package org.wso2.wsas.admin.service;

import java.io.File;
import java.io.FileFilter;
import java.io.FileNotFoundException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.xpath.AXIOMXPath;
import org.apache.axis2.AxisFault;
import org.apache.axis2.description.AxisModule;
import org.apache.axis2.description.AxisService;
import org.apache.commons.io.output.ByteArrayOutputStream;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.rampart.policy.RampartPolicyBuilder;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.model.CryptoConfig;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.jaxen.SimpleNamespaceContext;
import org.wso2.wsas.admin.service.util.SecurityAssignment;
import org.wso2.wsas.admin.service.util.SelectableString;
import org.wso2.wsas.admin.service.util.UtKeystoreSecurityAssignment;
import org.wso2.wsas.persistence.PersistenceManager;
import org.wso2.wsas.persistence.dataobject.KeyStoreDO;
import org.wso2.wsas.persistence.dataobject.ModuleDO;
import org.wso2.wsas.persistence.dataobject.SecurityScenarioDO;
import org.wso2.wsas.persistence.dataobject.ServiceDO;
import org.wso2.wsas.persistence.dataobject.ServiceIdentifierDO;
import org.wso2.wsas.persistence.dataobject.ServiceUserDO;
import org.wso2.wsas.persistence.dataobject.ServiceUserRoleDO;
import org.wso2.wsas.persistence.exception.ServiceNotFoundException;
import org.wso2.wsas.security.WSS4JUtil;
import org.wso2.wsas.security.util.RampartConfigUtil;

/* loaded from: input_file:org/wso2/wsas/admin/service/SecurityScenarioConfigAdmin.class */
public class SecurityScenarioConfigAdmin extends AbstractAdmin {
    public static final String USER = "rampart.config.user";
    public static final String ENCRYPTION_USER = "rampart.config.encryption.user";
    public static final Log log;
    private PersistenceManager pm = new PersistenceManager();
    private String scenarioDir = new StringBuffer().append(System.getProperty("wso2wsas.home")).append(File.separator).append("conf").append(File.separator).append("rampart").append(File.separator).toString();
    private static final String WS_SEC_UTILITY_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
    private static final QName ID;
    private static final String WS_POLICY_NS = "http://schemas.xmlsoap.org/ws/2004/09/policy";
    private static final String SCENARIO_DISABLE_SECURITY = "DisableSecurity";
    public static final int DEFAULT_TS_TTL = 300;
    public static final int DEFAULT_TS_MAX_SKEW = 300;
    static Class class$org$wso2$wsas$admin$service$SecurityScenarioConfigAdmin;
    static Class class$org$wso2$wsas$trust$SecurityTokenStore;
    static Class class$org$wso2$wsas$security$ServerCrypto;

    public SecurityScenarioDO[] getScenarios(String str) {
        SecurityScenarioDO[] allSecurityScenarios = this.pm.getAllSecurityScenarios();
        ServiceDO serviceDO = new ServiceDO();
        ServiceIdentifierDO serviceIdentifierDO = new ServiceIdentifierDO();
        serviceIdentifierDO.setServiceId(str);
        serviceDO.setServiceIdentifierDO(serviceIdentifierDO);
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= allSecurityScenarios.length) {
                break;
            }
            SecurityScenarioDO securityScenarioDO = allSecurityScenarios[i];
            if (securityScenarioDO.services.contains(serviceDO)) {
                securityScenarioDO.setIsCurrentScenario(true);
                z = true;
                break;
            }
            i++;
        }
        if (!z) {
            int i2 = 0;
            while (true) {
                if (i2 >= allSecurityScenarios.length) {
                    break;
                }
                SecurityScenarioDO securityScenarioDO2 = allSecurityScenarios[i2];
                if (securityScenarioDO2.getScenarioId().equalsIgnoreCase(SCENARIO_DISABLE_SECURITY)) {
                    securityScenarioDO2.setIsCurrentScenario(true);
                    break;
                }
                i2++;
            }
        }
        return allSecurityScenarios;
    }

    private void configureScenario(String str, String str2, Properties properties) throws AxisFault {
        Class cls;
        disengageModules(str, SCENARIO_DISABLE_SECURITY);
        RampartConfig rampartConfig = new RampartConfig();
        if (class$org$wso2$wsas$trust$SecurityTokenStore == null) {
            cls = class$("org.wso2.wsas.trust.SecurityTokenStore");
            class$org$wso2$wsas$trust$SecurityTokenStore = cls;
        } else {
            cls = class$org$wso2$wsas$trust$SecurityTokenStore;
        }
        rampartConfig.setTokenStoreClass(cls.getName());
        populateRampartConfig(rampartConfig, properties);
        ServiceAdmin serviceAdmin = new ServiceAdmin(this.configCtx);
        removeAllSecurityScenarioPolicies(serviceAdmin, str);
        try {
            Policy loadPolicy = loadPolicy(new StringBuffer().append(this.scenarioDir).append(str2).append("-policy.xml").toString());
            if (rampartConfig != null) {
                loadPolicy.addAssertion(rampartConfig);
            }
            AxisService service = getAxisConfig().getService(str);
            service.getPolicyInclude().addPolicyElement(3, loadPolicy);
            Iterator alternatives = loadPolicy.getAlternatives();
            if (alternatives.hasNext()) {
                boolean z = false;
                RampartPolicyData build = RampartPolicyBuilder.build((List) alternatives.next());
                if (build.isTransportBinding()) {
                    z = true;
                } else if (build.isSymmetricBinding()) {
                    SecureConversationToken encryptionToken = build.getEncryptionToken();
                    if (encryptionToken instanceof SecureConversationToken) {
                        Iterator alternatives2 = encryptionToken.getBootstrapPolicy().getAlternatives();
                        if (alternatives2.hasNext()) {
                        }
                        z = RampartPolicyBuilder.build((List) alternatives2.next()).isTransportBinding();
                    }
                }
                if (z) {
                    ArrayList arrayList = new ArrayList();
                    for (String str3 : this.axisConfig.getTransportsIn().keySet()) {
                        if (str3.toLowerCase().indexOf("https") != -1) {
                            arrayList.add(str3);
                        }
                    }
                    serviceAdmin.exposeServiceOnlyViaTransports(str, (String[]) arrayList.toArray(new String[arrayList.size()]));
                }
            }
            if (service.getParameter("passwordCallbackRef") == null) {
                service.addParameter(WSS4JUtil.getPasswordCallBackRefParameter(str, "$EMPTY$"));
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            XMLStreamWriter createXMLStreamWriter = XMLOutputFactory.newInstance().createXMLStreamWriter(byteArrayOutputStream);
            loadPolicy.serialize(createXMLStreamWriter);
            createXMLStreamWriter.flush();
            removeAllSecurityScenarioPolicies(serviceAdmin, str);
            serviceAdmin.setPolicy(str, "$EMPTY$", byteArrayOutputStream.toString());
            ServiceDO service2 = this.pm.getService(str, "$EMPTY$");
            SecurityScenarioDO securityScenario = this.pm.getSecurityScenario(str2);
            if (service2 == null || securityScenario == null) {
                return;
            }
            securityScenario.addService(service2);
            this.pm.updateEntity(securityScenario);
            this.pm.updateEntity(service2);
        } catch (Exception e) {
            throw new AxisFault("Could not load security policy", e);
        }
    }

    private static Policy loadPolicy(String str) throws FileNotFoundException, XMLStreamException {
        return PolicyEngine.getPolicy(new StAXOMBuilder(str).getDocumentElement());
    }

    public void disableSecurity(String str) throws AxisFault {
        removeAllSecurityScenarioPolicies(new ServiceAdmin(this.configCtx), str);
        ServiceDO service = this.pm.getService(str, "$EMPTY$");
        service.setIsUTAuthEnabled(false);
        service.setIsExposedOnAllTransports(true);
        this.axisConfig.getService(str).setEnableAllTransports(true);
        SecurityScenarioDO securityScenario = service.getSecurityScenario();
        if (securityScenario != null) {
            securityScenario.removeService(service);
            service.removeAllTrustedCertStores();
            service.setPrivateKeyStore((KeyStoreDO) null);
            for (ServiceUserDO serviceUserDO : service.getUsers()) {
                serviceUserDO.getServices().remove(service);
                this.pm.updateEntity(serviceUserDO);
            }
            for (ServiceUserRoleDO serviceUserRoleDO : service.getRoles()) {
                serviceUserRoleDO.getServices().remove(service);
                this.pm.updateEntity(serviceUserRoleDO);
            }
            service.removeAllRoles();
            service.removeAllUsers();
            this.pm.updateEntity(service);
            disengageModules(str, SCENARIO_DISABLE_SECURITY);
        }
    }

    private void removeAllSecurityScenarioPolicies(ServiceAdmin serviceAdmin, String str) throws AxisFault {
        for (File file : new File(this.scenarioDir).listFiles(new FileFilter(this) { // from class: org.wso2.wsas.admin.service.SecurityScenarioConfigAdmin.1
            private final SecurityScenarioConfigAdmin this$0;

            {
                this.this$0 = this;
            }

            @Override // java.io.FileFilter
            public boolean accept(File file2) {
                return file2.getAbsolutePath().endsWith("-policy.xml");
            }
        })) {
            try {
                StAXOMBuilder stAXOMBuilder = new StAXOMBuilder(file.getAbsolutePath());
                SimpleNamespaceContext simpleNamespaceContext = new SimpleNamespaceContext();
                simpleNamespaceContext.addNamespace("wsp", WS_POLICY_NS);
                simpleNamespaceContext.addNamespace("wsu", WS_SEC_UTILITY_NS);
                AXIOMXPath aXIOMXPath = new AXIOMXPath("//wsp:Policy");
                aXIOMXPath.setNamespaceContext(simpleNamespaceContext);
                OMAttribute attribute = ((OMElement) aXIOMXPath.selectSingleNode(stAXOMBuilder.getDocumentElement())).getAttribute(ID);
                if (attribute == null) {
                    throw new AxisFault(new StringBuffer().append("The policy ID in the policy file ").append(file.getAbsolutePath()).append(" is null").toString());
                }
                if (serviceAdmin.removePolicy(str, "$EMPTY$", attribute.getAttributeValue())) {
                    return;
                }
            } catch (Exception e) {
                throw AxisFault.makeFault(e);
            }
        }
    }

    private void populateRampartConfig(RampartConfig rampartConfig, Properties properties) throws AxisFault {
        Class cls;
        Class cls2;
        Class cls3;
        if (rampartConfig != null) {
            if (!properties.isEmpty()) {
                CryptoConfig cryptoConfig = new CryptoConfig();
                if (class$org$wso2$wsas$security$ServerCrypto == null) {
                    cls2 = class$("org.wso2.wsas.security.ServerCrypto");
                    class$org$wso2$wsas$security$ServerCrypto = cls2;
                } else {
                    cls2 = class$org$wso2$wsas$security$ServerCrypto;
                }
                cryptoConfig.setProvider(cls2.getName());
                cryptoConfig.setProp(properties);
                rampartConfig.setEncrCryptoConfig(cryptoConfig);
                CryptoConfig cryptoConfig2 = new CryptoConfig();
                if (class$org$wso2$wsas$security$ServerCrypto == null) {
                    cls3 = class$("org.wso2.wsas.security.ServerCrypto");
                    class$org$wso2$wsas$security$ServerCrypto = cls3;
                } else {
                    cls3 = class$org$wso2$wsas$security$ServerCrypto;
                }
                cryptoConfig2.setProvider(cls3.getName());
                cryptoConfig2.setProp(properties);
                rampartConfig.setSigCryptoConfig(cryptoConfig2);
            }
            rampartConfig.setEncryptionUser("useReqSigCert");
            rampartConfig.setUser(properties.getProperty(USER));
            rampartConfig.setTimestampTTL(Integer.toString(300));
            rampartConfig.setTimestampMaxSkew(Integer.toString(300));
            if (class$org$wso2$wsas$trust$SecurityTokenStore == null) {
                cls = class$("org.wso2.wsas.trust.SecurityTokenStore");
                class$org$wso2$wsas$trust$SecurityTokenStore = cls;
            } else {
                cls = class$org$wso2$wsas$trust$SecurityTokenStore;
            }
            rampartConfig.setTokenStoreClass(cls.getName());
        }
    }

    public void assignUsersAndRolesAndKeyStores(String str, String str2, String str3, String[] strArr, String str4, String[] strArr2, String[] strArr3) throws AxisFault {
        AxisService service = getAxisConfig().getService(str);
        if (service.getParameter("passwordCallbackRef") == null) {
            service.addParameter(WSS4JUtil.getPasswordCallBackRefParameter(str, str2));
        }
        if (str2 == null || str2.trim().length() == 0) {
            str2 = "$EMPTY$";
        }
        ServiceDO service2 = this.pm.getService(str, str2);
        if (service2 == null) {
            throw new AxisFault(new StringBuffer().append("Service ").append(str).append(" not found!").toString());
        }
        for (ServiceUserDO serviceUserDO : service2.getUsers()) {
            serviceUserDO.getServices().remove(service2);
            this.pm.updateEntity(serviceUserDO);
        }
        for (ServiceUserRoleDO serviceUserRoleDO : service2.getRoles()) {
            serviceUserRoleDO.getServices().remove(service2);
            this.pm.updateEntity(serviceUserRoleDO);
        }
        service2.removeAllUsers();
        service2.removeAllRoles();
        try {
            this.pm.updateService(service2);
        } catch (ServiceNotFoundException e) {
        }
        for (String str5 : strArr2) {
            if (str5 != null && str5.trim().length() != 0) {
                service2.setIsUTAuthEnabled(true);
                ServiceUserDO user = this.pm.getUser(str5);
                service2.addUser(user);
                this.pm.updateEntity(user);
            }
        }
        for (String str6 : strArr3) {
            if (str6 != null && str6.trim().length() != 0) {
                service2.setIsUTAuthEnabled(true);
                ServiceUserRoleDO role = this.pm.getRole(str6);
                service2.addRole(role);
                this.pm.updateEntity(role);
            }
        }
        try {
            this.pm.updateService(service2);
        } catch (ServiceNotFoundException e2) {
        }
        this.pm.removeAllTrustedCertStores(this.pm.getService(str, str2));
        ServiceDO service3 = this.pm.getService(str, str2);
        for (String str7 : strArr) {
            KeyStoreDO keyStore = this.pm.getKeyStore(str7);
            if (keyStore == null) {
                throw new AxisFault(new StringBuffer().append("Key Store ").append(str7).append(" does not exist").toString());
            }
            service3.addTrustedCertStore(keyStore);
        }
        KeyStoreDO keyStore2 = this.pm.getKeyStore(str4);
        service3.setPrivateKeyStore(keyStore2);
        this.pm.updateEntity(service3);
        configureScenario(str, str3, getServerCryptoProperties(strArr, str4, keyStore2.getPrivateKeyAlias()));
        engageModules(str, str3);
    }

    public void assignKeyStores(String str, String str2, String[] strArr, String str3) throws AxisFault {
        this.pm.removeAllTrustedCertStores(this.pm.getService(str, "$EMPTY$"));
        ServiceDO service = this.pm.getService(str, "$EMPTY$");
        service.setIsUTAuthEnabled(false);
        service.setIsExposedOnAllTransports(true);
        this.axisConfig.getService(str).setEnableAllTransports(true);
        for (String str4 : strArr) {
            KeyStoreDO keyStore = this.pm.getKeyStore(str4);
            if (keyStore == null) {
                throw new AxisFault(new StringBuffer().append("Key Store ").append(str4).append(" does not exist").toString());
            }
            service.addTrustedCertStore(keyStore);
        }
        KeyStoreDO keyStore2 = this.pm.getKeyStore(str3);
        service.setPrivateKeyStore(keyStore2);
        this.pm.updateEntity(service);
        configureScenario(str, str2, getServerCryptoProperties(strArr, str3, keyStore2.getPrivateKeyAlias()));
        engageModules(str, str2);
    }

    public void assignUsersAndRoles(String str, String str2, String str3, String[] strArr, String[] strArr2) throws AxisFault {
        AxisService service = getAxisConfig().getService(str);
        if (service.getParameter("passwordCallbackRef") == null) {
            service.addParameter(WSS4JUtil.getPasswordCallBackRefParameter(str, str2));
        }
        if (str2 == null || str2.trim().length() == 0) {
            str2 = "$EMPTY$";
        }
        ServiceDO service2 = this.pm.getService(str, str2);
        if (service2 == null) {
            throw new AxisFault(new StringBuffer().append("Service ").append(str).append(" not found!").toString());
        }
        for (ServiceUserDO serviceUserDO : service2.getUsers()) {
            serviceUserDO.getServices().remove(service2);
            this.pm.updateEntity(serviceUserDO);
        }
        for (ServiceUserRoleDO serviceUserRoleDO : service2.getRoles()) {
            serviceUserRoleDO.getServices().remove(service2);
            this.pm.updateEntity(serviceUserRoleDO);
        }
        service2.removeAllUsers();
        service2.removeAllRoles();
        try {
            this.pm.updateService(service2);
        } catch (ServiceNotFoundException e) {
        }
        for (String str4 : strArr) {
            if (str4 != null && str4.trim().length() != 0) {
                service2.setIsUTAuthEnabled(true);
                ServiceUserDO user = this.pm.getUser(str4);
                service2.addUser(user);
                this.pm.updateEntity(user);
            }
        }
        for (String str5 : strArr2) {
            if (str5 != null && str5.trim().length() != 0) {
                service2.setIsUTAuthEnabled(true);
                ServiceUserRoleDO role = this.pm.getRole(str5);
                service2.addRole(role);
                this.pm.updateEntity(role);
            }
        }
        try {
            this.pm.updateService(service2);
        } catch (ServiceNotFoundException e2) {
        }
        configureScenario(str, str3, new Properties());
        engageModules(str, str3);
    }

    private void engageModules(String str, String str2) throws AxisFault {
        SecurityScenarioDO securityScenario = this.pm.getSecurityScenario(str2);
        AxisService service = this.axisConfig.getService(str);
        Iterator it = securityScenario.modules.iterator();
        while (it.hasNext()) {
            String name = ((ModuleDO) it.next()).getModuleIdentifierDO().getName();
            if (!service.isEngaged(name)) {
                AxisModule module = this.axisConfig.getModule(name);
                new ModuleAdmin(this.configCtx).engageModuleForService(module.getName(), module.getVersion(), str, "$EMPTY$");
            }
        }
    }

    private void disengageModules(String str, String str2) throws AxisFault {
        SecurityScenarioDO securityScenario = this.pm.getSecurityScenario(str2);
        AxisService service = this.axisConfig.getService(str);
        ModuleAdmin moduleAdmin = new ModuleAdmin(this.configCtx);
        for (ModuleDO moduleDO : securityScenario.modules) {
            AxisModule module = this.axisConfig.getModule(moduleDO.getModuleIdentifierDO().getName(), moduleDO.getModuleIdentifierDO().getVersion());
            if (service.isEngaged(module)) {
                moduleAdmin.forceDisengageModuleFromService(module.getName(), module.getVersion(), str, "$EMPTY$");
            }
        }
    }

    public SecurityAssignment getSecurityAssignment(String str, String str2) throws AxisFault {
        SecurityAssignment securityAssignment = new SecurityAssignment();
        if (str2 == null || str2.trim().length() == 0) {
            str2 = "$EMPTY$";
        }
        ServiceDO service = this.pm.getService(str, str2);
        if (service == null) {
            throw new AxisFault(new StringBuffer().append("Service ").append(str).append(" not found!").toString());
        }
        ArrayList arrayList = new ArrayList();
        for (ServiceUserDO serviceUserDO : this.pm.getUsers()) {
            SelectableString selectableString = new SelectableString();
            selectableString.setString(serviceUserDO.getUsername());
            Iterator it = service.getUsers().iterator();
            while (it.hasNext()) {
                if (serviceUserDO.getUsername().equals(((ServiceUserDO) it.next()).getUsername())) {
                    selectableString.setSelected(true);
                }
            }
            arrayList.add(selectableString);
        }
        securityAssignment.setUsers((SelectableString[]) arrayList.toArray(new SelectableString[arrayList.size()]));
        ArrayList arrayList2 = new ArrayList();
        for (ServiceUserRoleDO serviceUserRoleDO : this.pm.getUserRoles()) {
            SelectableString selectableString2 = new SelectableString();
            selectableString2.setString(serviceUserRoleDO.getRole());
            Iterator it2 = service.getRoles().iterator();
            while (it2.hasNext()) {
                if (serviceUserRoleDO.getRole().equals(((ServiceUserRoleDO) it2.next()).getRole())) {
                    selectableString2.setSelected(true);
                }
            }
            arrayList2.add(selectableString2);
        }
        securityAssignment.setRoles((SelectableString[]) arrayList2.toArray(new SelectableString[arrayList2.size()]));
        return securityAssignment;
    }

    public UtKeystoreSecurityAssignment getUtKeystoreSecurityAssignment(String str) throws AxisFault {
        UtKeystoreSecurityAssignment utKeystoreSecurityAssignment = new UtKeystoreSecurityAssignment();
        utKeystoreSecurityAssignment.setUt(getSecurityAssignment(str, null));
        utKeystoreSecurityAssignment.setKeystore(new CryptoAdmin().getServiceKeyStores(str));
        return utKeystoreSecurityAssignment;
    }

    private Properties getServerCryptoProperties(String[] strArr, String str, String str2) {
        Properties serverCryptoProperties = RampartConfigUtil.getServerCryptoProperties(strArr, str, str2);
        serverCryptoProperties.setProperty(USER, str2);
        return serverCryptoProperties;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$wso2$wsas$admin$service$SecurityScenarioConfigAdmin == null) {
            cls = class$("org.wso2.wsas.admin.service.SecurityScenarioConfigAdmin");
            class$org$wso2$wsas$admin$service$SecurityScenarioConfigAdmin = cls;
        } else {
            cls = class$org$wso2$wsas$admin$service$SecurityScenarioConfigAdmin;
        }
        log = LogFactory.getLog(cls);
        ID = new QName(WS_SEC_UTILITY_NS, "Id");
    }
}
