package org.wso2.carbon.security.util;

import java.io.IOException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSPasswordCallback;
import org.wso2.authenticator.Authenticator;
import org.wso2.authenticator.AuthenticatorException;
import org.wso2.carbon.core.util.CryptoUtil;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.security.SecurityConfigException;
import org.wso2.carbon.security.SecurityConstants;
import org.wso2.registry.Registry;
import org.wso2.registry.Resource;
import org.wso2.registry.exceptions.RegistryException;

/* loaded from: input_file:org/wso2/carbon/security/util/ServicePasswordCallbackHandler.class */
public class ServicePasswordCallbackHandler implements CallbackHandler {
    private static final Log log = LogFactory.getLog(ServicePasswordCallbackHandler.class);
    private String serviceId;
    private Map<String, Authenticator> auths = new HashMap();
    private Registry registry;
    private String[] userGroups;

    public ServicePasswordCallbackHandler(String str, String[] strArr, Registry registry) throws RegistryException, SecurityConfigException {
        this.serviceId = null;
        this.registry = null;
        this.userGroups = null;
        this.registry = registry;
        this.serviceId = str;
        this.userGroups = strArr;
        if (strArr != null) {
            loadAuthenticators();
        }
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbackArr.length; i++) {
            if (!(callbackArr[i] instanceof WSPasswordCallback)) {
                throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
            }
            WSPasswordCallback wSPasswordCallback = (WSPasswordCallback) callbackArr[i];
            String identifer = wSPasswordCallback.getIdentifer();
            switch (wSPasswordCallback.getUsage()) {
                case 1:
                case 3:
                    String privateKeyPassword = getPrivateKeyPassword(identifer);
                    if (privateKeyPassword == null) {
                        throw new UnsupportedCallbackException(callbackArr[i], "User not available in a trusted store");
                    }
                    wSPasswordCallback.setPassword(privateKeyPassword);
                    break;
                case 2:
                case 4:
                default:
                    wSPasswordCallback.setPassword((String) null);
                    break;
                case 5:
                    String password = wSPasswordCallback.getPassword();
                    if (password != null) {
                        try {
                            if (authenticateUser(identifer, password)) {
                                break;
                            }
                        } catch (AuthenticatorException e) {
                            e.printStackTrace();
                            throw new UnsupportedCallbackException(callbackArr[i], "check failed");
                        } catch (RegistryException e2) {
                            e2.printStackTrace();
                            throw new UnsupportedCallbackException(callbackArr[i], "Check failed : System error");
                        }
                    }
                    throw new UnsupportedCallbackException(callbackArr[i], "check failed");
            }
        }
    }

    public boolean authenticateUser(String str, String str2) throws AuthenticatorException, RegistryException {
        boolean z = false;
        boolean z2 = true;
        ArrayList arrayList = new ArrayList();
        int i = 0;
        while (true) {
            if (i >= this.userGroups.length) {
                break;
            }
            String str3 = this.userGroups[i];
            Resource resource = this.registry.get("/org/wso2/carbon/secmgt/user-groups/" + str3);
            String property = resource.getProperty(SecurityConstants.PROP_USERS);
            if (property != null && property.contains(str)) {
                z = this.auths.get(str3).authenticate(str, str2);
                z2 = false;
                break;
            }
            if (resource.getProperty(SecurityConstants.PROP_SELECT_ALL) != null) {
                arrayList.add(str3);
            }
            i++;
        }
        if (z2) {
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                z = this.auths.get((String) it.next()).authenticate(str, str2);
                if (z) {
                    break;
                }
            }
        }
        return z;
    }

    private void loadAuthenticators() throws RegistryException, SecurityConfigException {
        new ArrayList();
        for (String str : this.userGroups) {
            String destinationPath = this.registry.getAssociations(this.registry.get("/org/wso2/carbon/secmgt/user-groups/" + str).getPath(), SecurityConstants.ASSOCIATION_STORE_GROUP)[0].getDestinationPath();
            Authenticator createAuthenticator = createAuthenticator(this.registry.get(destinationPath));
            destinationPath.substring(destinationPath.lastIndexOf("/") + 1);
            this.auths.put(str, createAuthenticator);
        }
    }

    public Authenticator createAuthenticator(Resource resource) throws SecurityConfigException {
        try {
            Class<?> cls = Class.forName(this.registry.get(this.registry.getAssociations(resource.getPath(), "service-secpolicy")[0].getDestinationPath()).getProperty(SecurityConstants.PROP_AUTHENTICATOR_CLASS));
            Authenticator authenticator = (Authenticator) cls.newInstance();
            Method[] methods = cls.getMethods();
            for (int i = 0; i < methods.length; i++) {
                String name = methods[i].getName();
                if (name.startsWith("set")) {
                    methods[i].invoke(authenticator, resource.getProperty(name.substring(3)));
                }
            }
            return authenticator;
        } catch (Exception e) {
            log.debug(e);
            throw new SecurityConfigException("creatingAuthenticator", e);
        }
    }

    private String getPrivateKeyPassword(String str) throws IOException {
        String str2 = null;
        try {
            KeyStoreManager keyStoreManager = KeyStoreManager.getInstance();
            if (this.registry.resourceExists(SecurityConstants.KEY_STORES)) {
                String[] children = this.registry.get(SecurityConstants.KEY_STORES).getChildren();
                int i = 0;
                while (true) {
                    if (i >= children.length) {
                        break;
                    }
                    String str3 = children[i];
                    if (str3.equals("/org/wso2/carbon/secmgt/key-stores/carbon-primary-ks")) {
                        if (keyStoreManager.getPrimaryKeyStore().containsAlias(str)) {
                            str2 = keyStoreManager.getPrimaryPrivateKeyPasssword();
                            break;
                        }
                        i++;
                    } else {
                        if (keyStoreManager.getKeyStore(str3.substring(str3.lastIndexOf("/") + 1)).containsAlias(str)) {
                            str2 = new String(CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(this.registry.get(children[i]).getProperty(SecurityConstants.PROP_PRIVATE_KEY_PASS)));
                            break;
                        }
                        i++;
                    }
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return str2;
    }
}
