package org.wso2.carbon.mdm.mobileservices.windows.common.util;

import java.util.Hashtable;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.validate.Credential;
import org.apache.ws.security.validate.Validator;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.mdm.mobileservices.windows.common.exceptions.AuthenticationException;
import org.wso2.carbon.mdm.mobileservices.windows.common.exceptions.WindowsDeviceEnrolmentException;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/mdm/mobileservices/windows/common/util/UsernameTokenValidator.class */
public class UsernameTokenValidator implements Validator {
    private static final int USER_SEGMENT = 0;
    private static final int DOMAIN_SEGMENT = 1;
    private static final String DELIMITER = "@";
    private static Log log = LogFactory.getLog(UsernameTokenValidator.class);

    @Override // org.apache.ws.security.validate.Validator
    public Credential validate(Credential credential, RequestData requestData) throws WSSecurityException {
        String[] split = credential.getUsernametoken().getName().split(DELIMITER);
        try {
            if (authenticate(split[0], credential.getUsernametoken().getPassword(), split[1])) {
                return credential;
            }
            log.error("Authentication failure due to incorrect credentials.");
            throw new WindowsDeviceEnrolmentException("Authentication failure due to incorrect credentials.");
        } catch (Exception e) {
            log.error("Failure occurred in the credential validator.", e);
            throw new WSSecurityException("Failure occurred in the credential validator.", e);
        }
    }

    public boolean authenticate(String str, String str2, String str3) throws AuthenticationException {
        try {
            try {
                PrivilegedCarbonContext.startTenantFlow();
                PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                threadLocalCarbonContext.setTenantDomain("carbon.super");
                threadLocalCarbonContext.setTenantId(-1234);
                RealmService realmService = (RealmService) threadLocalCarbonContext.getOSGiService(RealmService.class, (Hashtable) null);
                if (realmService == null) {
                    log.error("RealmService not initialized.");
                    throw new AuthenticationException("RealmService not initialized.");
                }
                int tenantId = (str3 == null || str3.trim().isEmpty()) ? -1234 : realmService.getTenantManager().getTenantId(str3);
                if (tenantId == -1) {
                    String str4 = "Invalid tenant domain " + str3;
                    log.error(str4);
                    throw new AuthenticationException(str4);
                }
                boolean authenticate = realmService.getTenantUserRealm(tenantId).getUserStoreManager().authenticate(str, str2);
                PrivilegedCarbonContext.endTenantFlow();
                return authenticate;
            } catch (UserStoreException e) {
                log.error("User store is not initialized.", e);
                throw new AuthenticationException("User store is not initialized.", (Exception) e);
            }
        } catch (Throwable th) {
            PrivilegedCarbonContext.endTenantFlow();
            throw th;
        }
    }
}
