package org.wso2.carbon.security.sts.service;

import java.util.ArrayList;
import java.util.Map;
import org.apache.axis2.AxisFault;
import org.apache.axis2.description.Parameter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.impl.SAMLTokenIssuerConfig;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.core.AbstractAdmin;
import org.wso2.carbon.core.util.KeyStoreUtil;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.security.SecurityConfigException;
import org.wso2.carbon.security.config.SecurityServiceAdmin;
import org.wso2.carbon.security.keystore.KeyStoreAdmin;
import org.wso2.carbon.security.keystore.service.KeyStoreData;
import org.wso2.carbon.security.sts.service.util.TrustedServiceData;

/* loaded from: input_file:org/wso2/carbon/security/sts/service/STSAdminServiceImpl.class */
public class STSAdminServiceImpl extends AbstractAdmin implements STSAdminServiceInterface {
    private static final Log log = LogFactory.getLog(STSAdminServiceImpl.class);

    @Override // org.wso2.carbon.security.sts.service.STSAdminServiceInterface
    public void addTrustedService(String str, String str2) throws SecurityConfigException {
        try {
            Parameter parameter = getAxisConfig().getService("wso2carbon-sts").getParameter(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart());
            if (parameter == null) {
                throw new AxisFault("missing parameter : " + SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart());
            }
            SAMLTokenIssuerConfig sAMLTokenIssuerConfig = new SAMLTokenIssuerConfig(parameter.getParameterElement().getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
            sAMLTokenIssuerConfig.addTrustedServiceEndpointAddress(str, str2);
            setSTSParameter(sAMLTokenIssuerConfig);
            persistTrustedService("wso2carbon-sts", "wso2carbon-sts", str, str2);
        } catch (Exception e) {
            log.error("Error while adding a trusted service", e);
            throw new SecurityConfigException(e.getMessage(), e);
        }
    }

    @Override // org.wso2.carbon.security.sts.service.STSAdminServiceInterface
    public void removeTrustedService(String str) throws SecurityConfigException {
        try {
            Parameter parameter = getAxisConfig().getService("wso2carbon-sts").getParameter(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart());
            if (parameter == null) {
                throw new AxisFault("missing parameter : " + SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart());
            }
            SAMLTokenIssuerConfig sAMLTokenIssuerConfig = new SAMLTokenIssuerConfig(parameter.getParameterElement().getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
            sAMLTokenIssuerConfig.getTrustedServices().remove(str);
            setSTSParameter(sAMLTokenIssuerConfig);
            removeTrustedService("wso2carbon-sts", "wso2carbon-sts", str);
        } catch (Exception e) {
            log.error("Error while removing a trusted service", e);
            throw new SecurityConfigException(e.getMessage(), e);
        }
    }

    @Override // org.wso2.carbon.security.sts.service.STSAdminServiceInterface
    public TrustedServiceData[] getTrustedServices() throws SecurityConfigException {
        try {
            Parameter parameter = getAxisConfig().getService("wso2carbon-sts").getParameter(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart());
            if (parameter == null) {
                throw new SecurityConfigException("missing parameter : " + SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart());
            }
            Map trustedServices = new SAMLTokenIssuerConfig(parameter.getParameterElement().getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG)).getTrustedServices();
            ArrayList arrayList = new ArrayList();
            for (Map.Entry entry : trustedServices.entrySet()) {
                arrayList.add(new TrustedServiceData((String) entry.getKey(), (String) entry.getValue()));
            }
            return (TrustedServiceData[]) arrayList.toArray(new TrustedServiceData[arrayList.size()]);
        } catch (Exception e) {
            log.error("Error while retrieving trusted services", e);
            throw new SecurityConfigException(e.getMessage(), e);
        }
    }

    @Override // org.wso2.carbon.security.sts.service.STSAdminServiceInterface
    public String getProofKeyType() throws SecurityConfigException {
        try {
            Parameter parameter = getAxisConfig().getService("wso2carbon-sts").getParameter(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart());
            if (parameter != null) {
                return new SAMLTokenIssuerConfig(parameter.getParameterElement().getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG)).getProofKeyType();
            }
            throw new SecurityConfigException("missing parameter : " + SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart());
        } catch (Exception e) {
            log.error("Error while retrieving proof key type", e);
            throw new SecurityConfigException(e.getMessage(), e);
        }
    }

    @Override // org.wso2.carbon.security.sts.service.STSAdminServiceInterface
    public void setProofKeyType(String str) throws SecurityConfigException {
        try {
            Parameter parameter = getAxisConfig().getService("wso2carbon-sts").getParameter(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart());
            if (parameter == null) {
                throw new AxisFault("missing parameter : " + SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG.getLocalPart());
            }
            SAMLTokenIssuerConfig sAMLTokenIssuerConfig = new SAMLTokenIssuerConfig(parameter.getParameterElement().getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
            sAMLTokenIssuerConfig.setProofKeyType(str);
            setSTSParameter(sAMLTokenIssuerConfig);
        } catch (Exception e) {
            log.error("Error setting proof key type", e);
            throw new SecurityConfigException(e.getMessage(), e);
        }
    }

    @Override // org.wso2.carbon.security.sts.service.STSAdminServiceInterface
    public String[] getCertAliasOfPrimaryKeyStore() throws SecurityConfigException {
        KeyStoreData[] keyStores = getKeyStores();
        int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        KeyStoreData keyStoreData = null;
        int length = keyStores.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            KeyStoreData keyStoreData2 = keyStores[i];
            if (keyStoreData2 != null) {
                if (tenantId == -1234) {
                    if (KeyStoreUtil.isPrimaryStore(keyStoreData2.getKeyStoreName())) {
                        keyStoreData = keyStoreData2;
                        break;
                    }
                } else if (keyStoreData2.getPrivateStore()) {
                    keyStoreData = keyStoreData2;
                    break;
                }
            }
            i++;
        }
        if (keyStoreData != null) {
            return getStoreEntries(keyStoreData.getKeyStoreName());
        }
        throw new SecurityConfigException("Primary Keystore cannot be found.");
    }

    private void setSTSParameter(SAMLTokenIssuerConfig sAMLTokenIssuerConfig) throws AxisFault {
        new SecurityServiceAdmin(getAxisConfig(), getConfigSystemRegistry()).setServiceParameterElement("wso2carbon-sts", sAMLTokenIssuerConfig.getParameter());
    }

    private KeyStoreData[] getKeyStores() throws SecurityConfigException {
        return new KeyStoreAdmin(CarbonContext.getThreadLocalCarbonContext().getTenantId(), getGovernanceSystemRegistry()).getKeyStores(CarbonContext.getThreadLocalCarbonContext().getTenantId() == -1234);
    }

    private String[] getStoreEntries(String str) throws SecurityConfigException {
        return new KeyStoreAdmin(CarbonContext.getThreadLocalCarbonContext().getTenantId(), getGovernanceSystemRegistry()).getStoreEntries(str);
    }

    private void persistTrustedService(String str, String str2, String str3, String str4) throws SecurityConfigException {
        try {
            String str5 = "/repository/axis2/service-groups/" + str + "/services/" + str2 + "/trustedServices";
            Registry configSystemRegistry = getConfigSystemRegistry();
            if (configSystemRegistry != null) {
                Resource newResource = configSystemRegistry.resourceExists(str5) ? configSystemRegistry.get(str5) : configSystemRegistry.newResource();
                if (newResource.getProperty(str3) != null) {
                    newResource.removeProperty(str3);
                }
                newResource.addProperty(str3, str4);
                configSystemRegistry.put(str5, newResource);
            }
        } catch (Exception e) {
            log.error("Error occured while adding trusted service for STS", e);
            throw new SecurityConfigException("Error occured while adding trusted service for STS", e);
        }
    }

    private void removeTrustedService(String str, String str2, String str3) throws SecurityConfigException {
        try {
            String str4 = "/repository/axis2/service-groups/" + str + "/services/" + str2 + "/trustedServices";
            Registry configSystemRegistry = getConfigSystemRegistry();
            if (configSystemRegistry != null && configSystemRegistry.resourceExists(str4)) {
                Resource resource = configSystemRegistry.get(str4);
                if (resource.getProperty(str3) != null) {
                    resource.removeProperty(str3);
                }
                configSystemRegistry.put(str4, resource);
            }
        } catch (Exception e) {
            log.error("Error occured while removing trusted service for STS", e);
            throw new SecurityConfigException("Error occured while adding trusted service for STS", e);
        }
    }
}
