package org.apache.atlas.web.security;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.annotation.PostConstruct;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.web.model.User;
import org.apache.commons.configuration.ConfigurationConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider;
import org.springframework.security.authentication.jaas.memory.InMemoryConfiguration;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/apache/atlas/web/security/AtlasPamAuthenticationProvider.class */
public class AtlasPamAuthenticationProvider extends AtlasAbstractAuthenticationProvider {
    private boolean groupsFromUGI;
    private static Logger LOG = LoggerFactory.getLogger(AtlasPamAuthenticationProvider.class);
    private static String loginModuleName = "org.apache.atlas.web.security.PamLoginModule";
    private static AppConfigurationEntry.LoginModuleControlFlag controlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
    private boolean isDebugEnabled = LOG.isDebugEnabled();
    private Map<String, String> options = new HashMap();
    private DefaultJaasAuthenticationProvider jaasAuthenticationProvider = new DefaultJaasAuthenticationProvider();

    @PostConstruct
    public void setup() {
        setPamProperties();
        init();
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Authentication pamAuthentication = getPamAuthentication(authentication);
        if (pamAuthentication == null || !pamAuthentication.isAuthenticated()) {
            throw new AtlasAuthenticationException("PAM Authentication Failed");
        }
        return pamAuthentication;
    }

    private Authentication getPamAuthentication(Authentication authentication) {
        if (this.isDebugEnabled) {
            LOG.debug("==> AtlasPamAuthenticationProvider getPamAuthentication");
        }
        try {
            String name = authentication.getName();
            String obj = authentication.getCredentials() != null ? authentication.getCredentials().toString() : "";
            if (name == null || obj == null || name.trim().isEmpty() || obj.trim().isEmpty()) {
                return authentication;
            }
            List<GrantedAuthority> authorities = getAuthorities(name);
            Authentication authenticate = this.jaasAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken(new User(name, obj, authorities), obj, authorities));
            return this.groupsFromUGI ? getAuthenticationWithGrantedAuthorityFromUGI(authenticate) : getAuthenticationWithGrantedAuthority(authenticate);
        } catch (Exception e) {
            LOG.debug("Pam Authentication Failed:", e);
            if (this.isDebugEnabled) {
                LOG.debug("<== AtlasPamAuthenticationProvider getPamAuthentication : " + this.jaasAuthenticationProvider);
            }
            return authentication;
        }
    }

    private void setPamProperties() {
        try {
            this.groupsFromUGI = ApplicationProperties.get().getBoolean("atlas.authentication.method.pam.ugi-groups", true);
            Properties properties = ConfigurationConverter.getProperties(ApplicationProperties.get().subset(AtlasAuthenticationProvider.PAM_AUTH_METHOD));
            for (String str : properties.stringPropertyNames()) {
                this.options.put(str, properties.getProperty(str));
            }
            if (!this.options.containsKey(PamLoginModule.SERVICE_KEY)) {
                this.options.put(PamLoginModule.SERVICE_KEY, "atlas-login");
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("AtlasPAMAuthenticationProvider{groupsFromUGI= " + this.groupsFromUGI + "', options=" + this.options + '}');
            }
        } catch (Exception e) {
            LOG.error("Exception while setLdapProperties", e);
        }
    }

    private void init() {
        try {
            AppConfigurationEntry[] appConfigurationEntryArr = {new AppConfigurationEntry(loginModuleName, controlFlag, this.options)};
            HashMap hashMap = new HashMap();
            hashMap.put("SPRINGSECURITY", appConfigurationEntryArr);
            this.jaasAuthenticationProvider.setConfiguration(new InMemoryConfiguration(hashMap));
            this.jaasAuthenticationProvider.setAuthorityGranters(new UserAuthorityGranter[]{new UserAuthorityGranter()});
            this.jaasAuthenticationProvider.afterPropertiesSet();
            if (LOG.isDebugEnabled()) {
                LOG.debug("AtlasPAMAuthenticationProvider{jaasAuthenticationProvider='" + this.jaasAuthenticationProvider + "', loginModuleName='" + loginModuleName + "', controlFlag='" + controlFlag + "', options='" + this.options + '}');
            }
        } catch (Exception e) {
            LOG.error("Failed to init PAM Authentication", e);
        }
    }
}
