package org.wso2.micro.integrator.security.deployment;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.util.UUIDGenerator;
import org.apache.axis2.AxisFault;
import org.apache.axis2.description.AxisBinding;
import org.apache.axis2.description.AxisEndpoint;
import org.apache.axis2.description.AxisModule;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.AxisServiceGroup;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.axis2.engine.AxisEvent;
import org.apache.axis2.engine.AxisObserver;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyComponent;
import org.apache.neethi.PolicyReference;
import org.apache.neethi.builders.xml.XmlPrimtiveAssertion;
import org.wso2.micro.core.util.ServerException;
import org.wso2.micro.integrator.security.SecurityConfigParams;
import org.wso2.micro.integrator.security.SecurityScenario;
import org.wso2.micro.integrator.security.SecurityScenarioDatabase;
import org.wso2.micro.integrator.security.callback.AbstractPasswordCallback;
import org.wso2.micro.integrator.security.callback.DefaultPasswordCallback;
import org.wso2.micro.integrator.security.user.api.UserStoreException;
import org.wso2.micro.integrator.security.util.RahasUtil;
import org.wso2.micro.integrator.security.util.SecurityConfigParamBuilder;
import org.wso2.micro.integrator.security.util.ServerCrypto;

/* loaded from: input_file:org/wso2/micro/integrator/security/deployment/SecurityDeploymentInterceptor.class */
public class SecurityDeploymentInterceptor implements AxisObserver {
    private static final Log log = LogFactory.getLog(SecurityDeploymentInterceptor.class);
    private static final String NO_POLICY_ID = "NoPolicy";
    private static final String APPLY_POLICY_TO_BINDINGS = "applyPolicyToBindings";

    public void init(AxisConfiguration axisConfiguration) {
    }

    public void moduleUpdate(AxisEvent axisEvent, AxisModule axisModule) {
    }

    public void serviceGroupUpdate(AxisEvent axisEvent, AxisServiceGroup axisServiceGroup) {
    }

    public void serviceUpdate(AxisEvent axisEvent, AxisService axisService) {
        if (axisEvent.getEventType() == 1) {
            try {
                Policy applyPolicyToBindings = applyPolicyToBindings(axisService);
                if (applyPolicyToBindings != null) {
                    processPolicy(axisService, applyPolicyToBindings.getId(), applyPolicyToBindings);
                }
            } catch (Exception e) {
                log.error("Error while adding policies to bindings", e);
            }
            try {
                if (axisService.getPolicySubject() == null || axisService.getPolicySubject().getAttachedPolicyComponents() == null) {
                    return;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Policies found on axis service");
                }
                String str = null;
                for (Policy policy : axisService.getPolicySubject().getAttachedPolicyComponents()) {
                    if (policy instanceof Policy) {
                        str = policy.getId();
                    } else if (policy instanceof PolicyReference) {
                        str = ((PolicyReference) policy).getURI().substring(1);
                    }
                    processPolicy(axisService, str, policy);
                }
            } catch (Exception e2) {
                String str2 = "Cannot handle service DEPLOY event for service: " + axisService.getName();
                log.error(str2, e2);
                throw new RuntimeException(str2, e2);
            }
        }
    }

    private void processPolicy(AxisService axisService, String str, PolicyComponent policyComponent) throws UserStoreException, AxisFault {
        AxisConfiguration axisConfiguration = null;
        if (StringUtils.isNotEmpty(str) && NO_POLICY_ID.equalsIgnoreCase(str)) {
            if (axisService != null) {
                removePermittedRoles(axisService);
                axisConfiguration = axisService.getAxisConfiguration();
            }
            if (axisConfiguration == null) {
                throw new UserStoreException("Error in getting Axis configuration.");
            }
            axisService.disengageModule(axisConfiguration.getModule("rampart"));
            return;
        }
        if (str == null || !isSecPolicy(str)) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Policy " + str + " is identified as a security policy and trying to apply security parameters");
        }
        SecurityScenario byWsuId = SecurityScenarioDatabase.getByWsuId(str);
        if (byWsuId == null) {
            if (log.isDebugEnabled()) {
                log.debug("Policy " + str + " does not belongs to a pre-defined security scenario. So treating as a custom policy");
            }
            SecurityScenario securityScenario = new SecurityScenario();
            securityScenario.setScenarioId("customScenario");
            securityScenario.setWsuId(str);
            securityScenario.setGeneralPolicy(false);
            securityScenario.setSummary("Custom security policy");
            SecurityScenarioDatabase.put(str, securityScenario);
            byWsuId = securityScenario;
        }
        applySecurityParameters(axisService, byWsuId, (Policy) policyComponent);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v40, types: [org.wso2.micro.integrator.security.callback.AbstractPasswordCallback] */
    private void applySecurityParameters(AxisService axisService, SecurityScenario securityScenario, Policy policy) {
        DefaultPasswordCallback defaultPasswordCallback;
        try {
            SecurityConfigParams securityParams = SecurityConfigParamBuilder.getSecurityParams(getSecurityConfig(policy));
            if (securityScenario.getModules().contains("rahas")) {
                AxisModule module = axisService.getAxisConfiguration().getModule("rahas");
                if (log.isDebugEnabled()) {
                    log.debug("Enabling trust module : rahas");
                }
                axisService.disengageModule(module);
                axisService.engageModule(module);
                Properties properties = new Properties();
                properties.setProperty(ServerCrypto.PROP_ID_PRIVATE_STORE, securityParams.getPrivateStore());
                properties.setProperty(ServerCrypto.PROP_ID_DEFAULT_ALIAS, securityParams.getKeyAlias());
                if (securityParams.getTrustStores() != null) {
                    properties.setProperty(ServerCrypto.PROP_ID_TRUST_STORES, securityParams.getTrustStores());
                }
                axisService.addParameter(RahasUtil.getSCTIssuerConfigParameter(ServerCrypto.class.getName(), properties, -1, null, true, true));
                axisService.addParameter(RahasUtil.getTokenCancelerConfigParameter());
            }
            removePermittedRoles(axisService);
            String allowedRoles = securityParams.getAllowedRoles();
            Parameter parameter = axisService.getParameter("allowRoles");
            String obj = parameter == null ? null : parameter.getValue().toString();
            if (!StringUtils.isEmpty(obj)) {
                allowedRoles = StringUtils.isEmpty(allowedRoles) ? obj : allowedRoles + ',' + obj;
            }
            Parameter parameter2 = axisService.getParameter("passwordCallbackRef");
            if (parameter2 == null || !(parameter2.getValue() instanceof AbstractPasswordCallback)) {
                defaultPasswordCallback = new DefaultPasswordCallback();
                parameter2 = new Parameter();
                parameter2.setName("passwordCallbackRef");
            } else {
                defaultPasswordCallback = (AbstractPasswordCallback) parameter2.getValue();
            }
            if (allowedRoles != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Authorizing roles " + allowedRoles);
                }
                defaultPasswordCallback.setAllowedRoles(Arrays.asList(allowedRoles.split(",")));
            }
            parameter2.setValue(defaultPasswordCallback);
            axisService.addParameter(parameter2);
        } catch (Throwable th) {
            log.error("Cannot apply security parameters", th);
        }
    }

    private OMElement getSecurityConfig(Policy policy) {
        OMElement value;
        for (XmlPrimtiveAssertion xmlPrimtiveAssertion : policy.getPolicyComponents()) {
            if ((xmlPrimtiveAssertion instanceof XmlPrimtiveAssertion) && (value = xmlPrimtiveAssertion.getValue()) != null && SecurityConfigParamBuilder.SECURITY_CONFIG_QNAME.equals(value.getQName())) {
                if (log.isDebugEnabled()) {
                    log.debug("Carbon Security config found : " + value.toString());
                }
                return value;
            }
        }
        return null;
    }

    public void addParameter(Parameter parameter) throws AxisFault {
    }

    public void deserializeParameters(OMElement oMElement) throws AxisFault {
    }

    public Parameter getParameter(String str) {
        return null;
    }

    public ArrayList getParameters() {
        return new ArrayList();
    }

    public boolean isParameterLocked(String str) {
        return false;
    }

    public void removeParameter(Parameter parameter) throws AxisFault {
    }

    private boolean isSecPolicy(String str) {
        if ("RMPolicy".equals(str) || "WSO2CachingPolicy".equals(str) || "WSO2ServiceThrottlingPolicy".equals(str)) {
            return false;
        }
        if (!log.isDebugEnabled()) {
            return true;
        }
        log.debug("Policy ID : " + str + " is identified as a security policy");
        return true;
    }

    private void removePermittedRoles(AxisService axisService) throws AxisFault {
        Parameter parameter = axisService.getParameter("passwordCallbackRef");
        if (parameter == null || !(parameter.getValue() instanceof AbstractPasswordCallback)) {
            return;
        }
        AbstractPasswordCallback abstractPasswordCallback = (AbstractPasswordCallback) parameter.getValue();
        abstractPasswordCallback.removeAllowedRoles();
        parameter.setValue(abstractPasswordCallback);
        axisService.addParameter(parameter);
    }

    public void addPolicyToAllBindings(AxisService axisService, Policy policy) throws ServerException {
        try {
            if (policy.getId() == null) {
                policy.setId(UUIDGenerator.getUUID());
            }
            Iterator it = axisService.getEndpoints().entrySet().iterator();
            while (it.hasNext()) {
                AxisBinding binding = ((AxisEndpoint) ((Map.Entry) it.next()).getValue()).getBinding();
                if (!binding.getName().getLocalPart().endsWith("HttpBinding") || policy.getAttributes().containsValue("UTOverTransport")) {
                    binding.getPolicySubject().attachPolicy(policy);
                }
            }
        } catch (Exception e) {
            log.error("Error in adding security policy to all bindings", e);
            throw new ServerException("addPoliciesToService", e);
        }
    }

    private Policy applyPolicyToBindings(AxisService axisService) throws ServerException {
        Parameter parameter = axisService.getParameter(APPLY_POLICY_TO_BINDINGS);
        if (parameter == null || !"true".equalsIgnoreCase(parameter.getValue().toString()) || axisService.getPolicySubject() == null || axisService.getPolicySubject().getAttachedPolicyComponents() == null) {
            return null;
        }
        for (PolicyComponent policyComponent : axisService.getPolicySubject().getAttachedPolicyComponents()) {
            if (policyComponent instanceof Policy) {
                Policy policy = (Policy) policyComponent;
                axisService.getPolicySubject().detachPolicyComponent(policy.getId());
                addPolicyToAllBindings(axisService, policy);
                return policy;
            }
        }
        return null;
    }
}
