package org.wso2.carbon.identity.mgt.util;

import java.io.ByteArrayInputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
import org.apache.axiom.om.util.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.mgt.IdentityMgtConfig;
import org.wso2.carbon.identity.mgt.constants.IdentityMgtConstants;
import org.wso2.carbon.identity.mgt.dto.UserDTO;
import org.wso2.carbon.identity.mgt.internal.IdentityMgtServiceComponent;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.user.api.Tenant;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.tenant.TenantManager;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/mgt/util/Utils.class */
public class Utils {
    private static final Log log = LogFactory.getLog(Utils.class);

    private Utils() {
    }

    public static UserDTO processUserId(String str) throws IdentityException {
        if (str == null || str.trim().length() < 1) {
            throw IdentityException.error("Can not proceed with out a user id");
        }
        UserDTO userDTO = new UserDTO(str);
        if (!IdentityMgtConfig.getInstance().isSaasEnabled()) {
            validateTenant(userDTO);
        }
        userDTO.setTenantId(getTenantId(userDTO.getTenantDomain()));
        return userDTO;
    }

    public static void validateTenant(UserDTO userDTO) throws IdentityException {
        if (userDTO.getTenantDomain() == null || userDTO.getTenantDomain().isEmpty()) {
            return;
        }
        if (!userDTO.getTenantDomain().equals(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain())) {
            throw IdentityException.error("Failed access to unauthorized tenant domain");
        }
        userDTO.setTenantId(getTenantId(userDTO.getTenantDomain()));
    }

    public static int getVerifiedChallenges(UserDTO userDTO) throws IdentityException {
        String property;
        try {
            UserRegistry configSystemRegistry = IdentityMgtServiceComponent.getRegistryService().getConfigSystemRegistry(-1234);
            String str = "/repository/components/org.wso2.carbon.identity.mgt/challenges/" + userDTO.getUserId() + "/" + userDTO.getUserId();
            if (configSystemRegistry.resourceExists(str) && (property = configSystemRegistry.get(str).getProperty(IdentityMgtConstants.VERIFIED_CHALLENGES)) != null) {
                return Integer.parseInt(property);
            }
        } catch (RegistryException e) {
            log.error("Error while processing userKey", e);
        }
        return 0;
    }

    public static int getTenantId(String str) throws IdentityException {
        int tenantId;
        TenantManager tenantManager = IdentityMgtServiceComponent.getRealmService().getTenantManager();
        if ("carbon.super".equals(str)) {
            tenantId = -1234;
            if (log.isDebugEnabled()) {
                log.debug("Domain is not defined implicitly. So it is Super Tenant domain.");
            }
        } else {
            try {
                tenantId = tenantManager.getTenantId(str);
                if (tenantId < 1 && tenantId != -1234) {
                    log.error("This action can not be performed by the users in non-existing domains.");
                    throw IdentityException.error("This action can not be performed by the users in non-existing domains.");
                }
            } catch (UserStoreException e) {
                String str2 = "Error in retrieving tenant id of tenant domain: " + str + ".";
                log.error(str2, e);
                throw IdentityException.error(str2, e);
            }
        }
        return tenantId;
    }

    public static String getClaimFromUserStoreManager(String str, int i, String str2) throws IdentityException {
        UserStoreManager userStoreManager = null;
        RealmService realmService = IdentityMgtServiceComponent.getRealmService();
        String str3 = "";
        try {
            if (realmService.getTenantUserRealm(i) != null) {
                userStoreManager = (UserStoreManager) realmService.getTenantUserRealm(i).getUserStoreManager();
            }
            if (userStoreManager != null) {
                try {
                    Map userClaimValues = userStoreManager.getUserClaimValues(str, new String[]{str2}, "default");
                    if (userClaimValues != null && !userClaimValues.isEmpty()) {
                        str3 = (String) userClaimValues.get(str2);
                    }
                } catch (Exception e) {
                    String str4 = "Unable to retrieve the claim for user : " + str;
                    log.error(str4, e);
                    throw IdentityException.error(str4, e);
                }
            }
            return str3;
        } catch (Exception e2) {
            String str5 = "Error retrieving the user store manager for tenant id : " + i;
            log.error(str5, e2);
            throw IdentityException.error(str5, e2);
        }
    }

    public static String getEmailAddressForUser(String str, int i) {
        String str2 = null;
        try {
            if (log.isDebugEnabled()) {
                log.debug("Retrieving email address from user profile.");
            }
            Tenant tenant = IdentityMgtServiceComponent.getRealmService().getTenantManager().getTenant(i);
            if (tenant != null && tenant.getAdminName().equals(str)) {
                str2 = tenant.getEmail();
            }
            if (str2 == null || str2.trim().length() < 1) {
                str2 = getClaimFromUserStoreManager(str, i, "http://wso2.org/claims/emailaddress");
            }
            if ((str2 == null || str2.trim().length() < 1) && MultitenantUtils.isEmailUserName()) {
                str2 = UserCoreUtil.removeDomainFromName(str);
            }
        } catch (Exception e) {
            log.warn("Unable to retrieve an email address associated with the given user : " + str, e);
        }
        return str2;
    }

    public static boolean updatePassword(String str, int i, String str2) throws IdentityException {
        if (str == null || str.trim().length() < 1 || str2 == null || str2.trim().length() < 1) {
            log.error("Unable to find the required information for updating password");
            throw IdentityException.error("Unable to find the required information for updating password");
        }
        try {
            IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(i).getUserStoreManager().updateCredentialByAdmin(str, str2);
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Password is updated for  user: " + str);
            return true;
        } catch (UserStoreException e) {
            String str3 = "Error in changing the password, user name: " + str + "  domain: " + ((String) null) + ".";
            log.error(str3, e);
            throw IdentityException.error(str3, e);
        }
    }

    public static String doHash(String str) throws UserStoreException {
        try {
            return Base64.encode(MessageDigest.getInstance("SHA-256").digest(str.getBytes()));
        } catch (NoSuchAlgorithmException e) {
            log.error(e.getMessage(), e);
            throw new UserStoreException(e.getMessage(), e);
        }
    }

    public static void setClaimInUserStoreManager(String str, int i, String str2, String str3) throws IdentityException {
        UserStoreManager userStoreManager = null;
        RealmService realmService = IdentityMgtServiceComponent.getRealmService();
        try {
            if (realmService.getTenantUserRealm(i) != null) {
                userStoreManager = (UserStoreManager) realmService.getTenantUserRealm(i).getUserStoreManager();
            }
            if (userStoreManager != null) {
                try {
                    String userClaimValue = userStoreManager.getUserClaimValue(str, str2, (String) null);
                    if (userClaimValue == null || !userClaimValue.equals(str3)) {
                        HashMap hashMap = new HashMap();
                        hashMap.put(str2, str3);
                        userStoreManager.setUserClaimValues(str, hashMap, "default");
                    }
                } catch (Exception e) {
                    String str4 = "Unable to set the claim for user : " + str;
                    log.error(str4, e);
                    throw IdentityException.error(str4, e);
                }
            }
        } catch (Exception e2) {
            log.error("Error retrieving the user store manager for the tenant", e2);
            throw IdentityException.error("Error retrieving the user store manager for the tenant", e2);
        }
    }

    public static String getUserStoreDomainName(String str) {
        int indexOf = str.indexOf("/");
        return indexOf >= 0 ? str.substring(0, indexOf) : "PRIMARY";
    }

    public static String[] getChallengeUris() {
        return new String[]{IdentityMgtConstants.DEFAULT_CHALLENGE_QUESTION_URI01, IdentityMgtConstants.DEFAULT_CHALLENGE_QUESTION_URI02};
    }

    public static Policy getSecurityPolicy() {
        return PolicyEngine.getPolicy(new ByteArrayInputStream("        <wsp:Policy wsu:Id=\"UTOverTransport\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\"\n                    xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">\n          <wsp:ExactlyOne>\n            <wsp:All>\n              <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n                <wsp:Policy>\n                  <sp:TransportToken>\n                    <wsp:Policy>\n                      <sp:HttpsToken RequireClientCertificate=\"true\"/>\n                    </wsp:Policy>\n                  </sp:TransportToken>\n                  <sp:AlgorithmSuite>\n                    <wsp:Policy>\n                      <sp:Basic256/>\n                    </wsp:Policy>\n                  </sp:AlgorithmSuite>\n                  <sp:Layout>\n                    <wsp:Policy>\n                      <sp:Lax/>\n                    </wsp:Policy>\n                  </sp:Layout>\n                  <sp:IncludeTimestamp/>\n                </wsp:Policy>\n              </sp:TransportBinding>\n            </wsp:All>\n          </wsp:ExactlyOne>\n        </wsp:Policy>".getBytes()));
    }
}
