package org.wso2.carbon.security.deployment;

import java.util.ArrayList;
import java.util.Dictionary;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.AxisFault;
import org.apache.axis2.description.AxisModule;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.AxisServiceGroup;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.axis2.engine.AxisEvent;
import org.apache.axis2.engine.AxisObserver;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.neethi.PolicyReference;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.persistence.PersistenceFactory;
import org.wso2.carbon.core.persistence.PersistenceUtils;
import org.wso2.carbon.core.persistence.file.ModuleFilePersistenceManager;
import org.wso2.carbon.core.persistence.file.ServiceGroupFilePersistenceManager;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.ResourceImpl;
import org.wso2.carbon.registry.core.jdbc.utils.Transaction;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.security.SecurityConstants;
import org.wso2.carbon.security.SecurityScenario;
import org.wso2.carbon.security.SecurityScenarioDatabase;
import org.wso2.carbon.security.SecurityServiceHolder;
import org.wso2.carbon.security.util.RahasUtil;
import org.wso2.carbon.security.util.ServerCrypto;
import org.wso2.carbon.security.util.ServicePasswordCallbackHandler;
import org.wso2.carbon.security.util.XmlConfiguration;
import org.wso2.carbon.user.core.AuthorizationManager;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.Axis2ConfigurationContextObserver;
import org.wso2.carbon.utils.PreAxisConfigurationPopulationObserver;

/* loaded from: input_file:org/wso2/carbon/security/deployment/SecurityDeploymentInterceptor.class */
public class SecurityDeploymentInterceptor implements AxisObserver {
    private static final Log log = LogFactory.getLog(SecurityDeploymentInterceptor.class);
    private PersistenceFactory persistenceFactory;
    private ServiceGroupFilePersistenceManager serviceGroupFilePM;
    private ModuleFilePersistenceManager moduleFilePM;

    protected void activate(ComponentContext componentContext) {
        BundleContext bundleContext = componentContext.getBundleContext();
        try {
            loadSecurityScenarios(SecurityServiceHolder.getRegistryService().getConfigSystemRegistry(), bundleContext);
            try {
                addKeystores();
                Properties properties = new Properties();
                properties.put("org.apache.axis2.osgi.config.service", AxisObserver.class.getName());
                bundleContext.registerService(AxisObserver.class.getName(), this, properties);
                bundleContext.registerService(PreAxisConfigurationPopulationObserver.class.getName(), new PreAxisConfigurationPopulationObserver() { // from class: org.wso2.carbon.security.deployment.SecurityDeploymentInterceptor.1
                    public void createdAxisConfiguration(AxisConfiguration axisConfiguration) {
                        SecurityDeploymentInterceptor.this.init(axisConfiguration);
                        axisConfiguration.addObservers(SecurityDeploymentInterceptor.this);
                    }
                }, (Dictionary) null);
                Properties properties2 = new Properties();
                properties2.put("org.apache.axis2.osgi.config.service", Axis2ConfigurationContextObserver.class.getName());
                bundleContext.registerService(Axis2ConfigurationContextObserver.class.getName(), new SecurityDeploymentListener(), properties2);
            } catch (Exception e) {
                log.error("Cannot add keystores", e);
                throw new RuntimeException("Cannot add keystores", e);
            }
        } catch (Exception e2) {
            log.error("Cannot load security scenarios", e2);
            throw new RuntimeException("Cannot load security scenarios", e2);
        }
    }

    public void init(AxisConfiguration axisConfiguration) {
        try {
            this.persistenceFactory = PersistenceFactory.getInstance(axisConfiguration);
            this.serviceGroupFilePM = this.persistenceFactory.getServiceGroupFilePM();
            this.moduleFilePM = this.persistenceFactory.getModuleFilePM();
        } catch (AxisFault e) {
            log.error("Error while adding PersistenceFactory parameter to axisConfig", e);
        }
    }

    public void moduleUpdate(AxisEvent axisEvent, AxisModule axisModule) {
    }

    public void serviceGroupUpdate(AxisEvent axisEvent, AxisServiceGroup axisServiceGroup) {
    }

    public void serviceUpdate(AxisEvent axisEvent, AxisService axisService) {
        int eventType = axisEvent.getEventType();
        String serviceGroupName = axisService.getAxisServiceGroup().getServiceGroupName();
        if (eventType == 1) {
            try {
                boolean isTransactionStarted = this.serviceGroupFilePM.isTransactionStarted(serviceGroupName);
                if (!isTransactionStarted) {
                    this.serviceGroupFilePM.beginTransaction(serviceGroupName);
                }
                String str = PersistenceUtils.getResourcePath(axisService) + "/policies/policy";
                PrivilegedCarbonContext.getCurrentContext(axisService).getTenantId();
                List<OMElement> all = this.serviceGroupFilePM.getAll(serviceGroupName, str);
                SecurityScenario securityScenario = null;
                if (all == null || all.size() == 0) {
                    if (axisService.getPolicySubject() == null || axisService.getPolicySubject().getAttachedPolicyComponents() == null) {
                        if (isTransactionStarted) {
                            return;
                        }
                        this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
                        return;
                    }
                    String str2 = null;
                    for (Policy policy : axisService.getPolicySubject().getAttachedPolicyComponents()) {
                        if (policy instanceof Policy) {
                            str2 = policy.getId();
                        } else if (policy instanceof PolicyReference) {
                            str2 = ((PolicyReference) policy).getURI().substring(1);
                        }
                        if (str2 != null) {
                            securityScenario = SecurityScenarioDatabase.getByWsuId(str2);
                            if (securityScenario == null) {
                                SecurityScenario securityScenario2 = new SecurityScenario();
                                securityScenario2.setScenarioId(SecurityConstants.CUSTOM_SECURITY_SCENARIO);
                                securityScenario2.setWsuId(str2);
                                securityScenario2.setGeneralPolicy(false);
                                securityScenario2.setSummary(SecurityConstants.CUSTOM_SECURITY_SCENARIO_SUMMARY);
                                SecurityScenarioDatabase.put(str2, securityScenario2);
                                securityScenario = securityScenario2;
                            }
                        }
                    }
                } else {
                    for (OMElement oMElement : all) {
                        Policy policy2 = null;
                        try {
                            policy2 = PolicyEngine.getPolicy(oMElement.getFirstChildWithName(new QName("http://schemas.xmlsoap.org/ws/2004/09/policy", "Policy")));
                        } catch (Exception e) {
                        }
                        if (policy2 != null) {
                            String policyUUIDFromWrapperOM = PersistenceUtils.getPolicyUUIDFromWrapperOM(oMElement);
                            if (policyUUIDFromWrapperOM != null) {
                                securityScenario = SecurityScenarioDatabase.getByWsuId(policyUUIDFromWrapperOM);
                                if (securityScenario != null) {
                                    break;
                                }
                                SecurityScenario securityScenario3 = new SecurityScenario();
                                securityScenario3.setScenarioId(SecurityConstants.CUSTOM_SECURITY_SCENARIO);
                                securityScenario3.setWsuId(policyUUIDFromWrapperOM);
                                securityScenario3.setGeneralPolicy(false);
                                securityScenario3.setSummary(SecurityConstants.CUSTOM_SECURITY_SCENARIO_SUMMARY);
                                securityScenario = securityScenario3;
                                if (!"RMPolicy".equals(policyUUIDFromWrapperOM) && !"WSO2CachingPolicy".equals(policyUUIDFromWrapperOM) && !"WSO2ServiceThrottlingPolicy".equals(policyUUIDFromWrapperOM)) {
                                    SecurityScenarioDatabase.put(policyUUIDFromWrapperOM, securityScenario3);
                                }
                            } else {
                                log.error("Policy UUID is not found though a policy element exist.");
                            }
                        }
                    }
                }
                if (securityScenario != null) {
                    applySecurityParameters(axisService, securityScenario);
                }
                if (!isTransactionStarted) {
                    this.serviceGroupFilePM.commitTransaction(serviceGroupName);
                }
            } catch (Exception e2) {
                String str3 = "Cannot handle service DEPLOY event for service: " + axisService.getName();
                log.error(str3, e2);
                this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
                throw new RuntimeException(str3, e2);
            }
        }
    }

    private void loadSecurityScenarios(Registry registry, BundleContext bundleContext) throws Exception {
        OMElement[] elements = new XmlConfiguration(bundleContext.getBundle().getResource("/scenarios/scenario-config.xml").openStream(), SecurityConstants.SECURITY_NAMESPACE).getElements("//ns:Scenario");
        try {
            boolean isStarted = Transaction.isStarted();
            if (!isStarted) {
                registry.beginTransaction();
            }
            for (OMElement oMElement : elements) {
                SecurityScenario securityScenario = new SecurityScenario();
                String attributeValue = oMElement.getAttribute(SecurityConstants.ID_QN).getAttributeValue();
                securityScenario.setScenarioId(attributeValue);
                securityScenario.setSummary(oMElement.getFirstChildWithName(SecurityConstants.SUMMARY_QN).getText());
                securityScenario.setDescription(oMElement.getFirstChildWithName(SecurityConstants.DESCRIPTION_QN).getText());
                securityScenario.setCategory(oMElement.getFirstChildWithName(SecurityConstants.CATEGORY_QN).getText());
                securityScenario.setWsuId(oMElement.getFirstChildWithName(SecurityConstants.WSUID_QN).getText());
                securityScenario.setType(oMElement.getFirstChildWithName(SecurityConstants.TYPE_QN).getText());
                String str = "/repository/components/org.wso2.carbon.security.mgt/policy/" + attributeValue;
                Iterator childElements = oMElement.getFirstChildWithName(SecurityConstants.MODULES_QN).getChildElements();
                while (childElements.hasNext()) {
                    securityScenario.addModule(((OMElement) childElements.next()).getText());
                }
                SecurityScenarioDatabase.put(attributeValue, securityScenario);
                if (!attributeValue.equals(SecurityConstants.SCENARIO_DISABLE_SECURITY) && !attributeValue.equals(SecurityConstants.POLICY_FROM_REG_SCENARIO)) {
                    ResourceImpl resourceImpl = new ResourceImpl();
                    resourceImpl.setContentStream(bundleContext.getBundle().getResource("scenarios/" + attributeValue + "-policy.xml").openStream());
                    resourceImpl.setMediaType("application/policy+xml");
                    if (!registry.resourceExists(str)) {
                        registry.put(str, resourceImpl);
                    }
                    SecurityServiceHolder.addPolicyResource(str, resourceImpl);
                }
            }
            if (!isStarted) {
                registry.commitTransaction();
            }
        } catch (Exception e) {
            registry.rollbackTransaction();
            throw e;
        }
    }

    private void addKeystores() throws Exception {
        UserRegistry governanceSystemRegistry = SecurityServiceHolder.getRegistryService().getGovernanceSystemRegistry();
        try {
            boolean isStarted = Transaction.isStarted();
            if (!isStarted) {
                governanceSystemRegistry.beginTransaction();
            }
            if (!governanceSystemRegistry.resourceExists(SecurityConstants.KEY_STORES)) {
                governanceSystemRegistry.put(SecurityConstants.KEY_STORES, governanceSystemRegistry.newCollection());
                Resource newResource = governanceSystemRegistry.newResource();
                if (!governanceSystemRegistry.resourceExists("/repository/security/key-stores/carbon-primary-ks")) {
                    governanceSystemRegistry.put("/repository/security/key-stores/carbon-primary-ks", newResource);
                }
            }
            if (!isStarted) {
                governanceSystemRegistry.commitTransaction();
            }
        } catch (Exception e) {
            governanceSystemRegistry.rollbackTransaction();
            throw e;
        }
    }

    private void applySecurityParameters(AxisService axisService, SecurityScenario securityScenario) {
        try {
            String serviceGroupName = axisService.getAxisServiceGroup().getServiceGroupName();
            String name = axisService.getName();
            ServiceGroupFilePersistenceManager serviceGroupFilePM = this.persistenceFactory.getServiceGroupFilePM();
            int tenantId = PrivilegedCarbonContext.getCurrentContext(axisService).getTenantId();
            String str = "/repository/axis2/service-groups/" + axisService.getAxisServiceGroup().getServiceGroupName() + "/services/" + name;
            String str2 = "/service" + PersistenceUtils.getXPathAttrPredicate("name", name);
            UserRealm userRealm = SecurityServiceHolder.getRegistryService().getUserRealm(tenantId);
            ServicePasswordCallbackHandler servicePasswordCallbackHandler = new ServicePasswordCallbackHandler(this.persistenceFactory, serviceGroupName, name, str2, str, SecurityServiceHolder.getRegistryService().getGovernanceSystemRegistry(tenantId), userRealm);
            Parameter parameter = new Parameter();
            parameter.setName("passwordCallbackRef");
            parameter.setValue(servicePasswordCallbackHandler);
            axisService.addParameter(parameter);
            if (!SecurityConstants.USERNAME_TOKEN_SCENARIO_ID.equals(securityScenario.getScenarioId())) {
                Parameter parameter2 = new Parameter();
                parameter2.setName("disableREST");
                parameter2.setValue(Boolean.TRUE.toString());
                axisService.addParameter(parameter2);
            }
            Parameter parameter3 = axisService.getParameter("allowRoles");
            if (parameter3 != null && parameter3.getValue() != null) {
                AuthorizationManager authorizationManager = userRealm.getAuthorizationManager();
                String str3 = serviceGroupName + "/" + name;
                String[] allowedRolesForResource = authorizationManager.getAllowedRolesForResource(str3, "invoke-service");
                if (allowedRolesForResource != null) {
                    for (String str4 : allowedRolesForResource) {
                        authorizationManager.clearRoleAuthorization(str4, str3, "invoke-service");
                    }
                }
                String[] split = ((String) parameter3.getValue()).split(",");
                if (split != null) {
                    for (String str5 : split) {
                        userRealm.getAuthorizationManager().authorizeRole(str5, str3, "invoke-service");
                    }
                }
            }
            OMElement oMElement = serviceGroupFilePM.get(serviceGroupName, str2);
            if (oMElement != null && oMElement.getAttributeValue(new QName(SecurityConstants.PROP_RAHAS_SCT_ISSUER)) != null) {
                Object[] array = serviceGroupFilePM.getAll(serviceGroupName, "/service" + PersistenceUtils.getXPathAttrPredicate("name", name) + "/association" + PersistenceUtils.getXPathAttrPredicate(SecurityConstants.PROP_TYPE, SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE)).toArray();
                Properties properties = new Properties();
                if (array == null || array.length <= 0) {
                    throw new Exception("Cannot start Rahas");
                }
                ServerConfiguration serverConfiguration = ServerConfiguration.getInstance();
                String firstProperty = serverConfiguration.getFirstProperty("Security.KeyStore.Location");
                String firstProperty2 = serverConfiguration.getFirstProperty("Security.KeyStore.KeyAlias");
                properties.setProperty(ServerCrypto.PROP_ID_PRIVATE_STORE, firstProperty.substring(firstProperty.lastIndexOf("/") + 1));
                properties.setProperty(ServerCrypto.PROP_ID_DEFAULT_ALIAS, firstProperty2);
                axisService.addParameter(RahasUtil.getSCTIssuerConfigParameter(ServerCrypto.class.getName(), properties, -1, null, true, true));
                axisService.addParameter(RahasUtil.getTokenCancelerConfigParameter());
            }
        } catch (Throwable th) {
            log.error("Cannot apply security parameters", th);
        }
    }

    public void addParameter(Parameter parameter) throws AxisFault {
    }

    public void deserializeParameters(OMElement oMElement) throws AxisFault {
    }

    public Parameter getParameter(String str) {
        return null;
    }

    public ArrayList getParameters() {
        return new ArrayList();
    }

    public boolean isParameterLocked(String str) {
        return false;
    }

    public void removeParameter(Parameter parameter) throws AxisFault {
    }

    protected void setRegistryService(RegistryService registryService) {
        SecurityServiceHolder.setRegistryService(registryService);
    }

    protected void setRealmService(RealmService realmService) {
        SecurityServiceHolder.setRealmService(realmService);
    }

    protected void unsetRealmService(RealmService realmService) {
        SecurityServiceHolder.setRealmService(null);
    }

    protected void unsetRegistryService(RegistryService registryService) {
        SecurityServiceHolder.setRegistryService(registryService);
    }
}
