package com.inet.authentication.pam;

import com.inet.authentication.AuthenticationDescription;
import com.inet.authentication.LoginRoles;
import com.inet.authentication.base.BasicLoginProcessor;
import com.inet.authentication.pam.libpam.PAM;
import com.inet.authentication.pam.libpam.PAMException;
import com.inet.authentication.pam.libpam.UnixUser;
import com.inet.error.ErrorCode;
import com.inet.plugin.ServerPluginManager;
import java.io.File;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.SuppressFBWarnings;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@SuppressFBWarnings(value = {"PATH_TRAVERSAL_IN"}, justification = "Only known file pathes")
/* loaded from: input_file:com/inet/authentication/pam/PamLoginProcessor.class */
public class PamLoginProcessor extends BasicLoginProcessor implements LoginRoles {
    private static final String SERVICE;
    private static final Exception INIT_EXCPETION;
    private String userName;
    private Set<String> groups;

    public PamLoginProcessor(AuthenticationDescription authenticationDescription) {
        super(authenticationDescription);
        if (INIT_EXCPETION != null) {
            ErrorCode.throwAny(INIT_EXCPETION);
        }
    }

    @Nonnull
    public String getLoginSource() {
        return "system";
    }

    protected boolean transferClientLoginData(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        PAM pam = null;
        try {
            try {
                if (LOGGER.isDebug()) {
                    LOGGER.debug("authenticate " + str + " via pam");
                }
                pam = new PAM(SERVICE);
                UnixUser authenticate = pam.authenticate(str, str2);
                this.userName = authenticate.getUserName();
                this.groups = authenticate.getGroups();
                if (pam != null) {
                    pam.dispose();
                }
                return true;
            } catch (PAMException e) {
                if (LOGGER.isDebug()) {
                    LOGGER.debug(e);
                }
                if (pam != null) {
                    pam.dispose();
                }
                return true;
            }
        } catch (Throwable th) {
            if (pam != null) {
                pam.dispose();
            }
            throw th;
        }
    }

    public void requestLoginData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.userName = null;
        super.requestLoginData(httpServletRequest, httpServletResponse);
    }

    public String getLoginID() {
        return this.userName;
    }

    public boolean isWebUserInRole(String str) {
        if (this.groups == null) {
            return false;
        }
        Iterator<String> it = this.groups.iterator();
        while (it.hasNext()) {
            if (str.equalsIgnoreCase(it.next())) {
                return true;
            }
        }
        return false;
    }

    @Nonnull
    public Set<String> getRoles() {
        return this.groups;
    }

    static {
        String str = null;
        Exception exc = null;
        try {
            String corePluginId = ServerPluginManager.getInstance().getCorePluginId();
            if (new File("/etc/pam.d/" + corePluginId).exists()) {
                str = corePluginId;
            } else if (new File("/etc/pam.d/login").exists()) {
                str = "login";
                LOGGER.warn("Fall back to pam 'login'. Create a file /etc/pam.d/" + corePluginId + " if you want a specific pam configurration.");
            } else if (new File("/etc/pam.d/chkpasswd").exists()) {
                str = "chkpasswd";
                LOGGER.warn("Fall back to pam 'chkpasswd'. Create a file /etc/pam.d/" + corePluginId + " if you want a specific pam configurration.");
            } else {
                if (!new File("/etc/pam.d/passwd").exists()) {
                    throw new IllegalStateException("Pam configuration '/etc/pam.d/" + corePluginId + "' or '/etc/pam.d/passwd' not found.");
                }
                str = "passwd";
                LOGGER.warn("Fall back to pam 'passwd'. Create a file /etc/pam.d/" + corePluginId + " if you want a specific pam configurration.");
            }
            if (!new File("/etc/shadow").canRead()) {
                LOGGER.warn("PAM authentication of local users is not possiible due to missing read permissions to /etc/shadow. Please execute enable-pam-for-user.sh in the installation directory to use this feature. Enter '" + System.getProperty("user.name") + "' as user name when requested.");
            }
        } catch (Exception e) {
            exc = e;
        }
        SERVICE = str;
        INIT_EXCPETION = exc;
    }
}
