package org.wso2.carbon.identity.user.onboard.core.service.password;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.governance.service.notification.NotificationChannels;
import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
import org.wso2.carbon.identity.recovery.IdentityRecoveryException;
import org.wso2.carbon.identity.recovery.RecoveryScenarios;
import org.wso2.carbon.identity.recovery.RecoverySteps;
import org.wso2.carbon.identity.recovery.internal.IdentityRecoveryServiceDataHolder;
import org.wso2.carbon.identity.recovery.model.UserRecoveryData;
import org.wso2.carbon.identity.recovery.store.JDBCRecoveryDataStore;
import org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore;
import org.wso2.carbon.identity.recovery.util.Utils;
import org.wso2.carbon.identity.user.onboard.core.service.model.Configuration;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:org/wso2/carbon/identity/user/onboard/core/service/password/ResetLinkGenerator.class */
public class ResetLinkGenerator {
    private static final Log LOG = LogFactory.getLog(ResetLinkGenerator.class);

    public String generateResetLink(Configuration configuration) throws IdentityRecoveryException {
        User user = new User();
        user.setUserName(configuration.getUsername());
        user.setTenantDomain(configuration.getTenantDomain());
        user.setUserStoreDomain(configuration.getUserStore());
        if (!isValidUserStoreExists(user.getUserStoreDomain())) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_USER_STORE_INVALID, user.getUserStoreDomain());
        }
        if (!isExistingUser(user)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_USER, user.getUserName());
        }
        if (Utils.isAccountDisabled(user)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_DISABLED_ACCOUNT, user.getUserName());
        }
        if (Utils.isAccountLocked(user)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_LOCKED_ACCOUNT, user.getUserName());
        }
        return String.format("%s/confirmrecovery.do?confirmation=%s", ConfigurationFacade.getInstance().getAccountRecoveryEndpointPath(), generateNewConfirmationCode(user, NotificationChannels.EXTERNAL_CHANNEL.getChannelType()).getSecret());
    }

    private UserRecoveryData generateNewConfirmationCode(User user, String str) throws IdentityRecoveryException {
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        jDBCRecoveryDataStore.invalidate(user);
        UserRecoveryData userRecoveryData = new UserRecoveryData(user, Utils.generateSecretKey(str, user.getTenantDomain(), RecoveryScenarios.NOTIFICATION_BASED_PW_RECOVERY.name()), RecoveryScenarios.NOTIFICATION_BASED_PW_RECOVERY, RecoverySteps.UPDATE_PASSWORD);
        userRecoveryData.setRemainingSetIds(str);
        jDBCRecoveryDataStore.store(userRecoveryData);
        return userRecoveryData;
    }

    private boolean isExistingUser(User user) throws IdentityRecoveryException {
        try {
            if (IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(user.getTenantDomain())).getUserStoreManager().isExistingUser(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()))) {
                return true;
            }
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("No user found for provided username");
            return false;
        } catch (UserStoreException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED, (String) null, e);
        }
    }

    private boolean isValidUserStoreExists(String str) throws IdentityRecoveryException {
        try {
            return CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager().getSecondaryUserStoreManager(str) != null;
        } catch (UserStoreException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED, (String) null, e);
        }
    }
}
