package org.wso2.carbon.identity.mgt.services;

import java.util.UUID;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.captcha.mgt.beans.CaptchaInfoBean;
import org.wso2.carbon.captcha.mgt.util.CaptchaUtil;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.mgt.IdentityMgtConfig;
import org.wso2.carbon.identity.mgt.IdentityMgtServiceException;
import org.wso2.carbon.identity.mgt.RecoveryProcessor;
import org.wso2.carbon.identity.mgt.beans.UserIdentityMgtBean;
import org.wso2.carbon.identity.mgt.beans.VerificationBean;
import org.wso2.carbon.identity.mgt.constants.IdentityMgtConstants;
import org.wso2.carbon.identity.mgt.dto.UserChallengesDTO;
import org.wso2.carbon.identity.mgt.dto.UserDTO;
import org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO;
import org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO;
import org.wso2.carbon.identity.mgt.dto.UserRecoveryDataDO;
import org.wso2.carbon.identity.mgt.internal.IdentityMgtServiceComponent;
import org.wso2.carbon.identity.mgt.util.UserIdentityManagementUtil;
import org.wso2.carbon.identity.mgt.util.Utils;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/mgt/services/UserIdentityManagementService.class */
public class UserIdentityManagementService {
    Log log = LogFactory.getLog(UserIdentityManagementService.class);

    public UserIdentityClaimDTO[] authenticateWithTemporaryCredentials(String str, String str2) throws IdentityMgtServiceException {
        try {
            int tenantId = Utils.getTenantId(MultitenantUtils.getTenantDomain(str));
            if (!UserIdentityManagementUtil.isValidIdentityMetadata(str, tenantId, "TEMPORARY_CREDENTIAL", str2)) {
                this.log.warn("WARNING: Invalidated temporary credential provided by " + str);
                throw new IdentityMgtServiceException("Invalid temporary credential provided");
            }
            IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager().authenticate(str, str2);
            UserIdentityManagementUtil.invalidateUserIdentityMetadata(str, tenantId, "TEMPORARY_CREDENTIAL", str2);
            return UserIdentityManagementUtil.getAllUserIdentityClaims(str);
        } catch (UserStoreException e) {
            this.log.error("Error while authenticating", e);
            throw new IdentityMgtServiceException("Error while authenticating the user");
        } catch (IdentityException e2) {
            this.log.error("Error while authenticating", e2);
            throw new IdentityMgtServiceException("Error while authenticating the user");
        }
    }

    public UserIdentityClaimDTO[] confirmUserRegistration(String str, String str2) throws IdentityMgtServiceException {
        try {
            int tenantId = Utils.getTenantId(MultitenantUtils.getTenantDomain(str));
            if (!UserIdentityManagementUtil.isValidIdentityMetadata(str, tenantId, "CONFIRMATION_CODE", str2)) {
                this.log.warn("WARNING: Invalid confirmation code provided by " + str);
                throw new IdentityMgtServiceException("Invalid confirmation code provided");
            }
            UserIdentityManagementUtil.unlockUserAccount(str, IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager());
            UserIdentityManagementUtil.invalidateUserIdentityMetadata(str, tenantId, "CONFIRMATION_CODE", str2);
            return UserIdentityManagementUtil.getAllUserIdentityClaims(str);
        } catch (UserStoreException e) {
            this.log.error("Error while confirming the account", e);
            throw new IdentityMgtServiceException("Error while confirming the account");
        } catch (IdentityException e2) {
            this.log.error("Error while confirming the account", e2);
            throw new IdentityMgtServiceException("Error while confirming the account");
        }
    }

    public void recoverUserIdentityWithSecurityQuestions(String str, UserIdentityClaimDTO[] userIdentityClaimDTOArr) throws IdentityMgtServiceException {
        try {
            int tenantId = Utils.getTenantId(MultitenantUtils.getTenantDomain(str));
            UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
            UserIdentityClaimDTO[] userSecurityQuestions = UserIdentityManagementUtil.getUserSecurityQuestions(str, userStoreManager);
            if (userIdentityClaimDTOArr.length < userSecurityQuestions.length) {
                throw new IdentityMgtServiceException("All questions must be answered");
            }
            int i = 0;
            for (UserIdentityClaimDTO userIdentityClaimDTO : userSecurityQuestions) {
                for (UserIdentityClaimDTO userIdentityClaimDTO2 : userIdentityClaimDTOArr) {
                    if (userIdentityClaimDTO2.getClaimUri().trim().equals(userIdentityClaimDTO.getClaimUri().trim())) {
                        if (!userIdentityClaimDTO2.getClaimValue().trim().equals(userIdentityClaimDTO.getClaimValue().trim())) {
                            throw new IdentityMgtServiceException("Invalid answeres. Identity recovery failed");
                        }
                        i++;
                    }
                }
            }
            if (i < userSecurityQuestions.length) {
                throw new IdentityMgtServiceException("All questions must be answered");
            }
            char[] generateTemporaryPassword = UserIdentityManagementUtil.generateTemporaryPassword();
            userStoreManager.updateCredentialByAdmin(str, generateTemporaryPassword);
            UserRecoveryDataDO userRecoveryDataDO = new UserRecoveryDataDO();
            userRecoveryDataDO.setUserName(str).setTenantId(tenantId).setCode(new String(generateTemporaryPassword));
            UserIdentityManagementUtil.storeUserIdentityMetadata(userRecoveryDataDO);
            UserIdentityMgtBean userIdentityMgtBean = new UserIdentityMgtBean();
            String userClaimValue = userStoreManager.getUserClaimValue(str, IdentityMgtConfig.getInstance().getAccountRecoveryClaim(), (String) null);
            this.log.debug("Sending email to " + userClaimValue);
            userIdentityMgtBean.setUserId(str).setUserTemporaryPassword(new String(generateTemporaryPassword)).setEmail(userClaimValue);
            UserIdentityManagementUtil.notifyViaEmail(userIdentityMgtBean);
        } catch (UserStoreException e) {
            this.log.error("Error while recovering user identity", e);
            throw new IdentityMgtServiceException("Error while recovering user identity");
        } catch (IdentityException e2) {
            this.log.error("Error while recovering user identity", e2);
            throw new IdentityMgtServiceException("Error while recovering user identity");
        }
    }

    public void recoverUserIdentityWithEmail(String str) throws IdentityMgtServiceException {
        try {
            UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(Utils.getTenantId(MultitenantUtils.getTenantDomain(str))).getUserStoreManager();
            char[] generateTemporaryPassword = UserIdentityManagementUtil.generateTemporaryPassword();
            userStoreManager.updateCredentialByAdmin(str, new String(generateTemporaryPassword));
            UserIdentityMgtBean userIdentityMgtBean = new UserIdentityMgtBean();
            String userClaimValue = userStoreManager.getUserClaimValue(str, IdentityMgtConfig.getInstance().getAccountRecoveryClaim(), (String) null);
            this.log.debug("Sending email to " + userClaimValue);
            userIdentityMgtBean.setUserId(str).setUserTemporaryPassword(new String(generateTemporaryPassword)).setEmail(userClaimValue);
            UserIdentityManagementUtil.notifyViaEmail(userIdentityMgtBean);
        } catch (UserStoreException e) {
            this.log.error("Error while recovering user identity", e);
            throw new IdentityMgtServiceException("Error while recovering user identity");
        } catch (IdentityException e2) {
            this.log.error("Error while recovering user identity", e2);
            throw new IdentityMgtServiceException("Error while recovering user identity");
        }
    }

    public String[] getPrimarySecurityQuestions() throws IdentityMgtServiceException {
        try {
            return UserIdentityManagementUtil.getPrimaryQuestions(-1234);
        } catch (IdentityException e) {
            throw new IdentityMgtServiceException("Error while reading security questions", e);
        }
    }

    public VerificationBean confirmUserAccount(String str) {
        return IdentityMgtServiceComponent.getRecoveryProcessor().verifyConfirmationKey(str);
    }

    public boolean processPasswordRecovery(String str, String str2, String str3) throws IdentityMgtServiceException {
        try {
            UserDTO processUserId = Utils.processUserId(str);
            RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
            if (!recoveryProcessor.verifyConfirmationKey(str2).isVerified()) {
                this.log.warn("Invalid user is trying to recover the password : " + str);
                return false;
            }
            UserRecoveryDTO userRecoveryDTO = new UserRecoveryDTO(processUserId);
            userRecoveryDTO.setNotification(IdentityMgtConstants.Notification.PASSWORD_RESET_RECOVERY);
            userRecoveryDTO.setNotificationType(str3);
            try {
                return recoveryProcessor.recoverWithNotification(userRecoveryDTO).isNotificationSent();
            } catch (IdentityException e) {
                throw new IdentityMgtServiceException("Error while password recovery.", e);
            }
        } catch (IdentityException e2) {
            throw new IdentityMgtServiceException("invalid user name", e2);
        }
    }

    public UserChallengesDTO[] getChallengeQuestionsForUser(String str, String str2) throws IdentityMgtServiceException {
        try {
            UserDTO processUserId = Utils.processUserId(str);
            RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
            if (!recoveryProcessor.verifyConfirmationKey(str2).isVerified()) {
                return new UserChallengesDTO[0];
            }
            try {
                recoveryProcessor.createConfirmationCode(processUserId, str2);
            } catch (IdentityException e) {
                this.log.error("Error in creating confirmation code.", e);
            }
            return recoveryProcessor.getQuestionProcessor().getChallengeQuestionsOfUser(processUserId.getUserId(), processUserId.getTenantId(), false);
        } catch (IdentityException e2) {
            throw new IdentityMgtServiceException("Invalid user name.", e2);
        }
    }

    public VerificationBean verifyChallengeQuestion(String str, String str2, UserChallengesDTO[] userChallengesDTOArr) throws IdentityMgtServiceException {
        VerificationBean verificationBean = new VerificationBean();
        verificationBean.setVerified(false);
        RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
        if (userChallengesDTOArr == null || userChallengesDTOArr.length < 1) {
            this.log.error("no challenges provided by user for verifications.");
            verificationBean.setError("no challenges provided by user for verifications.");
            return verificationBean;
        }
        try {
            UserDTO processUserId = Utils.processUserId(str);
            if (recoveryProcessor.verifyConfirmationKey(str2).isVerified()) {
                this.log.warn("Invalid user is trying to verify user challenges.");
                verificationBean.setError("Invalid user is trying to verify user challenges.");
                return verificationBean;
            }
            if (recoveryProcessor.getQuestionProcessor().verifyChallengeQuestion(processUserId.getUserId(), processUserId.getTenantId(), userChallengesDTOArr)) {
                String uuid = UUID.randomUUID().toString();
                try {
                    recoveryProcessor.createConfirmationCode(processUserId, uuid);
                } catch (IdentityException e) {
                    this.log.error("Error while creating confirmation code.", e);
                }
                verificationBean = new VerificationBean(str, uuid);
            }
            return verificationBean;
        } catch (IdentityException e2) {
            throw new IdentityMgtServiceException("Invalid user name.", e2);
        }
    }

    public VerificationBean updateCredential(String str, String str2, String str3, CaptchaInfoBean captchaInfoBean) {
        UserDTO processUserId;
        RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
        if (IdentityMgtConfig.getInstance().isCaptchaVerificationInternallyManaged()) {
            try {
                CaptchaUtil.processCaptchaInfoBean(captchaInfoBean);
            } catch (Exception e) {
                this.log.error("Error while processing captcha bean.", e);
                return new VerificationBean("18004");
            }
        }
        try {
            processUserId = Utils.processUserId(str);
        } catch (Exception e2) {
            this.log.error("Error while updating credential for user : " + str, e2);
        }
        if (!recoveryProcessor.verifyConfirmationKey(str2).isVerified()) {
            this.log.warn("Invalid user tried to update credential with user Id : " + processUserId.getUserId() + " and tenant domain : " + processUserId.getTenantDomain());
            return new VerificationBean("18013");
        }
        Utils.updatePassword(processUserId.getUserId(), processUserId.getTenantId(), str3);
        this.log.info("Credential is updated for user : " + processUserId.getUserId() + " and tenant domain : " + processUserId.getTenantDomain());
        return new VerificationBean(true);
    }
}
