package org.wso2.carbon.security.util;

import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSPasswordCallback;
import org.wso2.carbon.core.util.AnonymousSessionUtil;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.core.util.CryptoUtil;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.security.SecurityConfigException;
import org.wso2.carbon.security.SecurityConstants;
import org.wso2.carbon.security.SecurityServiceHolder;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.utils.TenantUtils;

/* loaded from: input_file:org/wso2/carbon/security/util/ServicePasswordCallbackHandler.class */
public class ServicePasswordCallbackHandler implements CallbackHandler {
    private static final Log log = LogFactory.getLog(ServicePasswordCallbackHandler.class);
    private String serviceId;
    private Registry registry;
    private UserRealm realm;
    private String servicePath;

    public ServicePasswordCallbackHandler(String str, String str2, Registry registry, UserRealm userRealm) throws RegistryException, SecurityConfigException {
        this.serviceId = null;
        this.registry = null;
        this.realm = null;
        this.servicePath = null;
        this.registry = registry;
        this.serviceId = str;
        this.realm = userRealm;
        this.servicePath = str2;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:8:0x0025. Please report as an issue. */
    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbackArr.length; i++) {
            try {
                if (!(callbackArr[i] instanceof WSPasswordCallback)) {
                    throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
                }
                WSPasswordCallback wSPasswordCallback = (WSPasswordCallback) callbackArr[i];
                String identifer = wSPasswordCallback.getIdentifer();
                switch (wSPasswordCallback.getUsage()) {
                    case 1:
                    case 3:
                        String privateKeyPassword = getPrivateKeyPassword(identifer);
                        if (privateKeyPassword == null) {
                            throw new UnsupportedCallbackException(callbackArr[i], "User not available in a trusted store");
                        }
                        wSPasswordCallback.setPassword(privateKeyPassword);
                    case 2:
                    case 4:
                    case 6:
                    case 7:
                    case 8:
                    default:
                        wSPasswordCallback.setPassword((String) null);
                    case 5:
                        String password = wSPasswordCallback.getPassword();
                        if (password != null) {
                            try {
                                if (authenticateUser(identifer, password)) {
                                }
                            } catch (Exception e) {
                                throw new UnsupportedCallbackException(callbackArr[i], "Check failed : System error");
                            }
                        }
                        throw new UnsupportedCallbackException(callbackArr[i], "check failed");
                    case 9:
                        wSPasswordCallback.setPassword(getServicePrincipalPassword());
                }
            } catch (IOException e2) {
                log.error(e2.getMessage(), e2);
                throw e2;
            } catch (UnsupportedCallbackException e3) {
                if (!log.isDebugEnabled()) {
                    throw e3;
                }
                log.debug(e3.getMessage(), e3);
                throw e3;
            } catch (Exception e4) {
                log.error(e4.getMessage(), e4);
                throw new UnsupportedCallbackException(null, e4.getMessage());
            }
        }
    }

    private String getServicePrincipalPassword() throws RegistryException, SecurityConfigException {
        String str = (this.servicePath + "/" + RampartConfigUtil.KERBEROS_CONFIG_RESOURCE) + "/service.principal.password";
        if (!this.registry.resourceExists(str)) {
            String str2 = "Unable to find service principle password registry resource in path " + str;
            log.error(str2);
            throw new SecurityConfigException(str2);
        }
        Resource resource = this.registry.get(str);
        if (resource == null) {
            StringBuilder append = new StringBuilder("Retrieved principal resource is null in registry path ").append(str).append(" for property ").append("service.principal.password");
            log.error(append.toString());
            throw new SecurityConfigException(append.toString());
        }
        String property = resource.getProperty("service.principal.password");
        if (property != null) {
            return getDecryptedPassword(property);
        }
        StringBuilder append2 = new StringBuilder("Retrieved principal password is null in registry path ").append(str).append(" for property ").append("service.principal.password");
        log.error(append2.toString());
        throw new SecurityConfigException(append2.toString());
    }

    private String getDecryptedPassword(String str) throws SecurityConfigException {
        try {
            return new String(CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(str));
        } catch (CryptoException e) {
            log.error("Unable to decode and decrypt password string.", e);
            throw new SecurityConfigException("Unable to decode and decrypt password string.", e);
        }
    }

    public boolean authenticateUser(String str, String str2) throws Exception {
        boolean z = false;
        String tenantAwareUsername = TenantUtils.getTenantAwareUsername(str);
        try {
            UserRealm realmByUserName = AnonymousSessionUtil.getRealmByUserName(SecurityServiceHolder.getRegistryService(), SecurityServiceHolder.getRealmService(), str);
            if (realmByUserName.getAuthorizationManager().isUserAuthorized(tenantAwareUsername, this.servicePath, "invoke-service")) {
                z = realmByUserName.getUserStoreManager().authenticate(tenantAwareUsername, str2);
            }
            return z;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw e;
        }
    }

    private String getPrivateKeyPassword(String str) throws IOException, Exception {
        String str2 = null;
        int tenantId = this.registry.getTenantId();
        UserRegistry governanceSystemRegistry = SecurityServiceHolder.getRegistryService().getGovernanceSystemRegistry(tenantId);
        try {
            KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(governanceSystemRegistry);
            if (governanceSystemRegistry.resourceExists(SecurityConstants.KEY_STORES)) {
                String[] children = governanceSystemRegistry.get(SecurityConstants.KEY_STORES).getChildren();
                int i = 0;
                while (true) {
                    if (i >= children.length) {
                        break;
                    }
                    String str3 = children[i];
                    if (tenantId == 0 && str3.equals("/repository/security/key-stores/carbon-primary-ks")) {
                        if (keyStoreManager.getPrimaryKeyStore().containsAlias(str)) {
                            str2 = keyStoreManager.getPrimaryPrivateKeyPasssword();
                            break;
                        }
                        i++;
                    } else {
                        if (keyStoreManager.getKeyStore(str3.substring(str3.lastIndexOf("/") + 1)).containsAlias(str)) {
                            str2 = new String(CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(governanceSystemRegistry.get(children[i]).getProperty(SecurityConstants.PROP_PRIVATE_KEY_PASS)));
                            break;
                        }
                        i++;
                    }
                }
            }
            return str2;
        } catch (IOException e) {
            log.error(e.getMessage(), e);
            throw e;
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw e2;
        }
    }
}
