package org.onosproject.aaa;

import com.google.common.util.concurrent.ThreadFactoryBuilder;
import java.io.IOException;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.onlab.packet.DeserializationException;
import org.onlab.packet.EAP;
import org.onlab.packet.EAPOL;
import org.onlab.packet.EthType;
import org.onlab.packet.Ethernet;
import org.onlab.packet.MacAddress;
import org.onlab.packet.RADIUS;
import org.onlab.packet.RADIUSAttribute;
import org.onosproject.core.ApplicationId;
import org.onosproject.core.CoreService;
import org.onosproject.net.ConnectPoint;
import org.onosproject.net.config.ConfigFactory;
import org.onosproject.net.config.NetworkConfigEvent;
import org.onosproject.net.config.NetworkConfigListener;
import org.onosproject.net.config.NetworkConfigRegistry;
import org.onosproject.net.config.basics.SubjectFactories;
import org.onosproject.net.flow.DefaultTrafficSelector;
import org.onosproject.net.flow.DefaultTrafficTreatment;
import org.onosproject.net.flow.TrafficSelector;
import org.onosproject.net.packet.DefaultOutboundPacket;
import org.onosproject.net.packet.InboundPacket;
import org.onosproject.net.packet.PacketContext;
import org.onosproject.net.packet.PacketPriority;
import org.onosproject.net.packet.PacketProcessor;
import org.onosproject.net.packet.PacketService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(immediate = true)
/* loaded from: input_file:org/onosproject/aaa/AaaManager.class */
public class AaaManager {

    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
    protected CoreService coreService;

    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
    protected PacketService packetService;

    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
    protected NetworkConfigRegistry netCfgService;
    protected InetAddress radiusIpAddress;
    protected String radiusMacAddress;
    protected InetAddress nasIpAddress;
    protected String nasMacAddress;
    protected String radiusSecret;
    protected String radiusSwitch;
    protected long radiusPort;
    protected short radiusServerPort;
    private ApplicationId appId;
    private DatagramSocket radiusSocket;
    private ExecutorService executor;
    private final Logger log = LoggerFactory.getLogger(getClass());
    private ReactivePacketProcessor processor = new ReactivePacketProcessor();
    private final ConfigFactory factory = new ConfigFactory<ApplicationId, AaaConfig>(SubjectFactories.APP_SUBJECT_FACTORY, AaaConfig.class, "AAA") { // from class: org.onosproject.aaa.AaaManager.1
        /* renamed from: createConfig, reason: merged with bridge method [inline-methods] */
        public AaaConfig m0createConfig() {
            return new AaaConfig();
        }
    };
    private final InternalConfigListener cfgListener = new InternalConfigListener();
    RadiusListener radiusListener = new RadiusListener();

    /* renamed from: org.onosproject.aaa.AaaManager$2, reason: invalid class name */
    /* loaded from: input_file:org/onosproject/aaa/AaaManager$2.class */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$onlab$packet$EthType$EtherType = new int[EthType.EtherType.values().length];

        static {
            try {
                $SwitchMap$org$onlab$packet$EthType$EtherType[EthType.EtherType.EAPOL.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
        }
    }

    /* loaded from: input_file:org/onosproject/aaa/AaaManager$InternalConfigListener.class */
    private class InternalConfigListener implements NetworkConfigListener {
        private InternalConfigListener() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void reconfigureNetwork(AaaConfig aaaConfig) {
            AaaConfig aaaConfig2 = aaaConfig == null ? new AaaConfig() : aaaConfig;
            if (aaaConfig2.nasIp() != null) {
                AaaManager.this.nasIpAddress = aaaConfig2.nasIp();
            }
            if (aaaConfig2.radiusIp() != null) {
                AaaManager.this.radiusIpAddress = aaaConfig2.radiusIp();
            }
            if (aaaConfig2.radiusMac() != null) {
                AaaManager.this.radiusMacAddress = aaaConfig2.radiusMac();
            }
            if (aaaConfig2.nasMac() != null) {
                AaaManager.this.nasMacAddress = aaaConfig2.nasMac();
            }
            if (aaaConfig2.radiusSecret() != null) {
                AaaManager.this.radiusSecret = aaaConfig2.radiusSecret();
            }
            if (aaaConfig2.radiusSwitch() != null) {
                AaaManager.this.radiusSwitch = aaaConfig2.radiusSwitch();
            }
            if (aaaConfig2.radiusPort() != -1) {
                AaaManager.this.radiusPort = aaaConfig2.radiusPort();
            }
            if (aaaConfig2.radiusServerUdpPort() != -1) {
                AaaManager.this.radiusServerPort = aaaConfig2.radiusServerUdpPort();
            }
        }

        public void event(NetworkConfigEvent networkConfigEvent) {
            if ((networkConfigEvent.type() == NetworkConfigEvent.Type.CONFIG_ADDED || networkConfigEvent.type() == NetworkConfigEvent.Type.CONFIG_UPDATED) && networkConfigEvent.configClass().equals(AaaConfig.class)) {
                reconfigureNetwork((AaaConfig) AaaManager.this.netCfgService.getConfig(AaaManager.this.appId, AaaConfig.class));
                AaaManager.this.radiusSocket.close();
                AaaManager.this.executor.shutdownNow();
                AaaManager.this.initializeLocalState();
                AaaManager.this.log.info("Reconfigured");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/onosproject/aaa/AaaManager$RadiusListener.class */
    public class RadiusListener implements Runnable {
        RadiusListener() {
        }

        protected void handleRadiusPacket(RADIUS radius) throws StateMachineException {
            StateMachine lookupStateMachineById = StateMachine.lookupStateMachineById(radius.getIdentifier());
            if (lookupStateMachineById == null) {
                AaaManager.this.log.error("Invalid session identifier, exiting...");
                return;
            }
            switch (radius.getCode()) {
                case 2:
                    byte[] value = radius.getAttribute((byte) 79).getValue();
                    AaaManager.this.sendPacketToSupplicant(AaaManager.buildEapolResponse(lookupStateMachineById.supplicantAddress(), MacAddress.valueOf(AaaManager.this.nasMacAddress), lookupStateMachineById.vlanId(), (byte) 0, new EAP().deserialize(value, 0, value.length)), lookupStateMachineById.supplicantConnectpoint());
                    lookupStateMachineById.authorizeAccess();
                    return;
                case 3:
                    lookupStateMachineById.denyAccess();
                    return;
                case 11:
                    RADIUSAttribute attribute = radius.getAttribute((byte) 24);
                    byte[] bArr = null;
                    if (attribute != null) {
                        bArr = attribute.getValue();
                    }
                    EAP decapsulateMessage = radius.decapsulateMessage();
                    lookupStateMachineById.setChallengeInfo(decapsulateMessage.getIdentifier(), bArr);
                    AaaManager.this.sendPacketToSupplicant(AaaManager.buildEapolResponse(lookupStateMachineById.supplicantAddress(), MacAddress.valueOf(AaaManager.this.nasMacAddress), lookupStateMachineById.vlanId(), (byte) 0, decapsulateMessage), lookupStateMachineById.supplicantConnectpoint());
                    return;
                default:
                    AaaManager.this.log.warn("Unknown RADIUS message received with code: {}", Byte.valueOf(radius.getCode()));
                    return;
            }
        }

        @Override // java.lang.Runnable
        public void run() {
            boolean z = false;
            int i = 1;
            AaaManager.this.log.info("UDP listener thread starting up");
            while (!z) {
                try {
                    byte[] bArr = new byte[4096];
                    DatagramPacket datagramPacket = new DatagramPacket(bArr, bArr.length);
                    AaaManager.this.radiusSocket.receive(datagramPacket);
                    int i2 = i;
                    i++;
                    AaaManager.this.log.info("Packet #{} received", Integer.valueOf(i2));
                    try {
                        try {
                            handleRadiusPacket((RADIUS) RADIUS.deserializer().deserialize(datagramPacket.getData(), 0, datagramPacket.getLength()));
                        } catch (DeserializationException e) {
                            AaaManager.this.log.error("Cannot deserialize packet", e);
                        }
                    } catch (StateMachineException e2) {
                        AaaManager.this.log.error("Illegal state machine operation", e2);
                    }
                } catch (IOException e3) {
                    AaaManager.this.log.info("Socket was closed, exiting listener thread");
                    z = true;
                }
            }
        }
    }

    /* loaded from: input_file:org/onosproject/aaa/AaaManager$ReactivePacketProcessor.class */
    private class ReactivePacketProcessor implements PacketProcessor {
        private ReactivePacketProcessor() {
        }

        public void process(PacketContext packetContext) {
            Ethernet parsed = packetContext.inPacket().parsed();
            if (parsed == null) {
                return;
            }
            try {
                switch (AnonymousClass2.$SwitchMap$org$onlab$packet$EthType$EtherType[EthType.EtherType.lookup(parsed.getEtherType()).ordinal()]) {
                    case 1:
                        handleSupplicantPacket(packetContext.inPacket());
                        break;
                    default:
                        AaaManager.this.log.trace("Skipping Ethernet packet type {}", EthType.EtherType.lookup(parsed.getEtherType()));
                        break;
                }
            } catch (StateMachineException e) {
                AaaManager.this.log.warn("Unable to process RADIUS packet:", e);
            }
        }

        private RADIUS getRadiusPayload(StateMachine stateMachine, byte b, EAP eap) {
            RADIUS radius = new RADIUS((byte) 1, eap.getIdentifier());
            stateMachine.setRequestAuthenticator(radius.generateAuthCode());
            radius.setIdentifier(b);
            radius.setAttribute((byte) 1, stateMachine.username());
            radius.setAttribute((byte) 4, AaaManager.this.nasIpAddress.getAddress());
            radius.encapsulateMessage(eap);
            return radius;
        }

        private void handleSupplicantPacket(InboundPacket inboundPacket) throws StateMachineException {
            Ethernet parsed = inboundPacket.parsed();
            MacAddress sourceMAC = parsed.getSourceMAC();
            String str = inboundPacket.receivedFrom().deviceId().toString() + inboundPacket.receivedFrom().port().toString();
            StateMachine lookupStateMachineBySessionId = StateMachine.lookupStateMachineBySessionId(str);
            if (lookupStateMachineBySessionId == null) {
                lookupStateMachineBySessionId = new StateMachine(str);
            }
            EAPOL payload = parsed.getPayload();
            switch (payload.getEapolType()) {
                case 0:
                    EAP eap = (EAP) payload.getPayload();
                    switch (eap.getDataType()) {
                        case 1:
                            lookupStateMachineBySessionId.setUsername(eap.getData());
                            RADIUS radiusPayload = getRadiusPayload(lookupStateMachineBySessionId, lookupStateMachineBySessionId.identifier(), eap);
                            radiusPayload.addMessageAuthenticator(AaaManager.this.radiusSecret);
                            AaaManager.this.sendRadiusPacket(radiusPayload);
                            lookupStateMachineBySessionId.requestAccess();
                            return;
                        case 4:
                            if (eap.getIdentifier() == lookupStateMachineBySessionId.challengeIdentifier()) {
                                RADIUS radiusPayload2 = getRadiusPayload(lookupStateMachineBySessionId, lookupStateMachineBySessionId.identifier(), eap);
                                if (lookupStateMachineBySessionId.challengeState() != null) {
                                    radiusPayload2.setAttribute((byte) 24, lookupStateMachineBySessionId.challengeState());
                                }
                                radiusPayload2.addMessageAuthenticator(AaaManager.this.radiusSecret);
                                AaaManager.this.sendRadiusPacket(radiusPayload2);
                                return;
                            }
                            return;
                        case 13:
                            RADIUS radiusPayload3 = getRadiusPayload(lookupStateMachineBySessionId, lookupStateMachineBySessionId.identifier(), eap);
                            if (lookupStateMachineBySessionId.challengeState() != null) {
                                radiusPayload3.setAttribute((byte) 24, lookupStateMachineBySessionId.challengeState());
                            }
                            lookupStateMachineBySessionId.setRequestAuthenticator(radiusPayload3.generateAuthCode());
                            radiusPayload3.addMessageAuthenticator(AaaManager.this.radiusSecret);
                            AaaManager.this.sendRadiusPacket(radiusPayload3);
                            if (lookupStateMachineBySessionId.state() != 2) {
                                lookupStateMachineBySessionId.requestAccess();
                                return;
                            }
                            return;
                        default:
                            return;
                    }
                case 1:
                    lookupStateMachineBySessionId.start();
                    lookupStateMachineBySessionId.setSupplicantConnectpoint(inboundPacket.receivedFrom());
                    Ethernet buildEapolResponse = AaaManager.buildEapolResponse(sourceMAC, MacAddress.valueOf(AaaManager.this.nasMacAddress), parsed.getVlanID(), (byte) 0, new EAP((byte) 1, lookupStateMachineBySessionId.identifier(), (byte) 1, (byte[]) null));
                    lookupStateMachineBySessionId.setSupplicantAddress(sourceMAC);
                    lookupStateMachineBySessionId.setVlanId(parsed.getVlanID());
                    AaaManager.this.sendPacketToSupplicant(buildEapolResponse, lookupStateMachineBySessionId.supplicantConnectpoint());
                    return;
                case 2:
                    if (lookupStateMachineBySessionId.state() == 3) {
                        lookupStateMachineBySessionId.logoff();
                        return;
                    }
                    return;
                default:
                    AaaManager.this.log.trace("Skipping EAPOL message {}", Byte.valueOf(payload.getEapolType()));
                    return;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Ethernet buildEapolResponse(MacAddress macAddress, MacAddress macAddress2, short s, byte b, EAP eap) {
        Ethernet ethernet = new Ethernet();
        ethernet.setDestinationMACAddress(macAddress.toBytes());
        ethernet.setSourceMACAddress(macAddress2.toBytes());
        ethernet.setEtherType(EthType.EtherType.EAPOL.ethType().toShort());
        if (s != -1) {
            ethernet.setVlanID(s);
        }
        EAPOL eapol = new EAPOL();
        eapol.setEapolType(b);
        eapol.setPacketLength(eap.getLength());
        eapol.setPayload(eap);
        ethernet.setPayload(eapol);
        ethernet.setPad(true);
        return ethernet;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initializeLocalState() {
        try {
            this.radiusSocket = new DatagramSocket(this.radiusServerPort);
        } catch (Exception e) {
            this.log.error("Can't open RADIUS socket", e);
        }
        this.executor = Executors.newSingleThreadExecutor(new ThreadFactoryBuilder().setNameFormat("AAA-radius-%d").build());
        this.executor.execute(this.radiusListener);
    }

    @Activate
    public void activate() {
        this.netCfgService.addListener(this.cfgListener);
        this.netCfgService.registerConfigFactory(this.factory);
        this.appId = this.coreService.registerApplication("org.onosproject.aaa");
        this.cfgListener.reconfigureNetwork((AaaConfig) this.netCfgService.getConfig(this.appId, AaaConfig.class));
        this.packetService.addProcessor(this.processor, PacketProcessor.director(2));
        requestIntercepts();
        StateMachine.initializeMaps();
        initializeLocalState();
        this.log.info("Started");
    }

    @Deactivate
    public void deactivate() {
        withdrawIntercepts();
        this.packetService.removeProcessor(this.processor);
        this.processor = null;
        StateMachine.destroyMaps();
        this.radiusSocket.close();
        this.executor.shutdownNow();
        this.log.info("Stopped");
    }

    protected void sendRadiusPacket(RADIUS radius) {
        try {
            byte[] serialize = radius.serialize();
            this.radiusSocket.send(new DatagramPacket(serialize, serialize.length, this.radiusIpAddress, this.radiusServerPort));
        } catch (IOException e) {
            this.log.info("Cannot send packet to RADIUS server", e);
        }
    }

    private void requestIntercepts() {
        TrafficSelector.Builder builder = DefaultTrafficSelector.builder();
        builder.matchEthType(EthType.EtherType.EAPOL.ethType().toShort());
        this.packetService.requestPackets(builder.build(), PacketPriority.CONTROL, this.appId);
    }

    private void withdrawIntercepts() {
        TrafficSelector.Builder builder = DefaultTrafficSelector.builder();
        builder.matchEthType(EthType.EtherType.EAPOL.ethType().toShort());
        this.packetService.cancelPackets(builder.build(), PacketPriority.CONTROL, this.appId);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void sendPacketToSupplicant(Ethernet ethernet, ConnectPoint connectPoint) {
        this.packetService.emit(new DefaultOutboundPacket(connectPoint.deviceId(), DefaultTrafficTreatment.builder().setOutput(connectPoint.port()).build(), ByteBuffer.wrap(ethernet.serialize())));
    }

    protected void bindCoreService(CoreService coreService) {
        this.coreService = coreService;
    }

    protected void unbindCoreService(CoreService coreService) {
        if (this.coreService == coreService) {
            this.coreService = null;
        }
    }

    protected void bindPacketService(PacketService packetService) {
        this.packetService = packetService;
    }

    protected void unbindPacketService(PacketService packetService) {
        if (this.packetService == packetService) {
            this.packetService = null;
        }
    }

    protected void bindNetCfgService(NetworkConfigRegistry networkConfigRegistry) {
        this.netCfgService = networkConfigRegistry;
    }

    protected void unbindNetCfgService(NetworkConfigRegistry networkConfigRegistry) {
        if (this.netCfgService == networkConfigRegistry) {
            this.netCfgService = null;
        }
    }
}
