package com.cenqua.fisheye.user.os;

import antlr.ANTLRException;
import com.cenqua.fisheye.config1.HostAuthRepositoryConfigType;
import com.cenqua.fisheye.config1.HostauthConfigType;
import com.cenqua.fisheye.logging.Logs;
import com.cenqua.fisheye.rep.RepositoryHandle;
import com.cenqua.fisheye.user.BaseAuth;
import com.cenqua.fisheye.util.VariableSubstituter;
import com.cenqua.fisheye.util.cond.AtomEvaluator;
import com.cenqua.fisheye.util.cond.AtomExpr;
import com.cenqua.fisheye.util.cond.BoolExpr;
import com.cenqua.shaj.Authenticator;
import com.cenqua.shaj.PAMAuthenticator;
import com.cenqua.shaj.log.Log4Log;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;

/* loaded from: input_file:fecru-2.1.0.M1/fisheye.jar:com/cenqua/fisheye/user/os/HostAuth.class */
public class HostAuth extends BaseAuth {
    private static final String DEFAULT_PAM_SERVICE = "fisheye";
    private final boolean autoAdd;
    private String domain;
    private final BoolExpr requiredGroup;

    /* loaded from: input_file:fecru-2.1.0.M1/fisheye.jar:com/cenqua/fisheye/user/os/HostAuth$HostAuthTok.class */
    public static class HostAuthTok extends BaseAuth.AuthTok {
        private final String username;

        HostAuthTok(String str) {
            this.username = str;
        }

        @Override // com.cenqua.fisheye.user.BaseAuth.AuthTok
        public String getEmail() {
            return null;
        }

        @Override // com.cenqua.fisheye.user.BaseAuth.AuthTok
        public String getUsername() {
            return this.username;
        }

        @Override // com.cenqua.fisheye.user.BaseAuth.AuthTok
        public String getDisplayName() {
            return null;
        }

        @Override // com.cenqua.fisheye.user.BaseAuth.AuthTok
        public int getAuthType() {
            return 3;
        }
    }

    public HostAuth(HostauthConfigType hostauthConfigType) {
        this(hostauthConfigType, Logs.APP_LOG, Logs.PERF_LOG);
    }

    public HostAuth(HostauthConfigType hostauthConfigType, Logger logger, Logger logger2) {
        super(logger, logger2);
        this.autoAdd = hostauthConfigType.getAutoAdd();
        if (hostauthConfigType.isSetRequiredGroup()) {
            this.requiredGroup = parseGroupExpression(hostauthConfigType.getRequiredGroup());
        } else {
            this.requiredGroup = null;
        }
        if (hostauthConfigType.isSetDomain()) {
            this.domain = hostauthConfigType.getDomain();
        } else {
            this.domain = null;
        }
        setPermCacheTTL(hostauthConfigType.getPositiveCacheTtl());
        if (PAMAuthenticator.isSupported() && this.domain == null) {
            this.domain = DEFAULT_PAM_SERVICE;
        }
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public void close() {
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public boolean getAutoAdd() {
        return this.autoAdd;
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public int getAuthType() {
        return 3;
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public BaseAuth.AuthTok checkPassword(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (str == null || "".equals(str)) {
            this.appLog.debug("host-auth: can't check an empty username");
            return null;
        }
        if (str2 == null) {
            this.appLog.debug("host-auth: can't check a null password");
            return null;
        }
        long currentTimeMillis = System.currentTimeMillis();
        boolean checkPassword = Authenticator.getDefault().checkPassword(this.domain, str, str2, new Log4Log(this.appLog));
        long currentTimeMillis2 = System.currentTimeMillis();
        if (this.perfLog.isInfoEnabled()) {
            this.perfLog.info("host-auth password check for " + str + " in " + (currentTimeMillis2 - currentTimeMillis) + "ms");
        }
        if (checkPassword && hasGlobalPerm(str)) {
            return new HostAuthTok(str);
        }
        return null;
    }

    private boolean hasGlobalPerm(String str) {
        if (this.requiredGroup == null || checkGroupMembership(str, this.requiredGroup, null)) {
            return true;
        }
        this.appLog.info("user " + str + " had correct password but was not in required group");
        return false;
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public BaseAuth.AuthTok recreateAuth(String str) {
        if (hasGlobalPerm(str)) {
            return new HostAuthTok(str);
        }
        return null;
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public boolean hasPermissionToAccess(BaseAuth.AuthTok authTok, boolean z, RepositoryHandle repositoryHandle) {
        HostAuthRepositoryConfigType hostAuthConstraint = repositoryHandle.getCfg().getHostAuthConstraint();
        if (hostAuthConstraint == null) {
            return z;
        }
        if (!(authTok instanceof HostAuthTok)) {
            return false;
        }
        HostAuthTok hostAuthTok = (HostAuthTok) authTok;
        String name = repositoryHandle.getName();
        Boolean checkCache = checkCache(hostAuthTok, name);
        if (checkCache != null) {
            if (this.appLog.isDebugEnabled()) {
                this.appLog.debug("HOSTAUTH: got perm check from the cache, " + hostAuthTok.username + " against rep " + name);
            }
            return checkCache.booleanValue();
        }
        boolean checkGroupMembership = checkGroupMembership(hostAuthTok.username, parseGroupExpression(hostAuthConstraint.getRequiredGroup()), repositoryHandle.getName());
        setCache(hostAuthTok, name, checkGroupMembership);
        return checkGroupMembership;
    }

    private BoolExpr parseGroupExpression(String str) {
        try {
            return BoolExpr.parse(str);
        } catch (ANTLRException e) {
            Logs.APP_LOG.error("could not parse group expression: " + str, e);
            return new AtomExpr(str);
        }
    }

    private boolean checkGroupMembership(final String str, BoolExpr boolExpr, String str2) {
        final Log4Log log4Log = new Log4Log(this.appLog);
        final HashMap hashMap = new HashMap();
        hashMap.put("USERNAME", str);
        if (str2 != null) {
            hashMap.put("REP", str2);
        }
        return boolExpr.evaluate(new AtomEvaluator() { // from class: com.cenqua.fisheye.user.os.HostAuth.1
            @Override // com.cenqua.fisheye.util.cond.AtomEvaluator
            public boolean eval(String str3) {
                return Authenticator.getDefault().checkGroupMembership(HostAuth.this.domain, str, VariableSubstituter.substituteRefs(str3, hashMap), log4Log);
            }
        });
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public BaseAuth.AuthTok checkRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return null;
    }
}
