package com.mapr.web.security;

import com.mapr.baseutils.cldbutils.CLDBRpcCommonUtils;
import java.io.File;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import javax.servlet.http.HttpServletResponse;
import org.jvnet.libpam.PAM;
import org.jvnet.libpam.PAMException;
import org.jvnet.libpam.UnixUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;

@Component
/* loaded from: input_file:WEB-INF/lib/mapr-security-web-6.1.0-mapr.jar:com/mapr/web/security/PamAuthenticationProvider.class */
public class PamAuthenticationProvider implements AuthenticationProvider {
    private static final Logger log = LoggerFactory.getLogger(PamAuthenticationProvider.class);
    private static final String ADMIN = System.getProperty("user.name");
    private static final String PAM_DIR = "/etc/pam.d/";

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String property = System.getProperty(WebSecurityConfig.CONFIG.getProcessName() + ".authentication.types");
        if (property != null && !Arrays.asList(property.split(",")).contains("basic")) {
            return null;
        }
        String name = authentication.getName();
        String property2 = System.getProperty(WebSecurityConfig.CONFIG.getProcessName() + ".authentication.pam.service");
        ArrayList arrayList = new ArrayList();
        if (property2 == null) {
            for (String str : System.getProperty(WebSecurityConfig.CONFIG.getProcessName() + ".auth.pam.config.files").split(",")) {
                if (new File(PAM_DIR + str).canRead()) {
                    arrayList.add(str);
                }
            }
        } else {
            if (!new File(PAM_DIR + property2).canRead()) {
                throw new AuthenticationServiceException("PAM config '" + property2 + "' not found");
            }
            arrayList.add(property2);
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            PAM pam = null;
            try {
                pam = new PAM((String) it.next());
                String obj = authentication.getCredentials().toString();
                UnixUser authenticate = pam.authenticate(name, obj);
                ArrayList arrayList2 = new ArrayList();
                if (name.equalsIgnoreCase(ADMIN)) {
                    arrayList2.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
                }
                Iterator it2 = authenticate.getGroups().iterator();
                while (it2.hasNext()) {
                    arrayList2.add(new SimpleGrantedAuthority("ROLE_" + ((String) it2.next()).toUpperCase()));
                }
                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(name, obj, arrayList2);
                SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
                if (pam != null) {
                    pam.dispose();
                }
                return usernamePasswordAuthenticationToken;
            } catch (PAMException e) {
                if (pam != null) {
                    pam.dispose();
                }
            } catch (Throwable th) {
                if (pam != null) {
                    pam.dispose();
                }
                throw th;
            }
        }
        HttpServletResponse response = RequestContextHolder.currentRequestAttributes().getResponse();
        String str2 = "PAM auth failed for user " + name;
        String str3 = "Basic realm=" + CLDBRpcCommonUtils.getInstance().getCurrentClusterName() + "\"";
        log.error(str2);
        response.setHeader("WWW-Authenticate", str3);
        response.setHeader("WWW-MAPR-Err-Authenticate", str2);
        throw new AuthenticationServiceException(str2);
    }

    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }
}
