package it.geosolutions.geostore.services.rest.utils;

import it.geosolutions.geostore.core.model.User;
import it.geosolutions.geostore.core.security.password.PwEncoder;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.interceptor.security.AccessDeniedException;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.security.SecurityContext;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:it/geosolutions/geostore/services/rest/utils/AbstractGeoStoreAuthenticationInterceptor.class */
public abstract class AbstractGeoStoreAuthenticationInterceptor extends AbstractPhaseInterceptor<Message> {
    protected static final Logger LOGGER = LogManager.getLogger(AbstractGeoStoreAuthenticationInterceptor.class);

    public AbstractGeoStoreAuthenticationInterceptor() {
        super("unmarshal");
    }

    public void handleMessage(Message message) throws Fault {
        if (LOGGER.isInfoEnabled()) {
            LOGGER.info("In handleMessage");
            LOGGER.info("Message --> " + String.valueOf(message));
        }
        User user = null;
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class);
        if (authorizationPolicy != null) {
            String userName = authorizationPolicy.getUserName();
            String password = authorizationPolicy.getPassword();
            if (password == null) {
                password = "";
            }
            if (LOGGER.isInfoEnabled()) {
                LOGGER.info("Requesting user: " + userName);
            }
            try {
                user = getUser(userName, message);
                if (!PwEncoder.isPasswordValid(user.getPassword(), password)) {
                    if (LOGGER.isInfoEnabled()) {
                        LOGGER.info("Bad pw for user {}", userName);
                    }
                    throw new AccessDeniedException("Not authorized");
                }
            } catch (Exception e) {
                LOGGER.error("Exception while checking pw: {}", userName, e);
                throw new AccessDeniedException("Authorization error");
            }
        } else if (LOGGER.isInfoEnabled()) {
            LOGGER.info("No requesting user -- GUEST access");
        }
        GeoStoreSecurityContext geoStoreSecurityContext = new GeoStoreSecurityContext();
        geoStoreSecurityContext.setPrincipal(user != null ? new GeoStorePrincipal(user) : GeoStorePrincipal.createGuest());
        message.put(SecurityContext.class, geoStoreSecurityContext);
    }

    protected abstract User getUser(String str, Message message);
}
