package org.wso2.carbon.identity.scim.provider.auth;

import java.util.ArrayList;
import java.util.Map;
import java.util.TreeMap;
import org.apache.axiom.om.util.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.common.model.ThreadLocalProvisioningServiceProvider;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
import org.wso2.carbon.identity.scim.provider.util.SCIMProviderConstants;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.charon.core.exceptions.InternalServerException;
import org.wso2.charon.core.exceptions.UnauthorizedException;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/identity/scim/provider/auth/BasicAuthHandler.class */
public class BasicAuthHandler implements SCIMAuthenticationHandler {
    private static Log log = LogFactory.getLog(BasicAuthHandler.class);
    private final String BASIC_AUTH_HEADER = "Basic";
    private final int DEFAULT_PRIORITY = 5;
    private Map<String, String> properties;
    private int priority;

    public void setDefaultPriority() {
        this.priority = 5;
    }

    @Override // org.wso2.carbon.identity.scim.provider.auth.SCIMAuthenticationHandler
    public int getPriority() {
        return this.priority;
    }

    @Override // org.wso2.carbon.identity.scim.provider.auth.SCIMAuthenticationHandler
    public void setPriority(int i) {
        this.priority = i;
    }

    @Override // org.wso2.carbon.identity.scim.provider.auth.SCIMAuthenticationHandler
    public boolean canHandle(Message message, ClassResourceInfo classResourceInfo) {
        String str;
        ArrayList arrayList = (ArrayList) ((TreeMap) message.get(Message.PROTOCOL_HEADERS)).get("Authorization");
        return (arrayList == null || (str = (String) arrayList.get(0)) == null || !str.contains("Basic")) ? false : true;
    }

    @Override // org.wso2.carbon.identity.scim.provider.auth.SCIMAuthenticationHandler
    public boolean isAuthenticated(Message message, ClassResourceInfo classResourceInfo) {
        ArrayList arrayList = (ArrayList) ((TreeMap) message.get(Message.PROTOCOL_HEADERS)).get("Authorization");
        if (arrayList == null) {
            log.error(new UnauthorizedException("Authentication required for this resource. Authorization header not present in the request.").getDescription());
            return false;
        }
        String str = new String(Base64.decode(((String) arrayList.get(0)).split(" ")[1]));
        String str2 = str.split(":")[0];
        String str3 = str.split(":")[1];
        if (str2 == null || str3 == null) {
            log.error(new UnauthorizedException("Authentication required for this resource. Username or password not provided.").getDescription());
            return false;
        }
        String tenantDomain = MultitenantUtils.getTenantDomain(str2);
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str2);
        try {
            RealmService realmService = (RealmService) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(RealmService.class);
            if (realmService == null) {
                log.error("Error in getting Realm Service for user: " + str2);
                log.error(new InternalServerException("Internal server error while authenticating the user: " + tenantAwareUsername + "@" + tenantDomain).getDescription());
                return false;
            }
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            if (tenantId == -1) {
                log.error("Invalid tenant domain " + tenantDomain);
                return false;
            }
            if (!realmService.getTenantUserRealm(tenantId).getUserStoreManager().authenticate(tenantAwareUsername, str3)) {
                log.error(new UnauthorizedException("Authentication failed for the user: " + tenantAwareUsername + "@" + tenantDomain).getDescription());
                return false;
            }
            ThreadLocalProvisioningServiceProvider threadLocalProvisioningServiceProvider = new ThreadLocalProvisioningServiceProvider();
            threadLocalProvisioningServiceProvider.setServiceProviderName("wso2carbon-local-sp");
            threadLocalProvisioningServiceProvider.setClaimDialect(SCIMProviderConstants.DEFAULT_SCIM_DIALECT);
            threadLocalProvisioningServiceProvider.setTenantDomain(MultitenantUtils.getTenantDomain(str2));
            IdentityApplicationManagementUtil.setThreadLocalProvisioningServiceProvider(threadLocalProvisioningServiceProvider);
            arrayList.set(0, str2);
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            threadLocalCarbonContext.setUsername(str2);
            threadLocalCarbonContext.setTenantId(tenantId);
            threadLocalCarbonContext.setTenantDomain(tenantDomain);
            return true;
        } catch (UserStoreException e) {
            log.error(new InternalServerException("Internal server error while authenticating the user.").getDescription(), e);
            return false;
        }
    }

    @Override // org.wso2.carbon.identity.scim.provider.auth.SCIMAuthenticationHandler
    public void setProperties(Map<String, String> map) {
        this.properties = map;
        if (this.properties.get(SCIMProviderConstants.PROPERTY_NAME_PRIORITY) != null) {
            this.priority = Integer.parseInt(this.properties.get(SCIMProviderConstants.PROPERTY_NAME_PRIORITY));
        } else {
            this.priority = 5;
        }
    }
}
