package org.wso2.carbon.identity.recovery.handler.request;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.handler.request.AbstractPostAuthnHandler;
import org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthnHandlerFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.common.model.IdentityProviderProperty;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.mgt.util.Utils;
import org.wso2.carbon.identity.recovery.ChallengeQuestionManager;
import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
import org.wso2.carbon.identity.recovery.IdentityRecoveryException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryServerException;
import org.wso2.carbon.identity.recovery.internal.IdentityRecoveryServiceDataHolder;
import org.wso2.carbon.identity.recovery.model.ChallengeQuestion;
import org.wso2.carbon.identity.recovery.model.UserChallengeAnswer;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManager;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/recovery/handler/request/PostAuthnMissingChallengeQuestionsHandler.class */
public class PostAuthnMissingChallengeQuestionsHandler extends AbstractPostAuthnHandler {
    private static final String CHALLENGE_QUESTIONS_REQUESTED = "challengeQuestionsRequested";
    private static final String SELECTED_CHALLENGE_QUESTION_PREFIX = "Q-";
    private static final String CHALLENGE_QUESTION_ANSWER_PREFIX = "A-";
    private static final Log log = LogFactory.getLog(PostAuthnMissingChallengeQuestionsHandler.class);
    private static volatile PostAuthnMissingChallengeQuestionsHandler instance = new PostAuthnMissingChallengeQuestionsHandler();

    public static PostAuthnMissingChallengeQuestionsHandler getInstance() {
        return instance;
    }

    private PostAuthnMissingChallengeQuestionsHandler() {
    }

    public PostAuthnHandlerFlowStatus handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws PostAuthenticationFailedException {
        if (log.isDebugEnabled()) {
            log.debug("Post authentication handling for missing security questions has started");
        }
        if (authenticationContext == null || authenticationContext.getSequenceConfig() == null || authenticationContext.getSequenceConfig().getAuthenticatedUser() == null) {
            if (log.isDebugEnabled()) {
                log.debug("Authentication context or sequence config or authenticated user is null.");
            }
            return PostAuthnHandlerFlowStatus.UNSUCCESS_COMPLETED;
        }
        String residentIdpProperty = getResidentIdpProperty(authenticationContext.getTenantDomain(), IdentityRecoveryConstants.ConnectorConfig.FORCE_ADD_PW_RECOVERY_QUESTION);
        String residentIdpProperty2 = getResidentIdpProperty(authenticationContext.getTenantDomain(), IdentityRecoveryConstants.ConnectorConfig.FORCE_MIN_NO_QUESTION_ANSWERED);
        if (StringUtils.isBlank(residentIdpProperty)) {
            if (log.isDebugEnabled()) {
                log.debug("Resident IdP value not found for Recovery.Question.Password.Forced.Enable hence exiting from PostAuthnMissingChallengeQuestionsHandler");
            }
            return PostAuthnHandlerFlowStatus.UNSUCCESS_COMPLETED;
        }
        if (!Boolean.parseBoolean(residentIdpProperty)) {
            return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
        }
        AuthenticatedUser authenticatedUser = getAuthenticatedUser(authenticationContext);
        if (authenticatedUser == null) {
            if (log.isDebugEnabled()) {
                log.debug("No authenticated user found. Hence returning without handling missing security questions");
            }
            return PostAuthnHandlerFlowStatus.UNSUCCESS_COMPLETED;
        }
        if (!authenticatedUser.isFederatedUser() && !isChallengeQuestionsProvided(authenticatedUser, residentIdpProperty2)) {
            return isChallengeQuestionRequested(authenticationContext) ? handleMissingChallengeQuestionResponse(httpServletRequest, authenticatedUser) : handleMissingChallengeQuestionRequest(httpServletResponse, authenticationContext, authenticatedUser);
        }
        return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
    }

    private AuthenticatedUser getAuthenticatedUser(AuthenticationContext authenticationContext) {
        return authenticationContext.getSequenceConfig().getAuthenticatedUser();
    }

    private boolean isChallengeQuestionRequested(AuthenticationContext authenticationContext) {
        return authenticationContext.getParameter(CHALLENGE_QUESTIONS_REQUESTED) == Boolean.TRUE;
    }

    private void setChallengeQuestionRequestedState(AuthenticationContext authenticationContext) {
        authenticationContext.addParameter(CHALLENGE_QUESTIONS_REQUESTED, true);
    }

    public String getName() {
        return "PostAuthnMissingChallengeQuestionsHandler";
    }

    private String getResidentIdpProperty(String str, String str2) {
        try {
            for (IdentityProviderProperty identityProviderProperty : IdentityProviderManager.getInstance().getResidentIdP(str).getIdpProperties()) {
                if (StringUtils.equals(identityProviderProperty.getName(), str2)) {
                    return identityProviderProperty.getValue();
                }
            }
            return "";
        } catch (IdentityProviderManagementException e) {
            log.error("Resident IdP value not found. Error while retrieving resident IdP property for force challenge question ", e);
            return "";
        }
    }

    private boolean isChallengeQuestionsProvided(AuthenticatedUser authenticatedUser, String str) {
        int size = getUserAnsweredChallengeSetUris(authenticatedUser).size();
        return StringUtils.isEmpty(str) ? size > 0 : Integer.parseInt(str) <= size || size == getChallengeSetUris(authenticatedUser).size();
    }

    private List<ChallengeQuestion> getChallengeQuestions(AuthenticatedUser authenticatedUser) {
        try {
            return ChallengeQuestionManager.getInstance().getAllChallengeQuestions(authenticatedUser.getTenantDomain());
        } catch (IdentityRecoveryServerException e) {
            log.error("Identity recovery server error occurred for user:" + authenticatedUser.getUserName(), e);
            return null;
        }
    }

    private List<String> getChallengeSetUris(AuthenticatedUser authenticatedUser) {
        List<ChallengeQuestion> challengeQuestions = getChallengeQuestions(authenticatedUser);
        HashSet hashSet = new HashSet();
        if (CollectionUtils.isEmpty(challengeQuestions)) {
            return new ArrayList();
        }
        for (ChallengeQuestion challengeQuestion : challengeQuestions) {
            if (StringUtils.isNotBlank(challengeQuestion.getQuestionSetId())) {
                hashSet.add(challengeQuestion.getQuestionSetId());
            }
        }
        ArrayList arrayList = new ArrayList(hashSet);
        Collections.sort(arrayList);
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v21, types: [java.util.List] */
    private List<String> getUserAnsweredChallengeSetUris(AuthenticatedUser authenticatedUser) {
        ArrayList arrayList = new ArrayList();
        String addDomainToName = UserCoreUtil.addDomainToName(authenticatedUser.getUserName(), authenticatedUser.getUserStoreDomain());
        try {
            UserStoreManager userStoreManager = getUserStoreManager(Utils.getTenantId(authenticatedUser.getTenantDomain()));
            if (userStoreManager != null) {
                String str = (String) userStoreManager.getUserClaimValues(addDomainToName, new String[]{IdentityRecoveryConstants.CHALLENGE_QUESTION_URI}, "default").get(IdentityRecoveryConstants.CHALLENGE_QUESTION_URI);
                if (StringUtils.isBlank(str)) {
                    return arrayList;
                }
                arrayList = Arrays.asList(str.split("!"));
            }
        } catch (IdentityException | UserStoreException e) {
            log.error("Exception occurred while retrieving tenant ID for the user :" + addDomainToName, e);
        }
        return arrayList;
    }

    private UserStoreManager getUserStoreManager(int i) throws IdentityRecoveryServerException {
        RealmService realmService = IdentityRecoveryServiceDataHolder.getInstance().getRealmService();
        try {
            if (realmService.getTenantUserRealm(i) != null) {
                return realmService.getTenantUserRealm(i).getUserStoreManager();
            }
            throw org.wso2.carbon.identity.recovery.util.Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_ERROR_GETTING_USERSTORE_MANAGER, null);
        } catch (UserStoreException e) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Error retrieving the user store manager for the tenant : %s", Integer.valueOf(i)), e);
            }
            throw org.wso2.carbon.identity.recovery.util.Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_ERROR_GETTING_USERSTORE_MANAGER, (String) null, e);
        }
    }

    private void setChallengeQuestionAnswers(User user, UserChallengeAnswer[] userChallengeAnswerArr) {
        try {
            ChallengeQuestionManager.getInstance().setChallengesOfUser(user, userChallengeAnswerArr);
        } catch (IdentityRecoveryException e) {
            log.error("Unable to save challenge question answers for user : " + user.getUserName(), e);
        }
    }

    private UserChallengeAnswer[] retrieveChallengeQuestionAnswers(HttpServletRequest httpServletRequest, List<ChallengeQuestion> list) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        ArrayList arrayList = new ArrayList();
        for (String str : Collections.list(httpServletRequest.getParameterNames())) {
            if (str.contains(SELECTED_CHALLENGE_QUESTION_PREFIX)) {
                hashMap.put(str.replace(SELECTED_CHALLENGE_QUESTION_PREFIX, ""), httpServletRequest.getParameter(str));
            } else if (str.contains(CHALLENGE_QUESTION_ANSWER_PREFIX)) {
                hashMap2.put(str.replace(CHALLENGE_QUESTION_ANSWER_PREFIX, ""), httpServletRequest.getParameter(str));
            }
        }
        for (String str2 : hashMap.keySet()) {
            String str3 = (String) hashMap.get(str2);
            for (ChallengeQuestion challengeQuestion : list) {
                if (StringUtils.equals(challengeQuestion.getQuestionSetId(), str2) && StringUtils.equals(challengeQuestion.getQuestion(), str3)) {
                    UserChallengeAnswer userChallengeAnswer = new UserChallengeAnswer();
                    userChallengeAnswer.setQuestion(challengeQuestion);
                    if (!StringUtils.isEmpty((String) hashMap2.get(str2))) {
                        userChallengeAnswer.setAnswer((String) hashMap2.get(str2));
                        arrayList.add(userChallengeAnswer);
                    } else if (log.isDebugEnabled()) {
                        log.debug("Answer not found for challenge question " + challengeQuestion + ", hence not adding challenge question");
                    }
                }
            }
        }
        return (UserChallengeAnswer[]) arrayList.toArray(new UserChallengeAnswer[arrayList.size()]);
    }

    private String getUrlEncodedChallengeQuestionsString(AuthenticatedUser authenticatedUser) throws UnsupportedEncodingException {
        StringBuilder sb = new StringBuilder();
        List<ChallengeQuestion> challengeQuestions = getChallengeQuestions(authenticatedUser);
        if (CollectionUtils.isEmpty(challengeQuestions)) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("Challenge questions not found for the user: " + authenticatedUser.getUserName() + " in tenant domain: " + authenticatedUser.getTenantDomain());
            return null;
        }
        for (ChallengeQuestion challengeQuestion : challengeQuestions) {
            String questionSetId = challengeQuestion.getQuestionSetId();
            String questionId = challengeQuestion.getQuestionId();
            sb.append(questionSetId).append("|").append(questionId).append("|").append(challengeQuestion.getQuestion()).append("|").append(challengeQuestion.getLocale()).append("&");
        }
        return URLEncoder.encode(sb.toString(), StandardCharsets.UTF_8.name());
    }

    private PostAuthnHandlerFlowStatus handleMissingChallengeQuestionRequest(HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, AuthenticatedUser authenticatedUser) {
        String str = null;
        try {
            str = getUrlEncodedChallengeQuestionsString(authenticatedUser);
        } catch (UnsupportedEncodingException e) {
            log.error("Error occurred while URL-encoding the challenge question data", e);
        }
        if (StringUtils.isBlank(str)) {
            if (log.isDebugEnabled()) {
                log.debug("Unable to get challenge questions for user : " + authenticatedUser.getUserName() + " for tenant domain : " + authenticationContext.getTenantDomain());
            }
            return PostAuthnHandlerFlowStatus.UNSUCCESS_COMPLETED;
        }
        try {
            httpServletResponse.sendRedirect(ConfigurationFacade.getInstance().getAuthenticationEndpointURL().replace("/login.do", "") + "/add-security-questions.jsp?sessionDataKey=" + authenticationContext.getContextIdentifier() + "&data=" + str + "&sp=" + authenticationContext.getServiceProviderName());
            setChallengeQuestionRequestedState(authenticationContext);
            return PostAuthnHandlerFlowStatus.INCOMPLETE;
        } catch (IOException e2) {
            log.error("Error occurred while redirecting to challenge questions page", e2);
            return PostAuthnHandlerFlowStatus.UNSUCCESS_COMPLETED;
        }
    }

    private PostAuthnHandlerFlowStatus handleMissingChallengeQuestionResponse(HttpServletRequest httpServletRequest, AuthenticatedUser authenticatedUser) {
        setChallengeQuestionAnswers(authenticatedUser, retrieveChallengeQuestionAnswers(httpServletRequest, getChallengeQuestions(authenticatedUser)));
        return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
    }
}
