package org.wso2.carbon.identity.authenticator.webseal;

import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.BundleContext;
import org.osgi.util.tracker.ServiceTracker;
import org.osgi.util.tracker.ServiceTrackerCustomizer;
import org.wso2.carbon.core.AbstractAdmin;
import org.wso2.carbon.core.common.AuthenticationException;
import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
import org.wso2.carbon.core.services.util.CarbonAuthenticationUtil;
import org.wso2.carbon.core.util.AnonymousSessionUtil;
import org.wso2.carbon.identity.authenticator.webseal.internal.WebSealAuthBEDataHolder;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.AuthenticationObserver;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/authenticator/webseal/WebSealAuthenticator.class */
public class WebSealAuthenticator extends AbstractAdmin implements CarbonServerAuthenticator {
    private static final int DEFAULT_PRIORITY_LEVEL = 10;
    private static final String AUTHENTICATOR_NAME = "WebSealUIAuthenticator";
    private static final String DEFAULT_DELEGATION_ROLE = "delegated-admin";
    private static final Log log = LogFactory.getLog(WebSealAuthenticator.class);
    private String delegatedRoleName = null;

    public boolean login(String str, String str2, String str3, String str4) throws AuthenticationException {
        HttpSession httpSession = getHttpSession();
        if (str != null && str2 != null && str4 != null) {
            try {
                if (!str.trim().equals("") && !str2.trim().equals("") && !str4.trim().equals("")) {
                    RegistryService registryService = WebSealAuthBEDataHolder.getInstance().getRegistryService();
                    RealmService realmService = WebSealAuthBEDataHolder.getInstance().getRealmService();
                    String tenantDomain = MultitenantUtils.getTenantDomain(str);
                    String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
                    UserRealm realmByTenantDomain = AnonymousSessionUtil.getRealmByTenantDomain(registryService, realmService, tenantDomain);
                    if (!realmByTenantDomain.getUserStoreManager().authenticate(tenantAwareUsername, str2)) {
                        CarbonAuthenticationUtil.onFailedAdminLogin(httpSession, tenantAwareUsername, -1, str4, "User " + tenantAwareUsername + " is not authenticated");
                        return false;
                    }
                    String[] roleListOfUser = realmByTenantDomain.getUserStoreManager().getRoleListOfUser(tenantAwareUsername);
                    boolean z = false;
                    if (roleListOfUser != null) {
                        if (this.delegatedRoleName == null) {
                            this.delegatedRoleName = getDelegationRoleName();
                        }
                        int length = roleListOfUser.length;
                        int i = 0;
                        while (true) {
                            if (i >= length) {
                                break;
                            }
                            if (roleListOfUser[i].equals(this.delegatedRoleName)) {
                                z = true;
                                break;
                            }
                            i++;
                        }
                    }
                    boolean isUserAuthorized = realmByTenantDomain.getAuthorizationManager().isUserAuthorized(str3, "/permission/admin/login", "ui.execute");
                    int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
                    if (!z) {
                        CarbonAuthenticationUtil.onFailedAdminLogin(httpSession, tenantAwareUsername, -1, str4, "User " + tenantAwareUsername + " is not authorized for identity delegation on behalf of " + str3);
                        log.warn("User " + tenantAwareUsername + " is not authorized for identity delegation on behalf of " + str3);
                        return false;
                    }
                    if (isUserAuthorized) {
                        CarbonAuthenticationUtil.onSuccessAdminLogin(httpSession, str3, tenantId, tenantDomain, str4);
                        handleAuthenticationCompleted(tenantId, true);
                        log.info("Identity delegation by " + tenantAwareUsername + " on behalf of " + str3);
                        return true;
                    }
                    CarbonAuthenticationUtil.onFailedAdminLogin(httpSession, tenantAwareUsername, -1, str4, "User " + str3 + " is not authorized to login using delegation");
                    handleAuthenticationCompleted(tenantId, false);
                    log.warn("User " + str3 + " is not authorized to login using delegation");
                    return false;
                }
            } catch (Exception e) {
                log.error("System error while Authenticating/Authorizing User with identity delegation", e);
                return false;
            }
        }
        CarbonAuthenticationUtil.onFailedAdminLogin(httpSession, str, -1, str4, "Failed to login. Username/ Password/ Remote address is empty");
        return false;
    }

    public void logout() {
        Date time = Calendar.getInstance().getTime();
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("'['yyyy-MM-dd HH:mm:ss,SSSS']'");
        HttpSession httpSession = getHttpSession();
        if (httpSession != null) {
            String str = (String) httpSession.getAttribute("wso2carbon.admin.logged.in");
            String str2 = (String) httpSession.getAttribute("DELEGATED_BY");
            if (str2 == null) {
                log.info("'" + str + "' logged out at " + simpleDateFormat.format(time));
            } else {
                log.info("'" + str + "' logged out at " + simpleDateFormat.format(time) + " delegated by " + str2);
            }
            httpSession.invalidate();
        }
    }

    public boolean isHandle(MessageContext messageContext) {
        return true;
    }

    public boolean isAuthenticated(MessageContext messageContext) {
        return ((String) ((HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getSession().getAttribute("wso2carbon.admin.logged.in")) != null;
    }

    public boolean authenticateWithRememberMe(MessageContext messageContext) {
        return false;
    }

    public int getPriority() {
        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = AuthenticatorsConfiguration.getInstance().getAuthenticatorConfig(AUTHENTICATOR_NAME);
        return (authenticatorConfig == null || authenticatorConfig.getPriority() <= 0) ? DEFAULT_PRIORITY_LEVEL : authenticatorConfig.getPriority();
    }

    public String getAuthenticatorName() {
        return AUTHENTICATOR_NAME;
    }

    public boolean isDisabled() {
        return false;
    }

    private void handleAuthenticationCompleted(int i, boolean z) throws Exception {
        BundleContext bundleContext = WebSealAuthBEDataHolder.getInstance().getBundleContext();
        if (bundleContext != null) {
            ServiceTracker serviceTracker = new ServiceTracker(bundleContext, AuthenticationObserver.class.getName(), (ServiceTrackerCustomizer) null);
            serviceTracker.open();
            Object[] services = serviceTracker.getServices();
            if (services != null) {
                for (Object obj : services) {
                    ((AuthenticationObserver) obj).completedAuthentication(i, z);
                }
            }
            serviceTracker.close();
        }
    }

    private String getDelegationRoleName() {
        String str;
        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = AuthenticatorsConfiguration.getInstance().getAuthenticatorConfig(AUTHENTICATOR_NAME);
        return (authenticatorConfig == null || authenticatorConfig.getParameters() == null || (str = (String) authenticatorConfig.getParameters().get("DelegationRole")) == null || str.trim().length() <= 0) ? DEFAULT_DELEGATION_ROLE : str;
    }
}
