package com.mapr.data.gateway.auth;

import com.google.common.collect.ImmutableList;
import com.mapr.data.gateway.Configs;
import java.io.File;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.jvnet.libpam.PAM;
import org.jvnet.libpam.PAMException;
import org.ojai.Document;
import org.ojai.store.exceptions.AuthenticationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mapr/data/gateway/auth/PamAuthenticator.class */
public final class PamAuthenticator extends BaseAuthenticator {
    private static final Logger log = LoggerFactory.getLogger(PamAuthenticator.class);
    public static final String SCHEME = "basic";
    private static final String PAM_DIR = "/etc/pam.d/";
    private List<String> pamFiles = new ArrayList();

    @Override // com.mapr.data.gateway.auth.Authenticator
    public void init(Document document) throws AuthenticationException {
        ImmutableList.Builder builder = new ImmutableList.Builder();
        String string = Configs.getString(document, Configs.MAPR_DAG_PAM_SERVICE, null);
        String string2 = Configs.getString(document, Configs.MAPR_DAG_AUTH_PAM_CONFIG_FILES, null);
        if (string == null && string2 == null) {
            throw new AuthenticationException("No PAM Service has been configured!");
        }
        if (string == null) {
            for (String str : string2.split(",")) {
                if (checkFile(str, false)) {
                    builder.add(str);
                }
            }
        } else if (checkFile(string, true)) {
            builder.add(string);
        }
        this.pamFiles = builder.build();
        log.info("PAM authentication configured with {}", this.pamFiles);
    }

    @Override // com.mapr.data.gateway.auth.Authenticator
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String[] parseBasicAuthToken = parseBasicAuthToken(authentication);
        String str = parseBasicAuthToken[0];
        String str2 = parseBasicAuthToken[1];
        Iterator<String> it = this.pamFiles.iterator();
        while (it.hasNext()) {
            PAM pam = null;
            try {
                pam = new PAM(it.next());
                Authentication createAuthentication = createAuthentication(pam.authenticate(str, str2).getUserName());
                if (pam != null) {
                    pam.dispose();
                }
                return createAuthentication;
            } catch (PAMException e) {
                if (pam != null) {
                    pam.dispose();
                }
            } catch (Throwable th) {
                if (pam != null) {
                    pam.dispose();
                }
                throw th;
            }
        }
        throw new AuthenticationException("PAM auth failed for user " + str);
    }

    private boolean checkFile(String str, boolean z) {
        String str2 = "/etc/pam.d/" + str;
        if (new File(str2).canRead()) {
            return true;
        }
        if (z) {
            throw new AuthenticationException("PAM config file '" + str2 + "' not found or isn't readable!");
        }
        return false;
    }

    @Override // com.mapr.data.gateway.auth.Authenticator
    public String getScheme() {
        return SCHEME;
    }
}
