package org.wso2.carbon.identity.authenticator.webseal;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.common.AuthenticationException;
import org.wso2.carbon.core.services.util.CarbonAuthenticationUtil;
import org.wso2.carbon.core.util.AnonymousSessionUtil;
import org.wso2.carbon.identity.authenticator.webseal.internal.WebSealAuthBEDataHolder;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/authenticator/webseal/WebSealAuthenticator.class */
public class WebSealAuthenticator {
    private static final Log log = LogFactory.getLog(WebSealAuthenticator.class);

    public boolean loginWithDelegation(String str, String str2, String str3, String str4) throws AuthenticationException {
        HttpSession httpSession = getHttpSession();
        if (str != null && str2 != null && str4 != null) {
            try {
                if (!str.trim().equals("") && !str2.trim().equals("") && !str4.trim().equals("")) {
                    RegistryService registryService = WebSealAuthBEDataHolder.getInstance().getRegistryService();
                    RealmService realmService = WebSealAuthBEDataHolder.getInstance().getRealmService();
                    String tenantDomain = MultitenantUtils.getTenantDomain(str);
                    String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
                    UserRealm realmByTenantDomain = AnonymousSessionUtil.getRealmByTenantDomain(registryService, realmService, tenantDomain);
                    if (!realmByTenantDomain.getUserStoreManager().authenticate(tenantAwareUsername, str2)) {
                        CarbonAuthenticationUtil.onFailedAdminLogin(httpSession, tenantAwareUsername, -1, str4, "Data");
                        return false;
                    }
                    boolean isUserAuthorized = realmByTenantDomain.getAuthorizationManager().isUserAuthorized(tenantAwareUsername, "System", "delegate-identity");
                    boolean isUserAuthorized2 = realmByTenantDomain.getAuthorizationManager().isUserAuthorized(str3, "System", "login");
                    int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
                    if (!isUserAuthorized || !isUserAuthorized2) {
                        CarbonAuthenticationUtil.onFailedAdminLogin(httpSession, tenantAwareUsername, -1, str4, "User is not authorized to login using delegation");
                        return false;
                    }
                    CarbonAuthenticationUtil.onSuccessAdminLogin(httpSession, tenantAwareUsername, tenantId, tenantDomain, str4);
                    log.info("Identity delegation by " + tenantAwareUsername + " on behalf of " + str3 + " from IP address " + str4);
                    return true;
                }
            } catch (Exception e) {
                log.error("System error while Authenticating/Authorizing User with identity delegation", e);
                return false;
            }
        }
        CarbonAuthenticationUtil.onFailedAdminLogin(httpSession, str, -1, str4, "Data");
        return false;
    }

    private HttpSession getHttpSession() {
        MessageContext currentMessageContext = MessageContext.getCurrentMessageContext();
        HttpSession httpSession = null;
        if (currentMessageContext != null) {
            httpSession = ((HttpServletRequest) currentMessageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getSession();
        }
        return httpSession;
    }
}
