package org.codehaus.redback.xmlrpc.security;

import org.apache.xmlrpc.XmlRpcException;
import org.apache.xmlrpc.XmlRpcRequest;
import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
import org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.authorization.AuthorizationResult;
import org.codehaus.plexus.redback.policy.PolicyViolationException;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.UserNotFoundException;

/* loaded from: input_file:WEB-INF/lib/redback-xmlrpc-security-1.3.jar:org/codehaus/redback/xmlrpc/security/XmlRpcAuthenticator.class */
public class XmlRpcAuthenticator implements AbstractReflectiveHandlerMapping.AuthenticationHandler {
    public static final String USER_MANAGEMENT_USER_CREATE_OPERATION = "user-management-user-create";
    public static final String USER_MANAGEMENT_USER_EDIT_OPERATION = "user-management-user-edit";
    public static final String USER_MANAGEMENT_USER_DELETE_OPERATION = "user-management-user-delete";
    public static final String USER_MANAGEMENT_USER_LIST_OPERATION = "user-management-user-list";
    private final SecuritySystem securitySystem;
    private String username;

    public XmlRpcAuthenticator(SecuritySystem securitySystem) {
        this.securitySystem = securitySystem;
    }

    @Override // org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping.AuthenticationHandler
    public boolean isAuthorized(XmlRpcRequest xmlRpcRequest) throws XmlRpcException {
        if (!(xmlRpcRequest.getConfig() instanceof XmlRpcHttpRequestConfigImpl)) {
            throw new XmlRpcException("Unsupported transport (must be http)");
        }
        XmlRpcHttpRequestConfigImpl xmlRpcHttpRequestConfigImpl = (XmlRpcHttpRequestConfigImpl) xmlRpcRequest.getConfig();
        this.username = xmlRpcHttpRequestConfigImpl.getBasicUserName();
        return authorize(authenticate(new PasswordBasedAuthenticationDataSource(this.username, xmlRpcHttpRequestConfigImpl.getBasicPassword())), xmlRpcRequest.getMethodName(), this.username).isAuthorized();
    }

    private SecuritySession authenticate(PasswordBasedAuthenticationDataSource passwordBasedAuthenticationDataSource) throws XmlRpcException {
        try {
            return this.securitySystem.authenticate(passwordBasedAuthenticationDataSource);
        } catch (AuthenticationException e) {
            throw new XmlRpcException(401, e.getMessage(), e);
        } catch (PolicyViolationException e2) {
            throw new XmlRpcException(401, e2.getMessage(), e2);
        } catch (UserNotFoundException e3) {
            throw new XmlRpcException(401, e3.getMessage(), e3);
        }
    }

    private AuthorizationResult authorize(SecuritySession securitySession, String str, String str2) throws XmlRpcException {
        try {
            if (ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_USER.contains(str)) {
                return this.securitySystem.authorize(securitySession, "user-management-user-create");
            }
            if (ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_ROLE.contains(str) || ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_PERMISSION.contains(str) || ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION.contains(str) || ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_RESOURCE.contains(str)) {
                return this.securitySystem.authorize(securitySession, "user-management-role-grant");
            }
            throw new AuthorizationException("Unauthorized.");
        } catch (AuthorizationException e) {
            throw new XmlRpcException(401, e.getMessage(), e);
        }
    }

    public String getActiveUser() {
        return this.username;
    }
}
