package org.wso2.carbon.tomcat.ext.valves;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.tomcat.ext.internal.CarbonRealmServiceHolder;
import org.wso2.carbon.tomcat.ext.internal.Utils;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;

/* loaded from: input_file:org/wso2/carbon/tomcat/ext/valves/SecureTheWorldValve.class */
public class SecureTheWorldValve extends ValveBase {
    private static final Log log = LogFactory.getLog(SecureTheWorldValve.class);

    public SecureTheWorldValve() {
        super(true);
    }

    public void invoke(Request request, Response response) throws IOException, ServletException {
        String firstProperty = ServerConfiguration.getInstance().getFirstProperty("WebContextRoot");
        String contextPath = request.getContextPath();
        if (!request.getCoyoteRequest().toString().contains("/services/t/") && ((firstProperty.equals("/") && contextPath.equals("")) || firstProperty.equals(contextPath))) {
            getNext().invoke(request, response);
        } else if (authenticate(request)) {
            getNext().invoke(request, response);
        } else {
            response.setHeader("WWW-Authenticate", "Basic realm=\"WSO2 Carbon Authentication\"");
            response.sendError(401, "");
        }
    }

    private boolean authenticate(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return false;
        }
        String decode = decode(header.substring(6));
        String substring = decode.substring(0, decode.indexOf(":"));
        String substring2 = decode.substring(decode.indexOf(":") + 1);
        String substring3 = substring.lastIndexOf(64) > -1 ? substring.substring(0, substring.lastIndexOf(64)) : substring;
        String str = null;
        if (substring.lastIndexOf(64) > -1) {
            str = substring.substring(substring.indexOf(64) + 1);
        }
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String tenantDomain2 = Utils.getTenantDomain(httpServletRequest);
        if ((tenantDomain2 != null && !tenantDomain2.equals(tenantDomain)) || ((!str.equals("") || tenantDomain2 != null) && !str.equals(tenantDomain))) {
            if (tenantDomain == null || tenantDomain.trim().length() == 0) {
                tenantDomain = "super-tenant";
            }
            log.warn("Illegal access attempt by " + substring + " to secured resource hosted by tenant [" + tenantDomain + "]");
            return false;
        }
        RealmService realmService = CarbonRealmServiceHolder.getRealmService();
        try {
            int tenantId = realmService.getTenantManager().getTenantId(str);
            if (tenantId == -1) {
                return false;
            }
            realmService.getTenantUserRealm(tenantId);
            return realmService.getTenantUserRealm(tenantId).getUserStoreManager().authenticate(substring3, substring2);
        } catch (UserStoreException e) {
            log.error("Error occurred while authenticating", e);
            return false;
        }
    }

    public static String decode(String str) {
        StringBuilder sb = new StringBuilder();
        int length = str.length() % 3 == 0 ? str.length() : str.length() + (3 - (str.length() % 3));
        byte[] bArr = new byte[4];
        int i = 0;
        int i2 = 0;
        while (i < length) {
            boolean z = false;
            byte charAt = i < str.length() ? (byte) str.charAt(i) : (byte) 0;
            if (charAt >= 65 && charAt < 91) {
                bArr[i2] = (byte) (charAt - 65);
            } else if (charAt >= 97 && charAt < 123) {
                bArr[i2] = (byte) (charAt - 71);
            } else if (charAt >= 48 && charAt < 58) {
                bArr[i2] = (byte) (charAt + 4);
            } else if (charAt == 43) {
                bArr[i2] = 62;
            } else if (charAt == 47) {
                bArr[i2] = 63;
            } else if (charAt == 61) {
                bArr[i2] = 0;
            } else {
                char c = (char) charAt;
                if (c == '\n' || c == '\r' || c == ' ' || c == '\t') {
                    z = true;
                }
            }
            if (!z) {
                i2++;
                if (i2 == 4) {
                    int i3 = (bArr[0] << 18) + (bArr[1] << 12) + (bArr[2] << 6) + bArr[3];
                    for (int i4 = 16; i4 >= 0; i4 -= 8) {
                        byte b = (byte) (i3 >> i4);
                        if (b > 0) {
                            sb.append((char) b);
                        }
                    }
                    i2 = 0;
                    bArr[0] = 0;
                    bArr[1] = 0;
                    bArr[2] = 0;
                    bArr[3] = 0;
                }
            }
            i++;
        }
        return sb.toString();
    }
}
