package org.wso2.carbon.bpmn.rest.security;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Map;
import javax.ws.rs.core.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.wso2.carbon.bpmn.core.exception.BPMNAuthenticationException;
import org.wso2.carbon.bpmn.rest.common.RestErrorResponse;
import org.wso2.carbon.bpmn.rest.common.exception.RestApiBasicAuthenticationException;
import org.wso2.carbon.bpmn.rest.common.utils.BPMNOSGIService;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.registry.core.config.RegistryContext;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/bpmn/rest/security/AuthenticationHandler.class */
public class AuthenticationHandler implements RequestHandler {
    public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    public static final String AUTHORIZATION_HEADER_NAME = "Authorization";
    protected Log log = LogFactory.getLog(AuthenticationHandler.class);
    private static final String AUTH_TYPE_BASIC = "Basic";
    private static final String AUTH_TYPE_NONE = "None";
    private static final String AUTH_TYPE_OAuth = "Bearer";

    public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class);
        if (authorizationPolicy != null) {
            if (AUTH_TYPE_BASIC.equals(authorizationPolicy.getAuthorizationType())) {
                return handleBasicAuth(authorizationPolicy);
            }
            if (AUTH_TYPE_OAuth.equals(authorizationPolicy.getAuthorizationType())) {
                return handleOAuth(message);
            }
        }
        return authenticationFail(AUTH_TYPE_BASIC);
    }

    protected Response handleBasicAuth(AuthorizationPolicy authorizationPolicy) {
        String userName = authorizationPolicy.getUserName();
        try {
            if (authenticate(userName, authorizationPolicy.getPassword())) {
                return null;
            }
        } catch (RestApiBasicAuthenticationException e) {
            this.log.error("Could not authenticate user : " + userName + "against carbon userStore", e);
        }
        return authenticationFail();
    }

    protected Response handleOAuth(Message message) {
        ArrayList arrayList = (ArrayList) ((Map) message.get(Message.PROTOCOL_HEADERS)).get("Authorization");
        return (arrayList == null || !((String) arrayList.get(0)).startsWith(AUTH_TYPE_OAuth)) ? authenticationFail(AUTH_TYPE_OAuth) : authenticationFail(AUTH_TYPE_OAuth);
    }

    private boolean authenticate(String str, String str2) throws RestApiBasicAuthenticationException {
        try {
            if (!BPMNOSGIService.getIdentityService().checkPassword(str, str2)) {
                return false;
            }
            String tenantDomain = MultitenantUtils.getTenantDomain(str);
            String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
            String str3 = tenantAwareUsername + "@" + tenantDomain;
            try {
                int tenantId = RegistryContext.getBaseInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
                if (tenantId == -1) {
                    if (!this.log.isDebugEnabled()) {
                        return false;
                    }
                    this.log.debug("Basic authentication request with an invalid tenant : " + str3);
                    return false;
                }
                PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                threadLocalCarbonContext.setUsername(tenantAwareUsername);
                threadLocalCarbonContext.setTenantId(tenantId);
                threadLocalCarbonContext.setTenantDomain(tenantDomain);
                return true;
            } catch (UserStoreException e) {
                throw new RestApiBasicAuthenticationException("Identity exception thrown while getting tenant ID for user : " + str3, e);
            }
        } catch (BPMNAuthenticationException e2) {
            throw new RestApiBasicAuthenticationException(e2.getMessage(), e2);
        }
    }

    private Response authenticationFail() {
        return authenticationFail(AUTH_TYPE_BASIC);
    }

    private Response authenticationFail(String str) {
        RestErrorResponse restErrorResponse = new RestErrorResponse();
        restErrorResponse.setErrorMessage("Authentication required");
        restErrorResponse.setStatusCode(Response.Status.UNAUTHORIZED.getStatusCode());
        String str2 = null;
        try {
            str2 = new ObjectMapper().writeValueAsString(restErrorResponse);
        } catch (IOException e) {
            this.log.error("Error Json String conversion failed", e);
        }
        return Response.status(restErrorResponse.getStatusCode()).type("application/json").header("WWW-Authenticate", str).entity(str2).build();
    }
}
