package org.wso2.carbon.security.deployment;

import java.util.ArrayList;
import java.util.Properties;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.AxisFault;
import org.apache.axis2.description.AxisModule;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.AxisServiceGroup;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.axis2.engine.AxisEvent;
import org.apache.axis2.engine.AxisObserver;
import org.wso2.carbon.core.RegistryResources;
import org.wso2.carbon.registry.core.Association;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.security.SecurityConstants;
import org.wso2.carbon.security.SecurityScenario;
import org.wso2.carbon.security.SecurityScenarioDatabase;
import org.wso2.carbon.security.SecurityServiceTrackers;
import org.wso2.carbon.security.util.RahasUtil;
import org.wso2.carbon.security.util.ServerCrypto;
import org.wso2.carbon.security.util.ServicePasswordCallbackHandler;
import org.wso2.carbon.user.core.UserRealm;

/* loaded from: input_file:org/wso2/carbon/security/deployment/SecurityDeploymentInterceptor.class */
public class SecurityDeploymentInterceptor implements AxisObserver {
    private UserRealm realm;
    private Registry registry;

    public SecurityDeploymentInterceptor() {
        this.realm = null;
        this.registry = null;
    }

    public SecurityDeploymentInterceptor(UserRealm userRealm, Registry registry) {
        this.realm = null;
        this.registry = null;
        this.realm = userRealm;
        this.registry = registry;
    }

    public void init(AxisConfiguration axisConfiguration) {
        try {
            this.registry = SecurityServiceTrackers.getRegistry();
            this.realm = SecurityServiceTrackers.getDelegatingUserRealm();
        } catch (Exception e) {
            throw new RuntimeException("Realm Service or Registry Service is null");
        }
    }

    public void moduleUpdate(AxisEvent axisEvent, AxisModule axisModule) {
    }

    public void serviceGroupUpdate(AxisEvent axisEvent, AxisServiceGroup axisServiceGroup) {
    }

    public void serviceUpdate(AxisEvent axisEvent, AxisService axisService) {
        int eventType = axisEvent.getEventType();
        String name = axisService.getName();
        if (eventType == 1) {
            try {
                String str = (RegistryResources.SERVICE_GROUPS + axisService.getAxisServiceGroup().getServiceGroupName() + "/services/" + name) + "/policies/";
                if (this.registry.resourceExists(str)) {
                    SecurityScenario securityScenario = null;
                    for (String str2 : this.registry.get(str).getChildren()) {
                        securityScenario = SecurityScenarioDatabase.getByWsuId(str2.substring(str.length()));
                        if (securityScenario != null) {
                            break;
                        }
                    }
                    if (securityScenario != null) {
                        applySecurityParamters(axisService, securityScenario);
                    }
                }
            } catch (RegistryException e) {
                throw new RuntimeException("Registry exception occured: " + e.getMessage());
            }
        }
    }

    private void applySecurityParamters(AxisService axisService, SecurityScenario securityScenario) {
        try {
            String name = axisService.getName();
            String str = RegistryResources.SERVICE_GROUPS + axisService.getAxisServiceGroup().getServiceGroupName() + "/services/" + name;
            ServicePasswordCallbackHandler servicePasswordCallbackHandler = new ServicePasswordCallbackHandler(name, this.realm.getAccessControlAdmin().getAllowedRolesForResource(str, "Invoke Service"), this.registry);
            Parameter parameter = new Parameter();
            parameter.setName("passwordCallbackRef");
            parameter.setValue(servicePasswordCallbackHandler);
            axisService.addParameter(parameter);
            if (!securityScenario.getScenarioId().equals(SecurityConstants.USERNAME_TOKEN_SCENARIO_ID)) {
                Parameter parameter2 = new Parameter();
                parameter2.setName("disableREST");
                parameter2.setValue(Boolean.TRUE.toString());
                axisService.addParameter(parameter2);
            }
            if (this.registry.get(str).getProperty(SecurityConstants.PROP_RAHAS_SCT_ISSUER) != null) {
                Association[] associations = this.registry.getAssociations(str, SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE);
                this.registry.getAssociations(str, SecurityConstants.ASSOCIATION_TRUSTED_KEYSTORE);
                Properties properties = new Properties();
                if (associations == null || associations.length <= 0) {
                    throw new Exception("Cannot start Rahas");
                }
                String destinationPath = associations[0].getDestinationPath();
                properties.setProperty(ServerCrypto.PROP_ID_PRIVATE_STORE, destinationPath.substring(destinationPath.lastIndexOf("/") + 1));
                properties.setProperty(ServerCrypto.PROP_ID_DEFAULT_ALIAS, this.registry.get(destinationPath).getProperty(SecurityConstants.PROP_PRIVATE_KEY_ALIAS));
                RahasUtil.getSCTIssuerConfigParameter(ServerCrypto.class.getName(), properties, -1, null, true, true);
                RahasUtil.getTokenCancelerConfigParameter();
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public void addParameter(Parameter parameter) throws AxisFault {
    }

    public void deserializeParameters(OMElement oMElement) throws AxisFault {
    }

    public Parameter getParameter(String str) {
        return null;
    }

    public ArrayList getParameters() {
        return null;
    }

    public boolean isParameterLocked(String str) {
        return false;
    }

    public void removeParameter(Parameter parameter) throws AxisFault {
    }
}
