package org.wso2.registry.utils;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.registry.ActionConstants;
import org.wso2.registry.RegistryConstants;
import org.wso2.registry.exceptions.RegistryException;
import org.wso2.registry.session.CurrentSession;
import org.wso2.registry.users.AccessControlAdmin;
import org.wso2.registry.users.UserRealm;
import org.wso2.registry.users.UserStoreAdmin;
import org.wso2.registry.users.UserStoreException;
import org.wso2.registry.users.UserStoreReader;
import org.wso2.registry.users.accesscontrol.AccessControlConstants;

/* loaded from: input_file:org/wso2/registry/utils/AuthorizationUtils.class */
public class AuthorizationUtils {
    public static final Log log = LogFactory.getLog(AuthorizationUtils.class);

    public static boolean authorize(String str, String str2) throws RegistryException {
        try {
            return CurrentSession.getRealm().getAuthorizer().isUserAuthorized(CurrentSession.getUser(), str, str2);
        } catch (UserStoreException e) {
            String str3 = "Could not check authorization. \nCaused by " + e.getMessage();
            log.error(str3, e);
            throw new RegistryException(str3, e);
        }
    }

    public static void copyAuthorizations(String str, String str2) throws RegistryException {
        try {
            CurrentSession.getRealm().getAccessControlAdmin().copyAuthorizations(str, str2);
        } catch (UserStoreException e) {
            log.error("Could not copy authorizations.");
            throw new RegistryException("Could not copy authorizations.");
        }
    }

    public static void setRootAuthorizations(String str, UserRealm userRealm) throws RegistryException {
        if (userRealm == null) {
            return;
        }
        try {
            AccessControlAdmin accessControlAdmin = userRealm.getAccessControlAdmin();
            accessControlAdmin.authorizeUser("system", str, ActionConstants.GET);
            accessControlAdmin.authorizeUser("system", str, ActionConstants.PUT);
            accessControlAdmin.authorizeUser("system", str, ActionConstants.DELETE);
            accessControlAdmin.authorizeUser("system", str, AccessControlConstants.AUTHORIZE);
            accessControlAdmin.authorizeUser("admin", str, ActionConstants.GET);
            accessControlAdmin.authorizeUser("admin", str, ActionConstants.PUT);
            accessControlAdmin.authorizeUser("admin", str, ActionConstants.DELETE);
            accessControlAdmin.authorizeUser("admin", str, AccessControlConstants.AUTHORIZE);
            accessControlAdmin.authorizeRole("admin", str, ActionConstants.GET);
            accessControlAdmin.authorizeRole("admin", str, ActionConstants.PUT);
            accessControlAdmin.authorizeRole("admin", str, ActionConstants.DELETE);
            accessControlAdmin.authorizeRole("admin", str, AccessControlConstants.AUTHORIZE);
            accessControlAdmin.authorizeRole(RegistryConstants.EVERYONE_ROLE, str, ActionConstants.GET);
        } catch (UserStoreException e) {
            String str2 = "Could not set authorizations for the root. \nCaused by: " + e.getMessage();
            log.error(str2, e);
            throw new RegistryException(str2);
        }
    }

    public static void populateUserStore(UserRealm userRealm) throws UserStoreException {
        if (userRealm == null) {
            return;
        }
        UserStoreReader userStoreReader = userRealm.getUserStoreReader();
        UserStoreAdmin userStoreAdmin = userRealm.getUserStoreAdmin();
        AccessControlAdmin accessControlAdmin = userRealm.getAccessControlAdmin();
        if (!userStoreReader.isExistingRole("admin")) {
            userStoreAdmin.addRole("admin");
        }
        accessControlAdmin.authorizeRole("admin", AccessControlConstants.USER_RESOURCE, AccessControlConstants.ADD);
        accessControlAdmin.authorizeRole("admin", AccessControlConstants.USER_RESOURCE, AccessControlConstants.READ);
        accessControlAdmin.authorizeRole("admin", AccessControlConstants.USER_RESOURCE, AccessControlConstants.EDIT);
        accessControlAdmin.authorizeRole("admin", AccessControlConstants.USER_RESOURCE, AccessControlConstants.DELETE);
        accessControlAdmin.authorizeRole("admin", AccessControlConstants.ROLE_RESOURCE, AccessControlConstants.ADD);
        accessControlAdmin.authorizeRole("admin", AccessControlConstants.ROLE_RESOURCE, AccessControlConstants.READ);
        accessControlAdmin.authorizeRole("admin", AccessControlConstants.ROLE_RESOURCE, AccessControlConstants.EDIT);
        accessControlAdmin.authorizeRole("admin", AccessControlConstants.ROLE_RESOURCE, AccessControlConstants.DELETE);
        accessControlAdmin.authorizeRole("admin", AccessControlConstants.USER_PERMISSION_RESOURCE, AccessControlConstants.READ);
        accessControlAdmin.authorizeRole("admin", AccessControlConstants.USER_PERMISSION_RESOURCE, AccessControlConstants.ADD);
        accessControlAdmin.authorizeRole("admin", AccessControlConstants.USER_PERMISSION_RESOURCE, AccessControlConstants.EDIT);
        accessControlAdmin.authorizeRole("admin", AccessControlConstants.USER_PERMISSION_RESOURCE, AccessControlConstants.DELETE);
        if (!userStoreReader.isExistingRole(RegistryConstants.EVERYONE_ROLE)) {
            userStoreAdmin.addRole(RegistryConstants.EVERYONE_ROLE);
        }
        accessControlAdmin.authorizeRole(RegistryConstants.EVERYONE_ROLE, AccessControlConstants.USER_RESOURCE, AccessControlConstants.READ);
        accessControlAdmin.authorizeRole(RegistryConstants.EVERYONE_ROLE, AccessControlConstants.ROLE_RESOURCE, AccessControlConstants.READ);
        accessControlAdmin.authorizeRole(RegistryConstants.EVERYONE_ROLE, AccessControlConstants.USER_PERMISSION_RESOURCE, AccessControlConstants.READ);
        if (!userStoreReader.isExistingUser("system")) {
            userStoreAdmin.addUser("system", "system");
        }
        accessControlAdmin.authorizeUser("system", AccessControlConstants.USER_RESOURCE, AccessControlConstants.ADD);
        accessControlAdmin.authorizeUser("system", AccessControlConstants.USER_RESOURCE, AccessControlConstants.READ);
        accessControlAdmin.authorizeUser("system", AccessControlConstants.USER_RESOURCE, AccessControlConstants.EDIT);
        accessControlAdmin.authorizeUser("system", AccessControlConstants.USER_RESOURCE, AccessControlConstants.DELETE);
        accessControlAdmin.authorizeUser("system", AccessControlConstants.ROLE_RESOURCE, AccessControlConstants.ADD);
        accessControlAdmin.authorizeUser("system", AccessControlConstants.ROLE_RESOURCE, AccessControlConstants.READ);
        accessControlAdmin.authorizeUser("system", AccessControlConstants.ROLE_RESOURCE, AccessControlConstants.EDIT);
        accessControlAdmin.authorizeUser("system", AccessControlConstants.ROLE_RESOURCE, AccessControlConstants.DELETE);
        accessControlAdmin.authorizeUser("system", AccessControlConstants.USER_PERMISSION_RESOURCE, AccessControlConstants.READ);
        accessControlAdmin.authorizeUser("system", AccessControlConstants.USER_PERMISSION_RESOURCE, AccessControlConstants.ADD);
        accessControlAdmin.authorizeUser("system", AccessControlConstants.USER_PERMISSION_RESOURCE, AccessControlConstants.EDIT);
        accessControlAdmin.authorizeUser("system", AccessControlConstants.USER_PERMISSION_RESOURCE, AccessControlConstants.DELETE);
        if (!userStoreReader.isExistingUser("admin")) {
            userStoreAdmin.addUser("admin", "admin");
        }
        accessControlAdmin.authorizeUser("admin", AccessControlConstants.USER_RESOURCE, AccessControlConstants.ADD);
        accessControlAdmin.authorizeUser("admin", AccessControlConstants.USER_RESOURCE, AccessControlConstants.READ);
        accessControlAdmin.authorizeUser("admin", AccessControlConstants.USER_RESOURCE, AccessControlConstants.EDIT);
        accessControlAdmin.authorizeUser("admin", AccessControlConstants.USER_RESOURCE, AccessControlConstants.DELETE);
        accessControlAdmin.authorizeUser("admin", AccessControlConstants.ROLE_RESOURCE, AccessControlConstants.ADD);
        accessControlAdmin.authorizeUser("admin", AccessControlConstants.ROLE_RESOURCE, AccessControlConstants.READ);
        accessControlAdmin.authorizeUser("admin", AccessControlConstants.ROLE_RESOURCE, AccessControlConstants.EDIT);
        accessControlAdmin.authorizeUser("admin", AccessControlConstants.ROLE_RESOURCE, AccessControlConstants.DELETE);
        accessControlAdmin.authorizeUser("admin", AccessControlConstants.USER_PERMISSION_RESOURCE, AccessControlConstants.READ);
        accessControlAdmin.authorizeUser("admin", AccessControlConstants.USER_PERMISSION_RESOURCE, AccessControlConstants.ADD);
        accessControlAdmin.authorizeUser("admin", AccessControlConstants.USER_PERMISSION_RESOURCE, AccessControlConstants.EDIT);
        accessControlAdmin.authorizeUser("admin", AccessControlConstants.USER_PERMISSION_RESOURCE, AccessControlConstants.DELETE);
        if (userStoreReader.isExistingUser(RegistryConstants.ANONYMOUS_USER)) {
            return;
        }
        userStoreAdmin.addUser(RegistryConstants.ANONYMOUS_USER, RegistryConstants.ANONYMOUS_PASSWORD);
    }
}
