package org.wso2.carbon.analytics.servlet.internal;

import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.analytics.io.commons.AnalyticsAPIConstants;
import org.wso2.carbon.analytics.servlet.exception.AnalyticsAPIAuthenticationException;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:plugins/org.wso2.carbon.analytics.servlet-1.3.20.jar:org/wso2/carbon/analytics/servlet/internal/AnalyticsAPIAuthenticator.class */
public class AnalyticsAPIAuthenticator {
    private static Log log = LogFactory.getLog(AnalyticsAPIAuthenticator.class);
    private static final String SESSION_CACHE_NAME = "ANALYTICS_API_SERVICE_SESSION_CACHE";
    private Map<String, Boolean> sessionIds;

    public AnalyticsAPIAuthenticator() {
        if (ServiceHolder.getHazelcastInstance() != null) {
            this.sessionIds = ServiceHolder.getHazelcastInstance().getMap(SESSION_CACHE_NAME);
        } else {
            this.sessionIds = new HashMap();
        }
    }

    public String authenticate(String str, String str2) throws AnalyticsAPIAuthenticationException {
        if (str == null || str.trim().isEmpty()) {
            logAndThrowAuthException("Username is not provided!");
        }
        if (str2 == null || str2.trim().isEmpty()) {
            logAndThrowAuthException("Password is not provided!");
        }
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
        if (!MultitenantUtils.getTenantDomain(str).equals("carbon.super")) {
            logAndThrowAuthException("Only super tenant users is authenticated to use the service!");
            return null;
        }
        if (!ServiceHolder.getAuthenticationService().authenticate(tenantAwareUsername, str2)) {
            logAndThrowAuthException("Login failed for user :" + tenantAwareUsername);
            return null;
        }
        try {
            if (!ServiceHolder.getRealmService().getTenantUserRealm(-1234).getAuthorizationManager().isUserAuthorized(str, AnalyticsAPIConstants.ANALYTICS_REMOTE_API_INVOCATION_PERMISSION, "ui.execute")) {
                logAndThrowAuthException("User :" + tenantAwareUsername + " don't have necessary permissions to connect to remote analytics API.");
                return null;
            }
            String uuid = UUID.randomUUID().toString();
            this.sessionIds.put(uuid, Boolean.TRUE);
            return uuid;
        } catch (UserStoreException e) {
            logAndThrowAuthException("User :" + tenantAwareUsername + " don't have necessary permissions to connect to remote analytics API.");
            return null;
        }
    }

    private void logAndThrowAuthException(String str) throws AnalyticsAPIAuthenticationException {
        log.error(str);
        throw new AnalyticsAPIAuthenticationException(str);
    }

    public void validateSessionId(String str) throws AnalyticsAPIAuthenticationException {
        if (this.sessionIds.get(str) == null || !this.sessionIds.get(str).booleanValue()) {
            logAndThrowAuthException("Unauthenticated session Id : " + str);
        }
    }
}
