package org.wso2.carbon.appmgt.gateway.handlers.security.entitlement;

import java.util.List;
import java.util.Map;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.ManagedLifecycle;
import org.apache.synapse.MessageContext;
import org.apache.synapse.SynapseException;
import org.apache.synapse.core.SynapseEnvironment;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.core.axis2.Axis2Sender;
import org.apache.synapse.rest.AbstractHandler;
import org.wso2.carbon.appmgt.api.AppManagementException;
import org.wso2.carbon.appmgt.api.EntitlementService;
import org.wso2.carbon.appmgt.api.model.entitlement.EntitlementDecisionRequest;
import org.wso2.carbon.appmgt.gateway.handlers.security.APISecurityConstants;
import org.wso2.carbon.appmgt.gateway.internal.ServiceReferenceHolder;
import org.wso2.carbon.appmgt.impl.AppManagerConfiguration;
import org.wso2.carbon.appmgt.impl.dao.AppMDAO;
import org.wso2.carbon.appmgt.impl.entitlement.EntitlementServiceFactory;

/* loaded from: input_file:org/wso2/carbon/appmgt/gateway/handlers/security/entitlement/EntitlementHandler.class */
public class EntitlementHandler extends AbstractHandler implements ManagedLifecycle {
    private static final Log log = LogFactory.getLog(EntitlementHandler.class);
    private AppManagerConfiguration configuration;

    public void init(SynapseEnvironment synapseEnvironment) {
        this.configuration = ServiceReferenceHolder.getInstance().getAPIManagerConfiguration();
    }

    public boolean handleRequest(MessageContext messageContext) {
        if (!isHandlerApplicable(messageContext)) {
            return true;
        }
        try {
            if (isResourcePermitted(messageContext)) {
                return true;
            }
            notifyUser(messageContext);
            return false;
        } catch (AppManagementException e) {
            log.error("Error while evaluating entitlement policies", e);
            throw new SynapseException("Error while evaluating entitlement policies", e);
        }
    }

    public boolean handleResponse(MessageContext messageContext) {
        return true;
    }

    public void destroy() {
    }

    private boolean isHandlerApplicable(MessageContext messageContext) {
        return doesInUrlHasMatchingResourcePattern(messageContext) && !isAnnoymousAccessAllowed(messageContext);
    }

    private boolean isAnnoymousAccessAllowed(MessageContext messageContext) {
        return ((Boolean) messageContext.getProperty("overview_allowAnonymous")).booleanValue() || ((Boolean) messageContext.getProperty("URITemplate_allowAnonymous")).booleanValue();
    }

    private boolean doesInUrlHasMatchingResourcePattern(MessageContext messageContext) {
        return messageContext.getProperty("appm.matchedUrlPattern") != null;
    }

    private boolean isResourcePermitted(MessageContext messageContext) throws AppManagementException {
        List<String> applicableEntitlementPolicyIds = getApplicableEntitlementPolicyIds(messageContext);
        if (applicableEntitlementPolicyIds.isEmpty()) {
            return true;
        }
        return isResourcePermitted(getEntitlementDecisionRequest(messageContext, applicableEntitlementPolicyIds.get(0)));
    }

    private List<String> getApplicableEntitlementPolicyIds(MessageContext messageContext) throws AppManagementException {
        Integer num = (Integer) messageContext.getProperty("appm.matchedAppId");
        return new AppMDAO().getApplicableEntitlementPolicyIds(num.intValue(), (String) messageContext.getProperty("appm.matchedUrlPattern"), (String) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("HTTP_METHOD"));
    }

    private boolean isResourcePermitted(EntitlementDecisionRequest entitlementDecisionRequest) {
        return getEntitlementService().isPermitted(entitlementDecisionRequest);
    }

    private EntitlementDecisionRequest getEntitlementDecisionRequest(MessageContext messageContext, String str) {
        String str2 = (String) messageContext.getProperty(APISecurityConstants.SUBJECT);
        EntitlementDecisionRequest entitlementDecisionRequest = new EntitlementDecisionRequest();
        entitlementDecisionRequest.setPolicyId(str);
        entitlementDecisionRequest.setSubject(str2);
        return entitlementDecisionRequest;
    }

    private void notifyUser(MessageContext messageContext) {
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        Object property = axis2MessageContext.getProperty("TRANSPORT_HEADERS");
        if (property == null || !(property instanceof Map)) {
            return;
        }
        ((Map) property).clear();
        axis2MessageContext.setProperty("HTTP_SC", "401");
        axis2MessageContext.setProperty("NO_ENTITY_BODY", new Boolean("true"));
        messageContext.setProperty("RESPONSE", "true");
        messageContext.setTo((EndpointReference) null);
        Axis2Sender.sendBack(messageContext);
    }

    private org.apache.axis2.context.MessageContext getAxis2MessageContext(MessageContext messageContext) {
        return ((Axis2MessageContext) messageContext).getAxis2MessageContext();
    }

    private EntitlementService getEntitlementService() {
        return EntitlementServiceFactory.getEntitlementService(this.configuration);
    }
}
