package org.wso2.carbon.identity.authenticator.backend.oauth;

import java.rmi.RemoteException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse;
import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidatorFactory;

/* loaded from: input_file:org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.class */
public class OauthAuthenticator implements CarbonServerAuthenticator {
    private static final Log log = LogFactory.getLog(OauthAuthenticator.class);
    private static final int PRIORITY = 5;
    private static final int ACCESS_TOKEN_INDEX = 1;
    private OAuth2TokenValidator tokenValidator;

    public OauthAuthenticator() {
        try {
            this.tokenValidator = OAuthValidatorFactory.getValidator();
        } catch (IllegalArgumentException e) {
            log.error("Failed to initialise Authenticator", e);
        }
    }

    public boolean isHandle(MessageContext messageContext) {
        HttpServletRequest httpRequest = getHttpRequest(messageContext);
        String header = httpRequest.getHeader("Authorization");
        return (header == null || header.trim().isEmpty()) ? httpRequest.getParameter(OauthAuthenticatorConstants.BEARER_TOKEN_IDENTIFIER) != null : OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER.equals(header.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR)[0]);
    }

    public boolean isAuthenticated(MessageContext messageContext) {
        HttpServletRequest httpRequest = getHttpRequest(messageContext);
        OAuthValidationResponse oAuthValidationResponse = null;
        try {
            oAuthValidationResponse = this.tokenValidator.validateToken(httpRequest.getHeader("Authorization").trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR)[ACCESS_TOKEN_INDEX]);
        } catch (RemoteException e) {
            log.error("Failed to validate the OAuth token provided.", e);
        }
        if (oAuthValidationResponse == null || !oAuthValidationResponse.isValid()) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Authentication failed.Illegal attempt from session " + httpRequest.getSession().getId());
            return false;
        }
        HttpSession session = httpRequest.getSession(false);
        if (session == null) {
            return true;
        }
        session.setAttribute("tenantDomain", oAuthValidationResponse.getTenantDomain());
        session.setAttribute("wso2carbon.admin.logged.in", oAuthValidationResponse.getUserName());
        if (!log.isDebugEnabled()) {
            return true;
        }
        log.debug("Authentication successful for " + session.getAttribute("wso2carbon.admin.logged.in"));
        return true;
    }

    public boolean authenticateWithRememberMe(MessageContext messageContext) {
        throw new UnsupportedOperationException();
    }

    public String getAuthenticatorName() {
        return OauthAuthenticatorConstants.AUTHENTICATOR_NAME;
    }

    public int getPriority() {
        return PRIORITY;
    }

    public boolean isDisabled() {
        return false;
    }

    private HttpServletRequest getHttpRequest(MessageContext messageContext) {
        return (HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
    }
}
