package org.apache.stratos.rest.endpoint.handlers;

import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.ws.rs.core.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.common.util.ClassHelper;
import org.apache.cxf.frontend.MethodDispatcher;
import org.apache.cxf.interceptor.security.AccessDeniedException;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.apache.cxf.service.Service;
import org.apache.cxf.service.model.BindingOperationInfo;
import org.apache.stratos.rest.endpoint.Utils;
import org.apache.stratos.rest.endpoint.context.AuthenticationContext;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:WEB-INF/classes/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.class */
public class StratosAuthorizingHandler implements RequestHandler {
    private static final String AUTHORIZATION_ANNOTATION_CLASS_NAME = "org.apache.stratos.rest.endpoint.annotation.AuthorizationAction";
    private static final String TENANT_ANNOTATION_CLASS_NAME = "org.apache.stratos.rest.endpoint.annotation.SuperTenantService";
    private static final String ACTION_ON_RESOURCE = "ui.execute";
    private static String SUPPORTED_AUTHENTICATION_TYPE = "Basic";
    private static final Set<String> SKIP_METHODS = new HashSet();
    private Log log = LogFactory.getLog(StratosAuthorizingHandler.class);
    private Map<String, String> authorizationActionMap = Collections.emptyMap();
    private Set<String> superTenantServiceSet = Collections.emptySet();

    public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
        try {
            AuthenticationContext.setAuthenticated(false);
            String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
            String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
            int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
            if (this.log.isDebugEnabled()) {
                this.log.debug("authorizing the action using" + StratosAuthorizingHandler.class.getName());
                this.log.debug("username :" + username);
                this.log.debug("tenantDomain" + tenantDomain);
                this.log.debug("tenantId :" + tenantId);
            }
            Method targetMethod = getTargetMethod(message);
            if (authorize(username, tenantDomain, tenantId, targetMethod)) {
                return null;
            }
            this.log.warn("User :" + username + "trying to perform unauthrorized action against the resource :" + targetMethod);
            return Response.status(Response.Status.FORBIDDEN).type("application/json").entity(Utils.buildMessage("The user does not have required permissions to perform this operation")).build();
        } catch (Exception e) {
            this.log.error("Unexpected error occured while REST api, authorization process", e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type("application/json").entity(Utils.buildMessage("Unexpected error. Please contact the system admin")).build();
        }
    }

    private boolean authorize(String str, String str2, int i, Method method) throws Exception {
        if (this.superTenantServiceSet.contains(method.getName()) && !isCurrentUserSuperTenant(str2, i)) {
            return false;
        }
        return isAuthorized(PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getAuthorizationManager(), str, this.authorizationActionMap.get(method.getName()), ACTION_ON_RESOURCE);
    }

    private boolean isCurrentUserSuperTenant(String str, int i) {
        return "carbon.super".equals(str) && -1234 == i;
    }

    private boolean isAuthorized(AuthorizationManager authorizationManager, String str, String str2, String str3) throws UserStoreException {
        boolean z = false;
        String[] split = str2.trim().split(",");
        int length = split.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (authorizationManager.isUserAuthorized(str, split[i], str3)) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    protected Method getTargetMethod(Message message) {
        BindingOperationInfo bindingOperationInfo = (BindingOperationInfo) message.getExchange().get(BindingOperationInfo.class);
        if (bindingOperationInfo != null) {
            return ((MethodDispatcher) ((Service) message.getExchange().get(Service.class)).get(MethodDispatcher.class.getName())).getMethod(bindingOperationInfo);
        }
        Method method = (Method) message.get("org.apache.cxf.resource.method");
        if (method != null) {
            return method;
        }
        this.log.error("The requested resource is not found. Please check the resource path etc..");
        throw new AccessDeniedException("Method is not available : Unauthorized");
    }

    public void setSecuredObject(Object obj) {
        Class<?> realClass = ClassHelper.getRealClass(obj);
        this.authorizationActionMap = getAuthorizationActionMap(realClass);
        this.superTenantServiceSet = getSuperTenantServiceSet(realClass);
    }

    private Set<String> getSuperTenantServiceSet(Class<?> cls) {
        HashSet hashSet = new HashSet();
        findSuperTenantServices(cls, hashSet);
        return hashSet;
    }

    private Map<String, String> getAuthorizationActionMap(Class<?> cls) {
        HashMap hashMap = new HashMap();
        findAuthorizationActions(cls, hashMap);
        return hashMap;
    }

    private void findAuthorizationActions(Class<?> cls, Map<String, String> map) {
        if (cls == null || cls == Object.class) {
            return;
        }
        String authorizationActions = getAuthorizationActions(cls.getAnnotations(), AUTHORIZATION_ANNOTATION_CLASS_NAME);
        for (Method method : cls.getMethods()) {
            if (!SKIP_METHODS.contains(method.getName())) {
                String authorizationActions2 = getAuthorizationActions(method.getAnnotations(), AUTHORIZATION_ANNOTATION_CLASS_NAME);
                String str = authorizationActions2 != null ? authorizationActions2 : authorizationActions;
                if (str != null) {
                    map.put(method.getName(), str);
                }
            }
        }
        if (map.isEmpty()) {
            findAuthorizationActions(cls.getSuperclass(), map);
            if (map.isEmpty()) {
                for (Class<?> cls2 : cls.getInterfaces()) {
                    findAuthorizationActions(cls2, map);
                }
            }
        }
    }

    private void findSuperTenantServices(Class<?> cls, Set<String> set) {
        if (cls == null || cls == Object.class) {
            return;
        }
        for (Method method : cls.getMethods()) {
            if (!SKIP_METHODS.contains(method.getName()) && getSuperTenantServices(method.getAnnotations(), TENANT_ANNOTATION_CLASS_NAME)) {
                set.add(method.getName());
            }
        }
        if (set.isEmpty()) {
            findSuperTenantServices(cls.getSuperclass(), set);
            if (set.isEmpty()) {
                for (Class<?> cls2 : cls.getInterfaces()) {
                    findSuperTenantServices(cls2, set);
                }
            }
        }
    }

    private boolean getSuperTenantServices(Annotation[] annotationArr, String str) {
        for (Annotation annotation : annotationArr) {
            if (annotation.annotationType().getName().equals(str)) {
                try {
                    return ((Boolean) annotation.annotationType().getMethod("value", new Class[0]).invoke(annotation, new Object[0])).booleanValue();
                } catch (Exception e) {
                    return false;
                }
            }
        }
        return false;
    }

    private String getAuthorizationActions(Annotation[] annotationArr, String str) {
        for (Annotation annotation : annotationArr) {
            if (annotation.annotationType().getName().equals(str)) {
                try {
                    String[] strArr = (String[]) annotation.annotationType().getMethod("value", new Class[0]).invoke(annotation, new Object[0]);
                    StringBuilder sb = new StringBuilder();
                    for (int i = 0; i < strArr.length; i++) {
                        sb.append(strArr[i]);
                        if (i + 1 < strArr.length) {
                            sb.append(",");
                        }
                    }
                    return sb.toString();
                } catch (Exception e) {
                    return null;
                }
            }
        }
        return null;
    }

    static {
        SKIP_METHODS.addAll(Arrays.asList("wait", "notify", "notifyAll", "equals", "toString", "hashCode"));
    }
}
