package com.yahoo.athenz.auth.impl;

import com.yahoo.athenz.auth.Authority;
import com.yahoo.athenz.auth.Principal;
import com.yahoo.athenz.auth.oauth.OAuthAuthorityConsts;
import java.nio.charset.StandardCharsets;
import org.bouncycastle.util.encoders.Base64;
import org.jvnet.libpam.PAM;
import org.jvnet.libpam.PAMException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yahoo/athenz/auth/impl/UserAuthority.class */
public class UserAuthority implements Authority {
    private static final Logger LOG = LoggerFactory.getLogger(UserAuthority.class);
    static final String ATHENZ_PROP_PAM_SERVICE_NAME = "athenz.auth.user.pam_service_name";
    public static final String ATHENZ_AUTH_CHALLENGE = "Basic realm=\"athenz\"";
    private PAM pam = null;
    String serviceName = System.getProperty(ATHENZ_PROP_PAM_SERVICE_NAME, "login");

    @Override // com.yahoo.athenz.auth.Authority
    public void initialize() {
    }

    @Override // com.yahoo.athenz.auth.Authority
    public String getID() {
        return "Auth-UNIX";
    }

    @Override // com.yahoo.athenz.auth.Authority
    public String getDomain() {
        return "user";
    }

    @Override // com.yahoo.athenz.auth.Authority
    public String getHeader() {
        return OAuthAuthorityConsts.AUTH_HEADER;
    }

    @Override // com.yahoo.athenz.auth.Authority
    public String getAuthenticateChallenge() {
        return ATHENZ_AUTH_CHALLENGE;
    }

    @Override // com.yahoo.athenz.auth.Authority
    public boolean allowAuthorization() {
        return false;
    }

    void setPAM(PAM pam) {
        this.pam = pam;
    }

    PAM getPAM() throws PAMException {
        return this.pam != null ? this.pam : new PAM(this.serviceName);
    }

    @Override // com.yahoo.athenz.auth.Authority
    public Principal authenticate(String str, String str2, String str3, StringBuilder sb) {
        StringBuilder sb2 = sb == null ? new StringBuilder(512) : sb;
        if (!str.startsWith("Basic ")) {
            sb2.append("UserAuthority:authenticate: credentials do not start with 'Basic '");
            LOG.error(sb2.toString());
            return null;
        }
        String substring = str.substring(6);
        if (substring.isEmpty()) {
            sb2.append("UserAuthority:authenticate: no credentials after 'Basic '");
            LOG.error(sb2.toString());
            return null;
        }
        try {
            String str4 = new String(Base64.decode(substring.getBytes(StandardCharsets.UTF_8)));
            int indexOf = str4.indexOf(58);
            if (indexOf == -1) {
                sb2.append("LDAPAuthority: authenticate: no password specified");
                LOG.error(sb2.toString());
                return null;
            }
            String substring2 = str4.substring(0, indexOf);
            try {
                if (getPAM().authenticate(substring2, str4.substring(indexOf + 1)) == null) {
                    sb2.append("UserAuthority:authenticate: failed: user=").append(substring2);
                    LOG.error(sb2.toString());
                    return null;
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("UserAuthority.authenticate: valid user={}", substring2);
                }
                SimplePrincipal simplePrincipal = getSimplePrincipal(substring2.toLowerCase(), str, 0L);
                if (simplePrincipal != null) {
                    simplePrincipal.setUnsignedCreds(substring2);
                    return simplePrincipal;
                }
                sb2.append("UserAuthority:authenticate: failed to create principal: user=").append(substring2);
                LOG.error(sb2.toString());
                return null;
            } catch (Throwable th) {
                sb2.append("UserAuthority:authenticate: failed: user=").append(substring2).append(" exc=").append(th.getMessage());
                LOG.error(sb2.toString());
                return null;
            }
        } catch (Exception e) {
            sb2.append("UserAuthority:authenticate: factory exc=").append(e.getMessage());
            LOG.error(sb2.toString());
            return null;
        }
    }

    SimplePrincipal getSimplePrincipal(String str, String str2, long j) {
        return (SimplePrincipal) SimplePrincipal.create(getDomain(), str, str2, j, this);
    }
}
