package org.wso2.carbon.identity.application.authenticator.backupcode;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.extension.identity.helper.FederatedAuthenticatorUtil;
import org.wso2.carbon.extension.identity.helper.util.IdentityHelperUtil;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authenticator.backupcode.constants.BackupCodeAuthenticatorConstants;
import org.wso2.carbon.identity.application.authenticator.backupcode.exception.BackupCodeException;
import org.wso2.carbon.identity.application.authenticator.backupcode.internal.BackupCodeDataHolder;
import org.wso2.carbon.identity.application.authenticator.backupcode.util.BackupCodeUtil;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.JustInTimeProvisioningConfig;
import org.wso2.carbon.identity.core.ServiceURLBuilder;
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.model.IdentityErrorMsgContext;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/backupcode/BackupCodeAuthenticator.class */
public class BackupCodeAuthenticator extends AbstractApplicationAuthenticator implements LocalApplicationAuthenticator {
    private static final Log log = LogFactory.getLog(BackupCodeAuthenticator.class);
    private static final String BACKUP_CODE_SEPARATOR = ",";

    public AuthenticatorFlowStatus process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException, LogoutFailedException {
        if (authenticationContext.isLogoutRequest()) {
            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
        }
        if (httpServletRequest.getParameter(BackupCodeAuthenticatorConstants.BACKUP_CODE) != null) {
            return super.process(httpServletRequest, httpServletResponse, authenticationContext);
        }
        initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
        return authenticationContext.getProperty(BackupCodeAuthenticatorConstants.AUTHENTICATION).equals(BackupCodeAuthenticatorConstants.BACKUP_CODE_AUTHENTICATOR_NAME) ? AuthenticatorFlowStatus.INCOMPLETE : AuthenticatorFlowStatus.SUCCESS_COMPLETED;
    }

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        return StringUtils.isNotBlank(httpServletRequest.getParameter(BackupCodeAuthenticatorConstants.BACKUP_CODE));
    }

    protected boolean retryAuthenticationEnabled() {
        return true;
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("sessionDataKey");
    }

    public String getName() {
        return BackupCodeAuthenticatorConstants.BACKUP_CODE_AUTHENTICATOR_NAME;
    }

    public String getFriendlyName() {
        return BackupCodeAuthenticatorConstants.BACKUP_CODE_AUTHENTICATOR_FRIENDLY_NAME;
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String tenantDomain = authenticationContext.getTenantDomain();
        authenticationContext.setProperty(BackupCodeAuthenticatorConstants.AUTHENTICATION, BackupCodeAuthenticatorConstants.BACKUP_CODE_AUTHENTICATOR_NAME);
        if (!tenantDomain.equals(BackupCodeAuthenticatorConstants.SUPER_TENANT_DOMAIN)) {
            IdentityHelperUtil.loadApplicationAuthenticationXMLFromRegistry(authenticationContext, getName(), tenantDomain);
        }
        AuthenticatedUser authenticatedUser = BackupCodeUtil.getAuthenticatedUser(authenticationContext);
        if (authenticatedUser == null) {
            throw new AuthenticationFailedException(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_NO_AUTHENTICATED_USER.getCode(), BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_NO_AUTHENTICATED_USER.getMessage());
        }
        String mappedLocalUsername = getMappedLocalUsername(authenticatedUser, authenticationContext);
        boolean isBlank = StringUtils.isBlank(mappedLocalUsername);
        try {
            AuthenticatedUser resolveAuthenticatingUser = resolveAuthenticatingUser(authenticationContext, authenticatedUser, mappedLocalUsername, tenantDomain, isBlank);
            String addTenantDomainToEntry = UserCoreUtil.addTenantDomainToEntry(resolveAuthenticatingUser.getUserName(), tenantDomain);
            authenticationContext.setProperty(BackupCodeAuthenticatorConstants.AUTHENTICATED_USER, resolveAuthenticatingUser);
            String str = authenticationContext.isRetrying() ? "&authFailure=true&authFailureMsg=login.fail.message" : "";
            Map parameterMap = getAuthenticatorConfig().getParameterMap();
            boolean parseBoolean = Boolean.parseBoolean((String) parameterMap.get("showAuthFailureReason"));
            boolean z = false;
            if (parseBoolean) {
                z = Boolean.parseBoolean((String) parameterMap.get("showAuthFailureReasonOnLoginPage"));
            }
            String errorParamsStringFromErrorContext = parseBoolean ? getErrorParamsStringFromErrorContext() : "";
            boolean z2 = false;
            if (!isBlank) {
                z2 = isBackupCodesExistForUser(UserCoreUtil.addDomainToName(addTenantDomainToEntry, resolveAuthenticatingUser.getUserStoreDomain()));
            }
            if (z2 && log.isDebugEnabled()) {
                log.debug("Backup codes exists for the user: " + addTenantDomainToEntry);
            }
            String multiOptionURIQueryParam = BackupCodeUtil.getMultiOptionURIQueryParam(httpServletRequest);
            if (z2) {
                if (!z) {
                    errorParamsStringFromErrorContext = "";
                }
                httpServletResponse.sendRedirect(buildBackupCodeLoginPageURL(authenticationContext, addTenantDomainToEntry, str, errorParamsStringFromErrorContext, multiOptionURIQueryParam));
            } else {
                httpServletResponse.sendRedirect(buildBackupCodeErrorPageURL(authenticationContext, addTenantDomainToEntry, str, errorParamsStringFromErrorContext, multiOptionURIQueryParam));
            }
        } catch (IOException e) {
            throw new AuthenticationFailedException("Error when redirecting the backup code login response, user : " + ((String) null), e);
        } catch (BackupCodeException e2) {
            throw new AuthenticationFailedException("Error when checking backup code enabled for the user : " + ((String) null), e2);
        } catch (URLBuilderException | URISyntaxException e3) {
            throw new AuthenticationFailedException("Error while building backup code page URL.", e3);
        } catch (AuthenticationFailedException e4) {
            throw new AuthenticationFailedException("Authentication failed!. Cannot get the username from first step.", e4);
        }
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String backupCodesForLocalUser;
        String parameter = httpServletRequest.getParameter(BackupCodeAuthenticatorConstants.BACKUP_CODE);
        AuthenticatedUser authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(BackupCodeAuthenticatorConstants.AUTHENTICATED_USER);
        String fullQualifiedUsername = authenticatedUser.toFullQualifiedUsername();
        validateAccountLockStatusForLocalUser(authenticationContext, fullQualifiedUsername);
        if (StringUtils.isBlank(parameter)) {
            try {
                handleBackupCodeVerificationFail(authenticatedUser);
                throw new AuthenticationFailedException("Empty Backup code in the request. Authentication Failed for user: " + fullQualifiedUsername);
            } catch (BackupCodeException e) {
                throw new AuthenticationFailedException(e.getMessage());
            }
        }
        try {
            if (isInitialFederationAttempt(authenticationContext)) {
                backupCodesForLocalUser = backupCodesForFederatedUser(authenticationContext);
                if (!isValidBackupCode(parameter, authenticationContext, fullQualifiedUsername, backupCodesForLocalUser)) {
                    throw new AuthenticationFailedException("Invalid Token. Authentication failed for federated user: " + fullQualifiedUsername);
                }
            } else {
                backupCodesForLocalUser = backupCodesForLocalUser(fullQualifiedUsername);
                if (!isValidBackupCode(parameter, authenticationContext, fullQualifiedUsername, backupCodesForLocalUser)) {
                    handleBackupCodeVerificationFail(authenticatedUser);
                    throw new AuthenticationFailedException("Invalid Token. Authentication failed, user :  " + fullQualifiedUsername);
                }
            }
            removeUsedBackupCode(parameter, fullQualifiedUsername, backupCodesForLocalUser);
            if (StringUtils.isNotBlank(fullQualifiedUsername)) {
                AuthenticatedUser authenticatedUser2 = new AuthenticatedUser();
                authenticatedUser2.setAuthenticatedSubjectIdentifier(fullQualifiedUsername);
                authenticatedUser2.setUserName(UserCoreUtil.removeDomainFromName(MultitenantUtils.getTenantAwareUsername(fullQualifiedUsername)));
                authenticatedUser2.setUserStoreDomain(UserCoreUtil.extractDomainFromName(fullQualifiedUsername));
                authenticatedUser2.setTenantDomain(MultitenantUtils.getTenantDomain(fullQualifiedUsername));
                authenticationContext.setSubject(authenticatedUser2);
            } else {
                authenticationContext.setSubject(AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(fullQualifiedUsername));
            }
            try {
                resetBackupCodeFailedAttempts(authenticatedUser);
            } catch (BackupCodeException e2) {
                throw new AuthenticationFailedException("Error occurred while resetting account lock claim");
            }
        } catch (BackupCodeException e3) {
            throw new AuthenticationFailedException("Backup code Authentication process failed for user " + fullQualifiedUsername, e3);
        }
    }

    private boolean isJitProvisioningEnabled(AuthenticatedUser authenticatedUser, String str) throws AuthenticationFailedException {
        String federatedIdPName = authenticatedUser.getFederatedIdPName();
        JustInTimeProvisioningConfig justInTimeProvisioningConfig = getIdentityProvider(federatedIdPName, str).getJustInTimeProvisioningConfig();
        if (justInTimeProvisioningConfig != null) {
            return justInTimeProvisioningConfig.isProvisioningEnabled();
        }
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug(String.format("No JIT provisioning configs for idp: %s in tenant: %s", federatedIdPName, str));
        return false;
    }

    private IdentityProvider getIdentityProvider(String str, String str2) throws AuthenticationFailedException {
        try {
            IdentityProvider idPByName = BackupCodeDataHolder.getIdpManager().getIdPByName(str, str2);
            if (idPByName == null) {
                throw new AuthenticationFailedException(String.format(BackupCodeAuthenticatorConstants.ErrorMessages.INVALID_FEDERATED_AUTHENTICATOR.getMessage(), str, str2));
            }
            return idPByName;
        } catch (IdentityProviderManagementException e) {
            throw new AuthenticationFailedException(String.format(BackupCodeAuthenticatorConstants.ErrorMessages.INVALID_FEDERATED_AUTHENTICATOR.getMessage(), str, str2));
        }
    }

    private String getMappedLocalUsername(AuthenticatedUser authenticatedUser, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        if (!authenticatedUser.isFederatedUser()) {
            return authenticatedUser.getUserName();
        }
        String loggedInFederatedUser = FederatedAuthenticatorUtil.getLoggedInFederatedUser(authenticationContext);
        if (StringUtils.isBlank(loggedInFederatedUser)) {
            throw new AuthenticationFailedException(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_NO_FEDERATED_USER.getCode(), BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_NO_FEDERATED_USER.getMessage());
        }
        String localUsernameAssociatedWithFederatedUser = FederatedAuthenticatorUtil.getLocalUsernameAssociatedWithFederatedUser(MultitenantUtils.getTenantAwareUsername(loggedInFederatedUser), authenticationContext);
        if (StringUtils.isNotBlank(localUsernameAssociatedWithFederatedUser)) {
            return localUsernameAssociatedWithFederatedUser;
        }
        return null;
    }

    private AuthenticatedUser resolveAuthenticatingUser(AuthenticationContext authenticationContext, AuthenticatedUser authenticatedUser, String str, String str2, boolean z) throws AuthenticationFailedException {
        if (!authenticatedUser.isFederatedUser()) {
            return authenticatedUser;
        }
        if (!isJitProvisioningEnabled(authenticatedUser, str2)) {
            throw new AuthenticationFailedException(BackupCodeAuthenticatorConstants.ErrorMessages.INVALID_FEDERATED_USER_AUTHENTICATION.getCode(), BackupCodeAuthenticatorConstants.ErrorMessages.INVALID_FEDERATED_USER_AUTHENTICATION.getMessage());
        }
        if (z) {
            authenticationContext.setProperty(BackupCodeAuthenticatorConstants.IS_INITIAL_FEDERATED_USER_ATTEMPT, true);
            return authenticatedUser;
        }
        AuthenticatedUser authenticatedUser2 = new AuthenticatedUser(authenticatedUser);
        authenticatedUser2.setUserName(str);
        authenticatedUser2.setUserStoreDomain(getFederatedUserStoreDomain(authenticatedUser, str2));
        return authenticatedUser2;
    }

    private String getFederatedUserStoreDomain(AuthenticatedUser authenticatedUser, String str) throws AuthenticationFailedException {
        String federatedIdPName = authenticatedUser.getFederatedIdPName();
        JustInTimeProvisioningConfig justInTimeProvisioningConfig = getIdentityProvider(federatedIdPName, str).getJustInTimeProvisioningConfig();
        if (justInTimeProvisioningConfig == null) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug(String.format("No JIT provisioning configs for idp: %s in tenant: %s", federatedIdPName, str));
            return null;
        }
        String provisioningUserStore = justInTimeProvisioningConfig.getProvisioningUserStore();
        if (log.isDebugEnabled()) {
            log.debug(String.format("Setting user store: %s as the provisioning user store for user: %s in tenant: %s", provisioningUserStore, authenticatedUser.getUserName(), str));
        }
        return provisioningUserStore;
    }

    private boolean isBackupCodesExistForUser(String str) throws BackupCodeException, AuthenticationFailedException {
        String str2 = null;
        try {
            str2 = MultitenantUtils.getTenantAwareUsername(str);
            return StringUtils.isNotBlank((String) BackupCodeUtil.getUserStoreManagerOfUser(str).getUserClaimValues(str2, new String[]{BackupCodeAuthenticatorConstants.Claims.BACKUP_CODES_CLAIM}, (String) null).get(BackupCodeAuthenticatorConstants.Claims.BACKUP_CODES_CLAIM));
        } catch (UserStoreException e) {
            throw new BackupCodeException(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_GETTING_THE_USER_STORE_MANAGER.getCode(), String.format(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_GETTING_THE_USER_STORE_MANAGER.getMessage(), str2, e));
        }
    }

    private String buildBackupCodeLoginPageURL(AuthenticationContext authenticationContext, String str, String str2, String str3, String str4) throws AuthenticationFailedException, URISyntaxException, URLBuilderException {
        return buildAbsoluteURL(FrameworkUtils.appendQueryParamsStringToUrl(BackupCodeUtil.getBackupCodeLoginPage(authenticationContext), "sessionDataKey=" + authenticationContext.getContextIdentifier() + "&authenticators=" + getName() + "&type=backup-code" + str2 + "&username=" + str + str3 + str4));
    }

    private String buildErrorParamString(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            sb.append("&").append(entry.getKey()).append("=").append(entry.getValue());
        }
        return sb.toString();
    }

    private String getErrorParamsStringFromErrorContext() {
        String str = "";
        IdentityErrorMsgContext identityErrorMsg = IdentityUtil.getIdentityErrorMsg();
        IdentityUtil.clearIdentityErrorMsg();
        if (identityErrorMsg != null) {
            log.debug("Identity error message context is not null.");
            String errorCode = identityErrorMsg.getErrorCode();
            String str2 = null;
            if (StringUtils.isNotBlank(errorCode)) {
                String[] split = errorCode.split(":", 2);
                String str3 = split[0];
                if (split.length > 1) {
                    str2 = split[1];
                }
                if (str3.equals("17003")) {
                    HashMap hashMap = new HashMap();
                    hashMap.put("errorCode", str3);
                    if (StringUtils.isNotBlank(str2)) {
                        hashMap.put("lockedReason", str2);
                    } else if (identityErrorMsg.getFailedLoginAttempts() == identityErrorMsg.getMaximumLoginAttempts()) {
                        hashMap.put("lockedReason", BackupCodeAuthenticatorConstants.MAX_ATTEMPTS_EXCEEDED);
                    }
                    str = buildErrorParamString(hashMap);
                }
            }
        }
        return str;
    }

    private String buildAbsoluteURL(String str) throws URISyntaxException, URLBuilderException {
        return new URI(str).isAbsolute() ? str : ServiceURLBuilder.create().addPath(new String[]{str}).build().getAbsolutePublicURL();
    }

    private String buildBackupCodeErrorPageURL(AuthenticationContext authenticationContext, String str, String str2, String str3, String str4) throws AuthenticationFailedException, URISyntaxException, URLBuilderException {
        return buildAbsoluteURL(FrameworkUtils.appendQueryParamsStringToUrl(BackupCodeUtil.getBackupCodeErrorPage(authenticationContext), "sessionDataKey=" + authenticationContext.getContextIdentifier() + "&authenticators=" + getName() + "&type=backup_code_error" + str2 + "&username=" + str + str3 + str4));
    }

    private void validateAccountLockStatusForLocalUser(AuthenticationContext authenticationContext, String str) throws AuthenticationFailedException {
        boolean isLocalUser = BackupCodeUtil.isLocalUser(authenticationContext);
        AuthenticatedUser authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(BackupCodeAuthenticatorConstants.AUTHENTICATED_USER);
        String tenantDomain = MultitenantUtils.getTenantDomain(str);
        String extractDomainFromName = UserCoreUtil.extractDomainFromName(str);
        if (isLocalUser && BackupCodeUtil.isAccountLocked(authenticatedUser.getUserName(), tenantDomain, extractDomainFromName)) {
            setErrorContextWhenAccountLocked(str);
            String format = String.format("Authentication failed since authenticated user: %s, account is locked.", getUserStoreAppendedName(str));
            if (log.isDebugEnabled()) {
                log.debug(format);
            }
            throw new AuthenticationFailedException(format);
        }
    }

    private void setErrorContextWhenAccountLocked(String str) throws AuthenticationFailedException {
        try {
            Map userClaimValues = BackupCodeUtil.getUserStoreManagerOfUser(str).getUserClaimValues(MultitenantUtils.getTenantAwareUsername(str), new String[]{BackupCodeAuthenticatorConstants.Claims.ACCOUNT_LOCKED_REASON_CLAIM}, (String) null);
            IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext("17003:" + (userClaimValues != null ? (String) userClaimValues.get(BackupCodeAuthenticatorConstants.Claims.ACCOUNT_LOCKED_REASON_CLAIM) : "")));
        } catch (UserStoreException | BackupCodeException e) {
            throw new AuthenticationFailedException("Could not get the account locked reason. Authentication Failed for user: " + str);
        }
    }

    private boolean isInitialFederationAttempt(AuthenticationContext authenticationContext) {
        if (authenticationContext.getProperty(BackupCodeAuthenticatorConstants.IS_INITIAL_FEDERATED_USER_ATTEMPT) != null) {
            return Boolean.parseBoolean(authenticationContext.getProperty(BackupCodeAuthenticatorConstants.IS_INITIAL_FEDERATED_USER_ATTEMPT).toString());
        }
        return false;
    }

    private String backupCodesForFederatedUser(AuthenticationContext authenticationContext) {
        String str = null;
        if (authenticationContext.getProperty(BackupCodeAuthenticatorConstants.Claims.BACKUP_CODES_CLAIM) != null) {
            str = authenticationContext.getProperty(BackupCodeAuthenticatorConstants.Claims.BACKUP_CODES_CLAIM).toString();
        }
        return str;
    }

    private String backupCodesForLocalUser(String str) throws BackupCodeException {
        String str2 = null;
        try {
            str2 = MultitenantUtils.getTenantAwareUsername(str);
            return (String) BackupCodeUtil.getUserStoreManagerOfUser(str).getUserClaimValues(str2, new String[]{BackupCodeAuthenticatorConstants.Claims.BACKUP_CODES_CLAIM}, (String) null).get(BackupCodeAuthenticatorConstants.Claims.BACKUP_CODES_CLAIM);
        } catch (UserStoreException e) {
            throw new BackupCodeException(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_ACCESS_USER_REALM.getCode(), String.format(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_ACCESS_USER_REALM.getMessage(), str2, e));
        }
    }

    private boolean isValidBackupCode(String str, AuthenticationContext authenticationContext, String str2, String str3) throws BackupCodeException {
        if (StringUtils.isBlank(str3)) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("No backup codes found for user: " + str2);
            return false;
        }
        if (new ArrayList(Arrays.asList(str3.split(BACKUP_CODE_SEPARATOR))).contains(BackupCodeUtil.generateHashBackupCode(str))) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Saved backup code found for the user: " + str2);
            return true;
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Given code: %s does not match with any saved backup codes codes for user: %s", str, str2));
        }
        authenticationContext.setProperty(BackupCodeAuthenticatorConstants.CODE_MISMATCH, true);
        return false;
    }

    private void removeUsedBackupCode(String str, String str2, String str3) throws BackupCodeException {
        ArrayList arrayList = new ArrayList(Arrays.asList(str3.split(BACKUP_CODE_SEPARATOR)));
        arrayList.remove(BackupCodeUtil.generateHashBackupCode(str));
        String join = String.join(BACKUP_CODE_SEPARATOR, arrayList);
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str2);
        try {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Removing used token: %s from the backup code list of user: %s", str, str2));
            }
            HashMap hashMap = new HashMap();
            hashMap.put(BackupCodeAuthenticatorConstants.Claims.BACKUP_CODES_CLAIM, join);
            BackupCodeUtil.getUserStoreManagerOfUser(str2).setUserClaimValues(tenantAwareUsername, hashMap, (String) null);
        } catch (UserStoreException e) {
            throw new BackupCodeException(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_UPDATING_BACKUP_CODES.getCode(), BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_UPDATING_BACKUP_CODES.getMessage(), e);
        }
    }

    private void resetBackupCodeFailedAttempts(AuthenticatedUser authenticatedUser) throws BackupCodeException {
        UserStoreManager userStoreManagerOfUser = BackupCodeUtil.getUserStoreManagerOfUser(authenticatedUser.toFullQualifiedUsername());
        HashMap hashMap = new HashMap();
        hashMap.put("authenticatorName", BackupCodeAuthenticatorConstants.BACKUP_CODE_AUTHENTICATOR_NAME);
        hashMap.put("PropertyFailedLoginAttemptsClaim", BackupCodeAuthenticatorConstants.Claims.BACKUP_CODE_FAILED_ATTEMPTS_CLAIM);
        hashMap.put("userStoreManager", userStoreManagerOfUser);
        hashMap.put("OPERATION_STATUS", true);
        triggerEvent("POST_NON_BASIC_AUTHENTICATION", authenticatedUser, hashMap);
    }

    private void handleBackupCodeVerificationFail(AuthenticatedUser authenticatedUser) throws BackupCodeException {
        UserStoreManager userStoreManagerOfUser = BackupCodeUtil.getUserStoreManagerOfUser(authenticatedUser.toFullQualifiedUsername());
        HashMap hashMap = new HashMap();
        hashMap.put("authenticatorName", BackupCodeAuthenticatorConstants.BACKUP_CODE_AUTHENTICATOR_NAME);
        hashMap.put("PropertyFailedLoginAttemptsClaim", BackupCodeAuthenticatorConstants.Claims.BACKUP_CODE_FAILED_ATTEMPTS_CLAIM);
        hashMap.put("userStoreManager", userStoreManagerOfUser);
        hashMap.put("OPERATION_STATUS", false);
        triggerEvent("POST_NON_BASIC_AUTHENTICATION", authenticatedUser, hashMap);
    }

    private void triggerEvent(String str, AuthenticatedUser authenticatedUser, Map<String, Object> map) throws BackupCodeException {
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", authenticatedUser.getUserName());
        hashMap.put("userstore-domain", authenticatedUser.getUserStoreDomain());
        hashMap.put("tenant-domain", authenticatedUser.getTenantDomain());
        if (map != null) {
            for (Map.Entry<String, Object> entry : map.entrySet()) {
                if (StringUtils.isNotBlank(entry.getKey()) && entry.getValue() != null) {
                    hashMap.put(entry.getKey(), entry.getValue());
                }
            }
        }
        try {
            BackupCodeDataHolder.getIdentityEventService().handleEvent(new Event(str, hashMap));
        } catch (IdentityEventException e) {
            throw new BackupCodeException(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_TRIGGERING_EVENT.getCode(), String.format(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_TRIGGERING_EVENT.getMessage(), str, authenticatedUser.getUserName()), e);
        }
    }
}
