package org.wso2.carbon.security.config;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.cache.Cache;
import javax.cache.Caching;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLInputFactory;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.OMNode;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axis2.AxisFault;
import org.apache.axis2.description.AxisBinding;
import org.apache.axis2.description.AxisEndpoint;
import org.apache.axis2.description.AxisModule;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.AxisConfiguration;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.neethi.PolicyReference;
import org.apache.rampart.policy.RampartPolicyBuilder;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.model.CryptoConfig;
import org.apache.rampart.policy.model.KerberosConfig;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.core.persistence.PersistenceException;
import org.wso2.carbon.core.persistence.PersistenceFactory;
import org.wso2.carbon.core.persistence.PersistenceUtils;
import org.wso2.carbon.core.persistence.file.ModuleFilePersistenceManager;
import org.wso2.carbon.core.persistence.file.ServiceGroupFilePersistenceManager;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.core.util.CryptoUtil;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.core.util.KeyStoreUtil;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.jdbc.utils.Transaction;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.security.SecurityConfigException;
import org.wso2.carbon.security.SecurityConstants;
import org.wso2.carbon.security.SecurityScenario;
import org.wso2.carbon.security.SecurityScenarioDatabase;
import org.wso2.carbon.security.SecurityServiceHolder;
import org.wso2.carbon.security.config.service.KerberosConfigData;
import org.wso2.carbon.security.config.service.SecurityConfigData;
import org.wso2.carbon.security.config.service.SecurityScenarioData;
import org.wso2.carbon.security.pox.POXSecurityHandler;
import org.wso2.carbon.security.util.RahasUtil;
import org.wso2.carbon.security.util.SecurityTokenStore;
import org.wso2.carbon.security.util.ServerCrypto;
import org.wso2.carbon.security.util.ServicePasswordCallbackHandler;
import org.wso2.carbon.user.core.AuthorizationManager;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.carbon.utils.ServerException;
import org.wso2.carbon.utils.deployment.GhostDeployerUtils;

/* loaded from: input_file:org/wso2/carbon/security/config/SecurityConfigAdmin.class */
public class SecurityConfigAdmin {
    public static final String USER = "rampart.config.user";
    public static final String IDENTITY_CONFIG_DIR = "identity";
    private static Log log = LogFactory.getLog(SecurityConfigAdmin.class);
    private AxisConfiguration axisConfig;
    private CallbackHandler callback;
    private Registry registry;
    private UserRegistry govRegistry;
    private UserRealm realm;
    private PersistenceFactory persistenceFactory;
    private ServiceGroupFilePersistenceManager serviceGroupFilePM;
    private ModuleFilePersistenceManager moduleFilePM;

    public SecurityConfigAdmin(AxisConfiguration axisConfiguration) throws SecurityConfigException {
        this.axisConfig = null;
        this.callback = null;
        this.registry = null;
        this.govRegistry = null;
        this.realm = null;
        this.axisConfig = axisConfiguration;
        try {
            this.persistenceFactory = PersistenceFactory.getInstance(axisConfiguration);
            this.serviceGroupFilePM = this.persistenceFactory.getServiceGroupFilePM();
            this.moduleFilePM = this.persistenceFactory.getModuleFilePM();
            try {
                this.registry = SecurityServiceHolder.getRegistryService().getConfigSystemRegistry();
                this.govRegistry = SecurityServiceHolder.getRegistryService().getGovernanceSystemRegistry();
            } catch (Exception e) {
                log.error("Error when retrieving a registry instance");
                throw new SecurityConfigException("Error when retrieving a registry instance", e);
            }
        } catch (Exception e2) {
            log.error("Error creating an PersistenceFactory instance", e2);
            throw new SecurityConfigException("Error creating an PersistenceFactory instance", e2);
        }
    }

    public SecurityConfigAdmin(AxisConfiguration axisConfiguration, Registry registry, CallbackHandler callbackHandler) {
        this.axisConfig = null;
        this.callback = null;
        this.registry = null;
        this.govRegistry = null;
        this.realm = null;
        this.axisConfig = axisConfiguration;
        this.registry = registry;
        this.callback = callbackHandler;
        try {
            this.persistenceFactory = PersistenceFactory.getInstance(axisConfiguration);
            this.serviceGroupFilePM = this.persistenceFactory.getServiceGroupFilePM();
            this.moduleFilePM = this.persistenceFactory.getModuleFilePM();
        } catch (Exception e) {
            log.error("Error creating an PersistenceFactory instance", e);
        }
        try {
            this.govRegistry = SecurityServiceHolder.getRegistryService().getGovernanceSystemRegistry(((UserRegistry) registry).getTenantId());
        } catch (Exception e2) {
            log.error("Error when obtaining the governance registry instance.", e2);
        }
    }

    public SecurityConfigAdmin(UserRealm userRealm, Registry registry, AxisConfiguration axisConfiguration) throws SecurityConfigException {
        this.axisConfig = null;
        this.callback = null;
        this.registry = null;
        this.govRegistry = null;
        this.realm = null;
        this.axisConfig = axisConfiguration;
        this.registry = registry;
        this.realm = userRealm;
        try {
            this.persistenceFactory = PersistenceFactory.getInstance(axisConfiguration);
            this.serviceGroupFilePM = this.persistenceFactory.getServiceGroupFilePM();
            this.moduleFilePM = this.persistenceFactory.getModuleFilePM();
            try {
                this.govRegistry = SecurityServiceHolder.getRegistryService().getGovernanceSystemRegistry(((UserRegistry) registry).getTenantId());
            } catch (Exception e) {
                log.error("Error when obtaining the governance registry instance.");
                throw new SecurityConfigException("Error when obtaining the governance registry instance.", e);
            }
        } catch (Exception e2) {
            log.error("Error creating an PersistenceFactory instance", e2);
            throw new SecurityConfigException("Error creating an PersistenceFactory instance", e2);
        }
    }

    public SecurityScenarioData getSecurityScenario(String str) throws SecurityConfigException {
        SecurityScenarioData securityScenarioData = null;
        SecurityScenario securityScenario = SecurityScenarioDatabase.get(str);
        if (securityScenario != null) {
            securityScenarioData = new SecurityScenarioData();
            securityScenarioData.setCategory(securityScenario.getCategory());
            securityScenarioData.setDescription(securityScenario.getDescription());
            securityScenarioData.setScenarioId(securityScenario.getScenarioId());
            securityScenarioData.setSummary(securityScenario.getSummary());
        }
        return securityScenarioData;
    }

    public SecurityScenarioData getCurrentScenario(String str) throws SecurityConfigException {
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        SecurityScenarioData securityScenarioData = null;
        try {
            if (serviceForActivation == null) {
                try {
                    serviceForActivation = (AxisService) GhostDeployerUtils.getTransitGhostServicesMap(this.axisConfig).get(str);
                } catch (AxisFault e) {
                    log.error("Error while reading Transit Ghosts map", e);
                }
                if (serviceForActivation == null) {
                    throw new SecurityConfigException("AxisService is Null");
                }
            }
            String serviceGroupName = serviceForActivation.getAxisServiceGroup().getServiceGroupName();
            boolean isTransactionStarted = this.serviceGroupFilePM.isTransactionStarted(serviceGroupName);
            if (!isTransactionStarted) {
                this.serviceGroupFilePM.beginTransaction(serviceGroupName);
            }
            if (!this.serviceGroupFilePM.elementExists(serviceGroupName, PersistenceUtils.getResourcePath(serviceForActivation) + "/policies/policy") && serviceForActivation.getPolicySubject() != null && serviceForActivation.getPolicySubject().getAttachedPolicyComponents() != null && !serviceForActivation.getPolicySubject().getAttachedPolicyComponents().iterator().hasNext()) {
                if (!isTransactionStarted) {
                    this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
                }
                return null;
            }
            Parameter parameter = serviceForActivation.getParameter(SecurityConstants.SECURITY_POLICY_PATH);
            if (parameter != null) {
                securityScenarioData = new SecurityScenarioData();
                securityScenarioData.setPolicyRegistryPath((String) parameter.getValue());
                securityScenarioData.setScenarioId(SecurityConstants.POLICY_FROM_REG_SCENARIO);
            } else {
                SecurityScenario readCurrentScenario = readCurrentScenario(str);
                if (readCurrentScenario != null) {
                    securityScenarioData = new SecurityScenarioData();
                    securityScenarioData.setCategory(readCurrentScenario.getCategory());
                    securityScenarioData.setDescription(readCurrentScenario.getDescription());
                    securityScenarioData.setScenarioId(readCurrentScenario.getScenarioId());
                    securityScenarioData.setSummary(readCurrentScenario.getSummary());
                }
            }
            if (!isTransactionStarted) {
                this.serviceGroupFilePM.commitTransaction(serviceGroupName);
            }
            return securityScenarioData;
        } catch (Exception e2) {
            log.error("Error while reading persisted data", e2);
            this.serviceGroupFilePM.rollbackTransaction((String) null);
            throw new SecurityConfigException("readingSecurity", e2);
        }
    }

    public String[] getRequiredModules(String str, String str2) throws Exception {
        SecurityScenarioData currentScenario = getCurrentScenario(str);
        if (currentScenario == null) {
            return new String[0];
        }
        SecurityScenario securityScenario = SecurityScenarioDatabase.get(currentScenario.getScenarioId());
        return (String[]) securityScenario.getModules().toArray(new String[securityScenario.getModules().size()]);
    }

    public void disableSecurityOnService(String str) throws SecurityConfigException {
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        if (serviceForActivation == null) {
            throw new SecurityConfigException("AxisService is Null");
        }
        String serviceGroupName = serviceForActivation.getAxisServiceGroup().getServiceGroupName();
        boolean isProxyService = PersistenceUtils.isProxyService(serviceForActivation);
        try {
            try {
                String resourcePath = PersistenceUtils.getResourcePath(serviceForActivation);
                boolean isTransactionStarted = this.serviceGroupFilePM.isTransactionStarted(serviceGroupName);
                if (!isTransactionStarted) {
                    this.serviceGroupFilePM.beginTransaction(serviceGroupName);
                }
                String str2 = resourcePath + "/policiespolicy";
                if (log.isDebugEnabled()) {
                    log.debug("Removing " + str2);
                }
                if (!this.serviceGroupFilePM.elementExists(serviceGroupName, str2)) {
                    if (isTransactionStarted) {
                        return;
                    }
                    this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
                    return;
                }
                SecurityScenario readCurrentScenario = readCurrentScenario(str);
                if (readCurrentScenario == null) {
                    if (isTransactionStarted) {
                        return;
                    }
                    this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
                    return;
                }
                String str3 = str2 + PersistenceUtils.getXPathTextPredicate("policyUUID", readCurrentScenario.getWsuId());
                if (this.serviceGroupFilePM.elementExists(serviceGroupName, str3)) {
                    this.serviceGroupFilePM.delete(serviceGroupName, str3);
                }
                if (isProxyService) {
                    String str4 = PersistenceUtils.getRegistryResourcePath(serviceForActivation) + "/policies/" + readCurrentScenario.getWsuId();
                    if (this.registry.resourceExists(str4)) {
                        this.registry.delete(str4);
                    }
                }
                for (String str5 : (String[]) readCurrentScenario.getModules().toArray(new String[readCurrentScenario.getModules().size()])) {
                    AxisModule module = serviceForActivation.getAxisConfiguration().getModule(str5);
                    serviceForActivation.disengageModule(module);
                    String str6 = "undefined";
                    if (module.getVersion() != null) {
                        str6 = module.getVersion().toString();
                    }
                    this.serviceGroupFilePM.delete(serviceGroupName, resourcePath + "/module" + PersistenceUtils.getXPathAttrPredicate("name", module.getName()) + PersistenceUtils.getXPathAttrPredicate("version", str6) + PersistenceUtils.getXPathAttrPredicate(SecurityConstants.PROP_TYPE, "engagedModules"));
                }
                if (!isTransactionStarted) {
                    this.serviceGroupFilePM.commitTransaction(serviceGroupName);
                }
                this.registry.commitTransaction();
                new SecurityServiceAdmin(this.axisConfig, this.registry).removeSecurityPolicyFromAllBindings(serviceForActivation, readCurrentScenario.getWsuId());
                String scenarioId = readCurrentScenario.getScenarioId();
                String str7 = "/repository/components/org.wso2.carbon.security.mgt/policy/" + scenarioId;
                try {
                    boolean isTransactionStarted2 = this.serviceGroupFilePM.isTransactionStarted(serviceGroupName);
                    if (!isTransactionStarted2) {
                        this.serviceGroupFilePM.beginTransaction(serviceGroupName);
                    }
                    this.serviceGroupFilePM.delete(serviceGroupName, resourcePath + "/association" + PersistenceUtils.getXPathAttrPredicate("destinationPath", str7));
                    AuthorizationManager authorizationManager = this.realm.getAuthorizationManager();
                    String str8 = serviceGroupName + "/" + str;
                    String[] allowedRolesForResource = authorizationManager.getAllowedRolesForResource(str8, "invoke-service");
                    for (String str9 : allowedRolesForResource) {
                        authorizationManager.clearRoleAuthorization(str9, str8, "invoke-service");
                    }
                    List associations = this.serviceGroupFilePM.getAssociations(serviceGroupName, resourcePath, SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE);
                    Iterator it = associations.iterator();
                    while (it.hasNext()) {
                        ((OMNode) it.next()).detach();
                    }
                    List associations2 = this.serviceGroupFilePM.getAssociations(serviceGroupName, resourcePath, SecurityConstants.ASSOCIATION_TRUSTED_KEYSTORE);
                    Iterator it2 = associations2.iterator();
                    while (it2.hasNext()) {
                        ((OMNode) it2.next()).detach();
                    }
                    if (allowedRolesForResource == null || allowedRolesForResource.length == 0 || associations == null || CollectionUtils.isEmpty(associations) || associations2 == null || CollectionUtils.isEmpty(associations2)) {
                        this.serviceGroupFilePM.setMetaFileModification(serviceGroupName);
                    }
                    String str10 = resourcePath + "/parameter" + PersistenceUtils.getXPathAttrPredicate("name", SecurityConstants.SECURITY_POLICY_PATH);
                    if (this.serviceGroupFilePM.elementExists(serviceGroupName, str10)) {
                        this.serviceGroupFilePM.delete(serviceGroupName, str10);
                        this.serviceGroupFilePM.setMetaFileModification(serviceGroupName);
                    }
                    if (!isTransactionStarted2) {
                        this.serviceGroupFilePM.commitTransaction(serviceGroupName);
                    }
                    Parameter parameter = new Parameter();
                    parameter.setName("passwordCallbackRef");
                    serviceForActivation.removeParameter(parameter);
                    Parameter parameter2 = new Parameter();
                    parameter2.setName("disableREST");
                    serviceForActivation.removeParameter(parameter2);
                    Parameter parameter3 = serviceForActivation.getParameter(SecurityConstants.SECURITY_POLICY_PATH);
                    String str11 = null;
                    if (parameter3 != null) {
                        str11 = (String) parameter3.getValue();
                        serviceForActivation.removeParameter(parameter3);
                    }
                    Parameter parameter4 = serviceForActivation.getParameter(SecurityConstants.SCENARIO_ID_PARAM_NAME);
                    if (parameter4 != null) {
                        serviceForActivation.removeParameter(parameter4);
                    }
                    if (isHttpsTransportOnly(loadPolicy(scenarioId, str11))) {
                        try {
                            boolean isTransactionStarted3 = this.serviceGroupFilePM.isTransactionStarted(serviceGroupName);
                            if (!isTransactionStarted3) {
                                this.serviceGroupFilePM.beginTransaction(serviceGroupName);
                            }
                            this.persistenceFactory.getServicePM().deleteServiceProperty(serviceForActivation, "utEnabled");
                            this.persistenceFactory.getServicePM().setServiceProperty(serviceForActivation, "exposedAllTransports", Boolean.FALSE.toString());
                            if (!isTransactionStarted3) {
                                this.serviceGroupFilePM.commitTransaction(serviceGroupName);
                            }
                        } catch (Exception e) {
                            String str12 = "Service with name " + str + " not found.";
                            log.error(str12);
                            this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
                            throw new AxisFault(str12, e);
                        }
                    }
                    if (serviceForActivation.getFileName() != null) {
                        updateSecScenarioInGhostFile(serviceForActivation.getFileName().getPath(), str, null);
                    }
                } catch (Exception e2) {
                    log.error("Unable to remove persisted data.");
                    this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
                    throw new AxisFault("Unable to remove persisted data.", e2);
                }
            } catch (Exception e3) {
                log.error("Error in disabling security on service ", e3);
                this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
                throw new SecurityConfigException("removingPolicy", e3);
            }
        } catch (AxisFault | SecurityConfigException e4) {
            log.error("Error in disabling security on service ", e4);
            this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
            throw new SecurityConfigException("Error in disabling security on service ", e4);
        }
    }

    private KerberosConfigData readKerberosConfigurations(AxisService axisService) throws SecurityConfigException {
        String kerberosConfigXPath = getKerberosConfigXPath(axisService);
        String serviceGroupName = axisService.getAxisServiceGroup().getServiceGroupName();
        try {
            boolean isTransactionStarted = this.serviceGroupFilePM.isTransactionStarted(serviceGroupName);
            if (!isTransactionStarted) {
                this.serviceGroupFilePM.beginTransaction(serviceGroupName);
            }
            if (!this.serviceGroupFilePM.elementExists(serviceGroupName, kerberosConfigXPath)) {
                if (isTransactionStarted) {
                    return null;
                }
                this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
                return null;
            }
            OMElement oMElement = this.serviceGroupFilePM.get(serviceGroupName, kerberosConfigXPath);
            KerberosConfigData kerberosConfigData = new KerberosConfigData();
            kerberosConfigData.setServicePrincipleName(oMElement.getAttributeValue(new QName("service.principal.name")));
            try {
                kerberosConfigData.setServicePrinciplePassword(new String(CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(oMElement.getAttributeValue(new QName("service.principal.password")))));
            } catch (CryptoException e) {
                log.warn("Unable to decode and decrypt password string.", e);
            }
            if (!isTransactionStarted) {
                this.serviceGroupFilePM.commitTransaction(serviceGroupName);
            }
            return kerberosConfigData;
        } catch (PersistenceException e2) {
            String str = "An error occurred while retrieving kerberos configuration data for service " + axisService.getName();
            log.error(str, e2);
            this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
            throw new SecurityConfigException(str);
        }
    }

    private String getKerberosConfigXPath(AxisService axisService) {
        return PersistenceUtils.getResourcePath(axisService) + "/" + KerberosConfigData.KERBEROS_CONFIG_RESOURCE;
    }

    protected void persistsKerberosData(AxisService axisService, KerberosConfigData kerberosConfigData) throws SecurityConfigException {
        String kerberosConfigXPath = getKerberosConfigXPath(axisService);
        ServiceGroupFilePersistenceManager serviceGroupFilePM = this.persistenceFactory.getServiceGroupFilePM();
        String serviceGroupName = axisService.getAxisServiceGroup().getServiceGroupName();
        try {
            boolean isTransactionStarted = serviceGroupFilePM.isTransactionStarted(serviceGroupName);
            if (!isTransactionStarted) {
                serviceGroupFilePM.beginTransaction(serviceGroupName);
            }
            if (serviceGroupFilePM.elementExists(serviceGroupName, kerberosConfigXPath)) {
                serviceGroupFilePM.delete(serviceGroupName, kerberosConfigXPath);
            }
            OMElement createOMElement = OMAbstractFactory.getOMFactory().createOMElement(KerberosConfigData.KERBEROS_CONFIG_RESOURCE, (OMNamespace) null);
            createOMElement.addAttribute("service.principal.name", kerberosConfigData.getServicePrincipleName(), (OMNamespace) null);
            createOMElement.addAttribute("service.principal.password", getEncryptedPassword(kerberosConfigData.getServicePrinciplePassword()), (OMNamespace) null);
            serviceGroupFilePM.put(serviceGroupName, createOMElement, PersistenceUtils.getResourcePath(axisService));
            if (!isTransactionStarted) {
                serviceGroupFilePM.commitTransaction(serviceGroupName);
            }
        } catch (PersistenceException e) {
            log.error("Error adding kerberos parameters to registry.", e);
            serviceGroupFilePM.rollbackTransaction(serviceGroupName);
            throw new SecurityConfigException("Unable to add kerberos parameters to registry.", e);
        }
    }

    private String getEncryptedPassword(String str) throws SecurityConfigException {
        try {
            return CryptoUtil.getDefaultCryptoUtil().encryptAndBase64Encode(str.getBytes());
        } catch (CryptoException e) {
            log.error("Unable to encrypt and encode password string.", e);
            throw new SecurityConfigException("Unable to encrypt and encode password string.", e);
        }
    }

    private String getRegistryServicePath(AxisService axisService) {
        return "/repository/axis2/service-groups/" + axisService.getAxisServiceGroup().getServiceGroupName() + "/services/" + axisService.getName();
    }

    public void activateUsernameTokenAuthentication(String str, String[] strArr) throws SecurityConfigException {
    }

    public void applySecurity(String str, String str2, KerberosConfigData kerberosConfigData) throws SecurityConfigException {
        if (kerberosConfigData == null) {
            log.error("Kerberos configurations provided are invalid.");
            throw new SecurityConfigException("Kerberos configuration parameters are null. Please specify valid kerberos configurations.");
        }
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        if (serviceForActivation == null) {
            throw new SecurityConfigException("nullService");
        }
        String serviceGroupName = serviceForActivation.getAxisServiceGroup().getServiceGroupName();
        try {
            boolean isTransactionStarted = this.serviceGroupFilePM.isTransactionStarted(serviceGroupName);
            if (!isTransactionStarted) {
                this.serviceGroupFilePM.beginTransaction(serviceGroupName);
            }
            disableSecurityOnService(str);
            applyPolicy(serviceForActivation, str2, null, null, null, kerberosConfigData);
            if (!engageModules(str2, str, serviceForActivation)) {
                log.info("Rahas engaged to service - " + str);
            }
            disableRESTCalls(str, str2);
            persistsKerberosData(serviceForActivation, kerberosConfigData);
            if (!isTransactionStarted) {
                this.serviceGroupFilePM.commitTransaction(serviceGroupName);
            }
            getPOXCache().remove(str);
        } catch (PersistenceException e) {
            StringBuilder append = new StringBuilder("Error persisting security scenario ").append(str2).append(" for service ").append(str);
            log.error(append.toString(), e);
            this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
            throw new SecurityConfigException(append.toString(), e);
        }
    }

    public void applySecurity(String str, String str2, String str3, String[] strArr, String str4, String[] strArr2) throws SecurityConfigException {
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        if (serviceForActivation == null) {
            throw new SecurityConfigException("nullService");
        }
        String serviceGroupName = serviceForActivation.getAxisServiceGroup().getServiceGroupName();
        if (strArr2 != null) {
            try {
                Arrays.sort(strArr2);
                if (Arrays.binarySearch(strArr2, "system/wso2.anonymous.role") > -1) {
                    log.error("Security breach. A user is attempting to enable anonymous for UT access");
                    throw new SecurityConfigException("Invalid data provided");
                }
            } catch (RegistryException | PersistenceException e) {
                log.error("Error in applying security", e);
                this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
                try {
                    this.registry.rollbackTransaction();
                    throw new SecurityConfigException("Error in applying security", e);
                } catch (RegistryException e2) {
                    log.error("Error while rollback", e2);
                    throw new SecurityConfigException("Error in applying security", e);
                }
            }
        }
        boolean isTransactionStarted = this.serviceGroupFilePM.isTransactionStarted(serviceGroupName);
        if (!isTransactionStarted) {
            this.serviceGroupFilePM.beginTransaction(serviceGroupName);
        }
        boolean isStarted = Transaction.isStarted();
        if (!isStarted) {
            this.registry.beginTransaction();
        }
        disableSecurityOnService(str);
        if (GhostDeployerUtils.isGhostService(serviceForActivation)) {
            try {
                serviceForActivation = GhostDeployerUtils.deployActualService(this.axisConfig, serviceForActivation);
            } catch (AxisFault e3) {
                log.error("Error while loading actual service from Ghost", e3);
            }
        }
        applyPolicy(serviceForActivation, str2, str3, strArr, str4);
        boolean engageModules = engageModules(str2, str, serviceForActivation);
        disableRESTCalls(str, str2);
        persistData(serviceForActivation, str2, str4, strArr, strArr2, engageModules);
        if (!isTransactionStarted) {
            this.serviceGroupFilePM.commitTransaction(serviceGroupName);
        }
        if (!isStarted) {
            this.registry.commitTransaction();
        }
        if (serviceForActivation.getFileName() != null) {
            updateSecScenarioInGhostFile(serviceForActivation.getFileName().getPath(), str, str2);
        }
        getPOXCache().remove(str);
        Cache<String, String> pOXCache = getPOXCache();
        if (pOXCache != null) {
            pOXCache.remove(str);
        }
        try {
            Parameter parameter = new Parameter();
            parameter.setName(SecurityConstants.SCENARIO_ID_PARAM_NAME);
            parameter.setValue(str2);
            serviceForActivation.addParameter(parameter);
        } catch (AxisFault e4) {
            log.error("Error while adding Scenario ID parameter", e4);
        }
        try {
            AxisModule module = serviceForActivation.getAxisConfiguration().getModule(SecurityConstants.TRUST_MODULE);
            if (!SecurityConstants.USERNAME_TOKEN_SCENARIO_ID.equals(str2)) {
                serviceForActivation.disengageModule(module);
                serviceForActivation.engageModule(module);
            }
        } catch (AxisFault e5) {
            log.error("Failed to propagate changes immediately. It will take time to update nodes in cluster", e5);
            throw new SecurityConfigException("Failed to propagate changes immediately. It will take time to update nodes in cluster", e5);
        }
    }

    protected void applyPolicy(AxisService axisService, String str, String str2, String[] strArr, String str3) throws SecurityConfigException {
        applyPolicy(axisService, str, str2, strArr, str3, null);
    }

    protected void applyPolicy(AxisService axisService, String str, String str2, String[] strArr, String str3, KerberosConfigData kerberosConfigData) throws SecurityConfigException {
        String serviceGroupName = axisService.getAxisServiceGroup().getServiceGroupName();
        try {
            String resourcePath = PersistenceUtils.getResourcePath(axisService);
            CallbackHandler servicePasswordCallbackHandler = this.callback == null ? new ServicePasswordCallbackHandler(null, serviceGroupName, axisService.getName(), this.registry, this.realm) : this.callback;
            Parameter parameter = new Parameter();
            parameter.setName("passwordCallbackRef");
            parameter.setValue(servicePasswordCallbackHandler);
            axisService.addParameter(parameter);
            Properties serverCryptoProperties = getServerCryptoProperties(str3, strArr);
            RampartConfig rampartConfig = new RampartConfig();
            populateRampartConfig(rampartConfig, serverCryptoProperties, kerberosConfigData);
            Policy loadPolicy = loadPolicy(str, str2);
            if (rampartConfig != null) {
                loadPolicy.addAssertion(rampartConfig);
            }
            if (str2 != null && str.equals(SecurityConstants.POLICY_FROM_REG_SCENARIO)) {
                Parameter parameter2 = new Parameter(SecurityConstants.SECURITY_POLICY_PATH, str2);
                axisService.addParameter(parameter2);
                this.persistenceFactory.getServicePM().updateServiceParameter(axisService, parameter2);
            }
            if (isHttpsTransportOnly(loadPolicy)) {
                setServiceTransports(axisService.getName(), getHttpsTransports());
                try {
                    boolean isTransactionStarted = this.serviceGroupFilePM.isTransactionStarted(serviceGroupName);
                    if (!isTransactionStarted) {
                        this.serviceGroupFilePM.beginTransaction(serviceGroupName);
                    }
                    this.serviceGroupFilePM.put(serviceGroupName, OMAbstractFactory.getOMFactory().createOMAttribute("utEnabled", (OMNamespace) null, Boolean.TRUE.toString()), resourcePath);
                    this.serviceGroupFilePM.put(serviceGroupName, OMAbstractFactory.getOMFactory().createOMAttribute("exposedAllTransports", (OMNamespace) null, Boolean.FALSE.toString()), resourcePath);
                    boolean z = false;
                    for (OMElement oMElement : this.serviceGroupFilePM.getAssociations(serviceGroupName, resourcePath, "exposedTransports")) {
                        String attributeValue = oMElement.getAttributeValue(new QName("destinationPath"));
                        if (attributeValue.endsWith(SecurityConstants.HTTPS_TRANSPORT)) {
                            z = true;
                        } else {
                            if (!this.registry.resourceExists(attributeValue)) {
                                String str4 = "Transport resource " + attributeValue + " not available in Registry";
                                log.error(str4);
                                throw new AxisFault(str4);
                            }
                            oMElement.detach();
                            this.serviceGroupFilePM.setMetaFileModification(serviceGroupName);
                        }
                    }
                    if (!z) {
                        String str5 = "/repository/transports/" + SecurityConstants.HTTPS_TRANSPORT + "/listener";
                        if (!this.registry.resourceExists(str5)) {
                            String str6 = "Transport resource " + str5 + " not available in Registry";
                            log.error(str6);
                            throw new AxisFault(str6);
                        }
                        this.serviceGroupFilePM.put(serviceGroupName, PersistenceUtils.createAssociation(str5, "exposedTransports"), resourcePath);
                    }
                    if (!isTransactionStarted) {
                        this.serviceGroupFilePM.commitTransaction(serviceGroupName);
                    }
                } catch (Exception e) {
                    String str7 = "Service with name " + axisService.getName() + " not found.";
                    log.error(str7);
                    this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
                    throw new AxisFault(str7, e);
                }
            } else {
                setServiceTransports(axisService.getName(), getAllTransports());
            }
            new SecurityServiceAdmin(this.axisConfig, this.registry).addSecurityPolicyToAllBindings(axisService, loadPolicy);
        } catch (Exception e2) {
            log.error("Error in applying policy", e2);
            this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
            throw new SecurityConfigException("Error in applying policy", e2);
        } catch (ServerException e3) {
            log.error("Error in applying policy", e3);
            this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
            throw new SecurityConfigException("Error in applying policy", e3);
        }
    }

    protected boolean engageModules(String str, String str2, AxisService axisService) throws SecurityConfigException {
        boolean z = false;
        SecurityScenario securityScenario = SecurityScenarioDatabase.get(str);
        String[] strArr = (String[]) securityScenario.getModules().toArray(new String[securityScenario.getModules().size()]);
        String serviceGroupName = axisService.getAxisServiceGroup().getServiceGroupName();
        String resourcePath = PersistenceUtils.getResourcePath(axisService);
        try {
            try {
                boolean isTransactionStarted = this.serviceGroupFilePM.isTransactionStarted(serviceGroupName);
                if (!isTransactionStarted) {
                    this.serviceGroupFilePM.beginTransaction(serviceGroupName);
                }
                List all = this.serviceGroupFilePM.getAll(serviceGroupName, resourcePath + "module" + PersistenceUtils.getXPathAttrPredicate(SecurityConstants.PROP_TYPE, "engagedModules"));
                for (String str3 : strArr) {
                    AxisModule module = axisService.getAxisConfiguration().getModule(str3);
                    boolean z2 = false;
                    Iterator it = all.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        OMElement oMElement = (OMElement) it.next();
                        String attributeValue = oMElement.getAttributeValue(new QName("name"));
                        String attributeValue2 = oMElement.getAttributeValue(new QName("version"));
                        if (str3.equals(attributeValue) && module.getVersion().toString().equals(attributeValue2)) {
                            z2 = true;
                            break;
                        }
                    }
                    if (!z2) {
                        if (this.moduleFilePM.elementExists(str3, "/version" + PersistenceUtils.getXPathAttrPredicate("id", module.getVersion().toString()))) {
                            OMElement createOMElement = OMAbstractFactory.getOMFactory().createOMElement("module", (OMNamespace) null);
                            createOMElement.addAttribute("name", module.getName(), (OMNamespace) null);
                            if (module.getVersion() != null) {
                                createOMElement.addAttribute("version", module.getVersion().toString(), (OMNamespace) null);
                            }
                            createOMElement.addAttribute(SecurityConstants.PROP_TYPE, "engagedModules", (OMNamespace) null);
                            this.serviceGroupFilePM.put(serviceGroupName, createOMElement, resourcePath);
                        }
                    }
                    axisService.disengageModule(module);
                    axisService.engageModule(module);
                    if (SecurityConstants.TRUST_MODULE.equalsIgnoreCase(str3)) {
                        z = true;
                    }
                }
                if (!isTransactionStarted) {
                    this.serviceGroupFilePM.commitTransaction(serviceGroupName);
                }
                return z;
            } catch (PersistenceException e) {
                this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
                log.error("Unable to engage modules.");
                throw new AxisFault("Unable to engage modules.", e);
            }
        } catch (AxisFault e2) {
            log.error(e2);
            this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
            throw new SecurityConfigException("Error in engaging modules", e2);
        }
    }

    protected void disableRESTCalls(String str, String str2) throws SecurityConfigException {
        if (str2.equals(SecurityConstants.USERNAME_TOKEN_SCENARIO_ID)) {
            return;
        }
        try {
            AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
            if (serviceForActivation == null) {
                throw new SecurityConfigException("nullService");
            }
            Parameter parameter = new Parameter();
            parameter.setName("disableREST");
            parameter.setValue(Boolean.TRUE.toString());
            serviceForActivation.addParameter(parameter);
        } catch (AxisFault e) {
            log.error(e);
            throw new SecurityConfigException("disablingREST", e);
        }
    }

    protected void persistData(AxisService axisService, String str, String str2, String[] strArr, String[] strArr2, boolean z) throws SecurityConfigException {
        String serviceGroupName = axisService.getAxisServiceGroup().getServiceGroupName();
        try {
            String resourcePath = PersistenceUtils.getResourcePath(axisService);
            boolean isTransactionStarted = this.serviceGroupFilePM.isTransactionStarted(serviceGroupName);
            if (!isTransactionStarted) {
                this.serviceGroupFilePM.beginTransaction(serviceGroupName);
            }
            if (str2 != null) {
                String str3 = SecurityConstants.KEY_STORES + "/" + str2;
                if (this.govRegistry.resourceExists(str3)) {
                    this.serviceGroupFilePM.put(serviceGroupName, PersistenceUtils.createAssociation("/_system/governance" + str3, SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE), resourcePath);
                } else {
                    if (!KeyStoreUtil.isPrimaryStore(str2)) {
                        throw new SecurityConfigException("Missing key store " + str2);
                    }
                    this.serviceGroupFilePM.put(serviceGroupName, PersistenceUtils.createAssociation("/_system/governance/repository/security/key-stores/carbon-primary-ks", SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE), resourcePath);
                }
            }
            if (strArr != null) {
                for (String str4 : strArr) {
                    String str5 = "/repository/security/key-stores/" + str4;
                    if (this.govRegistry.resourceExists(str5)) {
                        this.serviceGroupFilePM.put(serviceGroupName, PersistenceUtils.createAssociation("/_system/governance" + str5, SecurityConstants.ASSOCIATION_TRUSTED_KEYSTORE), resourcePath);
                    } else {
                        if (!KeyStoreUtil.isPrimaryStore(str4)) {
                            throw new SecurityConfigException("Missing key store" + str4);
                        }
                        this.serviceGroupFilePM.put(serviceGroupName, PersistenceUtils.createAssociation("/_system/governance/repository/security/key-stores/carbon-primary-ks", SecurityConstants.ASSOCIATION_TRUSTED_KEYSTORE), resourcePath);
                    }
                }
            }
            if (strArr2 != null) {
                for (String str6 : strArr2) {
                    this.realm.getAuthorizationManager().authorizeRole(str6, serviceGroupName + "/" + axisService.getName(), "invoke-service");
                }
            }
            if (z) {
                setRahasParameters(axisService, str2);
            } else {
                removeRahasParameters(axisService);
            }
            if (!isTransactionStarted) {
                this.serviceGroupFilePM.commitTransaction(serviceGroupName);
            }
        } catch (Exception e) {
            log.error("Error in persisting data", e);
            this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
            throw new SecurityConfigException("Error in persisting data", e);
        }
    }

    public Policy loadPolicy(String str, String str2) throws SecurityConfigException {
        OMAttribute attribute;
        try {
            UserRegistry userRegistry = this.registry;
            String str3 = "/repository/components/org.wso2.carbon.security.mgt/policy/" + str;
            if (str2 != null && str.equals(SecurityConstants.POLICY_FROM_REG_SCENARIO)) {
                str3 = str2.substring(str2.lastIndexOf(58) + 1);
                if (SecurityConstants.GOVERNANCE_REGISTRY_IDENTIFIER.equals(str2.substring(0, str2.lastIndexOf(58)))) {
                    userRegistry = this.govRegistry;
                }
            }
            OMElement documentElement = new StAXOMBuilder(XMLInputFactory.newInstance().createXMLStreamReader(userRegistry.get(str3).getContentStream())).getDocumentElement();
            if (str2 != null && str.equals(SecurityConstants.POLICY_FROM_REG_SCENARIO) && (attribute = documentElement.getAttribute(SecurityConstants.POLICY_ID_QNAME)) != null) {
                attribute.setAttributeValue(SecurityConstants.POLICY_FROM_REG_SCENARIO);
            }
            return PolicyEngine.getPolicy(documentElement);
        } catch (Exception e) {
            log.error("loadingPolicy", e);
            throw new SecurityConfigException("loadingPolicy", e);
        }
    }

    public void populateRampartConfig(RampartConfig rampartConfig, Properties properties) throws SecurityConfigException {
        populateRampartConfig(rampartConfig, properties, null);
    }

    public void populateRampartConfig(RampartConfig rampartConfig, Properties properties, KerberosConfigData kerberosConfigData) throws SecurityConfigException {
        if (rampartConfig != null) {
            if (kerberosConfigData != null) {
                Properties properties2 = new Properties();
                properties2.setProperty("service.principal.name", kerberosConfigData.getServicePrincipleName());
                KerberosConfig kerberosConfig = new KerberosConfig();
                kerberosConfig.setProp(properties2);
                String str = (CarbonUtils.getCarbonConfigDirPath() + File.separatorChar + IDENTITY_CONFIG_DIR) + File.separatorChar + KerberosConfigData.KERBEROS_CONFIG_FILE_NAME;
                if (!new File(str).exists()) {
                    throw new SecurityConfigException("Kerberos configuration file not found at " + str);
                }
                log.info("Setting java.security.krb5.conf to kerberos configuration file " + str);
                System.setProperty(KerberosConfigData.KERBEROS_CONFIG_FILE_SYSTEM_PROPERTY, str);
                rampartConfig.setKerberosConfig(kerberosConfig);
                return;
            }
            if (!properties.isEmpty()) {
                CryptoConfig cryptoConfig = new CryptoConfig();
                cryptoConfig.setProvider(ServerCrypto.class.getName());
                cryptoConfig.setProp(properties);
                cryptoConfig.setCacheEnabled(true);
                cryptoConfig.setCryptoKey(ServerCrypto.PROP_ID_PRIVATE_STORE);
                rampartConfig.setEncrCryptoConfig(cryptoConfig);
                CryptoConfig cryptoConfig2 = new CryptoConfig();
                cryptoConfig2.setProvider(ServerCrypto.class.getName());
                cryptoConfig2.setProp(properties);
                cryptoConfig2.setCacheEnabled(true);
                cryptoConfig2.setCryptoKey(ServerCrypto.PROP_ID_PRIVATE_STORE);
                rampartConfig.setSigCryptoConfig(cryptoConfig2);
            }
            rampartConfig.setEncryptionUser("useReqSigCert");
            rampartConfig.setUser(properties.getProperty("rampart.config.user"));
            rampartConfig.setTimestampTTL(Integer.toString(300));
            rampartConfig.setTimestampMaxSkew(Integer.toString(300));
            String firstProperty = ServerConfiguration.getInstance().getFirstProperty("Security.TokenStoreClassName");
            if (firstProperty == null) {
                rampartConfig.setTokenStoreClass(SecurityTokenStore.class.getName());
            } else {
                rampartConfig.setTokenStoreClass(firstProperty);
            }
        }
    }

    public Properties getServerCryptoProperties(String str, String[] strArr) throws Exception {
        Properties properties = new Properties();
        int tenantId = this.registry.getTenantId();
        if (strArr != null && strArr.length > 0) {
            StringBuilder sb = new StringBuilder();
            for (String str2 : strArr) {
                sb.append(str2).append(",");
            }
            if (strArr.length != 0) {
                properties.setProperty(ServerCrypto.PROP_ID_TRUST_STORES, sb.toString());
            }
        }
        if (str != null) {
            properties.setProperty(ServerCrypto.PROP_ID_PRIVATE_STORE, str);
            String privateKeyAlias = KeyStoreUtil.getPrivateKeyAlias(KeyStoreManager.getInstance(tenantId).getKeyStore(str));
            properties.setProperty(ServerCrypto.PROP_ID_DEFAULT_ALIAS, privateKeyAlias);
            properties.setProperty("rampart.config.user", privateKeyAlias);
        }
        if (str != null || (strArr != null && strArr.length > 0)) {
            properties.setProperty(ServerCrypto.PROP_ID_TENANT_ID, Integer.toString(tenantId));
        }
        return properties;
    }

    public void setServiceTransports(String str, List<String> list) throws SecurityConfigException, AxisFault {
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        if (serviceForActivation == null) {
            throw new SecurityConfigException("nullService");
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < list.size(); i++) {
            arrayList.add(list.get(i));
        }
        serviceForActivation.setExposedTransports(arrayList);
        if (log.isDebugEnabled()) {
            log.debug("Successfully add selected transport bindings to service " + str);
        }
    }

    public boolean isHttpsTransportOnly(Policy policy) throws SecurityConfigException {
        boolean z = false;
        try {
            Iterator alternatives = policy.getAlternatives();
            if (alternatives.hasNext()) {
                RampartPolicyData build = RampartPolicyBuilder.build((List) alternatives.next());
                if (build.isTransportBinding()) {
                    z = true;
                } else if (build.isSymmetricBinding()) {
                    SecureConversationToken encryptionToken = build.getEncryptionToken();
                    if (encryptionToken instanceof SecureConversationToken) {
                        z = RampartPolicyBuilder.build((List) encryptionToken.getBootstrapPolicy().getAlternatives().next()).isTransportBinding();
                    }
                }
            }
            return z;
        } catch (WSSPolicyException e) {
            log.error("Error in checking http transport only", e);
            throw new SecurityConfigException("Error in checking http transport only", e);
        }
    }

    public List<String> getHttpsTransports() {
        ArrayList arrayList = new ArrayList();
        for (String str : this.axisConfig.getTransportsIn().keySet()) {
            if (str.toLowerCase().indexOf(SecurityConstants.HTTPS_TRANSPORT) != -1) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    public List<String> getAllTransports() {
        ArrayList arrayList = new ArrayList();
        Iterator it = this.axisConfig.getTransportsIn().keySet().iterator();
        while (it.hasNext()) {
            arrayList.add((String) it.next());
        }
        return arrayList;
    }

    public SecurityConfigData getSecurityConfigData(String str, String str2, String str3) throws SecurityConfigException {
        SecurityConfigData securityConfigData = null;
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        String serviceGroupName = serviceForActivation.getAxisServiceGroup().getServiceGroupName();
        if (str2 == null) {
            return null;
        }
        try {
            if (str2.equals(SecurityConstants.POLICY_FROM_REG_SCENARIO)) {
                Parameter parameter = serviceForActivation.getParameter(SecurityConstants.SECURITY_POLICY_PATH);
                if (parameter == null || !str3.equals(parameter.getValue())) {
                    return null;
                }
            } else {
                SecurityScenario readCurrentScenario = readCurrentScenario(str);
                if (readCurrentScenario == null || !readCurrentScenario.getScenarioId().equals(str2)) {
                    return null;
                }
            }
            boolean isTransactionStarted = this.serviceGroupFilePM.isTransactionStarted(serviceGroupName);
            if (!isTransactionStarted) {
                this.serviceGroupFilePM.beginTransaction(serviceGroupName);
            }
            securityConfigData = new SecurityConfigData();
            String resourcePath = PersistenceUtils.getResourcePath(serviceForActivation);
            securityConfigData.setUserGroups(this.realm.getAuthorizationManager().getAllowedRolesForResource(serviceGroupName + "/" + str, "invoke-service"));
            List associations = this.serviceGroupFilePM.getAssociations(serviceGroupName, resourcePath, SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE);
            if (!CollectionUtils.isEmpty(associations)) {
                String attributeValue = ((OMElement) associations.get(0)).getAttributeValue(new QName("destinationPath"));
                if (attributeValue.startsWith("//")) {
                    attributeValue = attributeValue.substring(1);
                }
                if (attributeValue.equals("/_system/governance/repository/security/key-stores/carbon-primary-ks")) {
                    securityConfigData.setPrivateStore(KeyStoreUtil.getKeyStoreFileName(new File(ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location")).getAbsolutePath()));
                } else {
                    securityConfigData.setPrivateStore(attributeValue.substring(attributeValue.lastIndexOf("/") + 1));
                }
            }
            List associations2 = this.serviceGroupFilePM.getAssociations(serviceGroupName, resourcePath, SecurityConstants.ASSOCIATION_TRUSTED_KEYSTORE);
            String[] strArr = new String[associations2.size()];
            for (int i = 0; i < associations2.size(); i++) {
                String attributeValue2 = ((OMElement) associations2.get(0)).getAttributeValue(new QName("destinationPath"));
                if (attributeValue2.startsWith("//")) {
                    attributeValue2 = attributeValue2.substring(1);
                }
                if (attributeValue2.equals("/_system/governance/repository/security/key-stores/carbon-primary-ks")) {
                    strArr[i] = KeyStoreUtil.getKeyStoreFileName(new File(ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location")).getAbsolutePath());
                } else {
                    strArr[i] = attributeValue2.substring(attributeValue2.lastIndexOf("/") + 1);
                }
            }
            securityConfigData.setTrustedKeyStores(strArr);
            securityConfigData.setKerberosConfigurations(readKerberosConfigurations(serviceForActivation));
            if (!isTransactionStarted) {
                this.serviceGroupFilePM.commitTransaction(serviceGroupName);
            }
            return securityConfigData;
        } catch (Exception e) {
            log.error("Error in getting security config data", e);
            this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
            return securityConfigData;
        } catch (PersistenceException e2) {
            log.error("Error in getting security config data", e2);
            this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
            throw new SecurityConfigException("Error in getting security config data", e2);
        }
    }

    public SecurityScenario readCurrentScenario(String str) throws SecurityConfigException {
        String id;
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        try {
            if (serviceForActivation == null) {
                try {
                    serviceForActivation = (AxisService) GhostDeployerUtils.getTransitGhostServicesMap(this.axisConfig).get(str);
                } catch (AxisFault e) {
                    log.error("Error while reading Transit Ghosts map", e);
                }
                if (serviceForActivation == null) {
                    throw new SecurityConfigException("AxisService is Null" + serviceForActivation);
                }
            }
            String serviceGroupName = serviceForActivation.getAxisServiceGroup().getServiceGroupName();
            boolean isTransactionStarted = this.serviceGroupFilePM.isTransactionStarted(serviceGroupName);
            if (!isTransactionStarted) {
                this.serviceGroupFilePM.beginTransaction(serviceGroupName);
            }
            String str2 = PersistenceUtils.getResourcePath(serviceForActivation) + "/policies/policy";
            if (this.serviceGroupFilePM.elementExists(serviceGroupName, str2)) {
                if (CollectionUtils.isEmpty(this.serviceGroupFilePM.getAll(serviceGroupName, str2))) {
                    if (!isTransactionStarted) {
                        this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
                    }
                    return null;
                }
            } else if (serviceForActivation.getPolicySubject() != null && serviceForActivation.getPolicySubject().getAttachedPolicyComponents() != null && !serviceForActivation.getPolicySubject().getAttachedPolicyComponents().iterator().hasNext()) {
                if (!isTransactionStarted) {
                    this.serviceGroupFilePM.rollbackTransaction(serviceGroupName);
                }
                return null;
            }
            if (!isTransactionStarted) {
                this.serviceGroupFilePM.commitTransaction(serviceGroupName);
            }
            if (GhostDeployerUtils.isGhostService(serviceForActivation)) {
                serviceForActivation = GhostDeployerUtils.deployActualService(this.axisConfig, serviceForActivation);
            }
            SecurityScenario securityScenario = null;
            Iterator it = serviceForActivation.getEndpoints().entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SecurityScenario securityScenario2 = null;
                AxisBinding binding = ((AxisEndpoint) ((Map.Entry) it.next()).getValue()).getBinding();
                String str3 = null;
                for (Policy policy : binding.getPolicySubject().getAttachedPolicyComponents()) {
                    if (policy instanceof Policy) {
                        str3 = policy.getId();
                    } else if (policy instanceof PolicyReference) {
                        str3 = ((PolicyReference) policy).getURI().substring(1);
                    }
                    if (str3 != null) {
                        securityScenario2 = SecurityScenarioDatabase.getByWsuId(str3);
                    }
                }
                if (securityScenario2 == null) {
                    if (!binding.getName().getLocalPart().contains("HttpBinding")) {
                        securityScenario = securityScenario2;
                        break;
                    }
                } else {
                    securityScenario = securityScenario2;
                }
            }
            if (securityScenario == null) {
                for (PolicyReference policyReference : serviceForActivation.getPolicySubject().getAttachedPolicyComponents()) {
                    if (policyReference instanceof Policy) {
                        id = ((Policy) policyReference).getId();
                    } else if (policyReference instanceof PolicyReference) {
                        id = policyReference.getURI().substring(1);
                    }
                    if (id != null) {
                        securityScenario = SecurityScenarioDatabase.getByWsuId(id);
                    }
                }
            }
            return securityScenario;
        } catch (Exception e2) {
            log.error("Error while reading Security Scenario", e2);
            this.serviceGroupFilePM.rollbackTransaction((String) null);
            throw new SecurityConfigException("readingSecurity", e2);
        }
    }

    public void forceActualServiceDeployment(String str) {
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        if (serviceForActivation == null) {
            try {
                serviceForActivation = (AxisService) GhostDeployerUtils.getTransitGhostServicesMap(this.axisConfig).get(str);
            } catch (AxisFault e) {
                log.error("Error while reading Transit Ghosts map", e);
            }
        }
        if (serviceForActivation == null || !GhostDeployerUtils.isGhostService(serviceForActivation)) {
            return;
        }
        try {
            GhostDeployerUtils.deployActualService(this.axisConfig, serviceForActivation);
        } catch (AxisFault e2) {
            log.error("Error while loading actual service from Ghost", e2);
        }
    }

    private void setRahasParameters(AxisService axisService, String str) throws PersistenceException, AxisFault {
        Properties properties = new Properties();
        String serviceGroupName = axisService.getAxisServiceGroup().getServiceGroupName();
        String name = axisService.getName();
        String resourcePath = PersistenceUtils.getResourcePath(axisService);
        List associations = this.serviceGroupFilePM.getAssociations(serviceGroupName, resourcePath, SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE);
        List associations2 = this.serviceGroupFilePM.getAssociations(serviceGroupName, resourcePath, SecurityConstants.ASSOCIATION_TRUSTED_KEYSTORE);
        if (associations != null && !CollectionUtils.isEmpty(associations)) {
            String firstProperty = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.KeyAlias");
            properties.setProperty(ServerCrypto.PROP_ID_PRIVATE_STORE, str);
            properties.setProperty(ServerCrypto.PROP_ID_DEFAULT_ALIAS, firstProperty);
        }
        StringBuilder sb = new StringBuilder();
        Iterator it = associations2.iterator();
        while (it.hasNext()) {
            String attributeValue = ((OMElement) it.next()).getAttributeValue(new QName("destinationPath"));
            sb.append(attributeValue.substring(attributeValue.lastIndexOf("/"))).append(",");
        }
        properties.setProperty(ServerCrypto.PROP_ID_TRUST_STORES, sb.toString());
        try {
            setServiceParameterElement(name, RahasUtil.getSCTIssuerConfigParameter(ServerCrypto.class.getName(), properties, -1, null, true, true));
            setServiceParameterElement(name, RahasUtil.getTokenCancelerConfigParameter());
            this.serviceGroupFilePM.get(serviceGroupName, resourcePath).addAttribute(SecurityConstants.PROP_RAHAS_SCT_ISSUER, Boolean.TRUE.toString(), (OMNamespace) null);
            this.serviceGroupFilePM.setMetaFileModification(serviceGroupName);
        } catch (Exception e) {
            throw new AxisFault("Could not configure Rahas parameters", e);
        }
    }

    private void removeRahasParameters(AxisService axisService) throws AxisFault {
        String serviceGroupName = axisService.getAxisServiceGroup().getServiceGroupName();
        String resourcePath = PersistenceUtils.getResourcePath(axisService);
        try {
            if (this.serviceGroupFilePM.elementExists(serviceGroupName, resourcePath)) {
                OMElement oMElement = this.serviceGroupFilePM.get(serviceGroupName, resourcePath);
                if (oMElement.getAttribute(new QName(SecurityConstants.PROP_RAHAS_SCT_ISSUER)) != null) {
                    oMElement.removeAttribute(oMElement.getAttribute(new QName(SecurityConstants.PROP_RAHAS_SCT_ISSUER)));
                }
            }
        } catch (Exception e) {
            throw new AxisFault("Could not configure Rahas parameters", e);
        }
    }

    private void setServiceParameterElement(String str, Parameter parameter) throws AxisFault {
        AxisService serviceForActivation = this.axisConfig.getServiceForActivation(str);
        if (serviceForActivation == null) {
            throw new AxisFault("Invalid service name '" + str + "'");
        }
        Parameter parameter2 = serviceForActivation.getParameter(parameter.getName());
        if (parameter2 == null) {
            serviceForActivation.addParameter(parameter);
        } else {
            if (parameter2.isLocked()) {
                return;
            }
            serviceForActivation.addParameter(parameter);
        }
    }

    private void updateSecScenarioInGhostFile(String str, String str2, String str3) {
        File ghostFile = GhostDeployerUtils.getGhostFile(str, this.axisConfig);
        if (ghostFile == null || !ghostFile.exists()) {
            return;
        }
        FileInputStream fileInputStream = null;
        FileOutputStream fileOutputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(ghostFile);
                OMElement documentElement = new StAXOMBuilder(fileInputStream).getDocumentElement();
                Iterator childrenWithLocalName = documentElement.getChildrenWithLocalName("service");
                while (childrenWithLocalName.hasNext()) {
                    OMElement oMElement = (OMElement) childrenWithLocalName.next();
                    String attributeValue = oMElement.getAttributeValue(new QName("name"));
                    if (attributeValue != null && attributeValue.equals(str2)) {
                        OMAttribute attribute = oMElement.getAttribute(new QName("securityScenario"));
                        if (str3 == null) {
                            if (attribute == null) {
                                if (fileInputStream != null) {
                                    try {
                                        fileInputStream.close();
                                    } catch (IOException e) {
                                        log.error("Error while closing the file output stream", e);
                                        return;
                                    }
                                }
                                if (0 != 0) {
                                    fileOutputStream.close();
                                }
                                return;
                            }
                            oMElement.removeAttribute(attribute);
                        } else if (attribute == null) {
                            oMElement.addAttribute("securityScenario", str3, (OMNamespace) null);
                        } else {
                            attribute.setAttributeValue(str3);
                        }
                    }
                }
                fileOutputStream = new FileOutputStream(ghostFile);
                documentElement.serialize(fileOutputStream);
                fileOutputStream.flush();
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                        log.error("Error while closing the file output stream", e2);
                        return;
                    }
                }
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
            } catch (Exception e3) {
                log.error("Error while reading ghost file for service : " + str, e3);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e4) {
                        log.error("Error while closing the file output stream", e4);
                        return;
                    }
                }
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e5) {
                    log.error("Error while closing the file output stream", e5);
                    throw th;
                }
            }
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            throw th;
        }
    }

    private Cache<String, String> getPOXCache() {
        return Caching.getCacheManagerFactory().getCacheManager(POXSecurityHandler.POX_CACHE_MANAGER).getCache(POXSecurityHandler.POX_ENABLED);
    }
}
