package org.wso2.carbon.apimgt.importexport.utils;

import java.util.List;
import java.util.StringTokenizer;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.importexport.APIExportException;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:artifacts/AM/war/api-import-export-test.war:WEB-INF/classes/org/wso2/carbon/apimgt/importexport/utils/AuthenticatorUtil.class */
public class AuthenticatorUtil {
    private static final String AUTHORIZATION_PROPERTY = "Authorization";
    private static final String AUTHENTICATION_SCHEME = "Basic";
    private static final Log log = LogFactory.getLog(AuthenticatorUtil.class);
    private static String username;
    private static String password;

    private AuthenticatorUtil() {
    }

    public static Response authorizeUser(HttpHeaders httpHeaders) throws APIExportException {
        try {
            if (!isValidCredentials(httpHeaders)) {
                log.error("No username and password is provided for authentication");
                return Response.status(Response.Status.UNAUTHORIZED).entity("No username and password is provided for authentication").type("application/json").build();
            }
            try {
                String tenantDomain = MultitenantUtils.getTenantDomain(username);
                PrivilegedCarbonContext.startTenantFlow();
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
                UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager();
                String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(username);
                if (!userStoreManager.authenticate(tenantAwareUsername, password)) {
                    Response build = Response.status(Response.Status.UNAUTHORIZED).entity("User Authentication Failed").type("application/json").build();
                    PrivilegedCarbonContext.endTenantFlow();
                    return build;
                }
                log.info(username + " user authenticated successfully");
                String adminRoleName = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getAdminRoleName();
                for (String str : userStoreManager.getRoleListOfUser(tenantAwareUsername)) {
                    if (adminRoleName.equalsIgnoreCase(str)) {
                        log.info(username + " is authorized to import and export APIs");
                        Response build2 = Response.ok().build();
                        PrivilegedCarbonContext.endTenantFlow();
                        return build2;
                    }
                }
                Response build3 = Response.status(Response.Status.FORBIDDEN).entity("User Authorization Failed").type("application/json").build();
                PrivilegedCarbonContext.endTenantFlow();
                return build3;
            } catch (UserStoreException e) {
                log.error("Error while accessing user configuration", e);
                throw new APIExportException("Error while accessing user configuration", e);
            }
        } catch (Throwable th) {
            PrivilegedCarbonContext.endTenantFlow();
            throw th;
        }
    }

    private static boolean isValidCredentials(HttpHeaders httpHeaders) throws APIExportException {
        String newStringUtf8;
        List<String> requestHeader = httpHeaders.getRequestHeader("Authorization");
        if (requestHeader == null || requestHeader.isEmpty() || (newStringUtf8 = StringUtils.newStringUtf8(Base64.decodeBase64(requestHeader.get(0).replaceFirst("Basic ", "").getBytes()))) == null) {
            return false;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(newStringUtf8, ":");
        username = stringTokenizer.nextToken();
        password = stringTokenizer.nextToken();
        return (username == null || password == null) ? false : true;
    }

    public static String getAuthenticatedUserName() {
        return username;
    }
}
