package org.apache.stratos.rest.endpoint.handlers;

import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.apache.cxf.security.SecurityContext;
import org.apache.stratos.rest.endpoint.ServiceHolder;
import org.apache.stratos.rest.endpoint.Utils;
import org.apache.stratos.rest.endpoint.context.AuthenticationContext;
import org.apache.stratos.rest.endpoint.security.StratosSecurityContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.AnonymousSessionUtil;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:WEB-INF/classes/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.class */
public class StratosAuthenticationHandler extends AbstractAuthenticationAuthorizationHandler {
    private static Log log = LogFactory.getLog(StratosAuthenticationHandler.class);
    private static String SUPPORTED_AUTHENTICATION_TYPE = "Basic";

    @Override // org.apache.stratos.rest.endpoint.handlers.AbstractAuthenticationAuthorizationHandler
    public boolean canHandle(String str) {
        return SUPPORTED_AUTHENTICATION_TYPE.equals(str);
    }

    @Override // org.apache.stratos.rest.endpoint.handlers.AbstractAuthenticationAuthorizationHandler
    public Response handle(Message message, ClassResourceInfo classResourceInfo) {
        Object attribute = ((HttpServletRequest) message.get("HTTP.REQUEST")).getAttribute("javax.servlet.request.X509Certificate");
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class);
        String trim = authorizationPolicy.getUserName().trim();
        String trim2 = authorizationPolicy.getPassword().trim();
        if (trim == null || trim.equals("")) {
            log.error("username is seen as null/empty values.");
            return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic").type("application/json").entity(Utils.buildMessage("Username cannot be null")).build();
        }
        if (attribute == null && (trim2 == null || trim2.equals(""))) {
            log.error("password is seen as null/empty values.");
            return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic").type("application/json").entity(Utils.buildMessage("password cannot be null")).build();
        }
        try {
            RealmService realmService = ServiceHolder.getRealmService();
            RegistryService registryService = ServiceHolder.getRegistryService();
            String tenantDomain = MultitenantUtils.getTenantDomain(trim);
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            UserRealm userRealm = null;
            if (attribute == null) {
                userRealm = AnonymousSessionUtil.getRealmByTenantDomain(registryService, realmService, tenantDomain);
                if (userRealm == null) {
                    log.error("Invalid domain or unactivated tenant login");
                    return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic").type("application/json").entity(Utils.buildMessage("Tenant not found")).build();
                }
            }
            String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(trim);
            if (attribute == null && !userRealm.getUserStoreManager().authenticate(tenantAwareUsername, trim2)) {
                log.warn("unable to authenticate the request");
                return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic").type("application/json").entity(Utils.buildMessage("Authentication failed. Please check your username/password")).build();
            }
            PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            threadLocalCarbonContext.setTenantDomain(tenantDomain);
            threadLocalCarbonContext.setTenantId(tenantId);
            threadLocalCarbonContext.setUsername(tenantAwareUsername);
            message.put(SecurityContext.class, new StratosSecurityContext(tenantAwareUsername));
            AuthenticationContext.setAuthenticated(true);
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("authenticated using the " + CookieBasedAuthenticationHandler.class.getName() + "for username  :" + tenantAwareUsername + "tenantDomain : " + tenantDomain + " tenantId : " + tenantId);
            return null;
        } catch (Exception e) {
            log.error("Authentication failed", e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type("application/json").entity(Utils.buildMessage("Unexpected error. Please contact the system admin")).build();
        }
    }
}
