package org.wso2.carbon.identity.recovery.handler;

import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityRuntimeException;
import org.wso2.carbon.identity.core.bean.context.MessageContext;
import org.wso2.carbon.identity.core.handler.InitConfig;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
import org.wso2.carbon.identity.recovery.IdentityRecoveryException;
import org.wso2.carbon.identity.recovery.RecoveryScenarios;
import org.wso2.carbon.identity.recovery.RecoverySteps;
import org.wso2.carbon.identity.recovery.internal.IdentityRecoveryServiceDataHolder;
import org.wso2.carbon.identity.recovery.model.Property;
import org.wso2.carbon.identity.recovery.model.UserRecoveryData;
import org.wso2.carbon.identity.recovery.store.JDBCRecoveryDataStore;
import org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore;
import org.wso2.carbon.identity.recovery.util.Utils;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;
import org.wso2.carbon.user.api.Claim;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;

/* loaded from: input_file:org/wso2/carbon/identity/recovery/handler/UserEmailVerificationHandler.class */
public class UserEmailVerificationHandler extends AbstractEventHandler {
    private static final Log log = LogFactory.getLog(UserEmailVerificationHandler.class);

    public String getName() {
        return "userEmailVerification";
    }

    public String getFriendlyName() {
        return "User Email Verification";
    }

    public void handleEvent(Event event) throws IdentityEventException {
        Map eventProperties = event.getEventProperties();
        String eventName = event.getEventName();
        UserStoreManager userStoreManager = (UserStoreManager) eventProperties.get("userStoreManager");
        User user = getUser(eventProperties, userStoreManager);
        Map<String, String> map = (Map) eventProperties.get("USER_CLAIMS");
        boolean z = false;
        if ("PRE_ADD_USER".equals(eventName) || "POST_ADD_USER".equals(eventName)) {
            z = Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.ENABLE_EMAIL_VERIFICATION, user.getTenantDomain()));
        } else if ("PRE_SET_USER_CLAIMS".equals(eventName) || "POST_SET_USER_CLAIMS".equals(eventName)) {
            z = Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.ENABLE_EMAIL_VERIFICATION_ON_UPDATE, user.getTenantDomain()));
            if (!z && map.containsKey(IdentityRecoveryConstants.EMAIL_ADDRESS_CLAIM)) {
                invalidatePendingEmailVerification(user, userStoreManager, map);
            }
        }
        if (!z) {
            if (log.isDebugEnabled()) {
                log.debug("Email verification Handler is disabled in tenant: " + user.getTenantDomain() + "for event: " + eventName);
                return;
            }
            return;
        }
        String[] strArr = (String[]) eventProperties.get("ROLE_LIST");
        if (strArr == null || !Arrays.asList(strArr).contains(IdentityRecoveryConstants.SELF_SIGNUP_ROLE)) {
            if ("PRE_ADD_USER".equals(eventName)) {
                Utils.clearEmailVerifyTemporaryClaim();
                if (map == null || map.isEmpty()) {
                    return;
                }
                if (map.containsKey(IdentityRecoveryConstants.VERIFY_EMAIL_CLIAM) && Boolean.parseBoolean(map.get(IdentityRecoveryConstants.VERIFY_EMAIL_CLIAM))) {
                    Claim claim = new Claim();
                    claim.setClaimUri(IdentityRecoveryConstants.VERIFY_EMAIL_CLIAM);
                    claim.setValue(map.get(IdentityRecoveryConstants.VERIFY_EMAIL_CLIAM));
                    Utils.setEmailVerifyTemporaryClaim(claim);
                    map.remove(IdentityRecoveryConstants.VERIFY_EMAIL_CLIAM);
                } else {
                    if (!map.containsKey(IdentityRecoveryConstants.ASK_PASSWORD_CLAIM) || !Boolean.parseBoolean(map.get(IdentityRecoveryConstants.ASK_PASSWORD_CLAIM))) {
                        return;
                    }
                    Claim claim2 = new Claim();
                    claim2.setClaimUri(IdentityRecoveryConstants.ASK_PASSWORD_CLAIM);
                    claim2.setValue(map.get(IdentityRecoveryConstants.ASK_PASSWORD_CLAIM));
                    Utils.setEmailVerifyTemporaryClaim(claim2);
                    map.remove(IdentityRecoveryConstants.ASK_PASSWORD_CLAIM);
                }
            }
            if ("POST_ADD_USER".equals(eventName)) {
                boolean parseBoolean = Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.EMAIL_ACCOUNT_LOCK_ON_CREATION, user.getTenantDomain()));
                boolean parseBoolean2 = Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.EMAIL_VERIFICATION_NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain()));
                Claim emailVerifyTemporaryClaim = Utils.getEmailVerifyTemporaryClaim();
                boolean isAccountStateClaimExisting = Utils.isAccountStateClaimExisting(user.getTenantDomain());
                if (emailVerifyTemporaryClaim == null) {
                    return;
                }
                if (IdentityRecoveryConstants.VERIFY_EMAIL_CLIAM.equals(emailVerifyTemporaryClaim.getClaimUri())) {
                    if (parseBoolean2) {
                        if (isAccountStateClaimExisting) {
                            setUserClaim(IdentityRecoveryConstants.ACCOUNT_STATE_CLAIM_URI, IdentityRecoveryConstants.PENDING_EMAIL_VERIFICATION, userStoreManager, user);
                        }
                        initNotification(user, RecoveryScenarios.SELF_SIGN_UP, RecoverySteps.CONFIRM_SIGN_UP, IdentityRecoveryConstants.NOTIFICATION_TYPE_EMAIL_CONFIRM.toString());
                    }
                    if (parseBoolean) {
                        lockAccount(user, userStoreManager);
                    }
                } else if (IdentityRecoveryConstants.ASK_PASSWORD_CLAIM.equals(emailVerifyTemporaryClaim.getClaimUri()) && parseBoolean2) {
                    if (isAccountStateClaimExisting) {
                        setUserClaim(IdentityRecoveryConstants.ACCOUNT_STATE_CLAIM_URI, IdentityRecoveryConstants.PENDING_ASK_PASSWORD, userStoreManager, user);
                    }
                    initNotification(user, RecoveryScenarios.ASK_PASSWORD, RecoverySteps.UPDATE_PASSWORD, IdentityRecoveryConstants.NOTIFICATION_TYPE_ASK_PASSWORD.toString());
                }
            }
            if ("PRE_SET_USER_CLAIMS".equals(eventName)) {
                preSetUserClaimsOnEmailUpdate(map, userStoreManager, user);
            }
            if ("POST_SET_USER_CLAIMS".equals(eventName)) {
                postSetUserClaimsOnEmailUpdate(user, userStoreManager);
            }
        }
    }

    public void init(InitConfig initConfig) throws IdentityRuntimeException {
        super.init(initConfig);
    }

    public int getPriority(MessageContext messageContext) {
        return 65;
    }

    public void lockAccount(User user, UserStoreManager userStoreManager) throws IdentityEventException {
        if (log.isDebugEnabled()) {
            log.debug("Locking user account:" + user.getUserName());
        }
        setUserClaim("http://wso2.org/claims/identity/accountLocked", Boolean.TRUE.toString(), userStoreManager, user);
    }

    protected void initNotification(User user, Enum r9, Enum r10, String str) throws IdentityEventException {
        initNotification(user, r9, r10, str, UUIDGenerator.generateUUID());
    }

    protected void initNotification(User user, Enum r9, Enum r10, String str, String str2) throws IdentityEventException {
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        try {
            jDBCRecoveryDataStore.invalidate(user);
            jDBCRecoveryDataStore.store(new UserRecoveryData(user, str2, r9, r10));
            triggerNotification(user, str, str2, Utils.getArbitraryProperties());
        } catch (IdentityRecoveryException e) {
            throw new IdentityEventException("Error while sending  notification ", e);
        }
    }

    private void initNotificationForEmailVerificationOnUpdate(String str, User user) throws IdentityEventException {
        initNotificationForEmailVerificationOnUpdate(user, UUIDGenerator.generateUUID(), str);
    }

    private void initNotificationForEmailVerificationOnUpdate(User user, String str, String str2) throws IdentityEventException {
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        try {
            jDBCRecoveryDataStore.invalidate(user, RecoveryScenarios.EMAIL_VERIFICATION_ON_UPDATE, RecoverySteps.VERIFY_EMAIL);
            UserRecoveryData userRecoveryData = new UserRecoveryData(user, str, RecoveryScenarios.EMAIL_VERIFICATION_ON_UPDATE, RecoverySteps.VERIFY_EMAIL);
            userRecoveryData.setRemainingSetIds(str2);
            jDBCRecoveryDataStore.store(userRecoveryData);
            triggerNotification(user, IdentityRecoveryConstants.NOTIFICATION_TYPE_VERIFY_EMAIL_ON_UPDATE, str, Utils.getArbitraryProperties(), str2);
        } catch (IdentityRecoveryException e) {
            throw new IdentityEventException("Error while sending notification for user: " + user.toFullQualifiedUsername(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setRecoveryData(User user, Enum r9, Enum r10, String str) throws IdentityEventException {
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        try {
            jDBCRecoveryDataStore.invalidate(user);
            jDBCRecoveryDataStore.store(new UserRecoveryData(user, str, r9, r10));
        } catch (IdentityRecoveryException e) {
            throw new IdentityEventException("Error while setting recovery data for user ", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserRecoveryData getRecoveryData(User user) throws IdentityEventException {
        try {
            return JDBCRecoveryDataStore.getInstance().loadWithoutCodeExpiryValidation(user);
        } catch (IdentityRecoveryException e) {
            throw new IdentityEventException("Error while loading recovery data for user ", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setUserClaim(String str, String str2, UserStoreManager userStoreManager, User user) throws IdentityEventException {
        HashMap hashMap = new HashMap();
        hashMap.put(str, str2);
        try {
            userStoreManager.setUserClaimValues(user.getUserName(), hashMap, (String) null);
        } catch (UserStoreException e) {
            throw new IdentityEventException("Error while setting user claim value :" + user.getUserName(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void triggerNotification(User user, String str, String str2, Property[] propertyArr) throws IdentityRecoveryException {
        triggerNotification(user, str, str2, propertyArr, null);
    }

    private void triggerNotification(User user, String str, String str2, Property[] propertyArr, String str3) throws IdentityRecoveryException {
        if (log.isDebugEnabled()) {
            log.debug("Sending : " + str + " notification to user : " + user.toString());
        }
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", user.getUserName());
        hashMap.put("tenant-domain", user.getTenantDomain());
        hashMap.put("userstore-domain", user.getUserStoreDomain());
        if (StringUtils.isNotBlank(str3)) {
            hashMap.put(IdentityRecoveryConstants.SEND_TO, str3);
        }
        if (propertyArr != null && propertyArr.length > 0) {
            for (Property property : propertyArr) {
                hashMap.put(property.getKey(), property.getValue());
            }
        }
        if (StringUtils.isNotBlank(str2)) {
            hashMap.put(IdentityRecoveryConstants.CONFIRMATION_CODE, str2);
        }
        hashMap.put(IdentityRecoveryConstants.TEMPLATE_TYPE, str);
        try {
            IdentityRecoveryServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event("TRIGGER_NOTIFICATION", hashMap));
        } catch (IdentityEventException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_TRIGGER_NOTIFICATION, user.getUserName(), (Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public User getUser(Map map, UserStoreManager userStoreManager) {
        String str = (String) map.get("user-name");
        String str2 = (String) map.get("tenant-domain");
        String userStoreProperty = userStoreManager.getRealmConfiguration().getUserStoreProperty("DomainName");
        User user = new User();
        user.setUserName(str);
        user.setTenantDomain(str2);
        user.setUserStoreDomain(userStoreProperty);
        return user;
    }

    private void preSetUserClaimsOnEmailUpdate(Map<String, String> map, UserStoreManager userStoreManager, User user) throws IdentityEventException {
        if (IdentityRecoveryConstants.SkipEmailVerificationOnUpdateStates.SKIP_ON_CONFIRM.toString().equals(Utils.getThreadLocalToSkipSendingEmailVerificationOnUpdate())) {
            return;
        }
        if (Utils.getThreadLocalToSkipSendingEmailVerificationOnUpdate() != null) {
            Utils.unsetThreadLocalToSkipSendingEmailVerificationOnUpdate();
        }
        if (MapUtils.isEmpty(map)) {
            Utils.setThreadLocalToSkipSendingEmailVerificationOnUpdate(IdentityRecoveryConstants.SkipEmailVerificationOnUpdateStates.SKIP_ON_INAPPLICABLE_CLAIMS.toString());
            return;
        }
        String str = map.get(IdentityRecoveryConstants.EMAIL_ADDRESS_CLAIM);
        if (!StringUtils.isNotBlank(str)) {
            Utils.setThreadLocalToSkipSendingEmailVerificationOnUpdate(IdentityRecoveryConstants.SkipEmailVerificationOnUpdateStates.SKIP_ON_INAPPLICABLE_CLAIMS.toString());
            return;
        }
        String userName = user.getUserName();
        try {
            if (!str.equals(userStoreManager.getUserClaimValue(userName, IdentityRecoveryConstants.EMAIL_ADDRESS_CLAIM, (String) null))) {
                map.put(IdentityRecoveryConstants.EMAIL_ADDRESS_PENDING_VALUE_CLAIM, str);
                map.remove(IdentityRecoveryConstants.EMAIL_ADDRESS_CLAIM);
            } else {
                if (log.isDebugEnabled()) {
                    log.debug(String.format("The email address to be updated: %s is same as the existing email address for user: %s in domain %s. Hence an email verification will not be triggered.", str, userName, user.getTenantDomain()));
                }
                Utils.setThreadLocalToSkipSendingEmailVerificationOnUpdate(IdentityRecoveryConstants.SkipEmailVerificationOnUpdateStates.SKIP_ON_EXISTING_EMAIL.toString());
                invalidatePendingEmailVerification(user, userStoreManager, map);
            }
        } catch (UserStoreException e) {
            throw new IdentityEventException(String.format("Error occurred while retrieving existing email address for user: %s in domain : %s", userName, user.getTenantDomain()), e);
        }
    }

    private void postSetUserClaimsOnEmailUpdate(User user, UserStoreManager userStoreManager) throws IdentityEventException {
        try {
            String threadLocalToSkipSendingEmailVerificationOnUpdate = Utils.getThreadLocalToSkipSendingEmailVerificationOnUpdate();
            if (!IdentityRecoveryConstants.SkipEmailVerificationOnUpdateStates.SKIP_ON_CONFIRM.toString().equals(threadLocalToSkipSendingEmailVerificationOnUpdate) && !IdentityRecoveryConstants.SkipEmailVerificationOnUpdateStates.SKIP_ON_EXISTING_EMAIL.toString().equals(threadLocalToSkipSendingEmailVerificationOnUpdate) && !IdentityRecoveryConstants.SkipEmailVerificationOnUpdateStates.SKIP_ON_INAPPLICABLE_CLAIMS.toString().equals(threadLocalToSkipSendingEmailVerificationOnUpdate)) {
                String pendingVerificationEmailValue = getPendingVerificationEmailValue(userStoreManager, user);
                if (StringUtils.isNotBlank(pendingVerificationEmailValue)) {
                    initNotificationForEmailVerificationOnUpdate(pendingVerificationEmailValue, user);
                }
            }
        } finally {
            Utils.unsetThreadLocalToSkipSendingEmailVerificationOnUpdate();
        }
    }

    private String getPendingVerificationEmailValue(UserStoreManager userStoreManager, User user) throws IdentityEventException {
        try {
            Map userClaimValues = userStoreManager.getUserClaimValues(user.getUserName(), new String[]{IdentityRecoveryConstants.EMAIL_ADDRESS_PENDING_VALUE_CLAIM}, (String) null);
            if (MapUtils.isEmpty(userClaimValues)) {
                return null;
            }
            for (Map.Entry entry : userClaimValues.entrySet()) {
                if (((String) entry.getKey()).equals(IdentityRecoveryConstants.EMAIL_ADDRESS_PENDING_VALUE_CLAIM)) {
                    return (String) entry.getValue();
                }
            }
            return null;
        } catch (UserStoreException e) {
            throw new IdentityEventException("Error while retrieving verification pending email claim value for user: " + user.toFullQualifiedUsername(), e);
        }
    }

    private void invalidatePendingEmailVerification(User user, UserStoreManager userStoreManager, Map<String, String> map) throws IdentityEventException {
        if (StringUtils.isNotBlank(getPendingVerificationEmailValue(userStoreManager, user))) {
            map.put(IdentityRecoveryConstants.EMAIL_ADDRESS_PENDING_VALUE_CLAIM, "");
            try {
                JDBCRecoveryDataStore.getInstance().invalidate(user, RecoveryScenarios.EMAIL_VERIFICATION_ON_UPDATE, RecoverySteps.VERIFY_EMAIL);
            } catch (IdentityRecoveryException e) {
                throw new IdentityEventException("Error while invalidating previous email verification data from recovery store for user: " + user.toFullQualifiedUsername(), e);
            }
        }
    }
}
