package org.wso2.carbon.identity.account.suspension.notification.task;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.account.suspension.notification.task.exception.AccountSuspensionNotificationException;
import org.wso2.carbon.identity.account.suspension.notification.task.internal.NotificationTaskDataHolder;
import org.wso2.carbon.identity.account.suspension.notification.task.util.EmailUtil;
import org.wso2.carbon.identity.account.suspension.notification.task.util.NotificationConstants;
import org.wso2.carbon.identity.account.suspension.notification.task.util.NotificationReceiver;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.governance.IdentityGovernanceException;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.tenant.Tenant;

/* loaded from: input_file:org/wso2/carbon/identity/account/suspension/notification/task/AccountValidatorThread.class */
public class AccountValidatorThread implements Runnable {
    private static final Log log = LogFactory.getLog(AccountValidatorThread.class);

    @Override // java.lang.Runnable
    public void run() {
        if (log.isDebugEnabled()) {
            log.debug("Idle account suspension task started.");
        }
        Tenant[] tenantArr = new Tenant[0];
        try {
            tenantArr = (Tenant[]) NotificationTaskDataHolder.getInstance().getRealmService().getTenantManager().getAllTenants();
        } catch (UserStoreException e) {
            log.error("Error occurred while retrieving tenants", e);
        }
        handleTask("carbon.super");
        for (Tenant tenant : tenantArr) {
            handleTask(tenant.getDomain());
        }
    }

    private void handleTask(String str) {
        if (log.isDebugEnabled()) {
            log.debug("Handling idle account suspension task for tenant: " + str);
        }
        try {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            threadLocalCarbonContext.setTenantId(IdentityTenantUtil.getTenantId(str));
            threadLocalCarbonContext.setTenantDomain(str);
            boolean z = false;
            long j = 0;
            long[] jArr = null;
            for (Property property : NotificationTaskDataHolder.getInstance().getIdentityGovernanceService().getConfiguration(getPropertyNames(), str)) {
                if (property != null) {
                    if (NotificationConstants.SUSPENSION_NOTIFICATION_ENABLED.equals(property.getName())) {
                        z = Boolean.parseBoolean(property.getValue());
                        if (!z) {
                            return;
                        }
                    }
                    if (NotificationConstants.SUSPENSION_NOTIFICATION_ACCOUNT_DISABLE_DELAY.equals(property.getName())) {
                        try {
                            j = Long.parseLong(property.getValue());
                        } catch (NumberFormatException e) {
                            log.error("Error occurred while reading account suspension delay for tenant: " + str, e);
                        }
                    }
                    if (NotificationConstants.SUSPENSION_NOTIFICATION_DELAYS.equals(property.getName()) && property.getValue() != null) {
                        String[] split = property.getValue().split(",");
                        jArr = new long[split.length];
                        for (int i = 0; i < split.length; i++) {
                            try {
                                jArr[i] = Long.parseLong(split[i]);
                            } catch (NumberFormatException e2) {
                                log.error("Error occurred while reading account suspension notification delays for tenant: " + str, e2);
                            }
                        }
                    }
                }
            }
            if (log.isDebugEnabled()) {
                if (z) {
                    log.debug("Account suspension task is enabled for : " + str);
                } else {
                    log.debug("Account suspension task is not enabled for : " + str);
                }
            }
            if (z) {
                notifyUsers(str, j, jArr);
                lockAccounts(str, j);
            }
        } catch (IdentityGovernanceException e3) {
            log.error("Error occurred while loading governance configuration for tenants", e3);
        } catch (IdentityException e4) {
            log.error("Unable to disable user accounts", e4);
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }

    private void notifyUsers(String str, long j, long[] jArr) {
        EmailUtil emailUtil = new EmailUtil();
        for (long j2 : jArr) {
            List<NotificationReceiver> list = null;
            try {
                list = NotificationReceiversRetrievalManager.getReceivers(j2, str, j);
            } catch (AccountSuspensionNotificationException e) {
                log.error("Error occurred while retrieving notification receivers", e);
            }
            if (CollectionUtils.isNotEmpty(list)) {
                for (NotificationReceiver notificationReceiver : list) {
                    if (log.isDebugEnabled()) {
                        log.debug("Sending notification to: " + IdentityUtil.addDomainToName(notificationReceiver.getUsername(), notificationReceiver.getUserStoreDomain()) + "@" + str);
                    }
                    emailUtil.sendEmail(notificationReceiver);
                }
            }
        }
    }

    private void lockAccounts(String str, long j) throws IdentityException {
        try {
            List<NotificationReceiver> receivers = NotificationReceiversRetrievalManager.getReceivers(j, str, j);
            if (receivers.size() > 0) {
                for (NotificationReceiver notificationReceiver : receivers) {
                    if (log.isDebugEnabled()) {
                        log.debug("Locking idle account: " + IdentityUtil.addDomainToName(notificationReceiver.getUsername(), notificationReceiver.getUserStoreDomain()) + "@" + str);
                    }
                    try {
                        try {
                            UserStoreManager userStoreManager = NotificationTaskDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(str)).getUserStoreManager();
                            HashMap hashMap = new HashMap();
                            hashMap.put(NotificationConstants.ACCOUNT_LOCKED_CLAIM, Boolean.TRUE.toString());
                            hashMap.put(NotificationConstants.PASSWORD_RESET_FAIL_ATTEMPTS_CLAIM, "0");
                            try {
                                userStoreManager.setUserClaimValues(IdentityUtil.addDomainToName(notificationReceiver.getUsername(), notificationReceiver.getUserStoreDomain()), hashMap, "default");
                                User user = new User();
                                user.setUserName(notificationReceiver.getUsername());
                                user.setTenantDomain(str);
                                user.setUserStoreDomain(notificationReceiver.getUserStoreDomain());
                                triggerNotification(user);
                            } catch (org.wso2.carbon.user.core.UserStoreException e) {
                                throw new IdentityException("Failed to update claim values for user: " + IdentityUtil.addDomainToName(notificationReceiver.getUsername(), notificationReceiver.getUserStoreDomain()) + " in tenant: " + str);
                            }
                        } catch (org.wso2.carbon.user.core.UserStoreException e2) {
                            throw new IdentityException("Failed retrieve the user store manager for tenant: " + str, e2);
                        }
                    } catch (UserStoreException e3) {
                        throw new IdentityException("Failed retrieve the user realm for tenant: " + str, e3);
                    }
                }
            }
        } catch (AccountSuspensionNotificationException e4) {
            throw IdentityException.error("Error occurred while retrieving users for account disable", e4);
        }
    }

    private String[] getPropertyNames() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(NotificationConstants.SUSPENSION_NOTIFICATION_ENABLED);
        arrayList.add(NotificationConstants.SUSPENSION_NOTIFICATION_ACCOUNT_DISABLE_DELAY);
        arrayList.add(NotificationConstants.SUSPENSION_NOTIFICATION_DELAYS);
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private void triggerNotification(User user) throws IdentityException {
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", user.getUserName());
        hashMap.put("tenant-domain", user.getTenantDomain());
        hashMap.put("userstore-domain", user.getUserStoreDomain());
        try {
            NotificationTaskDataHolder.getInstance().getIdentityEventService().handleEvent(new Event("POST_ACCOUNT_SUSPENSION", hashMap));
        } catch (IdentityEventException e) {
            throw new IdentityException("Failed to trigger an account suspension notification for user :  " + user.toFullQualifiedUsername(), e);
        }
    }
}
