package org.cloudfoundry.identity.uaa.account;

import com.fasterxml.jackson.core.type.TypeReference;
import java.sql.Timestamp;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.batik.util.XMLConstants;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCode;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.error.UaaException;
import org.cloudfoundry.identity.uaa.message.MessageService;
import org.cloudfoundry.identity.uaa.message.MessageType;
import org.cloudfoundry.identity.uaa.scim.ScimUser;
import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.cloudfoundry.identity.uaa.util.UaaUrlUtils;
import org.cloudfoundry.identity.uaa.zone.ClientServicesExtension;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.NoSuchClientException;
import org.springframework.util.StringUtils;
import org.thymeleaf.TemplateEngine;
import org.thymeleaf.context.Context;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.24.0.jar:org/cloudfoundry/identity/uaa/account/EmailChangeEmailService.class */
public class EmailChangeEmailService implements ChangeEmailService {
    private final TemplateEngine templateEngine;
    private final MessageService messageService;
    private final ScimUserProvisioning scimUserProvisioning;
    private final ExpiringCodeStore codeStore;
    private final ClientServicesExtension clientDetailsService;
    private static final int EMAIL_CHANGE_LIFETIME = 1800000;
    public static final String CHANGE_EMAIL_REDIRECT_URL = "change_email_redirect_url";

    public EmailChangeEmailService(TemplateEngine templateEngine, MessageService messageService, ScimUserProvisioning scimUserProvisioning, ExpiringCodeStore expiringCodeStore, ClientServicesExtension clientServicesExtension) {
        this.templateEngine = templateEngine;
        this.messageService = messageService;
        this.scimUserProvisioning = scimUserProvisioning;
        this.codeStore = expiringCodeStore;
        this.clientDetailsService = clientServicesExtension;
    }

    @Override // org.cloudfoundry.identity.uaa.account.ChangeEmailService
    public void beginEmailChange(String str, String str2, String str3, String str4, String str5) {
        ScimUser retrieve = this.scimUserProvisioning.retrieve(str, IdentityZoneHolder.get().getId());
        List<ScimUser> query = this.scimUserProvisioning.query("userName eq \"" + str3 + "\" and origin eq \"" + OriginKeys.UAA + XMLConstants.XML_DOUBLE_QUOTE, IdentityZoneHolder.get().getId());
        if (retrieve.getUserName().equals(retrieve.getPrimaryEmail()) && !query.isEmpty()) {
            throw new UaaException("Conflict", 409);
        }
        String emailChangeEmailHtml = getEmailChangeEmailHtml(str2, str3, generateExpiringCode(str, str3, str4, str5));
        if (emailChangeEmailHtml != null) {
            this.messageService.sendMessage(str3, MessageType.CHANGE_EMAIL, getSubjectText(), emailChangeEmailHtml);
        }
    }

    private String generateExpiringCode(String str, String str2, String str3, String str4) {
        HashMap hashMap = new HashMap();
        hashMap.put("user_id", str);
        hashMap.put("client_id", str3);
        hashMap.put(OAuth2Utils.REDIRECT_URI, str4);
        hashMap.put("email", str2);
        return this.codeStore.generateCode(JsonUtils.writeValueAsString(hashMap), new Timestamp(System.currentTimeMillis() + 1800000), ExpiringCodeType.EMAIL.name(), IdentityZoneHolder.get().getId()).getCode();
    }

    @Override // org.cloudfoundry.identity.uaa.account.ChangeEmailService
    public Map<String, String> completeVerification(String str) {
        ExpiringCode retrieveCode = this.codeStore.retrieveCode(str, IdentityZoneHolder.get().getId());
        if (null == retrieveCode || !(null == retrieveCode.getIntent() || ExpiringCodeType.EMAIL.name().equals(retrieveCode.getIntent()))) {
            throw new UaaException("Error", 400);
        }
        Map map = (Map) JsonUtils.readValue(retrieveCode.getData(), new TypeReference<Map<String, String>>() { // from class: org.cloudfoundry.identity.uaa.account.EmailChangeEmailService.1
        });
        String str2 = (String) map.get("user_id");
        String str3 = (String) map.get("email");
        ScimUser retrieve = this.scimUserProvisioning.retrieve(str2, IdentityZoneHolder.get().getId());
        if (retrieve.getUserName().equals(retrieve.getPrimaryEmail())) {
            retrieve.setUserName(str3);
        }
        retrieve.getEmails().clear();
        retrieve.setPrimaryEmail(str3);
        this.scimUserProvisioning.update(str2, retrieve, IdentityZoneHolder.get().getId());
        String str4 = (String) map.get("client_id");
        String str5 = null;
        if (str4 != null) {
            String str6 = map.get(OAuth2Utils.REDIRECT_URI) == null ? "" : (String) map.get(OAuth2Utils.REDIRECT_URI);
            try {
                ClientDetails loadClientByClientId = this.clientDetailsService.loadClientByClientId(str4, IdentityZoneHolder.get().getId());
                str5 = UaaUrlUtils.findMatchingRedirectUri(loadClientByClientId.getRegisteredRedirectUri() == null ? Collections.emptySet() : loadClientByClientId.getRegisteredRedirectUri(), str6, (String) loadClientByClientId.getAdditionalInformation().get("change_email_redirect_url"));
            } catch (NoSuchClientException e) {
            }
        }
        HashMap hashMap = new HashMap();
        hashMap.put("userId", retrieve.getId());
        hashMap.put("username", retrieve.getUserName());
        hashMap.put("email", retrieve.getPrimaryEmail());
        hashMap.put("redirect_url", str5);
        return hashMap;
    }

    private String getSubjectText() {
        if (!IdentityZoneHolder.get().equals(IdentityZone.getUaa())) {
            return IdentityZoneHolder.get().getName() + " Email change verification";
        }
        String companyName = IdentityZoneHolder.resolveBranding().getCompanyName();
        return StringUtils.hasText(companyName) ? companyName + " Email change verification" : "Account Email change verification";
    }

    private String getEmailChangeEmailHtml(String str, String str2, String str3) {
        String uaaUrl = UaaUrlUtils.getUaaUrl("/verify_email");
        Context context = new Context();
        if (IdentityZoneHolder.get().equals(IdentityZone.getUaa())) {
            String companyName = IdentityZoneHolder.resolveBranding().getCompanyName();
            context.setVariable("serviceName", StringUtils.hasText(companyName) ? companyName : "Cloud Foundry");
            context.setVariable("servicePhrase", StringUtils.hasText(companyName) ? "a " + companyName + " account" : "an account");
        } else {
            context.setVariable("serviceName", IdentityZoneHolder.get().getName());
            context.setVariable("servicePhrase", IdentityZoneHolder.get().getName());
        }
        context.setVariable("code", str3);
        context.setVariable("newEmail", str2);
        context.setVariable("email", str);
        context.setVariable("verifyUrl", uaaUrl);
        return this.templateEngine.process("verify_email", context);
    }
}
