package org.wso2.carbon.appmgt.gateway.handlers.security.saml2;

import javax.cache.Cache;
import javax.cache.Caching;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.SynapseEnvironment;
import org.wso2.carbon.appmgt.api.model.AuthenticatedIDP;
import org.wso2.carbon.appmgt.gateway.handlers.Utils;
import org.wso2.carbon.appmgt.gateway.handlers.security.APISecurityConstants;
import org.wso2.carbon.appmgt.gateway.handlers.security.APISecurityException;
import org.wso2.carbon.appmgt.gateway.handlers.security.APISecurityUtils;
import org.wso2.carbon.appmgt.gateway.handlers.security.AuthenticationContext;
import org.wso2.carbon.appmgt.gateway.handlers.security.Authenticator;
import org.wso2.carbon.appmgt.gateway.handlers.security.keys.APIKeyDataStore;
import org.wso2.carbon.appmgt.gateway.handlers.security.keys.JDBCAPIKeyDataStore;
import org.wso2.carbon.appmgt.impl.dto.APIKeyValidationInfoDTO;
import org.wso2.carbon.context.PrivilegedCarbonContext;

/* loaded from: input_file:org/wso2/carbon/appmgt/gateway/handlers/security/saml2/SAML2Authenticator.class */
public class SAML2Authenticator implements Authenticator {
    private static final Log log = LogFactory.getLog(SAML2Authenticator.class);
    private APIKeyDataStore dataStore;
    private AuthenticationContext authenticationContext;

    @Override // org.wso2.carbon.appmgt.gateway.handlers.security.Authenticator
    public void init(SynapseEnvironment synapseEnvironment) {
        try {
            this.dataStore = new JDBCAPIKeyDataStore();
        } catch (APISecurityException e) {
            e.printStackTrace();
        }
        getKeyCache();
    }

    protected Cache getKeyCache() {
        return Caching.getCacheManager("API_MANAGER_CACHE").getCache("keyCache");
    }

    @Override // org.wso2.carbon.appmgt.gateway.handlers.security.Authenticator
    public void destroy() {
    }

    @Override // org.wso2.carbon.appmgt.gateway.handlers.security.Authenticator
    public boolean authenticate(MessageContext messageContext) throws APISecurityException {
        String str = (String) messageContext.getProperty(APISecurityConstants.SUBJECT);
        String str2 = (String) messageContext.getProperty("REST_API_CONTEXT");
        String str3 = (String) messageContext.getProperty("SYNAPSE_REST_API_VERSION");
        String authenticationCookie = Utils.getAuthenticationCookie(messageContext);
        Object property = messageContext.getProperty(APISecurityConstants.AUTHENTICATED_IDP);
        AuthenticatedIDP[] authenticatedIDPArr = null;
        if (property != null) {
            authenticatedIDPArr = (AuthenticatedIDP[]) property;
        }
        AuthenticationContext authenticationContext = getAuthenticationContext(str2, str3, str, authenticatedIDPArr, authenticationCookie);
        if (authenticationContext.isAuthenticated()) {
            APISecurityUtils.setAuthenticationContext(messageContext, authenticationContext, "X-JWT-Assertion");
            return true;
        }
        log.warn("Access failure for WebApp: " + str2 + ", version: " + str3 + ", samlssoTokenId: " + authenticationCookie);
        return false;
    }

    @Override // org.wso2.carbon.appmgt.gateway.handlers.security.Authenticator
    public String getChallengeString() {
        return null;
    }

    @Override // org.wso2.carbon.appmgt.gateway.handlers.security.Authenticator
    public String getRequestOrigin() {
        return null;
    }

    @Override // org.wso2.carbon.appmgt.gateway.handlers.security.Authenticator
    public String getSecurityContextHeader() {
        return null;
    }

    private AuthenticationContext getAuthenticationContext(String str, String str2, String str3, AuthenticatedIDP[] authenticatedIDPArr, String str4) throws APISecurityException {
        APIKeyValidationInfoDTO aPPData;
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        if (tenantDomain.equalsIgnoreCase("carbon.super")) {
            aPPData = this.dataStore.getAPPData(str, str2, str3, authenticatedIDPArr);
        } else {
            aPPData = this.dataStore.getAPPData(str, str2, str3 + '@' + tenantDomain, authenticatedIDPArr);
        }
        if (aPPData == null) {
            log.warn("cannot load application data for the provided context and version");
            return null;
        }
        AuthenticationContext authenticationContext = new AuthenticationContext();
        authenticationContext.setAccessToken(str4);
        authenticationContext.setApplicationId(aPPData.getApplicationId());
        authenticationContext.setApplicationName(aPPData.getApplicationName());
        authenticationContext.setApplicationTier(aPPData.getApplicationTier());
        authenticationContext.setTier(aPPData.getTier());
        authenticationContext.setConsumerKey(str4);
        authenticationContext.setAuthenticated(aPPData.isAuthorized());
        authenticationContext.setValidationStatus(aPPData.getValidationStatus());
        authenticationContext.setContext(aPPData.getContext());
        authenticationContext.setApiVersion(aPPData.getApiVersion());
        authenticationContext.setApiPublisher(aPPData.getApiPublisher());
        authenticationContext.setLogoutURL(aPPData.getLogoutURL());
        if (authenticationContext.getAccessToken() != null) {
            getKeyCache().put(authenticationContext.getAccessToken(), str3);
        }
        return authenticationContext;
    }
}
