package org.forgerock.openam.http.authz;

import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.delegation.DelegationEvaluator;
import com.sun.identity.delegation.DelegationPermissionFactory;
import java.util.Map;
import javax.inject.Inject;
import javax.inject.Named;
import org.forgerock.authz.filter.api.AuthorizationResult;
import org.forgerock.http.Filter;
import org.forgerock.http.Handler;
import org.forgerock.http.protocol.Request;
import org.forgerock.http.protocol.Response;
import org.forgerock.http.protocol.Status;
import org.forgerock.json.resource.ForbiddenException;
import org.forgerock.json.resource.InternalServerErrorException;
import org.forgerock.openam.authz.PrivilegeAuthzModule;
import org.forgerock.openam.authz.PrivilegeDefinition;
import org.forgerock.openam.core.CoreWrapper;
import org.forgerock.services.context.Context;
import org.forgerock.util.promise.NeverThrowsException;
import org.forgerock.util.promise.Promise;
import org.forgerock.util.promise.Promises;

/* loaded from: input_file:org/forgerock/openam/http/authz/HttpPrivilegeAuthzModule.class */
public class HttpPrivilegeAuthzModule extends PrivilegeAuthzModule implements Filter {
    @Inject
    public HttpPrivilegeAuthzModule(DelegationEvaluator delegationEvaluator, @Named("HttpPrivilegeDefinitions") Map<String, PrivilegeDefinition> map, DelegationPermissionFactory delegationPermissionFactory, CoreWrapper coreWrapper, SSOTokenManager sSOTokenManager) {
        super(delegationEvaluator, map, delegationPermissionFactory, coreWrapper, sSOTokenManager);
    }

    public Promise<Response, NeverThrowsException> filter(Context context, Request request, Handler handler) {
        String method = request.getMethod();
        PrivilegeDefinition privilegeDefinition = this.actionToDefinition.get(method);
        if (privilegeDefinition == null) {
            return asPromise(new ForbiddenException("No privilege mapping for requested method " + method));
        }
        try {
            AuthorizationResult evaluate = evaluate(context, privilegeDefinition);
            return evaluate.isAuthorized() ? handler.handle(context, request) : asPromise(new ForbiddenException(evaluate.getReason()));
        } catch (InternalServerErrorException e) {
            return asPromise(new ForbiddenException(e.getMessage(), e));
        }
    }

    private Promise<Response, NeverThrowsException> asPromise(ForbiddenException forbiddenException) {
        return Promises.newResultPromise(new Response(Status.FORBIDDEN).setEntity(forbiddenException.toJsonValue().getObject()));
    }
}
