package org.wso2.carbon.webapp.authenticator.framework.authorizer;

import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;

/* loaded from: input_file:org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizationValve.class */
public class PermissionAuthorizationValve extends CarbonTomcatValve {
    private static final Log log = LogFactory.getLog(PermissionAuthorizationValve.class);
    private static final String AUTHORIZATION_ENABLED = "authorization-enabled";

    public void invoke(Request request, Response response, CompositeValve compositeValve) {
        String findParameter = request.getContext().findParameter(AUTHORIZATION_ENABLED);
        if (findParameter == null || findParameter.isEmpty()) {
            processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
        } else {
            if (!Boolean.valueOf(findParameter).booleanValue()) {
                processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug("Checking permission of request: " + request.getRequestURI());
            }
            processResponse(request, response, compositeValve, new PermissionAuthorizer().authorize(request, response));
        }
    }

    private void processResponse(Request request, Response response, CompositeValve compositeValve, WebappAuthenticator.Status status) {
        switch (status) {
            case SUCCESS:
            case CONTINUE:
                getNext().invoke(request, response, compositeValve);
                return;
            case FAILURE:
                log.error("Failed to authorize incoming request");
                AuthenticationFrameworkUtil.handleResponse(request, response, 401, "Failed to authorize incoming request");
                return;
            default:
                return;
        }
    }
}
