        }
                    }
                }
                if (this.e == this.Finished) {
                    this.m.flip();
                    if (this.m.hasRemaining()) {
                        this.k.write(this.m.array(), this.m.arrayOffset(), this.m.remaining());
                    }
                    this.m.clear();
                }
            }
            this.s.clear();
            i = i2 + capacity;
        }
    }

    protected byte[] getAppBuffer() throws SSLException {
        byte[] byteArray = this.u.toByteArray();
        this.u = new ByteArrayOutputStream();
        return byteArray;
    }

    @Override // net.sf.jradius.client.auth.EAPAuthenticator
    public byte[] doEAPType(byte b, byte[] bArr) throws RadiusException {
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        byte b2 = wrap.get();
        try {
            if ((b2 & TLS_HAS_LENGTH) != 0) {
                wrap.getInt();
            }
            if (wrap.hasRemaining()) {
                byte[] bArr2 = new byte[wrap.remaining()];
                wrap.get(bArr2, 0, bArr2.length);
                updatePacketBuffer(bArr2);
            } else if (this.eapFragmentedReply != null) {
                return nextFragment();
            }
            if ((b2 & 64) != 0) {
                return tlsResponse((byte) 0, null);
            }
            if (tlsHandshake() == this.Finished) {
                try {
                    doTunnelAuthentication(b, getAppBuffer());
                } catch (Throwable th) {
                    th.printStackTrace();
                }
            }
            byte[] packetInputBuffer = getPacketInputBuffer();
            if (packetInputBuffer != null && packetInputBuffer.length > 0) {
                putPacketBuffer(packetInputBuffer);
            }
            byte[] packetOutputBuffer = getPacketOutputBuffer();
            if (packetOutputBuffer == null || packetOutputBuffer.length <= 1024) {
                return tlsResponse((byte) 0, packetOutputBuffer);
            }
            this.eapFragmentedReply = packetOutputBuffer;
            return nextFragment();
        } catch (SSLException e) {
            throw new RadiusException(e);
        }
    }

    protected byte[] nextFragment() {
        int length = this.eapFragmentedReply.length - this.eapFragmentedOffset;
        byte b = 0;
        if (length > 1024) {
            length = 1024;
            b = (byte) (0 | 64);
        }
        byte[] bArr = new byte[length];
        System.arraycopy(this.eapFragmentedReply, this.eapFragmentedOffset, bArr, 0, bArr.length);
        this.eapFragmentedOffset += bArr.length;
        if (this.eapFragmentedReply.length == this.eapFragmentedOffset) {
            this.eapFragmentedReply = null;
            this.eapFragmentedOffset = 0;
        }
        return tlsResponse(b, bArr);
    }

    protected byte[] tlsResponse(byte b, byte[] bArr) {
        int i = 1;
        if (bArr != null && bArr.length > 0) {
            i = 1 + bArr.length + 4;
            b = (byte) (b | TLS_HAS_LENGTH);
        }
        byte[] bArr2 = new byte[i];
        bArr2[0] = b;
        if (bArr != null && bArr.length > 0) {
            int i2 = i - 1;
            bArr2[1] = (byte) ((i2 >> 24) & 255);
            bArr2[2] = (byte) ((i2 >> 16) & 255);
            bArr2[3] = (byte) ((i2 >> 8) & 255);
            bArr2[4] = (byte) (i2 & 255);
            System.arraycopy(bArr, 0, bArr2, 5, bArr.length);
        }
        return bArr2;
    }

    protected void doTunnelAuthentication(byte b, byte[] bArr) throws Throwable {
    }

    public String getCaFile() {
        return this.f;
    }

    public void setCaFile(String str) {
        this.f = str;
    }

    public String getCaFileType() {
        return this.p;
    }

    public void setCaFileType(String str) {
        this.p = str;
    }

    public String getKeyFile() {
        return this.n;
    }

    public void setKeyFile(String str) {
        this.n = str;
    }

    public String getKeyFileType() {
        return this.l;
    }

    public void setKeyFileType(String str) {
        this.l = str;
    }

    public String getKeyPassword() {
        return this.t;
    }

    public void setKeyPassword(String str) {
        this.t = str;
    }

    public String getCaPassword() {
        return this.o;
    }

    public void setCaPassword(String str) {
        this.o = str;
    }

    public Boolean getTrustAll() {
        return this.h;
    }

    public void setTrustAll(Boolean bool) {
        this.h = bool;
    }
}
