package org.wso2.carbon.apimgt.importexport.utils;

import java.net.URL;
import java.util.List;
import java.util.StringTokenizer;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.importexport.APIExportException;
import org.wso2.carbon.apimgt.importexport.APIImportExportConstants;
import org.wso2.carbon.authenticator.stub.AuthenticationAdminStub;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:artifacts/AM/war/api-import-export-test.war:WEB-INF/classes/org/wso2/carbon/apimgt/importexport/utils/AuthenticatorUtil.class */
public class AuthenticatorUtil {
    private static final String AUTHORIZATION_PROPERTY = "Authorization";
    private static final String AUTHENTICATION_SCHEME = "Basic";
    private static final Log log = LogFactory.getLog(AuthenticatorUtil.class);
    private static final String APIM_ADMIN_PERMISSION = "/permission/admin/manage/apim_admin";
    private static final String APIM_LOGIN_PERMISSION = "/permission/admin/login";
    private static final String APIM_API_CREATE_PERMISSION = "/permission/admin/manage/api/create";

    private AuthenticatorUtil() {
    }

    public static Response authorizeUser(HttpHeaders httpHeaders) throws APIExportException {
        AuthenticationContext authenticationContext = getAuthenticationContext(httpHeaders);
        String username = authenticationContext.getUsername();
        String password = authenticationContext.getPassword();
        if (username != null) {
            try {
                if (password != null) {
                    try {
                        String tenantDomain = MultitenantUtils.getTenantDomain(username);
                        authenticationContext.setTenantDomain(tenantDomain);
                        PrivilegedCarbonContext.startTenantFlow();
                        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
                        String firstProperty = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration().getFirstProperty("AuthManager.ServerURL");
                        AuthenticationAdminStub authenticationAdminStub = new AuthenticationAdminStub((ConfigurationContext) null, firstProperty + APIImportExportConstants.AUTHENTICATION_ADMIN_SERVICE_ENDPOINT);
                        authenticationAdminStub._getServiceClient().getOptions().setManageSession(true);
                        if (!authenticationAdminStub.login(username, password, new URL(firstProperty).getHost())) {
                            Response build = Response.status(Response.Status.UNAUTHORIZED).entity("User Authentication Failed").type("application/json").build();
                            PrivilegedCarbonContext.endTenantFlow();
                            return build;
                        }
                        log.info(username + " user authenticated successfully");
                        String userName = APIUtil.getLoggedInUserInfo((String) authenticationAdminStub._getServiceClient().getLastOperationContext().getServiceContext().getProperty("Cookie"), firstProperty).getUserName();
                        authenticationContext.setDomainAwareUsername(userName);
                        String[] roleListOfUser = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager().getRoleListOfUser(userName);
                        String adminRoleName = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getAdminRoleName();
                        for (String str : roleListOfUser) {
                            if (adminRoleName.equalsIgnoreCase(str)) {
                                log.info(username + " is authorized to import and export APIs");
                                Response build2 = Response.ok().entity(authenticationContext).build();
                                PrivilegedCarbonContext.endTenantFlow();
                                return build2;
                            }
                        }
                        AuthorizationManager authorizationManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getAuthorizationManager();
                        if (!authorizationManager.isUserAuthorized(userName, APIM_ADMIN_PERMISSION, "ui.execute") || !authorizationManager.isUserAuthorized(userName, APIM_LOGIN_PERMISSION, "ui.execute") || !authorizationManager.isUserAuthorized(userName, APIM_API_CREATE_PERMISSION, "ui.execute")) {
                            Response build3 = Response.status(Response.Status.FORBIDDEN).entity("User Authorization Failed").type("application/json").build();
                            PrivilegedCarbonContext.endTenantFlow();
                            return build3;
                        }
                        log.info(username + " is authorized to import and export APIs");
                        Response build4 = Response.ok().entity(authenticationContext).build();
                        PrivilegedCarbonContext.endTenantFlow();
                        return build4;
                    } catch (Exception e) {
                        log.error("Error while authenticating the user", e);
                        throw new APIExportException("Error while authenticating the user", e);
                    }
                }
            } catch (Throwable th) {
                PrivilegedCarbonContext.endTenantFlow();
                throw th;
            }
        }
        log.error("No username or password is provided for authentication");
        return Response.status(Response.Status.UNAUTHORIZED).entity("No username or password is provided for authentication").type("application/json").build();
    }

    private static AuthenticationContext getAuthenticationContext(HttpHeaders httpHeaders) throws APIExportException {
        AuthenticationContext authenticationContext = new AuthenticationContext();
        List<String> requestHeader = httpHeaders.getRequestHeader("Authorization");
        if (requestHeader == null || requestHeader.isEmpty()) {
            return authenticationContext;
        }
        String newStringUtf8 = StringUtils.newStringUtf8(Base64.decodeBase64(requestHeader.get(0).replaceFirst("Basic ", "").getBytes()));
        if (newStringUtf8 != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(newStringUtf8, ":");
            authenticationContext.setUsername(stringTokenizer.nextToken());
            authenticationContext.setPassword(stringTokenizer.nextToken());
        }
        return authenticationContext;
    }
}
