package org.wso2.carbon.cloud.gateway.internal;

import java.net.SocketException;
import java.util.HashMap;
import org.apache.axis2.AxisFault;
import org.apache.axis2.transport.base.threads.WorkerPoolFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.wso2.carbon.base.api.ServerConfigurationService;
import org.wso2.carbon.cloud.gateway.common.CGConstant;
import org.wso2.carbon.cloud.gateway.common.CGUtils;
import org.wso2.carbon.cloud.gateway.transport.server.CGThriftServer;
import org.wso2.carbon.cloud.gateway.transport.server.CGThriftServerHandler;
import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.AuthorizationManager;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;

@Component(name = "CGServiceComponent", immediate = true)
/* loaded from: input_file:org/wso2/carbon/cloud/gateway/internal/CGServiceComponent.class */
public class CGServiceComponent {
    private static Log log = LogFactory.getLog(CGServiceComponent.class);
    private ServerConfigurationService serverConfiguration;
    private RealmService realmService;

    @Activate
    protected void activate(ComponentContext componentContext) {
        if (this.serverConfiguration == null || this.realmService == null) {
            log.error("Could not activated the CGServiceComponent. " + (this.serverConfiguration == null ? "ServerConfigurationService" : "RealmService") + "is null!");
            return;
        }
        try {
            addCGUser(CGUtils.getStringProperty(CGConstant.CG_ROLE_NAME, CGConstant.DEFAULT_CG_ROLE_NAME), CGUtils.getPermissionsList(), CGUtils.getStringProperty(CGConstant.CG_USER_NAME, CGConstant.DEFAULT_CG_USER), CGUtils.getStringProperty(CGConstant.CG_USER_PASSWORD, CGConstant.DEFAULT_CG_USER_PASSWORD));
            try {
                String cGThriftServerHostName = CGUtils.getCGThriftServerHostName();
                int cGThriftServerPort = CGUtils.getCGThriftServerPort();
                int intProperty = CGUtils.getIntProperty(CGConstant.CG_THRIFT_CLIENT_TIMEOUT, CGConstant.DEFAULT_TIMEOUT);
                String keyStoreFilePath = CGUtils.getKeyStoreFilePath();
                if (keyStoreFilePath == null) {
                    log.error("KeyStore is missing and required for mutual SSL");
                    return;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Loading key store from the location '" + keyStoreFilePath + "'");
                }
                String keyStorePassWord = CGUtils.getKeyStorePassWord();
                if (keyStorePassWord == null) {
                    log.error("KeyStore password is missing");
                    return;
                }
                String trustStoreFilePath = CGUtils.getTrustStoreFilePath();
                if (trustStoreFilePath == null) {
                    log.error("TrustStore is missing and required for mutual SSL");
                    return;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Loading trust store from the location '" + trustStoreFilePath + "'");
                }
                String trustStorePassWord = CGUtils.getTrustStorePassWord();
                if (trustStorePassWord == null) {
                    log.error("TrustStore password is missing");
                    return;
                }
                try {
                    new CGThriftServer(new CGThriftServerHandler(WorkerPoolFactory.getWorkerPool(CGUtils.getIntProperty(CGConstant.CG_T_CORE, 20), CGUtils.getIntProperty(CGConstant.CG_T_MAX, 500), CGUtils.getIntProperty(CGConstant.CG_T_ALIVE, 5), CGUtils.getIntProperty(CGConstant.CG_T_QLEN, -1), "CGThriftServerHandler-worker-thread-group", "CGThriftServerHandler-worker"))).start(cGThriftServerHostName, cGThriftServerPort, intProperty, keyStoreFilePath, keyStorePassWord, trustStoreFilePath, trustStorePassWord, "Cloud-Gateway-ThriftServer-main-thread");
                    if (log.isDebugEnabled()) {
                        log.debug("Activated the CGServiceComponent");
                    }
                } catch (AxisFault e) {
                    log.error("Unable to start thrift server", e);
                }
            } catch (SocketException e2) {
                log.error("Could not activated the CGServiceComponent.", e2);
            }
        } catch (UserStoreException e3) {
            log.error("Cloud not activated the CGServiceComponent.", e3);
        }
    }

    @Reference(name = "user.realmservice.default", service = RealmService.class, cardinality = ReferenceCardinality.MANDATORY, policy = ReferencePolicy.DYNAMIC, unbind = "unsetRealmService")
    protected void setRealmService(RealmService realmService) {
        this.realmService = realmService;
    }

    protected void unsetRealmService(RealmService realmService) {
        if (this.realmService != null) {
            this.realmService = null;
        }
    }

    @Reference(name = "server.configuration", service = ServerConfigurationService.class, cardinality = ReferenceCardinality.MANDATORY, policy = ReferencePolicy.DYNAMIC, unbind = "unsetServerConfiguration")
    protected void setServerConfiguration(ServerConfigurationService serverConfigurationService) {
        this.serverConfiguration = serverConfigurationService;
    }

    protected void unsetServerConfiguration(ServerConfigurationService serverConfigurationService) {
        this.serverConfiguration = null;
    }

    private void addCGUser(String str, String[] strArr, String str2, String str3) throws UserStoreException {
        String[] optimizePermissions = UserCoreUtil.optimizePermissions(strArr);
        UserRealm bootstrapRealm = this.realmService.getBootstrapRealm();
        if (bootstrapRealm.getRealmConfiguration().getAdminRoleName().equals(str)) {
            throw new UserStoreException("UI permission of admin is not allowed to change!");
        }
        AuthorizationManager authorizationManager = bootstrapRealm.getAuthorizationManager();
        authorizationManager.clearRoleActionOnAllResources(str, "ui.execute");
        for (String str4 : optimizePermissions) {
            authorizationManager.authorizeRole(str, str4, "ui.execute");
        }
        authorizationManager.authorizeRole(str, "/", "add");
        authorizationManager.authorizeRole(str, "/", "get");
        authorizationManager.authorizeRole(str, "/", "delete");
        UserStoreManager userStoreManager = bootstrapRealm.getUserStoreManager();
        if (!userStoreManager.isExistingUser(str2)) {
            userStoreManager.addUser(str2, str3, new String[0], new HashMap(), (String) null, false);
        }
        if (userStoreManager.isExistingRole(str)) {
            return;
        }
        userStoreManager.addRole(str, new String[]{str2}, (Permission[]) null);
    }
}
