package org.wso2.carbon.apimgt.rest.api.util.interceptors.auth;

import java.util.Hashtable;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.wso2.carbon.CarbonException;
import org.wso2.carbon.apimgt.rest.api.util.RestApiConstants;
import org.wso2.carbon.apimgt.rest.api.util.dto.ErrorDTO;
import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.AnonymousSessionUtil;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.apimgt.rest.api.util-6.4.95.jar:org/wso2/carbon/apimgt/rest/api/util/interceptors/auth/BasicAuthenticationInterceptor.class */
public class BasicAuthenticationInterceptor extends AbstractPhaseInterceptor {
    private static final Log logger = LogFactory.getLog(BasicAuthenticationInterceptor.class);

    public BasicAuthenticationInterceptor() {
        super(Phase.PRE_INVOKE);
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(Message message) {
        if (message.get(RestApiConstants.AUTHENTICATION_REQUIRED) == null || Boolean.parseBoolean(RestApiConstants.AUTHENTICATION_REQUIRED)) {
            if (handleRequest(message, null)) {
                if (logger.isDebugEnabled()) {
                    logger.debug("User logged into Web app using Basic Authentication");
                    return;
                }
                return;
            }
            ErrorDTO errorDTO = new ErrorDTO();
            errorDTO.setCode(401L);
            errorDTO.setMoreInfo("");
            errorDTO.setMessage("");
            errorDTO.setDescription("Unauthenticated request");
            message.getExchange().put((Class<Class>) Response.class, (Class) Response.status(Response.Status.UNAUTHORIZED).entity(errorDTO).build());
        }
    }

    public boolean handleRequest(Message message, ClassResourceInfo classResourceInfo) {
        if (logger.isDebugEnabled()) {
            logger.debug(String.format("Authenticating request: " + message.getId(), new Object[0]));
        }
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class);
        if (authorizationPolicy == null) {
            logger.error("Authentication failed: Basic authentication header is missing");
            return false;
        }
        String trim = StringUtils.trim(authorizationPolicy.getUserName());
        String trim2 = StringUtils.trim(authorizationPolicy.getPassword());
        if (StringUtils.isEmpty(trim)) {
            logger.error("Username cannot be null/empty.");
            return false;
        }
        if (!StringUtils.isEmpty(trim2) || 0 != 0) {
            return authenticate(null, trim, trim2);
        }
        logger.error("Password cannot be null/empty.");
        return false;
    }

    private boolean authenticate(Object obj, String str, String str2) {
        PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        RealmService realmService = (RealmService) threadLocalCarbonContext.getOSGiService(RealmService.class, (Hashtable) null);
        RegistryService registryService = (RegistryService) threadLocalCarbonContext.getOSGiService(RegistryService.class, (Hashtable) null);
        String tenantDomain = MultitenantUtils.getTenantDomain(str);
        try {
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            UserRealm userRealm = null;
            if (obj == null) {
                userRealm = AnonymousSessionUtil.getRealmByTenantDomain(registryService, realmService, tenantDomain);
                if (userRealm == null) {
                    logger.error("Invalid domain or unactivated tenant login");
                    return false;
                }
            }
            String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
            if (obj == null && !userRealm.getUserStoreManager().authenticate(tenantAwareUsername, str2)) {
                logger.error(String.format("Authentication failed. Please check your username/password", new Object[0]));
                return false;
            }
            RestApiUtil.setThreadLocalRequestedTenant(str);
            threadLocalCarbonContext.setTenantDomain(tenantDomain);
            threadLocalCarbonContext.setTenantId(tenantId);
            threadLocalCarbonContext.setUsername(str);
            return true;
        } catch (UserStoreException e) {
            logger.error("Authentication failed for user: " + str, e);
            return false;
        } catch (org.wso2.carbon.user.api.UserStoreException e2) {
            logger.error("Authentication failed for user: " + str, e2);
            return false;
        } catch (CarbonException e3) {
            logger.error("Authentication failed for user: " + str, e3);
            return false;
        }
    }
}
