package org.opencord.aaa.impl;

import com.google.common.base.Strings;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
import java.util.Arrays;
import java.util.Dictionary;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.onlab.packet.DeserializationException;
import org.onlab.packet.EAP;
import org.onlab.packet.EAPOL;
import org.onlab.packet.EthType;
import org.onlab.packet.Ethernet;
import org.onlab.packet.MacAddress;
import org.onlab.packet.RADIUS;
import org.onlab.packet.RADIUSAttribute;
import org.onlab.util.KryoNamespace;
import org.onlab.util.Tools;
import org.onosproject.cfg.ComponentConfigService;
import org.onosproject.core.ApplicationId;
import org.onosproject.core.CoreService;
import org.onosproject.event.AbstractListenerManager;
import org.onosproject.mastership.MastershipService;
import org.onosproject.net.ConnectPoint;
import org.onosproject.net.Device;
import org.onosproject.net.DeviceId;
import org.onosproject.net.PortNumber;
import org.onosproject.net.config.ConfigFactory;
import org.onosproject.net.config.NetworkConfigEvent;
import org.onosproject.net.config.NetworkConfigListener;
import org.onosproject.net.config.NetworkConfigRegistry;
import org.onosproject.net.config.basics.SubjectFactories;
import org.onosproject.net.device.DeviceEvent;
import org.onosproject.net.device.DeviceListener;
import org.onosproject.net.device.DeviceService;
import org.onosproject.net.flow.DefaultTrafficTreatment;
import org.onosproject.net.packet.DefaultOutboundPacket;
import org.onosproject.net.packet.InboundPacket;
import org.onosproject.net.packet.PacketContext;
import org.onosproject.net.packet.PacketProcessor;
import org.onosproject.net.packet.PacketService;
import org.onosproject.store.serializers.KryoNamespaces;
import org.onosproject.store.service.ConsistentMap;
import org.onosproject.store.service.MapEvent;
import org.onosproject.store.service.MapEventListener;
import org.onosproject.store.service.Serializer;
import org.onosproject.store.service.StorageService;
import org.opencord.aaa.AaaConfig;
import org.opencord.aaa.AaaMachineStatisticsEvent;
import org.opencord.aaa.AaaMachineStatisticsService;
import org.opencord.aaa.AaaSupplicantMachineStats;
import org.opencord.aaa.AuthenticationEvent;
import org.opencord.aaa.AuthenticationEventListener;
import org.opencord.aaa.AuthenticationRecord;
import org.opencord.aaa.AuthenticationService;
import org.opencord.aaa.AuthenticationStatisticsService;
import org.opencord.aaa.RadiusCommunicator;
import org.opencord.aaa.RadiusOperationalStatusEvent;
import org.opencord.aaa.RadiusOperationalStatusService;
import org.opencord.aaa.StateMachineDelegate;
import org.opencord.aaa.impl.StateMachine;
import org.opencord.sadis.BaseInformationService;
import org.opencord.sadis.SadisService;
import org.opencord.sadis.SubscriberAndDeviceInformation;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(immediate = true, property = {"operationalStatusEventGenerationPeriodInSeconds:Integer=30", "operationalStatusServerTimeoutInSeconds:Integer=10", "operationalStatusEvaluationMode:String=AUTO", "packetProcessorThreads:Integer=10", "forgeEapolPackets:Boolean=false"})
/* loaded from: input_file:WEB-INF/classes/org/opencord/aaa/impl/AaaManager.class */
public class AaaManager extends AbstractListenerManager<AuthenticationEvent, AuthenticationEventListener> implements AuthenticationService {
    private static final String SADIS_NOT_RUNNING = "Sadis is not running.";
    private static final String APP_NAME = "org.opencord.aaa";
    private static final int STATE_MACHINE_THREADS = 3;

    @Reference(cardinality = ReferenceCardinality.MANDATORY)
    protected CoreService coreService;

    @Reference(cardinality = ReferenceCardinality.MANDATORY)
    protected StorageService storageService;

    @Reference(cardinality = ReferenceCardinality.MANDATORY)
    protected PacketService packetService;

    @Reference(cardinality = ReferenceCardinality.MANDATORY)
    protected NetworkConfigRegistry netCfgService;

    @Reference(cardinality = ReferenceCardinality.MANDATORY)
    protected DeviceService deviceService;

    @Reference(cardinality = ReferenceCardinality.OPTIONAL, bind = "bindSadisService", unbind = "unbindSadisService", policy = ReferencePolicy.DYNAMIC)
    protected volatile SadisService sadisService;

    @Reference(cardinality = ReferenceCardinality.MANDATORY)
    protected MastershipService mastershipService;

    @Reference(cardinality = ReferenceCardinality.MANDATORY)
    protected AuthenticationStatisticsService aaaStatisticsManager;

    @Reference(cardinality = ReferenceCardinality.MANDATORY)
    protected AaaMachineStatisticsService aaaSupplicantStatsManager;

    @Reference(cardinality = ReferenceCardinality.MANDATORY)
    protected ComponentConfigService cfgService;

    @Reference(cardinality = ReferenceCardinality.MANDATORY)
    protected RadiusOperationalStatusService radiusOperationalStatusService;
    protected BaseInformationService<SubscriberAndDeviceInformation> subsService;
    private IdentifierManager idManager;
    private ConcurrentMap<String, StateMachine> stateMachines;
    private ConsistentMap<ConnectPoint, AuthenticationRecord> authenticationsConsistentMap;
    private Map<ConnectPoint, AuthenticationRecord> authentications;
    protected InetAddress nasIpAddress;
    protected String nasMacAddress;
    protected InetAddress radiusIpAddress;
    protected String radiusMacAddress;
    protected String radiusSecret;
    protected CustomizationInfo customInfo;
    private ApplicationId appId;
    protected int cleanupTimerTimeOutInMins;
    PacketCustomizer pktCustomizer;
    private String customizer;
    private String radiusConnectionType;
    AaaConfig newCfg;
    ScheduledFuture<?> scheduledStatusServerChecker;
    String configuredAaaServerAddress;
    static final List<Byte> VALID_EAPOL_TYPE = Arrays.asList((byte) 1, (byte) 2, (byte) 0);
    static final int HEADER_LENGTH = 4;
    protected ExecutorService packetProcessorExecutor;
    protected ScheduledExecutorService serverStatusAndStateMachineTimeoutExecutor;
    private final Logger log = LoggerFactory.getLogger(getClass());
    private final DeviceListener deviceListener = new InternalDeviceListener();
    private int operationalStatusEventGenerationPeriodInSeconds = 30;
    private int operationalStatusServerTimeoutInSeconds = 10;
    protected String operationalStatusEvaluationMode = OsgiPropertyConstants.STATUS_SERVER_MODE_DEFAULT;
    private Boolean forgeEapolPackets = false;
    protected int packetProcessorThreads = 10;
    private ReactivePacketProcessor processor = new ReactivePacketProcessor();
    RadiusCommunicator impl = null;
    HashSet<Byte> outPacketSet = new HashSet<>();
    HashSet<Byte> outPacketSupp = new HashSet<>();
    private final ConfigFactory factory = new ConfigFactory<ApplicationId, AaaConfig>(SubjectFactories.APP_SUBJECT_FACTORY, AaaConfig.class, "AAA") { // from class: org.opencord.aaa.impl.AaaManager.1
        /* renamed from: createConfig, reason: merged with bridge method [inline-methods] */
        public AaaConfig m1createConfig() {
            return new AaaConfig();
        }
    };
    private final InternalConfigListener cfgListener = new InternalConfigListener();
    private final InternalMapEventListener mapListener = new InternalMapEventListener();
    private StateMachineDelegate delegate = new InternalStateMachineDelegate();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.opencord.aaa.impl.AaaManager$2, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/classes/org/opencord/aaa/impl/AaaManager$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$onlab$packet$EthType$EtherType;
        static final /* synthetic */ int[] $SwitchMap$org$onosproject$net$device$DeviceEvent$Type = new int[DeviceEvent.Type.values().length];

        static {
            try {
                $SwitchMap$org$onosproject$net$device$DeviceEvent$Type[DeviceEvent.Type.PORT_REMOVED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$onosproject$net$device$DeviceEvent$Type[DeviceEvent.Type.DEVICE_REMOVED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$org$onlab$packet$EthType$EtherType = new int[EthType.EtherType.values().length];
            try {
                $SwitchMap$org$onlab$packet$EthType$EtherType[EthType.EtherType.EAPOL.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:WEB-INF/classes/org/opencord/aaa/impl/AaaManager$InternalConfigListener.class */
    private class InternalConfigListener implements NetworkConfigListener {
        private InternalConfigListener() {
        }

        private void reconfigureNetwork(AaaConfig aaaConfig) {
            AaaManager.this.log.info("Reconfiguring AaaConfig from config: {}", aaaConfig);
            if (aaaConfig == null) {
                AaaManager.this.newCfg = new AaaConfig();
            } else {
                AaaManager.this.newCfg = aaaConfig;
            }
            if (AaaManager.this.newCfg.nasIp() != null) {
                AaaManager.this.nasIpAddress = AaaManager.this.newCfg.nasIp();
            }
            if (AaaManager.this.newCfg.radiusIp() != null) {
                AaaManager.this.radiusIpAddress = AaaManager.this.newCfg.radiusIp();
            }
            if (AaaManager.this.newCfg.radiusMac() != null) {
                AaaManager.this.radiusMacAddress = AaaManager.this.newCfg.radiusMac();
            }
            if (AaaManager.this.newCfg.nasMac() != null) {
                AaaManager.this.nasMacAddress = AaaManager.this.newCfg.nasMac();
            }
            if (AaaManager.this.newCfg.radiusSecret() != null && !AaaManager.this.newCfg.radiusSecret().equals(AaaManager.this.radiusSecret)) {
                AaaManager.this.radiusSecret = AaaManager.this.newCfg.radiusSecret();
                AaaManager.this.radiusOperationalStatusService.initialize(AaaManager.this.nasIpAddress.getAddress(), AaaManager.this.radiusSecret, AaaManager.this.impl);
            }
            boolean z = false;
            if (AaaManager.this.customizer == null || !AaaManager.this.customizer.equals(AaaManager.this.newCfg.radiusPktCustomizer())) {
                AaaManager.this.customizer = AaaManager.this.newCfg.radiusPktCustomizer();
                AaaManager.this.configurePacketCustomizer();
                z = true;
            }
            if (AaaManager.this.radiusConnectionType != null && !z && AaaManager.this.radiusConnectionType.equals(AaaManager.this.newCfg.radiusConnectionType())) {
                if (AaaManager.this.impl != null) {
                    AaaManager.this.impl.clearLocalState();
                    AaaManager.this.impl.initializeLocalState(AaaManager.this.newCfg);
                    return;
                }
                return;
            }
            AaaManager.this.radiusConnectionType = AaaManager.this.newCfg.radiusConnectionType();
            if (AaaManager.this.impl != null) {
                AaaManager.this.impl.withdrawIntercepts();
                AaaManager.this.impl.clearLocalState();
            }
            AaaManager.this.configureRadiusCommunication(false);
            AaaManager.this.impl.initializeLocalState(AaaManager.this.newCfg);
            AaaManager.this.impl.requestIntercepts();
        }

        public void event(NetworkConfigEvent networkConfigEvent) {
            if ((networkConfigEvent.type() == NetworkConfigEvent.Type.CONFIG_ADDED || networkConfigEvent.type() == NetworkConfigEvent.Type.CONFIG_UPDATED) && networkConfigEvent.configClass().equals(AaaConfig.class)) {
                AaaConfig aaaConfig = (AaaConfig) AaaManager.this.netCfgService.getConfig(AaaManager.this.appId, AaaConfig.class);
                reconfigureNetwork(aaaConfig);
                AaaManager.this.log.info("Reconfigured: {}", aaaConfig.toString());
            }
        }
    }

    /* loaded from: input_file:WEB-INF/classes/org/opencord/aaa/impl/AaaManager$InternalDeviceListener.class */
    private class InternalDeviceListener implements DeviceListener {
        private InternalDeviceListener() {
        }

        public void event(DeviceEvent deviceEvent) {
            DeviceId id = ((Device) deviceEvent.subject()).id();
            AaaManager.this.log.debug("AAA received device event {} ", deviceEvent);
            switch (AnonymousClass2.$SwitchMap$org$onosproject$net$device$DeviceEvent$Type[deviceEvent.type().ordinal()]) {
                case RadiusOperationalStatusManager.AAA_REQUEST_ID_FAKE_ACCESS_REQUEST /* 1 */:
                    String str = id.toString() + "/" + deviceEvent.port().number().toString();
                    AaaManager.this.log.debug("Received PORT_REMOVED event. Clearing AAA Session with Id {}", str);
                    flushStateMachineSession(str, StateMachine.SessionTerminationReasons.PORT_REMOVED.getReason());
                    return;
                case 2:
                    AaaManager.this.log.debug("Received DEVICE_REMOVED event for {}", id);
                    clearAllSessionStateForDevice(id);
                    return;
                default:
                    return;
            }
        }

        private void clearAllSessionStateForDevice(DeviceId deviceId) {
            HashSet<String> newHashSet = Sets.newHashSet();
            for (Map.Entry<String, StateMachine> entry : AaaManager.this.stateMachines.entrySet()) {
                ConnectPoint supplicantConnectpoint = entry.getValue().supplicantConnectpoint();
                if (supplicantConnectpoint != null && supplicantConnectpoint.deviceId().toString().equals(deviceId.toString())) {
                    newHashSet.add(entry.getKey());
                }
            }
            for (String str : newHashSet) {
                AaaManager.this.log.debug("Clearing AAA Session {} associated with Removed Device", str);
                flushStateMachineSession(str, StateMachine.SessionTerminationReasons.DEVICE_REMOVED.getReason());
            }
        }

        private void flushStateMachineSession(String str, String str2) {
            StateMachine stateMachine = AaaManager.this.stateMachines.get(str);
            AaaManager.this.authentications.remove(ConnectPoint.fromString(str));
            if (stateMachine == null) {
                AaaManager.this.log.debug("No Active AAA Session found with Id {}", str);
                return;
            }
            stateMachine.setSessionTerminateReason(str2);
            AaaManager.this.aaaSupplicantStatsManager.getMachineStatsDelegate().notify(new AaaMachineStatisticsEvent(AaaMachineStatisticsEvent.Type.STATS_UPDATE, AaaManager.this.aaaSupplicantStatsManager.getSupplicantStats(stateMachine)));
            StateMachine remove = AaaManager.this.stateMachines.remove(str);
            if (remove != null) {
                StateMachine.deleteStateMachineMapping(remove);
            }
        }
    }

    /* loaded from: input_file:WEB-INF/classes/org/opencord/aaa/impl/AaaManager$InternalMapEventListener.class */
    private class InternalMapEventListener implements MapEventListener<ConnectPoint, AuthenticationRecord> {
        private InternalMapEventListener() {
        }

        public void event(MapEvent<ConnectPoint, AuthenticationRecord> mapEvent) {
            StateMachine remove;
            if (mapEvent.type() != MapEvent.Type.REMOVE || (remove = AaaManager.this.stateMachines.remove(((ConnectPoint) mapEvent.key()).toString())) == null) {
                return;
            }
            remove.stop();
        }
    }

    /* loaded from: input_file:WEB-INF/classes/org/opencord/aaa/impl/AaaManager$InternalStateMachineDelegate.class */
    private class InternalStateMachineDelegate implements StateMachineDelegate {
        private InternalStateMachineDelegate() {
        }

        public void notify(AuthenticationEvent authenticationEvent) {
            AaaManager.this.log.info("Auth event {} for {}", authenticationEvent.type(), authenticationEvent.subject());
            if (authenticationEvent.type() == AuthenticationEvent.Type.TIMEOUT) {
                AaaManager.this.handleStateMachineTimeout((ConnectPoint) authenticationEvent.subject());
            }
            AuthenticationRecord authenticationRecord = authenticationEvent.authenticationRecord();
            if (authenticationRecord == null) {
                AaaManager.this.authentications.remove(authenticationEvent.subject());
            } else {
                AaaManager.this.authentications.put((ConnectPoint) authenticationEvent.subject(), authenticationRecord);
            }
            AaaManager.this.post(authenticationEvent);
        }
    }

    /* loaded from: input_file:WEB-INF/classes/org/opencord/aaa/impl/AaaManager$ReactivePacketProcessor.class */
    private class ReactivePacketProcessor implements PacketProcessor {
        private ReactivePacketProcessor() {
        }

        public void process(PacketContext packetContext) {
            AaaManager.this.packetProcessorExecutor.execute(() -> {
                try {
                    InboundPacket inPacket = packetContext.inPacket();
                    if (inPacket == null) {
                        AaaManager.this.log.warn("Dropping inbound packet as it can't be parsed (inpacket)");
                        return;
                    }
                    Ethernet parsed = inPacket.parsed();
                    if (parsed == null) {
                        AaaManager.this.log.warn("Dropping inbound packet as it can't be parsed (ethpacket)");
                        return;
                    }
                    try {
                        switch (AnonymousClass2.$SwitchMap$org$onlab$packet$EthType$EtherType[EthType.EtherType.lookup(parsed.getEtherType()).ordinal()]) {
                            case RadiusOperationalStatusManager.AAA_REQUEST_ID_FAKE_ACCESS_REQUEST /* 1 */:
                                if (AaaManager.this.log.isTraceEnabled()) {
                                    AaaManager.this.log.trace("Received EAPOL supplicant packet from dev/port: {} with MacAddress {}", packetContext.inPacket().receivedFrom(), parsed.getSourceMAC());
                                }
                                handleSupplicantPacket(packetContext.inPacket());
                                break;
                            default:
                                if (AaaManager.this.log.isTraceEnabled()) {
                                    AaaManager.this.log.trace("Received packet-in from RADIUS server {} in enclosing packet {} from dev/port: {} with MacAddress {}", new Object[]{parsed, packetContext.inPacket(), packetContext.inPacket().receivedFrom(), parsed.getSourceMAC()});
                                }
                                AaaManager.this.impl.handlePacketFromServer(packetContext);
                                break;
                        }
                    } catch (Exception e) {
                        AaaManager.this.log.error("Exception while reading packet type", e);
                    }
                } catch (Exception e2) {
                    AaaManager.this.log.error("Error while processing packet", e2);
                }
            });
        }

        private RADIUS getRadiusPayload(StateMachine stateMachine, byte b, EAP eap) {
            RADIUS radius = new RADIUS((byte) 1, eap.getIdentifier());
            stateMachine.setRequestAuthenticator(radius.generateAuthCode());
            radius.setIdentifier(b);
            radius.setAttribute((byte) 1, stateMachine.username());
            radius.setAttribute((byte) 4, AaaManager.this.nasIpAddress.getAddress());
            radius.encapsulateMessage(eap);
            return radius;
        }

        private void handleEapolStart(InboundPacket inboundPacket, StateMachine stateMachine) {
            DeviceId deviceId = inboundPacket.receivedFrom().deviceId();
            PortNumber port = inboundPacket.receivedFrom().port();
            Ethernet parsed = inboundPacket.parsed();
            MacAddress sourceMAC = parsed.getSourceMAC();
            AaaManager.this.log.debug("EAP packet: EAPOL_START from dev/port: {}/{} with MacAddress {}", new Object[]{deviceId, port, sourceMAC});
            stateMachine.setSupplicantConnectpoint(inboundPacket.receivedFrom());
            stateMachine.setSupplicantAddress(sourceMAC);
            stateMachine.start();
            AaaManager.this.aaaStatisticsManager.getAaaStats().incrementEapolStartReqRx();
            EAP eap = new EAP((byte) 1, stateMachine.identifier(), (byte) 1, (byte[]) null);
            if (parsed.getVlanID() != -1) {
                stateMachine.setPriorityCode(parsed.getPriorityCode());
            }
            Ethernet buildEapolResponse = AaaManager.buildEapolResponse(sourceMAC, MacAddress.valueOf(AaaManager.this.nasMacAddress), parsed.getVlanID(), (byte) 0, eap, stateMachine.priorityCode());
            stateMachine.setVlanId(parsed.getVlanID());
            AaaManager.this.log.debug("Getting EAP identity from supplicant {}", stateMachine.supplicantAddress().toString());
            AaaManager.this.sendPacketToSupplicant(buildEapolResponse, stateMachine.supplicantConnectpoint(), false);
            AaaManager.this.aaaStatisticsManager.getAaaStats().incrementRequestIdFramesTx();
        }

        private void hangleEapolLogoff(InboundPacket inboundPacket, StateMachine stateMachine) {
            AaaManager.this.log.debug("EAP packet: EAPOL_LOGOFF from dev/port: {}/{} with MacAddress {}", new Object[]{inboundPacket.receivedFrom().deviceId(), inboundPacket.receivedFrom().port(), inboundPacket.parsed().getSourceMAC()});
            if (stateMachine.getSessionTerminateReason() == null || stateMachine.getSessionTerminateReason().equals("")) {
                stateMachine.setSessionTerminateReason(StateMachine.SessionTerminationReasons.SUPPLICANT_LOGOFF.getReason());
            }
            AaaManager.this.aaaSupplicantStatsManager.getMachineStatsDelegate().notify(new AaaMachineStatisticsEvent(AaaMachineStatisticsEvent.Type.STATS_UPDATE, AaaManager.this.aaaSupplicantStatsManager.getSupplicantStats(stateMachine)));
            if (stateMachine.state() == AaaManager.STATE_MACHINE_THREADS) {
                stateMachine.logoff();
                AaaManager.this.aaaStatisticsManager.getAaaStats().incrementEapolLogoffRx();
            }
            if (stateMachine.state() == 0) {
                AaaManager.this.aaaStatisticsManager.getAaaStats().incrementAuthStateIdle();
            }
        }

        private void handleForgedEapolChallengeAuth(StateMachine stateMachine) {
            stateMachine.requestAccess();
            AaaManager.this.log.info("Forging EAP auth challenge");
            byte[] hexStringToByteArray = EapolPacketGenerator.hexStringToByteArray("19056d66190469d738db2f7dc1e02591");
            EAP forgeEapolChallengeAuth = EapolPacketGenerator.forgeEapolChallengeAuth();
            Ethernet buildEapolResponse = AaaManager.buildEapolResponse(stateMachine.supplicantAddress(), MacAddress.valueOf(AaaManager.this.nasMacAddress), stateMachine.vlanId(), (byte) 0, forgeEapolChallengeAuth, stateMachine.priorityCode());
            stateMachine.setChallengeInfo(forgeEapolChallengeAuth.getIdentifier(), hexStringToByteArray);
            ConnectPoint supplicantConnectpoint = stateMachine.supplicantConnectpoint();
            AaaManager.this.log.info("Send FORGED EAP auth challenge to supplicant {} on dev/port: {}/{} with MacAddress {}", new Object[]{supplicantConnectpoint.deviceId(), supplicantConnectpoint.port(), stateMachine.supplicantAddress()});
            AaaManager.this.sendPacketToSupplicant(buildEapolResponse, stateMachine.supplicantConnectpoint(), true);
        }

        private void handleForgedEapolSuccess(StateMachine stateMachine) {
            ConnectPoint supplicantConnectpoint = stateMachine.supplicantConnectpoint();
            MacAddress supplicantAddress = stateMachine.supplicantAddress();
            AaaManager.this.log.info("Forging EAP auth success");
            Ethernet buildEapolResponse = AaaManager.buildEapolResponse(stateMachine.supplicantAddress(), MacAddress.valueOf(AaaManager.this.nasMacAddress), stateMachine.vlanId(), (byte) 0, EapolPacketGenerator.forgeEapolSuccess(), stateMachine.priorityCode());
            AaaManager.this.log.info("Send FORGED EAP success message to supplicant {} on dev/port: {}/{} with MacAddress {}", new Object[]{supplicantConnectpoint.deviceId(), supplicantConnectpoint.port(), supplicantAddress});
            AaaManager.this.sendPacketToSupplicant(buildEapolResponse, stateMachine.supplicantConnectpoint(), false);
            AaaManager.this.aaaStatisticsManager.getAaaStats().incrementEapolAuthSuccessTrans();
            stateMachine.authorizeAccess();
        }

        private void handleSupplicantPacket(InboundPacket inboundPacket) {
            Ethernet parsed = inboundPacket.parsed();
            MacAddress sourceMAC = parsed.getSourceMAC();
            DeviceId deviceId = inboundPacket.receivedFrom().deviceId();
            PortNumber port = inboundPacket.receivedFrom().port();
            String connectPoint = inboundPacket.receivedFrom().toString();
            EAPOL eapol = (EAPOL) parsed.getPayload();
            if (AaaManager.this.log.isTraceEnabled()) {
                AaaManager.this.log.trace("Received EAPOL packet {} in enclosing packet {} from dev/port: {}/{} with MacAddress {} and type {}", new Object[]{eapol, parsed, deviceId, port, sourceMAC, Byte.valueOf(eapol.getEapolType())});
            }
            short packetLength = eapol.getPacketLength();
            int length = eapol.serialize().length;
            if (length != AaaManager.HEADER_LENGTH + packetLength) {
                AaaManager.this.log.warn("Invalid EAPOL pkt length {} (shoudl be {}) for packet {} from dev/port: {}/{} with MacAddress {}, dropping it", new Object[]{Integer.valueOf(length), Integer.valueOf(AaaManager.HEADER_LENGTH + packetLength), eapol, deviceId, port, sourceMAC});
                AaaManager.this.aaaStatisticsManager.getAaaStats().incrementInvalidBodyLength();
                return;
            }
            if (!AaaManager.VALID_EAPOL_TYPE.contains(Byte.valueOf(eapol.getEapolType()))) {
                AaaManager.this.log.warn("Invalid EAPOL Type {} for packet {} from dev/port: {}/{} with MacAddress {}, dropping it", new Object[]{Byte.valueOf(eapol.getEapolType()), eapol, deviceId, port, sourceMAC});
                AaaManager.this.aaaStatisticsManager.getAaaStats().incrementInvalidPktType();
                return;
            }
            if (packetLength >= 0 && parsed.getEtherType() == EthType.EtherType.EAPOL.ethType().toShort()) {
                AaaManager.this.aaaStatisticsManager.getAaaStats().incrementValidEapolFramesRx();
            }
            StateMachine computeIfAbsent = AaaManager.this.stateMachines.computeIfAbsent(connectPoint, str -> {
                return new StateMachine(str, AaaManager.this.serverStatusAndStateMachineTimeoutExecutor);
            });
            computeIfAbsent.setEapolTypeVal(eapol.getEapolType());
            switch (eapol.getEapolType()) {
                case 0:
                    EAP eap = (EAP) eapol.getPayload();
                    Byte b = new Byte(eap.getIdentifier());
                    AaaManager.this.log.debug("EAP packet: EAPOL_PACKET from dev/port: {}/{} with MacAddress {} with Identifier {}", new Object[]{deviceId, port, sourceMAC, Double.valueOf(b.doubleValue())});
                    switch (eap.getDataType()) {
                        case RadiusOperationalStatusManager.AAA_REQUEST_ID_FAKE_ACCESS_REQUEST /* 1 */:
                            handleAttrIdentity(inboundPacket, sourceMAC, deviceId, port, eapol, computeIfAbsent, eap, connectPoint);
                            break;
                        case AaaManager.HEADER_LENGTH /* 4 */:
                            handleMD5(inboundPacket, sourceMAC, deviceId, port, computeIfAbsent, eap, b, connectPoint);
                            break;
                        case 13:
                            handleTls(inboundPacket, sourceMAC, deviceId, port, computeIfAbsent, eap, b, connectPoint);
                            break;
                        default:
                            AaaManager.this.log.warn("Unknown EAP packet type from dev/port: {}/{} with MacAddress {} and Identifier {}", new Object[]{deviceId, port, sourceMAC, Integer.valueOf(eap.getIdentifier() & 255)});
                            return;
                    }
                case RadiusOperationalStatusManager.AAA_REQUEST_ID_FAKE_ACCESS_REQUEST /* 1 */:
                    handleEapolStart(inboundPacket, computeIfAbsent);
                    break;
                case 2:
                    hangleEapolLogoff(inboundPacket, computeIfAbsent);
                    break;
                default:
                    AaaManager.this.log.debug("Skipping EAPOL message {} from dev/port: {}/{} with MacAddress {}", new Object[]{Byte.valueOf(eapol.getEapolType()), deviceId, port, sourceMAC});
                    break;
            }
            AaaManager.this.aaaStatisticsManager.getAaaStats().countTransRespNotNak();
            AaaManager.this.aaaStatisticsManager.getAaaStats().countEapolResIdentityMsgTrans();
        }

        private void handleAttrIdentity(InboundPacket inboundPacket, MacAddress macAddress, DeviceId deviceId, PortNumber portNumber, EAPOL eapol, StateMachine stateMachine, EAP eap, String str) {
            if (AaaManager.this.forgeEapolPackets.booleanValue()) {
                handleForgedEapolChallengeAuth(stateMachine);
                return;
            }
            RequestIdentifier newIdentifier = AaaManager.this.idManager.getNewIdentifier(str);
            if (newIdentifier == null) {
                AaaManager.this.log.warn("Cannot get identifier supplicant at dev/port: {}/{} with MacAddress {}, dropping packet", new Object[]{deviceId, portNumber, macAddress});
                return;
            }
            AaaManager.this.log.debug("EAP packet: EAPOL_PACKET ATTR_IDENTITY from dev/port: {}/{} with MacAddress {} and Identifier {}", new Object[]{deviceId, portNumber, macAddress, Integer.valueOf(eap.getIdentifier() & 255)});
            if (stateMachine.getLastPacketReceivedTime() == 0) {
                stateMachine.setLastPacketReceivedTime(System.currentTimeMillis());
            }
            stateMachine.setUsername(eap.getData());
            RADIUS customizePacket = AaaManager.this.pktCustomizer.customizePacket(getRadiusPayload(stateMachine, newIdentifier.identifier(), eap), inboundPacket);
            customizePacket.addMessageAuthenticator(AaaManager.this.radiusSecret);
            if (AaaManager.this.log.isTraceEnabled()) {
                AaaManager.this.log.trace("Sending ATTR_IDENTITY packet to RADIUS for supplicant at dev/port: {}/{} with MacAddress {} and Identifier {}", new Object[]{deviceId, portNumber, macAddress, Integer.valueOf(newIdentifier.getReadableIdentifier())});
            }
            AaaManager.this.sendRadiusPacket(customizePacket, inboundPacket);
            stateMachine.setWaitingForRadiusResponse(true);
            AaaManager.this.aaaStatisticsManager.getAaaStats().incrementRadiusReqIdTx();
            AaaManager.this.aaaStatisticsManager.getAaaStats().incrementEapolAtrrIdentity();
            if (stateMachine.state() == 2) {
                AaaManager.this.aaaStatisticsManager.getAaaStats().increaseRequestReTx();
                stateMachine.incrementTotalPacketsSent();
                stateMachine.incrementTotalOctetSent(eapol.getPacketLength());
            }
            stateMachine.requestAccess();
        }

        private void handleMD5(InboundPacket inboundPacket, MacAddress macAddress, DeviceId deviceId, PortNumber portNumber, StateMachine stateMachine, EAP eap, Byte b, String str) {
            RequestIdentifier newIdentifier = AaaManager.this.idManager.getNewIdentifier(str);
            if (newIdentifier == null) {
                AaaManager.this.log.warn("Cannot get identifier supplicant at dev/port: {}/{} with MacAddress {}, dropping packet", new Object[]{deviceId, portNumber, macAddress});
                return;
            }
            AaaManager.this.log.debug("EAP packet: EAPOL_PACKET ATTR_MD5 from dev/port: {}/{} with MacAddress {} and Identifier {}", new Object[]{deviceId, portNumber, macAddress, Integer.valueOf(eap.getIdentifier() & 255)});
            stateMachine.setLastPacketReceivedTime(System.currentTimeMillis());
            if (eap.getIdentifier() != stateMachine.challengeIdentifier()) {
                AaaManager.this.log.error("eapolIdentifier {} and stateMachine Identifier {} do not correspond for packet from dev/port: {}/{} with MacAddress {}", new Object[]{Integer.valueOf(eap.getIdentifier() & 255), Integer.valueOf(stateMachine.challengeIdentifier() & 255), deviceId, portNumber, macAddress});
                AaaManager.this.aaaStatisticsManager.getAaaStats().incrementEapolMd5RspChall();
                if (AaaManager.this.outPacketSupp.contains(Byte.valueOf(eap.getIdentifier()))) {
                    AaaManager.this.aaaStatisticsManager.getAaaStats().decrementPendingReqSupp();
                    AaaManager.this.outPacketSupp.remove(b);
                }
                AaaManager.this.aaaStatisticsManager.getAaaStats().incrementEapolauthFailureTrans();
                return;
            }
            if (AaaManager.this.forgeEapolPackets.booleanValue()) {
                handleForgedEapolSuccess(stateMachine);
                return;
            }
            RADIUS customizePacket = AaaManager.this.pktCustomizer.customizePacket(getRadiusPayload(stateMachine, newIdentifier.identifier(), eap), inboundPacket);
            if (stateMachine.challengeState() != null) {
                customizePacket.setAttribute((byte) 24, stateMachine.challengeState());
            }
            customizePacket.addMessageAuthenticator(AaaManager.this.radiusSecret);
            if (AaaManager.this.outPacketSupp.contains(Byte.valueOf(eap.getIdentifier()))) {
                AaaManager.this.aaaStatisticsManager.getAaaStats().decrementPendingReqSupp();
                AaaManager.this.outPacketSupp.remove(b);
            }
            if (AaaManager.this.log.isTraceEnabled()) {
                AaaManager.this.log.trace("Sending ATTR_MD5 packet to RADIUS for supplicant at dev/port: {}/{} with MacAddress {} and Identifier {}", new Object[]{deviceId, portNumber, macAddress, Integer.valueOf(newIdentifier.getReadableIdentifier())});
            }
            AaaManager.this.sendRadiusPacket(customizePacket, inboundPacket);
            stateMachine.setWaitingForRadiusResponse(true);
            AaaManager.this.aaaStatisticsManager.getAaaStats().incrementRadiusReqChallengeTx();
            AaaManager.this.aaaStatisticsManager.getAaaStats().incrementEapolMd5RspChall();
        }

        private void handleTls(InboundPacket inboundPacket, MacAddress macAddress, DeviceId deviceId, PortNumber portNumber, StateMachine stateMachine, EAP eap, Byte b, String str) {
            RequestIdentifier newIdentifier = AaaManager.this.idManager.getNewIdentifier(str);
            if (newIdentifier == null) {
                AaaManager.this.log.warn("Cannot get identifier supplicant at dev/port: {}/{} with MacAddress {}, dropping packet", new Object[]{deviceId, portNumber, macAddress});
                return;
            }
            AaaManager.this.log.debug("EAP packet: EAPOL_PACKET ATTR_TLS from dev/port: {}/{} with MacAddress {} and Identifier {}", new Object[]{deviceId, portNumber, macAddress, Integer.valueOf(eap.getIdentifier() & 255)});
            RADIUS customizePacket = AaaManager.this.pktCustomizer.customizePacket(getRadiusPayload(stateMachine, newIdentifier.identifier(), eap), inboundPacket);
            if (stateMachine.challengeState() != null) {
                customizePacket.setAttribute((byte) 24, stateMachine.challengeState());
            }
            stateMachine.setRequestAuthenticator(customizePacket.generateAuthCode());
            customizePacket.addMessageAuthenticator(AaaManager.this.radiusSecret);
            if (AaaManager.this.outPacketSupp.contains(Byte.valueOf(eap.getIdentifier()))) {
                AaaManager.this.aaaStatisticsManager.getAaaStats().decrementPendingReqSupp();
                AaaManager.this.outPacketSupp.remove(b);
            }
            if (AaaManager.this.log.isTraceEnabled()) {
                AaaManager.this.log.trace("Sending ATTR_TLS packet to RADIUS for supplicant at dev/port: {}/{} with MacAddress {} and Identifier {}", new Object[]{deviceId, portNumber, macAddress, Integer.valueOf(newIdentifier.getReadableIdentifier())});
            }
            AaaManager.this.sendRadiusPacket(customizePacket, inboundPacket);
            stateMachine.setWaitingForRadiusResponse(true);
            AaaManager.this.aaaStatisticsManager.getAaaStats().incrementRadiusReqChallengeTx();
            AaaManager.this.aaaStatisticsManager.getAaaStats().incrementEapolTlsRespChall();
            if (stateMachine.state() != 2) {
                stateMachine.requestAccess();
            }
        }
    }

    /* loaded from: input_file:WEB-INF/classes/org/opencord/aaa/impl/AaaManager$ServerStatusChecker.class */
    private class ServerStatusChecker implements Runnable {
        private ServerStatusChecker() {
        }

        @Override // java.lang.Runnable
        public void run() {
            AaaManager.this.log.debug("Notifying RadiusOperationalStatusEvent");
            AaaManager.this.radiusOperationalStatusService.checkServerOperationalStatus();
            AaaManager.this.log.trace("--POSTING--" + AaaManager.this.radiusOperationalStatusService.getRadiusServerOperationalStatus());
            AaaManager.this.radiusOperationalStatusService.getRadiusOprStDelegate().notify(new RadiusOperationalStatusEvent(RadiusOperationalStatusEvent.Type.RADIUS_OPERATIONAL_STATUS, AaaManager.this.radiusOperationalStatusService.getRadiusServerOperationalStatus()));
        }
    }

    private static Ethernet buildEapolResponse(MacAddress macAddress, MacAddress macAddress2, short s, byte b, EAP eap, byte b2) {
        Ethernet ethernet = new Ethernet();
        ethernet.setDestinationMACAddress(macAddress.toBytes());
        ethernet.setSourceMACAddress(macAddress2.toBytes());
        ethernet.setEtherType(EthType.EtherType.EAPOL.ethType().toShort());
        if (s != -1) {
            ethernet.setVlanID(s);
            ethernet.setPriorityCode(b2);
        }
        EAPOL eapol = new EAPOL();
        eapol.setEapolType(b);
        eapol.setPacketLength(eap.getLength());
        eapol.setPayload(eap);
        ethernet.setPayload(eapol);
        ethernet.setPad(true);
        return ethernet;
    }

    @Activate
    public void activate(ComponentContext componentContext) {
        this.idManager = new IdentifierManager();
        this.stateMachines = Maps.newConcurrentMap();
        this.appId = this.coreService.registerApplication(APP_NAME);
        this.authenticationsConsistentMap = this.storageService.consistentMapBuilder().withApplicationId(this.appId).withName("authentications").withSerializer(Serializer.using(KryoNamespace.newBuilder().register(KryoNamespaces.API).register(new Class[]{AuthenticationRecord.class}).build())).build();
        this.authenticationsConsistentMap.addListener(this.mapListener);
        this.authentications = this.authenticationsConsistentMap.asJavaMap();
        this.eventDispatcher.addSink(AuthenticationEvent.class, this.listenerRegistry);
        this.netCfgService.addListener(this.cfgListener);
        this.netCfgService.registerConfigFactory(this.factory);
        this.cfgService.registerProperties(getClass());
        modified(componentContext);
        if (this.sadisService != null) {
            this.subsService = this.sadisService.getSubscriberInfoService();
        } else {
            this.log.warn(SADIS_NOT_RUNNING);
        }
        if (this.customInfo == null) {
            this.customInfo = new CustomizationInfo(this.subsService, this.deviceService);
        }
        this.cfgListener.reconfigureNetwork((AaaConfig) this.netCfgService.getConfig(this.appId, AaaConfig.class));
        this.log.info("Starting with config {} {}", this, this.newCfg);
        configureRadiusCommunication(false);
        this.packetService.addProcessor(this.processor, PacketProcessor.director(2));
        StateMachine.setDelegate(this.delegate);
        this.cleanupTimerTimeOutInMins = this.newCfg.sessionCleanupTimer();
        StateMachine.setcleanupTimerTimeOutInMins(this.cleanupTimerTimeOutInMins);
        this.impl.initializeLocalState(this.newCfg);
        this.impl.requestIntercepts();
        this.deviceService.addListener(this.deviceListener);
        getConfiguredAaaServerAddress();
        this.radiusOperationalStatusService.initialize(this.nasIpAddress.getAddress(), this.radiusSecret, this.impl);
        this.serverStatusAndStateMachineTimeoutExecutor = Executors.newScheduledThreadPool(STATE_MACHINE_THREADS, Tools.groupedThreads("onos/aaa", "machine-%d", this.log));
        this.scheduledStatusServerChecker = this.serverStatusAndStateMachineTimeoutExecutor.scheduleAtFixedRate(new ServerStatusChecker(), 0L, this.operationalStatusEventGenerationPeriodInSeconds, TimeUnit.SECONDS);
        this.log.info("Started");
    }

    @Deactivate
    public void deactivate(ComponentContext componentContext) {
        this.impl.withdrawIntercepts();
        this.packetService.removeProcessor(this.processor);
        this.netCfgService.removeListener(this.cfgListener);
        this.cfgService.unregisterProperties(getClass(), false);
        StateMachine.unsetDelegate(this.delegate);
        this.impl.deactivate();
        this.impl = null;
        this.deviceService.removeListener(this.deviceListener);
        this.eventDispatcher.removeSink(AuthenticationEvent.class);
        this.scheduledStatusServerChecker.cancel(true);
        this.serverStatusAndStateMachineTimeoutExecutor.shutdown();
        this.packetProcessorExecutor.shutdown();
        this.authenticationsConsistentMap.removeListener(this.mapListener);
        this.log.info("Stopped");
    }

    @Modified
    public void modified(ComponentContext componentContext) {
        Dictionary properties = componentContext.getProperties();
        String str = Tools.get(properties, OsgiPropertyConstants.OPERATIONAL_STATUS_SERVER_EVENT_GENERATION);
        this.operationalStatusEventGenerationPeriodInSeconds = Strings.isNullOrEmpty(str) ? 30 : Integer.parseInt(str.trim());
        String str2 = Tools.get(properties, OsgiPropertyConstants.OPERATIONAL_STATUS_SERVER_TIMEOUT);
        this.operationalStatusServerTimeoutInSeconds = Strings.isNullOrEmpty(str2) ? 10 : Integer.parseInt(str2.trim());
        Boolean isPropertyEnabled = Tools.isPropertyEnabled(properties, OsgiPropertyConstants.FORGE_EAPOL_PACKETS);
        this.forgeEapolPackets = Boolean.valueOf(isPropertyEnabled == null ? false : isPropertyEnabled.booleanValue());
        String str3 = Tools.get(properties, OsgiPropertyConstants.STATUS_SERVER_MODE);
        String trim = Strings.isNullOrEmpty(str3) ? OsgiPropertyConstants.STATUS_SERVER_MODE_DEFAULT : str3.trim();
        this.radiusOperationalStatusService.setOperationalStatusServerTimeoutInMillis(this.operationalStatusServerTimeoutInSeconds * 1000);
        RadiusOperationalStatusService.RadiusOperationalStatusEvaluationMode value = RadiusOperationalStatusService.RadiusOperationalStatusEvaluationMode.getValue(trim);
        if (value != null) {
            this.radiusOperationalStatusService.setRadiusOperationalStatusEvaluationMode(value);
            this.operationalStatusEvaluationMode = trim;
        } else {
            properties.put(OsgiPropertyConstants.STATUS_SERVER_MODE, this.operationalStatusEvaluationMode);
        }
        String str4 = Tools.get(properties, OsgiPropertyConstants.PACKET_PROCESSOR_THREADS);
        int i = this.packetProcessorThreads;
        this.packetProcessorThreads = Strings.isNullOrEmpty(str4) ? i : Integer.parseInt(str4.trim());
        if (this.packetProcessorExecutor == null || i != this.packetProcessorThreads) {
            if (this.packetProcessorExecutor != null) {
                this.packetProcessorExecutor.shutdown();
            }
            this.packetProcessorExecutor = Executors.newSingleThreadExecutor(Tools.groupedThreads("onos/aaa", "packet-%d", this.log));
        }
    }

    protected void bindSadisService(SadisService sadisService) {
        this.sadisService = sadisService;
        this.subsService = this.sadisService.getSubscriberInfoService();
        if (this.customInfo == null) {
            this.customInfo = new CustomizationInfo(this.subsService, this.deviceService);
        } else {
            this.customInfo.updateSubscriberService(this.subsService);
        }
        if (this.radiusConnectionType == null) {
            this.log.debug("Configuration is not init yet.");
        } else {
            refreshRadiusCommunication();
        }
        this.log.info("Sadis-service binds to onos.");
    }

    protected void unbindSadisService(SadisService sadisService) {
        this.sadisService = null;
        this.subsService = null;
        this.customInfo.updateSubscriberService(this.subsService);
        refreshRadiusCommunication();
        this.log.info("Sadis-service unbinds from onos.");
    }

    private void refreshRadiusCommunication() {
        if (this.radiusConnectionType.toLowerCase().equals("socket")) {
            return;
        }
        if (this.impl != null) {
            this.impl.withdrawIntercepts();
            this.impl.clearLocalState();
        }
        configureRadiusCommunication(true);
        this.impl.initializeLocalState(this.newCfg);
        this.impl.requestIntercepts();
    }

    protected void configureRadiusCommunication(boolean z) {
        if (this.radiusConnectionType.toLowerCase().equals("socket")) {
            this.impl = new SocketBasedRadiusCommunicator(this.appId, this.packetService, this);
        } else if (this.impl == null || !z) {
            this.impl = new PortBasedRadiusCommunicator(this.appId, this.packetService, this.mastershipService, this.deviceService, this.subsService, this.pktCustomizer, this);
        } else {
            ((PortBasedRadiusCommunicator) this.impl).updateSubsService(this.subsService);
        }
    }

    private void configurePacketCustomizer() {
        String lowerCase = this.customizer.toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -909675094:
                if (lowerCase.equals("sample")) {
                    z = false;
                    break;
                }
                break;
            case 96929:
                if (lowerCase.equals("att")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                this.pktCustomizer = new SamplePacketCustomizer(this.customInfo);
                this.log.info("Created SamplePacketCustomizer");
                return;
            case RadiusOperationalStatusManager.AAA_REQUEST_ID_FAKE_ACCESS_REQUEST /* 1 */:
                this.pktCustomizer = new AttPacketCustomizer(this.customInfo);
                this.log.info("Created AttPacketCustomizer");
                return;
            default:
                this.pktCustomizer = new PacketCustomizer(this.customInfo);
                this.log.info("Created default PacketCustomizer");
                return;
        }
    }

    private void getConfiguredAaaServerAddress() {
        try {
            this.configuredAaaServerAddress = (this.newCfg.radiusHostName() != null ? InetAddress.getByName(this.newCfg.radiusHostName()) : this.newCfg.radiusIp()).getHostAddress();
        } catch (UnknownHostException e) {
            this.log.warn("Unable to resolve host {}", this.newCfg.radiusHostName());
        }
    }

    private void checkReceivedPacketForValidValidator(RADIUS radius, byte[] bArr) {
        if (checkResponseMessageAuthenticator(this.radiusSecret, radius, bArr)) {
            return;
        }
        this.aaaStatisticsManager.getAaaStats().increaseInvalidValidatorsRx();
    }

    private boolean checkResponseMessageAuthenticator(String str, RADIUS radius, byte[] bArr) {
        byte[] bArr2 = new byte[16];
        Arrays.fill(bArr2, (byte) 0);
        if (radius.getAttributeList((byte) 80).isEmpty()) {
            this.log.warn("Empty Attribute List for packet {} with identifier {}", radius, Byte.valueOf(radius.getIdentifier()));
            return false;
        }
        RADIUSAttribute attribute = radius.getAttribute((byte) 80);
        if (attribute == null) {
            this.log.warn("Null Message Authenticator for packet {} with identifier {}", radius, Byte.valueOf(radius.getIdentifier()));
            return false;
        }
        byte[] value = attribute.getValue();
        byte[] authenticator = radius.getAuthenticator();
        radius.updateAttribute((byte) 80, bArr2);
        radius.setAuthenticator(bArr);
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(str.getBytes(), "HmacMD5");
            Mac mac = Mac.getInstance("HmacMD5");
            mac.init(secretKeySpec);
            bArr2 = mac.doFinal(radius.serialize());
        } catch (Exception e) {
            this.log.error("Failed to generate message authenticator: {}", e.getMessage());
        }
        radius.updateAttribute((byte) 80, value);
        radius.setAuthenticator(authenticator);
        return Arrays.equals(bArr2, value);
    }

    public void checkForPacketFromUnknownServer(String str) {
        if (str.equals(this.configuredAaaServerAddress)) {
            return;
        }
        getConfiguredAaaServerAddress();
        if (str.equals(this.configuredAaaServerAddress)) {
            return;
        }
        this.aaaStatisticsManager.getAaaStats().incrementUnknownServerRx();
    }

    protected void sendRadiusPacket(RADIUS radius, InboundPacket inboundPacket) {
        this.outPacketSet.add(Byte.valueOf(radius.getIdentifier()));
        this.aaaStatisticsManager.getAaaStats().increaseOrDecreasePendingRequests(true);
        this.aaaStatisticsManager.getAaaStats().increaseAccessRequestsTx();
        this.aaaStatisticsManager.putOutgoingIdentifierToMap(radius.getIdentifier());
        this.impl.sendRadiusPacket(radius, inboundPacket);
    }

    public void handleRadiusPacket(RADIUS radius) {
        if (this.log.isTraceEnabled()) {
            this.log.trace("Received RADIUS packet {} with identifier {}", radius, Integer.valueOf(radius.getIdentifier() & 255));
        }
        if (this.radiusOperationalStatusService.isRadiusResponseForOperationalStatus(radius.getIdentifier())) {
            if (this.log.isTraceEnabled()) {
                this.log.trace("Handling operational status RADIUS packet {} with identifier {}", radius, Integer.valueOf(radius.getIdentifier() & 255));
            }
            this.radiusOperationalStatusService.handleRadiusPacketForOperationalStatus(radius);
            return;
        }
        if (this.log.isTraceEnabled()) {
            this.log.trace("Handling actual RADIUS packet for supplicant {} with identifier {}", radius, Integer.valueOf(radius.getIdentifier() & 255));
        }
        RequestIdentifier of = RequestIdentifier.of(radius.getIdentifier());
        String sessionId = this.idManager.getSessionId(of);
        if (sessionId == null) {
            this.log.error("Invalid packet identifier {}, could not find corresponding state machine ... exiting", Byte.valueOf(radius.getIdentifier()));
            this.aaaStatisticsManager.getAaaStats().incrementNumberOfSessionsExpired();
            this.aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
            return;
        }
        this.idManager.releaseIdentifier(of);
        StateMachine stateMachine = this.stateMachines.get(sessionId);
        if (stateMachine == null) {
            this.log.error("Invalid packet identifier {}, could not find corresponding state machine ... exiting", Byte.valueOf(radius.getIdentifier()));
            this.aaaStatisticsManager.getAaaStats().incrementNumberOfSessionsExpired();
            this.aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
            return;
        }
        StateMachine stateMachine2 = this.stateMachines.get(stateMachine.sessionId());
        checkReceivedPacketForValidValidator(radius, stateMachine.requestAuthenticator());
        stateMachine2.incrementTotalPacketsReceived();
        try {
            stateMachine2.incrementTotalOctetReceived(radius.decapsulateMessage().getLength());
            if (this.outPacketSet.contains(Byte.valueOf(radius.getIdentifier()))) {
                this.aaaStatisticsManager.getAaaStats().increaseOrDecreasePendingRequests(false);
                this.outPacketSet.remove(new Byte(radius.getIdentifier()));
            }
            MacAddress supplicantAddress = stateMachine.supplicantAddress();
            ConnectPoint supplicantConnectpoint = stateMachine.supplicantConnectpoint();
            switch (radius.getCode()) {
                case 2:
                    this.log.debug("RADIUS packet: RADIUS_CODE_ACCESS_ACCEPT for dev/port: {}/{} with MacAddress {} and Identifier {}", new Object[]{supplicantConnectpoint.deviceId(), supplicantConnectpoint.port(), supplicantAddress, Integer.valueOf(radius.getIdentifier() & 255)});
                    byte[] value = radius.getAttribute((byte) 79).getValue();
                    try {
                        EAP deserialize = EAP.deserializer().deserialize(value, 0, value.length);
                        Ethernet buildEapolResponse = buildEapolResponse(stateMachine.supplicantAddress(), MacAddress.valueOf(this.nasMacAddress), stateMachine.vlanId(), (byte) 0, deserialize, stateMachine.priorityCode());
                        this.log.info("Send EAP success message to supplicant on dev/port: {}/{} with MacAddress {} and Identifier {}", new Object[]{supplicantConnectpoint.deviceId(), supplicantConnectpoint.port(), supplicantAddress, Integer.valueOf(radius.getIdentifier() & 255)});
                        sendPacketToSupplicant(buildEapolResponse, stateMachine.supplicantConnectpoint(), false);
                        this.aaaStatisticsManager.getAaaStats().incrementEapolAuthSuccessTrans();
                        stateMachine.authorizeAccess();
                        this.aaaStatisticsManager.getAaaStats().increaseAcceptResponsesRx();
                        stateMachine2.incrementTotalPacketsSent();
                        stateMachine2.incrementTotalOctetSent(deserialize.getLength());
                        break;
                    } catch (DeserializationException e) {
                        this.log.error(e.getMessage());
                        break;
                    }
                case STATE_MACHINE_THREADS /* 3 */:
                    this.log.debug("RADIUS packet: RADIUS_CODE_ACCESS_REJECT for dev/port: {}/{} with MacAddress {} and Identifier {}", new Object[]{supplicantConnectpoint.deviceId(), supplicantConnectpoint.port(), supplicantAddress, Integer.valueOf(radius.getIdentifier() & 255)});
                    EAP eap = new EAP();
                    RADIUSAttribute attribute = radius.getAttribute((byte) 79);
                    if (attribute != null) {
                        byte[] value2 = attribute.getValue();
                        try {
                            eap = (EAP) EAP.deserializer().deserialize(value2, 0, value2.length);
                        } catch (DeserializationException e2) {
                            this.log.error(e2.getMessage());
                            break;
                        }
                    } else {
                        eap.setCode((byte) 4);
                        eap.setIdentifier(stateMachine.challengeIdentifier());
                        eap.setLength((short) 4);
                    }
                    Ethernet buildEapolResponse2 = buildEapolResponse(stateMachine.supplicantAddress(), MacAddress.valueOf(this.nasMacAddress), stateMachine.vlanId(), (byte) 0, eap, stateMachine.priorityCode());
                    this.log.warn("Send EAP failure message to supplicant on dev/port: {}/{} with MacAddress {} and Identifier {}", new Object[]{supplicantConnectpoint.deviceId(), supplicantConnectpoint.port(), supplicantAddress, Integer.valueOf(stateMachine.challengeIdentifier() & 255)});
                    sendPacketToSupplicant(buildEapolResponse2, stateMachine.supplicantConnectpoint(), false);
                    this.aaaStatisticsManager.getAaaStats().incrementEapolauthFailureTrans();
                    stateMachine.denyAccess();
                    this.aaaStatisticsManager.getAaaStats().increaseRejectResponsesRx();
                    stateMachine2.incrementTotalPacketsSent();
                    stateMachine2.incrementTotalOctetSent(eap.getLength());
                    this.aaaSupplicantStatsManager.getMachineStatsDelegate().notify(new AaaMachineStatisticsEvent(AaaMachineStatisticsEvent.Type.STATS_UPDATE, this.aaaSupplicantStatsManager.getSupplicantStats(stateMachine2)));
                    break;
                case 11:
                    this.log.debug("RADIUS packet: RADIUS_CODE_ACCESS_CHALLENGE for dev/port: {}/{} with MacAddress {} and Identifier {}", new Object[]{supplicantConnectpoint.deviceId(), supplicantConnectpoint.port(), supplicantAddress, Integer.valueOf(radius.getIdentifier() & 255)});
                    RADIUSAttribute attribute2 = radius.getAttribute((byte) 24);
                    byte[] bArr = null;
                    if (attribute2 != null) {
                        bArr = attribute2.getValue();
                    }
                    try {
                        EAP decapsulateMessage = radius.decapsulateMessage();
                        Ethernet buildEapolResponse3 = buildEapolResponse(stateMachine.supplicantAddress(), MacAddress.valueOf(this.nasMacAddress), stateMachine.vlanId(), (byte) 0, decapsulateMessage, stateMachine.priorityCode());
                        stateMachine.setChallengeInfo(decapsulateMessage.getIdentifier(), bArr);
                        this.log.debug("Send EAP challenge response to supplicant on dev/port: {}/{} with MacAddress {} and Identifier {}", new Object[]{supplicantConnectpoint.deviceId(), supplicantConnectpoint.port(), supplicantAddress, Integer.valueOf(radius.getIdentifier() & 255)});
                        sendPacketToSupplicant(buildEapolResponse3, stateMachine.supplicantConnectpoint(), true);
                        this.aaaStatisticsManager.getAaaStats().increaseChallengeResponsesRx();
                        this.outPacketSupp.add(Byte.valueOf(decapsulateMessage.getIdentifier()));
                        this.aaaStatisticsManager.getAaaStats().incrementPendingReqSupp();
                        stateMachine2.incrementTotalPacketsSent();
                        stateMachine2.incrementTotalOctetSent(decapsulateMessage.getLength());
                        break;
                    } catch (DeserializationException e3) {
                        this.log.error(e3.getMessage());
                        break;
                    }
                default:
                    this.log.warn("Unknown RADIUS message received with code: {} for dev/port: {}/{} with MacAddress {} and Identifier {}", new Object[]{Byte.valueOf(radius.getCode()), supplicantConnectpoint.deviceId(), supplicantConnectpoint.port(), supplicantAddress, Integer.valueOf(radius.getIdentifier() & 255)});
                    this.aaaStatisticsManager.getAaaStats().increaseUnknownTypeRx();
                    stateMachine2.incrementTotalPacketsReceived();
                    try {
                        stateMachine2.incrementTotalOctetReceived(radius.decapsulateMessage().getLength());
                        break;
                    } catch (DeserializationException e4) {
                        this.log.error(e4.getMessage());
                        break;
                    }
            }
            this.aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
        } catch (DeserializationException e5) {
            this.log.error(e5.getMessage());
        }
    }

    private void sendPacketToSupplicant(Ethernet ethernet, ConnectPoint connectPoint, boolean z) {
        DefaultOutboundPacket defaultOutboundPacket = new DefaultOutboundPacket(connectPoint.deviceId(), DefaultTrafficTreatment.builder().setOutput(connectPoint.port()).build(), ByteBuffer.wrap(ethernet.serialize()));
        EAPOL payload = ethernet.getPayload();
        if (this.log.isTraceEnabled()) {
            this.log.trace("Sending eapol payload {} to supplicant at {} with MacAddress {}", new Object[]{payload, connectPoint, ethernet.getDestinationMAC()});
        }
        this.packetService.emit(defaultOutboundPacket);
        if (z) {
            this.aaaStatisticsManager.getAaaStats().incrementEapPktTxauthEap();
        }
        this.aaaStatisticsManager.getAaaStats().incrementEapolFramesTx();
        this.aaaStatisticsManager.getAaaStats().countReqEapFramesTx();
    }

    public String toString() {
        return ToStringBuilder.reflectionToString(this);
    }

    public Iterable<AuthenticationRecord> getAuthenticationRecords() {
        return this.authentications.values();
    }

    public boolean removeAuthenticationStateByMac(MacAddress macAddress) {
        Optional<AuthenticationRecord> findFirst = this.authentications.values().stream().filter(authenticationRecord -> {
            return authenticationRecord.supplicantAddress().equals(macAddress);
        }).findFirst();
        return (findFirst.isEmpty() || this.authentications.remove(findFirst.get().supplicantConnectPoint()) == null) ? false : true;
    }

    StateMachine getStateMachine(String str) {
        return this.stateMachines.get(str);
    }

    private void handleStateMachineTimeout(ConnectPoint connectPoint) {
        StateMachine remove = this.stateMachines.remove(connectPoint.toString());
        remove.setSessionTerminateReason("Time out");
        this.aaaSupplicantStatsManager.getMachineStatsDelegate().notify(new AaaMachineStatisticsEvent(AaaMachineStatisticsEvent.Type.STATS_UPDATE, this.aaaSupplicantStatsManager.getSupplicantStats(remove)));
        if (remove.state() == 2 && remove.isWaitingForRadiusResponse()) {
            this.aaaStatisticsManager.getAaaStats().increaseTimedOutPackets();
        }
        StateMachine.deleteStateMachineMapping(remove);
    }

    public AaaSupplicantMachineStats getSupplicantMachineStats(String str) {
        StateMachine stateMachine = this.stateMachines.get(str);
        if (stateMachine != null) {
            return this.aaaSupplicantStatsManager.getSupplicantStats(stateMachine);
        }
        return null;
    }
}
