package org.apache.archiva.web.xmlrpc.security;

import java.util.List;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.apache.maven.archiva.security.ArchivaSecurityException;
import org.apache.maven.archiva.security.UserRepositories;
import org.apache.xmlrpc.XmlRpcException;
import org.apache.xmlrpc.XmlRpcRequest;
import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
import org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.authorization.AuthorizationResult;
import org.codehaus.plexus.redback.policy.PolicyViolationException;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.UserNotFoundException;

/* loaded from: input_file:WEB-INF/lib/archiva-xmlrpc-security-1.3.3.jar:org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.class */
public class XmlRpcAuthenticator implements AbstractReflectiveHandlerMapping.AuthenticationHandler {
    private final SecuritySystem securitySystem;
    private UserRepositories userRepositories;
    private String username;

    public XmlRpcAuthenticator(SecuritySystem securitySystem, UserRepositories userRepositories) {
        this.securitySystem = securitySystem;
        this.userRepositories = userRepositories;
    }

    @Override // org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping.AuthenticationHandler
    public boolean isAuthorized(XmlRpcRequest xmlRpcRequest) throws XmlRpcException {
        if (!(xmlRpcRequest.getConfig() instanceof XmlRpcHttpRequestConfigImpl)) {
            throw new XmlRpcException("Unsupported transport (must be http)");
        }
        XmlRpcHttpRequestConfigImpl xmlRpcHttpRequestConfigImpl = (XmlRpcHttpRequestConfigImpl) xmlRpcRequest.getConfig();
        this.username = xmlRpcHttpRequestConfigImpl.getBasicUserName();
        return authorize(authenticate(new PasswordBasedAuthenticationDataSource(this.username, xmlRpcHttpRequestConfigImpl.getBasicPassword())), xmlRpcRequest.getMethodName(), this.username).isAuthorized();
    }

    private SecuritySession authenticate(PasswordBasedAuthenticationDataSource passwordBasedAuthenticationDataSource) throws XmlRpcException {
        try {
            return this.securitySystem.authenticate(passwordBasedAuthenticationDataSource);
        } catch (AuthenticationException e) {
            throw new XmlRpcException(HttpStatus.SC_UNAUTHORIZED, e.getMessage(), e);
        } catch (PolicyViolationException e2) {
            throw new XmlRpcException(HttpStatus.SC_UNAUTHORIZED, e2.getMessage(), e2);
        } catch (UserNotFoundException e3) {
            throw new XmlRpcException(HttpStatus.SC_UNAUTHORIZED, e3.getMessage(), e3);
        }
    }

    private AuthorizationResult authorize(SecuritySession securitySession, String str, String str2) throws XmlRpcException {
        try {
            if (ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_MANAGE_CONFIGURATION.contains(str)) {
                return this.securitySystem.authorize(securitySession, ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION);
            }
            if (ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_RUN_INDEXER.contains(str)) {
                return this.securitySystem.authorize(securitySession, ArchivaRoleConstants.OPERATION_RUN_INDEXER);
            }
            if (!ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_REPOSITORY_ACCESS.contains(str)) {
                return str.equals(ServiceMethodsPermissionsMapping.PING) ? new AuthorizationResult(true, str2, null) : this.securitySystem.authorize(securitySession, ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE);
            }
            try {
                List<String> observableRepositoryIds = this.userRepositories.getObservableRepositoryIds(str2);
                return (observableRepositoryIds == null || observableRepositoryIds.size() <= 1) ? new AuthorizationResult(false, str2, null) : new AuthorizationResult(true, str2, null);
            } catch (ArchivaSecurityException e) {
                throw new XmlRpcException(HttpStatus.SC_UNAUTHORIZED, e.getMessage());
            }
        } catch (AuthorizationException e2) {
            throw new XmlRpcException(HttpStatus.SC_UNAUTHORIZED, e2.getMessage(), e2);
        }
    }

    public String getActiveUser() {
        return this.username;
    }
}
