package org.wso2.carbon.appmgt.rest.api.util.interceptors.auth;

import java.util.Hashtable;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.wso2.carbon.CarbonException;
import org.wso2.carbon.appmgt.rest.api.util.dto.ErrorDTO;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.AnonymousSessionUtil;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.appmgt.rest.api.util-1.4.18.jar:org/wso2/carbon/appmgt/rest/api/util/interceptors/auth/BasicAuthenticationInterceptor.class */
public class BasicAuthenticationInterceptor extends AbstractPhaseInterceptor {
    private static final Log log = LogFactory.getLog(BasicAuthenticationInterceptor.class);

    public BasicAuthenticationInterceptor() {
        super(Phase.PRE_INVOKE);
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(Message message) {
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class);
        if (authorizationPolicy == null) {
            sendErrorResponse(new ErrorDTO(401L, "No security headers provided."), message);
            return;
        }
        String trim = StringUtils.trim(authorizationPolicy.getUserName());
        String trim2 = StringUtils.trim(authorizationPolicy.getPassword());
        PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        RealmService realmService = (RealmService) threadLocalCarbonContext.getOSGiService(RealmService.class, (Hashtable) null);
        if (!authenticate(trim, trim2, realmService)) {
            sendErrorResponse(new ErrorDTO(401L, "Invalid credentials"), message);
            return;
        }
        String tenantDomain = MultitenantUtils.getTenantDomain(trim);
        try {
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            threadLocalCarbonContext.setTenantDomain(tenantDomain);
            threadLocalCarbonContext.setTenantId(tenantId);
            threadLocalCarbonContext.setUsername(trim);
        } catch (UserStoreException e) {
            log.error(String.format("Can't get the tenant ID for the tenant domain '%s'.", tenantDomain));
            sendErrorResponse(new ErrorDTO(500L, "Internal Server Error"), message);
        }
    }

    private boolean authenticate(String str, String str2, RealmService realmService) {
        RegistryService registryService = (RegistryService) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(RegistryService.class, (Hashtable) null);
        String tenantDomain = MultitenantUtils.getTenantDomain(str);
        try {
            UserRealm realmByTenantDomain = AnonymousSessionUtil.getRealmByTenantDomain(registryService, realmService, tenantDomain);
            if (realmByTenantDomain != null) {
                return realmByTenantDomain.getUserStoreManager().authenticate(MultitenantUtils.getTenantAwareUsername(str), str2);
            }
            log.error(String.format("Can't get the user realm for the tenant domain %s. Invalid domain or unactivated tenant login.", tenantDomain));
            return false;
        } catch (CarbonException e) {
            log.error(String.format("Can't get the user realm for the tenant domain %s.", tenantDomain), e);
            return false;
        } catch (org.wso2.carbon.user.core.UserStoreException e2) {
            log.error("Error while authenticating the user against the user store manager", e2);
            return false;
        }
    }

    private void sendErrorResponse(ErrorDTO errorDTO, Message message) {
        message.getExchange().put((Class<Class>) Response.class, (Class) Response.status(Response.Status.fromStatusCode(errorDTO.getCode().intValue())).entity(errorDTO).build());
    }
}
