package org.wso2.carbon.server.admin.module.handler;

import java.text.SimpleDateFormat;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPBody;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.AxisOperation;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.Handler;
import org.apache.axis2.handlers.AbstractHandler;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
import org.wso2.carbon.server.admin.auth.AuthenticatorServerRegistry;
import org.wso2.carbon.server.admin.internal.ServerAdminDataHolder;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/server/admin/module/handler/AuthenticationHandler.class */
public class AuthenticationHandler extends AbstractHandler {
    private static final Log log = LogFactory.getLog(AuthenticationHandler.class);

    public Handler.InvocationResponse invoke(MessageContext messageContext) throws AxisFault {
        HttpSession session;
        String str;
        if ("local".equals(messageContext.getIncomingTransportName()) || callToGeneralService(messageContext)) {
            return Handler.InvocationResponse.CONTINUE;
        }
        authenticate(messageContext, (String) messageContext.getProperty("REMOTE_ADDR"));
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
        if (httpServletRequest != null && (session = httpServletRequest.getSession(false)) != null && (str = (String) session.getAttribute("tenantDomain")) != null) {
            messageContext.setProperty("tenantDomain", str);
        }
        return Handler.InvocationResponse.CONTINUE;
    }

    protected void authenticate(MessageContext messageContext, String str) throws AxisFault {
        try {
            if (isAuthenticated(messageContext, str)) {
            } else {
                throw new AxisFault("Access Denied. Please login first.", "50977");
            }
        } catch (AuthenticationException e) {
            throw new AxisFault("Access Denied. Session timed out.", "50977");
        } catch (AxisFault e2) {
            throw e2;
        } catch (Throwable th) {
            log.error(th.getMessage(), th);
            throw new AxisFault("Authentication failure", "50977");
        }
    }

    private boolean isAuthenticated(MessageContext messageContext, String str) throws AuthenticationException {
        AxisService axisService = messageContext.getAxisService();
        AxisOperation axisOperation = messageContext.getAxisOperation();
        String localPart = axisOperation.getName().getLocalPart();
        String name = axisService.getName();
        Parameter parameter = axisOperation.getParameter("DoAuthentication");
        if (parameter != null && "false".equals(parameter.getValue())) {
            return true;
        }
        HttpSession session = ((HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getSession();
        if (name.equals("AuthenticationAdmin") || name.equals("Axis2NodeManager")) {
            if (localPart.equals("login") || localPart.equals("loginWithDelegation") || localPart.equals("getAutheticationToken") || localPart.equals("loginWithRememberMe") || localPart.equals("isValidRememberMe")) {
                SOAPBody body = messageContext.getEnvelope().getBody();
                String str2 = null;
                if (localPart.equals("isValidRememberMe")) {
                    str2 = body.getFirstElement().getFirstChildWithName(new QName("http://authentication.services.core.carbon.wso2.org", "cookie")).getText().split("-")[0];
                } else {
                    OMElement firstChildWithName = body.getFirstElement().getFirstChildWithName(new QName("http://authentication.services.core.carbon.wso2.org", "username"));
                    if (firstChildWithName != null) {
                        str2 = firstChildWithName.getText();
                    }
                }
                String tenantLessUsername = UserCoreUtil.getTenantLessUsername(str2);
                try {
                    String tenantDomain = UserCoreUtil.getTenantDomain(ServerAdminDataHolder.getInstance().getRealmService(), str2);
                    session.setAttribute("wso2carbon.admin.logged.in", tenantLessUsername);
                    if (session.getAttribute("tenantDomain") == null) {
                        return true;
                    }
                    session.setAttribute("tenantDomain", tenantDomain);
                    return true;
                } catch (UserStoreException e) {
                    log.error("Unable to find the tenant domain :" + e.getMessage(), e);
                    throw new AuthenticationException("Unable to find the tenant domain", e);
                }
            }
            if (localPart.equals("logout")) {
                return true;
            }
        }
        CarbonServerAuthenticator carbonAuthenticator = AuthenticatorServerRegistry.getCarbonAuthenticator(messageContext);
        boolean isAuthenticated = carbonAuthenticator.isAuthenticated(messageContext);
        if (!isAuthenticated) {
            isAuthenticated = carbonAuthenticator.authenticateWithRememberMe(messageContext);
        }
        if (!isAuthenticated) {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("'['yyyy-MM-dd HH:mm:ss,SSSS']'");
            session.invalidate();
            log.warn("Illegal access attempt at " + simpleDateFormat.format(new Date()) + " from IP address " + str + " : Service is " + name);
        }
        return isAuthenticated;
    }

    private boolean callToGeneralService(MessageContext messageContext) {
        boolean z = true;
        Parameter parameter = messageContext.getAxisService().getParameter("adminService");
        if (parameter != null && "true".equals(parameter.getValue())) {
            z = false;
        }
        return z;
    }
}
