package org.wso2.carbon.core.services.authentication;

import java.util.Calendar;
import java.util.HashMap;
import javax.servlet.http.HttpServletResponse;
import org.apache.axiom.util.base64.Base64Utils;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.transport.RequestResponseTransport;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.BundleContext;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.core.services.authentication.AuthenticationFailureException;
import org.wso2.carbon.core.services.internal.CarbonServicesServiceComponent;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/core/services/authentication/BasicAccessAuthenticator.class */
public class BasicAccessAuthenticator extends AbstractAuthenticator {
    private static final String AUTHENTICATOR_NAME = "BasicAccessAuthenticator";
    private static final String CARBON_BASIC_AUTH_PASSWORD = "CARBON_BASIC_AUTH_PASSWORD";
    private static final Log log = LogFactory.getLog(BasicAccessAuthenticator.class);

    @Override // org.wso2.carbon.core.services.authentication.AbstractAuthenticator
    protected String getUserNameFromRequest(MessageContext messageContext) {
        String header = AuthenticationUtil.getHeader("Authorization", messageContext);
        if (header == null) {
            log.debug("Authorization header missing !!");
            createUnAuthorizedResponse(messageContext);
            return null;
        }
        String[] decodeAuthorizationHeader = decodeAuthorizationHeader(header);
        if (decodeAuthorizationHeader.length != 2) {
            log.debug("Invalid authorization header received");
            createUnAuthorizedResponse(messageContext);
            return null;
        }
        if (decodeAuthorizationHeader[0] == null || decodeAuthorizationHeader[0].isEmpty()) {
            createUnAuthorizedResponse(messageContext);
            return null;
        }
        if (decodeAuthorizationHeader[1] == null || decodeAuthorizationHeader[1].isEmpty()) {
            createUnAuthorizedResponse(messageContext);
            return null;
        }
        messageContext.setProperty(CARBON_BASIC_AUTH_PASSWORD, decodeAuthorizationHeader[1]);
        return decodeAuthorizationHeader[0];
    }

    private void createUnAuthorizedResponse(MessageContext messageContext) {
        String firstProperty = ServerConfiguration.getInstance().getFirstProperty("Name");
        HttpServletResponse httpServletResponse = (HttpServletResponse) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETRESPONSE);
        if (httpServletResponse != null) {
            httpServletResponse.setStatus(401);
            httpServletResponse.addHeader("Server", "WSO2 Server");
            httpServletResponse.addDateHeader("Date", Calendar.getInstance().getTimeInMillis());
            httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + firstProperty + "\"");
            httpServletResponse.setContentType("text/html");
        } else {
            messageContext.setProperty("NIO-ACK-Requested", "true");
            messageContext.setProperty("HTTP_SC", 401);
            HashMap hashMap = new HashMap();
            hashMap.put("WWW-Authenticate", "Basic realm=\"" + firstProperty + "\"");
            hashMap.put("Server", "WSO2 Server");
            hashMap.put("Date", Long.toString(Calendar.getInstance().getTimeInMillis()));
            messageContext.setProperty("TRANSPORT_HEADERS", hashMap);
        }
        messageContext.setProperty(ServerAuthenticator.CONTINUE_PROCESSING, "false");
        RequestResponseTransport requestResponseTransport = (RequestResponseTransport) messageContext.getProperty("RequestResponseTransportControl");
        if (requestResponseTransport != null) {
            requestResponseTransport.setResponseWritten(true);
        }
    }

    private String[] decodeAuthorizationHeader(String str) {
        byte[] decode = Base64Utils.decode(str.trim().split(" ")[1].trim());
        if (decode != null) {
            return new String(decode).split(":");
        }
        log.debug("Error decoding authorization header. Could not retrieve user name and password.");
        return new String[]{null, null};
    }

    @Override // org.wso2.carbon.core.services.authentication.AbstractAuthenticator
    protected void doAuthentication(String str, int i, MessageContext messageContext) throws AuthenticationFailureException {
        try {
            UserRealm userRealm = AuthenticatorHelper.getUserRealm(i, getRealmService(), CarbonServicesServiceComponent.getRegistryService());
            String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
            String str2 = (String) messageContext.getProperty(CARBON_BASIC_AUTH_PASSWORD);
            if (str2 == null) {
                throw new AuthenticationFailureException(AuthenticationFailureException.AuthenticationFailureReason.INVALID_PASSWORD, str);
            }
            try {
                if (userRealm.getUserStoreManager().authenticate(tenantAwareUsername, str2)) {
                    return;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Failed authentication for user " + str);
                }
                throw new AuthenticationFailureException(AuthenticationFailureException.AuthenticationFailureReason.INVALID_PASSWORD, str);
            } catch (UserStoreException e) {
                log.error("Unable to get UserStoreManager for authentication. User - " + str, e);
                throw new AuthenticationFailureException(AuthenticationFailureException.AuthenticationFailureReason.SYSTEM_ERROR, str);
            }
        } catch (Exception e2) {
            log.error("Error retrieving user realm for authentication. Tenant id " + i + " user name " + str, e2);
            throw new AuthenticationFailureException(AuthenticationFailureException.AuthenticationFailureReason.SYSTEM_ERROR, str);
        }
    }

    @Override // org.wso2.carbon.core.services.authentication.AbstractAuthenticator
    protected RealmService getRealmService() throws Exception {
        return CarbonServicesServiceComponent.getRealmService();
    }

    @Override // org.wso2.carbon.core.services.authentication.AbstractAuthenticator
    protected BundleContext getBundleContext() throws Exception {
        return CarbonServicesServiceComponent.getBundleContext();
    }

    @Override // org.wso2.carbon.core.services.authentication.ServerAuthenticator
    public boolean canHandle(MessageContext messageContext) {
        String header = AuthenticationUtil.getHeader("Authorization", messageContext);
        if (header == null) {
            return true;
        }
        String authType = getAuthType(header);
        return authType != null && authType.equalsIgnoreCase("Basic");
    }

    protected String getAuthType(String str) {
        String[] split = str.trim().split(" ");
        if (split == null || split.length == 0) {
            return null;
        }
        return split[0].trim();
    }

    @Override // org.wso2.carbon.core.services.authentication.ServerAuthenticator
    public String getAuthenticatorName() {
        return AUTHENTICATOR_NAME;
    }

    @Override // org.wso2.carbon.core.services.authentication.BackendAuthenticator
    public boolean isDisabled() {
        return false;
    }

    @Override // org.wso2.carbon.core.services.authentication.AbstractAuthenticator
    protected boolean isRememberMeRequest(String str, MessageContext messageContext) {
        String header = AuthenticationUtil.getHeader("RememberMe", messageContext);
        return header != null && header.equals("true");
    }

    @Override // org.wso2.carbon.core.services.authentication.AbstractAuthenticator
    protected void populateRememberMeDataInReply(String str, int i, MessageContext messageContext) {
        HttpServletResponse httpServletResponse = (HttpServletResponse) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETRESPONSE);
        if (httpServletResponse != null) {
            httpServletResponse.addHeader("RememberMeCookieValue", str);
            httpServletResponse.addHeader("RememberMeCookieAge", Integer.toString(i));
        }
        HashMap hashMap = new HashMap();
        hashMap.put("RememberMeCookieValue", str);
        hashMap.put("RememberMeCookieAge", Integer.toString(i));
        messageContext.setProperty("TRANSPORT_HEADERS", hashMap);
    }

    @Override // org.wso2.carbon.core.services.authentication.AbstractAuthenticator, org.wso2.carbon.core.services.authentication.BackendAuthenticator
    public int getPriority() {
        int priority = super.getPriority();
        if (priority == -1) {
            return 4;
        }
        return priority;
    }
}
