package org.wso2.carbon.server.admin.module.handler;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.AxisOperation;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.Handler;
import org.apache.axis2.handlers.AbstractHandler;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.user.core.AuthorizationManager;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.utils.CarbonUtils;

/* loaded from: input_file:org/wso2/carbon/server/admin/module/handler/AuthorizationHandler.class */
public class AuthorizationHandler extends AbstractHandler {
    private static Log log = LogFactory.getLog(AuthorizationHandler.class.getClass());
    private static Log audit = CarbonConstants.AUDIT_LOG;

    public Handler.InvocationResponse invoke(MessageContext messageContext) throws AxisFault {
        if (callToGeneralService(messageContext) || skipAuthentication(messageContext)) {
            return Handler.InvocationResponse.CONTINUE;
        }
        if (CarbonUtils.isWorkerNode()) {
            ((HttpServletResponse) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETRESPONSE)).setStatus(403);
            log.error("Invoking admin services on worker node is forbidden...");
            return Handler.InvocationResponse.ABORT;
        }
        CarbonContext threadLocalCarbonContext = CarbonContext.getThreadLocalCarbonContext();
        AxisService axisService = messageContext.getAxisService();
        AxisOperation axisOperation = messageContext.getAxisOperation();
        String localPart = axisOperation.getName().getLocalPart();
        Parameter parameter = axisOperation.getParameter("AuthorizationAction");
        if (parameter == null) {
            audit.warn("Unauthorized call by tenant " + threadLocalCarbonContext.getTenantDomain() + ",user " + threadLocalCarbonContext.getUsername() + " to service:" + axisService.getName() + ",operation:" + localPart);
            throw new AxisFault("Unauthorized call!. AuthorizationAction has not been specified for service:" + axisService.getName() + ", operation:" + localPart);
        }
        String name = axisService.getName();
        try {
            String trim = ((String) parameter.getValue()).trim();
            String str = null;
            String str2 = null;
            if (trim.startsWith("/")) {
                str = trim;
                str2 = "ui.execute";
            }
            doAuthorization(messageContext, str, str2, name, localPart);
            return Handler.InvocationResponse.CONTINUE;
        } catch (AxisFault e) {
            throw e;
        } catch (Throwable th) {
            log.error("System failure." + th.getMessage(), th);
            throw new AxisFault("System failure.", "50978");
        }
    }

    private void doAuthorization(MessageContext messageContext, String str, String str2, String str3, String str4) throws AxisFault {
        HttpSession session = ((HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getSession(false);
        if (session != null) {
            try {
                String str5 = (String) session.getAttribute("wso2carbon.admin.logged.in");
                UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
                if (userRealm == null) {
                    log.error("The realm is null for username: " + str5 + ".");
                    throw new AxisFault("System failed to authorize.", "50978");
                }
                if (!isAuthorized(userRealm.getAuthorizationManager(), str5, str.trim(), str2)) {
                    log.error("Access Denied. Failed authorization attempt to access service '" + str3 + "' operation '" + str4 + "' by '" + str5 + "'");
                    AxisFault axisFault = new AxisFault("Access Denied.");
                    axisFault.setFaultCode("50978");
                    throw axisFault;
                }
            } catch (AxisFault e) {
                throw e;
            } catch (Exception e2) {
                log.error("System failed to authorize." + e2.getMessage(), e2);
                throw new AxisFault("System failed to authorize.", "50978");
            }
        }
    }

    private boolean isAuthorized(AuthorizationManager authorizationManager, String str, String str2, String str3) throws UserStoreException {
        boolean z = false;
        String[] split = str2.trim().split(",");
        int length = split.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (authorizationManager.isUserAuthorized(str, split[i], str3)) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    private boolean callToGeneralService(MessageContext messageContext) {
        boolean z = true;
        Parameter parameter = messageContext.getAxisService().getParameter("adminService");
        if (parameter != null && "true".equals(parameter.getValue())) {
            z = false;
        }
        return z;
    }

    private boolean skipAuthentication(MessageContext messageContext) {
        boolean z = false;
        Parameter parameter = messageContext.getAxisOperation().getParameter("DoAuthentication");
        if (parameter != null && "false".equals(parameter.getValue())) {
            z = true;
        }
        return z;
    }
}
