package org.wso2.carbon.server;

import java.security.Principal;
import java.util.Arrays;
import java.util.List;
import org.apache.catalina.Realm;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.realm.RealmBase;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.CarbonContextHolder;

/* loaded from: input_file:org/wso2/carbon/server/CarbonTomcatRealm.class */
public class CarbonTomcatRealm extends RealmBase {
    private RegistryService registryService;
    private static Log log = LogFactory.getLog(CarbonTomcatRealm.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wso2/carbon/server/CarbonTomcatRealm$GenericCarbonPrincipal.class */
    public static class GenericCarbonPrincipal extends GenericPrincipal {
        private int tenantId;
        private UserRealm userRealm;

        public GenericCarbonPrincipal(Realm realm, UserRealm userRealm, String str, int i) {
            super(realm, str, (String) null, (List) null);
            this.tenantId = -1;
            this.tenantId = i;
            this.userRealm = userRealm;
        }

        public String getPassword() {
            throw new IllegalStateException("When CarbonTomcatRealm is in operation this method Principal.getPassword() should never be called");
        }

        public int getTenantId() {
            return this.tenantId;
        }

        public boolean hasRole(String str) {
            try {
                String[] roleListOfUser = this.userRealm.getUserStoreManager().getRoleListOfUser(this.name);
                Arrays.sort(roleListOfUser);
                return Arrays.binarySearch(roleListOfUser, str) > -1;
            } catch (UserStoreException e) {
                CarbonTomcatRealm.log.error("Cannot check role", e);
                return false;
            }
        }
    }

    public CarbonTomcatRealm(RegistryService registryService) throws Exception {
        this.registryService = registryService;
    }

    protected String getName() {
        return getClass().getSimpleName();
    }

    protected String getPassword(String str) {
        throw new IllegalStateException("When CarbonTomcatRealm is in operation this method getPassword(String) should never be called");
    }

    public Principal authenticate(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        throw new IllegalStateException("Carbon doesn't use MD5 hashes. Can't do digest authentication");
    }

    /* JADX WARN: Multi-variable type inference failed */
    public Principal authenticate(String str, String str2) {
        String str3 = null;
        if (str.contains("@")) {
            str3 = str.substring(str.indexOf("@") + 1);
        }
        String tenantDomain = CarbonContextHolder.getCurrentCarbonContextHolder().getTenantDomain();
        if (str3 != null && !str3.equals(tenantDomain)) {
            if (tenantDomain.trim().length() == 0) {
                tenantDomain = "0";
            }
            log.warn("Illegal access attempt by " + str + " to secured resource hosted by tenant " + tenantDomain);
            return null;
        }
        try {
            Principal principal = getPrincipal(str);
            if (getCarbonRealm(((GenericCarbonPrincipal) principal).getTenantId()).getUserStoreManager().authenticate(UserCoreUtil.getTenantLessUsername(str), str2)) {
                return principal;
            }
            return null;
        } catch (UserStoreException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    private UserRealm getCarbonRealm(int i) throws UserStoreException {
        try {
            UserRealm userRealm = getUserRealm();
            return userRealm != null ? userRealm : this.registryService.getUserRealm(i);
        } catch (RegistryException e) {
            log.error("Unable to obtain the user realm from the registry service.", e);
            throw new UserStoreException("Unable to obtain the user realm from the registry service.", e);
        }
    }

    protected Principal getPrincipal(String str) {
        try {
            String tenantLessUsername = UserCoreUtil.getTenantLessUsername(str);
            CarbonContextHolder currentCarbonContextHolder = CarbonContextHolder.getCurrentCarbonContextHolder();
            UserRegistry configUserRegistry = this.registryService.getConfigUserRegistry(tenantLessUsername, currentCarbonContextHolder.getTenantId());
            currentCarbonContextHolder.setProperty("configUserRegistry", configUserRegistry);
            currentCarbonContextHolder.setProperty("governanceUserRegistry", this.registryService.getGovernanceUserRegistry(tenantLessUsername, currentCarbonContextHolder.getTenantId()));
            return new GenericCarbonPrincipal(this, configUserRegistry.getUserRealm(), tenantLessUsername, currentCarbonContextHolder.getTenantId());
        } catch (RegistryException e) {
            log.error("Unable to create registry instances. Cannot get principal", e);
            return null;
        }
    }

    private UserRealm getUserRealm() {
        UserRegistry userRegistry = (Registry) CarbonContextHolder.getCurrentCarbonContextHolder().getProperty("configUserRegistry");
        if (userRegistry == null || !(userRegistry instanceof UserRegistry)) {
            return null;
        }
        return userRegistry.getUserRealm();
    }
}
