package org.wso2.carbon.identity.handler.event.account.lock;

import java.util.Dictionary;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.core.bean.context.MessageContext;
import org.wso2.carbon.identity.core.handler.InitConfig;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
import org.wso2.carbon.identity.governance.IdentityGovernanceException;
import org.wso2.carbon.identity.governance.common.IdentityGovernanceConnector;
import org.wso2.carbon.identity.handler.event.account.lock.constants.AccountConstants;
import org.wso2.carbon.identity.handler.event.account.lock.exception.AccountLockException;
import org.wso2.carbon.identity.handler.event.account.lock.internal.AccountServiceDataHolder;
import org.wso2.carbon.identity.handler.event.account.lock.util.AccountUtil;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/handler/event/account/lock/AccountLockHandler.class */
public class AccountLockHandler extends AbstractEventHandler implements IdentityGovernanceConnector {
    private static final Log log = LogFactory.getLog(AccountLockHandler.class);
    private static ThreadLocal<String> lockedState = new ThreadLocal<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wso2/carbon/identity/handler/event/account/lock/AccountLockHandler$lockedStates.class */
    public enum lockedStates {
        LOCKED_MODIFIED,
        UNLOCKED_MODIFIED,
        LOCKED_UNMODIFIED,
        UNLOCKED_UNMODIFIED
    }

    public String getName() {
        return "account.lock.handler";
    }

    public String getFriendlyName() {
        return "Account Locking Connector";
    }

    public void init(InitConfig initConfig) {
        super.init(initConfig);
        AccountServiceDataHolder.getInstance().getBundleContext().registerService(IdentityGovernanceConnector.class.getName(), this, (Dictionary) null);
    }

    public Map<String, String> getPropertyNameMapping() {
        HashMap hashMap = new HashMap();
        hashMap.put(AccountConstants.ACCOUNT_LOCKED_PROPERTY, "Account Lock Enabled");
        hashMap.put(AccountConstants.FAILED_LOGIN_ATTEMPTS_PROPERTY, "Maximum Failed Login Attempts");
        hashMap.put(AccountConstants.ACCOUNT_UNLOCK_TIME_PROPERTY, "Account Unlock Time");
        hashMap.put(AccountConstants.LOGIN_FAIL_TIMEOUT_RATIO_PROPERTY, "Lock Timeout Increment Factor");
        return hashMap;
    }

    public int getPriority(MessageContext messageContext) {
        return 100;
    }

    public void handleEvent(Event event) throws IdentityEventException {
        IdentityUtil.clearIdentityErrorMsg();
        Map eventProperties = event.getEventProperties();
        String str = (String) eventProperties.get("user-name");
        UserStoreManager userStoreManager = (UserStoreManager) eventProperties.get("userStoreManager");
        String userStoreDomainName = AccountUtil.getUserStoreDomainName(userStoreManager);
        String str2 = (String) eventProperties.get("tenant-domain");
        Boolean bool = false;
        String str3 = "0";
        int i = 0;
        double d = 1.0d;
        try {
            Property[] configuration = AccountServiceDataHolder.getInstance().getIdentityGovernanceService().getConfiguration(getPropertyNames(), str2);
            for (Property property : configuration) {
                if (AccountConstants.ACCOUNT_LOCKED_PROPERTY.equals(property.getName())) {
                    bool = Boolean.valueOf(Boolean.parseBoolean(property.getValue()));
                } else if (AccountConstants.FAILED_LOGIN_ATTEMPTS_PROPERTY.equals(property.getName())) {
                    i = Integer.parseInt(property.getValue());
                } else if (AccountConstants.ACCOUNT_UNLOCK_TIME_PROPERTY.equals(property.getName())) {
                    str3 = property.getValue();
                } else if (AccountConstants.LOGIN_FAIL_TIMEOUT_RATIO_PROPERTY.equals(property.getName())) {
                    String value = property.getValue();
                    if (NumberUtils.isNumber(value) && Integer.parseInt(value) > 0) {
                        d = Integer.parseInt(value);
                    }
                }
            }
            if (bool.booleanValue()) {
                try {
                    if (userStoreManager.isExistingUser(UserCoreUtil.addDomainToName(str, userStoreDomainName))) {
                        if ("PRE_AUTHENTICATION".equals(event.getEventName())) {
                            handlePreAuthentication(event, str, userStoreManager, userStoreDomainName, str2, configuration, i, str3, d);
                            return;
                        }
                        if ("POST_AUTHENTICATION".equals(event.getEventName())) {
                            handlePostAuthentication(event, str, userStoreManager, userStoreDomainName, str2, configuration, i, str3, d);
                        } else if ("PRE_SET_USER_CLAIMS".equals(event.getEventName())) {
                            handlePreSetUserClaimValues(event, str, userStoreManager, userStoreDomainName, str2, configuration, i, str3, d);
                        } else if ("POST_SET_USER_CLAIMS".equals(event.getEventName())) {
                            handlePostSetUserClaimValues(event, str, userStoreManager, userStoreDomainName, str2, configuration, i, str3, d);
                        }
                    }
                } catch (UserStoreException e) {
                    throw new IdentityEventException("Error in accessing user store");
                }
            }
        } catch (IdentityGovernanceException e2) {
            throw new IdentityEventException("Error while retrieving Account Locking Handler properties.", e2);
        }
    }

    protected boolean handlePreAuthentication(Event event, String str, UserStoreManager userStoreManager, String str2, String str3, Property[] propertyArr, int i, String str4, double d) throws AccountLockException {
        try {
            if (!Boolean.parseBoolean(userStoreManager.getUserClaimValue(str, AccountConstants.ACCOUNT_LOCKED_CLAIM, (String) null))) {
                return true;
            }
            long j = 0;
            try {
                String userClaimValue = userStoreManager.getUserClaimValue(str, AccountConstants.ACCOUNT_UNLOCK_TIME_CLAIM, (String) null);
                if (NumberUtils.isNumber(userClaimValue)) {
                    j = Long.parseLong(userClaimValue);
                }
                if (j == 0 || System.currentTimeMillis() < j) {
                    throw new AccountLockException("17003 " + (StringUtils.isNotBlank(str2) ? "Account is locked for user " + str + " in user store " + str2 + " in tenant " + str3 + ". Cannot login until the account is unlocked." : "Account is locked for user " + str + " in tenant " + str3 + ". Cannot login until the account is unlocked."));
                }
                HashMap hashMap = new HashMap();
                hashMap.put(AccountConstants.ACCOUNT_LOCKED_CLAIM, Boolean.FALSE.toString());
                hashMap.put(AccountConstants.ACCOUNT_UNLOCK_TIME_CLAIM, "0");
                hashMap.put(AccountConstants.FAILED_LOGIN_ATTEMPTS_CLAIM, "0");
                try {
                    userStoreManager.setUserClaimValues(str, hashMap, (String) null);
                    return true;
                } catch (UserStoreException e) {
                    throw new AccountLockException("Error occurred while storing http://wso2.org/claims/identity/accountLocked and http://wso2.org/claims/identity/unlockTimeclaim values");
                }
            } catch (UserStoreException e2) {
                throw new AccountLockException("Error occurred while retrieving http://wso2.org/claims/identity/unlockTime claim value");
            }
        } catch (UserStoreException e3) {
            throw new AccountLockException("Error occurred while retrieving http://wso2.org/claims/identity/accountLocked claim value");
        }
    }

    protected boolean handlePostAuthentication(Event event, String str, UserStoreManager userStoreManager, String str2, String str3, Property[] propertyArr, int i, String str4, double d) throws AccountLockException {
        if (((Boolean) event.getEventProperties().get("OPERATION_STATUS")).booleanValue()) {
            HashMap hashMap = new HashMap();
            hashMap.put(AccountConstants.FAILED_LOGIN_ATTEMPTS_CLAIM, "0");
            hashMap.put(AccountConstants.ACCOUNT_UNLOCK_TIME_CLAIM, "0");
            hashMap.put(AccountConstants.ACCOUNT_LOCKED_CLAIM, Boolean.FALSE.toString());
            hashMap.put(AccountConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM, "0");
            try {
                if (!userStoreManager.isReadOnly()) {
                    userStoreManager.setUserClaimValues(str, hashMap, (String) null);
                }
                return true;
            } catch (UserStoreException e) {
                throw new AccountLockException("Error occurred while storing http://wso2.org/claims/identity/failedLoginAttempts, http://wso2.org/claims/identity/unlockTime and http://wso2.org/claims/identity/accountLocked", e);
            }
        }
        int i2 = 0;
        try {
            String userClaimValue = userStoreManager.getUserClaimValue(str, AccountConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM, (String) null);
            if (NumberUtils.isNumber(userClaimValue)) {
                i2 = Integer.parseInt(userClaimValue);
            }
            String userClaimValue2 = userStoreManager.getUserClaimValue(str, AccountConstants.FAILED_LOGIN_ATTEMPTS_CLAIM, (String) null);
            int parseInt = (StringUtils.isBlank(userClaimValue2) ? 0 : Integer.parseInt(userClaimValue2)) + 1;
            HashMap hashMap2 = new HashMap();
            hashMap2.put(AccountConstants.FAILED_LOGIN_ATTEMPTS_CLAIM, parseInt + "");
            if (parseInt >= i) {
                hashMap2.put(AccountConstants.ACCOUNT_LOCKED_CLAIM, "true");
                long j = 1;
                if (NumberUtils.isNumber(str4)) {
                    j = Integer.parseInt(str4);
                }
                int i3 = i2 + 1;
                hashMap2.put(AccountConstants.ACCOUNT_UNLOCK_TIME_CLAIM, (System.currentTimeMillis() + Long.parseLong(((long) (j * 1000 * 60 * Math.pow(d, i3))) + "")) + "");
                hashMap2.put(AccountConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM, i3 + "");
            }
            try {
                userStoreManager.setUserClaimValues(str, hashMap2, (String) null);
                return true;
            } catch (NumberFormatException e2) {
                throw new AccountLockException("Error occurred while parsing config values", e2);
            } catch (UserStoreException e3) {
                throw new AccountLockException("Error occurred while locking user account");
            }
        } catch (UserStoreException e4) {
            throw new AccountLockException("Error occurred while retrieving http://wso2.org/claims/identity/failedLoginAttempts claim value");
        }
    }

    protected boolean handlePreSetUserClaimValues(Event event, String str, UserStoreManager userStoreManager, String str2, String str3, Property[] propertyArr, int i, String str4, double d) throws AccountLockException {
        if (lockedState.get() != null) {
            return true;
        }
        try {
            Boolean valueOf = Boolean.valueOf(Boolean.parseBoolean(userStoreManager.getUserClaimValue(str, AccountConstants.ACCOUNT_LOCKED_CLAIM, (String) null)));
            if (!StringUtils.isNotBlank((String) ((Map) event.getEventProperties().get("USER_CLAIMS")).get(AccountConstants.ACCOUNT_LOCKED_CLAIM))) {
                if (valueOf.booleanValue()) {
                    lockedState.set(lockedStates.LOCKED_UNMODIFIED.toString());
                    return true;
                }
                lockedState.set(lockedStates.UNLOCKED_UNMODIFIED.toString());
                return true;
            }
            if (valueOf != Boolean.valueOf(Boolean.parseBoolean((String) ((Map) event.getEventProperties().get("USER_CLAIMS")).get(AccountConstants.ACCOUNT_LOCKED_CLAIM)))) {
                if (valueOf.booleanValue()) {
                    lockedState.set(lockedStates.UNLOCKED_MODIFIED.toString());
                    return true;
                }
                lockedState.set(lockedStates.LOCKED_MODIFIED.toString());
                return true;
            }
            if (valueOf.booleanValue()) {
                lockedState.set(lockedStates.LOCKED_UNMODIFIED.toString());
                return true;
            }
            lockedState.set(lockedStates.UNLOCKED_UNMODIFIED.toString());
            return true;
        } catch (UserStoreException e) {
            throw new AccountLockException("Error occurred while retrieving http://wso2.org/claims/identity/accountLocked claim value");
        }
    }

    protected boolean handlePostSetUserClaimValues(Event event, String str, UserStoreManager userStoreManager, String str2, String str3, Property[] propertyArr, int i, String str4, double d) throws AccountLockException {
        try {
            if (lockedStates.UNLOCKED_MODIFIED.toString().equals(lockedState.get())) {
                triggerNotification(event, str, userStoreManager, str2, str3, propertyArr, AccountConstants.EMAIL_TEMPLATE_TYPE_ACC_UNLOCKED);
            } else if (lockedStates.LOCKED_MODIFIED.toString().equals(lockedState.get())) {
                triggerNotification(event, str, userStoreManager, str2, str3, propertyArr, AccountConstants.EMAIL_TEMPLATE_TYPE_ACC_LOCKED);
            }
            lockedState.remove();
            return true;
        } catch (Throwable th) {
            lockedState.remove();
            throw th;
        }
    }

    public String[] getPropertyNames() {
        return (String[]) this.configs.getModuleProperties().keySet().toArray(new String[this.properties.keySet().size()]);
    }

    public Properties getDefaultPropertyValues(String str) throws IdentityGovernanceException {
        return this.configs.getModuleProperties();
    }

    public Map<String, String> getDefaultPropertyValues(String[] strArr, String str) throws IdentityGovernanceException {
        return null;
    }

    protected void triggerNotification(Event event, String str, UserStoreManager userStoreManager, String str2, String str3, Property[] propertyArr, String str4) {
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", str);
        hashMap.put("userstore-domain", str2);
        hashMap.put("tenant-domain", str3);
        hashMap.put("TEMPLATE_TYPE", str4);
        try {
            AccountServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event("TRIGGER_NOTIFICATION", hashMap));
        } catch (IdentityEventException e) {
            log.error("Error occurred while calling triggerNotification, detail : " + e.getMessage());
        }
    }
}
