package org.wso2.carbon.server.admin.module.handler;

import java.text.SimpleDateFormat;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.Handler;
import org.apache.axis2.handlers.AbstractHandler;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.core.multitenancy.SuperTenantCarbonContext;
import org.wso2.carbon.core.services.authentication.AbstractAuthenticator;
import org.wso2.carbon.core.services.authentication.AuthenticationFailureException;
import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
import org.wso2.carbon.core.services.authentication.ServerAuthenticator;
import org.wso2.carbon.server.admin.auth.AuthenticatorServerRegistry;

/* loaded from: input_file:org/wso2/carbon/server/admin/module/handler/AuthenticationHandler.class */
public class AuthenticationHandler extends AbstractHandler {
    private static final Log log = LogFactory.getLog(AuthenticationHandler.class);
    private static final Log audit = CarbonConstants.AUDIT_LOG;

    public Handler.InvocationResponse invoke(MessageContext messageContext) throws AxisFault {
        HttpSession session;
        if ("local".equals(messageContext.getIncomingTransportName()) || callToGeneralService(messageContext) || skipAuthentication(messageContext)) {
            return Handler.InvocationResponse.CONTINUE;
        }
        authenticate(messageContext, (String) messageContext.getProperty("REMOTE_ADDR"));
        if (!AbstractAuthenticator.continueProcessing(messageContext)) {
            return Handler.InvocationResponse.ABORT;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
        if (httpServletRequest != null && (session = httpServletRequest.getSession(false)) != null) {
            String str = (String) session.getAttribute("tenantDomain");
            if (str != null) {
                messageContext.setProperty("tenantDomain", str);
                SuperTenantCarbonContext.getCurrentContext().setTenantDomain(str);
            }
        }
        return Handler.InvocationResponse.CONTINUE;
    }

    protected void authenticate(MessageContext messageContext, String str) throws AxisFault {
        try {
            if (isAuthenticated(messageContext, str) || !AbstractAuthenticator.continueProcessing(messageContext)) {
            } else {
                throw new AxisFault("Access Denied. Please login first.", "50977");
            }
        } catch (AxisFault e) {
            throw e;
        } catch (AuthenticationFailureException e2) {
            if (AbstractAuthenticator.continueProcessing(messageContext)) {
                if (e2.getAuthenticationFailureReason() != AuthenticationFailureException.AuthenticationFailureReason.INVALID_USER_NAME && e2.getAuthenticationFailureReason() != AuthenticationFailureException.AuthenticationFailureReason.INVALID_PASSWORD) {
                    throw new AxisFault("Access Denied. " + e2.getMessage(), "50976");
                }
                AxisFault axisFault = new AxisFault("Access Denied. " + e2.getMessage(), "50977");
                axisFault.setFaultType(1);
                throw axisFault;
            }
        } catch (Throwable th) {
            log.error(th.getMessage(), th);
            throw new AxisFault("Authentication failure", "50977");
        }
    }

    protected boolean isRestrictedOperation(MessageContext messageContext) {
        Parameter parameter = messageContext.getAxisOperation().getParameter("DoAuthentication");
        return parameter == null || !"false".equals(parameter.getValue());
    }

    private String getServiceName(MessageContext messageContext) {
        return messageContext.getAxisService().getName();
    }

    private boolean isAuthenticated(MessageContext messageContext, String str) throws AuthenticationFailureException {
        boolean isAuthenticated;
        if (!isRestrictedOperation(messageContext)) {
            return true;
        }
        ServerAuthenticator carbonAuthenticator = AuthenticatorServerRegistry.getCarbonAuthenticator(messageContext);
        if (carbonAuthenticator == null) {
            throw new RuntimeException("System error : 0 active authenticators registered in the system. The system should have at least 1 active authenticator service registered.");
        }
        if (carbonAuthenticator instanceof ServerAuthenticator) {
            ServerAuthenticator serverAuthenticator = carbonAuthenticator;
            isAuthenticated = serverAuthenticator.isAuthenticated(messageContext);
            if (!isAuthenticated) {
                try {
                    serverAuthenticator.authenticate(messageContext);
                    return true;
                } catch (AuthenticationFailureException e) {
                    SimpleDateFormat simpleDateFormat = new SimpleDateFormat("'['yyyy-MM-dd HH:mm:ss,SSSS']'");
                    invalidateSession(messageContext);
                    String str2 = "Illegal access attempt at " + simpleDateFormat.format(new Date()) + " from IP address " + str + " while trying to authenticate access to service " + getServiceName(messageContext);
                    log.warn(str2);
                    audit.error(str2);
                    throw e;
                }
            }
        } else {
            CarbonServerAuthenticator carbonServerAuthenticator = (CarbonServerAuthenticator) carbonAuthenticator;
            isAuthenticated = carbonServerAuthenticator.isAuthenticated(messageContext);
            if (!isAuthenticated) {
                isAuthenticated = carbonServerAuthenticator.authenticateWithRememberMe(messageContext);
                SimpleDateFormat simpleDateFormat2 = new SimpleDateFormat("'['yyyy-MM-dd HH:mm:ss,SSSS']'");
                invalidateSession(messageContext);
                if (AbstractAuthenticator.continueProcessing(messageContext)) {
                    String str3 = "Illegal access attempt at " + simpleDateFormat2.format(new Date()) + " from IP address " + str + " : Service is " + getServiceName(messageContext);
                    log.warn(str3);
                    audit.warn(str3);
                }
            }
        }
        return isAuthenticated;
    }

    private void invalidateSession(MessageContext messageContext) {
        HttpSession session;
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
        if (httpServletRequest != null || (session = httpServletRequest.getSession()) == null) {
            return;
        }
        try {
            session.invalidate();
        } catch (IllegalStateException e) {
            log.debug("Unable to invalidate session ", e);
        }
    }

    private boolean callToGeneralService(MessageContext messageContext) {
        boolean z = true;
        Parameter parameter = messageContext.getAxisService().getParameter("adminService");
        if (parameter != null && "true".equals(parameter.getValue())) {
            z = false;
        }
        return z;
    }

    private boolean skipAuthentication(MessageContext messageContext) {
        boolean z = false;
        Parameter parameter = messageContext.getAxisService().getParameter("DoAuthentication");
        if (parameter != null && "false".equals(parameter.getValue())) {
            z = true;
        }
        return z;
    }
}
