package org.rundeck.jaas.pam;

import com.dtolabs.rundeck.core.plugins.metadata.ProviderDef;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jvnet.libpam.PAM;
import org.jvnet.libpam.PAMException;
import org.jvnet.libpam.UnixUser;
import org.rundeck.jaas.AbstractSharedLoginModule;

/* loaded from: input_file:lib/rundeck-jetty-server-2.6.11.jar:org/rundeck/jaas/pam/AbstractPamLoginModule.class */
public abstract class AbstractPamLoginModule extends AbstractSharedLoginModule {
    public static final Logger logger = Logger.getLogger(AbstractPamLoginModule.class.getName());
    private String serviceName;
    private UnixUser unixUser;
    private boolean useUnixGroups;
    private List<String> supplementalRoles;

    @Override // org.rundeck.jaas.AbstractSharedLoginModule, org.rundeck.jaas.AbstractBaseLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
        Object obj = map2.get(ProviderDef.META_SERVICE);
        if (null == obj) {
            throw new IllegalStateException("service is required");
        }
        this.serviceName = obj.toString();
        Object obj2 = map2.get("useUnixGroups");
        if (null != obj2) {
            this.useUnixGroups = Boolean.parseBoolean(obj2.toString());
        } else {
            this.useUnixGroups = false;
        }
        Object obj3 = map2.get("supplementalRoles");
        if (null != obj3) {
            this.supplementalRoles = new ArrayList();
            this.supplementalRoles.addAll(Arrays.asList(obj3.toString().split(", *")));
        }
    }

    @Override // org.rundeck.jaas.AbstractSharedLoginModule
    protected boolean authenticate(String str, char[] cArr) throws LoginException {
        try {
            if (str == null || cArr == null) {
                debug("user or pass is null");
                return false;
            }
            debug("PAM authentication trying (" + this.serviceName + ") for: " + str);
            UnixUser authenticate = new PAM(this.serviceName).authenticate(str, new String(cArr));
            debug("PAM authentication succeeded for: " + str);
            this.unixUser = authenticate;
            return true;
        } catch (PAMException e) {
            debug(e.getMessage());
            if (!isDebug()) {
                return false;
            }
            e.printStackTrace();
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.rundeck.jaas.AbstractBaseLoginModule
    public void debug(String str) {
        logger.log(Level.INFO, str);
    }

    @Override // org.rundeck.jaas.AbstractBaseLoginModule
    protected List<Principal> createRolePrincipals() {
        return createRolePrincipals(this.unixUser);
    }

    @Override // org.rundeck.jaas.AbstractBaseLoginModule
    protected Principal createUserPrincipal() {
        return createUserPrincipal(this.unixUser);
    }

    protected abstract Principal createUserPrincipal(UnixUser unixUser);

    protected abstract Principal createRolePrincipal(String str);

    protected List<Principal> createRolePrincipals(UnixUser unixUser) {
        ArrayList arrayList = new ArrayList();
        if (null != this.supplementalRoles) {
            Iterator<String> it = this.supplementalRoles.iterator();
            while (it.hasNext()) {
                Principal createRolePrincipal = createRolePrincipal(it.next());
                if (null != createRolePrincipal) {
                    arrayList.add(createRolePrincipal);
                }
            }
        }
        if (this.useUnixGroups) {
            Iterator<String> it2 = unixUser.getGroups().iterator();
            while (it2.hasNext()) {
                Principal createRolePrincipal2 = createRolePrincipal(it2.next());
                if (null != createRolePrincipal2) {
                    arrayList.add(createRolePrincipal2);
                }
            }
        }
        return arrayList;
    }

    @Override // org.rundeck.jaas.AbstractSharedLoginModule, org.rundeck.jaas.AbstractBaseLoginModule
    public boolean commit() throws LoginException {
        if (!isAuthenticated()) {
            this.unixUser = null;
        }
        return super.commit();
    }

    @Override // org.rundeck.jaas.AbstractBaseLoginModule
    public boolean abort() throws LoginException {
        this.unixUser = null;
        return super.abort();
    }

    @Override // org.rundeck.jaas.AbstractBaseLoginModule
    public boolean logout() throws LoginException {
        this.unixUser = null;
        return super.logout();
    }

    public boolean isUseUnixGroups() {
        return this.useUnixGroups;
    }
}
