package org.wso2.carbon.security.config;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.cache.Cache;
import javax.cache.Caching;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.util.AXIOMUtil;
import org.apache.axis2.AxisFault;
import org.apache.axis2.description.AxisBinding;
import org.apache.axis2.description.AxisEndpoint;
import org.apache.axis2.description.AxisModule;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.neethi.PolicyReference;
import org.apache.neethi.builders.xml.XmlPrimtiveAssertion;
import org.apache.rampart.policy.RampartPolicyBuilder;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.model.CryptoConfig;
import org.apache.rampart.policy.model.KerberosConfig;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.core.util.CryptoUtil;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.core.util.KeyStoreUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.registry.core.Collection;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.security.SecurityConfigException;
import org.wso2.carbon.security.SecurityConfigParams;
import org.wso2.carbon.security.SecurityConstants;
import org.wso2.carbon.security.SecurityScenario;
import org.wso2.carbon.security.SecurityScenarioDatabase;
import org.wso2.carbon.security.SecurityServiceHolder;
import org.wso2.carbon.security.config.service.KerberosConfigData;
import org.wso2.carbon.security.config.service.SecurityConfigData;
import org.wso2.carbon.security.config.service.SecurityScenarioData;
import org.wso2.carbon.security.internal.SecurityMgtServiceComponent;
import org.wso2.carbon.security.pox.POXSecurityHandler;
import org.wso2.carbon.security.util.RahasUtil;
import org.wso2.carbon.security.util.SecurityConfigParamBuilder;
import org.wso2.carbon.security.util.SecurityTokenStore;
import org.wso2.carbon.security.util.ServerCrypto;
import org.wso2.carbon.security.util.ServicePasswordCallbackHandler;
import org.wso2.carbon.user.core.AuthorizationManager;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.carbon.utils.ServerException;
import org.wso2.carbon.utils.deployment.GhostDeployerUtils;

/* loaded from: input_file:org/wso2/carbon/security/config/SecurityConfigAdmin.class */
public class SecurityConfigAdmin {
    public static final String USER = "rampart.config.user";
    public static final String IDENTITY_CONFIG_DIR = "identity";
    public static final String DISABLE_REST = "disableREST";
    public static final String POLICY_PATH = "policyPath";
    private static final String SEC_LABEL = "sec";
    private static Log log = LogFactory.getLog(SecurityConfigAdmin.class);
    private AxisConfiguration axisConfig;
    private CallbackHandler callback;
    private Registry registry;
    private UserRegistry govRegistry;
    private UserRealm realm;

    public SecurityConfigAdmin(AxisConfiguration axisConfiguration) throws SecurityConfigException {
        this.axisConfig = null;
        this.callback = null;
        this.registry = null;
        this.govRegistry = null;
        this.realm = null;
        this.axisConfig = axisConfiguration;
        try {
            this.registry = SecurityServiceHolder.getRegistryService().getConfigSystemRegistry();
            this.govRegistry = SecurityServiceHolder.getRegistryService().getGovernanceSystemRegistry();
        } catch (Exception e) {
            log.error("Error when retrieving a registry instance");
            throw new SecurityConfigException("Error when retrieving a registry instance", e);
        }
    }

    public SecurityConfigAdmin(AxisConfiguration axisConfiguration, Registry registry, CallbackHandler callbackHandler) {
        this.axisConfig = null;
        this.callback = null;
        this.registry = null;
        this.govRegistry = null;
        this.realm = null;
        this.axisConfig = axisConfiguration;
        this.registry = registry;
        this.callback = callbackHandler;
        try {
            this.govRegistry = SecurityServiceHolder.getRegistryService().getGovernanceSystemRegistry(((UserRegistry) registry).getTenantId());
        } catch (Exception e) {
            log.error("Error when obtaining the governance registry instance.", e);
        }
    }

    public SecurityConfigAdmin(UserRealm userRealm, Registry registry, AxisConfiguration axisConfiguration) throws SecurityConfigException {
        this.axisConfig = null;
        this.callback = null;
        this.registry = null;
        this.govRegistry = null;
        this.realm = null;
        this.axisConfig = axisConfiguration;
        this.registry = registry;
        this.realm = userRealm;
        try {
            this.govRegistry = SecurityServiceHolder.getRegistryService().getGovernanceSystemRegistry(((UserRegistry) registry).getTenantId());
        } catch (Exception e) {
            log.error("Error when obtaining the governance registry instance.");
            throw new SecurityConfigException("Error when obtaining the governance registry instance.", e);
        }
    }

    public SecurityScenarioData getSecurityScenario(String str) throws SecurityConfigException {
        SecurityScenarioData securityScenarioData = null;
        SecurityScenario securityScenario = SecurityScenarioDatabase.get(str);
        if (securityScenario != null) {
            securityScenarioData = new SecurityScenarioData();
            securityScenarioData.setCategory(securityScenario.getCategory());
            securityScenarioData.setDescription(securityScenario.getDescription());
            securityScenarioData.setScenarioId(securityScenario.getScenarioId());
            securityScenarioData.setSummary(securityScenario.getSummary());
        }
        return securityScenarioData;
    }

    public SecurityScenarioData getCurrentScenario(String str) throws SecurityConfigException {
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        SecurityScenarioData securityScenarioData = null;
        if (serviceForActivation == null) {
            try {
                serviceForActivation = (AxisService) GhostDeployerUtils.getTransitGhostServicesMap(this.axisConfig).get(str);
            } catch (AxisFault e) {
                log.error("Error while reading Transit Ghosts map", e);
            }
            if (serviceForActivation == null) {
                throw new SecurityConfigException("AxisService is Null");
            }
        }
        Parameter parameter = serviceForActivation.getParameter(SecurityConstants.SECURITY_POLICY_PATH);
        if (parameter != null) {
            securityScenarioData = new SecurityScenarioData();
            securityScenarioData.setPolicyRegistryPath((String) parameter.getValue());
            securityScenarioData.setScenarioId(SecurityConstants.POLICY_FROM_REG_SCENARIO);
        } else {
            SecurityScenario readCurrentScenario = readCurrentScenario(str);
            if (readCurrentScenario != null) {
                securityScenarioData = new SecurityScenarioData();
                securityScenarioData.setCategory(readCurrentScenario.getCategory());
                securityScenarioData.setDescription(readCurrentScenario.getDescription());
                securityScenarioData.setScenarioId(readCurrentScenario.getScenarioId());
                securityScenarioData.setSummary(readCurrentScenario.getSummary());
            }
        }
        if (securityScenarioData != null && SecurityConstants.POLICY_FROM_REG_SCENARIO.equalsIgnoreCase(securityScenarioData.getScenarioId()) && StringUtils.isEmpty(securityScenarioData.getPolicyRegistryPath())) {
            String policyRegistryPath = getPolicyRegistryPath(str);
            if (StringUtils.isNotEmpty(policyRegistryPath)) {
                securityScenarioData.setPolicyRegistryPath(policyRegistryPath);
                try {
                    serviceForActivation.addParameter(new Parameter(SecurityConstants.SECURITY_POLICY_PATH, policyRegistryPath));
                } catch (AxisFault e2) {
                    log.error("Error while adding policy path parameter to sts service", e2);
                }
            }
        }
        return securityScenarioData;
    }

    public String[] getRequiredModules(String str, String str2) throws Exception {
        SecurityScenarioData currentScenario = getCurrentScenario(str);
        if (currentScenario == null) {
            return new String[0];
        }
        SecurityScenario securityScenario = SecurityScenarioDatabase.get(currentScenario.getScenarioId());
        return (String[]) securityScenario.getModules().toArray(new String[securityScenario.getModules().size()]);
    }

    public void disableSecurityOnService(String str) throws SecurityConfigException {
        if (log.isDebugEnabled()) {
            log.debug("Disabling security on service :" + str);
        }
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        String serviceGroupName = serviceForActivation.getAxisServiceGroup().getServiceGroupName();
        SecurityScenario readCurrentScenario = readCurrentScenario(str);
        if (readCurrentScenario == null) {
            if (log.isDebugEnabled()) {
                log.debug("Scenario not found. Hence returning");
                return;
            }
            return;
        }
        removeSecurityPolicy(serviceForActivation, readCurrentScenario.getWsuId());
        for (String str2 : (String[]) readCurrentScenario.getModules().toArray(new String[readCurrentScenario.getModules().size()])) {
            AxisModule module = serviceForActivation.getAxisConfiguration().getModule(str2);
            try {
                if (log.isDebugEnabled()) {
                    log.debug("Disengaging module : " + str2);
                }
                serviceForActivation.disengageModule(module);
            } catch (AxisFault e) {
                throw new SecurityConfigException("Error while disengaging module :" + str2, e);
            }
        }
        try {
            if (log.isDebugEnabled()) {
                log.debug("Removing service parameters : passwordCallbackRef ,disableREST");
            }
            Parameter parameter = new Parameter();
            parameter.setName("passwordCallbackRef");
            serviceForActivation.removeParameter(parameter);
            Parameter parameter2 = new Parameter();
            parameter2.setName(DISABLE_REST);
            serviceForActivation.removeParameter(parameter2);
            Parameter parameter3 = serviceForActivation.getParameter(SecurityConstants.SECURITY_POLICY_PATH);
            if (parameter3 != null) {
                serviceForActivation.removeParameter(parameter3);
            }
            Parameter parameter4 = serviceForActivation.getParameter(SecurityConstants.SCENARIO_ID_PARAM_NAME);
            if (parameter4 != null) {
                serviceForActivation.removeParameter(parameter4);
                if (log.isDebugEnabled()) {
                    log.debug("ScenarioID parameter is removed from axis service: " + serviceForActivation.getName());
                }
            }
            Parameter parameter5 = serviceForActivation.getParameter(SecurityConstants.SCENARIO_ID_SET_PARAM_NAME);
            if (parameter5 != null) {
                serviceForActivation.removeParameter(parameter5);
                if (log.isDebugEnabled()) {
                    log.debug("ScenarioIDSet parameter is removed from axis service: " + serviceForActivation.getName());
                }
            }
            if (log.isDebugEnabled()) {
                log.debug("Clearing Authorization roles");
            }
            try {
                AuthorizationManager authorizationManager = this.realm.getAuthorizationManager();
                String str3 = serviceGroupName + "/" + str;
                String[] allowedRolesForResource = authorizationManager.getAllowedRolesForResource(str3, "invoke-service");
                for (int i = 0; i < allowedRolesForResource.length; i++) {
                    authorizationManager.clearRoleAuthorization(allowedRolesForResource[i], str3, "invoke-service");
                    if (log.isDebugEnabled()) {
                        log.debug("Removed role :" + allowedRolesForResource[i]);
                    }
                }
            } catch (UserStoreException e2) {
                throw new SecurityConfigException("Error while removing authorization roles ", e2);
            }
        } catch (AxisFault e3) {
            throw new SecurityConfigException("Error while removing parameters from service on disable security ", e3);
        }
    }

    private void removeSecurityPolicy(AxisService axisService, String str) throws SecurityConfigException {
        if (log.isDebugEnabled()) {
            log.debug("Removing security policy for service : " + axisService.getName() + " , ScenarioWsId :" + str);
        }
        try {
            Registry registry = this.registry;
            String str2 = getRegistryServicePath(axisService) + "/policies/";
            if (registry.resourceExists(str2)) {
                registry.delete(str2);
            }
            if (axisService.getPolicySubject().getAttachedPolicyComponents() != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Service level policy attached.. Removing policy");
                }
                axisService.getPolicySubject().getAttachedPolicyComponents().clear();
            }
            Parameter parameter = axisService.getParameter(SecurityConstants.SCENARIO_ID_PARAM_NAME);
            if (parameter != null) {
                axisService.removeParameter(parameter);
                if (log.isDebugEnabled()) {
                    log.debug("ScenarioID parameter is removed from axis service: " + axisService.getName());
                }
            }
            Parameter parameter2 = axisService.getParameter(SecurityConstants.SCENARIO_ID_SET_PARAM_NAME);
            if (parameter2 != null) {
                axisService.removeParameter(parameter2);
                if (log.isDebugEnabled()) {
                    log.debug("ScenarioIDSet parameter is removed from axis service: " + axisService.getName());
                }
            }
            new SecurityServiceAdmin(this.axisConfig, this.registry).removeSecurityPolicyFromAllBindings(axisService, str);
        } catch (ServerException e) {
            log.error("Error while removing policy from service bindings ", e);
        } catch (RegistryException e2) {
            throw new SecurityConfigException("Error occurred while removing security policy", e2);
        } catch (AxisFault e3) {
            throw new SecurityConfigException("Error while removing scenario ID from axis service", e3);
        }
    }

    private KerberosConfigData readKerberosConfigurations(OMElement oMElement) throws SecurityConfigException {
        KerberosConfigData kerberosConfigData = null;
        if (oMElement != null) {
            if (log.isDebugEnabled()) {
                log.debug("Reading kerberos configurations from carbonSecConfig : " + oMElement.toString());
            }
            OMElement firstChildWithName = oMElement.getFirstChildWithName(new QName(SecurityConstants.SECURITY_NAMESPACE, SecurityConstants.KERBEROS));
            if (firstChildWithName != null) {
                kerberosConfigData = new KerberosConfigData();
                Map<String, String> properties = getProperties(firstChildWithName);
                if (properties.get("service.principal.name") != null) {
                    kerberosConfigData.setServicePrincipleName(properties.get("service.principal.name"));
                }
                if (properties.get("service.principal.password") != null) {
                    try {
                        kerberosConfigData.setServicePrinciplePassword(new String(CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(properties.get("service.principal.password"))));
                    } catch (CryptoException e) {
                        log.warn("Unable to decode and decrypt password string.", e);
                    }
                }
            }
        }
        return kerberosConfigData;
    }

    private Map<String, String> getTrustProperties(OMElement oMElement) {
        OMElement oMElement2 = null;
        if (oMElement != null) {
            if (log.isDebugEnabled()) {
                log.debug("Retrieving trust properties from carbonSecConfig : " + oMElement);
            }
            oMElement2 = oMElement.getFirstChildWithName(new QName(SecurityConstants.SECURITY_NAMESPACE, SecurityConstants.TRUST));
        }
        return getProperties(oMElement2);
    }

    private OMElement getCarbonSecConfigs(Policy policy) {
        if (log.isDebugEnabled() && policy != null) {
            log.debug("Retrieving carbonSecConfigs from policy id : " + policy.getId());
        }
        if (policy == null) {
            return null;
        }
        for (XmlPrimtiveAssertion xmlPrimtiveAssertion : (List) policy.getAlternatives().next()) {
            if ((xmlPrimtiveAssertion instanceof XmlPrimtiveAssertion) && SecurityConstants.CARBON_SEC_CONFIG.equals(xmlPrimtiveAssertion.getValue().getLocalName())) {
                OMElement value = xmlPrimtiveAssertion.getValue();
                if (log.isDebugEnabled()) {
                    log.debug("carbonSecConfig : " + value.toString());
                }
                return value;
            }
        }
        return null;
    }

    private RampartConfig getRampartConfigs(Policy policy) {
        if (policy == null) {
            return null;
        }
        if (log.isDebugEnabled()) {
            log.debug("Retrieving RampartConfigs from policy with id : " + policy.getId());
        }
        for (RampartConfig rampartConfig : (List) policy.getAlternatives().next()) {
            if (rampartConfig instanceof RampartConfig) {
                return rampartConfig;
            }
        }
        return null;
    }

    private String getEncryptedPassword(String str) throws SecurityConfigException {
        try {
            return CryptoUtil.getDefaultCryptoUtil().encryptAndBase64Encode(str.getBytes());
        } catch (CryptoException e) {
            log.error("Unable to encrypt and encode password string.", e);
            throw new SecurityConfigException("Unable to encrypt and encode password string.", e);
        }
    }

    private String getRegistryServicePath(AxisService axisService) {
        return "/repository/axis2/service-groups/" + axisService.getAxisServiceGroup().getServiceGroupName() + "/services/" + axisService.getName();
    }

    public void activateUsernameTokenAuthentication(String str, String[] strArr) throws SecurityConfigException {
    }

    public void applySecurity(String str, String str2, KerberosConfigData kerberosConfigData) throws SecurityConfigException {
        if (kerberosConfigData == null) {
            log.error("Kerberos configurations provided are invalid.");
            throw new SecurityConfigException("Kerberos configuration parameters are null. Please specify valid kerberos configurations.");
        }
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        if (serviceForActivation == null) {
            throw new SecurityConfigException("nullService");
        }
        disableSecurityOnService(str);
        OMElement loadPolicyAsXML = loadPolicyAsXML(str2, null);
        OMElement addUserParameters = addUserParameters(loadPolicyAsXML, null, null, null, kerberosConfigData, false, null);
        loadPolicyAsXML.addChild(buildRampartConfigXML(null, null, kerberosConfigData));
        Policy policy = PolicyEngine.getPolicy(loadPolicyAsXML);
        try {
            persistPolicy(serviceForActivation, loadPolicyAsXML, policy.getId());
            applyPolicy(serviceForActivation, policy, addUserParameters);
            getPOXCache().remove(str);
        } catch (Exception e) {
            throw new SecurityConfigException("Error while persisting policy in registry ", e);
        }
    }

    public void applySecurity(String str, String str2, String str3, String[] strArr, String str4, String[] strArr2) throws SecurityConfigException {
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        OMElement oMElement = null;
        if (serviceForActivation == null) {
            throw new SecurityConfigException("Service not available.");
        }
        if (strArr2 != null) {
            Arrays.sort(strArr2);
            if (Arrays.binarySearch(strArr2, "system/wso2.anonymous.role") > -1) {
                log.error("Security breach. A user is attempting to enable anonymous for UT access");
                throw new SecurityConfigException("Invalid data provided");
            }
        }
        disableSecurityOnService(str);
        OMElement loadPolicyAsXML = loadPolicyAsXML(str2, str3);
        boolean contains = SecurityScenarioDatabase.get(str2).getModules().contains(SecurityConstants.TRUST_MODULE);
        if (contains || (strArr2 != null && strArr2.length > 0)) {
            oMElement = addUserParameters(loadPolicyAsXML, strArr, str4, strArr2, null, contains, str3);
        }
        if (StringUtils.isBlank(str3)) {
            loadPolicyAsXML.addChild(buildRampartConfigXML(str4, strArr, null));
        }
        Policy policy = PolicyEngine.getPolicy(loadPolicyAsXML);
        try {
            persistPolicy(serviceForActivation, loadPolicyAsXML, policy.getId());
            applyPolicy(serviceForActivation, policy, oMElement);
            String serviceGroupName = serviceForActivation.getAxisServiceGroup().getServiceGroupName();
            if (strArr2 != null) {
                for (String str5 : strArr2) {
                    this.realm.getAuthorizationManager().authorizeRole(str5, serviceGroupName + "/" + serviceForActivation.getName(), "invoke-service");
                }
            }
            if (IdentityUtil.isNotBlank(str3) && str2.equals(SecurityConstants.POLICY_FROM_REG_SCENARIO)) {
                serviceForActivation.addParameter(new Parameter(SecurityConstants.SECURITY_POLICY_PATH, str3));
            }
        } catch (Exception e) {
            throw new SecurityConfigException("Error while persisting policy in registry", e);
        }
    }

    private void applyPolicy(AxisService axisService, Policy policy, OMElement oMElement) throws Exception {
        if (axisService == null || policy == null) {
            throw new SecurityConfigException("Error while applying policy to service. Service and policy must be present to apply policy");
        }
        SecurityScenario byWsuId = SecurityScenarioDatabase.getByWsuId(policy.getId());
        disableRESTCalls(axisService.getName(), byWsuId.getScenarioId());
        if (GhostDeployerUtils.isGhostService(axisService)) {
            try {
                axisService = GhostDeployerUtils.deployActualService(this.axisConfig, axisService);
            } catch (AxisFault e) {
                log.error("Error while loading actual service from Ghost", e);
            }
        }
        if (engageModules(byWsuId.getScenarioId(), axisService.getName(), axisService)) {
            if (oMElement == null) {
                oMElement = getCarbonSecConfigs(policy);
            }
            if (oMElement != null) {
                setRahasParameters(axisService, oMElement);
            }
        }
        try {
            CallbackHandler servicePasswordCallbackHandler = this.callback == null ? new ServicePasswordCallbackHandler(null, axisService.getAxisServiceGroup().getServiceGroupName(), axisService.getName(), this.registry, this.realm) : this.callback;
            Parameter parameter = new Parameter();
            parameter.setName("passwordCallbackRef");
            parameter.setValue(servicePasswordCallbackHandler);
            axisService.addParameter(parameter);
            getPOXCache().remove(axisService.getName());
            Cache<String, String> pOXCache = getPOXCache();
            if (pOXCache != null) {
                pOXCache.remove(axisService.getName());
            }
            try {
                Parameter parameter2 = new Parameter();
                parameter2.setName(SecurityConstants.SCENARIO_ID_PARAM_NAME);
                parameter2.setValue(byWsuId.getScenarioId());
                axisService.addParameter(parameter2);
                if (log.isDebugEnabled()) {
                    log.debug("ScenarioID parameter is added to axis service: " + axisService.getName());
                }
            } catch (AxisFault e2) {
                log.error("Error while adding Scenario ID parameter", e2);
            }
            try {
                axisService.addParameter(new Parameter(SecurityConstants.SCENARIO_ID_SET_PARAM_NAME, true));
                if (log.isDebugEnabled()) {
                    log.debug("ScenarioIDSet parameter is added to axis service: " + axisService.getName());
                }
            } catch (AxisFault e3) {
            }
            new SecurityServiceAdmin(this.axisConfig, this.registry).addSecurityPolicyToAllBindings(axisService, policy);
        } catch (RegistryException e4) {
            throw new SecurityConfigException("Error occurred while creating callback handler", e4);
        } catch (ServerException e5) {
            throw new SecurityConfigException("Error while adding policy to bindings", e5);
        } catch (AxisFault e6) {
            throw new SecurityConfigException("Error occurred while adding callback parameter", e6);
        }
    }

    private OMElement buildRampartConfigXML(String str, String[] strArr, KerberosConfigData kerberosConfigData) throws SecurityConfigException {
        ByteArrayOutputStream byteArrayOutputStream = null;
        XMLStreamWriter xMLStreamWriter = null;
        try {
            try {
                Properties serverCryptoProperties = getServerCryptoProperties(str, strArr);
                RampartConfig rampartConfig = new RampartConfig();
                populateRampartConfig(rampartConfig, serverCryptoProperties, kerberosConfigData);
                byteArrayOutputStream = new ByteArrayOutputStream();
                xMLStreamWriter = XMLOutputFactory.newInstance().createXMLStreamWriter(byteArrayOutputStream);
                rampartConfig.serialize(xMLStreamWriter);
                xMLStreamWriter.flush();
                xMLStreamWriter.close();
                byteArrayOutputStream.close();
                byteArrayOutputStream.flush();
                OMElement stringToOM = AXIOMUtil.stringToOM(byteArrayOutputStream.toString());
                if (byteArrayOutputStream != null) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (IOException e) {
                        log.error("Error while closing output stream", e);
                    }
                    if (xMLStreamWriter != null) {
                        try {
                            xMLStreamWriter.close();
                        } catch (XMLStreamException e2) {
                            log.error("Error while closing xml stream writer", e2);
                        }
                    }
                }
                return stringToOM;
            } catch (Exception e3) {
                throw new SecurityConfigException("Error while building rampart configs", e3);
            }
        } catch (Throwable th) {
            if (byteArrayOutputStream != null) {
                try {
                    byteArrayOutputStream.close();
                } catch (IOException e4) {
                    log.error("Error while closing output stream", e4);
                }
                if (xMLStreamWriter != null) {
                    try {
                        xMLStreamWriter.close();
                    } catch (XMLStreamException e5) {
                        log.error("Error while closing xml stream writer", e5);
                    }
                }
            }
            throw th;
        }
    }

    private void persistPolicy(AxisService axisService, OMElement oMElement, String str) throws RegistryException {
        Resource newResource = this.registry.newResource();
        newResource.setContent(oMElement.toString());
        this.registry.put(getRegistryServicePath(axisService) + "/policies/" + str, newResource);
    }

    private OMElement addUserParameters(OMElement oMElement, String[] strArr, String str, String[] strArr2, KerberosConfigData kerberosConfigData, boolean z, String str2) throws SecurityConfigException {
        if (log.isDebugEnabled()) {
            log.debug("Adding user parameters to policy element : " + oMElement);
        }
        OMFactory oMFactory = OMAbstractFactory.getOMFactory();
        OMNamespace createOMNamespace = oMFactory.createOMNamespace(SecurityConstants.SECURITY_NAMESPACE, SEC_LABEL);
        OMElement createOMElement = oMFactory.createOMElement(SecurityConstants.CARBON_SEC_CONFIG, createOMNamespace);
        OMElement createOMElement2 = oMFactory.createOMElement(SecurityConstants.KERBEROS, createOMNamespace);
        OMElement createOMElement3 = oMFactory.createOMElement(POLICY_PATH, createOMNamespace);
        if ((strArr != null || str != null) && z) {
            if (log.isDebugEnabled()) {
                log.debug("Adding trust element to policy");
            }
            OMElement createOMElement4 = oMFactory.createOMElement(SecurityConstants.TRUST, createOMNamespace);
            if (strArr != null && strArr.length > 0) {
                OMElement createOMElement5 = oMFactory.createOMElement(SecurityConstants.PROPERTY_LABEL, createOMNamespace);
                createOMElement5.addAttribute(oMFactory.createOMAttribute(SecurityConstants.NAME_LABEL, (OMNamespace) null, ServerCrypto.PROP_ID_TRUST_STORES));
                createOMElement5.addChild(oMFactory.createOMText(createOMElement5, getArrayAsString(strArr)));
                createOMElement4.addChild(createOMElement5);
                createOMElement.addChild(createOMElement4);
            }
            if (str != null) {
                OMElement createOMElement6 = oMFactory.createOMElement(SecurityConstants.PROPERTY_LABEL, createOMNamespace);
                createOMElement6.addAttribute(oMFactory.createOMAttribute(SecurityConstants.NAME_LABEL, (OMNamespace) null, ServerCrypto.PROP_ID_PRIVATE_STORE));
                createOMElement6.addChild(oMFactory.createOMText(createOMElement6, str));
                createOMElement4.addChild(createOMElement6);
                String firstProperty = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.KeyAlias");
                OMElement createOMElement7 = oMFactory.createOMElement(SecurityConstants.PROPERTY_LABEL, createOMNamespace);
                createOMElement7.addAttribute(oMFactory.createOMAttribute(SecurityConstants.NAME_LABEL, (OMNamespace) null, ServerCrypto.PROP_ID_DEFAULT_ALIAS));
                createOMElement7.addChild(oMFactory.createOMText(createOMElement7, firstProperty));
                createOMElement4.addChild(createOMElement7);
                createOMElement.addChild(createOMElement4);
            }
        }
        if (strArr2 != null && strArr2.length > 0) {
            OMElement createOMElement8 = oMFactory.createOMElement(SecurityConstants.AUTHORIZATION, createOMNamespace);
            OMElement createOMElement9 = oMFactory.createOMElement(SecurityConstants.PROPERTY_LABEL, createOMNamespace);
            createOMElement9.addAttribute(oMFactory.createOMAttribute(SecurityConstants.NAME_LABEL, (OMNamespace) null, SecurityConstants.ALLOWED_ROLES_PARAM_NAME));
            createOMElement9.addChild(oMFactory.createOMText(createOMElement9, getArrayAsString(strArr2)));
            createOMElement8.addChild(createOMElement9);
            createOMElement.addChild(createOMElement8);
        }
        if (kerberosConfigData != null) {
            if (StringUtils.isNotEmpty(kerberosConfigData.getServicePrincipleName())) {
                OMElement createOMElement10 = oMFactory.createOMElement(SecurityConstants.PROPERTY_LABEL, createOMNamespace);
                createOMElement10.addAttribute(oMFactory.createOMAttribute(SecurityConstants.NAME_LABEL, (OMNamespace) null, "service.principal.name"));
                createOMElement10.addChild(oMFactory.createOMText(createOMElement10, kerberosConfigData.getServicePrincipleName()));
                createOMElement2.addChild(createOMElement10);
            }
            if (StringUtils.isNotEmpty(kerberosConfigData.getServicePrinciplePassword())) {
                OMElement createOMElement11 = oMFactory.createOMElement(SecurityConstants.PROPERTY_LABEL, createOMNamespace);
                OMAttribute createOMAttribute = oMFactory.createOMAttribute(SecurityConstants.NAME_LABEL, (OMNamespace) null, "service.principal.password");
                OMAttribute createOMAttribute2 = oMFactory.createOMAttribute(SecurityConstants.ENCRYPTED, (OMNamespace) null, "true");
                createOMElement11.addAttribute(createOMAttribute);
                createOMElement11.addAttribute(createOMAttribute2);
                createOMElement11.addChild(oMFactory.createOMText(createOMElement11, getEncryptedPassword(kerberosConfigData.getServicePrinciplePassword())));
                createOMElement2.addChild(createOMElement11);
            }
            createOMElement.addChild(createOMElement2);
        }
        if (IdentityUtil.isNotBlank(str2)) {
            createOMElement3.addChild(oMFactory.createOMText(createOMElement3, str2));
            createOMElement.addChild(createOMElement3);
        }
        oMElement.addChild(createOMElement);
        return createOMElement;
    }

    private String getArrayAsString(String[] strArr) {
        StringBuffer stringBuffer = new StringBuffer();
        boolean z = true;
        for (String str : strArr) {
            if (z) {
                stringBuffer.append(str);
                z = false;
            } else {
                stringBuffer.append(",");
                stringBuffer.append(str);
            }
        }
        return stringBuffer.toString();
    }

    private OMElement loadPolicyAsXML(String str, String str2) throws SecurityConfigException {
        OMAttribute attribute;
        try {
            UserRegistry userRegistry = this.registry;
            String str3 = "/repository/components/org.wso2.carbon.security.mgt/policy/" + str;
            if (IdentityUtil.isNotBlank(str2) && str.equals(SecurityConstants.POLICY_FROM_REG_SCENARIO)) {
                str3 = str2.substring(str2.lastIndexOf(58) + 1);
                if (SecurityConstants.GOVERNANCE_REGISTRY_IDENTIFIER.equals(str2.substring(0, str2.lastIndexOf(58)))) {
                    userRegistry = this.govRegistry;
                }
            }
            InputStream contentStream = userRegistry.get(str3).getContentStream();
            XMLInputFactory newInstance = XMLInputFactory.newInstance();
            newInstance.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
            OMElement documentElement = new StAXOMBuilder(newInstance.createXMLStreamReader(contentStream)).getDocumentElement();
            if (IdentityUtil.isNotBlank(str2) && str.equals(SecurityConstants.POLICY_FROM_REG_SCENARIO) && (attribute = documentElement.getAttribute(SecurityConstants.POLICY_ID_QNAME)) != null) {
                attribute.setAttributeValue(SecurityConstants.POLICY_FROM_REG_SCENARIO);
            }
            return documentElement;
        } catch (RegistryException e) {
            throw new SecurityConfigException("Error occurred while loading policy.", e);
        } catch (XMLStreamException e2) {
            throw new SecurityConfigException("Error occurred while loading policy.", e2);
        }
    }

    protected boolean engageModules(String str, String str2, AxisService axisService) throws SecurityConfigException {
        boolean z = false;
        SecurityScenario securityScenario = SecurityScenarioDatabase.get(str);
        try {
            for (String str3 : (String[]) securityScenario.getModules().toArray(new String[securityScenario.getModules().size()])) {
                AxisModule module = axisService.getAxisConfiguration().getModule(str3);
                axisService.disengageModule(module);
                axisService.engageModule(module);
                if (SecurityConstants.TRUST_MODULE.equalsIgnoreCase(str3)) {
                    z = true;
                }
            }
            return z;
        } catch (AxisFault e) {
            log.error(e);
            throw new SecurityConfigException("Error in engaging modules", e);
        }
    }

    protected void disableRESTCalls(String str, String str2) throws SecurityConfigException {
        if (str2.equals(SecurityConstants.USERNAME_TOKEN_SCENARIO_ID)) {
            return;
        }
        try {
            AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
            if (serviceForActivation == null) {
                throw new SecurityConfigException("nullService");
            }
            Parameter parameter = new Parameter();
            parameter.setName(DISABLE_REST);
            parameter.setValue(Boolean.TRUE.toString());
            serviceForActivation.addParameter(parameter);
        } catch (AxisFault e) {
            log.error(e);
            throw new SecurityConfigException("disablingREST", e);
        }
    }

    public void populateRampartConfig(RampartConfig rampartConfig, Properties properties, KerberosConfigData kerberosConfigData) throws SecurityConfigException {
        if (rampartConfig != null) {
            if (kerberosConfigData != null) {
                Properties properties2 = new Properties();
                properties2.setProperty("service.principal.name", kerberosConfigData.getServicePrincipleName());
                KerberosConfig kerberosConfig = new KerberosConfig();
                kerberosConfig.setProp(properties2);
                String str = (CarbonUtils.getCarbonConfigDirPath() + File.separatorChar + IDENTITY_CONFIG_DIR) + File.separatorChar + KerberosConfigData.KERBEROS_CONFIG_FILE_NAME;
                if (!new File(str).exists()) {
                    throw new SecurityConfigException("Kerberos configuration file not found at " + str);
                }
                log.info("Setting java.security.krb5.conf to kerberos configuration file " + str);
                System.setProperty(KerberosConfigData.KERBEROS_CONFIG_FILE_SYSTEM_PROPERTY, str);
                rampartConfig.setKerberosConfig(kerberosConfig);
                return;
            }
            if (!properties.isEmpty()) {
                CryptoConfig cryptoConfig = new CryptoConfig();
                cryptoConfig.setProvider(ServerCrypto.class.getName());
                cryptoConfig.setProp(properties);
                cryptoConfig.setCacheEnabled(true);
                cryptoConfig.setCryptoKey(ServerCrypto.PROP_ID_PRIVATE_STORE);
                rampartConfig.setEncrCryptoConfig(cryptoConfig);
                CryptoConfig cryptoConfig2 = new CryptoConfig();
                cryptoConfig2.setProvider(ServerCrypto.class.getName());
                cryptoConfig2.setProp(properties);
                cryptoConfig2.setCacheEnabled(true);
                cryptoConfig2.setCryptoKey(ServerCrypto.PROP_ID_PRIVATE_STORE);
                rampartConfig.setSigCryptoConfig(cryptoConfig2);
            }
            rampartConfig.setEncryptionUser("useReqSigCert");
            rampartConfig.setUser(properties.getProperty("rampart.config.user"));
            rampartConfig.setTimestampTTL(Integer.toString(300));
            rampartConfig.setTimestampMaxSkew(Integer.toString(300));
            String firstProperty = ServerConfiguration.getInstance().getFirstProperty("Security.TokenStoreClassName");
            if (firstProperty == null) {
                rampartConfig.setTokenStoreClass(SecurityTokenStore.class.getName());
            } else {
                rampartConfig.setTokenStoreClass(firstProperty);
            }
        }
    }

    public Properties getServerCryptoProperties(String str, String[] strArr) throws Exception {
        Properties properties = new Properties();
        int tenantId = this.registry.getTenantId();
        if (strArr != null && strArr.length > 0) {
            StringBuilder sb = new StringBuilder();
            for (String str2 : strArr) {
                if (sb.length() > 0) {
                    sb.append(",");
                }
                sb.append(str2);
            }
            properties.setProperty(ServerCrypto.PROP_ID_TRUST_STORES, sb.toString());
        }
        if (str != null) {
            properties.setProperty(ServerCrypto.PROP_ID_PRIVATE_STORE, str);
            String privateKeyAlias = KeyStoreUtil.getPrivateKeyAlias(KeyStoreManager.getInstance(tenantId).getKeyStore(str));
            properties.setProperty(ServerCrypto.PROP_ID_DEFAULT_ALIAS, privateKeyAlias);
            properties.setProperty("rampart.config.user", privateKeyAlias);
        }
        if (str != null || (strArr != null && strArr.length > 0)) {
            properties.setProperty(ServerCrypto.PROP_ID_TENANT_ID, Integer.toString(tenantId));
        }
        return properties;
    }

    public void setServiceTransports(String str, List<String> list) throws SecurityConfigException, AxisFault {
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        if (serviceForActivation == null) {
            throw new SecurityConfigException("nullService");
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < list.size(); i++) {
            arrayList.add(list.get(i));
        }
        serviceForActivation.setExposedTransports(arrayList);
        if (log.isDebugEnabled()) {
            log.debug("Successfully add selected transport bindings to service " + str);
        }
    }

    public boolean isHttpsTransportOnly(Policy policy) throws SecurityConfigException {
        boolean z = false;
        try {
            Iterator alternatives = policy.getAlternatives();
            if (alternatives.hasNext()) {
                RampartPolicyData build = RampartPolicyBuilder.build((List) alternatives.next());
                if (build.isTransportBinding()) {
                    z = true;
                } else if (build.isSymmetricBinding()) {
                    SecureConversationToken encryptionToken = build.getEncryptionToken();
                    if (encryptionToken instanceof SecureConversationToken) {
                        z = RampartPolicyBuilder.build((List) encryptionToken.getBootstrapPolicy().getAlternatives().next()).isTransportBinding();
                    }
                }
            }
            return z;
        } catch (WSSPolicyException e) {
            log.error("Error in checking http transport only", e);
            throw new SecurityConfigException("Error in checking http transport only", e);
        }
    }

    public List<String> getHttpsTransports() {
        ArrayList arrayList = new ArrayList();
        for (String str : this.axisConfig.getTransportsIn().keySet()) {
            if (str.toLowerCase().indexOf(SecurityConstants.HTTPS_TRANSPORT) != -1) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    public List<String> getAllTransports() {
        ArrayList arrayList = new ArrayList();
        Iterator it = this.axisConfig.getTransportsIn().keySet().iterator();
        while (it.hasNext()) {
            arrayList.add((String) it.next());
        }
        return arrayList;
    }

    public SecurityConfigData getSecurityConfigData(String str, String str2, String str3) throws SecurityConfigException {
        SecurityConfigData securityConfigData = null;
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        String serviceGroupName = serviceForActivation.getAxisServiceGroup().getServiceGroupName();
        if (str2 == null) {
            return null;
        }
        try {
            if (str2.equals(SecurityConstants.POLICY_FROM_REG_SCENARIO)) {
                Parameter parameter = serviceForActivation.getParameter(SecurityConstants.SECURITY_POLICY_PATH);
                if (parameter == null || !str3.equals(parameter.getValue())) {
                    return null;
                }
            } else {
                SecurityScenario readCurrentScenario = readCurrentScenario(str);
                if (readCurrentScenario == null || !readCurrentScenario.getScenarioId().equals(str2)) {
                    return null;
                }
            }
            Policy currentPolicy = getCurrentPolicy(serviceForActivation);
            OMElement carbonSecConfigs = getCarbonSecConfigs(currentPolicy);
            RampartConfig rampartConfigs = getRampartConfigs(currentPolicy);
            Map<String, String> trustProperties = getTrustProperties(carbonSecConfigs);
            KerberosConfigData readKerberosConfigurations = readKerberosConfigurations(carbonSecConfigs);
            securityConfigData = new SecurityConfigData();
            securityConfigData.setKerberosConfigurations(readKerberosConfigurations);
            securityConfigData.setUserGroups(this.realm.getAuthorizationManager().getAllowedRolesForResource(serviceGroupName + "/" + str, "invoke-service"));
            String property = getProperty(rampartConfigs, trustProperties, ServerCrypto.PROP_ID_PRIVATE_STORE);
            if (StringUtils.isNotBlank(property)) {
                securityConfigData.setPrivateStore(property);
            }
            String property2 = getProperty(rampartConfigs, trustProperties, ServerCrypto.PROP_ID_TRUST_STORES);
            if (StringUtils.isNotBlank(property2)) {
                securityConfigData.setTrustedKeyStores(property2.split(","));
            }
            return securityConfigData;
        } catch (UserStoreException e) {
            log.error("Error in getting security config data. Failed to get Authorization Manager", e);
            return securityConfigData;
        }
    }

    private String getPolicyRegistryPath(String str) {
        String str2 = "";
        try {
            OMElement firstChildWithName = getCarbonSecConfigs(getCurrentPolicy(this.axisConfig.getServiceForActivation(str))).getFirstChildWithName(new QName(SecurityConstants.SECURITY_NAMESPACE, POLICY_PATH));
            if (firstChildWithName != null) {
                str2 = firstChildWithName.getText();
            }
        } catch (SecurityConfigException e) {
            log.error("Error while retrieving current policy from service", e);
        }
        return str2;
    }

    public SecurityScenario readCurrentScenario(String str) throws SecurityConfigException {
        String id;
        SecurityScenario securityScenario = null;
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        try {
            if (serviceForActivation == null) {
                try {
                    serviceForActivation = (AxisService) GhostDeployerUtils.getTransitGhostServicesMap(this.axisConfig).get(str);
                } catch (AxisFault e) {
                    log.error("Error while reading Transit Ghosts map", e);
                }
                if (serviceForActivation == null) {
                    throw new SecurityConfigException("AxisService is Null");
                }
            }
            if (GhostDeployerUtils.isGhostService(serviceForActivation)) {
                serviceForActivation = GhostDeployerUtils.deployActualService(this.axisConfig, serviceForActivation);
            }
            Iterator it = serviceForActivation.getEndpoints().entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SecurityScenario securityScenario2 = null;
                AxisBinding binding = ((AxisEndpoint) ((Map.Entry) it.next()).getValue()).getBinding();
                String str2 = null;
                for (Policy policy : binding.getPolicySubject().getAttachedPolicyComponents()) {
                    if (policy instanceof Policy) {
                        str2 = policy.getId();
                    } else if (policy instanceof PolicyReference) {
                        str2 = ((PolicyReference) policy).getURI().substring(1);
                    }
                    if (str2 != null) {
                        securityScenario2 = SecurityScenarioDatabase.getByWsuId(str2);
                    }
                }
                if (securityScenario2 == null) {
                    if (!binding.getName().getLocalPart().contains("HttpBinding")) {
                        securityScenario = null;
                        break;
                    }
                } else {
                    securityScenario = securityScenario2;
                }
            }
            if (securityScenario == null) {
                for (PolicyReference policyReference : serviceForActivation.getPolicySubject().getAttachedPolicyComponents()) {
                    if (policyReference instanceof Policy) {
                        id = ((Policy) policyReference).getId();
                    } else if (policyReference instanceof PolicyReference) {
                        id = policyReference.getURI().substring(1);
                    }
                    if (id != null) {
                        securityScenario = SecurityScenarioDatabase.getByWsuId(id);
                    }
                }
            }
            return securityScenario;
        } catch (Exception e2) {
            log.error("Error while reading Security Scenario", e2);
            throw new SecurityConfigException("readingSecurity", e2);
        }
    }

    public void forceActualServiceDeployment(String str) {
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        if (serviceForActivation == null) {
            try {
                serviceForActivation = (AxisService) GhostDeployerUtils.getTransitGhostServicesMap(this.axisConfig).get(str);
            } catch (AxisFault e) {
                log.error("Error while reading Transit Ghosts map", e);
            }
        }
        if (serviceForActivation == null || !GhostDeployerUtils.isGhostService(serviceForActivation)) {
            return;
        }
        try {
            GhostDeployerUtils.deployActualService(this.axisConfig, serviceForActivation);
        } catch (AxisFault e2) {
            log.error("Error while loading actual service from Ghost", e2);
        }
    }

    private Cache<String, String> getPOXCache() {
        return Caching.getCacheManagerFactory().getCacheManager(POXSecurityHandler.POX_CACHE_MANAGER).getCache(POXSecurityHandler.POX_ENABLED);
    }

    private Map<String, String> getProperties(OMElement oMElement) {
        HashMap hashMap = new HashMap();
        if (oMElement != null) {
            Iterator childElements = oMElement.getChildElements();
            while (childElements.hasNext()) {
                OMElement oMElement2 = (OMElement) childElements.next();
                hashMap.put(oMElement2.getAttribute(new QName(SecurityConstants.NAME_LABEL)).getAttributeValue(), oMElement2.getText());
            }
        }
        return hashMap;
    }

    private String getProperty(RampartConfig rampartConfig, Map<String, String> map, String str) {
        String str2 = null;
        if (map != null) {
            str2 = map.get(str);
            if (StringUtils.isNotEmpty(str2)) {
                return str2;
            }
        }
        if (rampartConfig != null) {
            if (rampartConfig.getEncrCryptoConfig() != null && rampartConfig.getEncrCryptoConfig().getProp().get(str) != null) {
                str2 = rampartConfig.getEncrCryptoConfig().getProp().get(str).toString();
                if (StringUtils.isNotEmpty(str2)) {
                    return str2;
                }
            }
            if (rampartConfig.getSigCryptoConfig() != null && rampartConfig.getSigCryptoConfig().getProp().get(str) != null) {
                str2 = rampartConfig.getEncrCryptoConfig().getProp().get(str).toString();
                if (StringUtils.isNotEmpty(str2)) {
                    return str2;
                }
            }
        }
        return str2;
    }

    private Policy loadPolicy(Resource resource) throws org.wso2.carbon.registry.api.RegistryException, XMLStreamException {
        InputStream contentStream = resource.getContentStream();
        XMLInputFactory newInstance = XMLInputFactory.newInstance();
        newInstance.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
        return PolicyEngine.getPolicy(new StAXOMBuilder(newInstance.createXMLStreamReader(contentStream)).getDocumentElement());
    }

    private Policy getCurrentPolicy(AxisService axisService) throws SecurityConfigException {
        try {
            UserRegistry configSystemRegistry = SecurityMgtServiceComponent.getRegistryService().getConfigSystemRegistry(CarbonContext.getThreadLocalCarbonContext().getTenantId());
            String str = getRegistryServicePath(axisService) + "/policies/";
            if (!configSystemRegistry.resourceExists(str)) {
                return null;
            }
            Collection collection = configSystemRegistry.get(str);
            if (!(collection instanceof Collection)) {
                return null;
            }
            String[] children = collection.getChildren();
            if (0 < children.length) {
                return loadPolicy(configSystemRegistry.get(children[0]));
            }
            return null;
        } catch (org.wso2.carbon.registry.api.RegistryException e) {
            throw new SecurityConfigException("Error while retrieving policy from registry for service " + axisService.getName(), e);
        } catch (XMLStreamException e2) {
            throw new SecurityConfigException("Error occurred while loading policy from registry resource", e2);
        }
    }

    private void setRahasParameters(AxisService axisService, OMElement oMElement) throws Exception {
        SecurityConfigParams securityParams = SecurityConfigParamBuilder.getSecurityParams(oMElement);
        Properties properties = new Properties();
        properties.setProperty(ServerCrypto.PROP_ID_PRIVATE_STORE, securityParams.getPrivateStore());
        properties.setProperty(ServerCrypto.PROP_ID_DEFAULT_ALIAS, securityParams.getKeyAlias());
        if (securityParams.getTrustStores() != null) {
            properties.setProperty(ServerCrypto.PROP_ID_TRUST_STORES, securityParams.getTrustStores());
        }
        axisService.addParameter(RahasUtil.getSCTIssuerConfigParameter(ServerCrypto.class.getName(), properties, -1, null, true, true));
        axisService.addParameter(RahasUtil.getTokenCancelerConfigParameter());
    }
}
