package org.wso2.carbon.security.config;

import java.io.File;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.xml.stream.XMLInputFactory;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axis2.AxisFault;
import org.apache.axis2.description.AxisBinding;
import org.apache.axis2.description.AxisEndpoint;
import org.apache.axis2.description.AxisModule;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.neethi.PolicyReference;
import org.apache.rampart.policy.RampartPolicyBuilder;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.model.CryptoConfig;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.wso2.carbon.core.RegistryResources;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.core.util.KeyStoreUtil;
import org.wso2.carbon.registry.core.Association;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.jdbc.utils.Transaction;
import org.wso2.carbon.security.SecurityConfigException;
import org.wso2.carbon.security.SecurityConstants;
import org.wso2.carbon.security.SecurityScenario;
import org.wso2.carbon.security.SecurityScenarioDatabase;
import org.wso2.carbon.security.SecurityServiceHolder;
import org.wso2.carbon.security.config.service.SecurityConfigData;
import org.wso2.carbon.security.config.service.SecurityScenarioData;
import org.wso2.carbon.security.util.RahasUtil;
import org.wso2.carbon.security.util.SecurityTokenStore;
import org.wso2.carbon.security.util.ServerCrypto;
import org.wso2.carbon.security.util.ServicePasswordCallbackHandler;
import org.wso2.carbon.user.core.AccessControlAdmin;
import org.wso2.carbon.utils.ServerConfiguration;
import org.wso2.carbon.utils.ServerException;

/* loaded from: input_file:org/wso2/carbon/security/config/SecurityConfigAdmin.class */
public class SecurityConfigAdmin {
    private static Log log = LogFactory.getLog(SecurityConfigAdmin.class);
    private Registry registry;
    public static final String WS_SEC_UTILITY_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
    public static final String USER = "rampart.config.user";
    protected AxisConfiguration axisConfig;

    public SecurityConfigAdmin(AxisConfiguration axisConfiguration) {
        this.registry = null;
        this.axisConfig = null;
        this.axisConfig = axisConfiguration;
        this.registry = (Registry) this.axisConfig.getParameterValue("WSO2Registry");
    }

    public SecurityConfigAdmin(AxisConfiguration axisConfiguration, Registry registry) {
        this.registry = null;
        this.axisConfig = null;
        this.axisConfig = axisConfiguration;
        this.registry = registry;
    }

    public SecurityScenarioData getSecurityScenario(String str) throws SecurityConfigException {
        SecurityScenarioData securityScenarioData = null;
        SecurityScenario securityScenario = SecurityScenarioDatabase.get(str);
        if (securityScenario != null) {
            securityScenarioData = new SecurityScenarioData();
            securityScenarioData.setCategory(securityScenario.getCategory());
            securityScenarioData.setDescription(securityScenario.getDescription());
            securityScenarioData.setScenarioId(securityScenario.getScenarioId());
            securityScenarioData.setSummary(securityScenario.getSummary());
        }
        return securityScenarioData;
    }

    public SecurityScenarioData getCurrentScenario(String str) throws SecurityConfigException {
        try {
            SecurityScenarioData securityScenarioData = null;
            AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
            if (serviceForActivation == null) {
                throw new SecurityConfigException("AxisService is Null");
            }
            if (!this.registry.resourceExists((RegistryResources.SERVICE_GROUPS + serviceForActivation.getAxisServiceGroup().getServiceGroupName() + "/services/" + str) + "/policies/")) {
                return null;
            }
            SecurityScenario readCurrentScenario = readCurrentScenario(str);
            if (readCurrentScenario != null) {
                securityScenarioData = new SecurityScenarioData();
                securityScenarioData.setCategory(readCurrentScenario.getCategory());
                securityScenarioData.setDescription(readCurrentScenario.getDescription());
                securityScenarioData.setScenarioId(readCurrentScenario.getScenarioId());
                securityScenarioData.setSummary(readCurrentScenario.getSummary());
            }
            return securityScenarioData;
        } catch (RegistryException e) {
            throw new SecurityConfigException("readingSecurity");
        }
    }

    public String[] getRequiredModules(String str, String str2) throws Exception {
        SecurityScenarioData currentScenario = getCurrentScenario(str);
        if (currentScenario == null) {
            return null;
        }
        SecurityScenario securityScenario = SecurityScenarioDatabase.get(currentScenario.getScenarioId());
        return (String[]) securityScenario.modules.toArray(new String[securityScenario.modules.size()]);
    }

    public void disableSecurityOnService(String str) throws SecurityConfigException {
        SecurityScenario readCurrentScenario;
        try {
            AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
            if (serviceForActivation == null) {
                throw new SecurityConfigException("AxisService is Null");
            }
            String servicePath = getServicePath(serviceForActivation);
            String str2 = servicePath + "/policies/";
            log.debug("Removing " + str2);
            if (this.registry.resourceExists(str2) && (readCurrentScenario = readCurrentScenario(str)) != null) {
                for (String str3 : (String[]) readCurrentScenario.getModules().toArray(new String[readCurrentScenario.getModules().size()])) {
                    serviceForActivation.disengageModule(serviceForActivation.getAxisConfiguration().getModule(str3));
                    this.registry.removeAssociation(servicePath, RegistryResources.MODULES + str3, "engaged.modules");
                }
                new SecurityServiceAdmin(this.axisConfig).removeSecurityPolicyFromAllBindings(serviceForActivation, readCurrentScenario.getWsuId());
                String scenarioId = readCurrentScenario.getScenarioId();
                String str4 = SecurityConstants.SECURITY_POLICY + "/" + scenarioId;
                boolean isStarted = Transaction.isStarted();
                if (!isStarted) {
                    try {
                        this.registry.beginTransaction();
                    } catch (RegistryException e) {
                        if (!isStarted) {
                            this.registry.rollbackTransaction();
                        }
                        log.error("Unable to remove persisted data.");
                        throw new AxisFault("Unable to remove persisted data.", e);
                    }
                }
                this.registry.removeAssociation(str4, servicePath, "service-secpolicy");
                AccessControlAdmin accessControlAdmin = SecurityServiceHolder.getDelegatingUserRealm().getAccessControlAdmin();
                for (String str5 : accessControlAdmin.getAllowedRolesForResource(servicePath, "invoke-service")) {
                    accessControlAdmin.clearRoleAuthorization(str5, servicePath, "invoke-service");
                }
                for (Association association : this.registry.getAssociations(servicePath, SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE)) {
                    this.registry.removeAssociation(servicePath, association.getDestinationPath(), SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE);
                }
                for (Association association2 : this.registry.getAssociations(servicePath, SecurityConstants.ASSOCIATION_TRUSTED_KEYSTORE)) {
                    this.registry.removeAssociation(servicePath, association2.getDestinationPath(), SecurityConstants.ASSOCIATION_TRUSTED_KEYSTORE);
                }
                if (!isStarted) {
                    this.registry.commitTransaction();
                }
                Parameter parameter = new Parameter();
                parameter.setName("passwordCallbackRef");
                serviceForActivation.removeParameter(parameter);
                Parameter parameter2 = new Parameter();
                parameter2.setName("disableREST");
                serviceForActivation.removeParameter(parameter2);
                if (isHttpsTransportOnly(loadPolicy(scenarioId))) {
                    boolean isStarted2 = Transaction.isStarted();
                    if (!isStarted2) {
                        try {
                            this.registry.beginTransaction();
                        } catch (RegistryException e2) {
                            if (!isStarted2) {
                                this.registry.rollbackTransaction();
                            }
                            String str6 = "Service with name " + str + " not found.";
                            log.error(str6);
                            throw new AxisFault(str6, e2);
                        }
                    }
                    Resource resource = this.registry.get(servicePath);
                    resource.removeProperty("ut.enabled");
                    List<String> allTransports = getAllTransports();
                    setServiceTransports(str, allTransports);
                    resource.setProperty("exposed.all.transports", Boolean.TRUE.toString());
                    for (String str7 : allTransports) {
                        if (!str7.endsWith(SecurityConstants.HTTPS_TRANSPORT)) {
                            this.registry.addAssociation(servicePath, RegistryResources.TRANSPORTS + str7, "exposed.transports");
                        }
                    }
                    this.registry.put(resource.getPath(), resource);
                    if (!isStarted2) {
                        this.registry.commitTransaction();
                    }
                }
            }
        } catch (SecurityConfigException e3) {
            throw e3;
        } catch (AxisFault e4) {
            e4.printStackTrace();
        } catch (Exception e5) {
            log.error(e5);
            throw new SecurityConfigException("removingPolicy", e5);
        }
    }

    public void activateUsernameTokenAuthentication(String str, String[] strArr) throws SecurityConfigException {
    }

    public void applySecurity(String str, String str2, String[] strArr, String str3, String[] strArr2) throws SecurityConfigException {
        boolean isStarted = Transaction.isStarted();
        if (!isStarted) {
            try {
                this.registry.beginTransaction();
            } catch (RegistryException e) {
                if (!isStarted) {
                    try {
                        this.registry.rollbackTransaction();
                    } catch (RegistryException e2) {
                        return;
                    }
                }
                return;
            }
        }
        disableSecurityOnService(str);
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        if (serviceForActivation == null) {
            throw new SecurityConfigException("nullService");
        }
        applyPolicy(serviceForActivation, str2, strArr, str3, strArr2);
        boolean engageModules = engageModules(str2, str, serviceForActivation);
        disableRESTCalls(str, str2);
        persistData(serviceForActivation, str2, str3, strArr, strArr2, engageModules);
        if (!isStarted) {
            this.registry.commitTransaction();
        }
    }

    protected void applyPolicy(AxisService axisService, String str, String[] strArr, String str2, String[] strArr2) throws SecurityConfigException {
        try {
            ServicePasswordCallbackHandler servicePasswordCallbackHandler = new ServicePasswordCallbackHandler(axisService.getName(), getServicePath(axisService), this.registry);
            Parameter parameter = new Parameter();
            parameter.setName("passwordCallbackRef");
            parameter.setValue(servicePasswordCallbackHandler);
            axisService.addParameter(parameter);
            Properties serverCryptoProperties = getServerCryptoProperties(str2, strArr);
            RampartConfig rampartConfig = new RampartConfig();
            populateRampartConfig(rampartConfig, serverCryptoProperties);
            Policy loadPolicy = loadPolicy(str);
            if (rampartConfig != null) {
                loadPolicy.addAssertion(rampartConfig);
            }
            if (isHttpsTransportOnly(loadPolicy)) {
                setServiceTransports(axisService.getName(), getHttpsTransports());
                boolean isStarted = Transaction.isStarted();
                if (!isStarted) {
                    try {
                        this.registry.beginTransaction();
                    } catch (RegistryException e) {
                        if (!isStarted) {
                            this.registry.rollbackTransaction();
                        }
                        String str3 = "Service with name " + axisService.getName() + " not found.";
                        log.error(str3);
                        throw new AxisFault(str3, e);
                    }
                }
                String str4 = RegistryResources.SERVICE_GROUPS + axisService.getAxisServiceGroup().getServiceGroupName() + "/services/" + axisService.getName();
                Resource resource = this.registry.get(str4);
                resource.setProperty("exposed.all.transports", Boolean.FALSE.toString());
                resource.setProperty("ut.enabled", Boolean.TRUE.toString());
                boolean z = false;
                for (Association association : this.registry.getAssociations(str4, "exposed.transports")) {
                    String destinationPath = association.getDestinationPath();
                    if (destinationPath.endsWith(SecurityConstants.HTTPS_TRANSPORT)) {
                        z = true;
                    } else {
                        this.registry.removeAssociation(str4, destinationPath, "exposed.transports");
                    }
                }
                if (!z) {
                    this.registry.addAssociation(str4, RegistryResources.TRANSPORTS + SecurityConstants.HTTPS_TRANSPORT, "exposed.transports");
                }
                this.registry.put(resource.getPath(), resource);
                if (!isStarted) {
                    this.registry.commitTransaction();
                }
            } else {
                setServiceTransports(axisService.getName(), getAllTransports());
            }
            new SecurityServiceAdmin(this.axisConfig).addSecurityPolicyToAllBindings(axisService, loadPolicy);
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new SecurityConfigException(e2.getMessage(), e2);
        } catch (ServerException e3) {
            log.error(e3.getMessage(), e3);
            throw new SecurityConfigException(e3.getMessage(), e3);
        }
    }

    protected boolean engageModules(String str, String str2, AxisService axisService) throws SecurityConfigException {
        boolean z = false;
        SecurityScenario securityScenario = SecurityScenarioDatabase.get(str);
        String[] strArr = (String[]) securityScenario.modules.toArray(new String[securityScenario.modules.size()]);
        String str3 = RegistryResources.SERVICE_GROUPS + axisService.getAxisServiceGroup().getServiceGroupName() + "/services/" + str2;
        try {
            boolean isStarted = Transaction.isStarted();
            if (!isStarted) {
                try {
                    this.registry.beginTransaction();
                } catch (RegistryException e) {
                    if (!isStarted) {
                        this.registry.rollbackTransaction();
                    }
                    log.error("Unable to engage modules.");
                    throw new AxisFault("Unable to engage modules.", e);
                }
            }
            Association[] associations = this.registry.getAssociations(str3, "engaged.modules");
            for (String str4 : strArr) {
                AxisModule module = axisService.getAxisConfiguration().getModule(str4);
                String str5 = RegistryResources.MODULES + str4 + "/" + module.getVersion();
                boolean z2 = false;
                int length = associations.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (associations[i].getDestinationPath().equals(str5)) {
                        z2 = true;
                        break;
                    }
                    i++;
                }
                if (!z2) {
                    this.registry.addAssociation(str3, str5, "engaged.modules");
                }
                axisService.disengageModule(module);
                axisService.engageModule(module);
                if (str4.equalsIgnoreCase("rahas")) {
                    z = true;
                }
            }
            if (!isStarted) {
                this.registry.commitTransaction();
            }
            return z;
        } catch (AxisFault e2) {
            log.error(e2);
            throw new SecurityConfigException(e2.getMessage(), e2);
        } catch (RegistryException e3) {
            log.error(e3);
            throw new SecurityConfigException(e3.getMessage(), e3);
        }
    }

    protected void disableRESTCalls(String str, String str2) throws SecurityConfigException {
        if (str2.equals(SecurityConstants.USERNAME_TOKEN_SCENARIO_ID)) {
            return;
        }
        try {
            AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
            if (serviceForActivation == null) {
                throw new SecurityConfigException("nullService");
            }
            Parameter parameter = new Parameter();
            parameter.setName("disableREST");
            parameter.setValue(Boolean.TRUE.toString());
            serviceForActivation.addParameter(parameter);
        } catch (AxisFault e) {
            log.error(e);
            throw new SecurityConfigException("disablingREST", e);
        }
    }

    protected void persistData(AxisService axisService, String str, String str2, String[] strArr, String[] strArr2, boolean z) throws SecurityConfigException {
        try {
            String str3 = RegistryResources.SERVICE_GROUPS + axisService.getAxisServiceGroup().getServiceGroupName() + "/services/" + axisService.getName();
            String str4 = SecurityConstants.SECURITY_POLICY + "/" + str;
            if (str2 != null) {
                String str5 = SecurityConstants.KEY_STORES + "/" + str2;
                if (this.registry.resourceExists(str5)) {
                    this.registry.addAssociation(str3, str5, SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE);
                } else {
                    if (!KeyStoreUtil.isPrimaryStore(str2)) {
                        throw new SecurityConfigException("Missing key store " + str2);
                    }
                    this.registry.addAssociation(str3, RegistryResources.SecurityManagement.PRIMARY_KEYSTORE_PHANTOM_RESOURCE, SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE);
                }
            }
            if (strArr != null) {
                for (String str6 : strArr) {
                    String str7 = SecurityConstants.KEY_STORES + "/" + str6;
                    if (this.registry.resourceExists(str7)) {
                        this.registry.addAssociation(str3, str7, SecurityConstants.ASSOCIATION_TRUSTED_KEYSTORE);
                    } else {
                        if (!KeyStoreUtil.isPrimaryStore(str6)) {
                            throw new SecurityConfigException("Missing key store" + str6);
                        }
                        this.registry.addAssociation(str3, RegistryResources.SecurityManagement.PRIMARY_KEYSTORE_PHANTOM_RESOURCE, SecurityConstants.ASSOCIATION_TRUSTED_KEYSTORE);
                    }
                }
            } else {
                String[] strArr3 = new String[0];
            }
            if (strArr2 != null) {
                AccessControlAdmin accessControlAdmin = SecurityServiceHolder.getDelegatingUserRealm().getAccessControlAdmin();
                for (String str8 : strArr2) {
                    accessControlAdmin.authorizeRole(str8, str3, "invoke-service");
                }
            }
            if (z) {
                setRahasParameters(axisService, str2);
            } else {
                removeRahasParameters(axisService);
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new SecurityConfigException(e.getMessage(), e);
        }
    }

    public Policy loadPolicy(String str) throws SecurityConfigException {
        try {
            return PolicyEngine.getPolicy(new StAXOMBuilder(XMLInputFactory.newInstance().createXMLStreamReader(this.registry.get(SecurityConstants.SECURITY_POLICY + "/" + str).getContentStream())).getDocumentElement());
        } catch (Exception e) {
            log.error(e);
            throw new SecurityConfigException("loadingPolicy", e);
        }
    }

    public void populateRampartConfig(RampartConfig rampartConfig, Properties properties) throws SecurityConfigException {
        if (rampartConfig != null) {
            if (!properties.isEmpty()) {
                CryptoConfig cryptoConfig = new CryptoConfig();
                cryptoConfig.setProvider(ServerCrypto.class.getName());
                cryptoConfig.setProp(properties);
                rampartConfig.setEncrCryptoConfig(cryptoConfig);
                CryptoConfig cryptoConfig2 = new CryptoConfig();
                cryptoConfig2.setProvider(ServerCrypto.class.getName());
                cryptoConfig2.setProp(properties);
                rampartConfig.setSigCryptoConfig(cryptoConfig2);
            }
            rampartConfig.setEncryptionUser("useReqSigCert");
            rampartConfig.setUser(properties.getProperty("rampart.config.user"));
            rampartConfig.setTimestampTTL(Integer.toString(300));
            rampartConfig.setTimestampMaxSkew(Integer.toString(300));
            rampartConfig.setTokenStoreClass(SecurityTokenStore.class.getName());
        }
    }

    public Properties getServerCryptoProperties(String str, String[] strArr) throws Exception {
        Properties properties = new Properties();
        ServerConfiguration.getInstance();
        if (strArr != null) {
            StringBuffer stringBuffer = new StringBuffer();
            for (String str2 : strArr) {
                stringBuffer.append(str2).append(",");
            }
            if (strArr.length != 0) {
                properties.setProperty(ServerCrypto.PROP_ID_TRUST_STORES, stringBuffer.toString());
            }
        }
        if (str != null) {
            properties.setProperty(ServerCrypto.PROP_ID_PRIVATE_STORE, str);
            String privateKeyAlias = KeyStoreUtil.getPrivateKeyAlias(KeyStoreManager.getInstance().getKeyStore(str));
            properties.setProperty(ServerCrypto.PROP_ID_DEFAULT_ALIAS, privateKeyAlias);
            properties.setProperty("rampart.config.user", privateKeyAlias);
        }
        return properties;
    }

    public void setServiceTransports(String str, List<String> list) throws SecurityConfigException, AxisFault {
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        if (serviceForActivation == null) {
            throw new SecurityConfigException("nullService");
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < list.size(); i++) {
            arrayList.add(list.get(i));
        }
        serviceForActivation.setExposedTransports(arrayList);
        if (log.isDebugEnabled()) {
            log.debug("Successfully add selected transport bindings to service " + str);
        }
    }

    public boolean isHttpsTransportOnly(Policy policy) throws SecurityConfigException {
        boolean z = false;
        try {
            Iterator alternatives = policy.getAlternatives();
            if (alternatives.hasNext()) {
                RampartPolicyData build = RampartPolicyBuilder.build((List) alternatives.next());
                if (build.isTransportBinding()) {
                    z = true;
                } else if (build.isSymmetricBinding()) {
                    SecureConversationToken encryptionToken = build.getEncryptionToken();
                    if (encryptionToken instanceof SecureConversationToken) {
                        Iterator alternatives2 = encryptionToken.getBootstrapPolicy().getAlternatives();
                        if (alternatives2.hasNext()) {
                        }
                        z = RampartPolicyBuilder.build((List) alternatives2.next()).isTransportBinding();
                    }
                }
            }
            return z;
        } catch (WSSPolicyException e) {
            log.error(e);
            throw new SecurityConfigException(e.getMessage(), e);
        }
    }

    public List<String> getHttpsTransports() {
        ArrayList arrayList = new ArrayList();
        for (String str : this.axisConfig.getTransportsIn().keySet()) {
            if (str.toLowerCase().indexOf(SecurityConstants.HTTPS_TRANSPORT) != -1) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    public List<String> getAllTransports() {
        ArrayList arrayList = new ArrayList();
        Iterator it = this.axisConfig.getTransportsIn().keySet().iterator();
        while (it.hasNext()) {
            arrayList.add((String) it.next());
        }
        return arrayList;
    }

    public SecurityConfigData getSecurityConfigData(String str, String str2) throws SecurityConfigException {
        SecurityConfigData securityConfigData = null;
        try {
            SecurityScenario readCurrentScenario = readCurrentScenario(str);
            if (str2 == null || readCurrentScenario == null) {
                return null;
            }
            if (!readCurrentScenario.getScenarioId().equals(str2)) {
                return null;
            }
            securityConfigData = new SecurityConfigData();
            String str3 = RegistryResources.SERVICE_GROUPS + this.axisConfig.getServiceForActivation(str).getAxisServiceGroup().getServiceGroupName() + "/services/" + str;
            securityConfigData.setUserGroups(SecurityServiceHolder.getDelegatingUserRealm().getAccessControlAdmin().getAllowedRolesForResource(str3, "invoke-service"));
            Association[] associations = this.registry.getAssociations(str3, SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE);
            if (associations.length > 0) {
                String destinationPath = associations[0].getDestinationPath();
                if (destinationPath.equals(RegistryResources.SecurityManagement.PRIMARY_KEYSTORE_PHANTOM_RESOURCE)) {
                    securityConfigData.setPrivateStore(KeyStoreUtil.getKeyStoreFileName(new File(ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location")).getAbsolutePath()));
                } else {
                    securityConfigData.setPrivateStore(destinationPath.substring(destinationPath.lastIndexOf("/") + 1));
                }
            }
            Association[] associations2 = this.registry.getAssociations(str3, SecurityConstants.ASSOCIATION_TRUSTED_KEYSTORE);
            String[] strArr = new String[associations2.length];
            for (int i = 0; i < associations2.length; i++) {
                String destinationPath2 = associations2[i].getDestinationPath();
                if (destinationPath2.equals(RegistryResources.SecurityManagement.PRIMARY_KEYSTORE_PHANTOM_RESOURCE)) {
                    strArr[i] = KeyStoreUtil.getKeyStoreFileName(new File(ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location")).getAbsolutePath());
                } else {
                    strArr[i] = destinationPath2.substring(destinationPath2.lastIndexOf("/") + 1);
                }
            }
            securityConfigData.setTrustedKeyStores(strArr);
            return securityConfigData;
        } catch (Exception e) {
            e.printStackTrace();
            return securityConfigData;
        } catch (AxisFault e2) {
            e2.printStackTrace();
            return securityConfigData;
        } catch (RegistryException e3) {
            e3.printStackTrace();
            return securityConfigData;
        }
    }

    public SecurityScenario readCurrentScenario(String str) throws SecurityConfigException {
        SecurityScenario securityScenario = null;
        try {
            AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
            if (serviceForActivation == null) {
                throw new SecurityConfigException("AxisService is Null");
            }
            if (!this.registry.resourceExists((RegistryResources.SERVICE_GROUPS + serviceForActivation.getAxisServiceGroup().getServiceGroupName() + "/services/" + str) + "/policies/")) {
                return null;
            }
            Iterator it = serviceForActivation.getEndpoints().entrySet().iterator();
            while (it.hasNext()) {
                securityScenario = null;
                AxisBinding binding = ((AxisEndpoint) ((Map.Entry) it.next()).getValue()).getBinding();
                String str2 = "";
                for (Policy policy : binding.getPolicySubject().getAttachedPolicyComponents()) {
                    if (policy instanceof Policy) {
                        str2 = policy.getId();
                    } else if (policy instanceof PolicyReference) {
                        str2 = ((PolicyReference) policy).getURI().substring(1);
                    }
                    securityScenario = SecurityScenarioDatabase.getByWsuId(str2);
                }
                if (securityScenario == null && !binding.getName().getLocalPart().contains("HttpBinding")) {
                    break;
                }
            }
            return securityScenario;
        } catch (Exception e) {
            throw new SecurityConfigException("readingSecurity", e);
        }
    }

    private void setRahasParameters(AxisService axisService, String str) throws RegistryException, AxisFault {
        Properties properties = new Properties();
        String name = axisService.getName();
        String str2 = RegistryResources.SERVICE_GROUPS + axisService.getAxisServiceGroup().getServiceGroupName() + "/services/" + name;
        Resource resource = this.registry.get(str2);
        Association[] associations = this.registry.getAssociations(str2, SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE);
        Association[] associations2 = this.registry.getAssociations(str2, SecurityConstants.ASSOCIATION_TRUSTED_KEYSTORE);
        if (associations != null && associations.length > 0) {
            String firstProperty = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.KeyAlias");
            properties.setProperty(ServerCrypto.PROP_ID_PRIVATE_STORE, str);
            properties.setProperty(ServerCrypto.PROP_ID_DEFAULT_ALIAS, firstProperty);
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (Association association : associations2) {
            String destinationPath = association.getDestinationPath();
            stringBuffer.append(destinationPath.substring(destinationPath.lastIndexOf("/"))).append(",");
        }
        properties.setProperty(ServerCrypto.PROP_ID_TRUST_STORES, stringBuffer.toString());
        try {
            setServiceParameterElement(name, RahasUtil.getSCTIssuerConfigParameter(ServerCrypto.class.getName(), properties, -1, null, true, true));
            setServiceParameterElement(name, RahasUtil.getTokenCancelerConfigParameter());
            resource.setProperty(SecurityConstants.PROP_RAHAS_SCT_ISSUER, "true");
            this.registry.put(str2, resource);
        } catch (Exception e) {
            throw new AxisFault("Could not configure Rahas parameters", e);
        }
    }

    private void removeRahasParameters(AxisService axisService) throws AxisFault {
        String str = RegistryResources.SERVICE_GROUPS + axisService.getAxisServiceGroup().getServiceGroupName() + "/services/" + axisService.getName();
        try {
            if (this.registry.resourceExists(str)) {
                Resource resource = this.registry.get(str);
                if (resource.getProperty(SecurityConstants.PROP_RAHAS_SCT_ISSUER) != null) {
                    resource.removeProperty(SecurityConstants.PROP_RAHAS_SCT_ISSUER);
                    this.registry.put(str, resource);
                }
            }
        } catch (Exception e) {
            throw new AxisFault("Could not configure Rahas parameters", e);
        }
    }

    private String getServicePath(AxisService axisService) {
        return RegistryResources.SERVICE_GROUPS + axisService.getAxisServiceGroup().getServiceGroupName() + "/services/" + axisService.getName();
    }

    private void setServiceParameterElement(String str, Parameter parameter) throws AxisFault {
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        if (serviceForActivation == null) {
            throw new AxisFault("Invalid service name '" + str + "'");
        }
        Parameter parameter2 = serviceForActivation.getParameter(parameter.getName());
        if (parameter2 == null) {
            serviceForActivation.addParameter(parameter);
        } else {
            if (parameter2.isLocked()) {
                return;
            }
            serviceForActivation.addParameter(parameter);
        }
    }
}
