package org.wso2.carbon.is.migration.service.v550;

import java.io.InputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.identity.core.migrate.MigrationClientException;
import org.wso2.carbon.identity.core.util.IdentityIOStreamUtils;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.is.migration.util.EncryptionUtil;
import org.wso2.carbon.is.migration.util.Utility;
import org.wso2.carbon.registry.core.Collection;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.registry.core.utils.RegistryUtils;
import org.wso2.carbon.user.api.Tenant;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:org/wso2/carbon/is/migration/service/v550/RegistryDataManager.class */
public class RegistryDataManager {
    private static final String STS_SERVICE_GROUP = "org.wso2.carbon.sts";
    private static final String SERVICE_PRINCIPAL_PASSWORD = "service.principal.password";
    private static final String KERBEROS = "Kerberos";
    private static final String NAME = "name";
    private static final String PASSWORD = "password";
    private static final String SUBSCRIBER_PASSWORD = "subscriberPassword";
    private static final String PRIVATE_KEY_PASS = "privatekeyPass";
    private static final String POLICY_PUBLISHER_RESOURCE_PATH = "/repository/identity/entitlement/publisher/";
    private static final String KEYSTORE_RESOURCE_PATH = "/repository/security/key-stores/";
    private static final String SYSLOG = "/repository/components/org.wso2.carbon.logging/loggers/syslog/SYSLOG_PROPERTIES";
    private static final String SECURITY_POLICY_RESOURCE_PATH = "/services/wso2carbon-sts/policies/";
    private static final String SERVICE_GROUPS_PATH = "/repository/axis2/service-groups/";
    private static final String CARBON_SEC_CONFIG = "CarbonSecConfig";
    private static final Logger log = LoggerFactory.getLogger(RegistryDataManager.class);
    private static RegistryDataManager instance = new RegistryDataManager();

    private RegistryDataManager() {
    }

    public static RegistryDataManager getInstance() {
        return instance;
    }

    private void startTenantFlow(Tenant tenant) {
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        threadLocalCarbonContext.setTenantId(tenant.getId());
        threadLocalCarbonContext.setTenantDomain(tenant.getDomain());
    }

    @Deprecated
    public void migrateSubscriberPassword(boolean z) throws UserStoreException, MigrationClientException {
        try {
            migrateSubscriberDataForTenant(-1234);
            log.info("Policy Subscribers migrated for tenant : carbon.super");
        } catch (Exception e) {
            log.error("Error while migrating Policy Subscribers for tenant : carbon.super", e);
        }
        for (Tenant tenant : Utility.getTenants()) {
            if (!z || tenant.isActive()) {
                try {
                    try {
                        startTenantFlow(tenant);
                        migrateSubscriberDataForTenant(tenant.getId());
                        log.info("Subscribers migrated for tenant : " + tenant.getDomain());
                        PrivilegedCarbonContext.endTenantFlow();
                    } catch (Exception e2) {
                        log.error("Error while migrating Subscribers for tenant : " + tenant.getDomain(), e2);
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                } catch (Throwable th) {
                    PrivilegedCarbonContext.endTenantFlow();
                    throw th;
                }
            } else {
                log.info("Tenant " + tenant.getDomain() + " is inactive. Skipping Subscriber migration!");
            }
        }
    }

    public void migrateSubscriberPassword(boolean z, boolean z2) throws UserStoreException, MigrationClientException {
        try {
            migrateSubscriberDataForTenant(-1234);
            log.info("Policy Subscribers migrated for tenant: carbon.super");
        } catch (Exception e) {
            if (!z2) {
                throw new MigrationClientException("Error while migrating Policy Subscribers for tenant: carbon.super", e);
            }
            log.error("Error while migrating Policy Subscribers for tenant: carbon.super", e);
        }
        for (Tenant tenant : Utility.getTenants()) {
            if (!z || tenant.isActive()) {
                try {
                    try {
                        startTenantFlow(tenant);
                        migrateSubscriberDataForTenant(tenant.getId());
                        log.info("Subscribers migrated for tenant : " + tenant.getDomain());
                        PrivilegedCarbonContext.endTenantFlow();
                    } catch (Exception e2) {
                        String str = "Error while migrating Subscribers for tenant : " + tenant.getDomain();
                        if (!z2) {
                            throw new MigrationClientException(str, e2);
                        }
                        log.error(str, e2);
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                } catch (Throwable th) {
                    PrivilegedCarbonContext.endTenantFlow();
                    throw th;
                }
            } else {
                log.info("Tenant " + tenant.getDomain() + " is inactive. Skipping Subscriber migration!");
            }
        }
    }

    @Deprecated
    public void migrateKeyStorePassword(boolean z) throws Exception {
        try {
            migrateKeyStorePasswordForTenant(-1234);
            log.info("Keystore passwords migrated for tenant : carbon.super");
            for (Tenant tenant : Utility.getTenants()) {
                if (!z || tenant.isActive()) {
                    try {
                        try {
                            startTenantFlow(tenant);
                            migrateKeyStorePasswordForTenant(tenant.getId());
                            log.info("Keystore passwords migrated for tenant : " + tenant.getDomain());
                            PrivilegedCarbonContext.endTenantFlow();
                        } catch (Exception e) {
                            log.error("Error while migrating keystore passwords for tenant : " + tenant.getDomain(), e);
                            throw e;
                        }
                    } catch (Throwable th) {
                        PrivilegedCarbonContext.endTenantFlow();
                        throw th;
                    }
                } else {
                    log.info("Tenant " + tenant.getDomain() + " is inactive. Skipping keystore passwords migration!");
                }
            }
        } catch (Exception e2) {
            log.error("Error while migrating Keystore passwords for tenant : carbon.super", e2);
            throw e2;
        }
    }

    public void migrateKeyStorePassword(boolean z, boolean z2) throws Exception {
        try {
            migrateKeyStorePasswordForTenant(-1234);
            log.info("Keystore passwords migrated for tenant: carbon.super");
        } catch (Exception e) {
            if (!z2) {
                throw e;
            }
            log.error("Error while migrating Keystore passwords for tenant: carbon.super", e);
        }
        for (Tenant tenant : Utility.getTenants()) {
            if (!z || tenant.isActive()) {
                try {
                    try {
                        startTenantFlow(tenant);
                        migrateKeyStorePasswordForTenant(tenant.getId());
                        log.info("Keystore passwords migrated for tenant : " + tenant.getDomain());
                        PrivilegedCarbonContext.endTenantFlow();
                    } catch (Exception e2) {
                        if (!z2) {
                            throw e2;
                        }
                        log.error("Error while migrating keystore passwords for tenant : " + tenant.getDomain(), e2);
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                } catch (Throwable th) {
                    PrivilegedCarbonContext.endTenantFlow();
                    throw th;
                }
            } else {
                log.info("Tenant " + tenant.getDomain() + " is inactive. Skipping keystore passwords migration!");
            }
        }
    }

    @Deprecated
    public void migrateSysLogPropertyPassword(boolean z) throws UserStoreException, RegistryException, CryptoException, MigrationClientException {
        try {
            migrateSysLogPropertyPasswordForTenant(-1234);
            log.info("Sys log property password migrated for tenant : carbon.super");
        } catch (Exception e) {
            log.error("Error while migrating Sys log property password for tenant : carbon.super", e);
        }
        for (Tenant tenant : Utility.getTenants()) {
            if (!z || tenant.isActive()) {
                try {
                    startTenantFlow(tenant);
                    migrateSysLogPropertyPasswordForTenant(tenant.getId());
                    PrivilegedCarbonContext.endTenantFlow();
                } catch (Throwable th) {
                    PrivilegedCarbonContext.endTenantFlow();
                    throw th;
                }
            } else {
                log.info("Tenant " + tenant.getDomain() + " is inactive. Skipping SYSLOG_PROPERTIES file migration. ");
            }
        }
    }

    public void migrateSysLogPropertyPassword(boolean z, boolean z2) throws UserStoreException, RegistryException, CryptoException, MigrationClientException {
        try {
            migrateSysLogPropertyPasswordForTenant(-1234);
            log.info("Sys log property password migrated for tenant : carbon.super");
        } catch (Exception e) {
            if (!z2) {
                throw e;
            }
            log.error("Error while migrating Sys log property password for tenant : carbon.super", e);
        }
        for (Tenant tenant : Utility.getTenants()) {
            if (!z || tenant.isActive()) {
                try {
                    try {
                        startTenantFlow(tenant);
                        migrateSysLogPropertyPasswordForTenant(tenant.getId());
                        PrivilegedCarbonContext.endTenantFlow();
                    } catch (RegistryException | CryptoException e2) {
                        if (!z2) {
                            throw e2;
                        }
                        log.error("Error while migrating Sys log property password for tenant: " + tenant.getDomain(), e2);
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                } catch (Throwable th) {
                    PrivilegedCarbonContext.endTenantFlow();
                    throw th;
                }
            } else {
                log.info("Tenant " + tenant.getDomain() + " is inactive. Skipping SYSLOG_PROPERTIES file migration. ");
            }
        }
    }

    @Deprecated
    public void migrateServicePrinciplePassword(boolean z) throws CryptoException, RegistryException, UserStoreException, MigrationClientException {
        try {
            updateSecurityPolicyPassword(-1234);
            log.info("Policy Subscribers migrated for tenant : carbon.super");
        } catch (XMLStreamException e) {
            log.error("Error while migrating Policy Subscribers for tenant : carbon.super", e);
        }
        for (Tenant tenant : Utility.getTenants()) {
            if (!z || tenant.isActive()) {
                try {
                    try {
                        startTenantFlow(tenant);
                        updateSecurityPolicyPassword(tenant.getId());
                        log.info("Service Principle Passwords migrated for tenant : " + tenant.getDomain());
                        PrivilegedCarbonContext.endTenantFlow();
                    } catch (XMLStreamException e2) {
                        log.error("Error while migrating Service Principle Passwords for tenant : " + tenant.getDomain(), e2);
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                } catch (Throwable th) {
                    PrivilegedCarbonContext.endTenantFlow();
                    throw th;
                }
            } else {
                log.info("Tenant " + tenant.getDomain() + " is inactive. Skipping Service Principle Password migration!");
            }
        }
    }

    public void migrateServicePrinciplePassword(boolean z, boolean z2) throws CryptoException, RegistryException, UserStoreException, MigrationClientException {
        try {
            updateSecurityPolicyPassword(-1234);
            log.info("Policy Subscribers migrated for tenant: carbon.super");
        } catch (XMLStreamException e) {
            if (!z2) {
                throw new MigrationClientException("Error while migrating Policy Subscribers for tenant: carbon.super", e);
            }
            log.error("Error while migrating Policy Subscribers for tenant: carbon.super", e);
        }
        for (Tenant tenant : Utility.getTenants()) {
            if (!z || tenant.isActive()) {
                try {
                    try {
                        startTenantFlow(tenant);
                        updateSecurityPolicyPassword(tenant.getId());
                        log.info("Service Principle Passwords migrated for tenant : " + tenant.getDomain());
                        PrivilegedCarbonContext.endTenantFlow();
                    } catch (XMLStreamException e2) {
                        String str = "Error while migrating Service Principle Passwords for tenant: " + tenant.getDomain();
                        log.error(str, e2);
                        if (!z2) {
                            throw new MigrationClientException(str, e2);
                        }
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                } catch (Throwable th) {
                    PrivilegedCarbonContext.endTenantFlow();
                    throw th;
                }
            } else {
                log.info("Tenant " + tenant.getDomain() + " is inactive. Skipping Service Principle Password migration!");
            }
        }
    }

    private void migrateKeyStorePasswordForTenant(int i) throws RegistryException, CryptoException {
        IdentityTenantUtil.getTenantRegistryLoader().loadTenantRegistry(i);
        UserRegistry governanceSystemRegistry = IdentityTenantUtil.getRegistryService().getGovernanceSystemRegistry(i);
        if (governanceSystemRegistry.resourceExists(KEYSTORE_RESOURCE_PATH)) {
            for (String str : governanceSystemRegistry.get(KEYSTORE_RESOURCE_PATH).getChildren()) {
                updateRegistryProperties(governanceSystemRegistry, str, new ArrayList(Arrays.asList(PASSWORD, PRIVATE_KEY_PASS)));
            }
            log.info("keystore migration successful for tenant : " + IdentityTenantUtil.getTenantDomain(i));
        }
    }

    private void migrateSubscriberDataForTenant(int i) throws RegistryException, CryptoException {
        UserRegistry governanceSystemRegistry = IdentityTenantUtil.getRegistryService().getGovernanceSystemRegistry(i);
        if (governanceSystemRegistry.resourceExists("/repository/identity/entitlement/publisher/")) {
            for (String str : governanceSystemRegistry.get("/repository/identity/entitlement/publisher/").getChildren()) {
                updateRegistryProperties(governanceSystemRegistry, str, new ArrayList(Arrays.asList(SUBSCRIBER_PASSWORD)));
            }
        }
    }

    private void migrateSysLogPropertyPasswordForTenant(int i) throws RegistryException, CryptoException {
        updateRegistryProperties(IdentityTenantUtil.getRegistryService().getConfigSystemRegistry(i), SYSLOG, new ArrayList(Arrays.asList(PASSWORD)));
    }

    private void updateSecurityPolicyPassword(int i) throws RegistryException, CryptoException, XMLStreamException {
        InputStream inputStream = null;
        XMLStreamReader xMLStreamReader = null;
        try {
            UserRegistry configSystemRegistry = IdentityTenantUtil.getRegistryService().getConfigSystemRegistry(i);
            String str = null;
            for (String str2 : getSTSPolicyPaths(configSystemRegistry)) {
                if (configSystemRegistry.resourceExists(str2)) {
                    Resource resource = configSystemRegistry.get(str2);
                    inputStream = resource.getContentStream();
                    xMLStreamReader = XMLInputFactory.newInstance().createXMLStreamReader(inputStream);
                    OMElement documentElement = new StAXOMBuilder(xMLStreamReader).getDocumentElement();
                    Iterator childrenWithName = documentElement.getChildrenWithName(new QName(CARBON_SEC_CONFIG));
                    while (childrenWithName != null && childrenWithName.hasNext()) {
                        Iterator childrenWithName2 = ((OMElement) childrenWithName.next()).getChildrenWithName(new QName(KERBEROS));
                        Iterator it = null;
                        if (childrenWithName2 != null && childrenWithName2.hasNext()) {
                            it = ((OMElement) childrenWithName2.next()).getChildElements();
                        }
                        if (it != null) {
                            while (it.hasNext()) {
                                OMElement oMElement = (OMElement) it.next();
                                if (SERVICE_PRINCIPAL_PASSWORD.equals(oMElement.getAttributeValue(new QName(NAME)))) {
                                    str = EncryptionUtil.getNewEncryptedValue(oMElement.getText());
                                    if (StringUtils.isNotEmpty(str)) {
                                        oMElement.setText(str);
                                    }
                                }
                            }
                        }
                    }
                    if (StringUtils.isNotEmpty(str)) {
                        resource.setContent(RegistryUtils.encodeString(documentElement.toString()));
                        configSystemRegistry.beginTransaction();
                        configSystemRegistry.put(str2, resource);
                        configSystemRegistry.commitTransaction();
                    }
                }
            }
        } finally {
            if (xMLStreamReader != null) {
                try {
                    xMLStreamReader.close();
                } catch (XMLStreamException e) {
                    log.error("Error while closing XML stream", e);
                }
            }
            if (inputStream != null) {
                IdentityIOStreamUtils.closeInputStream(inputStream);
            }
        }
    }

    private void updateRegistryProperties(Registry registry, String str, List<String> list) throws RegistryException, CryptoException {
        if (registry == null || StringUtils.isEmpty(str) || CollectionUtils.isEmpty(list) || !registry.resourceExists(str)) {
            return;
        }
        try {
            registry.beginTransaction();
            Resource resource = registry.get(str);
            for (String str2 : list) {
                String newEncryptedValue = EncryptionUtil.getNewEncryptedValue(resource.getProperty(str2));
                if (StringUtils.isNotEmpty(newEncryptedValue)) {
                    resource.setProperty(str2, newEncryptedValue);
                }
            }
            registry.put(str, resource);
            registry.commitTransaction();
        } catch (RegistryException e) {
            registry.rollbackTransaction();
            log.error("Unable to update the registry resource", e);
            throw e;
        }
    }

    private List<String> getSTSPolicyPaths(Registry registry) throws RegistryException {
        Collection collection;
        Collection collection2;
        ArrayList arrayList = new ArrayList();
        if (registry.resourceExists(SERVICE_GROUPS_PATH) && (collection = registry.get(SERVICE_GROUPS_PATH)) != null) {
            for (String str : collection.getChildren()) {
                if (StringUtils.isNotEmpty(str) && str.contains(STS_SERVICE_GROUP) && (collection2 = registry.get(str + SECURITY_POLICY_RESOURCE_PATH)) != null) {
                    arrayList.addAll(Arrays.asList(collection2.getChildren()));
                }
            }
        }
        return arrayList;
    }
}
