package org.wso2.carbon.core.services.authentication;

import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.UUID;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.BundleContext;
import org.osgi.util.tracker.ServiceTracker;
import org.osgi.util.tracker.ServiceTrackerCustomizer;
import org.wso2.carbon.core.common.AuthenticationException;
import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
import org.wso2.carbon.core.services.internal.CarbonServicesServiceComponent;
import org.wso2.carbon.core.services.util.CarbonAuthenticationUtil;
import org.wso2.carbon.core.util.AnonymousSessionUtil;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.AuthenticationObserver;
import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/core/services/authentication/AuthenticationAdmin.class */
public class AuthenticationAdmin implements CarbonServerAuthenticator {
    private static final Log log = LogFactory.getLog(AuthenticationAdmin.class);
    protected static final String AUTHENTICATION_ADMIN_SERVICE = "AuthenticationAdminService";
    private static final int DEFAULT_PRIORITY_LEVEL = 5;
    private static final String AUTHENTICATOR_NAME = "DefaultCarbonAuthenticator";

    public boolean login(String str, String str2, String str3) throws AuthenticationException {
        HttpSession httpSession = getHttpSession();
        if (str != null && str2 != null && str3 != null) {
            try {
                if (!str.trim().equals("") && !str2.trim().equals("") && !str3.trim().equals("")) {
                    if (str3 != null) {
                        AuthenticationUtil.validateRemoteAddress(str3);
                    } else {
                        str3 = AuthenticationUtil.getRemoteAddress(MessageContext.getCurrentMessageContext());
                    }
                    RegistryService registryService = CarbonServicesServiceComponent.getRegistryService();
                    RealmService realmService = CarbonServicesServiceComponent.getRealmService();
                    String tenantDomain = MultitenantUtils.getTenantDomain(str);
                    int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
                    handleAuthenticationStarted(tenantId);
                    String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
                    UserRealm realmByTenantDomain = AnonymousSessionUtil.getRealmByTenantDomain(registryService, realmService, tenantDomain);
                    if (realmByTenantDomain == null) {
                        throw new AuthenticationException("Invalid domain or unactivated tenant login");
                    }
                    CarbonServicesServiceComponent.getServerConfiguration();
                    boolean authenticate = realmByTenantDomain.getUserStoreManager().authenticate(tenantAwareUsername, str2);
                    boolean isUserAuthorized = realmByTenantDomain.getAuthorizationManager().isUserAuthorized(tenantAwareUsername, "/permission/admin/login", "ui.execute");
                    if (authenticate && isUserAuthorized) {
                        CarbonAuthenticationUtil.onSuccessAdminLogin(httpSession, tenantAwareUsername, tenantId, tenantDomain, str3);
                        handleAuthenticationCompleted(tenantId, true);
                        return true;
                    }
                    CarbonAuthenticationUtil.onFailedAdminLogin(httpSession, tenantAwareUsername, tenantId, str3, "Invalid credential");
                    handleAuthenticationCompleted(tenantId, false);
                    return false;
                }
            } catch (AuthenticationException e) {
                log.error(e.getMessage(), e);
                throw e;
            } catch (Exception e2) {
                log.error("System error while Authenticating/Authorizing User : " + e2.getMessage(), e2);
                return false;
            }
        }
        CarbonAuthenticationUtil.onFailedAdminLogin(httpSession, str, -1, str3, "Data");
        return false;
    }

    public RememberMeData loginWithRememberMeOption(String str, String str2, String str3) throws AuthenticationException {
        RememberMeData rememberMeData = null;
        if (login(str, str2, str3)) {
            try {
                String uuid = UUID.randomUUID().toString();
                rememberMeData = new RememberMeData();
                rememberMeData.setMaxAge(604800);
                rememberMeData.setValue(str + "-" + uuid);
                RealmService realmService = CarbonServicesServiceComponent.getRealmService();
                realmService.getTenantUserRealm(realmService.getTenantManager().getTenantId(MultitenantUtils.getTenantDomain(str))).getUserStoreManager().addRememberMe(str, uuid);
                rememberMeData.setAuthenticated(true);
            } catch (Exception e) {
                log.error(e.getMessage(), e);
                throw new AuthenticationException(e.getMessage(), e);
            }
        }
        return rememberMeData;
    }

    public boolean loginWithRememberMeCookie(String str) {
        return createSessionForValidRememberMe(str, getHttpSession());
    }

    private void handleAuthenticationStarted(int i) throws Exception {
        BundleContext bundleContext = CarbonServicesServiceComponent.getBundleContext();
        if (bundleContext != null) {
            ServiceTracker serviceTracker = new ServiceTracker(bundleContext, AuthenticationObserver.class.getName(), (ServiceTrackerCustomizer) null);
            serviceTracker.open();
            Object[] services = serviceTracker.getServices();
            if (services != null) {
                for (Object obj : services) {
                    ((AuthenticationObserver) obj).startedAuthentication(i);
                }
            }
            serviceTracker.close();
        }
    }

    private void handleAuthenticationCompleted(int i, boolean z) throws Exception {
        BundleContext bundleContext = CarbonServicesServiceComponent.getBundleContext();
        if (bundleContext != null) {
            ServiceTracker serviceTracker = new ServiceTracker(bundleContext, AuthenticationObserver.class.getName(), (ServiceTrackerCustomizer) null);
            serviceTracker.open();
            Object[] services = serviceTracker.getServices();
            if (services != null) {
                for (Object obj : services) {
                    ((AuthenticationObserver) obj).completedAuthentication(i, z);
                }
            }
            serviceTracker.close();
        }
    }

    public void logout() throws AuthenticationException {
        Date time = Calendar.getInstance().getTime();
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("'['yyyy-MM-dd HH:mm:ss,SSSS']'");
        HttpSession httpSession = getHttpSession();
        if (httpSession != null) {
            String str = (String) httpSession.getAttribute("wso2carbon.admin.logged.in");
            String str2 = (String) httpSession.getAttribute("DELEGATED_BY");
            String str3 = (String) httpSession.getAttribute("tenantDomain");
            try {
                int tenantId = CarbonServicesServiceComponent.getRealmService().getTenantManager().getTenantId(str3);
                if (str2 == null && str != null) {
                    log.info("'" + str + "@" + str3 + " [" + tenantId + "]' logged out at " + simpleDateFormat.format(time));
                } else if (str != null) {
                    log.info("'" + str + "@" + str3 + " [" + tenantId + "]' logged out at " + simpleDateFormat.format(time) + " delegated by " + str2);
                }
                if (CarbonUtils.isRunningOnLocalTransportMode()) {
                    return;
                }
                httpSession.invalidate();
            } catch (Exception e) {
                log.error(e.getMessage(), e);
                throw new AuthenticationException(e);
            }
        }
    }

    @Override // org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator
    public String getAuthenticatorName() {
        return AUTHENTICATOR_NAME;
    }

    @Override // org.wso2.carbon.core.services.authentication.BackendAuthenticator
    public int getPriority() {
        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = AuthenticatorsConfiguration.getInstance().getAuthenticatorConfig(AUTHENTICATOR_NAME);
        return (authenticatorConfig == null || authenticatorConfig.getPriority() <= 0) ? DEFAULT_PRIORITY_LEVEL : authenticatorConfig.getPriority();
    }

    @Override // org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator
    public boolean isAuthenticated(MessageContext messageContext) {
        return ((String) ((HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getSession().getAttribute("wso2carbon.admin.logged.in")) != null;
    }

    @Override // org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator
    public boolean authenticateWithRememberMe(MessageContext messageContext) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return false;
        }
        for (Cookie cookie : cookies) {
            if ("wso2.carbon.rememberme".equals(cookie.getName())) {
                return createSessionForValidRememberMe(cookie.getValue(), httpServletRequest.getSession());
            }
        }
        return false;
    }

    @Override // org.wso2.carbon.core.services.authentication.BackendAuthenticator
    public boolean isDisabled() {
        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = AuthenticatorsConfiguration.getInstance().getAuthenticatorConfig(AUTHENTICATOR_NAME);
        if (authenticatorConfig != null) {
            return authenticatorConfig.isDisabled();
        }
        return false;
    }

    @Override // org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator
    public boolean isHandle(MessageContext messageContext) {
        return true;
    }

    private boolean createSessionForValidRememberMe(String str, HttpSession httpSession) {
        boolean z = false;
        try {
            RealmService realmService = CarbonServicesServiceComponent.getRealmService();
            int indexOf = str.indexOf(45);
            String substring = str.substring(0, indexOf);
            String tenantDomain = MultitenantUtils.getTenantDomain(substring);
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            handleAuthenticationStarted(tenantId);
            String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(substring);
            String substring2 = str.substring(indexOf + 1);
            org.wso2.carbon.user.api.UserRealm tenantUserRealm = realmService.getTenantUserRealm(tenantId);
            boolean isValidRememberMeToken = tenantUserRealm.getUserStoreManager().isValidRememberMeToken(tenantAwareUsername, substring2);
            boolean z2 = false;
            if (isValidRememberMeToken) {
                z2 = tenantUserRealm.getAuthorizationManager().isUserAuthorized(tenantAwareUsername, "/permission/admin/login", "ui.execute");
            }
            if (isValidRememberMeToken && z2) {
                CarbonAuthenticationUtil.onSuccessAdminLogin(httpSession, tenantAwareUsername, tenantId, tenantDomain, "");
                handleAuthenticationCompleted(tenantId, true);
                z = true;
            } else {
                CarbonAuthenticationUtil.onFailedAdminLogin(httpSession, tenantAwareUsername, tenantId, "", "Invalid credential");
                handleAuthenticationCompleted(tenantId, false);
            }
            return z;
        } catch (Exception e) {
            log.error("Error while Authenticating/Authorizing User : " + e.getMessage(), e);
            return false;
        }
    }

    private HttpSession getHttpSession() {
        MessageContext currentMessageContext = MessageContext.getCurrentMessageContext();
        HttpSession httpSession = null;
        if (currentMessageContext != null) {
            httpSession = ((HttpServletRequest) currentMessageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getSession();
        }
        return httpSession;
    }
}
