package org.wso2.carbon.governance.rest.api.security;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.ws.rs.core.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.governance.rest.api.RestApiBasicAuthenticationException;
import org.wso2.carbon.registry.core.config.RegistryContext;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/governance/rest/api/security/AuthenticationHandler.class */
public class AuthenticationHandler implements RequestHandler {
    public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    public static final String AUTHORIZATION_HEADER_NAME = "Authorization";
    protected Log log = LogFactory.getLog(AuthenticationHandler.class);
    private static final String AUTH_TYPE_BASIC = "Basic";
    private static final String AUTH_TYPE_BASIC_REALM_VALUE = " Realm=\"WSO2-Registry\"";
    private static final String AUTH_TYPE_OAuth = "Bearer";
    private static final String METHOD_GET = "GET";

    public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class);
        return (authorizationPolicy == null || !AUTH_TYPE_BASIC.equals(authorizationPolicy.getAuthorizationType())) ? authorizationPolicy != null ? handleOAuth(message) : handleAnonymousAcess(message) : handleBasicAuth(authorizationPolicy, message);
    }

    private Response handleAnonymousAcess(Message message) {
        String str = (String) message.get("org.apache.cxf.request.method");
        if (str == null || !METHOD_GET.equals(str)) {
            return authenticationFail("Basic Realm=\"WSO2-Registry\"");
        }
        String tenantDomain = getTenantDomain(null, message);
        PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        threadLocalCarbonContext.setUsername("wso2.anonymous.user");
        threadLocalCarbonContext.setTenantId(getTenantId(tenantDomain));
        threadLocalCarbonContext.setTenantDomain(tenantDomain);
        return null;
    }

    protected Response handleBasicAuth(AuthorizationPolicy authorizationPolicy, Message message) {
        String userName = authorizationPolicy.getUserName();
        try {
            if (authenticate(userName, authorizationPolicy.getPassword(), getTenantDomain(userName, message))) {
                return null;
            }
        } catch (RestApiBasicAuthenticationException e) {
            this.log.error("Could not authenticate user : " + userName + "against carbon userStore", e);
        }
        return authenticationFail();
    }

    protected Response handleOAuth(Message message) {
        ArrayList arrayList = (ArrayList) ((Map) message.get(Message.PROTOCOL_HEADERS)).get(AUTHORIZATION_HEADER_NAME);
        return (arrayList == null || !((String) arrayList.get(0)).startsWith(AUTH_TYPE_OAuth)) ? authenticationFail("Basic Realm=\"WSO2-Registry\"") : authenticationFail(AUTH_TYPE_OAuth);
    }

    private boolean authenticate(String str, String str2, String str3) throws RestApiBasicAuthenticationException {
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
        String str4 = tenantAwareUsername + "@" + str3;
        RealmService realmService = RegistryContext.getBaseInstance().getRealmService();
        int tenantId = getTenantId(str3);
        if (tenantId == -1) {
            if (!this.log.isDebugEnabled()) {
                return false;
            }
            this.log.debug("Basic authentication request with an invalid tenant : " + str4);
            return false;
        }
        try {
            boolean authenticate = realmService.getTenantUserRealm(tenantId).getUserStoreManager().authenticate(tenantAwareUsername, str2);
            if (this.log.isDebugEnabled()) {
                this.log.debug("Basic authentication request completed. Username : " + str4 + ", Authentication State : " + authenticate);
            }
            if (authenticate) {
                PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                threadLocalCarbonContext.setUsername(tenantAwareUsername);
                threadLocalCarbonContext.setTenantId(tenantId);
                threadLocalCarbonContext.setTenantDomain(str3);
            }
            return authenticate;
        } catch (UserStoreException e) {
            throw new RestApiBasicAuthenticationException("User store exception thrown while authenticating user : " + str4, e);
        }
    }

    private String getTenantDomain(String str, Message message) {
        Map map;
        List list;
        int indexOf;
        String str2 = null;
        String str3 = (String) message.get(Message.QUERY_STRING);
        if (str3 != null && !str3.isEmpty() && (indexOf = str3.indexOf("tenant=")) > -1) {
            String substring = str3.substring(indexOf + 7);
            int indexOf2 = substring.indexOf(",");
            str2 = indexOf2 > 0 ? substring.substring(0, indexOf2) : substring;
        }
        if ((str2 == null || str2.isEmpty()) && (map = (Map) message.get(Message.PROTOCOL_HEADERS)) != null && !map.isEmpty() && (list = (List) map.get("X_TENANT")) != null && !list.isEmpty()) {
            str2 = (String) list.get(0);
        }
        if ((str2 == null || str2.isEmpty()) && str != null) {
            str2 = MultitenantUtils.getTenantDomain(str);
        }
        if (str2 == null) {
            str2 = "carbon.super";
        }
        return str2;
    }

    private int getTenantId(String str) {
        try {
            return RegistryContext.getBaseInstance().getRealmService().getTenantManager().getTenantId(str);
        } catch (UserStoreException e) {
            this.log.error("Identity exception thrown while getting tenantID for : " + str, e);
            return 0;
        }
    }

    private Response authenticationFail() {
        return authenticationFail("Basic Realm=\"WSO2-Registry\"");
    }

    private Response authenticationFail(String str) {
        return Response.status(401).header(WWW_AUTHENTICATE, str).build();
    }
}
