package net.jradius.client.auth;

import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.Provider;
import java.security.Signature;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPrivateKey;
import net.jradius.client.RadiusClient;
import net.jradius.exception.RadiusException;
import net.jradius.packet.RadiusPacket;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:net/jradius/client/auth/EAPAKAAuthenticator.class */
public class EAPAKAAuthenticator extends EAPAuthenticator {
    public static final String NAME = "eap-aka";
    private String username;
    private byte[] rand;
    private byte[] autn;
    private byte[] mac;
    private byte[] ik;
    private byte[] ck;
    private byte[] masterKey;
    private byte[] K_enc;
    private byte[] K_aut;
    private byte[] msk;
    private byte[] emsk;
    private byte[] lastEapMessage;
    public static final int AKA_IK_LENGTH = 16;
    public static final int AKA_CK_LENGTH = 16;
    public static final int AKA_MASTER_KEY = 20;
    public static final int AKA_CHALLENGE = 1;
    public static final int AKA_REJECT = 2;
    public static final int AKA_NOTIFICATION = 12;
    public static final int AKA_REAUTH = 13;
    public static final int AKA_CLIENT_ERROR = 14;
    public static final int AT_RAND = 1;
    public static final int AT_AUTN = 2;
    public static final int AT_RES = 3;
    public static final int AT_AUTS = 4;
    public static final int AT_PADDING = 6;
    public static final int AT_NONCE_MT = 7;
    public static final int AT_PERMANENT_ID_REQ = 10;
    public static final int AT_MAC = 11;
    public static final int AT_NOTIFICATION = 12;
    public static final int AT_ANY_ID_REQ = 13;
    public static final int AT_IDENTITY = 14;
    public static final int AT_VERSION_LIST = 15;
    public static final int AT_SELECTED_VERSION = 16;
    public static final int AT_FULLAUTH_ID_REQ = 17;
    public static final int AT_COUNTER = 19;
    public static final int AT_COUNTER_TOO_SMALL = 20;
    public static final int AT_NONCE_S = 21;
    public static final int AT_CLIENT_ERROR_CODE = 22;
    public static final int AT_IV = 129;
    public static final int AT_ENCR_DATA = 130;
    public static final int AT_NEXT_PSEUDONYM = 132;
    public static final int AT_NEXT_REAUTH_ID = 133;
    public static final int AT_CHECKCODE = 134;
    public static final int AT_RESULT_IND = 135;

    public EAPAKAAuthenticator() {
        setEAPType(23);
    }

    public String getAuthName() {
        return NAME;
    }

    public byte[] doEAPType(byte b, byte[] bArr, byte[] bArr2) throws RadiusException {
        this.lastEapMessage = new byte[bArr2.length];
        System.arraycopy(bArr2, 0, this.lastEapMessage, 0, bArr2.length);
        return doEAPType(b, bArr);
    }

    public byte[] doEAPType(byte b, byte[] bArr) throws RadiusException {
        int length = bArr.length;
        if (length <= 3) {
            throw new RadiusException("EAP-AKA too short");
        }
        int i = bArr[0] & 255;
        int i2 = 0;
        switch (i) {
            case 1:
                int i3 = 3;
                while (true) {
                    int i4 = i3;
                    if (i4 >= length) {
                        if (this.rand == null || this.autn == null || this.mac == null) {
                            throw new RadiusException("AUTN, RAND, and MAC needed in AKA challenge");
                        }
                        try {
                            System.arraycopy(new byte[18], 0, this.lastEapMessage, i2 + 5, 18);
                            return null;
                        } catch (Exception e) {
                            throw new RadiusException(e);
                        }
                    }
                    int i5 = i4 + 1;
                    int i6 = bArr[i4] & 255;
                    int i7 = i5 + 1;
                    int i8 = ((bArr[i5] & 255) * 4) - 2;
                    byte[] bArr2 = new byte[i8];
                    System.arraycopy(bArr, i7, bArr2, 0, i8);
                    switch (i6) {
                        case 1:
                            this.rand = bArr2;
                            break;
                        case 2:
                            this.autn = bArr2;
                            break;
                        case AT_MAC /* 11 */:
                            i2 = i7;
                            this.mac = bArr2;
                            break;
                    }
                    i3 = i7 + i8;
                }
                break;
            default:
                throw new RadiusException("Unhandled EAP AKA subType " + i);
        }
    }

    public void setupRequest(RadiusClient radiusClient, RadiusPacket radiusPacket) throws RadiusException {
        super.setupRequest(radiusClient, radiusPacket);
        this.username = (String) radiusPacket.getAttributeValue(1L);
        this.ik = (byte[]) radiusPacket.getAttributeValue(1215L);
        radiusPacket.removeAttribute(1215L);
        this.ck = (byte[]) radiusPacket.getAttributeValue(1216L);
        radiusPacket.removeAttribute(1216L);
        if (this.username == null || this.ik == null || this.ck == null) {
            throw new RadiusException("Request must have a User-Name, EAP-Aka-IK, and EAP-Aka-CK attributes");
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            messageDigest.update(this.username.getBytes());
            messageDigest.update(this.ik);
            messageDigest.update(this.ck);
            this.masterKey = messageDigest.digest();
            Signature signature = Signature.getInstance("NONEwithDSA", (Provider) new BouncyCastleProvider());
            signature.initSign(new DSAPrivateKey() { // from class: net.jradius.client.auth.EAPAKAAuthenticator.1
                @Override // java.security.interfaces.DSAPrivateKey
                public BigInteger getX() {
                    return null;
                }

                @Override // java.security.Key
                public String getAlgorithm() {
                    return null;
                }

                @Override // java.security.Key
                public byte[] getEncoded() {
                    return EAPAKAAuthenticator.this.masterKey;
                }

                @Override // java.security.Key
                public String getFormat() {
                    return null;
                }

                @Override // java.security.interfaces.DSAKey
                public DSAParams getParams() {
                    return null;
                }
            });
            signature.update(this.masterKey);
            byte[] sign = signature.sign();
            this.K_enc = new byte[16];
            System.arraycopy(sign, 0, this.K_enc, 0, 16);
            this.K_aut = new byte[16];
            System.arraycopy(sign, 16, this.K_aut, 0, 16);
            this.msk = new byte[64];
            System.arraycopy(sign, 32, this.msk, 0, 64);
            this.emsk = new byte[64];
            System.arraycopy(sign, 96, this.emsk, 0, 64);
        } catch (Exception e) {
            throw new RadiusException("Requires NONEwithDSA from crypto provider", e);
        }
    }
}
