package org.wso2.carbon.event.broker.services;

import java.util.ArrayList;
import java.util.Arrays;
import org.apache.axis2.AxisFault;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonException;
import org.wso2.carbon.core.util.AdminServicesUtil;
import org.wso2.carbon.event.broker.BrokerConstants;
import org.wso2.carbon.event.broker.CarbonEventBroker;
import org.wso2.carbon.event.broker.internal.EventBrokerServiceComponent;
import org.wso2.carbon.event.broker.utils.EventBrokerUtils;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.user.core.AuthorizationManager;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.event.TopicNode;
import org.wso2.event.exceptions.EventException;

/* loaded from: input_file:org/wso2/carbon/event/broker/services/BrokerSecurityManager.class */
public class BrokerSecurityManager {
    private static final String AUTH_WRITE_ACTION = "write";
    private static Log log = LogFactory.getLog(BrokerSecurityManager.class);
    private static final String TOPIC_NAME = "topicName";
    private static final String TOPIC_OWNER = "topicOwner";

    public String defineSecureTopic(String str, String[] strArr, String[] strArr2) throws AxisFault {
        String[] strArr3;
        try {
            UserRegistry configurationRegistry = EventBrokerServiceComponent.getConfigurationRegistry();
            if (!configurationRegistry.resourceExists(BrokerConstants.SECURE_TOPIC_STORAGE)) {
                configurationRegistry.put(BrokerConstants.SECURE_TOPIC_STORAGE, configurationRegistry.newCollection());
            }
            String secureTopicRegistryPath = EventBrokerUtils.getSecureTopicRegistryPath(str);
            if (configurationRegistry.resourceExists(secureTopicRegistryPath)) {
                throw new AxisFault("A secure topic " + secureTopicRegistryPath + " already exists");
            }
            Resource newResource = configurationRegistry.newResource();
            newResource.setContent("");
            newResource.setProperty(TOPIC_NAME, str);
            newResource.setProperty(TOPIC_OWNER, EventBrokerUtils.getLoggedInUserName());
            configurationRegistry.put(secureTopicRegistryPath, newResource);
            if (strArr != null) {
                String[] strArr4 = new String[strArr.length + 1];
                System.arraycopy(strArr, 0, strArr4, 0, strArr.length);
                strArr4[strArr.length] = EventBrokerUtils.getLoggedInUserName();
                strArr3 = strArr4;
            } else {
                strArr3 = new String[]{EventBrokerUtils.getLoggedInUserName()};
            }
            log.info("created secure topic " + str);
            shareATopic(str, strArr3, strArr2);
            return "Sucess";
        } catch (RegistryException e) {
            throw AxisFault.makeFault(e);
        }
    }

    public String deleteSecureTopic(String str) throws AxisFault {
        try {
            UserRegistry configurationRegistry = EventBrokerServiceComponent.getConfigurationRegistry();
            AuthorizationManager authorizationManager = AdminServicesUtil.getUserRealm().getAuthorizationManager();
            if (!configurationRegistry.resourceExists(BrokerConstants.SECURE_TOPIC_STORAGE)) {
                configurationRegistry.put(BrokerConstants.SECURE_TOPIC_STORAGE, configurationRegistry.newCollection());
            }
            String secureTopicRegistryPath = EventBrokerUtils.getSecureTopicRegistryPath(str);
            if (!configurationRegistry.resourceExists(secureTopicRegistryPath)) {
                throw new AxisFault("A secure topic " + secureTopicRegistryPath + " does not exists");
            }
            if (!configurationRegistry.get(secureTopicRegistryPath).getProperty(TOPIC_OWNER).equals(EventBrokerUtils.getLoggedInUserName())) {
                throw new AxisFault("Permission denied " + EventBrokerUtils.getLoggedInUserName() + " cannot access " + str);
            }
            String secureTopicPermissionPath = EventBrokerUtils.getSecureTopicPermissionPath(str);
            revokeATopic(str, authorizationManager.getExplicitlyAllowedUsersForResource(secureTopicPermissionPath, AUTH_WRITE_ACTION), authorizationManager.getAllowedRolesForResource(secureTopicPermissionPath, AUTH_WRITE_ACTION));
            configurationRegistry.delete(secureTopicRegistryPath);
            return "Sucess";
        } catch (UserStoreException e) {
            throw AxisFault.makeFault(e);
        } catch (CarbonException e2) {
            throw AxisFault.makeFault(e2);
        } catch (RegistryException e3) {
            throw AxisFault.makeFault(e3);
        }
    }

    public String shareATopic(String str, String[] strArr, String[] strArr2) throws AxisFault {
        try {
            UserRegistry configurationRegistry = EventBrokerServiceComponent.getConfigurationRegistry();
            String secureTopicRegistryPath = EventBrokerUtils.getSecureTopicRegistryPath(str);
            if (!configurationRegistry.resourceExists(secureTopicRegistryPath)) {
                throw new AxisFault("Permission denied " + EventBrokerUtils.getLoggedInUserName() + " cannot access " + str);
            }
            if (!configurationRegistry.get(secureTopicRegistryPath).getProperty(TOPIC_OWNER).equals(EventBrokerUtils.getLoggedInUserName())) {
                throw new AxisFault("Permission denied " + EventBrokerUtils.getLoggedInUserName() + " cannot access " + str);
            }
            AuthorizationManager authorizationManager = AdminServicesUtil.getUserRealm().getAuthorizationManager();
            String secureTopicPermissionPath = EventBrokerUtils.getSecureTopicPermissionPath(str);
            if (strArr != null) {
                for (String str2 : strArr) {
                    authorizationManager.authorizeUser(str2, secureTopicPermissionPath, AUTH_WRITE_ACTION);
                    System.out.println("authorize " + str2 + " for " + secureTopicPermissionPath);
                }
            }
            if (strArr2 != null) {
                for (String str3 : strArr2) {
                    authorizationManager.authorizeRole(str3, secureTopicPermissionPath, AUTH_WRITE_ACTION);
                }
            }
            log.info("share the topic " + str + " with " + Arrays.toString(strArr) + (strArr2 != null ? strArr2 : ""));
            return "Sucess";
        } catch (CarbonException e) {
            throw AxisFault.makeFault(e);
        } catch (RegistryException e2) {
            throw AxisFault.makeFault(e2);
        } catch (UserStoreException e3) {
            throw AxisFault.makeFault(e3);
        }
    }

    public String revokeATopic(String str, String[] strArr, String[] strArr2) throws AxisFault {
        try {
            UserRegistry configurationRegistry = EventBrokerServiceComponent.getConfigurationRegistry();
            String secureTopicRegistryPath = EventBrokerUtils.getSecureTopicRegistryPath(str);
            if (!configurationRegistry.resourceExists(secureTopicRegistryPath)) {
                throw new AxisFault("Permission denied " + EventBrokerUtils.getLoggedInUserName() + " cannot access " + str);
            }
            if (!configurationRegistry.get(secureTopicRegistryPath).getProperty(TOPIC_OWNER).equals(EventBrokerUtils.getLoggedInUserName())) {
                throw new AxisFault("Permission denied " + EventBrokerUtils.getLoggedInUserName() + " cannot access " + str);
            }
            AuthorizationManager authorizationManager = AdminServicesUtil.getUserRealm().getAuthorizationManager();
            String secureTopicPermissionPath = EventBrokerUtils.getSecureTopicPermissionPath(str);
            if (strArr != null) {
                for (String str2 : strArr) {
                    if (!EventBrokerUtils.isSystemDefinedUser(str2)) {
                        authorizationManager.clearUserAuthorization(str2, secureTopicPermissionPath, AUTH_WRITE_ACTION);
                    }
                }
            }
            if (strArr2 == null) {
                return "Sucess";
            }
            for (String str3 : strArr2) {
                if (!EventBrokerUtils.isSystemAllowedRole(str3)) {
                    authorizationManager.clearRoleAuthorization(str3, secureTopicPermissionPath, AUTH_WRITE_ACTION);
                }
            }
            return "Sucess";
        } catch (UserStoreException e) {
            throw AxisFault.makeFault(e);
        } catch (CarbonException e2) {
            throw AxisFault.makeFault(e2);
        } catch (RegistryException e3) {
            throw AxisFault.makeFault(e3);
        }
    }

    public SecureTopic[] getAllSecureTopics() throws AxisFault {
        try {
            String str = BrokerConstants.SECURE_TOPIC_STORAGE;
            UserRegistry configurationRegistry = EventBrokerServiceComponent.getConfigurationRegistry();
            UserRealm userRealm = configurationRegistry.getUserRealm();
            if (!configurationRegistry.resourceExists(BrokerConstants.SECURE_TOPIC_STORAGE)) {
                configurationRegistry.put(BrokerConstants.SECURE_TOPIC_STORAGE, configurationRegistry.newCollection());
            }
            String[] children = configurationRegistry.get(str).getChildren();
            ArrayList arrayList = new ArrayList();
            for (String str2 : children) {
                Resource resource = configurationRegistry.get(str2);
                if (resource != null) {
                    String loggedInUserName = EventBrokerUtils.getLoggedInUserName();
                    String property = resource.getProperty(TOPIC_NAME);
                    String secureTopicPermissionPath = EventBrokerUtils.getSecureTopicPermissionPath(property);
                    System.out.println("test " + loggedInUserName + " for " + secureTopicPermissionPath);
                    AuthorizationManager authorizationManager = userRealm.getAuthorizationManager();
                    if (authorizationManager.isUserAuthorized(loggedInUserName, secureTopicPermissionPath, AUTH_WRITE_ACTION)) {
                        SecureTopic secureTopic = new SecureTopic();
                        secureTopic.setTopicName(property);
                        secureTopic.setAcessibleRoles(authorizationManager.getAllowedRolesForResource(secureTopicPermissionPath, AUTH_WRITE_ACTION));
                        secureTopic.setAccessibleUsers(authorizationManager.getExplicitlyAllowedUsersForResource(secureTopicPermissionPath, AUTH_WRITE_ACTION));
                        arrayList.add(secureTopic);
                    }
                }
            }
            return (SecureTopic[]) arrayList.toArray(new SecureTopic[0]);
        } catch (UserStoreException e) {
            throw AxisFault.makeFault(e);
        } catch (RegistryException e2) {
            throw AxisFault.makeFault(e2);
        }
    }

    public TopicNode getAllTopics() throws AxisFault {
        try {
            return CarbonEventBroker.getInstance().getSubscriptionManager().getTopicTree();
        } catch (EventException e) {
            throw AxisFault.makeFault(e);
        }
    }
}
