package org.wso2.carbon.auth.rest.api.commons.authenticators;

import java.lang.reflect.Method;
import java.util.Locale;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.auth.core.api.UserNameMapper;
import org.wso2.carbon.auth.core.exception.AuthException;
import org.wso2.carbon.auth.core.impl.UserNameMapperFactory;
import org.wso2.carbon.auth.rest.api.authenticators.api.RESTAPIAuthenticator;
import org.wso2.carbon.auth.rest.api.authenticators.exceptions.ExceptionCodes;
import org.wso2.carbon.auth.rest.api.authenticators.exceptions.RestAPIAuthSecurityException;
import org.wso2.carbon.auth.rest.api.commons.RestApiConstants;
import org.wso2.carbon.auth.token.introspection.IntrospectionManager;
import org.wso2.carbon.auth.token.introspection.dto.IntrospectionResponse;
import org.wso2.carbon.auth.token.introspection.impl.IntrospectionManagerImpl;
import org.wso2.msf4j.Request;
import org.wso2.msf4j.Response;

/* loaded from: input_file:org/wso2/carbon/auth/rest/api/commons/authenticators/Oauth2Authenticator.class */
public class Oauth2Authenticator implements RESTAPIAuthenticator {
    private static final Logger log = LoggerFactory.getLogger(Oauth2Authenticator.class);
    private UserNameMapper userNameMapper;
    private IntrospectionManager introspectionManager;

    protected Oauth2Authenticator(UserNameMapper userNameMapper, IntrospectionManager introspectionManager) {
        this.userNameMapper = userNameMapper;
        this.introspectionManager = introspectionManager;
    }

    public Oauth2Authenticator() {
        this.introspectionManager = new IntrospectionManagerImpl();
        this.userNameMapper = UserNameMapperFactory.getInstance().getUserNameMapper();
    }

    public boolean authenticate(Request request, Response response, Method method) throws RestAPIAuthSecurityException {
        String header = request.getHeader(RestApiConstants.AUTHORIZATION_HTTP_HEADER);
        if (!header.toLowerCase(Locale.US).startsWith(RestApiConstants.AUTH_TYPE_BEARER.toLowerCase(Locale.US))) {
            throw new RestAPIAuthSecurityException("Missing Authorization header in the request.`", ExceptionCodes.MALFORMED_AUTHORIZATION_HEADER_OAUTH);
        }
        String trim = header.substring(RestApiConstants.AUTH_TYPE_BEARER.length()).trim();
        if (!StringUtils.isNotEmpty(trim)) {
            throw new RestAPIAuthSecurityException("Missing 'Authorization : Bearer' header in the request.`", ExceptionCodes.MALFORMED_AUTHORIZATION_HEADER_OAUTH);
        }
        IntrospectionResponse introspect = this.introspectionManager.introspect(trim);
        if (!introspect.isActive()) {
            return false;
        }
        request.setProperty("LOGGED_IN_USER", introspect.getUsername());
        try {
            request.setProperty("LOGGED_IN_PSEUDO_USER", this.userNameMapper.getLoggedInPseudoNameFromUserID(introspect.getUsername()));
            return true;
        } catch (AuthException e) {
            log.error("Error while creating PseudoName", e);
            throw new RestAPIAuthSecurityException("Error while creating PseudoName", ExceptionCodes.INTERNAL_ERROR);
        }
    }
}
