package fathom.realm.windows;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.sun.jna.platform.win32.Win32Exception;
import com.typesafe.config.Config;
import fathom.authc.StandardCredentials;
import fathom.realm.Account;
import fathom.realm.CachingRealm;
import fathom.utils.Util;
import java.util.Arrays;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import waffle.windows.auth.IWindowsAccount;
import waffle.windows.auth.IWindowsAuthProvider;
import waffle.windows.auth.IWindowsComputer;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.impl.WindowsAuthProviderImpl;

/* loaded from: input_file:fathom/realm/windows/WindowsRealm.class */
public class WindowsRealm extends CachingRealm {
    private static final Logger log = LoggerFactory.getLogger(WindowsRealm.class);
    protected List<String> adminGroups;
    private String defaultDomain;
    private boolean allowGuests;
    private IWindowsAuthProvider waffle;

    public void setup(Config config) {
        super.setup(config);
        String lowerCase = System.getProperty("os.name").toLowerCase();
        Preconditions.checkState(lowerCase.startsWith("windows"), "Windows authentication is not supported on '{}'", new Object[]{lowerCase});
        if (config.hasPath("defaultDomain")) {
            this.defaultDomain = Strings.emptyToNull(config.getString("defaultDomain"));
        }
        if (config.hasPath("allowGuests")) {
            this.allowGuests = config.getBoolean("allowGuests");
        }
        this.adminGroups = Arrays.asList("BUILTIN\\Administrators");
        if (config.hasPath("adminGroups")) {
            this.adminGroups = config.getStringList("adminGroups");
        }
        this.waffle = new WindowsAuthProviderImpl();
    }

    protected String describeJoinStatus(String str) {
        return "NetSetupUnknownStatus".equals(str) ? "unknown" : "NetSetupUnjoined".equals(str) ? "not joined" : "NetSetupWorkgroupName".equals(str) ? "joined to a workgroup" : "NetSetupDomainName".equals(str) ? "joined to a domain" : str;
    }

    public void start() {
        log.debug("Realm '{}' configuration:", getRealmName());
        Util.logSetting(log, "defaultDomain", this.defaultDomain);
        Util.logSetting(log, "allowGuests", Boolean.valueOf(this.allowGuests));
        Util.logSetting(log, "adminGroups", this.adminGroups);
        super.logCacheSettings(log);
        IWindowsComputer currentComputer = this.waffle.getCurrentComputer();
        log.debug("Windows realm information:");
        Util.logSetting(log, "name", currentComputer.getComputerName());
        Util.logSetting(log, "status", describeJoinStatus(currentComputer.getJoinStatus()));
        Util.logSetting(log, "memberOf", currentComputer.getMemberOf());
    }

    public void stop() {
    }

    public Account authenticate(StandardCredentials standardCredentials) {
        String simpleUsername = getSimpleUsername(standardCredentials.getUsername());
        String password = standardCredentials.getPassword();
        return hasAccount(simpleUsername) ? super.authenticate(new StandardCredentials(simpleUsername, password)) : authenticate(simpleUsername, password);
    }

    public Account authenticate(String str, String str2) {
        IWindowsIdentity iWindowsIdentity = null;
        try {
            try {
                IWindowsIdentity logonUser = (str.indexOf(64) > -1 || str.indexOf(92) > -1) ? this.waffle.logonUser(str, str2) : this.waffle.logonDomainUser(str, this.defaultDomain, str2);
                log.debug("Authentication succeeded for '{}' against '{}'", str, getRealmName());
                if (logonUser.isGuest() && !this.allowGuests) {
                    log.warn("Guest account access is disabled");
                    if (logonUser != null) {
                        logonUser.dispose();
                    }
                    return null;
                }
                String fqn = logonUser.getFqn();
                Account account = new Account(fqn.indexOf(92) > -1 ? fqn.substring(fqn.lastIndexOf(92) + 1) : fqn, new StandardCredentials(str, str2));
                for (IWindowsAccount iWindowsAccount : logonUser.getGroups()) {
                    account.getAuthorizations().addRole(iWindowsAccount.getFqn());
                }
                setAdminAttribute(account);
                cacheAccount(account);
                if (logonUser != null) {
                    logonUser.dispose();
                }
                return account;
            } catch (Win32Exception e) {
                log.debug("Authentication failed for '{}' against '{}'", str, getRealmName());
                log.error(e.getMessage());
                if (0 == 0) {
                    return null;
                }
                iWindowsIdentity.dispose();
                return null;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                iWindowsIdentity.dispose();
            }
            throw th;
        }
    }

    private void setAdminAttribute(Account account) {
        if (this.adminGroups != null) {
            for (String str : this.adminGroups) {
                if (str.startsWith("@") && account.getUsername().equalsIgnoreCase(str.substring(1))) {
                    account.getAuthorizations().addPermission("*");
                } else if (account.hasRole(str)) {
                    account.getAuthorizations().addPermission("*");
                }
            }
        }
    }

    private String getSimpleUsername(String str) {
        String str2 = str;
        if (this.defaultDomain != null) {
            if (str.startsWith(this.defaultDomain + "\\")) {
                str2 = str.substring(this.defaultDomain.length() + 1);
            } else if (str.endsWith("@" + this.defaultDomain)) {
                str2 = str.substring(0, str.lastIndexOf(64));
            }
        }
        return str2;
    }
}
