package org.wso2.carbon.identity.entitlement.mediator;

import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axiom.soap.SOAPHeaderBlock;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.mediators.AbstractMediator;
import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.carbon.utils.ServerConfiguration;

/* loaded from: input_file:org/wso2/carbon/identity/entitlement/mediator/EntitlementMediator.class */
public class EntitlementMediator extends AbstractMediator {
    private boolean remote = true;
    private String remoteServiceUserName;
    private String remoteServicePassword;
    private String remoteServiceUrl;
    private String callbackClass;
    private static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
    private static final String WSSE_LN = "Security";
    private static final QName SEC_HEADER = new QName(WSSE_NS, WSSE_LN);
    private static final String USERNAME_TOKEN_LN = "UsernameToken";
    private static final QName USERNAME_TOKEN = new QName(WSSE_NS, USERNAME_TOKEN_LN);
    private static final String USERNAME_LN = "Username";
    private static final QName USERNAME = new QName(WSSE_NS, USERNAME_LN);
    private static final Log log = LogFactory.getLog(EntitlementMediator.class);

    public String getCallbackClass() {
        return this.callbackClass;
    }

    public void setCallbackClass(String str) {
        this.callbackClass = str;
    }

    public boolean isRemote() {
        return this.remote;
    }

    public void setRemote(boolean z) {
        this.remote = z;
    }

    public String getRemoteServiceUserName() {
        return this.remoteServiceUserName;
    }

    public void setRemoteServiceUserName(String str) {
        this.remoteServiceUserName = str;
    }

    public String getRemoteServicePassword() {
        return this.remoteServicePassword;
    }

    public void setRemoteServicePassword(String str) {
        this.remoteServicePassword = str;
    }

    public String getRemoteServiceUrl() {
        return this.remoteServiceUrl;
    }

    public void setRemoteServiceUrl(String str) {
        this.remoteServiceUrl = str;
    }

    public boolean mediate(MessageContext messageContext) {
        String userName;
        String findServiceName;
        String findOperationName;
        org.apache.axis2.context.MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
        String firstProperty = ServerConfiguration.getInstance().getFirstProperty("ServerURL");
        EntitlementCallbackHandler entitlementCallbackHandler = null;
        if (log.isDebugEnabled()) {
            log.debug("Mediation for Entitlement started");
        }
        try {
            if (this.callbackClass != null && this.callbackClass.trim().length() > 0) {
                entitlementCallbackHandler = getCallbackHandler(this.callbackClass);
            }
            if (entitlementCallbackHandler != null) {
                userName = entitlementCallbackHandler.getUserName(messageContext.getEnvelope());
                findServiceName = entitlementCallbackHandler.findServiceName(messageContext);
                findOperationName = entitlementCallbackHandler.findOperationName(messageContext);
            } else {
                userName = getUserName(messageContext.getEnvelope());
                findServiceName = findServiceName(messageContext);
                findOperationName = findOperationName(messageContext);
            }
            if (userName == null) {
                log.error("User name not provided for the Entitlement mediator - can't proceed");
                return false;
            }
            ConfigurationContext configurationContext = axis2MessageContext.getConfigurationContext();
            String decision = new EntitlementServiceClient(this.remoteServiceUrl, configurationContext, this.remoteServiceUserName, this.remoteServicePassword, getServerURL(firstProperty, configurationContext)).getDecision(userName, null, findServiceName + "/" + findOperationName);
            if ("Permit".equals(decision)) {
                return true;
            }
            if (log.isDebugEnabled()) {
                log.debug("User not authorized to perform the action :" + decision);
            }
            return false;
        } catch (java.lang.Exception e) {
            log.error("Error occured while evaluating the policy", e);
            return false;
        }
    }

    private String getUserName(SOAPEnvelope sOAPEnvelope) {
        OMElement firstChildWithName;
        OMElement firstChildWithName2;
        SOAPHeaderBlock secHeader = getSecHeader(sOAPEnvelope);
        if (secHeader == null || (firstChildWithName = secHeader.getFirstChildWithName(USERNAME_TOKEN)) == null || (firstChildWithName2 = firstChildWithName.getFirstChildWithName(USERNAME)) == null) {
            return null;
        }
        return firstChildWithName2.getText().trim();
    }

    private SOAPHeaderBlock getSecHeader(SOAPEnvelope sOAPEnvelope) {
        SOAPHeader header = sOAPEnvelope.getHeader();
        if (header != null) {
            return header.getFirstChildWithName(SEC_HEADER);
        }
        return null;
    }

    private String findOperationName(MessageContext messageContext) throws AxisFault {
        return ((Axis2MessageContext) messageContext).getAxis2MessageContext().getEnvelope().getSOAPBodyFirstElementLocalName();
    }

    private static String getServerURL(String str, ConfigurationContext configurationContext) {
        if (str.indexOf("${carbon.https.port}") != -1) {
            str = str.replace("${carbon.https.port}", CarbonUtils.getTransportPort(configurationContext, "https") + "");
        }
        if (str.indexOf("${carbon.management.port}") != -1) {
            str = str.replace("${carbon.management.port}", CarbonUtils.getTransportPort(configurationContext, "https") + "");
        }
        if (str.indexOf("${carbon.context}") != -1) {
            str = str.replace("${carbon.context}", "");
        }
        return str;
    }

    private String findServiceName(MessageContext messageContext) throws AxisFault {
        return ((Axis2MessageContext) messageContext).getTo().getAddress();
    }

    public EntitlementCallbackHandler getCallbackHandler(String str) throws AxisFault {
        try {
            return (EntitlementCallbackHandler) Thread.currentThread().getContextClassLoader().loadClass(str).newInstance();
        } catch (java.lang.Exception e) {
            log.error("Error occured while loading " + str, e);
            return null;
        }
    }
}
