package org.wso2.carbon.identity.user.account.association;

import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.core.common.AuthenticationException;
import org.wso2.carbon.core.services.authentication.AuthenticationUtil;
import org.wso2.carbon.core.services.authentication.stats.LoginAttempt;
import org.wso2.carbon.core.services.authentication.stats.LoginStatDatabase;
import org.wso2.carbon.core.services.util.CarbonAuthenticationUtil;
import org.wso2.carbon.identity.user.account.association.dao.UserAccountAssociationDAO;
import org.wso2.carbon.identity.user.account.association.dto.UserAccountAssociationDTO;
import org.wso2.carbon.identity.user.account.association.exception.UserAccountAssociationClientException;
import org.wso2.carbon.identity.user.account.association.exception.UserAccountAssociationException;
import org.wso2.carbon.identity.user.account.association.exception.UserAccountAssociationServerException;
import org.wso2.carbon.identity.user.account.association.internal.IdentityAccountAssociationServiceComponent;
import org.wso2.carbon.identity.user.account.association.util.UserAccountAssociationConstants;
import org.wso2.carbon.identity.user.account.association.util.UserAccountAssociationUtil;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/user/account/association/UserAccountConnectorImpl.class */
public class UserAccountConnectorImpl implements UserAccountConnector {
    private static Log log = LogFactory.getLog(UserAccountConnectorImpl.class);
    private static Log audit = CarbonConstants.AUDIT_LOG;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wso2/carbon/identity/user/account/association/UserAccountConnectorImpl$LazyHolder.class */
    public static class LazyHolder {
        private static final UserAccountConnectorImpl INSTANCE = new UserAccountConnectorImpl();

        private LazyHolder() {
        }
    }

    private UserAccountConnectorImpl() {
    }

    public static UserAccountConnectorImpl getInstance() {
        return LazyHolder.INSTANCE;
    }

    @Override // org.wso2.carbon.identity.user.account.association.UserAccountConnector
    public void createUserAccountAssociation(String str, char[] cArr) throws UserAccountAssociationException {
        String domainName;
        if (StringUtils.isBlank(str) || cArr == null || cArr.length <= 0) {
            if (log.isDebugEnabled()) {
                log.debug(UserAccountAssociationConstants.ErrorMessages.INVALID_INPUTS.getDescription());
            }
            throw new UserAccountAssociationClientException(UserAccountAssociationConstants.ErrorMessages.INVALID_INPUTS.toString());
        }
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        String domainName2 = UserAccountAssociationUtil.getDomainName(username);
        String usernameWithoutDomain = UserAccountAssociationUtil.getUsernameWithoutDomain(username);
        int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
        try {
            RealmService realmService = IdentityAccountAssociationServiceComponent.getRealmService();
            int tenantId2 = realmService.getTenantManager().getTenantId(MultitenantUtils.getTenantDomain(str));
            if (-1 == tenantId2) {
                if (log.isDebugEnabled()) {
                    log.debug(String.format(UserAccountAssociationConstants.ErrorMessages.DEBUG_INVALID_TENANT_DOMAIN.getDescription(), MultitenantUtils.getTenantDomain(str)));
                }
                throw new UserAccountAssociationClientException(UserAccountAssociationConstants.ErrorMessages.INVALID_TENANT_DOMAIN.toString());
            }
            try {
                if (!realmService.getTenantUserRealm(tenantId2).getUserStoreManager().authenticate(tenantAwareUsername, String.valueOf(cArr))) {
                    if (log.isDebugEnabled()) {
                        log.debug(UserAccountAssociationConstants.ErrorMessages.USER_NOT_AUTHENTIC.getDescription());
                    }
                    throw new UserAccountAssociationClientException(UserAccountAssociationConstants.ErrorMessages.USER_NOT_AUTHENTIC.toString());
                }
                if (tenantAwareUsername.indexOf("/") < 0) {
                    domainName = UserCoreUtil.getDomainFromThreadLocal();
                    if (domainName == null) {
                        domainName = UserAccountAssociationConstants.PRIMARY_USER_DOMAIN;
                    }
                } else {
                    domainName = UserAccountAssociationUtil.getDomainName(tenantAwareUsername);
                    tenantAwareUsername = UserAccountAssociationUtil.getUsernameWithoutDomain(tenantAwareUsername);
                }
                if (usernameWithoutDomain.equals(tenantAwareUsername) && domainName2.equals(domainName) && tenantId == tenantId2) {
                    if (log.isDebugEnabled()) {
                        log.debug(UserAccountAssociationConstants.ErrorMessages.SAME_ACCOUNT_CONNECTING_ERROR.getDescription());
                    }
                    throw new UserAccountAssociationClientException(UserAccountAssociationConstants.ErrorMessages.SAME_ACCOUNT_CONNECTING_ERROR.toString());
                }
                if (UserAccountAssociationDAO.getInstance().isValidUserAssociation(domainName, tenantId2, tenantAwareUsername)) {
                    if (log.isDebugEnabled()) {
                        log.debug(UserAccountAssociationConstants.ErrorMessages.ALREADY_CONNECTED.getDescription());
                    }
                    throw new UserAccountAssociationClientException(UserAccountAssociationConstants.ErrorMessages.ALREADY_CONNECTED.toString());
                }
                String associationKeyOfUser = UserAccountAssociationDAO.getInstance().getAssociationKeyOfUser(domainName2, tenantId, usernameWithoutDomain);
                boolean z = associationKeyOfUser != null;
                String associationKeyOfUser2 = UserAccountAssociationDAO.getInstance().getAssociationKeyOfUser(domainName, tenantId2, tenantAwareUsername);
                boolean z2 = associationKeyOfUser2 != null;
                if (!z && !z2) {
                    String randomNumber = UserAccountAssociationUtil.getRandomNumber();
                    UserAccountAssociationDAO.getInstance().createUserAssociation(randomNumber, domainName2, tenantId, usernameWithoutDomain);
                    UserAccountAssociationDAO.getInstance().createUserAssociation(randomNumber, domainName, tenantId2, tenantAwareUsername);
                } else if (z && !z2) {
                    UserAccountAssociationDAO.getInstance().createUserAssociation(associationKeyOfUser, domainName, tenantId2, tenantAwareUsername);
                } else if (z || !z2) {
                    UserAccountAssociationDAO.getInstance().updateUserAssociationKey(associationKeyOfUser2, associationKeyOfUser);
                } else {
                    UserAccountAssociationDAO.getInstance().createUserAssociation(associationKeyOfUser2, domainName2, tenantId, usernameWithoutDomain);
                }
            } catch (UserStoreException e) {
                throw new UserAccountAssociationServerException(UserAccountAssociationConstants.ErrorMessages.ERROR_WHILE_AUTHENTICATING_USER.getDescription(), e);
            }
        } catch (UserStoreException e2) {
            throw new UserAccountAssociationServerException(UserAccountAssociationConstants.ErrorMessages.ERROR_WHILE_GETTING_TENANT_ID.getDescription(), e2);
        } catch (Exception e3) {
            throw new UserAccountAssociationServerException(UserAccountAssociationConstants.ErrorMessages.ERROR_WHILE_LOADING_REALM_SERVICE.getDescription(), e3);
        }
    }

    @Override // org.wso2.carbon.identity.user.account.association.UserAccountConnector
    public void deleteUserAccountAssociation(String str) throws UserAccountAssociationException {
        if (StringUtils.isBlank(str)) {
            if (log.isDebugEnabled()) {
                log.debug(UserAccountAssociationConstants.ErrorMessages.INVALID_INPUTS.getDescription());
            }
            throw new UserAccountAssociationClientException(UserAccountAssociationConstants.ErrorMessages.INVALID_INPUTS.toString());
        }
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
        try {
            int tenantId = IdentityAccountAssociationServiceComponent.getRealmService().getTenantManager().getTenantId(MultitenantUtils.getTenantDomain(str));
            if (-1 == tenantId) {
                if (log.isDebugEnabled()) {
                    log.debug(String.format(UserAccountAssociationConstants.ErrorMessages.DEBUG_INVALID_TENANT_DOMAIN.getDescription(), MultitenantUtils.getTenantDomain(str)));
                }
                throw new UserAccountAssociationClientException(UserAccountAssociationConstants.ErrorMessages.INVALID_TENANT_DOMAIN.toString());
            }
            String domainName = UserAccountAssociationUtil.getDomainName(tenantAwareUsername);
            String usernameWithoutDomain = UserAccountAssociationUtil.getUsernameWithoutDomain(tenantAwareUsername);
            if (UserAccountAssociationDAO.getInstance().isValidUserAssociation(domainName, tenantId, usernameWithoutDomain)) {
                UserAccountAssociationDAO.getInstance().deleteUserAssociation(domainName, tenantId, usernameWithoutDomain);
            } else {
                if (log.isDebugEnabled()) {
                    log.debug(UserAccountAssociationConstants.ErrorMessages.INVALID_ASSOCIATION.getDescription());
                }
                throw new UserAccountAssociationClientException(UserAccountAssociationConstants.ErrorMessages.INVALID_ASSOCIATION.toString());
            }
        } catch (Exception e) {
            throw new UserAccountAssociationServerException(UserAccountAssociationConstants.ErrorMessages.ERROR_WHILE_LOADING_REALM_SERVICE.getDescription(), e);
        } catch (UserStoreException e2) {
            throw new UserAccountAssociationServerException(UserAccountAssociationConstants.ErrorMessages.ERROR_WHILE_GETTING_TENANT_ID.getDescription(), e2);
        }
    }

    @Override // org.wso2.carbon.identity.user.account.association.UserAccountConnector
    public UserAccountAssociationDTO[] getAccountAssociationsOfUser() throws UserAccountAssociationException {
        List<UserAccountAssociationDTO> associationsOfUser = UserAccountAssociationDAO.getInstance().getAssociationsOfUser(UserAccountAssociationUtil.getDomainName(CarbonContext.getThreadLocalCarbonContext().getUsername()), CarbonContext.getThreadLocalCarbonContext().getTenantId(), UserAccountAssociationUtil.getUsernameWithoutDomain(CarbonContext.getThreadLocalCarbonContext().getUsername()));
        return associationsOfUser.size() > 0 ? (UserAccountAssociationDTO[]) associationsOfUser.toArray(new UserAccountAssociationDTO[associationsOfUser.size()]) : new UserAccountAssociationDTO[0];
    }

    @Override // org.wso2.carbon.identity.user.account.association.UserAccountConnector
    public boolean switchLoggedInUser(String str) throws UserAccountAssociationException {
        if (StringUtils.isBlank(str)) {
            if (log.isDebugEnabled()) {
                log.debug(UserAccountAssociationConstants.ErrorMessages.INVALID_INPUTS.getDescription());
            }
            throw new UserAccountAssociationClientException(UserAccountAssociationConstants.ErrorMessages.INVALID_INPUTS.toString());
        }
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
        String tenantDomain = MultitenantUtils.getTenantDomain(str);
        String domainName = UserAccountAssociationUtil.getDomainName(tenantAwareUsername);
        String usernameWithoutDomain = UserAccountAssociationUtil.getUsernameWithoutDomain(tenantAwareUsername);
        try {
            RealmService realmService = IdentityAccountAssociationServiceComponent.getRealmService();
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            if (-1 == tenantId) {
                if (log.isDebugEnabled()) {
                    log.debug(String.format(UserAccountAssociationConstants.ErrorMessages.DEBUG_INVALID_TENANT_DOMAIN.getDescription(), MultitenantUtils.getTenantDomain(str)));
                }
                throw new UserAccountAssociationClientException(UserAccountAssociationConstants.ErrorMessages.INVALID_TENANT_DOMAIN.toString());
            }
            if (!UserAccountAssociationDAO.getInstance().isValidUserAssociation(domainName, tenantId, usernameWithoutDomain)) {
                if (log.isDebugEnabled()) {
                    log.debug(UserAccountAssociationConstants.ErrorMessages.INVALID_ASSOCIATION.getDescription());
                }
                throw new UserAccountAssociationClientException(UserAccountAssociationConstants.ErrorMessages.INVALID_ASSOCIATION.toString());
            }
            try {
                if (!realmService.getTenantManager().isTenantActive(tenantId)) {
                    log.warn("Tenant has been deactivated. TenantID : " + tenantId);
                    return false;
                }
                MessageContext currentMessageContext = MessageContext.getCurrentMessageContext();
                HttpSession session = ((HttpServletRequest) currentMessageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getSession();
                String remoteAddress = AuthenticationUtil.getRemoteAddress(currentMessageContext);
                UserRealm tenantUserRealm = realmService.getTenantUserRealm(tenantId);
                if (!UserAccountAssociationConstants.PRIMARY_USER_DOMAIN.equals(domainName)) {
                    usernameWithoutDomain = domainName + "/" + usernameWithoutDomain;
                }
                boolean executePrePostAuthenticationListeners = UserAccountAssociationUtil.executePrePostAuthenticationListeners(usernameWithoutDomain, tenantUserRealm.getUserStoreManager());
                boolean isUserAuthorized = tenantUserRealm.getAuthorizationManager().isUserAuthorized(usernameWithoutDomain, UserAccountAssociationConstants.LOGIN_PERMISSION, "ui.execute");
                if (executePrePostAuthenticationListeners && isUserAuthorized) {
                    CarbonAuthenticationUtil.onSuccessAdminLogin(session, usernameWithoutDomain, tenantId, tenantDomain, remoteAddress);
                    audit.info(getAuditMessage(true, CarbonContext.getThreadLocalCarbonContext().getUsername(), CarbonContext.getThreadLocalCarbonContext().getTenantId(), usernameWithoutDomain, tenantId, tenantDomain));
                    return true;
                }
                LoginStatDatabase.recordLoginAttempt(new LoginAttempt(usernameWithoutDomain, tenantId, remoteAddress, new Date(), false, "unauthorized"));
                audit.warn(getAuditMessage(false, CarbonContext.getThreadLocalCarbonContext().getUsername(), CarbonContext.getThreadLocalCarbonContext().getTenantId(), usernameWithoutDomain, tenantId, tenantDomain));
                return false;
            } catch (UserStoreException e) {
                throw new UserAccountAssociationServerException(UserAccountAssociationConstants.ErrorMessages.ERROR_WHILE_ACCESSING_REALM_SERVICE.getDescription(), e);
            } catch (Exception e2) {
                throw new UserAccountAssociationServerException(UserAccountAssociationConstants.ErrorMessages.ERROR_WHILE_EXECUTING_AUTHENTICATORS.getDescription(), e2);
            } catch (org.wso2.carbon.user.core.UserStoreException e3) {
                throw new UserAccountAssociationServerException(UserAccountAssociationConstants.ErrorMessages.ERROR_WHILE_UPDATING_SESSION.getDescription(), e3);
            } catch (AuthenticationException e4) {
                throw new UserAccountAssociationServerException(UserAccountAssociationConstants.ErrorMessages.ERROR_WHILE_RETRIEVING_REMOTE_ADDRESS.getDescription(), e4);
            }
        } catch (UserStoreException e5) {
            throw new UserAccountAssociationServerException(UserAccountAssociationConstants.ErrorMessages.ERROR_WHILE_GETTING_TENANT_ID.getDescription(), e5);
        } catch (Exception e6) {
            throw new UserAccountAssociationServerException(UserAccountAssociationConstants.ErrorMessages.ERROR_WHILE_LOADING_REALM_SERVICE.getDescription(), e6);
        }
    }

    private String getAuditMessage(boolean z, String str, int i, String str2, int i2, String str3) {
        Date time = Calendar.getInstance().getTime();
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("'['yyyy-MM-dd HH:mm:ss,SSSZ']'");
        return z ? "'" + str + "' [" + i + "] switched to '" + str2 + "@" + str3 + " [" + i2 + "]' successfully at " + simpleDateFormat.format(time) : "Failed to switch from '" + str + "' [" + i + "] to '" + str2 + "@" + str3 + " [" + i2 + "]' at " + simpleDateFormat.format(time);
    }
}
