package pl.edu.icm.unity.pam;

import eu.unicore.util.configuration.ConfigurationException;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.util.Properties;
import org.apache.logging.log4j.Logger;
import org.jvnet.libpam.PAM;
import org.jvnet.libpam.PAMException;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.AbstractCredentialVerificatorFactory;
import pl.edu.icm.unity.engine.api.authn.AuthenticatedEntity;
import pl.edu.icm.unity.engine.api.authn.AuthenticationException;
import pl.edu.icm.unity.engine.api.authn.AuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.CredentialReset;
import pl.edu.icm.unity.engine.api.authn.CredentialVerificator;
import pl.edu.icm.unity.engine.api.authn.remote.AbstractRemoteVerificator;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteAuthnResultProcessor;
import pl.edu.icm.unity.engine.api.authn.remote.RemotelyAuthenticatedContext;
import pl.edu.icm.unity.engine.api.authn.remote.RemotelyAuthenticatedInput;
import pl.edu.icm.unity.engine.api.authn.remote.SandboxAuthnResultCallback;
import pl.edu.icm.unity.engine.api.utils.PrototypeComponent;
import pl.edu.icm.unity.exceptions.InternalException;
import pl.edu.icm.unity.stdext.credential.NoCredentialResetImpl;
import pl.edu.icm.unity.stdext.credential.pass.PasswordExchange;
import pl.edu.icm.unity.types.translation.TranslationProfile;

@PrototypeComponent
/* loaded from: input_file:pl/edu/icm/unity/pam/PAMVerificator.class */
public class PAMVerificator extends AbstractRemoteVerificator implements PasswordExchange {
    private static final Logger log = Log.getLogger("unity.server.pam", PAMVerificator.class);
    public static final String NAME = "pam";
    public static final String IDP = "PAM";
    public static final String DESCRIPTION = "Verifies passwords using local OS PAM facility";
    private PAMProperties pamProperties;
    private TranslationProfile translationProfile;

    @Component
    /* loaded from: input_file:pl/edu/icm/unity/pam/PAMVerificator$Factory.class */
    public static class Factory extends AbstractCredentialVerificatorFactory {
        @Autowired
        public Factory(ObjectFactory<PAMVerificator> objectFactory) {
            super(PAMVerificator.NAME, PAMVerificator.DESCRIPTION, objectFactory);
        }
    }

    @Autowired
    public PAMVerificator(RemoteAuthnResultProcessor remoteAuthnResultProcessor) {
        super(NAME, DESCRIPTION, "password exchange", remoteAuthnResultProcessor);
    }

    public String getSerializedConfiguration() {
        StringWriter stringWriter = new StringWriter();
        try {
            this.pamProperties.getProperties().store(stringWriter, "");
            return stringWriter.toString();
        } catch (IOException e) {
            throw new InternalException("Can't serialize PAM verificator configuration", e);
        }
    }

    public void setSerializedConfiguration(String str) {
        try {
            Properties properties = new Properties();
            properties.load(new StringReader(str));
            this.pamProperties = new PAMProperties(properties);
            this.translationProfile = getTranslationProfile(this.pamProperties, "translationProfile", "embeddedTranslationProfile");
        } catch (ConfigurationException e) {
            throw new InternalException("Invalid configuration of the PAM verificator", e);
        } catch (IOException e2) {
            throw new InternalException("Invalid configuration of the PAM verificator(?)", e2);
        }
    }

    public AuthenticationResult checkPassword(String str, String str2, SandboxAuthnResultCallback sandboxAuthnResultCallback) {
        AbstractRemoteVerificator.RemoteAuthnState startAuthnResponseProcessing = startAuthnResponseProcessing(sandboxAuthnResultCallback, new String[]{"unity.server.externaltranslation", "unity.server.pam"});
        try {
            return getResult(getRemotelyAuthenticatedInput(str, str2), this.translationProfile, startAuthnResponseProcessing);
        } catch (Exception e) {
            if (e instanceof AuthenticationException) {
                log.debug("PAM authentication failed", e);
            } else {
                log.warn("PAM authentication failed", e);
            }
            finishAuthnResponseProcessing(startAuthnResponseProcessing, e);
            return new AuthenticationResult(AuthenticationResult.Status.deny, (RemotelyAuthenticatedContext) null, (AuthenticatedEntity) null);
        }
    }

    private RemotelyAuthenticatedInput getRemotelyAuthenticatedInput(String str, String str2) throws AuthenticationException, PAMException {
        try {
            return LibPAMUtils.unixUser2RAI(new PAM("unity").authenticate(str, str2), IDP);
        } catch (PAMException e) {
            throw new AuthenticationException("PAM authentication failed", e);
        }
    }

    public CredentialReset getCredentialResetBackend() {
        return new NoCredentialResetImpl();
    }

    public CredentialVerificator.VerificatorType getType() {
        return CredentialVerificator.VerificatorType.Remote;
    }
}
