package org.wso2.carbon.identity.mgt;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.mgt.beans.VerificationBean;
import org.wso2.carbon.identity.mgt.config.Config;
import org.wso2.carbon.identity.mgt.config.ConfigBuilder;
import org.wso2.carbon.identity.mgt.config.ConfigType;
import org.wso2.carbon.identity.mgt.config.StorageType;
import org.wso2.carbon.identity.mgt.constants.IdentityMgtConstants;
import org.wso2.carbon.identity.mgt.dto.NotificationDataDTO;
import org.wso2.carbon.identity.mgt.dto.UserDTO;
import org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO;
import org.wso2.carbon.identity.mgt.dto.UserRecoveryDataDO;
import org.wso2.carbon.identity.mgt.internal.IdentityMgtServiceComponent;
import org.wso2.carbon.identity.mgt.mail.Notification;
import org.wso2.carbon.identity.mgt.mail.NotificationBuilder;
import org.wso2.carbon.identity.mgt.mail.NotificationData;
import org.wso2.carbon.identity.mgt.store.UserIdentityDataStore;
import org.wso2.carbon.identity.mgt.store.UserRecoveryDataStore;
import org.wso2.carbon.identity.mgt.util.Utils;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;
import org.wso2.carbon.user.api.Tenant;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/mgt/RecoveryProcessor.class */
public class RecoveryProcessor {
    private static final Log log = LogFactory.getLog(RecoveryProcessor.class);
    private static final String USER_STORE_DOMAIN = "userstore-domain";
    private static final String USER_NAME = "user-name";
    private static final String TENANT_DOMAIN = "tenant-domain";
    private static final String FIRST_NAME = "first-name";
    private static final String CONFIRMATION_CODE = "confirmation-code";
    private static final String TEMPORARY_PASSWORD = "temporary-password";
    private final String REG_DELIMITER = "___";
    private Map<String, NotificationSendingModule> modules = new HashMap();
    private NotificationSendingModule defaultModule;
    private UserRecoveryDataStore dataStore;
    private NotificationSender notificationSender;
    private ChallengeQuestionProcessor questionProcessor;

    public RecoveryProcessor() {
        List<NotificationSendingModule> notificationSendingModules = IdentityMgtConfig.getInstance().getNotificationSendingModules();
        this.defaultModule = notificationSendingModules.get(0);
        for (NotificationSendingModule notificationSendingModule : notificationSendingModules) {
            this.modules.put(notificationSendingModule.getNotificationType(), notificationSendingModule);
        }
        this.dataStore = IdentityMgtConfig.getInstance().getRecoveryDataStore();
        this.notificationSender = new NotificationSender();
        this.questionProcessor = new ChallengeQuestionProcessor();
    }

    public NotificationDataDTO recoverWithNotification(UserRecoveryDTO userRecoveryDTO) throws IdentityException {
        String str = null;
        String str2 = null;
        NotificationSendingModule notificationSendingModule = null;
        boolean z = true;
        String userId = userRecoveryDTO.getUserId();
        String tenantDomain = userRecoveryDTO.getTenantDomain();
        int tenantId = userRecoveryDTO.getTenantId();
        String extractDomainFromName = IdentityUtil.extractDomainFromName(userId);
        String removeDomainFromName = UserCoreUtil.removeDomainFromName(userId);
        try {
            Tenant tenant = IdentityMgtServiceComponent.getRealmService().getTenantManager().getTenant(tenantId);
            if (tenant != null) {
                tenantDomain = tenant.getDomain();
            }
        } catch (UserStoreException e) {
            if (log.isDebugEnabled()) {
                log.debug("No Tenant domain for tenant id " + tenantId, e);
            }
        }
        NotificationDataDTO notificationDataDTO = new NotificationDataDTO();
        if (MessageContext.getCurrentMessageContext() != null && MessageContext.getCurrentMessageContext().getProperty("TRANSPORT_HEADERS") != null) {
            notificationDataDTO.setTransportHeaders(new HashMap((Map) MessageContext.getCurrentMessageContext().getProperty("TRANSPORT_HEADERS")));
        }
        String str3 = null;
        String notificationType = userRecoveryDTO.getNotificationType();
        if (notificationType != null) {
            notificationSendingModule = this.modules.get(notificationType);
        }
        if (notificationSendingModule == null) {
            notificationSendingModule = this.defaultModule;
        }
        NotificationData notificationData = new NotificationData();
        String str4 = null;
        String emailAddressForUser = Utils.getEmailAddressForUser(userId, tenantId);
        String claimFromUserStoreManager = Utils.getClaimFromUserStoreManager(userId, tenantId, "http://wso2.org/claims/givenname");
        notificationData.setTagData(FIRST_NAME, claimFromUserStoreManager);
        notificationData.setTagData(USER_STORE_DOMAIN, extractDomainFromName);
        notificationData.setTagData(USER_NAME, removeDomainFromName);
        notificationData.setTagData(TENANT_DOMAIN, tenantDomain);
        if (emailAddressForUser == null || emailAddressForUser.trim().length() < 0) {
            throw IdentityException.error("Notification sending failure. Notification address is not defined for user : " + userId);
        }
        notificationData.setSendTo(emailAddressForUser);
        if (log.isDebugEnabled()) {
            log.debug("Building notification with data - First name: " + claimFromUserStoreManager + " User name: " + userId + " Send To: " + emailAddressForUser);
        }
        try {
            Config loadConfiguration = ConfigBuilder.getInstance().loadConfiguration(ConfigType.EMAIL, StorageType.REGISTRY, tenantId);
            if (userRecoveryDTO.getNotification() != null) {
                str4 = loadConfiguration.getProperty(userRecoveryDTO.getNotification().trim());
                String trim = userRecoveryDTO.getNotification().trim();
                notificationDataDTO.setNotification(trim);
                if (IdentityMgtConstants.Notification.PASSWORD_RESET_RECOVERY.equals(trim)) {
                    str3 = generateUserCode(2, userId);
                    try {
                        str2 = getUserExternalCodeStr(str3);
                        str = UUIDGenerator.generateUUID();
                        notificationData.setTagData(CONFIRMATION_CODE, str2);
                        str4 = loadConfiguration.getProperty(IdentityMgtConstants.Notification.PASSWORD_RESET_RECOVERY);
                    } catch (Exception e2) {
                        throw IdentityException.error("Error while getting user's external code string.", e2);
                    }
                } else if (IdentityMgtConstants.Notification.ACCOUNT_CONFORM.equals(trim)) {
                    str2 = UUIDGenerator.generateUUID();
                    str = UUIDGenerator.generateUUID();
                    notificationData.setTagData(CONFIRMATION_CODE, str2);
                    str4 = loadConfiguration.getProperty(IdentityMgtConstants.Notification.ACCOUNT_CONFORM);
                } else if (IdentityMgtConstants.Notification.TEMPORARY_PASSWORD.equals(trim)) {
                    String temporaryPassword = userRecoveryDTO.getTemporaryPassword();
                    if (temporaryPassword == null || temporaryPassword.trim().length() < 1) {
                        temporaryPassword = new String(IdentityMgtConfig.getInstance().getPasswordGenerator().generatePassword());
                    }
                    Utils.updatePassword(userId, tenantId, temporaryPassword);
                    notificationData.setTagData(TEMPORARY_PASSWORD, temporaryPassword);
                    str4 = loadConfiguration.getProperty(IdentityMgtConstants.Notification.TEMPORARY_PASSWORD);
                    z = false;
                } else if (IdentityMgtConstants.Notification.ACCOUNT_UNLOCK.equals(trim)) {
                    str4 = loadConfiguration.getProperty(IdentityMgtConstants.Notification.ACCOUNT_UNLOCK);
                    z = false;
                } else if (IdentityMgtConstants.Notification.ACCOUNT_ID_RECOVERY.equals(trim)) {
                    str4 = loadConfiguration.getProperty(IdentityMgtConstants.Notification.ACCOUNT_ID_RECOVERY);
                    z = false;
                } else if (IdentityMgtConstants.Notification.ASK_PASSWORD.equals(trim)) {
                    if (claimFromUserStoreManager == null || claimFromUserStoreManager.isEmpty()) {
                        notificationData.setTagData(FIRST_NAME, userId);
                    }
                    str3 = generateUserCode(2, userId);
                    try {
                        str2 = getUserExternalCodeStr(str3);
                        str = UUIDGenerator.generateUUID();
                        notificationData.setTagData(CONFIRMATION_CODE, str2);
                        str4 = loadConfiguration.getProperty(IdentityMgtConstants.Notification.ASK_PASSWORD);
                    } catch (Exception e3) {
                        throw IdentityException.error("Error while with recovering with password.", e3);
                    }
                }
                if (log.isDebugEnabled()) {
                    log.debug("Notification type: " + trim);
                }
            }
            try {
                Notification createNotification = NotificationBuilder.createNotification("EMAIL", str4, notificationData);
                notificationDataDTO.setNotificationAddress(emailAddressForUser);
                notificationDataDTO.setUserId(userId);
                notificationDataDTO.setDomainName(tenantDomain);
                notificationDataDTO.setNotificationType(userRecoveryDTO.getNotificationType());
                if (z) {
                    UserRecoveryDataDO userRecoveryDataDO = new UserRecoveryDataDO(userId, tenantId, str3, str);
                    this.dataStore.invalidate(userId, tenantId);
                    this.dataStore.store(userRecoveryDataDO);
                }
                if (IdentityMgtConfig.getInstance().isNotificationInternallyManaged()) {
                    notificationSendingModule.setNotificationData(notificationDataDTO);
                    notificationSendingModule.setNotification(createNotification);
                    this.notificationSender.sendNotification(notificationSendingModule);
                    notificationDataDTO.setNotificationSent(true);
                } else {
                    notificationDataDTO.setNotificationSent(false);
                    notificationDataDTO.setNotificationCode(str2);
                }
                return notificationDataDTO;
            } catch (Exception e4) {
                throw IdentityException.error("Error when creating notification for user : " + userId, e4);
            }
        } catch (Exception e5) {
            throw IdentityException.error("Error while loading email templates for user : " + userId, e5);
        }
    }

    public VerificationBean verifyConfirmationKey(String str) {
        try {
            UserRecoveryDataDO load = this.dataStore.load(str);
            this.dataStore.invalidate(load);
            return load == null ? new VerificationBean("18001") : !load.isValid() ? new VerificationBean("18002") : new VerificationBean(true);
        } catch (IdentityException e) {
            log.error("Invalid User for confirmation code", e);
            return new VerificationBean("18003");
        }
    }

    public VerificationBean verifyConfirmationCode(int i, String str, String str2) throws IdentityException {
        try {
            UserRecoveryDataDO load = this.dataStore.load(getUserInternalCodeStr(i, str, str2));
            if (load != null && i != 2 && i != 40) {
                this.dataStore.invalidate(load);
            }
            if (load == null && (i == 30 || i == 20)) {
                return new VerificationBean(false);
            }
            if (load == null) {
                throw IdentityException.error("Invalid confirmation code");
            }
            if (load.isValid()) {
                return new VerificationBean(true);
            }
            throw IdentityException.error("Expired code");
        } catch (IdentityException e) {
            throw IdentityException.error("Error loading recovery data for user : " + str, e);
        }
    }

    public VerificationBean updateConfirmationCode(int i, String str, int i2) throws IdentityException {
        String generateUserCode = generateUserCode(i, str);
        UserRecoveryDataDO userRecoveryDataDO = new UserRecoveryDataDO(str, i2, generateUserCode, UUIDGenerator.generateUUID());
        if (i != 3 && i != 30) {
            this.dataStore.invalidate(str, i2);
        }
        this.dataStore.store(userRecoveryDataDO);
        try {
            return new VerificationBean(str, getUserExternalCodeStr(generateUserCode));
        } catch (Exception e) {
            throw IdentityException.error(IdentityMgtConstants.ErrorHandling.EXTERNAL_CODE + str, e);
        }
    }

    public VerificationBean verifyUserForRecovery(int i, UserDTO userDTO) {
        String userId = userDTO.getUserId();
        int tenantId = userDTO.getTenantId();
        boolean z = false;
        VerificationBean verificationBean = null;
        try {
            UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
            if (!userStoreManager.isExistingUser(userId)) {
                log.error("User with user name : " + userId + " does not exists in tenant domain : " + userDTO.getTenantDomain());
                verificationBean = new VerificationBean("18003 User does not exists");
            } else if (!IdentityMgtConfig.getInstance().isAuthPolicyAccountLockCheck()) {
                z = true;
            } else if (!Boolean.parseBoolean(userStoreManager.getUserClaimValue(userId, UserIdentityDataStore.ACCOUNT_LOCK, (String) null))) {
                z = true;
            }
            if (z) {
                String generateUserCode = generateUserCode(i, userId);
                UserRecoveryDataDO userRecoveryDataDO = new UserRecoveryDataDO(userId, tenantId, generateUserCode, UUID.randomUUID().toString());
                if (i != 3) {
                    this.dataStore.invalidate(userId, tenantId);
                }
                this.dataStore.store(userRecoveryDataDO);
                log.info("User verification successful for user : " + userId + " from tenant domain :" + userDTO.getTenantDomain());
                verificationBean = new VerificationBean(userId, getUserExternalCodeStr(generateUserCode));
            }
        } catch (Exception e) {
            String str = "Error verifying user : " + userId;
            log.error(str, e);
            verificationBean = new VerificationBean("18013 " + str);
        }
        if (verificationBean == null) {
            verificationBean = new VerificationBean("18013");
        }
        return verificationBean;
    }

    public void createConfirmationCode(UserDTO userDTO, String str) throws IdentityException {
        UserRecoveryDataDO userRecoveryDataDO = new UserRecoveryDataDO(userDTO.getUserId(), userDTO.getTenantId(), UUID.randomUUID().toString(), str);
        this.dataStore.invalidate(userDTO.getUserId(), userDTO.getTenantId());
        this.dataStore.store(userRecoveryDataDO);
    }

    public ChallengeQuestionProcessor getQuestionProcessor() {
        return this.questionProcessor;
    }

    public NotificationDataDTO notifyWithEmail(UserRecoveryDTO userRecoveryDTO) throws IdentityException {
        NotificationSendingModule notificationSendingModule = null;
        String userId = userRecoveryDTO.getUserId();
        String tenantDomain = userRecoveryDTO.getTenantDomain();
        int tenantId = userRecoveryDTO.getTenantId();
        String confirmationCode = userRecoveryDTO.getConfirmationCode();
        String extractDomainFromName = IdentityUtil.extractDomainFromName(userId);
        String removeDomainFromName = UserCoreUtil.removeDomainFromName(userId);
        NotificationDataDTO notificationDataDTO = new NotificationDataDTO();
        if (MessageContext.getCurrentMessageContext() != null && MessageContext.getCurrentMessageContext().getProperty("TRANSPORT_HEADERS") != null) {
            notificationDataDTO.setTransportHeaders(new HashMap((Map) MessageContext.getCurrentMessageContext().getProperty("TRANSPORT_HEADERS")));
        }
        String notificationType = userRecoveryDTO.getNotificationType();
        if (notificationType != null) {
            notificationSendingModule = this.modules.get(notificationType);
        }
        if (notificationSendingModule == null) {
            notificationSendingModule = this.defaultModule;
        }
        NotificationData notificationData = new NotificationData();
        String str = null;
        String notificationAddress = notificationSendingModule.getNotificationAddress(userId, tenantId);
        if (notificationAddress == null || notificationAddress.trim().length() < 0) {
            log.warn("Notification address is not defined for user " + userId);
        }
        notificationData.setTagData(FIRST_NAME, Utils.getClaimFromUserStoreManager(userId, tenantId, "http://wso2.org/claims/givenname"));
        notificationData.setTagData(USER_STORE_DOMAIN, extractDomainFromName);
        notificationData.setTagData(USER_NAME, removeDomainFromName);
        notificationData.setTagData(TENANT_DOMAIN, tenantDomain);
        notificationData.setSendTo(notificationAddress);
        try {
            Config loadConfiguration = ConfigBuilder.getInstance().loadConfiguration(ConfigType.EMAIL, StorageType.REGISTRY, tenantId);
            if (userRecoveryDTO.getNotification() != null) {
                str = loadConfiguration.getProperty(userRecoveryDTO.getNotification().trim());
                String trim = userRecoveryDTO.getNotification().trim();
                notificationDataDTO.setNotification(trim);
                if (IdentityMgtConstants.Notification.PASSWORD_RESET_RECOVERY.equals(trim)) {
                    notificationDataDTO.setNotificationCode(confirmationCode);
                    notificationData.setTagData(CONFIRMATION_CODE, confirmationCode);
                    str = loadConfiguration.getProperty(IdentityMgtConstants.Notification.PASSWORD_RESET_RECOVERY);
                } else if (IdentityMgtConstants.Notification.ACCOUNT_CONFORM.equals(trim)) {
                    notificationDataDTO.setNotificationCode(confirmationCode);
                    notificationData.setTagData(CONFIRMATION_CODE, confirmationCode);
                    str = loadConfiguration.getProperty(IdentityMgtConstants.Notification.ACCOUNT_CONFORM);
                } else if (IdentityMgtConstants.Notification.TEMPORARY_PASSWORD.equals(trim)) {
                    String temporaryPassword = userRecoveryDTO.getTemporaryPassword();
                    notificationDataDTO.setNotificationCode(temporaryPassword);
                    notificationData.setTagData(TEMPORARY_PASSWORD, temporaryPassword);
                    str = loadConfiguration.getProperty(IdentityMgtConstants.Notification.TEMPORARY_PASSWORD);
                } else if (IdentityMgtConstants.Notification.ACCOUNT_UNLOCK.equals(trim)) {
                    str = loadConfiguration.getProperty(IdentityMgtConstants.Notification.ACCOUNT_UNLOCK);
                    notificationDataDTO.setNotificationCode(userId);
                } else if (IdentityMgtConstants.Notification.ACCOUNT_ID_RECOVERY.equals(trim)) {
                    str = loadConfiguration.getProperty(IdentityMgtConstants.Notification.ACCOUNT_ID_RECOVERY);
                    notificationDataDTO.setNotificationCode(userId);
                } else if (IdentityMgtConstants.Notification.ASK_PASSWORD.equals(trim)) {
                    notificationDataDTO.setNotificationCode(confirmationCode);
                    str = loadConfiguration.getProperty(IdentityMgtConstants.Notification.ASK_PASSWORD);
                    notificationData.setTagData(CONFIRMATION_CODE, confirmationCode);
                }
            }
            try {
                Notification createNotification = NotificationBuilder.createNotification("EMAIL", str, notificationData);
                notificationDataDTO.setNotificationAddress(notificationAddress);
                notificationDataDTO.setUserId(userId);
                notificationDataDTO.setDomainName(tenantDomain);
                notificationDataDTO.setNotificationType(userRecoveryDTO.getNotificationType());
                if (IdentityMgtConfig.getInstance().isNotificationInternallyManaged()) {
                    notificationSendingModule.setNotificationData(notificationDataDTO);
                    notificationSendingModule.setNotification(createNotification);
                    this.notificationSender.sendNotification(notificationSendingModule);
                    notificationDataDTO.setNotificationSent(true);
                } else {
                    notificationDataDTO.setNotificationSent(false);
                    notificationDataDTO.setNotificationCode(confirmationCode);
                }
                return notificationDataDTO;
            } catch (Exception e) {
                throw IdentityException.error("Error occurred while creating notification from email template : " + str, e);
            }
        } catch (Exception e2) {
            throw IdentityException.error(IdentityMgtConstants.ErrorHandling.ERROR_LOADING_EMAIL_TEMP + userId, e2);
        }
    }

    private String generateUserCode(int i, String str) {
        String str2 = null;
        if (str != null) {
            str2 = i + "___" + stripSpecialChars(str) + "___" + UUID.randomUUID().toString();
        }
        return str2;
    }

    private String getUserInternalCodeStr(int i, String str, String str2) {
        String str3 = null;
        if (str != null && str2 != null) {
            str3 = i + "___" + stripSpecialChars(str) + "___" + str2;
        }
        return str3;
    }

    private String getUserExternalCodeStr(String str) throws IdentityMgtServiceException {
        if (str == null) {
            throw new IdentityMgtServiceException("Code not found");
        }
        String[] split = str.split("_{3}", 3);
        if (split.length == 3) {
            return split[2];
        }
        throw new IdentityMgtServiceException("Invalid code");
    }

    private String stripSpecialChars(String str) {
        StringBuilder sb = new StringBuilder();
        if (str != null) {
            for (char c : str.toCharArray()) {
                switch (c) {
                    case '!':
                    case '\"':
                    case '#':
                    case '$':
                    case '%':
                    case '\'':
                    case '(':
                    case ')':
                    case '*':
                    case '+':
                    case ',':
                    case ';':
                    case '<':
                    case '=':
                    case '>':
                    case '@':
                    case '\\':
                    case '^':
                    case '{':
                    case '|':
                    case '}':
                    case '~':
                        sb.append('z');
                        break;
                    case '&':
                    case '-':
                    case '.':
                    case '/':
                    case '0':
                    case '1':
                    case '2':
                    case '3':
                    case '4':
                    case '5':
                    case '6':
                    case '7':
                    case '8':
                    case '9':
                    case ':':
                    case '?':
                    case 'A':
                    case 'B':
                    case 'C':
                    case 'D':
                    case 'E':
                    case 'F':
                    case 'G':
                    case 'H':
                    case 'I':
                    case 'J':
                    case 'K':
                    case 'L':
                    case 'M':
                    case 'N':
                    case 'O':
                    case 'P':
                    case 'Q':
                    case 'R':
                    case 'S':
                    case 'T':
                    case 'U':
                    case 'V':
                    case 'W':
                    case 'X':
                    case 'Y':
                    case 'Z':
                    case '[':
                    case ']':
                    case '_':
                    case '`':
                    case 'a':
                    case 'b':
                    case 'c':
                    case 'd':
                    case 'e':
                    case 'f':
                    case 'g':
                    case 'h':
                    case 'i':
                    case 'j':
                    case 'k':
                    case 'l':
                    case 'm':
                    case 'n':
                    case 'o':
                    case 'p':
                    case 'q':
                    case 'r':
                    case 's':
                    case 't':
                    case 'u':
                    case 'v':
                    case 'w':
                    case 'x':
                    case 'y':
                    case 'z':
                    default:
                        sb.append(c);
                        break;
                }
            }
        }
        return sb.toString();
    }
}
