package org.wso2.carbon.ml.rest.api.handler;

import java.util.Hashtable;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.AnonymousSessionUtil;
import org.wso2.carbon.ml.rest.api.RestAPIConstants;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/ml/rest/api/handler/MLBasicAuthenticationHandler.class */
public class MLBasicAuthenticationHandler implements RequestHandler {
    private static final Log logger = LogFactory.getLog(MLBasicAuthenticationHandler.class);
    private PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();

    @Override // org.apache.cxf.jaxrs.ext.RequestHandler
    public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
        if (System.getProperty("disableMl") != null && Boolean.parseBoolean(System.getProperty("disableMl"))) {
            logger.error("Machine Learner API has been disabled. Set -DdisableMl=false JVM argument to enable it back.");
            return Response.status(Response.Status.FORBIDDEN).type("application/json").entity("Machine Learner API has been disabled.").build();
        }
        if (logger.isDebugEnabled()) {
            logger.debug(String.format("Authenticating request: " + message.getId(), new Object[0]));
        }
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class);
        if (authorizationPolicy == null) {
            return null;
        }
        Object attribute = ((HttpServletRequest) message.get("HTTP.REQUEST")).getAttribute(RestAPIConstants.CERTIFICATE_HEADER);
        String trim = authorizationPolicy.getUserName().trim();
        String trim2 = authorizationPolicy.getPassword().trim();
        if (StringUtils.isEmpty(trim)) {
            logger.error("username is null/empty.");
            return Response.status(Response.Status.UNAUTHORIZED).type("application/json").entity("Username cannot be null").build();
        }
        if (attribute != null || !StringUtils.isEmpty(trim2)) {
            return Authenticate(attribute, trim, trim2);
        }
        logger.error("password is null/empty.");
        return Response.status(Response.Status.UNAUTHORIZED).type("application/json").entity("password cannot be null").build();
    }

    private Response Authenticate(Object obj, String str, String str2) {
        this.carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        RealmService realmService = (RealmService) this.carbonContext.getOSGiService(RealmService.class, (Hashtable) null);
        RegistryService registryService = (RegistryService) this.carbonContext.getOSGiService(RegistryService.class, (Hashtable) null);
        String tenantDomain = MultitenantUtils.getTenantDomain(str);
        try {
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            UserRealm userRealm = null;
            if (obj == null) {
                userRealm = AnonymousSessionUtil.getRealmByTenantDomain(registryService, realmService, tenantDomain);
                if (userRealm == null) {
                    logger.error("Invalid domain or unactivated tenant login");
                    return Response.status(Response.Status.UNAUTHORIZED).type("application/json").entity("Tenant not found").build();
                }
            }
            String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
            if (obj == null && !userRealm.getUserStoreManager().authenticate(tenantAwareUsername, str2)) {
                logger.error(String.format("Authentication failed. Please check your username/password", new Object[0]));
                return Response.status(Response.Status.UNAUTHORIZED).type("application/json").entity("Authentication failed. Please check your username/password").build();
            }
            this.carbonContext.setTenantDomain(tenantDomain);
            this.carbonContext.setTenantId(tenantId);
            this.carbonContext.setUsername(tenantAwareUsername);
            return null;
        } catch (Exception e) {
            logger.error("Authentication failed: ", e);
            return Response.status(Response.Status.UNAUTHORIZED).type("application/json").entity("Authentication failed: ").build();
        }
    }
}
