package com.mapr.admin.security;

import java.io.File;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import org.apache.commons.httpclient.auth.AuthState;
import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.jvnet.libpam.PAM;
import org.jvnet.libpam.PAMException;
import org.jvnet.libpam.UnixUser;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/mapr/admin/security/PamAuthenticationProvider.class */
public class PamAuthenticationProvider implements AuthenticationProvider {
    private static final String PAM_DIR = "/etc/pam.d/";
    private static final Logger log = LogManager.getLogger((Class<?>) PamAuthenticationProvider.class);
    private static final String ADMIN = System.getProperty(PseudoAuthenticator.USER_NAME);
    private static final String[] PAM_FILES = {"mapr-admin", "sudo", "sshd", "chkpasswd", "passwd"};

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String property = System.getProperty("apiserver.authentication.types");
        if (property != null && !Arrays.asList(property.split(",")).contains(AuthState.PREEMPTIVE_AUTH_SCHEME)) {
            return null;
        }
        String name = authentication.getName();
        String property2 = System.getProperty("apiserver.authentication.pam.service");
        ArrayList arrayList = new ArrayList();
        if (property2 == null) {
            for (String str : PAM_FILES) {
                if (new File(PAM_DIR + str).canRead()) {
                    arrayList.add(str);
                }
            }
        } else {
            if (!new File(PAM_DIR + property2).canRead()) {
                throw new AuthenticationServiceException("PAM config '" + property2 + "' not found");
            }
            arrayList.add(property2);
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            PAM pam = null;
            try {
                pam = new PAM((String) it.next());
                String obj = authentication.getCredentials().toString();
                UnixUser authenticate = pam.authenticate(name, obj);
                ArrayList arrayList2 = new ArrayList();
                if (name.equalsIgnoreCase(ADMIN)) {
                    arrayList2.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
                }
                Iterator<String> it2 = authenticate.getGroups().iterator();
                while (it2.hasNext()) {
                    arrayList2.add(new SimpleGrantedAuthority("ROLE_" + it2.next().toUpperCase()));
                }
                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(name, obj, arrayList2);
                SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
                if (pam != null) {
                    pam.dispose();
                }
                return usernamePasswordAuthenticationToken;
            } catch (PAMException e) {
                if (pam != null) {
                    pam.dispose();
                }
            } catch (Throwable th) {
                if (pam != null) {
                    pam.dispose();
                }
                throw th;
            }
        }
        log.error("PAM auth failed for user " + name);
        throw new AuthenticationServiceException("PAM auth failed for user " + name);
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }
}
