package org.forgerock.openam.radius.server;

import com.sun.identity.shared.debug.Debug;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import java.nio.channels.DatagramChannel;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.forgerock.openam.radius.common.AccessAccept;
import org.forgerock.openam.radius.common.AccessChallenge;
import org.forgerock.openam.radius.common.AccessReject;
import org.forgerock.openam.radius.common.AccessRequest;
import org.forgerock.openam.radius.common.AttributeSet;
import org.forgerock.openam.radius.common.Authenticator;
import org.forgerock.openam.radius.common.Packet;
import org.forgerock.openam.radius.common.ResponseAuthenticator;
import org.forgerock.openam.radius.server.config.ClientConfig;
import org.forgerock.openam.radius.server.config.RadiusServerConstants;

/* loaded from: input_file:org/forgerock/openam/radius/server/RadiusRequestContext.class */
public class RadiusRequestContext {
    private static final Debug LOG = Debug.getInstance(RadiusServerConstants.RADIUS_SERVER_LOGGER);
    private final ClientConfig clientConfig;
    private final DatagramChannel channel;
    private final InetSocketAddress source;
    private volatile boolean sendWasCalled;
    private Authenticator requestAuthenticator;
    private short requestId;

    public RadiusRequestContext(ClientConfig clientConfig, DatagramChannel datagramChannel, InetSocketAddress inetSocketAddress) {
        this.channel = datagramChannel;
        this.source = inetSocketAddress;
        this.clientConfig = clientConfig;
    }

    public void logPacketContent(Packet packet, String str) {
        LOG.warning(str + "\n" + getPacketRepresentation(packet));
    }

    public static String getPacketRepresentation(Packet packet) {
        StringWriter stringWriter = new StringWriter();
        PrintWriter printWriter = new PrintWriter(stringWriter);
        Class<?> cls = packet.getClass();
        printWriter.println("  " + (cls == AccessRequest.class ? "ACCESS_REQUEST" : cls == AccessReject.class ? "ACCESS_REJECT" : cls == AccessAccept.class ? "ACCESS_ACCEPT" : cls == AccessChallenge.class ? "ACCESS_CHALLENGE" : packet.getClass().getSimpleName()) + " [" + ((int) packet.getIdentifier()) + "]");
        AttributeSet attributeSet = packet.getAttributeSet();
        for (int i = 0; i < attributeSet.size(); i++) {
            printWriter.println("    - " + attributeSet.getAttributeAt(i));
        }
        printWriter.flush();
        return stringWriter.toString();
    }

    public void send(Packet packet) throws RadiusProcessingException {
        if (this.sendWasCalled) {
            LOG.warning("Handler class '" + this.clientConfig.getAccessRequestHandlerClass().getSimpleName() + "' declared for client " + this.clientConfig.getName() + " called send more than once.");
            return;
        }
        this.sendWasCalled = true;
        if (packet == null) {
            LOG.error("Handler class '" + this.clientConfig.getAccessRequestHandlerClass().getSimpleName() + "' declared for client " + this.clientConfig.getName() + " attempted to send a null response. Rejecting access.");
            send(new AccessReject());
            return;
        }
        packet.setIdentifier(this.requestId);
        injectResponseAuthenticator(packet);
        if (this.clientConfig.isLogPackets()) {
            logPacketContent(packet, "\nPacket to " + this.clientConfig.getName() + ":");
        }
        ByteBuffer wrap = ByteBuffer.wrap(packet.getOctets());
        try {
            LOG.message("Sending response of type " + packet.getType() + " to " + this.clientConfig.getName());
            this.channel.send(wrap, this.source);
        } catch (IOException e) {
            LOG.error("Unable to send response to " + this.clientConfig.getName() + ".", e);
        }
    }

    private void injectResponseAuthenticator(Packet packet) throws RadiusProcessingException {
        packet.setAuthenticator(this.requestAuthenticator);
        byte[] octets = packet.getOctets();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(octets);
            messageDigest.update(this.clientConfig.getSecret().getBytes("UTF-8"));
            packet.setAuthenticator(new ResponseAuthenticator(messageDigest.digest()));
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
            throw new RadiusProcessingException(RadiusProcessingExceptionNature.CATASTROPHIC, "Failed to send Radius Response.", new IOException("Failed to add response authentication to RADIUS response.", e));
        }
    }

    public boolean isSendWasCalled() {
        return this.sendWasCalled;
    }

    public void setSendWasCalled(boolean z) {
        this.sendWasCalled = z;
    }

    public Authenticator getRequestAuthenticator() {
        return this.requestAuthenticator;
    }

    public void setRequestAuthenticator(Authenticator authenticator) {
        this.requestAuthenticator = authenticator;
    }

    public String getRequestId() {
        return Short.toString(this.requestId);
    }

    public void setRequestId(short s) {
        this.requestId = s;
    }

    public ClientConfig getClientConfig() {
        return this.clientConfig;
    }

    public DatagramChannel getChannel() {
        return this.channel;
    }

    public InetSocketAddress getSource() {
        return this.source;
    }

    public String getClientName() {
        return getClientConfig().getName();
    }

    public String getClientSecret() {
        return getClientConfig().getSecret();
    }
}
