package org.wso2.carbon.identity.password.expiry.services.impl;

import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.password.expiry.constants.PasswordPolicyConstants;
import org.wso2.carbon.identity.password.expiry.exceptions.ExpiredPasswordIdentificationException;
import org.wso2.carbon.identity.password.expiry.exceptions.ExpiredPasswordIdentificationServerException;
import org.wso2.carbon.identity.password.expiry.internal.EnforcePasswordResetComponentDataHolder;
import org.wso2.carbon.identity.password.expiry.models.PasswordExpiredUserModel;
import org.wso2.carbon.identity.password.expiry.services.ExpiredPasswordIdentificationService;
import org.wso2.carbon.identity.password.expiry.util.PasswordPolicyUtils;
import org.wso2.carbon.identity.recovery.internal.IdentityRecoveryServiceDataHolder;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/password/expiry/services/impl/ExpiredPasswordIdentificationServiceImpl.class */
public class ExpiredPasswordIdentificationServiceImpl implements ExpiredPasswordIdentificationService {
    @Override // org.wso2.carbon.identity.password.expiry.services.ExpiredPasswordIdentificationService
    public List<PasswordExpiredUserModel> getPasswordExpiredUsersFromSpecificDate(LocalDateTime localDateTime, String str) throws ExpiredPasswordIdentificationException {
        List<PasswordExpiredUserModel> arrayList = new ArrayList();
        try {
            List<String> userNamesMoreThanProvidedClaimValue = EnforcePasswordResetComponentDataHolder.getInstance().getIdentityDataStoreService().getUserNamesMoreThanProvidedClaimValue(PasswordPolicyConstants.LAST_CREDENTIAL_UPDATE_TIMESTAMP_CLAIM, Long.toString(localDateTime.minusDays(PasswordPolicyUtils.getPasswordExpiryInDays(str)).toEpochSecond(ZoneOffset.UTC)), IdentityTenantUtil.getTenantId(str));
            if (!userNamesMoreThanProvidedClaimValue.isEmpty()) {
                arrayList = buildPasswordExpiredUsers(userNamesMoreThanProvidedClaimValue, str);
            }
            return arrayList;
        } catch (IdentityException e) {
            PasswordPolicyConstants.ErrorMessages errorMessages = PasswordPolicyConstants.ErrorMessages.ERROR_RETRIEVE_PASSWORD_EXPIRED_USERS_FROM_DB;
            throw new ExpiredPasswordIdentificationServerException(errorMessages.getCode(), errorMessages.getMessage());
        }
    }

    @Override // org.wso2.carbon.identity.password.expiry.services.ExpiredPasswordIdentificationService
    public List<PasswordExpiredUserModel> getPasswordExpiredUsersBetweenSpecificDates(LocalDateTime localDateTime, LocalDateTime localDateTime2, String str) throws ExpiredPasswordIdentificationException {
        List<PasswordExpiredUserModel> arrayList = new ArrayList();
        int tenantId = IdentityTenantUtil.getTenantId(str);
        try {
            List<String> userNamesBetweenProvidedClaimValues = EnforcePasswordResetComponentDataHolder.getInstance().getIdentityDataStoreService().getUserNamesBetweenProvidedClaimValues(PasswordPolicyConstants.LAST_CREDENTIAL_UPDATE_TIMESTAMP_CLAIM, Long.toString(localDateTime.minusDays(PasswordPolicyUtils.getPasswordExpiryInDays(str)).toEpochSecond(ZoneOffset.UTC)), Long.toString(localDateTime2.minusDays(PasswordPolicyUtils.getPasswordExpiryInDays(str) - 1).toEpochSecond(ZoneOffset.UTC)), tenantId);
            if (!userNamesBetweenProvidedClaimValues.isEmpty()) {
                arrayList = buildPasswordExpiredUsers(userNamesBetweenProvidedClaimValues, str);
            }
            return arrayList;
        } catch (IdentityException e) {
            PasswordPolicyConstants.ErrorMessages errorMessages = PasswordPolicyConstants.ErrorMessages.ERROR_RETRIEVE_PASSWORD_EXPIRED_USERS_FROM_DB;
            throw new ExpiredPasswordIdentificationServerException(errorMessages.getCode(), errorMessages.getMessage());
        }
    }

    private List<PasswordExpiredUserModel> buildPasswordExpiredUsers(List<String> list, String str) throws ExpiredPasswordIdentificationServerException {
        ArrayList arrayList = new ArrayList();
        for (String str2 : list) {
            String fetchUserId = fetchUserId(str2, str);
            if (StringUtils.isNotBlank(fetchUserId)) {
                PasswordExpiredUserModel passwordExpiredUserModel = new PasswordExpiredUserModel();
                passwordExpiredUserModel.setUsername(str2);
                passwordExpiredUserModel.setUserId(fetchUserId);
                passwordExpiredUserModel.setUserStoreDomain(UserCoreUtil.extractDomainFromName(str2));
                arrayList.add(passwordExpiredUserModel);
            }
        }
        return arrayList;
    }

    private String fetchUserId(String str, String str2) throws ExpiredPasswordIdentificationServerException {
        AbstractUserStoreManager userStoreManager = getUserStoreManager(UserCoreUtil.extractDomainFromName(str), str2);
        try {
            if (userStoreManager instanceof AbstractUserStoreManager) {
                return userStoreManager.getUserIDFromUserName(str);
            }
            return null;
        } catch (UserStoreException e) {
            PasswordPolicyConstants.ErrorMessages errorMessages = PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_GETTING_USERID_FOR_USERNAME;
            throw new ExpiredPasswordIdentificationServerException(errorMessages.getCode(), errorMessages.getMessage());
        }
    }

    private UserStoreManager getUserStoreManager(String str, String str2) throws ExpiredPasswordIdentificationServerException {
        try {
            UserRealm tenantUserRealm = IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(str2));
            if (tenantUserRealm == null) {
                PasswordPolicyConstants.ErrorMessages errorMessages = PasswordPolicyConstants.ErrorMessages.ERROR_RETRIEVE_USER_STORE_MANAGER;
                throw new ExpiredPasswordIdentificationServerException(errorMessages.getCode(), errorMessages.getMessage());
            }
            if (tenantUserRealm.getUserStoreManager() == null) {
                PasswordPolicyConstants.ErrorMessages errorMessages2 = PasswordPolicyConstants.ErrorMessages.ERROR_RETRIEVE_USER_STORE_MANAGER;
                throw new ExpiredPasswordIdentificationServerException(errorMessages2.getCode(), errorMessages2.getMessage());
            }
            if (IdentityUtil.getPrimaryDomainName().equals(str)) {
                return tenantUserRealm.getUserStoreManager();
            }
            if (tenantUserRealm.getUserStoreManager().getSecondaryUserStoreManager(str) != null) {
                return tenantUserRealm.getUserStoreManager().getSecondaryUserStoreManager(str);
            }
            PasswordPolicyConstants.ErrorMessages errorMessages3 = PasswordPolicyConstants.ErrorMessages.ERROR_RETRIEVE_USER_STORE_MANAGER;
            throw new ExpiredPasswordIdentificationServerException(errorMessages3.getCode(), errorMessages3.getMessage());
        } catch (UserStoreException e) {
            PasswordPolicyConstants.ErrorMessages errorMessages4 = PasswordPolicyConstants.ErrorMessages.ERROR_RETRIEVE_USER_STORE_MANAGER;
            throw new ExpiredPasswordIdentificationServerException(errorMessages4.getCode(), errorMessages4.getMessage());
        }
    }
}
