package org.wso2.carbon.identity.authz.valve;

import java.io.IOException;
import javax.servlet.ServletException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.auth.service.AuthenticationContext;
import org.wso2.carbon.identity.auth.service.handler.HandlerManager;
import org.wso2.carbon.identity.auth.service.module.ResourceConfig;
import org.wso2.carbon.identity.authz.service.AuthorizationContext;
import org.wso2.carbon.identity.authz.service.AuthorizationStatus;
import org.wso2.carbon.identity.authz.service.exception.AuthzServiceServerException;
import org.wso2.carbon.identity.authz.valve.internal.AuthorizationValveServiceHolder;

/* loaded from: input_file:org/wso2/carbon/identity/authz/valve/AuthorizationValve.class */
public class AuthorizationValve extends ValveBase {
    private static final String AUTH_HEADER_NAME = "WWW-Authenticate";
    private static final String AUTH_CONTEXT = "auth-context";
    private static final Log log = LogFactory.getLog(AuthorizationValve.class);

    public void invoke(Request request, Response response) throws IOException, ServletException {
        request.getRequestURI();
        AuthenticationContext authenticationContext = (AuthenticationContext) request.getAttribute(AUTH_CONTEXT);
        if (authenticationContext == null || authenticationContext.getUser() == null || !StringUtils.isNotEmpty(authenticationContext.getUser().getUserName())) {
            getNext().invoke(request, response);
            return;
        }
        ResourceConfig resourceConfig = authenticationContext.getResourceConfig();
        String contextPath = request.getContextPath();
        String method = request.getMethod();
        AuthorizationContext authorizationContext = new AuthorizationContext();
        if (resourceConfig != null && StringUtils.isNotEmpty(resourceConfig.getPermissions())) {
            authorizationContext.setPermissionString(resourceConfig.getPermissions());
        }
        authorizationContext.setContext(contextPath);
        authorizationContext.setHttpMethods(method);
        authorizationContext.setUserName(authenticationContext.getUser().getUserName());
        try {
            if (HandlerManager.getInstance().getFirstPriorityHandler(AuthorizationValveServiceHolder.getInstance().getAuthorizationManagerList(), true).authorize(authorizationContext).getAuthorizationStatus().equals(AuthorizationStatus.GRANT)) {
                getNext().invoke(request, response);
            } else {
                handleErrorResponse(authenticationContext, response, 403);
            }
        } catch (AuthzServiceServerException e) {
            handleErrorResponse(authenticationContext, response, 400);
        }
    }

    private void handleErrorResponse(AuthenticationContext authenticationContext, Response response, int i) throws IOException {
        StringBuilder sb = new StringBuilder(16);
        sb.append("realm user=\"");
        if (authenticationContext.getUser() != null) {
            sb.append(authenticationContext.getUser().getUserName());
        }
        sb.append('\"');
        response.setHeader(AUTH_HEADER_NAME, sb.toString());
        response.sendError(i);
    }
}
