package org.wso2.carbon.identity.mgt;

import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.AbstractIdentityUserOperationEventListener;
import org.wso2.carbon.identity.core.model.IdentityErrorMsgContext;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.mgt.beans.UserIdentityMgtBean;
import org.wso2.carbon.identity.mgt.beans.VerificationBean;
import org.wso2.carbon.identity.mgt.config.ConfigBuilder;
import org.wso2.carbon.identity.mgt.config.ConfigType;
import org.wso2.carbon.identity.mgt.config.StorageType;
import org.wso2.carbon.identity.mgt.constants.IdentityMgtConstants;
import org.wso2.carbon.identity.mgt.dto.NotificationDataDTO;
import org.wso2.carbon.identity.mgt.dto.UserDTO;
import org.wso2.carbon.identity.mgt.dto.UserIdentityClaimsDO;
import org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO;
import org.wso2.carbon.identity.mgt.dto.UserRecoveryDataDO;
import org.wso2.carbon.identity.mgt.internal.IdentityMgtServiceComponent;
import org.wso2.carbon.identity.mgt.mail.Notification;
import org.wso2.carbon.identity.mgt.mail.NotificationBuilder;
import org.wso2.carbon.identity.mgt.mail.NotificationData;
import org.wso2.carbon.identity.mgt.policy.PolicyRegistry;
import org.wso2.carbon.identity.mgt.policy.PolicyViolationException;
import org.wso2.carbon.identity.mgt.store.UserIdentityDataStore;
import org.wso2.carbon.identity.mgt.util.UserIdentityManagementUtil;
import org.wso2.carbon.identity.mgt.util.Utils;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/mgt/IdentityMgtEventListener.class */
public class IdentityMgtEventListener extends AbstractIdentityUserOperationEventListener {
    private static final Log log = LogFactory.getLog(IdentityMgtEventListener.class);
    private static final String EMPTY_PASSWORD_USED = "EmptyPasswordUsed";
    private static final String USER_IDENTITY_DO = "UserIdentityDO";
    private static final String EMAIL_NOTIFICATION_TYPE = "EMAIL";
    private static final String UNLOCK_ADMIN_SYS_PROP = "unlockAdmin";
    private static final String PASSWORD_INVALID = "PasswordInvalid";
    PolicyRegistry policyRegistry;
    private static final String DO_PRE_AUTHENTICATE = "doPreAuthenticate";
    private static final String DO_POST_AUTHENTICATE = "doPostAuthenticate";
    private static final String DO_POST_ADD_USER = "doPostAddUser";
    private static final String DO_PRE_SET_USER_CLAIM_VALUE = "doPreSetUserClaimValue";
    private static final String DO_PRE_SET_USER_CLAIM_VALUES = "doPreSetUserClaimValues";
    private static final String DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN = "doPreUpdateCredentialByAdmin";
    private static final String DO_PRE_UPDATE_CREDENTIAL = "doPreUpdateCredential";
    private static final String DO_POST_UPDATE_CREDENTIAL = "doPostUpdateCredential";
    private static final String ASK_PASSWORD_FEATURE_IS_DISABLED = "Ask Password Feature is disabled";
    private IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
    private UserIdentityDataStore module = IdentityMgtConfig.getInstance().getIdentityDataStore();

    public IdentityMgtEventListener() {
        this.policyRegistry = null;
        this.policyRegistry = this.identityMgtConfig.getPolicyRegistry();
        String property = System.getProperty(UNLOCK_ADMIN_SYS_PROP);
        if (StringUtils.isNotBlank(property) && Boolean.parseBoolean(property)) {
            log.info("unlockAdmin system property is defined. Hence unlocking admin account");
            unlockAdmin();
        }
    }

    private void unlockAdmin() {
        String adminUserName = IdentityMgtServiceComponent.getRealmService().getBootstrapRealmConfiguration().getAdminUserName();
        try {
            if (isEnable()) {
                UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getBootstrapRealm().getUserStoreManager();
                HashMap hashMap = new HashMap();
                hashMap.put(UserIdentityDataStore.ACCOUNT_LOCK, Boolean.toString(false));
                hashMap.put(UserIdentityDataStore.ACCOUNT_DISABLED, Boolean.toString(false));
                doPreSetUserClaimValues(adminUserName, hashMap, null, userStoreManager);
            }
        } catch (UserStoreException e) {
            log.error("Error while unlocking admin account", e);
        }
    }

    public int getExecutionOrderId() {
        int orderId = getOrderId();
        if (orderId != -1) {
            return orderId;
        }
        return 50;
    }

    public boolean doPreAuthenticate(String str, Object obj, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        try {
            if (!((Map) IdentityUtil.threadLocalProperties.get()).containsKey(DO_PRE_AUTHENTICATE)) {
                ((Map) IdentityUtil.threadLocalProperties.get()).put(DO_PRE_AUTHENTICATE, true);
                if (log.isDebugEnabled()) {
                    log.debug("Pre authenticator is called in IdentityMgtEventListener");
                }
                IdentityUtil.clearIdentityErrorMsg();
                IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
                if (!identityMgtConfig.isEnableAuthPolicy()) {
                    ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_AUTHENTICATE);
                    return true;
                }
                if (userStoreManager.isExistingUser(UserCoreUtil.addDomainToName(str, userStoreManager.getRealmConfiguration().getUserStoreProperty("DomainName")))) {
                    UserIdentityClaimsDO load = this.module.load(str, userStoreManager);
                    if (load == null) {
                        ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_AUTHENTICATE);
                        return true;
                    }
                    if (load.isAccountDisabled().booleanValue()) {
                        IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext(" User account is disabled"));
                        String str2 = "User account is disabled for user : " + str;
                        log.warn(str2);
                        throw new UserStoreException("17004 " + str2);
                    }
                    if (load.isAccountLocked()) {
                        if (load.getUnlockTime() == 0 || System.currentTimeMillis() < load.getUnlockTime()) {
                            IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext(VerificationBean.ERROR_CODE_DISABLED_ACCOUNT, load.getFailAttempts(), identityMgtConfig.getAuthPolicyMaxLoginAttempts()));
                            String str3 = "User account is locked for user : " + str + ". cannot login until the account is unlocked ";
                            log.warn(str3);
                            throw new UserStoreException("17003 " + str3);
                        }
                        load.setAccountLock(false);
                        load.setUnlockTime(0L);
                        try {
                            this.module.store(load, userStoreManager);
                        } catch (IdentityException e) {
                            throw new UserStoreException("Error while saving user store data for user : " + str, e);
                        }
                    }
                } else {
                    IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext("17001"));
                    if (log.isDebugEnabled()) {
                        log.debug("Username :" + str + "does not exists in the system, ErrorCode :17001");
                    }
                    if (identityMgtConfig.isAuthPolicyAccountExistCheck()) {
                        throw new UserStoreException("17001");
                    }
                }
            }
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_AUTHENTICATE);
            return true;
        } catch (Throwable th) {
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_AUTHENTICATE);
            throw th;
        }
    }

    public boolean doPostAuthenticate(String str, boolean z, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        String userStoreProperty = userStoreManager.getRealmConfiguration().getUserStoreProperty("DomainName");
        boolean isExistingUser = userStoreManager.isExistingUser(IdentityUtil.addDomainToName(str, userStoreProperty));
        if (z && isExistingUser && isExistingUser) {
            HashMap hashMap = new HashMap();
            hashMap.put(IdentityMgtConstants.LAST_LOGIN_TIME, Long.toString(System.currentTimeMillis()));
            userStoreManager.setUserClaimValues(str, hashMap, (String) null);
        }
        try {
            if (!((Map) IdentityUtil.threadLocalProperties.get()).containsKey(DO_POST_AUTHENTICATE)) {
                ((Map) IdentityUtil.threadLocalProperties.get()).put(DO_POST_AUTHENTICATE, true);
                if (log.isDebugEnabled()) {
                    log.debug("Post authenticator is called in IdentityMgtEventListener");
                }
                IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
                if (!identityMgtConfig.isEnableAuthPolicy()) {
                    ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_POST_AUTHENTICATE);
                    return true;
                }
                UserIdentityClaimsDO load = this.module.load(str, userStoreManager);
                if (load == null) {
                    load = new UserIdentityClaimsDO(str);
                }
                boolean oneTimeLogin = load.getOneTimeLogin();
                if (z && identityMgtConfig.isAuthPolicyOneTimePasswordCheck() && !userStoreManager.isReadOnly() && oneTimeLogin) {
                    String str2 = new String(UserIdentityManagementUtil.generateTemporaryPassword());
                    userStoreManager.updateCredentialByAdmin(str, str2);
                    String userClaimValue = userStoreManager.getUserClaimValue(str, "http://wso2.org/claims/emailaddress", (String) null);
                    if (StringUtils.isBlank(userClaimValue)) {
                        throw new UserStoreException("No user email provided for user : " + str);
                    }
                    List<NotificationSendingModule> notificationSendingModules = identityMgtConfig.getNotificationSendingModules();
                    if (notificationSendingModules == null) {
                        throw new UserStoreException("No notification modules configured");
                    }
                    NotificationDataDTO notificationDataDTO = new NotificationDataDTO();
                    if (MessageContext.getCurrentMessageContext() != null && MessageContext.getCurrentMessageContext().getProperty("TRANSPORT_HEADERS") != null) {
                        notificationDataDTO.setTransportHeaders(new HashMap((Map) MessageContext.getCurrentMessageContext().getProperty("TRANSPORT_HEADERS")));
                    }
                    NotificationData notificationData = new NotificationData();
                    int tenantId = userStoreManager.getTenantId();
                    String userStoreProperty2 = userStoreManager.getRealmConfiguration().getUserStoreProperty("DomainName");
                    try {
                        String claimFromUserStoreManager = Utils.getClaimFromUserStoreManager(UserCoreUtil.addDomainToName(str, userStoreProperty2), tenantId, "http://wso2.org/claims/givenname");
                        String tenantDomain = IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId());
                        notificationData.setTagData("first-name", claimFromUserStoreManager);
                        notificationData.setTagData("user-name", str);
                        notificationData.setTagData("otp-password", str2);
                        notificationData.setTagData("userstore-domain", userStoreProperty2);
                        notificationData.setTagData("tenant-domain", tenantDomain);
                        notificationData.setSendTo(userClaimValue);
                        try {
                            String property = ConfigBuilder.getInstance().loadConfiguration(ConfigType.EMAIL, StorageType.REGISTRY, tenantId).getProperty(IdentityMgtConstants.Notification.OTP_PASSWORD);
                            try {
                                Notification createNotification = NotificationBuilder.createNotification(EMAIL_NOTIFICATION_TYPE, property, notificationData);
                                NotificationSender notificationSender = new NotificationSender();
                                for (NotificationSendingModule notificationSendingModule : notificationSendingModules) {
                                    if (IdentityMgtConfig.getInstance().isNotificationInternallyManaged()) {
                                        notificationSendingModule.setNotificationData(notificationDataDTO);
                                        notificationSendingModule.setNotification(createNotification);
                                        notificationSender.sendNotification(notificationSendingModule);
                                        notificationDataDTO.setNotificationSent(true);
                                    }
                                }
                            } catch (Exception e) {
                                throw new UserStoreException("Could not create the email notification for template: " + property, e);
                            }
                        } catch (Exception e2) {
                            throw new UserStoreException("Could not load the email template configuration for user : " + str, e2);
                        }
                    } catch (IdentityException e3) {
                        throw new UserStoreException("Could not load user given name", e3);
                    }
                }
                if (!z || !identityMgtConfig.isAuthPolicyExpirePasswordCheck() || oneTimeLogin || !userStoreManager.isReadOnly()) {
                }
                if (z || !identityMgtConfig.isAuthPolicyAccountLockOnFailure()) {
                    if (load.isAccountLocked() || load.getFailAttempts() > 0 || load.getAccountLock()) {
                        load.setAccountLock(false);
                        load.setFailAttempts(0);
                        load.setUnlockTime(0L);
                        try {
                            this.module.store(load, userStoreManager);
                        } catch (IdentityException e4) {
                            throw new UserStoreException("Error while saving user store data for user : " + str, e4);
                        }
                    }
                } else if (isExistingUser) {
                    load.setFailAttempts();
                    if (load.getFailAttempts() >= identityMgtConfig.getAuthPolicyMaxLoginAttempts()) {
                        log.info("User, " + str + " has exceed the max failed login attempts. User account would be locked");
                        IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext(VerificationBean.ERROR_CODE_DISABLED_ACCOUNT, load.getFailAttempts(), identityMgtConfig.getAuthPolicyMaxLoginAttempts()));
                        if (log.isDebugEnabled()) {
                            log.debug("Username :" + str + "Exceeded the maximum login attempts. User locked, ErrorCode :" + VerificationBean.ERROR_CODE_DISABLED_ACCOUNT);
                        }
                        load.setAccountLock(true);
                        load.setFailAttempts(0);
                        if (IdentityMgtConfig.getInstance().getAuthPolicyLockingTime() != 0) {
                            load.setUnlockTime(System.currentTimeMillis() + (r0 * 60 * 1000));
                        }
                    } else {
                        IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext(VerificationBean.ERROR_CODE_INVALID_CREDENTIALS, load.getFailAttempts(), identityMgtConfig.getAuthPolicyMaxLoginAttempts()));
                        if (log.isDebugEnabled()) {
                            log.debug("Username :" + str + "Invalid Credential, ErrorCode :" + VerificationBean.ERROR_CODE_INVALID_CREDENTIALS);
                        }
                    }
                    try {
                        this.module.store(load, userStoreManager);
                    } catch (IdentityException e5) {
                        throw new UserStoreException("Error while saving user store data for user : " + str, e5);
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("User, " + str + " is not exists in " + userStoreProperty);
                }
            }
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_POST_AUTHENTICATE);
            return true;
        } catch (Throwable th) {
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_POST_AUTHENTICATE);
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r15v0, types: [java.lang.Throwable, org.wso2.carbon.identity.mgt.policy.PolicyViolationException] */
    public boolean doPreAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            if (obj != null && !StringUtils.isBlank(obj.toString())) {
                return true;
            }
            log.error("Identity Management listener is disabled");
            throw new UserStoreException("PasswordInvalidAsk Password Feature is disabled");
        }
        if (log.isDebugEnabled()) {
            log.debug("Pre add user is called in IdentityMgtEventListener");
        }
        IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
        if (obj != null) {
            try {
                if ((obj instanceof StringBuffer) && obj.toString().trim().length() > 0) {
                    this.policyRegistry.enforcePasswordPolicies(obj.toString(), str);
                }
            } catch (PolicyViolationException e) {
                throw new UserStoreException(e.getMessage(), (Throwable) e);
            }
        }
        if (obj == null || ((obj instanceof StringBuffer) && obj.toString().trim().length() < 1)) {
            if (!identityMgtConfig.isEnableTemporaryPassword()) {
                log.error("Temporary password property is disabled");
                throw new UserStoreException(ASK_PASSWORD_FEATURE_IS_DISABLED);
            }
            if (log.isDebugEnabled()) {
                log.debug("Credentials are null. Using a temporary password as credentials");
            }
            ((Map) IdentityUtil.threadLocalProperties.get()).put(EMPTY_PASSWORD_USED, true);
            char[] generateTemporaryPassword = UserIdentityManagementUtil.generateTemporaryPassword();
            ((StringBuffer) obj).replace(0, generateTemporaryPassword.length, new String(generateTemporaryPassword));
        }
        HashMap hashMap = new HashMap();
        Iterator<Map.Entry<String, String>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<String, String> next = it.next();
            if (next.getKey().contains("http://wso2.org/claims/identity/challengeQuestion") || next.getKey().contains("http://wso2.org/claims/identity")) {
                hashMap.put(next.getKey(), next.getValue());
                it.remove();
            }
        }
        ((Map) IdentityUtil.threadLocalProperties.get()).put(USER_IDENTITY_DO, new UserIdentityClaimsDO(str, hashMap));
        return true;
    }

    public boolean doPostAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        try {
        } catch (Throwable th) {
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_POST_ADD_USER);
            throw th;
        }
        if (!((Map) IdentityUtil.threadLocalProperties.get()).containsKey(DO_POST_ADD_USER)) {
            ((Map) IdentityUtil.threadLocalProperties.get()).put(DO_POST_ADD_USER, true);
            if (log.isDebugEnabled()) {
                log.debug("Post add user is called in IdentityMgtEventListener");
            }
            IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
            UserIdentityClaimsDO userIdentityClaimsDO = (UserIdentityClaimsDO) ((Map) IdentityUtil.threadLocalProperties.get()).get(USER_IDENTITY_DO);
            if (identityMgtConfig.isEnableUserAccountVerification() && ((Map) IdentityUtil.threadLocalProperties.get()).containsKey(EMPTY_PASSWORD_USED)) {
                String userStoreProperty = userStoreManager.getRealmConfiguration().getUserStoreProperty("DomainName");
                if (!"PRIMARY".equals(userStoreProperty)) {
                    str = userStoreProperty + "/" + str;
                }
                userIdentityClaimsDO.setAccountLock(false);
                try {
                    this.module.store(userIdentityClaimsDO, userStoreManager);
                    new UserRecoveryDataDO().setUserName(str).setTenantId(userStoreManager.getTenantId()).setCode((String) obj);
                    RecoveryProcessor recoveryProcessor = new RecoveryProcessor();
                    try {
                        VerificationBean updateConfirmationCode = recoveryProcessor.updateConfirmationCode(1, str, userStoreManager.getTenantId());
                        new UserIdentityMgtBean().setUserId(str).setConfirmationCode(updateConfirmationCode.getKey()).setRecoveryType(IdentityMgtConstants.Notification.TEMPORARY_PASSWORD).setEmail(map.get(identityMgtConfig.getAccountRecoveryClaim()));
                        UserRecoveryDTO userRecoveryDTO = new UserRecoveryDTO(str);
                        userRecoveryDTO.setNotification(IdentityMgtConstants.Notification.ASK_PASSWORD);
                        userRecoveryDTO.setNotificationType(EMAIL_NOTIFICATION_TYPE);
                        userRecoveryDTO.setTenantId(userStoreManager.getTenantId());
                        userRecoveryDTO.setConfirmationCode(updateConfirmationCode.getKey());
                        try {
                            NotificationDataDTO recoverWithNotification = recoveryProcessor.recoverWithNotification(userRecoveryDTO);
                            boolean z = recoverWithNotification != null && recoverWithNotification.isNotificationSent();
                            ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_POST_ADD_USER);
                            return z;
                        } catch (IdentityException e) {
                            userStoreManager.deleteUser(str);
                            throw new UserStoreException("Error while sending notification for user : " + str, e);
                        }
                    } catch (IdentityException e2) {
                        userStoreManager.deleteUser(str);
                        throw new UserStoreException("Error while updating confirmation code for user : " + str, e2);
                    }
                } catch (IdentityException e3) {
                    userStoreManager.deleteUser(str);
                    throw new UserStoreException("Error while saving user store for user : " + str, e3);
                }
            }
            if (identityMgtConfig.isAuthPolicyAccountLockOnCreation()) {
                userIdentityClaimsDO.setAccountLock(true);
                try {
                    identityMgtConfig.getIdentityDataStore().store(userIdentityClaimsDO, userStoreManager);
                } catch (IdentityException e4) {
                    userStoreManager.deleteUser(str);
                    throw new UserStoreException("Error while saving user store data for user : " + str, e4);
                }
            }
            if (!identityMgtConfig.isEnableUserAccountVerification() && !identityMgtConfig.isAuthPolicyAccountLockOnCreation() && userIdentityClaimsDO != null) {
                try {
                    if (log.isDebugEnabled()) {
                        log.debug("Storing identity-mgt claims since they are available in the addUser request");
                    }
                    this.module.store(userIdentityClaimsDO, userStoreManager);
                } catch (IdentityException e5) {
                    userStoreManager.deleteUser(str);
                    throw new UserStoreException("Error while saving user store data for user : " + str, e5);
                }
            }
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_POST_ADD_USER);
            throw th;
        }
        ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_POST_ADD_USER);
        return true;
    }

    /* JADX WARN: Type inference failed for: r15v0, types: [java.lang.Throwable, org.wso2.carbon.identity.mgt.policy.PolicyViolationException] */
    public boolean doPreUpdateCredential(String str, Object obj, Object obj2, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        if (log.isDebugEnabled()) {
            log.debug("Pre update credential is called in IdentityMgtEventListener");
        }
        try {
            if (!((Map) IdentityUtil.threadLocalProperties.get()).containsKey(DO_PRE_UPDATE_CREDENTIAL)) {
                ((Map) IdentityUtil.threadLocalProperties.get()).put(DO_PRE_UPDATE_CREDENTIAL, true);
                IdentityMgtConfig.getInstance();
                UserIdentityClaimsDO load = IdentityMgtConfig.getInstance().getIdentityDataStore().load(str, userStoreManager);
                boolean booleanValue = load.isAccountDisabled().booleanValue();
                if (booleanValue) {
                    IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext("17004"));
                }
                if (load == null) {
                    new UserIdentityClaimsDO(str);
                }
                if (booleanValue) {
                    log.warn("Trying to update credential of a disabled user account. This is not permitted.");
                    throw new UserStoreException("User account is disabled, can't update credential without enabling.");
                }
                if (obj != null) {
                    try {
                        if ((obj instanceof String) && obj.toString().trim().length() > 0) {
                            this.policyRegistry.enforcePasswordPolicies(obj.toString(), str);
                        }
                    } catch (PolicyViolationException e) {
                        throw new UserStoreException(e.getMessage(), (Throwable) e);
                    }
                }
            }
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_UPDATE_CREDENTIAL);
            return true;
        } catch (Throwable th) {
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_UPDATE_CREDENTIAL);
            throw th;
        }
    }

    public boolean doPostUpdateCredentialByAdmin(String str, Object obj, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(IdentityMgtConstants.LAST_PASSWORD_UPDATE_TIME, Long.toString(System.currentTimeMillis()));
        userStoreManager.setUserClaimValues(str, hashMap, (String) null);
        return true;
    }

    /* JADX WARN: Type inference failed for: r15v0, types: [java.lang.Throwable, org.wso2.carbon.identity.mgt.policy.PolicyViolationException] */
    public boolean doPreUpdateCredentialByAdmin(String str, Object obj, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        if (log.isDebugEnabled()) {
            log.debug("Pre update credential by admin is called in IdentityMgtEventListener");
        }
        try {
            if (!((Map) IdentityUtil.threadLocalProperties.get()).containsKey(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN)) {
                ((Map) IdentityUtil.threadLocalProperties.get()).put(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN, true);
                IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
                UserIdentityClaimsDO load = IdentityMgtConfig.getInstance().getIdentityDataStore().load(str, userStoreManager);
                boolean booleanValue = load.isAccountDisabled().booleanValue();
                if (booleanValue) {
                    IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext("17004"));
                }
                if (load == null) {
                    new UserIdentityClaimsDO(str);
                }
                if (booleanValue) {
                    log.warn("Trying to update credential of a disabled user account. This is not permitted.");
                    throw new UserStoreException("User account is disabled, can't update credential without enabling.");
                }
                if (obj != null) {
                    try {
                        if ((obj instanceof StringBuffer) && obj.toString().trim().length() > 0) {
                            this.policyRegistry.enforcePasswordPolicies(obj.toString(), str);
                        }
                    } catch (PolicyViolationException e) {
                        throw new UserStoreException(e.getMessage(), (Throwable) e);
                    }
                }
                if (obj == null || ((obj instanceof StringBuffer) && ((StringBuffer) obj).toString().trim().length() < 1)) {
                    if (!identityMgtConfig.isEnableTemporaryPassword()) {
                        log.error("Empty passwords are not allowed");
                        ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN);
                        return false;
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Credentials are null. Using a temporary password as credentials");
                    }
                    char[] generateTemporaryPassword = UserIdentityManagementUtil.generateTemporaryPassword();
                    ((StringBuffer) obj).replace(0, generateTemporaryPassword.length, new String(generateTemporaryPassword));
                    UserIdentityMgtBean userIdentityMgtBean = new UserIdentityMgtBean();
                    userIdentityMgtBean.setUserId(str);
                    userIdentityMgtBean.setConfirmationCode(obj.toString());
                    userIdentityMgtBean.setRecoveryType(IdentityMgtConstants.Notification.TEMPORARY_PASSWORD);
                    if (log.isDebugEnabled()) {
                        log.debug("Sending the temporary password to the user " + str);
                    }
                    UserIdentityManagementUtil.notifyViaEmail(userIdentityMgtBean);
                } else if (log.isDebugEnabled()) {
                    log.debug("Updating credentials of user " + str + " by admin with a non-empty password");
                }
            }
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN);
            return true;
        } catch (Throwable th) {
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN);
            throw th;
        }
    }

    public boolean doPreSetUserClaimValue(String str, String str2, String str3, String str4, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable() || StringUtils.isBlank(str2) || !str2.startsWith("http://wso2.org/claims/identity")) {
            return true;
        }
        try {
            if (((Map) IdentityUtil.threadLocalProperties.get()).containsKey(DO_PRE_SET_USER_CLAIM_VALUE)) {
                ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_SET_USER_CLAIM_VALUE);
                return true;
            }
            ((Map) IdentityUtil.threadLocalProperties.get()).put(DO_PRE_SET_USER_CLAIM_VALUE, true);
            UserIdentityDataStore identityDataStore = IdentityMgtConfig.getInstance().getIdentityDataStore();
            UserIdentityClaimsDO load = identityDataStore.load(str, userStoreManager);
            if (load == null) {
                load = new UserIdentityClaimsDO(str);
            }
            if (load.isAccountDisabled().booleanValue() && !UserIdentityDataStore.ACCOUNT_DISABLED.equals(str2)) {
                log.warn("Updating claim of a disabled user account is not permitted.");
                throw new UserStoreException("User account is disabled, can't update a claim without enabling it first.");
            }
            boolean z = false;
            String str5 = null;
            if (UserIdentityDataStore.ACCOUNT_DISABLED.equals(str2)) {
                boolean parseBoolean = Boolean.parseBoolean(str3);
                if (parseBoolean) {
                    IdentityUtil.clearIdentityErrorMsg();
                    IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext("17004"));
                }
                if (load.isAccountDisabled().booleanValue() != parseBoolean) {
                    z = true;
                    str5 = parseBoolean ? IdentityMgtConstants.Notification.ACCOUNT_DISABLE : IdentityMgtConstants.Notification.ACCOUNT_ENABLE;
                } else if (load.getUserDataMap().containsKey(UserIdentityDataStore.ACCOUNT_DISABLED)) {
                    ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_SET_USER_CLAIM_VALUE);
                    return false;
                }
            } else if (UserIdentityDataStore.ACCOUNT_LOCK.equals(str2)) {
                boolean parseBoolean2 = Boolean.parseBoolean(str3);
                if (parseBoolean2) {
                    IdentityUtil.clearIdentityErrorMsg();
                    IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext(VerificationBean.ERROR_CODE_DISABLED_ACCOUNT));
                }
                if (load.isAccountLocked() == parseBoolean2 && load.getUserDataMap().containsKey(UserIdentityDataStore.ACCOUNT_LOCK)) {
                    ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_SET_USER_CLAIM_VALUE);
                    return false;
                }
            }
            load.setUserIdentityDataClaim(str2, str3);
            try {
                identityDataStore.store(load, userStoreManager);
                if (z) {
                    sendEmail(IdentityUtil.addDomainToName(str, userStoreManager.getRealmConfiguration().getUserStoreProperty("DomainName")), userStoreManager.getTenantId(), str5);
                }
                ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_SET_USER_CLAIM_VALUE);
                return false;
            } catch (IdentityException e) {
                throw new UserStoreException("Error occurred while saving identity claims for user : " + str, e);
            }
        } catch (Throwable th) {
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_SET_USER_CLAIM_VALUE);
            throw th;
        }
    }

    public boolean doPreSetUserClaimValues(String str, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        String str3 = map.get(UserIdentityDataStore.ACCOUNT_LOCK);
        boolean z = false;
        if (StringUtils.isNotEmpty(str3)) {
            z = Boolean.parseBoolean(str3);
        }
        try {
            if (!((Map) IdentityUtil.threadLocalProperties.get()).containsKey(DO_PRE_SET_USER_CLAIM_VALUES)) {
                ((Map) IdentityUtil.threadLocalProperties.get()).put(DO_PRE_SET_USER_CLAIM_VALUES, true);
                IdentityMgtConfig.getInstance();
                UserIdentityDataStore identityDataStore = IdentityMgtConfig.getInstance().getIdentityDataStore();
                UserIdentityClaimsDO load = identityDataStore.load(str, userStoreManager);
                Boolean isAccountDisabled = load.isAccountDisabled();
                String str4 = map.get(UserIdentityDataStore.ACCOUNT_DISABLED);
                boolean parseBoolean = StringUtils.isNotEmpty(str4) ? Boolean.parseBoolean(str4) : isAccountDisabled.booleanValue();
                if (z) {
                    IdentityUtil.clearIdentityErrorMsg();
                    IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext(VerificationBean.ERROR_CODE_DISABLED_ACCOUNT));
                } else if (parseBoolean) {
                    IdentityUtil.clearIdentityErrorMsg();
                    IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext("17004"));
                }
                if (load == null) {
                    load = new UserIdentityClaimsDO(str);
                }
                if (isAccountDisabled.booleanValue() && parseBoolean) {
                    map.clear();
                    log.warn("Trying to update claims of a disabled user account. This is not permitted.");
                    throw new UserStoreException("User account is disabled, can't update claims without enabling.");
                }
                Iterator<Map.Entry<String, String>> it = map.entrySet().iterator();
                while (it.hasNext()) {
                    Map.Entry<String, String> next = it.next();
                    if (next.getKey().contains("http://wso2.org/claims/identity/challengeQuestion") || next.getKey().contains("http://wso2.org/claims/identity")) {
                        load.setUserIdentityDataClaim(next.getKey(), next.getValue());
                        it.remove();
                    }
                }
                try {
                    identityDataStore.store(load, userStoreManager);
                    int tenantId = userStoreManager.getTenantId();
                    String addDomainToName = IdentityUtil.addDomainToName(str, userStoreManager.getRealmConfiguration().getUserStoreProperty("DomainName"));
                    if (isAccountDisabled.booleanValue() && !parseBoolean) {
                        sendEmail(addDomainToName, tenantId, IdentityMgtConstants.Notification.ACCOUNT_ENABLE);
                    } else if (!isAccountDisabled.booleanValue() && parseBoolean) {
                        sendEmail(addDomainToName, tenantId, IdentityMgtConstants.Notification.ACCOUNT_DISABLE);
                    }
                } catch (IdentityException e) {
                    throw new UserStoreException("Error while saving user store data for user : " + str, e);
                }
            }
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_SET_USER_CLAIM_VALUES);
            return true;
        } catch (Throwable th) {
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(DO_PRE_SET_USER_CLAIM_VALUES);
            throw th;
        }
    }

    public boolean doPostDeleteUser(String str, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        try {
            IdentityMgtConfig.getInstance().getIdentityDataStore().remove(str, userStoreManager);
            try {
                UserRegistry configSystemRegistry = IdentityMgtServiceComponent.getRegistryService().getConfigSystemRegistry(userStoreManager.getTenantId());
                String str2 = "/repository/components/org.wso2.carbon.identity.mgt/keys/" + userStoreManager.getTenantId() + "/" + str;
                if (configSystemRegistry.resourceExists(str2)) {
                    configSystemRegistry.delete(str2);
                }
                return true;
            } catch (RegistryException e) {
                log.error("Error while deleting recovery data for user : " + str + " in tenant : " + userStoreManager.getTenantId(), e);
                return true;
            }
        } catch (IdentityException e2) {
            throw new UserStoreException("Error while removing user: " + str + " from identity data store", e2);
        }
    }

    public boolean doPostGetUserClaimValues(String str, String[] strArr, String str2, Map<String, String> map, UserStoreManager userStoreManager) throws UserStoreException {
        UserIdentityClaimsDO load;
        if (!isEnable()) {
            return true;
        }
        if (map == null) {
            map = new HashMap();
        }
        UserIdentityDataStore identityDataStore = IdentityMgtConfig.getInstance().getIdentityDataStore();
        boolean z = false;
        for (String str3 : strArr) {
            if (str3.contains("http://wso2.org/claims/identity/challengeQuestion") || str3.contains("http://wso2.org/claims/identity")) {
                z = true;
                break;
            }
        }
        if (!z || (load = identityDataStore.load(str, userStoreManager)) == null) {
            return true;
        }
        for (String str4 : strArr) {
            if (load.getUserDataMap().containsKey(str4)) {
                map.put(str4, load.getUserDataMap().get(str4));
            }
        }
        return true;
    }

    public boolean doPostGetUserClaimValue(String str, String str2, List<String> list, String str3, UserStoreManager userStoreManager) throws UserStoreException {
        UserIdentityClaimsDO load;
        if (!isEnable() || StringUtils.isBlank(str2) || !str2.startsWith("http://wso2.org/claims/identity") || (load = IdentityMgtConfig.getInstance().getIdentityDataStore().load(str, userStoreManager)) == null || !load.getUserDataMap().containsKey(str2)) {
            return true;
        }
        if (!list.isEmpty()) {
            list.clear();
        }
        list.add(load.getUserDataMap().get(str2));
        return true;
    }

    public boolean doPostUpdateCredential(String str, Object obj, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(IdentityMgtConstants.LAST_PASSWORD_UPDATE_TIME, Long.toString(System.currentTimeMillis()));
        userStoreManager.setUserClaimValues(str, hashMap, (String) null);
        return true;
    }

    private void sendEmail(String str, int i, String str2) {
        UserRecoveryDTO userRecoveryDTO;
        String tenantDomain = IdentityTenantUtil.getTenantDomain(i);
        if ("carbon.super".equals(tenantDomain)) {
            userRecoveryDTO = new UserRecoveryDTO(str);
        } else {
            UserDTO userDTO = new UserDTO(UserCoreUtil.addTenantDomainToEntry(str, tenantDomain));
            userDTO.setTenantId(i);
            userRecoveryDTO = new UserRecoveryDTO(userDTO);
        }
        userRecoveryDTO.setNotification(str2);
        userRecoveryDTO.setNotificationType(EMAIL_NOTIFICATION_TYPE);
        try {
            IdentityMgtServiceComponent.getRecoveryProcessor().recoverWithNotification(userRecoveryDTO);
        } catch (IdentityException e) {
            log.error("Email notification sending failed for user:" + str + " for " + str2);
        }
    }

    public boolean doPostDeleteUserClaimValues(String str, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPostDeleteUserClaimValue(String str, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }
}
