package org.wso2.carbon.identity.password.expiry.util;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.util.ArrayList;
import java.util.EnumMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.core.ServiceURLBuilder;
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.governance.IdentityGovernanceException;
import org.wso2.carbon.identity.governance.bean.ConnectorConfig;
import org.wso2.carbon.identity.password.expiry.constants.PasswordPolicyConstants;
import org.wso2.carbon.identity.password.expiry.internal.EnforcePasswordResetComponentDataHolder;
import org.wso2.carbon.identity.password.expiry.models.PasswordExpiryRule;
import org.wso2.carbon.identity.password.expiry.models.PasswordExpiryRuleAttributeEnum;
import org.wso2.carbon.identity.password.expiry.models.PasswordExpiryRuleOperatorEnum;
import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
import org.wso2.carbon.identity.role.v2.mgt.core.model.RoleBasicInfo;
import org.wso2.carbon.user.api.ClaimManager;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/password/expiry/util/PasswordPolicyUtils.class */
public class PasswordPolicyUtils {
    private static final Log log = LogFactory.getLog(PasswordPolicyUtils.class);

    public static String[] getPasswordExpiryPropertyNames() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(PasswordPolicyConstants.CONNECTOR_CONFIG_ENABLE_PASSWORD_EXPIRY);
        arrayList.add(PasswordPolicyConstants.CONNECTOR_CONFIG_PASSWORD_EXPIRY_IN_DAYS);
        arrayList.add(PasswordPolicyConstants.CONNECTOR_CONFIG_SKIP_IF_NO_APPLICABLE_RULES);
        return (String[]) arrayList.toArray(new String[0]);
    }

    public static String getPasswordExpiryConfig(String str, String str2) throws IdentityGovernanceException {
        return EnforcePasswordResetComponentDataHolder.getInstance().getIdentityGovernanceService().getConfiguration(new String[]{str2}, str)[0].getValue();
    }

    @SuppressFBWarnings({"CRLF_INJECTION_LOGS"})
    public static List<PasswordExpiryRule> getPasswordExpiryRules(String str) throws PostAuthenticationFailedException {
        Property[] properties;
        ArrayList arrayList = new ArrayList();
        try {
            ConnectorConfig connectorWithConfigs = EnforcePasswordResetComponentDataHolder.getInstance().getIdentityGovernanceService().getConnectorWithConfigs(str, PasswordPolicyConstants.CONNECTOR_CONFIG_NAME);
            if (connectorWithConfigs != null && (properties = connectorWithConfigs.getProperties()) != null) {
                for (Property property : properties) {
                    if (StringUtils.startsWith(property.getName(), PasswordPolicyConstants.PASSWORD_EXPIRY_RULES_PREFIX) && StringUtils.isNotEmpty(property.getValue())) {
                        try {
                            arrayList.add(new PasswordExpiryRule(property.getValue()));
                        } catch (Exception e) {
                            if (log.isDebugEnabled()) {
                                log.debug(String.format("Error parsing password expiry rule: %s. Rule will be skipped.", property.getValue()));
                            }
                            log.error("Error parsing password expiry rule.", e);
                        }
                    }
                }
                return arrayList;
            }
            return arrayList;
        } catch (IdentityGovernanceException e2) {
            throw new PostAuthenticationFailedException(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_READING_SYSTEM_CONFIGURATIONS.getCode(), PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_READING_SYSTEM_CONFIGURATIONS.getMessage());
        }
    }

    public static boolean isPasswordExpired(String str, String str2) throws PostAuthenticationFailedException {
        try {
            UserRealm userRealm = getUserRealm(str);
            AbstractUserStoreManager userStoreManager = getUserStoreManager(userRealm);
            String userIDFromUserName = userStoreManager.getUserIDFromUserName(str2);
            String lastPasswordUpdatedTime = getLastPasswordUpdatedTime(str2, userStoreManager, userRealm);
            int daysDifference = getDaysDifference(getLastPasswordUpdatedTimeInMillis(lastPasswordUpdatedTime));
            List<PasswordExpiryRule> passwordExpiryRules = getPasswordExpiryRules(str);
            boolean isSkipIfNoApplicableRulesEnabled = isSkipIfNoApplicableRulesEnabled(str);
            if (CollectionUtils.isEmpty(passwordExpiryRules)) {
                return isPasswordExpiredUnderDefaultPolicy(str, daysDifference, lastPasswordUpdatedTime, isSkipIfNoApplicableRulesEnabled);
            }
            List<PasswordExpiryRule> list = (List) passwordExpiryRules.stream().filter(passwordExpiryRule -> {
                return (isSkipIfNoApplicableRulesEnabled && PasswordExpiryRuleOperatorEnum.NE.equals(passwordExpiryRule.getOperator())) ? false : true;
            }).collect(Collectors.toList());
            EnumMap enumMap = new EnumMap(PasswordExpiryRuleAttributeEnum.class);
            for (PasswordExpiryRule passwordExpiryRule2 : list) {
                if (isRuleApplicable(passwordExpiryRule2, enumMap, str, userIDFromUserName, userStoreManager)) {
                    if (PasswordExpiryRuleOperatorEnum.NE.equals(passwordExpiryRule2.getOperator())) {
                        return false;
                    }
                    return daysDifference >= (passwordExpiryRule2.getExpiryDays() > 0 ? passwordExpiryRule2.getExpiryDays() : getPasswordExpiryInDays(str)) || lastPasswordUpdatedTime == null;
                }
            }
            return isPasswordExpiredUnderDefaultPolicy(str, daysDifference, lastPasswordUpdatedTime, isSkipIfNoApplicableRulesEnabled);
        } catch (UserStoreException e) {
            throw new PostAuthenticationFailedException(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_GETTING_USER_STORE_DOMAIN.getCode(), PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_GETTING_USER_STORE_DOMAIN.getMessage());
        }
    }

    private static boolean isRuleApplicable(PasswordExpiryRule passwordExpiryRule, Map<PasswordExpiryRuleAttributeEnum, Set<String>> map, String str, String str2, UserStoreManager userStoreManager) throws PostAuthenticationFailedException {
        Set<String> userAttributes = getUserAttributes(passwordExpiryRule.getAttribute(), map, str, str2, userStoreManager);
        if (CollectionUtils.isEmpty(userAttributes)) {
            return false;
        }
        return userAttributes.containsAll(passwordExpiryRule.getValues());
    }

    private static Set<String> getUserAttributes(PasswordExpiryRuleAttributeEnum passwordExpiryRuleAttributeEnum, Map<PasswordExpiryRuleAttributeEnum, Set<String>> map, String str, String str2, UserStoreManager userStoreManager) throws PostAuthenticationFailedException {
        Set<String> userGroupIds;
        if (!map.containsKey(passwordExpiryRuleAttributeEnum)) {
            switch (passwordExpiryRuleAttributeEnum) {
                case ROLES:
                    if (map.containsKey(PasswordExpiryRuleAttributeEnum.GROUPS)) {
                        userGroupIds = map.get(PasswordExpiryRuleAttributeEnum.GROUPS);
                    } else {
                        userGroupIds = getUserGroupIds(str2, userStoreManager);
                        map.put(PasswordExpiryRuleAttributeEnum.GROUPS, userGroupIds);
                    }
                    List<String> roleIdsOfGroups = getRoleIdsOfGroups(new ArrayList(userGroupIds), str);
                    Set<String> set = (Set) getUserRoles(str, str2).stream().map((v0) -> {
                        return v0.getId();
                    }).collect(Collectors.toSet());
                    set.addAll(roleIdsOfGroups);
                    map.put(PasswordExpiryRuleAttributeEnum.ROLES, set);
                    break;
                case GROUPS:
                    map.put(PasswordExpiryRuleAttributeEnum.GROUPS, getUserGroupIds(str2, userStoreManager));
                    break;
            }
        }
        return map.get(passwordExpiryRuleAttributeEnum);
    }

    private static boolean isPasswordExpiredUnderDefaultPolicy(String str, int i, String str2, boolean z) throws PostAuthenticationFailedException {
        if (z) {
            return false;
        }
        return str2 == null || i >= getPasswordExpiryInDays(str);
    }

    public static List<RoleBasicInfo> getUserRoles(String str, String str2) throws PostAuthenticationFailedException {
        try {
            return EnforcePasswordResetComponentDataHolder.getInstance().getRoleManagementService().getRoleListOfUser(str2, str);
        } catch (IdentityRoleManagementException e) {
            throw new PostAuthenticationFailedException(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_RETRIEVING_USER_ROLES.getCode(), PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_RETRIEVING_USER_ROLES.getMessage());
        }
    }

    private static Set<String> getUserGroupIds(String str, UserStoreManager userStoreManager) throws PostAuthenticationFailedException {
        try {
            return (Set) ((AbstractUserStoreManager) userStoreManager).getGroupListOfUser(str, (String) null, (String) null).stream().map((v0) -> {
                return v0.getGroupID();
            }).collect(Collectors.toSet());
        } catch (UserStoreException e) {
            throw new PostAuthenticationFailedException(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_RETRIEVING_USER_GROUPS.getCode(), PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_RETRIEVING_USER_GROUPS.getMessage());
        }
    }

    private static List<String> getRoleIdsOfGroups(List<String> list, String str) throws PostAuthenticationFailedException {
        try {
            return EnforcePasswordResetComponentDataHolder.getInstance().getRoleManagementService().getRoleIdListOfGroups(list, str);
        } catch (IdentityRoleManagementException e) {
            throw new PostAuthenticationFailedException(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_RETRIEVING_USER_ROLES.getCode(), PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_RETRIEVING_USER_ROLES.getMessage());
        }
    }

    private static long getLastPasswordUpdatedTimeInMillis(String str) {
        if (StringUtils.isEmpty(str)) {
            return 0L;
        }
        return Long.parseLong(str);
    }

    private static UserStoreManager getUserStoreManager(UserRealm userRealm) throws PostAuthenticationFailedException {
        try {
            return userRealm.getUserStoreManager();
        } catch (UserStoreException e) {
            throw new PostAuthenticationFailedException(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_GETTING_USER_STORE_DOMAIN.getCode(), PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_GETTING_USER_STORE_DOMAIN.getMessage());
        }
    }

    private static UserRealm getUserRealm(String str) throws PostAuthenticationFailedException {
        try {
            return EnforcePasswordResetComponentDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(str));
        } catch (UserStoreException e) {
            throw new PostAuthenticationFailedException(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_GETTING_USER_REALM.getCode(), PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_GETTING_USER_REALM.getMessage());
        }
    }

    public static int getPasswordExpiryInDays(String str) throws PostAuthenticationFailedException {
        try {
            String passwordExpiryConfig = getPasswordExpiryConfig(str, PasswordPolicyConstants.CONNECTOR_CONFIG_PASSWORD_EXPIRY_IN_DAYS);
            if (passwordExpiryConfig != null) {
                return Integer.parseInt(passwordExpiryConfig);
            }
            return 30;
        } catch (IdentityGovernanceException e) {
            throw new PostAuthenticationFailedException(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_READING_SYSTEM_CONFIGURATIONS.getCode(), PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_READING_SYSTEM_CONFIGURATIONS.getMessage());
        }
    }

    private static int getDaysDifference(long j) {
        return (int) ((System.currentTimeMillis() - j) / 86400000);
    }

    @SuppressFBWarnings({"FORMAT_STRING_MANIPULATION"})
    private static String getLastPasswordUpdatedTime(String str, UserStoreManager userStoreManager, UserRealm userRealm) throws PostAuthenticationFailedException {
        String str2 = PasswordPolicyConstants.LAST_CREDENTIAL_UPDATE_TIMESTAMP_CLAIM;
        try {
            String lastPasswordUpdateTime = getLastPasswordUpdateTime(userStoreManager, str2, UserCoreUtil.addDomainToName(str, UserCoreUtil.getDomainFromThreadLocal()));
            if (StringUtils.isEmpty(lastPasswordUpdateTime)) {
                ClaimManager claimManager = userRealm.getClaimManager();
                str2 = PasswordPolicyConstants.LAST_CREDENTIAL_UPDATE_TIMESTAMP_CLAIM_NON_IDENTITY;
                if (claimManager.getClaim(str2) != null) {
                    lastPasswordUpdateTime = getLastPasswordUpdateTime(userStoreManager, str2, str);
                }
            }
            return lastPasswordUpdateTime;
        } catch (UserStoreException e) {
            throw new PostAuthenticationFailedException(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_GETTING_CLAIM_MAPPINGS.getCode(), String.format(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_GETTING_CLAIM_MAPPINGS.getMessage(), str2));
        }
    }

    private static String getLastPasswordUpdateTime(UserStoreManager userStoreManager, String str, String str2) throws UserStoreException {
        Map userClaimValues = userStoreManager.getUserClaimValues(str2, new String[]{str}, (String) null);
        return (userClaimValues == null || userClaimValues.get(str) == null) ? "" : (String) userClaimValues.get(str);
    }

    public static boolean isPasswordExpiryEnabled(String str) throws PostAuthenticationFailedException {
        try {
            return Boolean.parseBoolean(getPasswordExpiryConfig(str, PasswordPolicyConstants.CONNECTOR_CONFIG_ENABLE_PASSWORD_EXPIRY));
        } catch (IdentityGovernanceException e) {
            throw new PostAuthenticationFailedException(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_READING_SYSTEM_CONFIGURATIONS.getCode(), PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_READING_SYSTEM_CONFIGURATIONS.getMessage(), e);
        }
    }

    public static boolean isSkipIfNoApplicableRulesEnabled(String str) throws PostAuthenticationFailedException {
        try {
            return Boolean.parseBoolean(getPasswordExpiryConfig(str, PasswordPolicyConstants.CONNECTOR_CONFIG_SKIP_IF_NO_APPLICABLE_RULES));
        } catch (IdentityGovernanceException e) {
            throw new PostAuthenticationFailedException(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_READING_SYSTEM_CONFIGURATIONS.getCode(), PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_READING_SYSTEM_CONFIGURATIONS.getMessage(), e);
        }
    }

    public static String getPasswordResetPageUrl(String str) throws PostAuthenticationFailedException {
        String str2;
        try {
            if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
                str2 = ServiceURLBuilder.create().addPath(new String[]{PasswordPolicyConstants.PASSWORD_RESET_PAGE}).setTenant(str).build().getAbsolutePublicURL();
            } else {
                String absolutePublicURL = ServiceURLBuilder.create().build().getAbsolutePublicURL();
                str2 = (!StringUtils.isNotBlank(str) || "carbon.super".equalsIgnoreCase(str)) ? absolutePublicURL + PasswordPolicyConstants.PASSWORD_RESET_PAGE : absolutePublicURL + "/t/" + str + PasswordPolicyConstants.PASSWORD_RESET_PAGE + "?tenantDomain=" + str;
            }
            return str2;
        } catch (URLBuilderException e) {
            throw new PostAuthenticationFailedException(PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_BUILDING_PASSWORD_RESET_PAGE_URL.getCode(), PasswordPolicyConstants.ErrorMessages.ERROR_WHILE_BUILDING_PASSWORD_RESET_PAGE_URL.getMessage());
        }
    }
}
