package org.wso2.carbon.identity.password.expiry;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.util.HashMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
import org.wso2.carbon.identity.password.expiry.constants.PasswordPolicyConstants;
import org.wso2.carbon.identity.password.expiry.util.PasswordPolicyUtils;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;

/* loaded from: input_file:org/wso2/carbon/identity/password/expiry/PasswordChangeHandler.class */
public class PasswordChangeHandler extends AbstractEventHandler {
    private static final Log log = LogFactory.getLog(PasswordChangeHandler.class);

    public void handleEvent(Event event) throws IdentityEventException {
        String eventName = event.getEventName();
        String str = (String) event.getEventProperties().get("user-name");
        UserStoreManager userStoreManager = (UserStoreManager) event.getEventProperties().get("userStoreManager");
        String str2 = (String) event.getEventProperties().get("tenant-domain");
        try {
            if (PasswordPolicyUtils.isPasswordExpiryEnabled(str2)) {
                if (PasswordPolicyConstants.PASSWORD_GRANT_POST_AUTHENTICATION_EVENT.equals(eventName)) {
                    handlePasswordExpiryInPasswordGrantType(event, str, str2);
                } else {
                    updateLastPasswordChangedClaim(str, userStoreManager);
                }
            }
        } catch (PostAuthenticationFailedException e) {
            throw new IdentityEventException(e.getMessage(), e);
        }
    }

    @SuppressFBWarnings({"CRLF_INJECTION_LOGS"})
    private void updateLastPasswordChangedClaim(String str, UserStoreManager userStoreManager) throws IdentityEventException {
        long currentTimeMillis = System.currentTimeMillis();
        HashMap hashMap = new HashMap();
        hashMap.put(PasswordPolicyConstants.LAST_CREDENTIAL_UPDATE_TIMESTAMP_CLAIM, Long.toString(currentTimeMillis));
        try {
            userStoreManager.setUserClaimValues(str, hashMap, (String) null);
            if (log.isDebugEnabled()) {
                log.debug("The claim uri http://wso2.org/claims/identity/lastPasswordUpdateTime of " + str + " updated with the current timestamp");
            }
        } catch (UserStoreException e) {
            throw new IdentityEventException(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_UPDATING_PASSWORD.getCode(), PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_UPDATING_PASSWORD.getMessage(), e);
        }
    }

    private void handlePasswordExpiryInPasswordGrantType(Event event, String str, String str2) throws IdentityEventException {
        if (((Boolean) event.getEventProperties().get(PasswordPolicyConstants.AUTHENTICATION_STATUS)).booleanValue()) {
            if (log.isDebugEnabled()) {
                log.debug("Checking password validity");
            }
            try {
                if (PasswordPolicyUtils.isPasswordExpired(str2, str)) {
                    if (log.isDebugEnabled()) {
                        log.debug("User password is expired.");
                    }
                    throw new IdentityEventException(PasswordPolicyConstants.ErrorMessages.ERROR_PASSWORD_EXPIRED.getCode(), PasswordPolicyConstants.ErrorMessages.ERROR_PASSWORD_EXPIRED.getMessage());
                }
            } catch (PostAuthenticationFailedException e) {
                throw new IdentityEventException(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_PASSWORD_EXPIRY_VALIDATION.getCode(), PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_PASSWORD_EXPIRY_VALIDATION.getMessage(), e);
            }
        }
    }

    public String getName() {
        return PasswordPolicyConstants.PASSWORD_CHANGE_EVENT_HANDLER_NAME;
    }
}
