package org.wso2.carbon.apimgt.rest.api.util.interceptors.auth;

import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.wso2.carbon.apimgt.rest.api.util.RestApiConstants;
import org.wso2.carbon.apimgt.rest.api.util.utils.EntitlementServiceClient;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.apimgt.rest.api.util-6.1.105.jar:org/wso2/carbon/apimgt/rest/api/util/interceptors/auth/XACMLAuthenticationInterceptor.class */
public class XACMLAuthenticationInterceptor extends AbstractPhaseInterceptor {
    private static final Log logger = LogFactory.getLog(XACMLAuthenticationInterceptor.class);

    public XACMLAuthenticationInterceptor() {
        super(Phase.PRE_INVOKE);
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(Message message) {
        if (message.get(RestApiConstants.AUTHENTICATION_REQUIRED) == null || Boolean.parseBoolean(RestApiConstants.AUTHENTICATION_REQUIRED)) {
            handleRequest(message, null);
        }
    }

    public boolean handleRequest(Message message, ClassResourceInfo classResourceInfo) {
        if (logger.isDebugEnabled()) {
            logger.debug(String.format("Authenticating request: " + message.getId(), new Object[0]));
        }
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class);
        if (authorizationPolicy == null) {
            logger.error("Authentication failed: Basic authentication header is missing");
            return false;
        }
        String trim = StringUtils.trim(authorizationPolicy.getUserName());
        if (!StringUtils.isEmpty(trim)) {
            return isUserPermitted(trim, (String) message.get(Message.REQUEST_URI), (String) message.get(Message.HTTP_REQUEST_METHOD), null);
        }
        logger.error("Username cannot be null/empty.");
        return false;
    }

    private boolean isUserPermitted(String str, String str2, String str3, String[] strArr) {
        try {
            return new EntitlementServiceClient().validateAction(str, str2, str3, strArr).equalsIgnoreCase("Permit");
        } catch (Exception e) {
            logger.error("Error while validating XACML request" + e);
            return false;
        }
    }
}
