package org.wso2.carbon.apimgt.hybrid.gateway.rest.api.utils;

import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.util.List;
import java.util.StringTokenizer;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.hybrid.gateway.rest.api.exceptions.AuthenticationException;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/apimgt/hybrid/gateway/rest/api/utils/AuthenticatorUtil.class */
public class AuthenticatorUtil {
    private static final String MISSING_CREDENTIALS_MESSAGE = "Missing Credentials";
    private static final String MISSING_CREDENTIALS_DESCRIPTION = "Required credentials not provided. Make sure your API invocation call has a header: 'Authorization: Bearer Base64Encoded(username:password)'";
    private static final String AUTHORIZATION_PROPERTY = "Authorization";
    private static final String AUTHENTICATION_SCHEME = "Basic";
    private static final String DEFAULT_ENCODING = "UTF-8";
    private static final Log log = LogFactory.getLog(AuthenticatorUtil.class);

    private AuthenticatorUtil() {
    }

    public static AuthDTO authorizeUser(HttpHeaders httpHeaders) throws AuthenticationException {
        List requestHeader = httpHeaders.getRequestHeader(AUTHORIZATION_PROPERTY);
        if (requestHeader == null || requestHeader.isEmpty()) {
            log.warn("Received a request to micro gateway REST API without Authorization header.");
            return new AuthDTO(null, null, false, Response.Status.UNAUTHORIZED, MISSING_CREDENTIALS_MESSAGE, MISSING_CREDENTIALS_DESCRIPTION);
        }
        try {
            String str = new String(Base64.decodeBase64(((String) requestHeader.get(0)).replaceFirst("Basic ", "").getBytes(DEFAULT_ENCODING)), Charset.forName(DEFAULT_ENCODING));
            if (!str.contains(":")) {
                log.warn("Received a request to micro gateway REST API without credentials.");
                return new AuthDTO(null, null, false, Response.Status.UNAUTHORIZED, MISSING_CREDENTIALS_MESSAGE, MISSING_CREDENTIALS_DESCRIPTION);
            }
            StringTokenizer stringTokenizer = new StringTokenizer(str, ":");
            String nextToken = stringTokenizer.nextToken();
            char[] charArray = stringTokenizer.nextToken().toCharArray();
            if (nextToken.isEmpty() || charArray.length == 0) {
                log.warn("Received a micro gateway REST API authentication request with empty username or password.");
                return new AuthDTO(nextToken, null, false, Response.Status.UNAUTHORIZED, MISSING_CREDENTIALS_MESSAGE, MISSING_CREDENTIALS_DESCRIPTION);
            }
            String str2 = "User : " + nextToken + " is unauthorized to invoke micro gateway REST API.";
            try {
                try {
                    String tenantDomain = MultitenantUtils.getTenantDomain(nextToken);
                    String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(nextToken);
                    if (log.isDebugEnabled()) {
                        log.debug("Authenticating user : " + nextToken + " for accessing micro gateway REST API.");
                    }
                    PrivilegedCarbonContext.startTenantFlow();
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(tenantAwareUsername);
                    UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager();
                    if (userStoreManager.authenticate(tenantAwareUsername, charArray)) {
                        for (int i = 0; i < charArray.length; i++) {
                            charArray[i] = 0;
                        }
                        if (log.isDebugEnabled()) {
                            log.debug("User : " + nextToken + " authenticated successfully for micro gateway REST API.");
                        }
                        String adminRoleName = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getAdminRoleName();
                        for (String str3 : userStoreManager.getRoleListOfUser(tenantAwareUsername)) {
                            if (adminRoleName.equalsIgnoreCase(str3)) {
                                if (log.isDebugEnabled()) {
                                    log.debug(nextToken + " is authorized to access micro gateway REST API.");
                                }
                                AuthDTO authDTO = new AuthDTO(nextToken, tenantDomain, true, Response.Status.OK, null, null);
                                PrivilegedCarbonContext.endTenantFlow();
                                return authDTO;
                            }
                        }
                        str2 = "User : " + nextToken + " does not have permission to access micro gateway REST API";
                    }
                    PrivilegedCarbonContext.endTenantFlow();
                    if (log.isDebugEnabled()) {
                        log.debug(str2);
                    }
                    return new AuthDTO(null, null, false, Response.Status.UNAUTHORIZED, "Unauthorized", str2);
                } catch (UserStoreException e) {
                    String str4 = "Error while authenticating user : " + nextToken;
                    log.error(str4, e);
                    throw new AuthenticationException(str4, e);
                }
            } catch (Throwable th) {
                PrivilegedCarbonContext.endTenantFlow();
                throw th;
            }
        } catch (UnsupportedEncodingException e2) {
            log.warn("Received a request to micro gateway REST API with Unsupported Authorization header.");
            return new AuthDTO(null, null, false, Response.Status.UNAUTHORIZED, "Unsupported Encoding of Credentials", "Authorization header is in an Unsupported encoding type. Should be in UTF-8");
        }
    }
}
