package org.wso2.carbon.identity.recovery.endpoint.Utils;

import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.ws.rs.WebApplicationException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpResponse;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.slf4j.MDC;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.api.server.notification.sender.common.NotificationSenderManagementConstants;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.governance.IdentityGovernanceException;
import org.wso2.carbon.identity.governance.IdentityGovernanceService;
import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
import org.wso2.carbon.identity.recovery.bean.ChallengeQuestionResponse;
import org.wso2.carbon.identity.recovery.bean.ChallengeQuestionsResponse;
import org.wso2.carbon.identity.recovery.endpoint.Constants;
import org.wso2.carbon.identity.recovery.endpoint.Exceptions.BadRequestException;
import org.wso2.carbon.identity.recovery.endpoint.Exceptions.InternalServerErrorException;
import org.wso2.carbon.identity.recovery.endpoint.dto.ClaimDTO;
import org.wso2.carbon.identity.recovery.endpoint.dto.ErrorDTO;
import org.wso2.carbon.identity.recovery.endpoint.dto.InitiateAllQuestionResponseDTO;
import org.wso2.carbon.identity.recovery.endpoint.dto.InitiateQuestionResponseDTO;
import org.wso2.carbon.identity.recovery.endpoint.dto.LinkDTO;
import org.wso2.carbon.identity.recovery.endpoint.dto.PropertyDTO;
import org.wso2.carbon.identity.recovery.endpoint.dto.QuestionDTO;
import org.wso2.carbon.identity.recovery.endpoint.dto.ReCaptchaResponseTokenDTO;
import org.wso2.carbon.identity.recovery.endpoint.dto.SecurityAnswerDTO;
import org.wso2.carbon.identity.recovery.endpoint.dto.UserClaimDTO;
import org.wso2.carbon.identity.recovery.endpoint.dto.UserDTO;
import org.wso2.carbon.identity.recovery.internal.IdentityRecoveryServiceDataHolder;
import org.wso2.carbon.identity.recovery.model.ChallengeQuestion;
import org.wso2.carbon.identity.recovery.model.Property;
import org.wso2.carbon.identity.recovery.model.UserChallengeAnswer;
import org.wso2.carbon.identity.recovery.model.UserClaim;
import org.wso2.carbon.identity.recovery.password.NotificationPasswordRecoveryManager;
import org.wso2.carbon.identity.recovery.password.SecurityQuestionPasswordRecoveryManager;
import org.wso2.carbon.identity.recovery.signup.UserSelfRegistrationManager;
import org.wso2.carbon.identity.recovery.username.NotificationUsernameRecoveryManager;
import org.wso2.carbon.user.api.Claim;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.securevault.SecretResolver;
import org.wso2.securevault.SecretResolverFactory;
import org.wso2.securevault.commons.MiscellaneousUtil;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.api.user.recovery-1.5.71.jar:org/wso2/carbon/identity/recovery/endpoint/Utils/RecoveryUtil.class */
public class RecoveryUtil {
    private static final String USERNAME_CLAIM = "http://wso2.org/claims/username";
    private static final Log LOG = LogFactory.getLog(RecoveryUtil.class);

    public static NotificationPasswordRecoveryManager getNotificationBasedPwdRecoveryManager() {
        return (NotificationPasswordRecoveryManager) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(NotificationPasswordRecoveryManager.class, (Hashtable) null);
    }

    public static SecurityQuestionPasswordRecoveryManager getSecurityQuestionBasedPwdRecoveryManager() {
        return (SecurityQuestionPasswordRecoveryManager) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(SecurityQuestionPasswordRecoveryManager.class, (Hashtable) null);
    }

    public static NotificationUsernameRecoveryManager getNotificationBasedUsernameRecoveryManager() {
        return (NotificationUsernameRecoveryManager) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(NotificationUsernameRecoveryManager.class, (Hashtable) null);
    }

    public static UserSelfRegistrationManager getUserSelfRegistrationManager() {
        return (UserSelfRegistrationManager) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(UserSelfRegistrationManager.class, (Hashtable) null);
    }

    public static IdentityGovernanceService getIdentityGovernanceService() {
        return (IdentityGovernanceService) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(IdentityGovernanceService.class, (Hashtable) null);
    }

    public static void handleInternalServerError(String str, String str2, Log log, Throwable th) throws InternalServerErrorException {
        WebApplicationException buildInternalServerErrorException = buildInternalServerErrorException(str2);
        if (th == null) {
            log.error(str);
        } else {
            log.error(str, th);
        }
        throw buildInternalServerErrorException;
    }

    public static InternalServerErrorException buildInternalServerErrorException(String str) {
        return new InternalServerErrorException(getErrorDTO("Internal server error", str, "The server encountered an internal error. Please contact administrator."));
    }

    public static void handleBadRequest(String str, String str2) throws BadRequestException {
        throw buildBadRequestException(str, str2);
    }

    public static BadRequestException buildBadRequestException(String str, String str2) {
        return new BadRequestException(getErrorDTO("Bad Request", str2, str));
    }

    public static boolean isCorrelationIDPresent() {
        return MDC.get("Correlation-ID") != null;
    }

    public static String getCorrelation() {
        String str = null;
        if (isCorrelationIDPresent()) {
            str = MDC.get("Correlation-ID");
        }
        return str;
    }

    public static ErrorDTO getErrorDTO(String str, String str2, String str3) {
        ErrorDTO errorDTO = new ErrorDTO();
        errorDTO.setCode(str2);
        errorDTO.setMessage(str);
        errorDTO.setDescription(str3);
        errorDTO.setRef(getCorrelation());
        return errorDTO;
    }

    public static ClaimDTO[] getClaimDTOs(Claim[] claimArr) {
        if (claimArr == null) {
            return new ClaimDTO[0];
        }
        ClaimDTO[] claimDTOArr = new ClaimDTO[claimArr.length];
        for (int i = 0; i < claimArr.length; i++) {
            claimDTOArr[i] = getClaimDTO(claimArr[i]);
        }
        return claimDTOArr;
    }

    public static ClaimDTO getClaimDTO(Claim claim) {
        ClaimDTO claimDTO = new ClaimDTO();
        claimDTO.setUri(claim.getClaimUri());
        claimDTO.setValue(claim.getValue());
        claimDTO.setDialect(claim.getDialectURI());
        claimDTO.setDescription(claim.getDescription());
        claimDTO.setReadOnly(Boolean.valueOf(claim.isReadOnly()));
        claimDTO.setRequired(Boolean.valueOf(claim.isRequired()));
        claimDTO.setDisplayName(claim.getDisplayTag());
        claimDTO.setValidationRegex(claim.getRegEx());
        return claimDTO;
    }

    public static UserClaim[] getUserClaims(List<UserClaimDTO> list) {
        UserClaim[] userClaimArr = new UserClaim[list.size()];
        for (int i = 0; i < list.size(); i++) {
            userClaimArr[i] = new UserClaim(list.get(i).getUri(), list.get(i).getValue());
        }
        return userClaimArr;
    }

    public static InitiateQuestionResponseDTO getInitiateQuestionResponseDTO(ChallengeQuestionResponse challengeQuestionResponse) {
        InitiateQuestionResponseDTO initiateQuestionResponseDTO = new InitiateQuestionResponseDTO();
        QuestionDTO questionDTO = new QuestionDTO();
        if (challengeQuestionResponse.getQuestion() != null) {
            questionDTO.setQuestion(challengeQuestionResponse.getQuestion().getQuestion());
            questionDTO.setQuestionSetId(challengeQuestionResponse.getQuestion().getQuestionSetId());
            initiateQuestionResponseDTO.setQuestion(questionDTO);
        }
        initiateQuestionResponseDTO.setKey(challengeQuestionResponse.getCode());
        LinkDTO linkDTO = new LinkDTO();
        if ("COMPLETE".equals(challengeQuestionResponse.getStatus())) {
            linkDTO.setRel("set-password");
            linkDTO.setUri("/api/identity/recovery/v0.9");
        } else {
            linkDTO.setRel("validate-answer");
            linkDTO.setUri("/api/identity/recovery/v0.9");
        }
        initiateQuestionResponseDTO.setLink(linkDTO);
        return initiateQuestionResponseDTO;
    }

    public static InitiateAllQuestionResponseDTO getInitiateQuestionResponseDTO(ChallengeQuestionsResponse challengeQuestionsResponse) {
        InitiateAllQuestionResponseDTO initiateAllQuestionResponseDTO = new InitiateAllQuestionResponseDTO();
        ArrayList arrayList = new ArrayList();
        for (ChallengeQuestion challengeQuestion : challengeQuestionsResponse.getQuestion()) {
            QuestionDTO questionDTO = new QuestionDTO();
            questionDTO.setQuestion(challengeQuestion.getQuestion());
            questionDTO.setQuestionSetId(challengeQuestion.getQuestionSetId());
            arrayList.add(questionDTO);
        }
        initiateAllQuestionResponseDTO.setQuestions(arrayList);
        initiateAllQuestionResponseDTO.setKey(challengeQuestionsResponse.getCode());
        LinkDTO linkDTO = new LinkDTO();
        linkDTO.setRel("validate-answer");
        linkDTO.setUri("/api/identity/recovery/v0.9");
        initiateAllQuestionResponseDTO.setLink(linkDTO);
        return initiateAllQuestionResponseDTO;
    }

    public static User getUser(UserDTO userDTO) {
        User user = new User();
        user.setTenantDomain(userDTO.getTenantDomain());
        if (StringUtils.isNotBlank(userDTO.getRealm())) {
            user.setUserStoreDomain(userDTO.getRealm());
        }
        user.setUserName(userDTO.getUsername());
        return user;
    }

    public static UserDTO getUserDTO(User user) {
        UserDTO userDTO = new UserDTO();
        if (user == null) {
            return userDTO;
        }
        userDTO.setTenantDomain(user.getTenantDomain());
        if (StringUtils.isNotBlank(user.getUserStoreDomain())) {
            userDTO.setRealm(user.getUserStoreDomain());
        } else {
            userDTO.setRealm(IdentityUtil.getPrimaryDomainName());
        }
        userDTO.setUsername(user.getUserName());
        return userDTO;
    }

    public static UserChallengeAnswer[] getUserChallengeAnswers(List<SecurityAnswerDTO> list) {
        UserChallengeAnswer[] userChallengeAnswerArr = new UserChallengeAnswer[list.size()];
        for (int i = 0; i < list.size(); i++) {
            userChallengeAnswerArr[i] = new UserChallengeAnswer(new ChallengeQuestion(list.get(i).getQuestionSetId(), (String) null), list.get(i).getAnswer());
        }
        return userChallengeAnswerArr;
    }

    public static Property[] getProperties(List<PropertyDTO> list) {
        if (list == null) {
            return new Property[0];
        }
        Property[] propertyArr = new Property[list.size()];
        for (int i = 0; i < list.size(); i++) {
            propertyArr[i] = new Property(list.get(i).getKey(), list.get(i).getValue());
        }
        return propertyArr;
    }

    public static boolean isValidTenantDomain(String str) {
        try {
            return IdentityTenantUtil.getTenantId(str) != -1;
        } catch (Exception e) {
            return false;
        }
    }

    public static String[] getUserList(int i, String str) {
        String[] strArr = null;
        RealmService realmService = IdentityRecoveryServiceDataHolder.getInstance().getRealmService();
        try {
            if (realmService.getTenantUserRealm(i) != null) {
                strArr = realmService.getTenantUserRealm(i).getUserStoreManager().listUsers(str, 2);
            }
        } catch (Exception e) {
            handleInternalServerError("Error retrieving the user-list for the tenant : " + i, "500", LOG, e);
        }
        return strArr;
    }

    public static boolean checkCaptchaEnabledResidentIdpConfiguration(String str, String str2) {
        String str3 = null;
        org.wso2.carbon.identity.application.common.model.Property[] propertyArr = new org.wso2.carbon.identity.application.common.model.Property[0];
        IdentityGovernanceService identityGovernanceService = getIdentityGovernanceService();
        String str4 = null;
        if (StringUtils.isBlank(str)) {
            str = "carbon.super";
        } else if (!isValidTenantDomain(str)) {
            handleBadRequest(String.format("Invalid tenant domain : %s", str), IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_TENANT.getCode());
        }
        if (Constants.USERNAME_RECOVERY.equals(str2)) {
            str3 = "Recovery.ReCaptcha.Username.Enable";
        } else if (Constants.PASSWORD_RECOVERY.equals(str2)) {
            str3 = "Recovery.ReCaptcha.Password.Enable";
        }
        try {
            propertyArr = identityGovernanceService.getConfiguration(new String[]{str3}, str);
        } catch (IdentityGovernanceException e) {
            LOG.error(String.format("Error while retrieving resident Idp configurations for tenant %s. ", str), e);
            handleBadRequest(String.format("Error while retrieving resident Idp configurations for tenant %s. ", str), "Internal server error");
        }
        for (org.wso2.carbon.identity.application.common.model.Property property : propertyArr) {
            if (str3 != null && str3.equals(property.getName())) {
                str4 = property.getValue();
            }
        }
        return Boolean.parseBoolean(str4);
    }

    public static Properties getValidatedCaptchaConfigs() {
        Path path = Paths.get(IdentityUtil.getIdentityConfigDirPath(), "captcha-config.properties");
        Properties properties = new Properties();
        if (Files.exists(path, new LinkOption[0])) {
            try {
                InputStreamReader inputStreamReader = new InputStreamReader(Files.newInputStream(path, new OpenOption[0]), StandardCharsets.UTF_8);
                Throwable th = null;
                try {
                    try {
                        properties.load(inputStreamReader);
                        if (inputStreamReader != null) {
                            if (0 != 0) {
                                try {
                                    inputStreamReader.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                inputStreamReader.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e) {
                LOG.error(String.format("Error while loading '%s' configuration file", "captcha-config.properties"), e);
                handleBadRequest(String.format("Error while loading '%s' configuration file", "captcha-config.properties"), "Internal server error");
            }
            resolveSecrets(properties);
        }
        return validateCaptchaConfigs(properties);
    }

    private static Properties validateCaptchaConfigs(Properties properties) {
        boolean booleanValue = Boolean.valueOf(properties.getProperty("recaptcha.enabled")).booleanValue();
        if (booleanValue && StringUtils.isBlank(properties.getProperty("recaptcha.site.key"))) {
            handleBadRequest(String.format("%s is not found ", "recaptcha.site.key"), "Internal server error");
        }
        if (StringUtils.isBlank(properties.getProperty("recaptcha.api.url"))) {
            handleBadRequest(String.format("%s is not found ", "recaptcha.api.url"), "Internal server error");
        }
        if (booleanValue && StringUtils.isBlank(properties.getProperty("recaptcha.secret.key"))) {
            handleBadRequest(String.format("%s is not found ", "recaptcha.secret.key"), "Internal server error");
        }
        if (StringUtils.isBlank(properties.getProperty("recaptcha.verify.url"))) {
            handleBadRequest(String.format("%s is not found ", "recaptcha.verify.url"), "Internal server error");
        }
        return properties;
    }

    public static HttpResponse makeCaptchaVerificationHttpRequest(ReCaptchaResponseTokenDTO reCaptchaResponseTokenDTO, Properties properties) {
        CloseableHttpResponse closeableHttpResponse = null;
        String property = properties.getProperty("recaptcha.secret.key");
        String property2 = properties.getProperty("recaptcha.verify.url");
        CloseableHttpClient build = HttpClientBuilder.create().useSystemProperties().build();
        HttpPost httpPost = new HttpPost(property2);
        httpPost.setEntity(new UrlEncodedFormEntity(Arrays.asList(new BasicNameValuePair(NotificationSenderManagementConstants.SECRET, property), new BasicNameValuePair("response", reCaptchaResponseTokenDTO.getToken())), StandardCharsets.UTF_8));
        try {
            closeableHttpResponse = build.execute(httpPost);
        } catch (IOException e) {
            handleBadRequest(String.format("Unable to get the verification response : %s", e.getMessage()), "Internal server error");
        }
        return closeableHttpResponse;
    }

    private static void resolveSecrets(Properties properties) {
        SecretResolver create = SecretResolverFactory.create(properties);
        if (create == null || !create.isInitialized()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Secret Resolver is not present. Will not resolve encryptions for captcha configurations");
                return;
            }
            return;
        }
        for (Map.Entry entry : properties.entrySet()) {
            String obj = entry.getKey().toString();
            String obj2 = entry.getValue().toString();
            if (obj2 != null) {
                obj2 = MiscellaneousUtil.resolve(obj2, create);
            }
            properties.put(obj, obj2);
        }
    }
}
