package org.wso2.carbon.identity.application.mgt.listener;

import java.io.ByteArrayInputStream;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import org.apache.axis2.AxisFault;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.impl.SAMLTokenIssuerConfig;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementValidationException;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.mgt.ApplicationMgtSystemConfig;
import org.wso2.carbon.identity.application.mgt.internal.ApplicationManagementServiceComponentHolder;
import org.wso2.carbon.registry.api.RegistryException;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.security.SecurityConfigException;
import org.wso2.carbon.security.config.SecurityServiceAdmin;
import org.wso2.carbon.security.sts.service.STSAdminServiceImpl;
import org.wso2.carbon.security.sts.service.util.TrustedServiceData;

/* loaded from: input_file:org/wso2/carbon/identity/application/mgt/listener/STSApplicationMgtListener.class */
public class STSApplicationMgtListener extends AbstractApplicationMgtListener {
    private static Log log = LogFactory.getLog(STSApplicationMgtListener.class);

    @Override // org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public int getDefaultOrderId() {
        return 998;
    }

    @Override // org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener, org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public boolean doPreUpdateApplication(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        handleWsTrustAssociationRemoval(serviceProvider);
        return true;
    }

    private void handleWsTrustAssociationRemoval(ServiceProvider serviceProvider) throws IdentityApplicationManagementException {
        int applicationID = serviceProvider.getApplicationID();
        InboundAuthenticationRequestConfig wsTrustInbound = getWsTrustInbound(ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getApplication(applicationID));
        if (isAssociationRemoved(wsTrustInbound, getWsTrustInbound(serviceProvider))) {
            String inboundAuthKey = wsTrustInbound.getInboundAuthKey();
            try {
                new STSAdminServiceImpl().removeTrustedService(inboundAuthKey);
            } catch (SecurityConfigException e) {
                throw new IdentityApplicationManagementException(String.format("Error removing wsTrust inbound data with trustedService: %s associated with service provider with id: %s during application update.", inboundAuthKey, Integer.valueOf(applicationID)), e);
            }
        }
    }

    private boolean isAssociationRemoved(InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig, InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig2) {
        return inboundAuthenticationRequestConfig != null && inboundAuthenticationRequestConfig2 == null;
    }

    private InboundAuthenticationRequestConfig getWsTrustInbound(ServiceProvider serviceProvider) {
        if (serviceProvider == null || serviceProvider.getInboundAuthenticationConfig() == null || !ArrayUtils.isNotEmpty(serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs())) {
            return null;
        }
        return (InboundAuthenticationRequestConfig) Arrays.stream(serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs()).filter(inboundAuthenticationRequestConfig -> {
            return "wstrust".equals(inboundAuthenticationRequestConfig.getInboundAuthType());
        }).findAny().orElse(null);
    }

    @Override // org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener, org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public boolean doPreDeleteApplication(String str, String str2, String str3) throws IdentityApplicationManagementException {
        ServiceProvider application = ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getApplication(str, str2);
        if (application == null || application.getInboundAuthenticationConfig() == null || application.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs() == null) {
            return true;
        }
        for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig : application.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs()) {
            if ("wstrust".equalsIgnoreCase(inboundAuthenticationRequestConfig.getInboundAuthType()) && inboundAuthenticationRequestConfig.getInboundAuthKey() != null) {
                try {
                    Parameter parameter = getAxisConfig().getService("wso2carbon-sts").getParameter(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart());
                    if (parameter == null) {
                        throw new IdentityApplicationManagementException("missing parameter : " + SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart());
                    }
                    SAMLTokenIssuerConfig sAMLTokenIssuerConfig = new SAMLTokenIssuerConfig(parameter.getParameterElement().getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
                    sAMLTokenIssuerConfig.getTrustedServices().remove(inboundAuthenticationRequestConfig.getInboundAuthKey());
                    setSTSParameter(sAMLTokenIssuerConfig);
                    new STSAdminServiceImpl().removeTrustedService(inboundAuthenticationRequestConfig.getInboundAuthKey());
                    return true;
                } catch (Exception e) {
                    throw new IdentityApplicationManagementException("Error while removing a trusted service: " + inboundAuthenticationRequestConfig.getInboundAuthKey(), e);
                }
            }
        }
        return true;
    }

    @Override // org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener, org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public void onPreCreateInbound(ServiceProvider serviceProvider, boolean z) throws IdentityApplicationManagementException {
        ArrayList arrayList = new ArrayList();
        InboundAuthenticationConfig inboundAuthenticationConfig = serviceProvider.getInboundAuthenticationConfig();
        if (inboundAuthenticationConfig != null && inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs() != null) {
            InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs();
            int length = inboundAuthenticationRequestConfigs.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = inboundAuthenticationRequestConfigs[i];
                if (!"wstrust".equals(inboundAuthenticationRequestConfig.getInboundAuthType())) {
                    i++;
                } else if (inboundAuthenticationRequestConfig.getInboundConfiguration() != null) {
                    TrustedServiceData unmarshalTrustedServiceData = unmarshalTrustedServiceData(inboundAuthenticationRequestConfig.getInboundConfiguration(), serviceProvider.getApplicationName(), serviceProvider.getOwner().getTenantDomain());
                    if (!inboundAuthenticationRequestConfig.getInboundAuthKey().equals(unmarshalTrustedServiceData.getServiceAddress())) {
                        arrayList.add(String.format("The Inbound Auth Key of the  application name %s is not match with ServiceAddress %s.", inboundAuthenticationRequestConfig.getInboundAuthKey(), unmarshalTrustedServiceData.getServiceAddress()));
                    }
                    if (unmarshalTrustedServiceData.getCertAlias() == null || "".equals(unmarshalTrustedServiceData.getCertAlias())) {
                        arrayList.add(String.format("WS CertAlias is not provided  with ServiceAddress %s.", inboundAuthenticationRequestConfig.getInboundAuthKey()));
                    }
                }
            }
        }
        if (!arrayList.isEmpty()) {
            throw new IdentityApplicationManagementValidationException((String[]) arrayList.toArray(new String[0]));
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener, org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public void doImportServiceProvider(ServiceProvider serviceProvider) throws IdentityApplicationManagementException {
        InboundAuthenticationConfig inboundAuthenticationConfig = serviceProvider.getInboundAuthenticationConfig();
        if (inboundAuthenticationConfig == null || inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs() == null) {
            return;
        }
        for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig : inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs()) {
            if ("wstrust".equals(inboundAuthenticationRequestConfig.getInboundAuthType())) {
                TrustedServiceData unmarshalTrustedServiceData = unmarshalTrustedServiceData(inboundAuthenticationRequestConfig.getInboundConfiguration(), serviceProvider.getApplicationName(), serviceProvider.getOwner().getTenantDomain());
                if (StringUtils.isBlank(inboundAuthenticationRequestConfig.getInboundConfiguration())) {
                    throw new IdentityApplicationManagementException(String.format("No inbound configurations found for wstrust in the imported %s", serviceProvider.getApplicationName()));
                }
                try {
                    new STSAdminServiceImpl().addTrustedService(unmarshalTrustedServiceData.getServiceAddress(), unmarshalTrustedServiceData.getCertAlias());
                } catch (SecurityConfigException e) {
                    throw new IdentityApplicationManagementException(String.format("Error in adding trusted service data for %s", serviceProvider.getApplicationName()), e);
                }
            }
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener, org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public void doExportServiceProvider(ServiceProvider serviceProvider, Boolean bool) throws IdentityApplicationManagementException {
        InboundAuthenticationConfig inboundAuthenticationConfig = serviceProvider.getInboundAuthenticationConfig();
        if (inboundAuthenticationConfig == null || inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs() == null) {
            return;
        }
        for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig : inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs()) {
            if ("wstrust".equals(inboundAuthenticationRequestConfig.getInboundAuthType())) {
                String inboundAuthKey = inboundAuthenticationRequestConfig.getInboundAuthKey();
                try {
                    TrustedServiceData[] trustedServices = new STSAdminServiceImpl().getTrustedServices();
                    if (trustedServices != null) {
                        for (TrustedServiceData trustedServiceData : trustedServices) {
                            if (trustedServiceData.getServiceAddress().equals(inboundAuthKey)) {
                                inboundAuthenticationRequestConfig.setInboundConfiguration(marshalTrustedServiceData(trustedServiceData));
                            }
                        }
                    }
                } catch (SecurityConfigException e) {
                    throw new IdentityApplicationManagementException(String.format("Error in getting trusted service data for %s", serviceProvider.getApplicationName()), e);
                }
            }
        }
    }

    private void setSTSParameter(SAMLTokenIssuerConfig sAMLTokenIssuerConfig) throws AxisFault, RegistryException {
        new SecurityServiceAdmin(getAxisConfig(), getConfigSystemRegistry()).setServiceParameterElement("wso2carbon-sts", sAMLTokenIssuerConfig.getParameter());
    }

    private AxisConfiguration getAxisConfig() {
        return ApplicationManagementServiceComponentHolder.getInstance().getConfigContextService().getServerConfigContext().getAxisConfiguration();
    }

    private Registry getConfigSystemRegistry() throws RegistryException {
        return ApplicationManagementServiceComponentHolder.getInstance().getRegistryService().getConfigSystemRegistry();
    }

    private TrustedServiceData unmarshalTrustedServiceData(String str, String str2, String str3) throws IdentityApplicationManagementException {
        try {
            return (TrustedServiceData) JAXBContext.newInstance(new Class[]{TrustedServiceData.class}).createUnmarshaller().unmarshal(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
        } catch (JAXBException e) {
            throw new IdentityApplicationManagementException(String.format("Error in unmarshelling Trusted Service Data %s@%s", str2, str3), e);
        }
    }

    private String marshalTrustedServiceData(TrustedServiceData trustedServiceData) throws IdentityApplicationManagementException {
        try {
            Marshaller createMarshaller = JAXBContext.newInstance(new Class[]{TrustedServiceData.class}).createMarshaller();
            createMarshaller.setProperty("jaxb.formatted.output", true);
            StringWriter stringWriter = new StringWriter();
            createMarshaller.marshal(trustedServiceData, stringWriter);
            return stringWriter.toString();
        } catch (JAXBException e) {
            throw new IdentityApplicationManagementException(String.format("Error in exporting Trusted Service Data %s", trustedServiceData.getServiceAddress()), e);
        }
    }
}
