package org.wso2.carbon.identity.auth.service.handler.impl;

import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.auth.service.AuthenticationContext;
import org.wso2.carbon.identity.auth.service.AuthenticationResult;
import org.wso2.carbon.identity.auth.service.AuthenticationStatus;
import org.wso2.carbon.identity.auth.service.exception.AuthClientException;
import org.wso2.carbon.identity.auth.service.exception.AuthServerException;
import org.wso2.carbon.identity.auth.service.exception.AuthenticationFailException;
import org.wso2.carbon.identity.auth.service.handler.AuthenticationHandler;
import org.wso2.carbon.identity.core.bean.context.MessageContext;
import org.wso2.carbon.identity.core.handler.InitConfig;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/auth/service/handler/impl/ClientCertificateBasedAuthenticationHandler.class */
public class ClientCertificateBasedAuthenticationHandler extends AuthenticationHandler {
    private static final Log log = LogFactory.getLog(ClientCertificateBasedAuthenticationHandler.class);
    private static final String CLIENT_CERTIFICATE_ATTRIBUTE_NAME = "javax.servlet.request.X509Certificate";
    private static final String USER_HEADER_NAME = "WSO2-Identity-User";

    public void init(InitConfig initConfig) {
    }

    public String getName() {
        return "ClientCertificate";
    }

    public boolean isEnabled(MessageContext messageContext) {
        return true;
    }

    public int getPriority(MessageContext messageContext) {
        return 10;
    }

    public boolean canHandle(MessageContext messageContext) {
        if (!(messageContext instanceof AuthenticationContext)) {
            return false;
        }
        AuthenticationContext authenticationContext = (AuthenticationContext) messageContext;
        return (authenticationContext.getAuthenticationRequest() == null || authenticationContext.getAuthenticationRequest().getAttribute(CLIENT_CERTIFICATE_ATTRIBUTE_NAME) == null) ? false : true;
    }

    @Override // org.wso2.carbon.identity.auth.service.handler.AuthenticationHandler
    protected AuthenticationResult doAuthenticate(MessageContext messageContext) throws AuthServerException, AuthenticationFailException, AuthClientException {
        AuthenticationResult authenticationResult = new AuthenticationResult(AuthenticationStatus.FAILED);
        if (messageContext instanceof AuthenticationContext) {
            AuthenticationContext authenticationContext = (AuthenticationContext) messageContext;
            if (authenticationContext.getAuthenticationRequest() != null && authenticationContext.getAuthenticationRequest().getAttribute(CLIENT_CERTIFICATE_ATTRIBUTE_NAME) != null) {
                String header = authenticationContext.getAuthenticationRequest().getHeader(USER_HEADER_NAME);
                if (StringUtils.isNotEmpty(header)) {
                    String tenantDomain = MultitenantUtils.getTenantDomain(header);
                    if ("carbon.super".equals(tenantDomain) && header.endsWith("@carbon.super")) {
                        header = header.substring(0, header.length() - "@carbon.super".length());
                    }
                    User user = new User();
                    user.setUserName(header);
                    user.setTenantDomain(tenantDomain);
                    authenticationContext.setUser(user);
                    authenticationResult.setAuthenticationStatus(AuthenticationStatus.SUCCESS);
                    if (log.isDebugEnabled()) {
                        log.debug(String.format("Client certificate based authentication was successful. Set '%s' as the user", header));
                    }
                }
            }
        }
        return authenticationResult;
    }
}
