package org.wso2.carbon.mdm.mobileservices.windows.common.util;

import java.util.HashMap;
import org.apache.commons.codec.binary.Base64;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.validate.Credential;
import org.apache.ws.security.validate.Validator;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.mdm.mobileservices.windows.common.authenticator.OAuthValidatorFactory;
import org.wso2.carbon.mdm.mobileservices.windows.common.beans.CacheEntry;
import org.wso2.carbon.mdm.mobileservices.windows.common.exceptions.AuthenticationException;
import org.wso2.carbon.mdm.mobileservices.windows.common.exceptions.OAuthTokenValidationException;
import org.wso2.carbon.mdm.mobileservices.windows.common.exceptions.WindowsDeviceEnrolmentException;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/mdm/mobileservices/windows/common/util/BSTValidator.class */
public class BSTValidator implements Validator {
    @Override // org.apache.ws.security.validate.Validator
    public Credential validate(Credential credential, RequestData requestData) throws WSSecurityException {
        String obj = ((HashMap) requestData.getMsgContext()).get("org.apache.cxf.request.uri").toString();
        String textContent = credential.getBinarySecurityToken().getElement().getFirstChild().getTextContent();
        try {
            try {
                try {
                    AuthenticationInfo validateRequest = validateRequest(obj, new String(new Base64().decode(textContent)));
                    WindowsAPIUtils.startTenantFlow(validateRequest);
                    if (!authenticate(textContent, validateRequest)) {
                        throw new WindowsDeviceEnrolmentException("Authentication failure due to invalid binary security token.");
                    }
                    PrivilegedCarbonContext.endTenantFlow();
                    return credential;
                } catch (WindowsDeviceEnrolmentException e) {
                    throw new WSSecurityException("Authentication failure occurred due to binary security token.", e);
                }
            } catch (AuthenticationException e2) {
                throw new WSSecurityException("Failure occurred in the BST validator.", e2);
            } catch (OAuthTokenValidationException e3) {
                throw new WSSecurityException("Failed to authenticate the incoming request due to oauth token validation error.", e3);
            }
        } catch (Throwable th) {
            PrivilegedCarbonContext.endTenantFlow();
            throw th;
        }
    }

    private boolean authenticate(String str, AuthenticationInfo authenticationInfo) throws AuthenticationException {
        WindowsAPIUtils.startTenantFlow(authenticationInfo);
        return (DeviceUtil.getCacheEntry(str) == null || ((CacheEntry) DeviceUtil.getCacheEntry(str)).getUsername() == null) ? false : true;
    }

    private AuthenticationInfo validateRequest(String str, String str2) throws WindowsDeviceEnrolmentException, OAuthTokenValidationException {
        AuthenticationInfo authenticationInfo = new AuthenticationInfo();
        OAuthValidationResponse validateToken = OAuthValidatorFactory.getValidator().validateToken(str2, str + ":POST");
        try {
            if (validateToken.isValid()) {
                String userName = validateToken.getUserName();
                String tenantDomain = validateToken.getTenantDomain();
                authenticationInfo.setUsername(userName);
                authenticationInfo.setTenantDomain(tenantDomain);
                authenticationInfo.setTenantId(WindowsAPIUtils.getTenantIdOFUser(userName + "@" + tenantDomain));
            } else {
                authenticationInfo.setMessage(validateToken.getErrorMsg());
            }
            return authenticationInfo;
        } catch (DeviceManagementException e) {
            throw new WindowsDeviceEnrolmentException("Authentication failure due to invalid binary security token.", (Exception) e);
        }
    }
}
