package oracle.net.ano;

import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.function.Function;
import oracle.jdbc.OracleConnection;
import oracle.jdbc.internal.OpaqueString;
import oracle.net.aso.Radius;
import oracle.net.ns.ClientProfile;
import oracle.net.ns.NetException;
import oracle.net.ns.SessionAtts;
import oracle.net.nt.NTAdapter;
import org.apache.logging.log4j.util.ProcessIdUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/ojdbc8-23.7.0.25.01.jar:oracle/net/ano/RadiusAuthenticationService.class */
public class RadiusAuthenticationService {
    private static final byte NAURA_ACCESS_REQUEST = 1;
    private static final byte NAURA_ACCESS_ACCEPT = 2;
    private static final byte NAURA_ACCESS_REJECT = 3;
    private static final byte NAURA_ACCESS_CHALLENGE = 11;
    private static final Charset TARGET_CHARSET = StandardCharsets.UTF_8;
    private static final int HEADER_LENGTH = 21;
    private final SessionAtts session;
    private final AnoComm anoComm;
    private final Ano ano;
    private ClientProfile profile;
    private final AuthenticationService authService;
    private final Function<byte[], byte[]> authHandler = getRadiusChallegeResponseHandler();
    private boolean isTCPS;
    private final String username;
    private final OpaqueString password;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RadiusAuthenticationService(SessionAtts sessionAtts, AuthenticationService authenticationService) throws NetException {
        this.session = sessionAtts;
        this.anoComm = sessionAtts.ano.anoComm;
        this.ano = sessionAtts.ano;
        this.profile = sessionAtts.profile;
        this.authService = authenticationService;
        this.isTCPS = sessionAtts.getNTAdapter().getNetworkAdapterType().equals(NTAdapter.NetworkAdapterType.TCPS);
        this.username = sessionAtts.profile.getProperty(AnoServices.AUTHENTICATION_PROPERTY_RADIUS_USER);
        this.password = (OpaqueString) sessionAtts.profile.get(AnoServices.AUTHENTICATION_PROPERTY_RADIUS_PWD);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void handleRadiusAuthentication() throws NetException, IOException {
        if (this.authHandler != null) {
            handleCR();
        } else {
            this.anoComm.readUB2();
            this.anoComm.readUB2();
        }
    }

    private void handleCR() throws NetException, IOException {
        if (negotiateCRMode()) {
            if (this.username == null || this.password == null) {
                throw new NetException(NetException.AUTHENTICATION_STATUS_FAILURE, "RADIUS authentication failed. Username or Password is null.");
            }
            authChallengeReponse(authUserPassword());
            this.ano.setTwoFactorAuthenticationComplete(true);
        }
    }

    private boolean negotiateCRMode() throws NetException, IOException {
        short receiveUB1 = this.ano.anoComm.receiveUB1();
        this.ano.sendANOHeader(26, 1, (short) 0);
        this.authService.sendHeader(1);
        this.ano.anoComm.sendUB1(receiveUB1);
        this.ano.receiveANOHeader();
        receiveHeader();
        this.ano.anoComm.receiveRaw();
        return receiveUB1 == 1;
    }

    private byte[] authUserPassword() throws NetException, IOException {
        byte[] bytes = this.username.getBytes(TARGET_CHARSET);
        byte[] bytes2 = this.password.get().getBytes(TARGET_CHARSET);
        if (!this.isTCPS) {
            bytes2 = obfuscatePassword(bytes2);
        }
        byte[] bArr = new byte[2 + bytes.length + bytes2.length];
        bArr[0] = (byte) bytes.length;
        System.arraycopy(bytes, 0, bArr, 1, bytes.length);
        bArr[bytes.length + 1] = (byte) bytes2.length;
        System.arraycopy(bytes2, 0, bArr, bytes.length + 2, bytes2.length);
        this.ano.sendANOHeader(25 + bArr.length, 1, (short) 0);
        this.authService.sendHeader(1);
        this.ano.anoComm.sendRaw(bArr);
        this.ano.anoComm.flush();
        this.ano.receiveANOHeader();
        receiveHeader();
        byte[] receiveRaw = this.ano.anoComm.receiveRaw();
        verifyResponse(receiveRaw, 11);
        return Arrays.copyOfRange(receiveRaw, 1, receiveRaw.length);
    }

    private void authChallengeReponse(byte[] bArr) throws NetException, IOException {
        byte[] bytes = this.username.getBytes(TARGET_CHARSET);
        byte[] apply = this.authHandler.apply(bArr);
        if (!this.isTCPS) {
            apply = obfuscatePassword(apply);
        }
        byte[] bArr2 = new byte[2 + bytes.length + apply.length];
        bArr2[0] = (byte) bytes.length;
        System.arraycopy(bytes, 0, bArr2, 1, bytes.length);
        bArr2[bytes.length + 1] = (byte) apply.length;
        System.arraycopy(apply, 0, bArr2, bytes.length + 2, apply.length);
        this.ano.sendANOHeader(25 + bArr2.length, 1, (short) 0);
        this.authService.sendHeader(1);
        this.ano.anoComm.sendRaw(bArr2);
        this.ano.anoComm.flush();
        this.ano.receiveANOHeader();
        receiveHeader();
        verifyResponse(this.ano.anoComm.receiveRaw(), 2);
    }

    private void verifyResponse(byte[] bArr, int i) throws NetException {
        byte b = bArr[0];
        String str = bArr.length > 1 ? new String(bArr, 1, bArr.length - 1, TARGET_CHARSET) : null;
        if (b != i) {
            if (str == null || str.isEmpty()) {
                str = ProcessIdUtil.DEFAULT_PROCESSID + (b == 3 ? " Access-Reject " : " ") + "error during RADIUS exchange (Error Status = " + ((int) b) + ")";
            }
            throw new NetException(NetException.AUTHENTICATION_STATUS_FAILURE, str);
        }
    }

    private Function<byte[], byte[]> getRadiusChallegeResponseHandler() throws NetException {
        Object obj = this.profile.get(OracleConnection.CONNECTION_PROPERTY_THIN_NET_RADIUS_CHALLENGE_RESPONSE_HANDLER);
        if (obj == null) {
            return null;
        }
        if (!(obj instanceof String)) {
            if (obj instanceof Function) {
                return (Function) obj;
            }
            throw new NetException(NetException.AUTHENTICATION_STATUS_FAILURE, "Unable to initialize Radius Authentication Handler. Invalid Type " + obj.getClass());
        }
        try {
            return (Function) Class.forName((String) obj).newInstance();
        } catch (Exception e) {
            NetException netException = new NetException(NetException.AUTHENTICATION_STATUS_FAILURE, "Unable to initialize Radius Authentication Handler " + obj);
            netException.initCause(e);
            throw netException;
        }
    }

    private void receiveHeader() throws NetException, IOException {
        int[] receiveHeader = Service.receiveHeader(this.ano.anoComm);
        if (receiveHeader[2] != 0) {
            throw new NetException(receiveHeader[2]);
        }
    }

    private byte[] obfuscatePassword(byte[] bArr) {
        int i;
        int i2;
        byte[] obfuscatePassword = Radius.obfuscatePassword(bArr);
        byte[] bArr2 = new byte[obfuscatePassword.length * 2];
        for (int i3 = 0; i3 < obfuscatePassword.length; i3++) {
            byte b = (byte) ((obfuscatePassword[i3] & 240) >> 4);
            byte b2 = (byte) (obfuscatePassword[i3] & 15);
            bArr2[i3 * 2] = (byte) (b < 10 ? b + 48 : (b - 10) + 97);
            int i4 = (i3 * 2) + 1;
            if (b2 < 10) {
                i = b2;
                i2 = 48;
            } else {
                i = b2 - 10;
                i2 = 97;
            }
            bArr2[i4] = (byte) (i + i2);
        }
        return bArr2;
    }
}
