package com.gitblit.auth;

import com.gitblit.Constants;
import com.gitblit.auth.AuthenticationProvider;
import com.gitblit.models.TeamModel;
import com.gitblit.models.UserModel;
import java.io.File;
import java.io.FileInputStream;
import java.text.MessageFormat;
import java.util.Map;
import java.util.Scanner;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.Crypt;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.codec.digest.Md5Crypt;

/* loaded from: input_file:com/gitblit/auth/HtpasswdAuthProvider.class */
public class HtpasswdAuthProvider extends AuthenticationProvider.UsernamePasswordAuthenticationProvider {
    private static final String KEY_HTPASSWD_FILE = "realm.htpasswd.userfile";
    private static final String DEFAULT_HTPASSWD_FILE = "${baseFolder}/htpasswd";
    private static final String KEY_SUPPORT_PLAINTEXT_PWD = "realm.htpasswd.supportPlaintextPasswords";
    private boolean supportPlainTextPwd;
    private File htpasswdFile;
    private final Map<String, String> htUsers;
    private volatile long lastModified;

    public HtpasswdAuthProvider() {
        super("htpasswd");
        this.htUsers = new ConcurrentHashMap();
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public void setup() {
        String lowerCase = System.getProperty("os.name").toLowerCase();
        if (lowerCase.startsWith("windows") || lowerCase.startsWith("netware")) {
            this.supportPlainTextPwd = true;
        } else {
            this.supportPlainTextPwd = false;
        }
        read();
        this.logger.debug("Read " + this.htUsers.size() + " users from htpasswd file: " + this.htpasswdFile);
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsCredentialChanges() {
        return false;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsDisplayNameChanges() {
        return true;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsEmailAddressChanges() {
        return true;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsTeamMembershipChanges() {
        return true;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsRoleChanges(UserModel userModel, Constants.Role role) {
        return true;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsRoleChanges(TeamModel teamModel, Constants.Role role) {
        return true;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public UserModel authenticate(String str, char[] cArr) {
        read();
        String str2 = this.htUsers.get(str);
        if (str2 == null) {
            return null;
        }
        boolean z = false;
        String str3 = new String(cArr);
        if (str2.startsWith("$apr1$")) {
            if (str2.equals(Md5Crypt.apr1Crypt(str3, str2))) {
                this.logger.debug("Apache MD5 encoded password matched for user '" + str + "'");
                z = true;
            }
        } else if (str2.startsWith("{SHA}")) {
            if (str2.substring("{SHA}".length()).equals(Base64.encodeBase64String(DigestUtils.sha1(str3)))) {
                this.logger.debug("Unsalted SHA-1 encoded password matched for user '" + str + "'");
                z = true;
            }
        } else if (supportCryptPwd() && str2.equals(Crypt.crypt(str3, str2))) {
            this.logger.debug("Libc crypt encoded password matched for user '" + str + "'");
            z = true;
        } else if (supportPlaintextPwd() && str2.equals(str3)) {
            this.logger.debug("Clear text password matched for user '" + str + "'");
            z = true;
        }
        if (!z) {
            return null;
        }
        this.logger.debug("Htpasswd authenticated: " + str);
        UserModel userModel = this.userManager.getUserModel(str);
        UserModel userModel2 = userModel == null ? new UserModel(str) : userModel;
        setCookie(userModel2);
        userModel2.password = Constants.EXTERNAL_ACCOUNT;
        userModel2.accountType = getAccountType();
        updateUser(userModel2);
        return userModel2;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public Constants.AccountType getAccountType() {
        return Constants.AccountType.HTPASSWD;
    }

    protected synchronized void read() {
        boolean z = false;
        File fileOrFolder = getFileOrFolder("realm.htpasswd.userfile", DEFAULT_HTPASSWD_FILE);
        if (!fileOrFolder.equals(this.htpasswdFile)) {
            this.htpasswdFile = fileOrFolder;
            this.htUsers.clear();
            z = true;
        }
        if (this.htpasswdFile.exists()) {
            if (z || this.htpasswdFile.lastModified() != this.lastModified) {
                this.lastModified = this.htpasswdFile.lastModified();
                this.htUsers.clear();
                Pattern compile = Pattern.compile("^([^:]+):(.+)");
                Scanner scanner = null;
                try {
                    try {
                        scanner = new Scanner(new FileInputStream(this.htpasswdFile));
                        while (scanner.hasNextLine()) {
                            String trim = scanner.nextLine().trim();
                            if (!trim.isEmpty() && !trim.startsWith("#")) {
                                Matcher matcher = compile.matcher(trim);
                                if (matcher.matches()) {
                                    this.htUsers.put(matcher.group(1), matcher.group(2));
                                }
                            }
                        }
                        if (scanner != null) {
                            scanner.close();
                        }
                    } catch (Exception e) {
                        this.logger.error(MessageFormat.format("Failed to read {0}", this.htpasswdFile), e);
                        if (scanner != null) {
                            scanner.close();
                        }
                    }
                } catch (Throwable th) {
                    if (scanner != null) {
                        scanner.close();
                    }
                    throw th;
                }
            }
        }
    }

    private boolean supportPlaintextPwd() {
        return this.settings.getBoolean(KEY_SUPPORT_PLAINTEXT_PWD, this.supportPlainTextPwd);
    }

    private boolean supportCryptPwd() {
        return !supportPlaintextPwd();
    }

    public int getNumberHtpasswdUsers() {
        return this.htUsers.size();
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public String toString() {
        return getClass().getSimpleName() + "(" + (this.htpasswdFile != null ? this.htpasswdFile.getAbsolutePath() : "null") + ")";
    }
}
