package org.wso2.carbon.identity.auth.service.handler.impl;

import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.auth.service.AuthenticationContext;
import org.wso2.carbon.identity.auth.service.AuthenticationResult;
import org.wso2.carbon.identity.auth.service.AuthenticationStatus;
import org.wso2.carbon.identity.auth.service.exception.AuthenticationFailException;
import org.wso2.carbon.identity.auth.service.handler.AuthenticationHandler;
import org.wso2.carbon.identity.auth.service.util.AuthConfigurationUtil;
import org.wso2.carbon.identity.core.bean.context.MessageContext;
import org.wso2.carbon.identity.core.handler.InitConfig;

/* loaded from: input_file:org/wso2/carbon/identity/auth/service/handler/impl/ClientAuthenticationHandler.class */
public class ClientAuthenticationHandler extends AuthenticationHandler {
    private static final Log log = LogFactory.getLog(ClientAuthenticationHandler.class);
    private final String CLIENT_AUTH_HEADER = "Client";
    private final String hashingFunction = "SHA-256";

    public void init(InitConfig initConfig) {
    }

    public String getName() {
        return "ClientAuthentication";
    }

    public int getPriority(MessageContext messageContext) {
        return getPriority(messageContext, 130);
    }

    public boolean canHandle(MessageContext messageContext) {
        return AuthConfigurationUtil.isAuthHeaderMatch(messageContext, "Client");
    }

    @Override // org.wso2.carbon.identity.auth.service.handler.AuthenticationHandler
    protected AuthenticationResult doAuthenticate(MessageContext messageContext) throws AuthenticationFailException {
        AuthenticationResult authenticationResult = new AuthenticationResult(AuthenticationStatus.FAILED);
        String[] split = ((AuthenticationContext) messageContext).getAuthenticationRequest().getHeader("Authorization").split(" ");
        if (split.length != 2) {
            log.error("Error occurred while trying to authenticate. The Authorization header values are not defined correctly.");
            throw new AuthenticationFailException("Error occurred while trying to authenticate. The Authorization header values are not defined correctly.");
        }
        String[] split2 = new String(Base64.decodeBase64(split[1].getBytes()), Charset.defaultCharset()).split(":", 2);
        if (split2.length != 2 || !StringUtils.isNotBlank(split2[0]) || !StringUtils.isNotBlank(split2[1])) {
            log.error("Error occurred while trying to authenticate. The auth application credentials are not defined correctly.");
            throw new AuthenticationFailException("Error occurred while trying to authenticate. The auth application credentials are not defined correctly.");
        }
        String str = split2[0];
        String str2 = split2[1];
        String clientAuthenticationHash = AuthConfigurationUtil.getInstance().getClientAuthenticationHash(str);
        if (StringUtils.isNotBlank(clientAuthenticationHash)) {
            try {
                byte[] digest = MessageDigest.getInstance("SHA-256").digest(str2.getBytes());
                StringBuilder sb = new StringBuilder();
                for (byte b : digest) {
                    sb.append(Integer.toString((b & 255) + 256, 16).substring(1));
                }
                if (clientAuthenticationHash.equals(sb.toString())) {
                    authenticationResult.setAuthenticationStatus(AuthenticationStatus.SUCCESS);
                    if (log.isDebugEnabled()) {
                        log.debug("Client Authentication Successful for the application: " + str);
                    }
                }
            } catch (NoSuchAlgorithmException e) {
                log.error("Error occurred while hashing the app data.", e);
                throw new AuthenticationFailException("Error occurred while hashing the app data.");
            }
        } else if (log.isDebugEnabled()) {
            log.debug("No matching application configuration found for :" + str);
        }
        return authenticationResult;
    }
}
