package org.wso2.carbon.identity.user.store.configuration.deployer;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Iterator;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.util.Base64;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.deployment.AbstractDeployer;
import org.apache.axis2.deployment.DeploymentException;
import org.apache.axis2.deployment.repository.util.DeploymentFileData;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.identity.user.store.configuration.deployer.exception.UserStoreConfigurationDeployerException;
import org.wso2.carbon.identity.user.store.configuration.deployer.internal.UserStoreConfigComponent;
import org.wso2.carbon.identity.user.store.configuration.deployer.util.UserStoreConfigurationConstants;
import org.wso2.carbon.identity.user.store.configuration.deployer.util.UserStoreUtil;
import org.wso2.carbon.user.api.Property;
import org.wso2.carbon.user.core.common.UserStoreDeploymentManager;
import org.wso2.carbon.user.core.tracker.UserStoreManagerRegistry;

/* loaded from: input_file:org/wso2/carbon/identity/user/store/configuration/deployer/UserStoreConfigurationDeployer.class */
public class UserStoreConfigurationDeployer extends AbstractDeployer {
    private static final Log log = LogFactory.getLog(UserStoreConfigurationDeployer.class);
    private AxisConfiguration axisConfig;

    private static boolean isEligibleTobeEncrypted(OMElement oMElement) {
        String attributeValue;
        return oMElement.getAttributeValue(new QName(UserStoreConfigurationConstants.SECURE_VAULT_NS, UserStoreConfigurationConstants.SECRET_ALIAS)) == null && (attributeValue = oMElement.getAttributeValue(new QName(UserStoreConfigurationConstants.PROPERTY_ENCRYPT))) != null && attributeValue.equalsIgnoreCase("true") && oMElement.getText() != null;
    }

    private static ArrayList<String> getEncryptPropertyList(String str) {
        String name;
        Property[] mandatoryProperties = UserStoreManagerRegistry.getUserStoreProperties(str).getMandatoryProperties();
        ArrayList<String> arrayList = new ArrayList<>();
        for (Property property : mandatoryProperties) {
            if (property != null && (name = property.getName()) != null && property.getDescription().contains(UserStoreConfigurationConstants.ENCRYPT_TEXT)) {
                arrayList.add(name);
            }
        }
        return arrayList;
    }

    public void init(ConfigurationContext configurationContext) {
        log.info("User Store Configuration Deployer initiated.");
        this.axisConfig = configurationContext.getAxisConfiguration();
    }

    public void deploy(DeploymentFileData deploymentFileData) throws DeploymentException {
        if (deploymentFileData.getName().startsWith("FEDERATED")) {
            throw new DeploymentException("'FEDERATED' is a reserved user store domain prefix. Please start the file name with a different domain name.");
        }
        if (UserStoreConfigComponent.getServerConfigurationService() != null) {
            String absolutePath = deploymentFileData.getAbsolutePath();
            if (!UserStoreConfigurationConstants.ENC_EXTENSION.equalsIgnoreCase(FilenameUtils.getExtension(absolutePath))) {
                new UserStoreDeploymentManager().deploy(deploymentFileData.getAbsolutePath());
                return;
            }
            try {
                InputStream newInputStream = Files.newInputStream(Paths.get(absolutePath, new String[0]), new OpenOption[0]);
                try {
                    OMElement initializeOMElement = initializeOMElement(newInputStream);
                    updateSecondaryUserStore(initializeOMElement);
                    int lastIndexOf = absolutePath.lastIndexOf(".");
                    if (lastIndexOf != 1) {
                        try {
                            OutputStream newOutputStream = Files.newOutputStream(Paths.get(absolutePath.substring(0, lastIndexOf + 1) + UserStoreConfigurationConstants.XML_EXTENSION, new String[0]), new OpenOption[0]);
                            try {
                                initializeOMElement.serialize(newOutputStream);
                                if (newOutputStream != null) {
                                    newOutputStream.close();
                                }
                                File file = new File(absolutePath);
                                if (file.exists()) {
                                    file.delete();
                                }
                            } catch (Throwable th) {
                                if (newOutputStream != null) {
                                    try {
                                        newOutputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                }
                                throw th;
                            }
                        } catch (XMLStreamException e) {
                            throw new DeploymentException("Unexpected xml processing errors while trying to update file " + absolutePath, e);
                        } catch (IOException e2) {
                            throw new DeploymentException("Secondary user store File path " + absolutePath + " is invalid", e2);
                        }
                    }
                    if (newInputStream != null) {
                        newInputStream.close();
                    }
                } finally {
                }
            } catch (IOException e3) {
                throw new DeploymentException("Secondary user store File path " + absolutePath + " is invalid", e3);
            } catch (UserStoreConfigurationDeployerException e4) {
                throw new DeploymentException("Secondary user store processing failed while processing " + absolutePath, e4);
            }
        }
    }

    public void undeploy(String str) throws DeploymentException {
        if (str == null || UserStoreConfigurationConstants.ENC_EXTENSION.equalsIgnoreCase(FilenameUtils.getExtension(str))) {
            return;
        }
        new UserStoreDeploymentManager().undeploy(str);
    }

    public void setDirectory(String str) {
    }

    public void setExtension(String str) {
    }

    private OMElement initializeOMElement(InputStream inputStream) throws UserStoreConfigurationDeployerException {
        try {
            return new StAXOMBuilder(inputStream).getDocumentElement();
        } catch (XMLStreamException e) {
            throw new UserStoreConfigurationDeployerException(" Secondary storage file reading for repo failed ", e);
        }
    }

    private void updateSecondaryUserStore(OMElement oMElement) throws UserStoreConfigurationDeployerException {
        ArrayList<String> encryptPropertyList = getEncryptPropertyList(oMElement.getAttributeValue(new QName(UserStoreConfigurationConstants.PROPERTY_CLASS)));
        Iterator childrenWithName = oMElement.getChildrenWithName(new QName(UserStoreConfigurationConstants.PROPERTY));
        while (childrenWithName.hasNext()) {
            OMElement oMElement2 = (OMElement) childrenWithName.next();
            if (oMElement2 != null && oMElement2.getText() != null) {
                String attributeValue = oMElement2.getAttributeValue(new QName(UserStoreConfigurationConstants.PROPERTY_NAME));
                if (oMElement2.getAttribute(new QName(UserStoreConfigurationConstants.PROPERTY_ENCRYPTED)) != null) {
                    continue;
                } else {
                    if (encryptPropertyList.contains(attributeValue) || isEligibleTobeEncrypted(oMElement2)) {
                        OMAttribute attribute = oMElement2.getAttribute(new QName(UserStoreConfigurationConstants.PROPERTY_ENCRYPT));
                        if (attribute != null) {
                            oMElement2.removeAttribute(attribute);
                        }
                        try {
                            oMElement2.setText(Base64.encode(UserStoreUtil.encrypt(oMElement2.getText().getBytes())));
                            oMElement2.addAttribute(UserStoreConfigurationConstants.PROPERTY_ENCRYPTED, "true", (OMNamespace) null);
                        } catch (CryptoException e) {
                            throw new UserStoreConfigurationDeployerException("Encryption in secondary user store failed", e);
                        }
                    } else {
                        continue;
                    }
                }
            }
        }
    }
}
