package org.wso2.carbon.identity.recovery.confirmation;

import java.io.UnsupportedEncodingException;
import java.net.URISyntaxException;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.UUID;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.governance.exceptions.notiification.NotificationChannelManagerException;
import org.wso2.carbon.identity.governance.service.notification.NotificationChannels;
import org.wso2.carbon.identity.recovery.IdentityRecoveryClientException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
import org.wso2.carbon.identity.recovery.IdentityRecoveryException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryServerException;
import org.wso2.carbon.identity.recovery.RecoveryScenarios;
import org.wso2.carbon.identity.recovery.RecoverySteps;
import org.wso2.carbon.identity.recovery.bean.NotificationResponseBean;
import org.wso2.carbon.identity.recovery.dto.ResendConfirmationDTO;
import org.wso2.carbon.identity.recovery.internal.IdentityRecoveryServiceDataHolder;
import org.wso2.carbon.identity.recovery.internal.service.impl.UserAccountRecoveryManager;
import org.wso2.carbon.identity.recovery.model.Property;
import org.wso2.carbon.identity.recovery.model.UserRecoveryData;
import org.wso2.carbon.identity.recovery.store.JDBCRecoveryDataStore;
import org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore;
import org.wso2.carbon.identity.recovery.util.Utils;

/* loaded from: input_file:org/wso2/carbon/identity/recovery/confirmation/ResendConfirmationManager.class */
public class ResendConfirmationManager {
    private static final Log log = LogFactory.getLog(ResendConfirmationManager.class);
    private static ResendConfirmationManager instance = new ResendConfirmationManager();

    private ResendConfirmationManager() {
    }

    public static ResendConfirmationManager getInstance() {
        return instance;
    }

    public NotificationResponseBean resendConfirmationCode(User user, String str, String str2, String str3, Property[] propertyArr) throws IdentityRecoveryException {
        return resendAccountRecoveryNotification(user, null, str, str2, str3, propertyArr);
    }

    public NotificationResponseBean resendConfirmationCode(User user, String str, String str2, String str3, String str4, Property[] propertyArr) throws IdentityRecoveryException {
        if (StringUtils.isBlank(str)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CONFIRMATION_CODE_NOT_PROVIDED, user.getUserName());
        }
        return resendAccountRecoveryNotification(user, str, str2, str3, str4, propertyArr);
    }

    public ResendConfirmationDTO resendConfirmation(String str, String str2, String str3, String str4, String str5, Property[] propertyArr) throws IdentityRecoveryException {
        String concatRecoveryFlowIdWithSecretKey;
        RecoverySteps recoveryStep = RecoverySteps.getRecoveryStep(str4);
        RecoveryScenarios recoveryScenario = RecoveryScenarios.getRecoveryScenario(str3);
        UserAccountRecoveryManager userAccountRecoveryManager = UserAccountRecoveryManager.getInstance();
        UserRecoveryData userRecoveryData = userAccountRecoveryManager.getUserRecoveryData(str2, RecoverySteps.RESEND_CONFIRMATION_CODE);
        User user = userRecoveryData.getUser();
        String recoveryFlowId = userRecoveryData.getRecoveryFlowId();
        int resendCount = userAccountRecoveryManager.loadUserRecoveryFlowData(userRecoveryData).getResendCount();
        if (resendCount >= Integer.parseInt(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.RECOVERY_NOTIFICATION_PASSWORD_MAX_RESEND_ATTEMPTS, str))) {
            userAccountRecoveryManager.invalidateRecoveryData(recoveryFlowId);
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_RECOVERY_FLOW_ID.getCode(), IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_RECOVERY_FLOW_ID.getMessage(), recoveryFlowId);
        }
        userAccountRecoveryManager.updateRecoveryDataResendCount(recoveryFlowId, resendCount + 1);
        validateRequestAttributes(user, recoveryScenario, userRecoveryData.getRecoveryScenario(), str, str2);
        validateCallback(propertyArr, user.getTenantDomain());
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        String validateNotificationChannel = validateNotificationChannel(userRecoveryData.getRemainingSetIds());
        UserRecoveryData loadWithoutCodeExpiryValidation = jDBCRecoveryDataStore.loadWithoutCodeExpiryValidation(user, recoveryScenario, recoveryStep);
        if (Utils.reIssueExistingConfirmationCode(loadWithoutCodeExpiryValidation, validateNotificationChannel)) {
            concatRecoveryFlowIdWithSecretKey = loadWithoutCodeExpiryValidation.getSecret();
        } else {
            jDBCRecoveryDataStore.invalidate(user);
            concatRecoveryFlowIdWithSecretKey = Utils.concatRecoveryFlowIdWithSecretKey(recoveryFlowId, validateNotificationChannel, Utils.generateSecretKey(validateNotificationChannel, user.getTenantDomain(), str3));
            try {
                addRecoveryDataObject(Utils.hashCode(concatRecoveryFlowIdWithSecretKey), recoveryFlowId, validateNotificationChannel, recoveryScenario, recoveryStep, user);
            } catch (NoSuchAlgorithmException e) {
                throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_HASHING_ALGO_FOR_CODE, null);
            }
        }
        ResendConfirmationDTO resendConfirmationDTO = new ResendConfirmationDTO();
        if (NotificationChannels.EXTERNAL_CHANNEL.getChannelType().equals(validateNotificationChannel)) {
            resendConfirmationDTO.setExternalConfirmationCode(concatRecoveryFlowIdWithSecretKey);
        } else {
            triggerNotification(user, validateNotificationChannel, str5, concatRecoveryFlowIdWithSecretKey, Utils.resolveEventName(validateNotificationChannel), propertyArr);
        }
        String generateResendCode = generateResendCode(validateNotificationChannel, recoveryScenario, userRecoveryData);
        resendConfirmationDTO.setNotificationChannel(validateNotificationChannel);
        resendConfirmationDTO.setResendCode(generateResendCode);
        resendConfirmationDTO.setSuccessCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_RESEND_CONFIRMATION_CODE.getCode());
        resendConfirmationDTO.setSuccessMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_RESEND_CONFIRMATION_CODE.getMessage());
        resendConfirmationDTO.setRecoveryFlowId(recoveryFlowId);
        return resendConfirmationDTO;
    }

    private void validateRequestAttributes(User user, RecoveryScenarios recoveryScenarios, Enum r6, String str, String str2) throws IdentityRecoveryClientException {
        if (!StringUtils.equals(str, user.getTenantDomain())) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_USER_TENANT_DOMAIN_MISS_MATCH_WITH_CONTEXT, str);
        }
        if (!recoveryScenarios.equals(r6)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_RESEND_CODE, str2);
        }
    }

    private void triggerNotification(User user, String str, String str2, String str3, String str4, Property[] propertyArr) throws IdentityRecoveryException {
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", user.getUserName());
        hashMap.put("tenant-domain", user.getTenantDomain());
        hashMap.put("userstore-domain", user.getUserStoreDomain());
        if (StringUtils.isBlank(str)) {
            str = NotificationChannels.EMAIL_CHANNEL.getChannelType();
        }
        hashMap.put("notification-channel", str);
        if (StringUtils.isNotBlank(str3)) {
            hashMap.put(IdentityRecoveryConstants.CONFIRMATION_CODE, str3);
        }
        if (propertyArr != null) {
            for (Property property : propertyArr) {
                if (StringUtils.isNotBlank(property.getValue()) && StringUtils.isNotBlank(property.getKey())) {
                    hashMap.put(property.getKey(), property.getValue());
                }
            }
        }
        if (hashMap.containsKey(IdentityRecoveryConstants.RESEND_EMAIL_TEMPLATE_NAME)) {
            hashMap.put(IdentityRecoveryConstants.TEMPLATE_TYPE, hashMap.get(IdentityRecoveryConstants.RESEND_EMAIL_TEMPLATE_NAME));
        } else {
            hashMap.put(IdentityRecoveryConstants.TEMPLATE_TYPE, str2);
        }
        try {
            IdentityRecoveryServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event(str4, hashMap));
        } catch (IdentityEventException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_TRIGGER_NOTIFICATION, user.getUserName(), (Throwable) e);
        }
    }

    private String generateResendCode(String str, RecoveryScenarios recoveryScenarios, UserRecoveryData userRecoveryData) throws IdentityRecoveryServerException {
        String uuid = UUID.randomUUID().toString();
        String recoveryFlowId = userRecoveryData.getRecoveryFlowId();
        if (Utils.reIssueExistingConfirmationCode(getResendConfirmationCodeData(userRecoveryData.getUser()), str)) {
            invalidateResendConfirmationCode(uuid, str, userRecoveryData);
            return uuid;
        }
        addRecoveryDataObject(uuid, recoveryFlowId, str, recoveryScenarios, RecoverySteps.RESEND_CONFIRMATION_CODE, userRecoveryData.getUser());
        return uuid;
    }

    private UserRecoveryData getResendConfirmationCodeData(User user) throws IdentityRecoveryServerException {
        try {
            return JDBCRecoveryDataStore.getInstance().loadWithoutCodeExpiryValidation(user, RecoveryScenarios.NOTIFICATION_BASED_PW_RECOVERY, RecoverySteps.RESEND_CONFIRMATION_CODE);
        } catch (IdentityRecoveryException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_ERROR_RETRIEVING_RECOVERY_DATA, "Error Retrieving Recovery Data", (Throwable) e);
        }
    }

    private void invalidateResendConfirmationCode(String str, String str2, UserRecoveryData userRecoveryData) throws IdentityRecoveryServerException {
        try {
            JDBCRecoveryDataStore.getInstance().invalidateWithoutChangeTimeCreated(userRecoveryData.getSecret(), str, RecoverySteps.RESEND_CONFIRMATION_CODE, str2);
        } catch (IdentityRecoveryException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_ERROR_UPDATING_RECOVERY_DATA, "Error Updating Recovery Data : RESEND_CONFIRMATION_CODE", (Throwable) e);
        }
    }

    private void addRecoveryDataObject(String str, String str2, String str3, RecoveryScenarios recoveryScenarios, RecoverySteps recoverySteps, User user) throws IdentityRecoveryServerException {
        UserRecoveryData userRecoveryData = new UserRecoveryData(user, str2, str, recoveryScenarios, recoverySteps);
        userRecoveryData.setRemainingSetIds(str3);
        try {
            UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
            if (StringUtils.equals(RecoverySteps.UPDATE_PASSWORD.name(), String.valueOf(recoverySteps))) {
                jDBCRecoveryDataStore.storeConfirmationCode(userRecoveryData);
            } else {
                jDBCRecoveryDataStore.store(userRecoveryData);
            }
        } catch (IdentityRecoveryException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_ERROR_STORING_RECOVERY_DATA, "Error Storing Recovery Data", (Throwable) e);
        }
    }

    private void validateCallback(Property[] propertyArr, String str) throws IdentityRecoveryServerException {
        String str2 = null;
        try {
            str2 = Utils.getCallbackURL(propertyArr);
            if (!StringUtils.isNotBlank(str2) || Utils.validateCallbackURL(str2, str, IdentityRecoveryConstants.ConnectorConfig.RECOVERY_CALLBACK_REGEX)) {
            } else {
                throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, str2);
            }
        } catch (UnsupportedEncodingException | URISyntaxException | IdentityEventException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, str2);
        }
    }

    private String validateNotificationChannel(String str) throws IdentityRecoveryClientException {
        try {
            return NotificationChannels.getNotificationChannel(str).getChannelType();
        } catch (NotificationChannelManagerException e) {
            if (log.isDebugEnabled()) {
                log.debug("Unsupported Notification channel : " + str, e);
            }
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNSUPPORTED_NOTIFICATION_CHANNEL, str);
        }
    }

    private NotificationResponseBean resendAccountRecoveryNotification(User user, String str, String str2, String str3, String str4, Property[] propertyArr) throws IdentityRecoveryException {
        String generateSecretKey;
        validateRequestParameters(user, str2, str3, str4);
        resolveUserAttributes(user);
        boolean isNotificationInternallyManage = isNotificationInternallyManage(user, str2);
        NotificationResponseBean notificationResponseBean = new NotificationResponseBean(user);
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        UserRecoveryData loadWithoutCodeExpiryValidation = jDBCRecoveryDataStore.loadWithoutCodeExpiryValidation(user, RecoveryScenarios.getRecoveryScenario(str2));
        validateWithOldConfirmationCode(str, str2, str3, loadWithoutCodeExpiryValidation);
        String remainingSetIds = loadWithoutCodeExpiryValidation.getRemainingSetIds();
        String str5 = "";
        if (isServerSupportedNotificationChannel(remainingSetIds)) {
            str5 = remainingSetIds;
            if (!isNotificationInternallyManage) {
                str5 = NotificationChannels.EXTERNAL_CHANNEL.getChannelType();
            }
        }
        if (RecoveryScenarios.MOBILE_VERIFICATION_ON_UPDATE.toString().equals(str2)) {
            str5 = NotificationChannels.SMS_CHANNEL.getChannelType();
        }
        if (Utils.reIssueExistingConfirmationCode(loadWithoutCodeExpiryValidation, str5)) {
            generateSecretKey = loadWithoutCodeExpiryValidation.getSecret();
        } else {
            jDBCRecoveryDataStore.invalidate(loadWithoutCodeExpiryValidation.getSecret());
            generateSecretKey = Utils.generateSecretKey(str5, user.getTenantDomain(), str2);
            UserRecoveryData userRecoveryData = new UserRecoveryData(user, generateSecretKey, RecoveryScenarios.getRecoveryScenario(str2), RecoverySteps.getRecoveryStep(str3));
            if (StringUtils.isNotBlank(str5)) {
                userRecoveryData.setRemainingSetIds(str5);
                notificationResponseBean.setNotificationChannel(str5);
            }
            if (RecoveryScenarios.EMAIL_VERIFICATION_ON_UPDATE.toString().equals(str2) && RecoverySteps.VERIFY_EMAIL.toString().equals(str3)) {
                String remainingSetIds2 = loadWithoutCodeExpiryValidation.getRemainingSetIds();
                propertyArr = new Property[]{new Property(IdentityRecoveryConstants.SEND_TO, remainingSetIds2)};
                userRecoveryData.setRemainingSetIds(remainingSetIds2);
            } else if (RecoveryScenarios.MOBILE_VERIFICATION_ON_UPDATE.toString().equals(str2) && RecoverySteps.VERIFY_MOBILE_NUMBER.toString().equals(str3)) {
                String remainingSetIds3 = loadWithoutCodeExpiryValidation.getRemainingSetIds();
                propertyArr = new Property[]{new Property(IdentityRecoveryConstants.SEND_TO, remainingSetIds3)};
                userRecoveryData.setRemainingSetIds(remainingSetIds3);
            }
            jDBCRecoveryDataStore.store(userRecoveryData);
        }
        if (isNotificationInternallyManage) {
            triggerNotification(user, str5, str4, generateSecretKey, resolveEventName(str5, user.getUserName(), user.getUserStoreDomain(), user.getTenantDomain()), propertyArr);
        } else {
            notificationResponseBean.setKey(generateSecretKey);
        }
        return notificationResponseBean;
    }

    private String resolveEventName(String str, String str2, String str3, String str4) {
        String str5 = NotificationChannels.SMS_CHANNEL.getChannelType().equals(str) ? IdentityRecoveryConstants.NOTIFICATION_EVENTNAME_PREFIX + str + IdentityRecoveryConstants.NOTIFICATION_EVENTNAME_SUFFIX : "TRIGGER_NOTIFICATION";
        if (log.isDebugEnabled()) {
            log.debug(String.format("For user : %1$s in domain : %2$s, notifications were sent from the event : %3$s", str3 + CarbonConstants.DOMAIN_SEPARATOR + str2, str4, str5));
        }
        return str5;
    }

    private boolean isServerSupportedNotificationChannel(String str) {
        try {
            return StringUtils.isNotBlank(NotificationChannels.getNotificationChannel(str).getChannelType());
        } catch (NotificationChannelManagerException e) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("The given value : " + str + " is not a supported notification channel", e);
            return false;
        }
    }

    private void validateRequestParameters(User user, String str, String str2, String str3) throws IdentityRecoveryClientException {
        if (user == null) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_USER_OBJECT_NOT_FOUND.getCode(), IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_USER_OBJECT_NOT_FOUND.getMessage(), (String) null);
        }
        if (StringUtils.isBlank(str)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_RECOVERY_SCENARIO_NOT_PROVIDED, user.getUserName());
        }
        if (StringUtils.isBlank(str2)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_RECOVERY_STEP_NOT_PROVIDED, user.getUserName());
        }
        if (StringUtils.isBlank(str3)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NOTIFICATION_TYPE_NOT_PROVIDED, user.getUserName());
        }
    }

    private boolean isNotificationInternallyManage(User user) throws IdentityRecoveryServerException {
        return Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.SIGN_UP_NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain()));
    }

    private boolean isNotificationInternallyManage(User user, String str) throws IdentityRecoveryServerException {
        if (RecoveryScenarios.ASK_PASSWORD.toString().equals(str)) {
            return Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.EMAIL_VERIFICATION_NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain()));
        }
        if (RecoveryScenarios.NOTIFICATION_BASED_PW_RECOVERY.toString().equals(str)) {
            return Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain()));
        }
        if (RecoveryScenarios.LITE_SIGN_UP.toString().equals(str)) {
            return Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.LITE_SIGN_UP_NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain()));
        }
        if (RecoveryScenarios.EMAIL_VERIFICATION_ON_UPDATE.toString().equals(str) || RecoveryScenarios.MOBILE_VERIFICATION_ON_UPDATE.toString().equals(str)) {
            return true;
        }
        return isNotificationInternallyManage(user);
    }

    private void resolveUserAttributes(User user) {
        if (StringUtils.isBlank(user.getTenantDomain())) {
            String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
            if (StringUtils.isBlank(tenantDomain)) {
                tenantDomain = "carbon.super";
            }
            user.setTenantDomain(tenantDomain);
            if (log.isDebugEnabled()) {
                log.debug("Tenant domain is not in the request. Set super tenant domain for user : " + user.getUserName());
            }
        }
        if (StringUtils.isBlank(user.getUserStoreDomain())) {
            user.setUserStoreDomain(IdentityUtil.getPrimaryDomainName());
            if (log.isDebugEnabled()) {
                log.debug("User store domain is not in the request. Set primary user store domain for user : " + user.getUserName());
            }
        }
    }

    private void validateWithOldConfirmationCode(String str, String str2, String str3, UserRecoveryData userRecoveryData) throws IdentityRecoveryClientException {
        if (userRecoveryData == null || StringUtils.isBlank(userRecoveryData.getSecret()) || !str2.equals(userRecoveryData.getRecoveryScenario().toString()) || !str3.equals(userRecoveryData.getRecoveryStep().toString())) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_OLD_CODE_NOT_FOUND, null);
        }
        if (str != null && !userRecoveryData.getSecret().equals(str)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_PROVIDED_CONFIRMATION_CODE_NOT_VALID, str);
        }
    }
}
