package eu.unicore.services.rest.security;

import eu.unicore.security.HTTPAuthNTokens;
import eu.unicore.security.SecurityTokens;
import eu.unicore.security.wsutil.CXFUtils;
import eu.unicore.services.rest.security.BaseRemoteAuthenticator;
import eu.unicore.services.rest.security.PAMAttributeSource;
import eu.unicore.util.Log;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.cxf.message.Message;
import org.apache.log4j.Logger;
import org.jvnet.libpam.PAM;
import org.jvnet.libpam.UnixUser;

/* loaded from: input_file:eu/unicore/services/rest/security/PAMAuthenticator.class */
public class PAMAuthenticator implements IAuthenticator {
    private static final Logger logger = Log.getLogger("unicore.security", PAMAuthenticator.class);
    private static final Collection<String> s = Collections.singletonList("Basic");
    private String dnTemplate = "CN=%s, OU=pam-local-users";
    private final int cacheTime = 30000;
    protected final Map<Object, BaseRemoteAuthenticator.CacheEntry<UnixUser>> cache = new ConcurrentHashMap();

    @Override // eu.unicore.services.rest.security.IAuthenticator
    public final Collection<String> getAuthSchemes() {
        return s;
    }

    @Override // eu.unicore.services.rest.security.IAuthenticator
    public final boolean authenticate(Message message, SecurityTokens securityTokens) {
        HTTPAuthNTokens hTTPCredentials = CXFUtils.getHTTPCredentials(message);
        if (hTTPCredentials == null) {
            return false;
        }
        String userName = hTTPCredentials.getUserName();
        String passwd = hTTPCredentials.getPasswd();
        String str = userName + ":" + passwd;
        try {
            BaseRemoteAuthenticator.CacheEntry<UnixUser> cacheEntry = this.cache.get(str);
            boolean z = (cacheEntry == null || cacheEntry.expired()) ? false : true;
            UnixUser unixUser = z ? cacheEntry.auth : null;
            if (unixUser == null) {
                unixUser = new PAM("unicore/x").authenticate(userName, passwd);
                this.cache.put(str, new BaseRemoteAuthenticator.CacheEntry<>(unixUser, 30000L));
            }
            String format = String.format(this.dnTemplate, unixUser.getUserName());
            securityTokens.setUserName(format);
            securityTokens.setConsignorTrusted(true);
            storePAMInfo(unixUser, securityTokens);
            if (logger.isDebugEnabled() && format != null) {
                logger.debug("Authenticated " + (z ? "(cached) " : "") + "via " + this + ": <" + format + ">");
            }
            return true;
        } catch (Exception e) {
            Log.logException("Error authenticating using PAM", e, logger);
            return true;
        }
    }

    private void storePAMInfo(UnixUser unixUser, SecurityTokens securityTokens) {
        PAMAttributeSource.PAMAttributes pAMAttributes = new PAMAttributeSource.PAMAttributes();
        pAMAttributes.uid = unixUser.getUserName();
        pAMAttributes.groups = (String[]) unixUser.getGroups().toArray(new String[unixUser.getGroups().size()]);
        securityTokens.getContext().put(PAMAttributeSource.PAM_ATTRIBUTES, pAMAttributes);
    }

    public void setDNTemplate(String str) {
        this.dnTemplate = str;
    }

    public String toString() {
        return "PAM";
    }
}
