package org.wso2.carbon.cassandra.server;

import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.cache.Cache;
import javax.cache.Caching;
import org.apache.cassandra.auth.AuthenticatedUser;
import org.apache.cassandra.auth.IAuthenticator;
import org.apache.cassandra.auth.IResource;
import org.apache.cassandra.exceptions.AuthenticationException;
import org.apache.cassandra.exceptions.ConfigurationException;
import org.apache.cassandra.exceptions.RequestExecutionException;
import org.apache.cassandra.exceptions.RequestValidationException;
import org.apache.cassandra.exceptions.UnauthorizedException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.cassandra.common.cache.UserAccessKeyCacheEntry;
import org.wso2.carbon.cassandra.server.internal.CassandraServerDataHolder;
import org.wso2.carbon.cassandra.server.util.CassandraServerUtil;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.authentication.AuthenticationService;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/cassandra/server/CarbonCassandraAuthenticator.class */
public class CarbonCassandraAuthenticator implements IAuthenticator {
    private static final Log log;
    public static final String USERNAME_KEY = "username";
    public static final String PASSWORD_KEY = "password";
    private static final String CASSANDRA_ACCESS_KEY_CACHE = "CASSANDRA_ACCESS_KEY_CACHE";
    private static final String CASSANDRA_ACCESS_CACHE_MANAGER = "CASSANDRA_ACCESS_CACHE_MANAGER";
    private static final String CASSANDRA_API_CREDENTIAL_CACHE_MANAGER = "CASSANDRA_API_CREDENTIAL_CACHE_MANAGER";
    private static final String CASSANDRA_API_CREDENTIAL_CACHE = "CASSANDRA_API_CREDENTIAL_CACHE";
    private AuthenticationService authenticationService;
    static final /* synthetic */ boolean $assertionsDisabled;

    public AuthenticatedUser defaultUser() {
        return null;
    }

    public AuthenticatedUser authenticate(Map<String, String> map) throws AuthenticationException {
        String str = map.get(USERNAME_KEY);
        if (null == str) {
            logAndAuthenticationException("Authentication request was missing the required key 'username'");
        }
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        String obj = str.toString();
        String tenantDomain = MultitenantUtils.getTenantDomain(obj);
        if (tenantDomain == null || tenantDomain.trim().equals("")) {
            logAndAuthenticationException("Authentication request was missing the domain name of the user in the key username");
        }
        String str2 = map.get(PASSWORD_KEY);
        if (null == str2) {
            logAndAuthenticationException("Authentication request was missing the required key 'password'");
        }
        if (!$assertionsDisabled && str2 == null) {
            throw new AssertionError();
        }
        String obj2 = str2.toString();
        if (authenticateUser(obj, obj2)) {
            if (log.isDebugEnabled()) {
                log.debug("Credentials for Username : " + obj + " added to cache");
            }
            return new AuthenticatedUser(obj, tenantDomain);
        }
        if (isAuthenticated(obj, obj2)) {
            return new AuthenticatedUser(obj, tenantDomain);
        }
        return null;
    }

    private boolean isAuthenticated(String str, String str2) {
        try {
            try {
                PrivilegedCarbonContext.startTenantFlow();
                PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                threadLocalCarbonContext.setTenantDomain("carbon.super");
                threadLocalCarbonContext.setTenantId(-1234);
                UserAccessKeyCacheEntry userAccessKeyCacheEntry = (UserAccessKeyCacheEntry) Caching.getCacheManagerFactory().getCacheManager(CASSANDRA_ACCESS_CACHE_MANAGER).getCache(CASSANDRA_ACCESS_KEY_CACHE).get(str2);
                PrivilegedCarbonContext.endTenantFlow();
                if (userAccessKeyCacheEntry != null) {
                    return (str2 == null || userAccessKeyCacheEntry == null || !str2.equals(userAccessKeyCacheEntry.getAccessKey().substring(str.length()))) ? false : true;
                }
                if (!log.isDebugEnabled()) {
                    return false;
                }
                log.debug("The key is not present in CASSANDRA_ACCESS_KEY_CACHE");
                return false;
            } catch (Exception e) {
                log.error("Error occurred while authenticating the user: " + str, e);
                PrivilegedCarbonContext.endTenantFlow();
                return false;
            }
        } catch (Throwable th) {
            PrivilegedCarbonContext.endTenantFlow();
            throw th;
        }
    }

    private boolean authenticateUser(String str, String str2) {
        try {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            threadLocalCarbonContext.setTenantDomain("carbon.super");
            threadLocalCarbonContext.setTenantId(-1234);
            Cache cache = Caching.getCacheManagerFactory().getCacheManager(CASSANDRA_API_CREDENTIAL_CACHE_MANAGER).getCache(CASSANDRA_API_CREDENTIAL_CACHE);
            if (cache.get(str) != null && ((UserAccessKeyCacheEntry) cache.get(str)).getAccessKey().equals(str2)) {
                PrivilegedCarbonContext.endTenantFlow();
                return true;
            }
            if (!CassandraServerUtil.getRealmForTenant(MultitenantUtils.getTenantDomain(str)).getUserStoreManager().authenticate(str, str2)) {
                return false;
            }
            cache.put(str, new UserAccessKeyCacheEntry(str2));
            PrivilegedCarbonContext.endTenantFlow();
            return true;
        } catch (Exception e) {
            log.error("Error occurred while authenticating the user: " + str, e);
            return false;
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }

    public boolean requireAuthentication() {
        return true;
    }

    public Set<IAuthenticator.Option> supportedOptions() {
        return new HashSet();
    }

    public Set<IAuthenticator.Option> alterableOptions() {
        return new HashSet();
    }

    public void create(String str, Map<IAuthenticator.Option, Object> map) throws RequestValidationException, RequestExecutionException {
        logAndUnauthorizedException("You are not allowed to do this action. Please use Carbon admin console to manage users.");
    }

    public void alter(String str, Map<IAuthenticator.Option, Object> map) throws RequestValidationException, RequestExecutionException {
        logAndUnauthorizedException("You are not allowed to do this action. Please use Carbon admin console to manage users.");
    }

    public void drop(String str) throws RequestValidationException, RequestExecutionException {
        logAndUnauthorizedException("You are not allowed to do this action. Please use Carbon admin console to manage users.");
    }

    public Set<? extends IResource> protectedResources() {
        return new HashSet();
    }

    public void validateConfiguration() throws ConfigurationException {
        this.authenticationService = CassandraServerDataHolder.getInstance().getAuthenticationService();
    }

    public void setup() {
    }

    private void logAndAuthenticationException(String str) throws AuthenticationException {
        log.error(str);
        throw new AuthenticationException(str);
    }

    private void logAndUnauthorizedException(String str) throws RequestValidationException {
        log.error(str);
        throw new UnauthorizedException(str);
    }

    private UserRealm getRealmForTenant(String str) {
        try {
            RealmService realmService = CassandraServerDataHolder.getInstance().getRealmService();
            return realmService.getTenantUserRealm(realmService.getTenantManager().getTenantId(str));
        } catch (UserStoreException e) {
            throw new CassandraServerException("Error accessing the UserRealm for tenant : " + e, log);
        }
    }

    static {
        $assertionsDisabled = !CarbonCassandraAuthenticator.class.desiredAssertionStatus();
        log = LogFactory.getLog(CarbonCassandraAuthenticator.class);
    }
}
