package org.wso2.carbon.registry.rest.api.handler;

import javax.ws.rs.core.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.registry.core.config.RegistryContext;
import org.wso2.carbon.registry.rest.api.exception.RestApiBasicAuthenticationException;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/registry/rest/api/handler/RestApiBasicAuthenticationHandler.class */
public class RestApiBasicAuthenticationHandler implements RequestHandler {
    protected Log log = LogFactory.getLog(RestApiBasicAuthenticationHandler.class);

    public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Registry REST API Basic authentication handler execution started");
        }
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class);
        if (authorizationPolicy == null || !"Basic".equals(authorizationPolicy.getAuthorizationType())) {
            return null;
        }
        try {
            if (authenticate(authorizationPolicy.getUserName(), authorizationPolicy.getPassword())) {
                return null;
            }
            return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic").build();
        } catch (RestApiBasicAuthenticationException e) {
            this.log.error("Could not authenticate user : " + authorizationPolicy.getUserName() + "against carbon userStore", e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
        }
    }

    private boolean authenticate(String str, String str2) throws RestApiBasicAuthenticationException {
        String tenantDomain = MultitenantUtils.getTenantDomain(str);
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
        String str3 = tenantAwareUsername + "@" + tenantDomain;
        RealmService realmService = RegistryContext.getBaseInstance().getRealmService();
        try {
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            if (tenantId == -1) {
                if (!this.log.isDebugEnabled()) {
                    return false;
                }
                this.log.debug("Basic authentication request with an invalid tenant : " + str3);
                return false;
            }
            try {
                boolean authenticate = realmService.getTenantUserRealm(tenantId).getUserStoreManager().authenticate(tenantAwareUsername, str2);
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Basic authentication request completed. Username : " + str3 + ", Authentication State : " + authenticate);
                }
                if (authenticate) {
                    PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                    threadLocalCarbonContext.setUsername(str);
                    threadLocalCarbonContext.setTenantId(tenantId);
                    threadLocalCarbonContext.setTenantDomain(tenantDomain);
                }
                return authenticate;
            } catch (UserStoreException e) {
                throw new RestApiBasicAuthenticationException("User store exception thrown while authenticating user : " + str3, e);
            }
        } catch (UserStoreException e2) {
            throw new RestApiBasicAuthenticationException("Identity exception thrown while getting tenant ID for user : " + str3, e2);
        }
    }
}
