package org.wso2.carbon.identity.application.authenticator.requestpath.oauth;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.RequestPathApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/requestpath/oauth/OAuthRequestPathAuthenticator.class */
public class OAuthRequestPathAuthenticator extends AbstractApplicationAuthenticator implements RequestPathApplicationAuthenticator {
    private static final long serialVersionUID = 1;
    private static final String AUTHORIZATION_HEADER_NAME = "Authorization";
    private static final String BEARER_SCHEMA = "Bearer";
    private static final String AUTHENTICATOR_NAME = "OAuthRequestPathAuthenticator";
    private static Log log = LogFactory.getLog(OAuthRequestPathAuthenticator.class);

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        if (log.isTraceEnabled()) {
            log.trace("Inside canHandle()");
        }
        String str = (String) httpServletRequest.getSession().getAttribute(AUTHORIZATION_HEADER_NAME);
        return (str == null || "".equals(str.trim())) ? httpServletRequest.getParameter("token") != null : BEARER_SCHEMA.equals(str.trim().split(" ")[0]);
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String str = (String) httpServletRequest.getSession().getAttribute(AUTHORIZATION_HEADER_NAME);
        String parameter = str != null ? str.trim().split(" ")[1] : httpServletRequest.getParameter("token");
        try {
            OAuth2TokenValidationService oAuth2TokenValidationService = new OAuth2TokenValidationService();
            OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO = new OAuth2TokenValidationRequestDTO();
            oAuth2TokenValidationRequestDTO.getClass();
            OAuth2TokenValidationRequestDTO.OAuth2AccessToken oAuth2AccessToken = new OAuth2TokenValidationRequestDTO.OAuth2AccessToken(oAuth2TokenValidationRequestDTO);
            oAuth2AccessToken.setIdentifier(parameter);
            oAuth2AccessToken.setTokenType("bearer");
            oAuth2TokenValidationRequestDTO.setAccessToken(oAuth2AccessToken);
            OAuth2TokenValidationResponseDTO validate = oAuth2TokenValidationService.validate(oAuth2TokenValidationRequestDTO);
            if (!validate.isValid()) {
                log.error("RequestPath OAuth authentication failed");
                throw new AuthenticationFailedException("Authentication Failed");
            }
            String authorizedUser = validate.getAuthorizedUser();
            if ("carbon.super".equals(MultitenantUtils.getTenantDomain(authorizedUser))) {
                authorizedUser = MultitenantUtils.getTenantAwareUsername(authorizedUser);
            }
            authenticationContext.setSubject(authorizedUser);
            if (log.isDebugEnabled()) {
                log.debug("Authenticated user " + authorizedUser);
            }
            authenticationContext.setSubject(authorizedUser);
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new AuthenticationFailedException(e.getMessage(), e);
        }
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        return null;
    }

    public String getFriendlyName() {
        return "oauth-bearer";
    }

    public String getName() {
        return AUTHENTICATOR_NAME;
    }
}
