package org.wso2.carbon.identity.user.account.connector;

import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.core.services.authentication.AuthenticationUtil;
import org.wso2.carbon.core.services.authentication.stats.LoginAttempt;
import org.wso2.carbon.core.services.authentication.stats.LoginStatDatabase;
import org.wso2.carbon.core.services.util.CarbonAuthenticationUtil;
import org.wso2.carbon.identity.user.account.connector.dao.ConnectorDAO;
import org.wso2.carbon.identity.user.account.connector.exception.UserAccountConnectorException;
import org.wso2.carbon.identity.user.account.connector.internal.IdentityAccountConnectorServiceComponent;
import org.wso2.carbon.identity.user.account.connector.util.UserAccountConnectorConstants;
import org.wso2.carbon.identity.user.account.connector.util.UserAccountConnectorUtil;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/user/account/connector/UserAccountConnectorImpl.class */
public class UserAccountConnectorImpl implements UserAccountConnector {
    private static Log log = LogFactory.getLog(UserAccountConnectorImpl.class);
    private static Log audit = CarbonConstants.AUDIT_LOG;
    private static UserAccountConnectorImpl instance;

    private UserAccountConnectorImpl() {
    }

    public static UserAccountConnector getInstance() {
        if (instance == null) {
            synchronized (UserAccountConnectorImpl.class) {
                if (instance == null) {
                    instance = new UserAccountConnectorImpl();
                }
            }
        }
        return instance;
    }

    @Override // org.wso2.carbon.identity.user.account.connector.UserAccountConnector
    public void connectUserAccount(String str, String str2) throws UserAccountConnectorException {
        String domainFromThreadLocal;
        if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
            if (log.isDebugEnabled()) {
                log.debug(UserAccountConnectorConstants.ErrorMessages.INVALID_INPUTS.getDescription());
            }
            throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.INVALID_INPUTS.toString());
        }
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
        try {
            RealmService realmService = IdentityAccountConnectorServiceComponent.getRealmService();
            int tenantId2 = getTenantId(realmService, MultitenantUtils.getTenantDomain(str));
            if (tenantId2 == -1) {
                if (log.isDebugEnabled()) {
                    log.debug(UserAccountConnectorConstants.ErrorMessages.INVALID_TENANT_DOMAIN.getDescription());
                }
                throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.INVALID_TENANT_DOMAIN.toString());
            }
            boolean authenticate = realmService.getTenantUserRealm(tenantId2).getUserStoreManager().authenticate(tenantAwareUsername, str2);
            if (tenantAwareUsername.indexOf("/") < 0 && (domainFromThreadLocal = UserCoreUtil.getDomainFromThreadLocal()) != null) {
                tenantAwareUsername = domainFromThreadLocal + "/" + tenantAwareUsername;
            }
            if (!authenticate) {
                if (log.isDebugEnabled()) {
                    log.debug(UserAccountConnectorConstants.ErrorMessages.USER_NOT_AUTHENTIC.getDescription());
                }
                throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.USER_NOT_AUTHENTIC.toString());
            }
            try {
                boolean isValidAssociation = ConnectorDAO.getInstance().isValidAssociation(tenantAwareUsername, tenantId2);
                if (!isValidAssociation && tenantAwareUsername.equals(CarbonContext.getThreadLocalCarbonContext().getUsername()) && tenantId2 == CarbonContext.getThreadLocalCarbonContext().getTenantId()) {
                    throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.SAME_ACCOUNT_CONNECTING_ERROR.toString());
                }
                if (isValidAssociation) {
                    if (log.isDebugEnabled()) {
                        log.debug(UserAccountConnectorConstants.ErrorMessages.ALREADY_CONNECTED.getDescription());
                    }
                    throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.ALREADY_CONNECTED.toString());
                }
                try {
                    String associationKeyOfUser = ConnectorDAO.getInstance().getAssociationKeyOfUser(username, tenantId);
                    boolean z = associationKeyOfUser != null;
                    String associationKeyOfUser2 = ConnectorDAO.getInstance().getAssociationKeyOfUser(tenantAwareUsername, tenantId2);
                    boolean z2 = associationKeyOfUser2 != null;
                    if (!z && !z2) {
                        String randomNumber = UserAccountConnectorUtil.getRandomNumber();
                        ConnectorDAO.getInstance().createConnection(randomNumber, username, tenantId);
                        ConnectorDAO.getInstance().createConnection(randomNumber, tenantAwareUsername, tenantId2);
                    } else if (z && !z2) {
                        ConnectorDAO.getInstance().createConnection(associationKeyOfUser, tenantAwareUsername, tenantId2);
                    } else if (z || !z2) {
                        ConnectorDAO.getInstance().updateAssociationKey(associationKeyOfUser2, associationKeyOfUser);
                    } else {
                        ConnectorDAO.getInstance().createConnection(associationKeyOfUser2, username, tenantId);
                    }
                } catch (Exception e) {
                    log.error(UserAccountConnectorConstants.ErrorMessages.ACCOUNT_CONNECTING_ERROR.getDescription(), e);
                    throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.ACCOUNT_CONNECTING_ERROR.toString());
                }
            } catch (Exception e2) {
                log.error(UserAccountConnectorConstants.ErrorMessages.ACCOUNT_CONNECTING_ERROR.getDescription(), e2);
                throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.ACCOUNT_CONNECTING_ERROR.toString());
            }
        } catch (Exception e3) {
            log.error(UserAccountConnectorConstants.ErrorMessages.ACCOUNT_AUTHENTICATE_ERROR.getDescription(), e3);
            throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.ACCOUNT_AUTHENTICATE_ERROR.toString());
        }
    }

    @Override // org.wso2.carbon.identity.user.account.connector.UserAccountConnector
    public void deleteUserAccountConnection(String str) throws UserAccountConnectorException {
        if (StringUtils.isBlank(str)) {
            if (log.isDebugEnabled()) {
                log.debug(UserAccountConnectorConstants.ErrorMessages.INVALID_INPUTS.getDescription());
            }
            throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.INVALID_INPUTS.toString());
        }
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
        try {
            int tenantId = getTenantId(IdentityAccountConnectorServiceComponent.getRealmService(), MultitenantUtils.getTenantDomain(str));
            try {
                if (!ConnectorDAO.getInstance().isValidAssociation(tenantAwareUsername, tenantId)) {
                    if (log.isDebugEnabled()) {
                        log.debug(UserAccountConnectorConstants.ErrorMessages.INVALID_ASSOCIATION.getDescription());
                    }
                    throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.INVALID_ASSOCIATION.toString());
                }
                try {
                    ConnectorDAO.getInstance().deleteAccountConnection(tenantAwareUsername, tenantId);
                } catch (Exception e) {
                    log.error(UserAccountConnectorConstants.ErrorMessages.CONN_DELETE_ERROR.getDescription(), e);
                    throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.CONN_DELETE_ERROR.toString());
                }
            } catch (Exception e2) {
                log.error(UserAccountConnectorConstants.ErrorMessages.CONN_DELETE_ERROR.getDescription(), e2);
                throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.CONN_DELETE_ERROR.toString());
            }
        } catch (Exception e3) {
            log.error(UserAccountConnectorConstants.ErrorMessages.ERROR_IN_GET_TENANT_ID.getDescription(), e3);
            throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.ERROR_IN_GET_TENANT_ID.toString());
        }
    }

    @Override // org.wso2.carbon.identity.user.account.connector.UserAccountConnector
    public String[] getConnectedAccountsOfUser() throws UserAccountConnectorException {
        try {
            List<String> connectionsOfUser = ConnectorDAO.getInstance().getConnectionsOfUser(CarbonContext.getThreadLocalCarbonContext().getUsername(), CarbonContext.getThreadLocalCarbonContext().getTenantId());
            return connectionsOfUser.size() > 0 ? (String[]) connectionsOfUser.toArray(new String[connectionsOfUser.size()]) : new String[0];
        } catch (Exception e) {
            log.error(UserAccountConnectorConstants.ErrorMessages.CONN_LIST_ERROR.getDescription(), e);
            throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.CONN_LIST_ERROR.toString(), e);
        }
    }

    @Override // org.wso2.carbon.identity.user.account.connector.UserAccountConnector
    public boolean switchLoggedInUser(String str) throws UserAccountConnectorException {
        String domainFromThreadLocal;
        if (StringUtils.isBlank(str)) {
            if (log.isDebugEnabled()) {
                log.debug(UserAccountConnectorConstants.ErrorMessages.INVALID_INPUTS.getDescription());
            }
            throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.INVALID_INPUTS.toString());
        }
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
        String tenantDomain = MultitenantUtils.getTenantDomain(str);
        try {
            RealmService realmService = IdentityAccountConnectorServiceComponent.getRealmService();
            int tenantId = getTenantId(realmService, tenantDomain);
            try {
                if (!ConnectorDAO.getInstance().isValidAssociation(tenantAwareUsername, tenantId)) {
                    if (log.isDebugEnabled()) {
                        log.debug(UserAccountConnectorConstants.ErrorMessages.INVALID_ASSOCIATION.getDescription());
                    }
                    throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.INVALID_ASSOCIATION.toString());
                }
                try {
                    MessageContext currentMessageContext = MessageContext.getCurrentMessageContext();
                    HttpSession session = ((HttpServletRequest) currentMessageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getSession();
                    String remoteAddress = AuthenticationUtil.getRemoteAddress(currentMessageContext);
                    UserRealm tenantUserRealm = realmService.getTenantUserRealm(tenantId);
                    if (tenantUserRealm == null) {
                        if (log.isDebugEnabled()) {
                            log.debug(UserAccountConnectorConstants.ErrorMessages.INVALID_ASSOCIATION.getDescription());
                        }
                        throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.INVALID_ASSOCIATION.toString());
                    }
                    if (!realmService.getTenantManager().isTenantActive(tenantId)) {
                        log.warn("Tenant has been deactivated. TenantID : " + tenantId);
                        return false;
                    }
                    if (tenantAwareUsername.indexOf("/") < 0 && (domainFromThreadLocal = UserCoreUtil.getDomainFromThreadLocal()) != null) {
                        tenantAwareUsername = domainFromThreadLocal + "/" + tenantAwareUsername;
                    }
                    boolean executePrePostAuthenticationListeners = UserAccountConnectorUtil.executePrePostAuthenticationListeners(tenantAwareUsername, tenantUserRealm.getUserStoreManager());
                    boolean isUserAuthorized = tenantUserRealm.getAuthorizationManager().isUserAuthorized(tenantAwareUsername, "/permission/admin/login", "ui.execute");
                    if (executePrePostAuthenticationListeners && isUserAuthorized) {
                        CarbonAuthenticationUtil.onSuccessAdminLogin(session, tenantAwareUsername, tenantId, tenantDomain, remoteAddress);
                        audit.info(getAuditMessage(true, CarbonContext.getThreadLocalCarbonContext().getUsername(), CarbonContext.getThreadLocalCarbonContext().getTenantId(), tenantAwareUsername, tenantId, tenantDomain));
                        return true;
                    }
                    LoginStatDatabase.recordLoginAttempt(new LoginAttempt(tenantAwareUsername, tenantId, remoteAddress, new Date(), false, "unauthorized"));
                    audit.warn(getAuditMessage(false, CarbonContext.getThreadLocalCarbonContext().getUsername(), CarbonContext.getThreadLocalCarbonContext().getTenantId(), tenantAwareUsername, tenantId, tenantDomain));
                    return false;
                } catch (Exception e) {
                    log.error(UserAccountConnectorConstants.ErrorMessages.ACCOUNT_SWITCHING_ERROR.getDescription(), e);
                    throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.ACCOUNT_SWITCHING_ERROR.toString());
                }
            } catch (Exception e2) {
                log.error(UserAccountConnectorConstants.ErrorMessages.ACCOUNT_SWITCHING_ERROR.getDescription(), e2);
                throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.ACCOUNT_SWITCHING_ERROR.toString());
            }
        } catch (Exception e3) {
            log.error(UserAccountConnectorConstants.ErrorMessages.ERROR_IN_GET_TENANT_ID.getDescription(), e3);
            throw new UserAccountConnectorException(UserAccountConnectorConstants.ErrorMessages.ERROR_IN_GET_TENANT_ID.toString());
        }
    }

    private int getTenantId(RealmService realmService, String str) throws Exception {
        try {
            return realmService.getTenantManager().getTenantId(str);
        } catch (UserStoreException e) {
            throw e;
        }
    }

    private String getAuditMessage(boolean z, String str, int i, String str2, int i2, String str3) {
        Date time = Calendar.getInstance().getTime();
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("'['yyyy-MM-dd HH:mm:ss,SSSZ']'");
        return z ? "'" + str + "' [" + i + "] switched to '" + str2 + "@" + str3 + " [" + i2 + "]' successfully at " + simpleDateFormat.format(time) : "Failed to switch from '" + str + "' [" + i + "] to '" + str2 + "@" + str3 + " [" + i2 + "]' at " + simpleDateFormat.format(time);
    }
}
