package org.wso2.carbon.security.deployment;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.Properties;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.AxisFault;
import org.apache.axis2.description.AxisModule;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.AxisServiceGroup;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.axis2.engine.AxisEvent;
import org.apache.axis2.engine.AxisObserver;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.core.RegistryResources;
import org.wso2.carbon.registry.core.Association;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.ResourceImpl;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.jdbc.utils.Transaction;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.security.SecurityConstants;
import org.wso2.carbon.security.SecurityScenario;
import org.wso2.carbon.security.SecurityScenarioDatabase;
import org.wso2.carbon.security.util.RahasUtil;
import org.wso2.carbon.security.util.ServerCrypto;
import org.wso2.carbon.security.util.ServicePasswordCallbackHandler;
import org.wso2.carbon.security.util.XmlConfiguration;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.utils.ServerConfiguration;

/* loaded from: input_file:org/wso2/carbon/security/deployment/SecurityDeploymentInterceptor.class */
public class SecurityDeploymentInterceptor implements AxisObserver {
    private static final Log log = LogFactory.getLog(SecurityDeploymentInterceptor.class);
    private UserRealm userRealm;
    private Registry registry;

    protected void activate(ComponentContext componentContext) {
        try {
            loadSecurityScenarios(this.registry, componentContext.getBundleContext());
            try {
                addKeystores();
                Properties properties = new Properties();
                properties.put(CarbonConstants.AXIS2_CONFIG_SERVICE, AxisObserver.class.getName());
                componentContext.getBundleContext().registerService(AxisObserver.class.getName(), this, properties);
            } catch (Exception e) {
                log.error("Cannot add keystores", e);
                throw new RuntimeException("Cannot add keystores", e);
            }
        } catch (Exception e2) {
            log.error("Cannot load security scenarios", e2);
            throw new RuntimeException("Cannot load security scenarios", e2);
        }
    }

    private void loadSecurityScenarios(Registry registry, BundleContext bundleContext) throws Exception {
        OMElement[] elements = new XmlConfiguration(bundleContext.getBundle().getResource("/scenarios/scenario-config.xml").openStream(), SecurityConstants.SECURITY_NAMESPACE).getElements("//ns:Scenario");
        boolean isStarted = Transaction.isStarted();
        if (!isStarted) {
            try {
                registry.beginTransaction();
            } catch (Exception e) {
                if (!isStarted) {
                    registry.rollbackTransaction();
                }
                throw e;
            }
        }
        for (OMElement oMElement : elements) {
            SecurityScenario securityScenario = new SecurityScenario();
            String attributeValue = oMElement.getAttribute(SecurityConstants.ID_QN).getAttributeValue();
            securityScenario.setScenarioId(attributeValue);
            securityScenario.setSummary(oMElement.getFirstChildWithName(SecurityConstants.SUMMARY_QN).getText());
            securityScenario.setDescription(oMElement.getFirstChildWithName(SecurityConstants.DESCRIPTION_QN).getText());
            securityScenario.setCategory(oMElement.getFirstChildWithName(SecurityConstants.CATEGORY_QN).getText());
            securityScenario.setWsuId(oMElement.getFirstChildWithName(SecurityConstants.WSUID_QN).getText());
            securityScenario.setType(oMElement.getFirstChildWithName(SecurityConstants.TYPE_QN).getText());
            String str = SecurityConstants.SECURITY_POLICY + "/" + attributeValue;
            Iterator childElements = oMElement.getFirstChildWithName(SecurityConstants.MODULES_QN).getChildElements();
            while (childElements.hasNext()) {
                securityScenario.addModule(((OMElement) childElements.next()).getText());
            }
            SecurityScenarioDatabase.put(attributeValue, securityScenario);
            if (!registry.resourceExists(str) && !attributeValue.equals(SecurityConstants.SCENARIO_DISABLE_SECURITY)) {
                ResourceImpl resourceImpl = new ResourceImpl();
                resourceImpl.setContentStream(bundleContext.getBundle().getResource("scenarios/" + attributeValue + "-policy.xml").openStream());
                registry.put(str, resourceImpl);
            }
        }
        if (!isStarted) {
            registry.commitTransaction();
        }
    }

    private void addKeystores() throws Exception {
        boolean isStarted = Transaction.isStarted();
        if (!isStarted) {
            try {
                this.registry.beginTransaction();
            } catch (Exception e) {
                if (!isStarted) {
                    this.registry.rollbackTransaction();
                }
                throw e;
            }
        }
        if (!this.registry.resourceExists(SecurityConstants.KEY_STORES)) {
            this.registry.put(SecurityConstants.KEY_STORES, this.registry.newCollection());
            this.registry.put(RegistryResources.SecurityManagement.PRIMARY_KEYSTORE_PHANTOM_RESOURCE, this.registry.newResource());
        }
        if (!isStarted) {
            this.registry.commitTransaction();
        }
    }

    protected void setRegistryService(RegistryService registryService) {
        try {
            this.registry = registryService.getSystemRegistry();
        } catch (RegistryException e) {
            log.error("Cannot get System registry", e);
        }
    }

    protected void unsetRegistryService(RegistryService registryService) {
        this.registry = null;
    }

    protected void setUserRealmDelegating(UserRealm userRealm) {
        this.userRealm = userRealm;
    }

    protected void unsetUserRealmDelegating(UserRealm userRealm) {
        this.userRealm = null;
    }

    public void init(AxisConfiguration axisConfiguration) {
    }

    public void moduleUpdate(AxisEvent axisEvent, AxisModule axisModule) {
    }

    public void serviceGroupUpdate(AxisEvent axisEvent, AxisServiceGroup axisServiceGroup) {
    }

    public void serviceUpdate(AxisEvent axisEvent, AxisService axisService) {
        int eventType = axisEvent.getEventType();
        String name = axisService.getName();
        if (eventType == 1) {
            try {
                String str = (RegistryResources.SERVICE_GROUPS + axisService.getAxisServiceGroup().getServiceGroupName() + "/services/" + name) + "/policies/";
                if (this.registry.resourceExists(str)) {
                    SecurityScenario securityScenario = null;
                    for (String str2 : this.registry.get(str).getChildren()) {
                        securityScenario = SecurityScenarioDatabase.getByWsuId(str2.substring(str.length()));
                        if (securityScenario != null) {
                            break;
                        }
                    }
                    if (securityScenario != null) {
                        applySecurityParameters(axisService, securityScenario);
                    }
                }
            } catch (Throwable th) {
                String str3 = "Cannot handle service DEPLOY event for service: " + axisService.getName();
                log.error(str3, th);
                throw new RuntimeException(str3, th);
            }
        }
    }

    private void applySecurityParameters(AxisService axisService, SecurityScenario securityScenario) {
        try {
            String name = axisService.getName();
            String str = RegistryResources.SERVICE_GROUPS + axisService.getAxisServiceGroup().getServiceGroupName() + "/services/" + name;
            ServicePasswordCallbackHandler servicePasswordCallbackHandler = new ServicePasswordCallbackHandler(name, this.userRealm.getAccessControlAdmin().getAllowedRolesForResource(str, "invoke-service"), this.registry);
            Parameter parameter = new Parameter();
            parameter.setName("passwordCallbackRef");
            parameter.setValue(servicePasswordCallbackHandler);
            axisService.addParameter(parameter);
            if (!securityScenario.getScenarioId().equals(SecurityConstants.USERNAME_TOKEN_SCENARIO_ID)) {
                Parameter parameter2 = new Parameter();
                parameter2.setName("disableREST");
                parameter2.setValue(Boolean.TRUE.toString());
                axisService.addParameter(parameter2);
            }
            if (this.registry.get(str).getProperty(SecurityConstants.PROP_RAHAS_SCT_ISSUER) != null) {
                Association[] associations = this.registry.getAssociations(str, SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE);
                Properties properties = new Properties();
                if (associations == null || associations.length <= 0) {
                    throw new Exception("Cannot start Rahas");
                }
                ServerConfiguration serverConfiguration = ServerConfiguration.getInstance();
                String firstProperty = serverConfiguration.getFirstProperty("Security.KeyStore.Location");
                String firstProperty2 = serverConfiguration.getFirstProperty("Security.KeyStore.KeyAlias");
                properties.setProperty(ServerCrypto.PROP_ID_PRIVATE_STORE, firstProperty.substring(firstProperty.lastIndexOf("/") + 1));
                properties.setProperty(ServerCrypto.PROP_ID_DEFAULT_ALIAS, firstProperty2);
                axisService.addParameter(RahasUtil.getSCTIssuerConfigParameter(ServerCrypto.class.getName(), properties, -1, null, true, true));
                axisService.addParameter(RahasUtil.getTokenCancelerConfigParameter());
            }
        } catch (Throwable th) {
            log.error("Cannot apply security parameters", th);
        }
    }

    public void addParameter(Parameter parameter) throws AxisFault {
    }

    public void deserializeParameters(OMElement oMElement) throws AxisFault {
    }

    public Parameter getParameter(String str) {
        return null;
    }

    public ArrayList getParameters() {
        return new ArrayList();
    }

    public boolean isParameterLocked(String str) {
        return false;
    }

    public void removeParameter(Parameter parameter) throws AxisFault {
    }
}
