package org.wso2.carbon.security.caas.internal;

import java.security.Policy;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Dictionary;
import java.util.Hashtable;
import java.util.Map;
import javax.security.auth.spi.LoginModule;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.permissionadmin.PermissionAdmin;
import org.osgi.service.permissionadmin.PermissionInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.security.caas.boot.ProxyLoginModule;
import org.wso2.carbon.security.caas.internal.config.DefaultPermissionInfo;
import org.wso2.carbon.security.caas.internal.config.DefaultPermissionInfoCollection;
import org.wso2.carbon.security.caas.internal.config.SecurityConfigBuilder;
import org.wso2.carbon.security.caas.internal.config.StoreConfigBuilder;
import org.wso2.carbon.security.caas.internal.osgi.JWTCallbackHandlerFactory;
import org.wso2.carbon.security.caas.internal.osgi.JWTLoginModuleFactory;
import org.wso2.carbon.security.caas.internal.osgi.UserNamePasswordLoginModuleFactory;
import org.wso2.carbon.security.caas.internal.osgi.UsernamePasswordCallbackHandlerFactory;
import org.wso2.carbon.security.caas.jaas.CarbonJAASConfiguration;
import org.wso2.carbon.security.caas.jaas.CarbonPolicy;
import org.wso2.carbon.security.caas.jaas.HTTPCallbackHandler;
import org.wso2.carbon.security.caas.jaas.modules.JWTLoginModule;
import org.wso2.carbon.security.caas.jaas.modules.UsernamePasswordLoginModule;
import org.wso2.carbon.security.caas.jaas.util.CarbonSecurityConstants;
import org.wso2.carbon.security.caas.user.core.common.CarbonRealmServiceImpl;
import org.wso2.carbon.security.caas.user.core.service.RealmService;
import org.wso2.carbon.security.caas.user.core.store.connector.AuthorizationStoreConnectorFactory;
import org.wso2.carbon.security.caas.user.core.store.connector.CredentialStoreConnectorFactory;
import org.wso2.carbon.security.caas.user.core.store.connector.IdentityStoreConnectorFactory;

@Component(name = "org.wso2.carbon.security.caas.internal.CarbonSecurityComponent", immediate = true)
/* loaded from: input_file:org/wso2/carbon/security/caas/internal/CarbonSecurityComponent.class */
public class CarbonSecurityComponent {
    private static final Logger log = LoggerFactory.getLogger(CarbonSecurityComponent.class);
    private ServiceRegistration realmServiceRegistration;

    @Activate
    public void registerCarbonSecurityProvider(BundleContext bundleContext) {
        initAuthenticationConfigs(bundleContext);
        if (System.getProperty("java.security.manager") != null) {
            initAuthorizationConfigs(bundleContext);
        }
        try {
            CarbonRealmServiceImpl carbonRealmServiceImpl = new CarbonRealmServiceImpl(StoreConfigBuilder.buildStoreConfigs());
            CarbonSecurityDataHolder.getInstance().registerCarbonRealmService(carbonRealmServiceImpl);
            this.realmServiceRegistration = bundleContext.registerService(RealmService.class.getName(), carbonRealmServiceImpl, (Dictionary) null);
        } catch (Throwable th) {
            log.error(th.getMessage(), th);
        }
        log.info("Carbon-Security bundle activated successfully.");
    }

    @Deactivate
    public void unregisterCarbonSecurityProvider(BundleContext bundleContext) {
        try {
            bundleContext.ungetService(this.realmServiceRegistration.getReference());
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
        log.info("Carbon-Security bundle deactivated successfully.");
    }

    @Reference(name = "AuthorizationStoreConnectorFactory", service = AuthorizationStoreConnectorFactory.class, cardinality = ReferenceCardinality.AT_LEAST_ONE, policy = ReferencePolicy.DYNAMIC, unbind = "unregisterAuthorizationStoreConnectorFactory")
    protected void registerAuthorizationStoreConnectorFactory(AuthorizationStoreConnectorFactory authorizationStoreConnectorFactory, Map<String, String> map) {
        CarbonSecurityDataHolder.getInstance().registerAuthorizationStoreConnectorFactory(map.get("connector-type"), authorizationStoreConnectorFactory);
    }

    protected void unregisterAuthorizationStoreConnectorFactory(AuthorizationStoreConnectorFactory authorizationStoreConnectorFactory) {
    }

    @Reference(name = "IdentityStoreConnectorFactory", service = IdentityStoreConnectorFactory.class, cardinality = ReferenceCardinality.AT_LEAST_ONE, policy = ReferencePolicy.DYNAMIC, unbind = "unregisterIdentityStoreConnectorFactory")
    protected void registerIdentityStoreConnectorFactory(IdentityStoreConnectorFactory identityStoreConnectorFactory, Map<String, String> map) {
        CarbonSecurityDataHolder.getInstance().registerIdentityStoreConnectorFactory(map.get("connector-type"), identityStoreConnectorFactory);
    }

    protected void unregisterIdentityStoreConnectorFactory(IdentityStoreConnectorFactory identityStoreConnectorFactory) {
    }

    @Reference(name = "CredentialStoreConnectorFactory", service = CredentialStoreConnectorFactory.class, cardinality = ReferenceCardinality.AT_LEAST_ONE, policy = ReferencePolicy.DYNAMIC, unbind = "unregisterCredentialStoreConnectorFactory")
    protected void registerCredentialStoreConnectorFactory(CredentialStoreConnectorFactory credentialStoreConnectorFactory, Map<String, String> map) {
        CarbonSecurityDataHolder.getInstance().registerCredentialStoreConnectorFactory(map.get("connector-type"), credentialStoreConnectorFactory);
    }

    protected void unregisterCredentialStoreConnectorFactory(CredentialStoreConnectorFactory credentialStoreConnectorFactory) {
    }

    private void initAuthenticationConfigs(BundleContext bundleContext) {
        ProxyLoginModule.init(bundleContext);
        CarbonSecurityDataHolder.getInstance().setBundleContext(bundleContext);
        new CarbonJAASConfiguration().init();
        Hashtable hashtable = new Hashtable();
        hashtable.put(ProxyLoginModule.LOGIN_MODULE_SEARCH_KEY, UsernamePasswordLoginModule.class.getName());
        bundleContext.registerService(LoginModule.class, new UserNamePasswordLoginModuleFactory(), hashtable);
        Hashtable hashtable2 = new Hashtable();
        hashtable2.put(ProxyLoginModule.LOGIN_MODULE_SEARCH_KEY, JWTLoginModule.class.getName());
        bundleContext.registerService(LoginModule.class, new JWTLoginModuleFactory(), hashtable2);
        Hashtable hashtable3 = new Hashtable();
        hashtable3.put(HTTPCallbackHandler.SUPPORTED_LOGIN_MODULE, CarbonSecurityConstants.USERNAME_PASSWORD_LOGIN_MODULE);
        bundleContext.registerService(HTTPCallbackHandler.class, new UsernamePasswordCallbackHandlerFactory(), hashtable3);
        Hashtable hashtable4 = new Hashtable();
        hashtable4.put(HTTPCallbackHandler.SUPPORTED_LOGIN_MODULE, CarbonSecurityConstants.JWT_LOGIN_MODULE);
        bundleContext.registerService(HTTPCallbackHandler.class, new JWTCallbackHandlerFactory(), hashtable4);
    }

    private void initAuthorizationConfigs(BundleContext bundleContext) {
        setDefaultPermissions(bundleContext);
        Policy.setPolicy(new CarbonPolicy());
    }

    private void setDefaultPermissions(BundleContext bundleContext) {
        PermissionAdmin permissionAdmin = getPermissionAdmin(bundleContext);
        if (permissionAdmin == null) {
            return;
        }
        DefaultPermissionInfoCollection buildDefaultPermissionInfoCollection = SecurityConfigBuilder.buildDefaultPermissionInfoCollection();
        if (Collections.EMPTY_SET.equals(buildDefaultPermissionInfoCollection.getPermissions())) {
            throw new RuntimeException("Default permission info collection can't be empty.");
        }
        ArrayList arrayList = new ArrayList();
        for (DefaultPermissionInfo defaultPermissionInfo : buildDefaultPermissionInfoCollection.getPermissions()) {
            if (defaultPermissionInfo.getType() == null || defaultPermissionInfo.getType().trim().isEmpty()) {
                throw new IllegalArgumentException("type can't be null or empty.");
            }
            if (defaultPermissionInfo.getName() == null || defaultPermissionInfo.getName().trim().isEmpty()) {
                throw new IllegalArgumentException("name can't be null or empty.");
            }
            arrayList.add(new PermissionInfo(defaultPermissionInfo.getType(), defaultPermissionInfo.getName(), (defaultPermissionInfo.getActions() == null || defaultPermissionInfo.getActions().trim().isEmpty()) ? null : defaultPermissionInfo.getActions().trim()));
        }
        permissionAdmin.setDefaultPermissions((PermissionInfo[]) arrayList.toArray(new PermissionInfo[arrayList.size()]));
    }

    private PermissionAdmin getPermissionAdmin(BundleContext bundleContext) {
        return (PermissionAdmin) bundleContext.getService(bundleContext.getServiceReference(PermissionAdmin.class.getName()));
    }
}
