package org.wso2.carbon.server.admin.module.handler;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.AxisOperation;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.Handler;
import org.apache.axis2.handlers.AbstractHandler;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.server.admin.internal.ServerAdminServiceComponent;
import org.wso2.carbon.user.core.UserRealm;

/* loaded from: input_file:org/wso2/carbon/server/admin/module/handler/AuthorizationHandler.class */
public class AuthorizationHandler extends AbstractHandler {
    private static Log log = LogFactory.getLog(AuthorizationHandler.class.getClass());
    public static final String AUTHZ_FAULT_CODE = "WSO2CarbonAuthorizationFailure";

    public Handler.InvocationResponse invoke(MessageContext messageContext) throws AxisFault {
        if (callToGeneralService(messageContext)) {
            return Handler.InvocationResponse.CONTINUE;
        }
        AxisService axisService = messageContext.getAxisService();
        AxisOperation axisOperation = messageContext.getAxisOperation();
        String localPart = axisOperation.getName().getLocalPart();
        if (axisService.getName().equals("AuthenticationAdminService") && (localPart.equals("login") || localPart.equals("loginWithDelegation") || localPart.equals("logout"))) {
            return Handler.InvocationResponse.CONTINUE;
        }
        Parameter parameter = axisOperation.getParameter("AuthorizationAction");
        Parameter parameter2 = axisOperation.getParameter("AuthorizationResource");
        Parameter parameter3 = axisOperation.getParameter("DoAuthorization");
        String name = axisService.getName();
        String str = null;
        if (parameter3 != null && "false".equals(parameter3.getValue())) {
            return Handler.InvocationResponse.CONTINUE;
        }
        if (parameter != null) {
            try {
                String str2 = (String) parameter.getValue();
                String str3 = parameter2 != null ? (String) parameter2.getValue() : "System";
                HttpSession session = ((HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getSession(false);
                if (session != null) {
                    str = (String) session.getAttribute("wso2carbon.admin.username");
                    UserRealm userRealmDelegating = ServerAdminServiceComponent.getUserRealmDelegating();
                    if (userRealmDelegating != null && !userRealmDelegating.getAuthorizer().isUserAuthorized(str, str3, str2)) {
                        AxisFault axisFault = new AxisFault("Access Denied. You are not authorized.");
                        axisFault.setFaultCode(AUTHZ_FAULT_CODE);
                        throw axisFault;
                    }
                }
            } catch (Exception e) {
                String str4 = "Exception occurred while trying to authorize. " + e.getMessage();
                log.error("System failure while authorizaing the user '" + str + "' to the service '" + name + "' operation '" + localPart + "'", e);
                throw new AxisFault(str4, "50977");
            } catch (AxisFault e2) {
                log.error("Access Denied. Failed authorization attempt to access service '" + name + "' operation '" + localPart + "' by '" + str + "'", e2);
                throw e2;
            } catch (Throwable th) {
                log.error("Exception occurred while trying to authorize.", th);
                throw new AxisFault("Exception occurred while trying to authorize.", "50977");
            }
        }
        return Handler.InvocationResponse.CONTINUE;
    }

    private boolean callToGeneralService(MessageContext messageContext) {
        boolean z = true;
        Parameter parameter = messageContext.getAxisService().getParameter("adminService");
        if (parameter != null && "true".equals(parameter.getValue())) {
            z = false;
        }
        return z;
    }
}
