package org.wso2.carbon.identity.auth.valve;

import java.io.IOException;
import javax.servlet.ServletException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.auth.service.AuthenticationContext;
import org.wso2.carbon.identity.auth.service.AuthenticationManager;
import org.wso2.carbon.identity.auth.service.AuthenticationStatus;
import org.wso2.carbon.identity.auth.service.exception.AuthClientException;
import org.wso2.carbon.identity.auth.service.exception.AuthServerException;
import org.wso2.carbon.identity.auth.service.exception.AuthenticationFailException;
import org.wso2.carbon.identity.auth.service.module.ResourceConfig;
import org.wso2.carbon.identity.auth.service.module.ResourceConfigKey;
import org.wso2.carbon.identity.auth.valve.util.AuthHandlerManager;

/* loaded from: input_file:org/wso2/carbon/identity/auth/valve/AuthenticationValve.class */
public class AuthenticationValve extends ValveBase {
    private static final String AUTH_CONTEXT = "auth-context";
    private static final String AUTH_HEADER_NAME = "WWW-Authenticate";
    private static final Log log = LogFactory.getLog(AuthenticationValve.class);

    public void invoke(Request request, Response response) throws IOException, ServletException {
        AuthenticationManager authenticationManager = AuthHandlerManager.getInstance().getAuthenticationManager();
        ResourceConfig securedResource = authenticationManager.getSecuredResource(new ResourceConfigKey(request.getRequestURI(), request.getMethod()));
        if (securedResource == null) {
            getNext().invoke(request, response);
        }
        if (log.isDebugEnabled()) {
            log.debug("AuthenticationValve hit on secured resource : " + request.getRequestURI());
        }
        try {
            AuthenticationContext authenticationContext = new AuthenticationContext(AuthHandlerManager.getInstance().getRequestBuilder(request, response).createRequestBuilder(request, response).build());
            authenticationContext.setResourceConfig(securedResource);
            if (authenticationManager.authenticate(authenticationContext).getAuthenticationStatus().equals(AuthenticationStatus.SUCCESS)) {
                request.setAttribute(AUTH_CONTEXT, authenticationContext);
                getNext().invoke(request, response);
            } else {
                handleErrorResponse(authenticationContext, response, 401);
            }
        } catch (AuthServerException e) {
            handleErrorResponse(null, response, 400);
        } catch (AuthClientException e2) {
            handleErrorResponse(null, response, 400);
        } catch (AuthenticationFailException e3) {
            handleErrorResponse(null, response, 401);
        }
    }

    private void handleErrorResponse(AuthenticationContext authenticationContext, Response response, int i) throws IOException {
        StringBuilder sb = new StringBuilder(16);
        sb.append("realm user=\"");
        if (authenticationContext.getUser() != null) {
            sb.append(authenticationContext.getUser().getUserName());
        }
        sb.append('\"');
        response.setHeader(AUTH_HEADER_NAME, sb.toString());
        response.sendError(i);
    }
}
