package org.wso2.carbon.mdm.mobileservices.windows.common.util;

import java.util.HashMap;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.validate.Credential;
import org.apache.ws.security.validate.Validator;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
import org.wso2.carbon.mdm.mobileservices.windows.common.beans.CacheEntry;
import org.wso2.carbon.mdm.mobileservices.windows.common.exceptions.AuthenticationException;
import org.wso2.carbon.mdm.mobileservices.windows.common.exceptions.WindowsDeviceEnrolmentException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/mdm/mobileservices/windows/common/util/BSTValidator.class */
public class BSTValidator implements Validator {
    private static Log log = LogFactory.getLog(BSTValidator.class);
    private static final String BEARER_TOKEN_TYPE = "bearer";
    private static final String RESOURCE_KEY = "resource";

    @Override // org.apache.ws.security.validate.Validator
    public Credential validate(Credential credential, RequestData requestData) throws WSSecurityException {
        String obj = ((HashMap) requestData.getMsgContext()).get("org.apache.cxf.request.uri").toString();
        String textContent = credential.getBinarySecurityToken().getElement().getFirstChild().getTextContent();
        try {
            AuthenticationInfo validateRequest = validateRequest(obj, new String(new Base64().decode(textContent)));
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            threadLocalCarbonContext.setTenantId(validateRequest.getTenantId());
            threadLocalCarbonContext.setTenantDomain(validateRequest.getTenantDomain());
            threadLocalCarbonContext.setUsername(validateRequest.getUsername());
            if (authenticate(textContent)) {
                return credential;
            }
            log.error("Authentication failure due to invalid binary security token.");
            throw new WindowsDeviceEnrolmentException("Authentication failure due to invalid binary security token.");
        } catch (AuthenticationException e) {
            log.error("Failure occurred in the BST validator.", e);
            throw new WSSecurityException("Failure occurred in the BST validator.", e);
        } catch (WindowsDeviceEnrolmentException e2) {
            log.error("Authentication Failure occurred due to binary security token.", e2);
            throw new WSSecurityException("Authentication Failure occurred due to binary security token.", e2);
        }
    }

    public boolean authenticate(String str) throws AuthenticationException {
        return ((CacheEntry) DeviceUtil.getCacheEntry(str)).getUsername() != null;
    }

    public AuthenticationInfo validateRequest(String str, String str2) throws WindowsDeviceEnrolmentException {
        AuthenticationInfo authenticationInfo = new AuthenticationInfo();
        OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO = new OAuth2TokenValidationRequestDTO();
        oAuth2TokenValidationRequestDTO.getClass();
        OAuth2TokenValidationRequestDTO.OAuth2AccessToken oAuth2AccessToken = new OAuth2TokenValidationRequestDTO.OAuth2AccessToken(oAuth2TokenValidationRequestDTO);
        oAuth2AccessToken.setTokenType(BEARER_TOKEN_TYPE);
        oAuth2AccessToken.setIdentifier(str2);
        oAuth2TokenValidationRequestDTO.setAccessToken(oAuth2AccessToken);
        oAuth2TokenValidationRequestDTO.getClass();
        OAuth2TokenValidationRequestDTO.TokenValidationContextParam tokenValidationContextParam = new OAuth2TokenValidationRequestDTO.TokenValidationContextParam(oAuth2TokenValidationRequestDTO);
        tokenValidationContextParam.setKey("resource");
        tokenValidationContextParam.setValue(str + ":POST");
        oAuth2TokenValidationRequestDTO.setContext(new OAuth2TokenValidationRequestDTO.TokenValidationContextParam[]{tokenValidationContextParam});
        try {
            OAuth2TokenValidationResponseDTO validate = WindowsAPIUtils.getOAuth2TokenValidationService().validate(oAuth2TokenValidationRequestDTO);
            if (validate.isValid()) {
                String authorizedUser = validate.getAuthorizedUser();
                authenticationInfo.setUsername(authorizedUser);
                authenticationInfo.setTenantDomain(MultitenantUtils.getTenantDomain(authorizedUser));
                authenticationInfo.setTenantId(WindowsAPIUtils.getTenantIdOFUser(authorizedUser));
            } else {
                authenticationInfo.setMessage(validate.getErrorMsg());
            }
            return authenticationInfo;
        } catch (DeviceManagementException e) {
            log.error("Authentication failure due to invalid binary security token.", e);
            throw new WindowsDeviceEnrolmentException("Authentication failure due to invalid binary security token.", (Exception) e);
        }
    }
}
