package org.wso2.carbon.security.internal;

import java.util.Iterator;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.BundleActivator;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
import org.wso2.authenticator.jdbc.JDBCAuthenticator;
import org.wso2.authenticator.ldap.LDAPAuthenticator;
import org.wso2.carbon.registry.service.RegistryService;
import org.wso2.carbon.security.SecurityConfigException;
import org.wso2.carbon.security.SecurityConstants;
import org.wso2.carbon.security.SecurityParameterLoader;
import org.wso2.carbon.security.SecurityScenario;
import org.wso2.carbon.security.SecurityScenarioDatabase;
import org.wso2.carbon.security.SecurityServiceTracker;
import org.wso2.carbon.security.userstore.DefaultAuthenticator;
import org.wso2.carbon.security.util.XmlConfiguration;
import org.wso2.registry.Association;
import org.wso2.registry.Registry;
import org.wso2.registry.Resource;
import org.wso2.registry.ResourceImpl;

/* loaded from: input_file:org/wso2/carbon/security/internal/Activator.class */
public class Activator implements BundleActivator {
    private static final Log log = LogFactory.getLog(Activator.class);

    public void start(BundleContext bundleContext) throws Exception {
        if (log.isDebugEnabled()) {
            log.debug("********* Security starting ****");
        }
        bundleContext.getBundle();
        try {
            ServiceReference serviceReference = bundleContext.getServiceReference(RegistryService.class.getName());
            if (serviceReference == null) {
                log.debug("WSO2 Registry is not available");
                throw new SecurityConfigException("registryNotAvailable");
            }
            RegistryService registryService = (RegistryService) bundleContext.getService(serviceReference);
            log.debug("WSO2 Registry is available : " + registryService.getSystemRegistry());
            Registry systemRegistry = registryService.getSystemRegistry();
            loadSecurityScenarios(systemRegistry, bundleContext);
            configureUserStores(systemRegistry);
            bundleContext.addServiceListener(new SecurityParameterLoader(bundleContext), "(&(objectClass=" + ConfigurationContext.class.getName() + "))");
            SecurityServiceTracker.init(bundleContext);
        } catch (Exception e) {
            log.error("Error initializing the org.wso2.carbon.security component", e);
            throw new SecurityConfigException("initializationError", e);
        }
    }

    public void stop(BundleContext bundleContext) throws Exception {
    }

    private void loadSecurityScenarios(Registry registry, BundleContext bundleContext) throws Exception {
        for (OMElement oMElement : new XmlConfiguration(bundleContext.getBundle().getResource("scenario-config.xml").openStream(), SecurityConstants.SECURITY_NAMESPACE).getElements("//ns:Scenario")) {
            SecurityScenario securityScenario = new SecurityScenario();
            String attributeValue = oMElement.getAttribute(SecurityConstants.ID_QN).getAttributeValue();
            securityScenario.setScenarioId(attributeValue);
            securityScenario.setSummary(oMElement.getFirstChildWithName(SecurityConstants.SUMMARY_QN).getText());
            securityScenario.setDescription(oMElement.getFirstChildWithName(SecurityConstants.DESCRIPTION_QN).getText());
            securityScenario.setCategory(oMElement.getFirstChildWithName(SecurityConstants.CATEGORY_QN).getText());
            securityScenario.setWsuId(oMElement.getFirstChildWithName(SecurityConstants.WSUID_QN).getText());
            String str = "/org/wso2/carbon/security/policy/" + attributeValue;
            Iterator childElements = oMElement.getFirstChildWithName(SecurityConstants.MODULES_QN).getChildElements();
            while (childElements.hasNext()) {
                securityScenario.addModule(((OMElement) childElements.next()).getText());
            }
            SecurityScenarioDatabase.put(attributeValue, securityScenario);
            if (registry.resourceExists(str)) {
                for (Association association : registry.getAssociations(str, "service-secpolicy")) {
                    String destinationPath = association.getDestinationPath();
                    securityScenario.addService(destinationPath.substring(destinationPath.lastIndexOf("/") + 1));
                }
            } else if (!attributeValue.equals(SecurityConstants.SCENARIO_DISABLE_SECURITY)) {
                ResourceImpl resourceImpl = new ResourceImpl();
                resourceImpl.setContentStream(bundleContext.getBundle().getResource(attributeValue + "-policy.xml").openStream());
                registry.put(str, resourceImpl);
            }
        }
    }

    private void configureUserStores(Registry registry) throws Exception {
        if (!registry.resourceExists(SecurityConstants.USER_STORES)) {
            Resource newResource = registry.newResource();
            newResource.addProperty(SecurityConstants.PROP_AUTHENTICATOR_CLASS, JDBCAuthenticator.class.getName());
            registry.put(SecurityConstants.JDBC_AUTHENTICATOR_REALM, newResource);
            Resource newResource2 = registry.newResource();
            newResource2.addProperty(SecurityConstants.PROP_AUTHENTICATOR_CLASS, LDAPAuthenticator.class.getName());
            registry.put(SecurityConstants.LDAP_AUTHENTICATOR_REALM, newResource2);
            Resource newResource3 = registry.newResource();
            newResource3.addProperty(SecurityConstants.PROP_AUTHENTICATOR_CLASS, DefaultAuthenticator.class.getName());
            registry.put(SecurityConstants.DEFAULT_AUTHENTICATOR_REALM, newResource3);
            registry.put(SecurityConstants.USER_STORES, registry.newCollection());
            Resource newResource4 = registry.newResource();
            newResource4.setProperty(SecurityConstants.PROP_DESCRIPTION, "The default user store");
            registry.put("/org/wso2/carbon/secmgt/user-stoers/default", newResource4);
            registry.addAssociation("/org/wso2/carbon/secmgt/user-stoers/default", SecurityConstants.DEFAULT_AUTHENTICATOR_REALM, "service-secpolicy");
        }
        if (!registry.resourceExists(SecurityConstants.USER_GROUPS)) {
            registry.put(SecurityConstants.USER_GROUPS, registry.newCollection());
            Resource newResource5 = registry.newResource();
            newResource5.addProperty(SecurityConstants.PROP_DESCRIPTION, "default admin group");
            newResource5.addProperty(SecurityConstants.PROP_USERS, SecurityConstants.ADMIN_USER);
            registry.put("/org/wso2/carbon/secmgt/user-groups/admin-group", newResource5);
            registry.addAssociation("/org/wso2/carbon/secmgt/user-groups/admin-group", "/org/wso2/carbon/secmgt/user-stoers/default", SecurityConstants.ASSOCIATION_STORE_GROUP);
        }
        if (registry.resourceExists(SecurityConstants.KEY_STORES)) {
            return;
        }
        registry.put(SecurityConstants.KEY_STORES, registry.newCollection());
        registry.put("/org/wso2/carbon/secmgt/key-stores/carbon-primary-ks", registry.newResource());
    }
}
