package org.wso2.carbon.apimgt.notification.handlers;

import com.nimbusds.jose.util.StandardCharset;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.ManagedLifecycle;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.SynapseEnvironment;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.rest.AbstractHandler;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.util.Base64;
import org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException;
import org.wso2.carbon.apimgt.gateway.handlers.security.basicauth.BasicAuthCredentialValidator;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/apimgt/notification/handlers/BasicAuthNotificationHandler.class */
public class BasicAuthNotificationHandler extends AbstractHandler implements ManagedLifecycle {
    private static final Log log = LogFactory.getLog(BasicAuthNotificationHandler.class);
    private BasicAuthCredentialValidator basicAuthCredentialValidator;
    private final String basicAuthKeyHeaderSegment = "Basic";

    public void init(SynapseEnvironment synapseEnvironment) {
    }

    private void initializeCredentialValidator() {
        if (this.basicAuthCredentialValidator == null) {
            synchronized (this) {
                try {
                    this.basicAuthCredentialValidator = new BasicAuthCredentialValidator();
                } catch (APISecurityException e) {
                    log.error("Error while initializing BasicAuthCredentialValidator", e);
                }
            }
        }
    }

    public void destroy() {
    }

    public boolean handleRequest(MessageContext messageContext) {
        initializeCredentialValidator();
        Map map = (Map) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("TRANSPORT_HEADERS");
        if (!map.containsKey("Authorization")) {
            return false;
        }
        try {
            String[] extractBasicAuthCredentials = extractBasicAuthCredentials((String) map.get("Authorization"));
            return this.basicAuthCredentialValidator.validate(getEndUserName(extractBasicAuthCredentials[0]), extractBasicAuthCredentials[1]).isAuthenticated();
        } catch (APISecurityException e) {
            return false;
        }
    }

    public boolean handleResponse(MessageContext messageContext) {
        return true;
    }

    private String[] extractBasicAuthCredentials(String str) throws APISecurityException {
        if (str == null) {
            if (log.isDebugEnabled()) {
                log.debug("Basic Authentication: No Basic Auth Header found");
            }
            throw new APISecurityException(900902, "Missing Credentials");
        }
        if (!str.contains("Basic")) {
            if (log.isDebugEnabled()) {
                log.debug("Basic Authentication: No Basic Auth Header found");
            }
            throw new APISecurityException(900902, "Missing Credentials");
        }
        try {
            String str2 = new String(Base64.decode(str.substring("Basic".length() + 1).trim()), StandardCharset.UTF_8);
            if (str2.contains(":")) {
                return str2.split(":");
            }
            log.error("Basic Authentication: Invalid Basic Auth token");
            throw new APISecurityException(900901, "Invalid Credentials");
        } catch (WSSecurityException e) {
            log.error("Error occured during Basic Authentication: Invalid Basic Auth token");
            throw new APISecurityException(900901, "Invalid Credentials");
        }
    }

    private String getEndUserName(String str) {
        return MultitenantUtils.getTenantAwareUsername(str) + "@" + MultitenantUtils.getTenantDomain(str);
    }
}
