package fathom.realm.pam;

import com.google.common.base.Preconditions;
import com.typesafe.config.Config;
import fathom.authc.StandardCredentials;
import fathom.realm.Account;
import fathom.realm.CachingRealm;
import fathom.utils.Util;
import java.io.File;
import org.jvnet.libpam.PAM;
import org.jvnet.libpam.PAMException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:fathom/realm/pam/PamRealm.class */
public class PamRealm extends CachingRealm {
    private static Logger log = LoggerFactory.getLogger(PamRealm.class);
    private String serviceName;

    public void setup(Config config) {
        super.setup(config);
        String lowerCase = System.getProperty("os.name").toLowerCase();
        Preconditions.checkState(!lowerCase.startsWith("windows"), "PAM authentication is not supported on '{}'", new Object[]{lowerCase});
        String[] strArr = {"/etc/shadow", "/etc/master.passwd"};
        File file = null;
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            File file2 = new File(strArr[i]);
            if (file2.exists()) {
                file = file2;
                break;
            }
            i++;
        }
        if (file == null) {
            log.warn("Could not find a passwd database!");
        } else if (!file.canRead()) {
            log.warn("Can not read passwd database {}! PAM authentications may fail!", file);
        }
        this.serviceName = "system-auth";
        if (config.hasPath("serviceName")) {
            this.serviceName = config.getString("serviceName");
        }
    }

    public void start() {
        log.debug("Realm '{}' configuration:", getRealmName());
        Util.logSetting(log, "serviceName", this.serviceName);
        super.logCacheSettings(log);
    }

    public void stop() {
    }

    public Account authenticate(StandardCredentials standardCredentials) {
        String username = standardCredentials.getUsername();
        return hasAccount(username) ? super.authenticate(standardCredentials) : authenticate(username, standardCredentials.getPassword());
    }

    public Account authenticate(String str, String str2) {
        PAM pam = null;
        try {
            try {
                pam = new PAM(this.serviceName);
                pam.authenticate(str, str2);
                log.debug("Authentication succeeded for '{}' against '{}'", str, getRealmName());
                Account account = new Account((String) null, new StandardCredentials(str, str2));
                cacheAccount(account);
                if (pam != null) {
                    pam.dispose();
                }
                return account;
            } catch (PAMException e) {
                log.debug("Authentication failed for '{}' against '{}'", str, getRealmName());
                log.error(e.getMessage());
                if (pam == null) {
                    return null;
                }
                pam.dispose();
                return null;
            }
        } catch (Throwable th) {
            if (pam != null) {
                pam.dispose();
            }
            throw th;
        }
    }
}
