package org.wso2.carbon.identity.captcha.connector.recaptcha;

import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.captcha.connector.CaptchaPostValidationResponse;
import org.wso2.carbon.identity.captcha.connector.CaptchaPreValidationResponse;
import org.wso2.carbon.identity.captcha.exception.CaptchaClientException;
import org.wso2.carbon.identity.captcha.exception.CaptchaException;
import org.wso2.carbon.identity.captcha.exception.CaptchaServerException;
import org.wso2.carbon.identity.captcha.internal.CaptchaDataHolder;
import org.wso2.carbon.identity.captcha.util.CaptchaHttpServletRequestWrapper;
import org.wso2.carbon.identity.captcha.util.CaptchaUtil;
import org.wso2.carbon.identity.captcha.util.EnabledSecurityMechanism;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.governance.IdentityGovernanceException;
import org.wso2.carbon.identity.governance.IdentityGovernanceService;
import org.wso2.carbon.identity.recovery.IdentityRecoveryException;
import org.wso2.carbon.identity.recovery.model.UserRecoveryData;
import org.wso2.carbon.identity.recovery.store.JDBCRecoveryDataStore;

/* loaded from: input_file:org/wso2/carbon/identity/captcha/connector/recaptcha/PasswordRecoveryReCaptchaConnector.class */
public class PasswordRecoveryReCaptchaConnector extends AbstractReCaptchaConnector {
    private static final Log log = LogFactory.getLog(PasswordRecoveryReCaptchaConnector.class);
    private static final String FAIL_ATTEMPTS_CLAIM = "http://wso2.org/claims/identity/failedPasswordRecoveryAttempts";
    private static final String ACCOUNT_LOCKED_CLAIM = "http://wso2.org/claims/identity/accountLocked";
    private static final String ACCOUNT_SECURITY_QUESTION_URL = "/api/identity/recovery/v0.9/security-question";
    private static final String ACCOUNT_SECURITY_QUESTIONS_URL = "/api/identity/recovery/v0.9/security-questions";
    private static final String ACCOUNT_VALIDATE_ANSWER_URL = "/api/identity/recovery/v0.9/validate-answer";
    private static final String RECOVERY_QUESTION_PASSWORD_RECAPTCHA_ENABLE = "Recovery.Question.Password.ReCaptcha.Enable";
    private static final String RECOVERY_QUESTION_PASSWORD_RECAPTCHA_MAX_FAILED_ATTEMPTS = "Recovery.Question.Password.ReCaptcha.MaxFailedAttempts";
    private IdentityGovernanceService identityGovernanceService;

    @Override // org.wso2.carbon.identity.captcha.connector.CaptchaConnector
    public void init(IdentityGovernanceService identityGovernanceService) {
        this.identityGovernanceService = identityGovernanceService;
    }

    @Override // org.wso2.carbon.identity.captcha.connector.CaptchaConnector
    public int getPriority() {
        return 10;
    }

    @Override // org.wso2.carbon.identity.captcha.connector.CaptchaConnector
    public boolean canHandle(ServletRequest servletRequest, ServletResponse servletResponse) throws CaptchaException {
        if (!CaptchaDataHolder.getInstance().isReCaptchaEnabled()) {
            return false;
        }
        String requestURI = ((HttpServletRequest) servletRequest).getRequestURI();
        return !StringUtils.isBlank(requestURI) && (CaptchaUtil.isPathAvailable(requestURI, ACCOUNT_SECURITY_QUESTION_URL) || CaptchaUtil.isPathAvailable(requestURI, ACCOUNT_SECURITY_QUESTIONS_URL) || CaptchaUtil.isPathAvailable(requestURI, ACCOUNT_VALIDATE_ANSWER_URL));
    }

    @Override // org.wso2.carbon.identity.captcha.connector.CaptchaConnector
    public CaptchaPreValidationResponse preValidate(ServletRequest servletRequest, ServletResponse servletResponse) throws CaptchaException {
        CaptchaPreValidationResponse captchaPreValidationResponse = new CaptchaPreValidationResponse();
        try {
            CaptchaHttpServletRequestWrapper captchaHttpServletRequestWrapper = new CaptchaHttpServletRequestWrapper((HttpServletRequest) servletRequest);
            captchaPreValidationResponse.setWrappedHttpServletRequest(captchaHttpServletRequestWrapper);
            String requestURI = captchaHttpServletRequestWrapper.getRequestURI();
            User user = new User();
            boolean z = false;
            if (CaptchaUtil.isPathAvailable(requestURI, ACCOUNT_SECURITY_QUESTION_URL) || CaptchaUtil.isPathAvailable(requestURI, ACCOUNT_SECURITY_QUESTIONS_URL)) {
                user.setUserName(servletRequest.getParameter("username"));
                user.setUserStoreDomain(servletRequest.getParameter("realm"));
                user.setTenantDomain(servletRequest.getParameter("tenant-domain"));
                z = true;
            } else {
                try {
                    ServletInputStream inputStream = captchaHttpServletRequestWrapper.getInputStream();
                    Throwable th = null;
                    try {
                        try {
                            JsonObject asJsonObject = new JsonParser().parse(IOUtils.toString(inputStream)).getAsJsonObject();
                            if (inputStream != null) {
                                if (0 != 0) {
                                    try {
                                        inputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    inputStream.close();
                                }
                            }
                            try {
                                UserRecoveryData load = JDBCRecoveryDataStore.getInstance().load(asJsonObject.get("key").getAsString());
                                if (load != null) {
                                    user = load.getUser();
                                }
                            } catch (IdentityRecoveryException e) {
                                return captchaPreValidationResponse;
                            }
                        } finally {
                        }
                    } finally {
                    }
                } catch (IOException e2) {
                    return captchaPreValidationResponse;
                }
            }
            if (StringUtils.isBlank(user.getUserName())) {
                return captchaPreValidationResponse;
            }
            if (StringUtils.isBlank(user.getTenantDomain())) {
                user.setTenantDomain("carbon.super");
            }
            try {
                String str = null;
                String str2 = null;
                for (Property property : this.identityGovernanceService.getConfiguration(new String[]{RECOVERY_QUESTION_PASSWORD_RECAPTCHA_ENABLE, RECOVERY_QUESTION_PASSWORD_RECAPTCHA_MAX_FAILED_ATTEMPTS}, user.getTenantDomain())) {
                    if (RECOVERY_QUESTION_PASSWORD_RECAPTCHA_ENABLE.equals(property.getName())) {
                        str = property.getValue();
                    } else if (RECOVERY_QUESTION_PASSWORD_RECAPTCHA_MAX_FAILED_ATTEMPTS.equals(property.getName())) {
                        str2 = property.getValue();
                    }
                }
                if (!Boolean.parseBoolean(str)) {
                    return captchaPreValidationResponse;
                }
                if (StringUtils.isBlank(str2) || !NumberUtils.isNumber(str2)) {
                    log.warn("Invalid configuration found in the PasswordRecoveryReCaptchaConnector for the tenant - " + user.getTenantDomain());
                    return captchaPreValidationResponse;
                }
                int parseInt = Integer.parseInt(str2);
                try {
                    Map<String, String> claimValues = CaptchaUtil.getClaimValues(user, IdentityTenantUtil.getTenantId(user.getTenantDomain()), new String[]{FAIL_ATTEMPTS_CLAIM, ACCOUNT_LOCKED_CLAIM});
                    if (claimValues == null || claimValues.isEmpty()) {
                        return captchaPreValidationResponse;
                    }
                    if (Boolean.parseBoolean(claimValues.get(ACCOUNT_LOCKED_CLAIM))) {
                        return captchaPreValidationResponse;
                    }
                    int parseInt2 = NumberUtils.isNumber(claimValues.get(FAIL_ATTEMPTS_CLAIM)) ? Integer.parseInt(claimValues.get(FAIL_ATTEMPTS_CLAIM)) : 0;
                    HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
                    if (parseInt2 > parseInt) {
                        if (z) {
                            httpServletResponse.setHeader("reCaptcha", "true");
                            httpServletResponse.setHeader("reCaptchaKey", CaptchaDataHolder.getInstance().getReCaptchaSiteKey());
                            httpServletResponse.setHeader("reCaptchaAPI", CaptchaDataHolder.getInstance().getReCaptchaAPIUrl());
                        } else {
                            captchaPreValidationResponse.setCaptchaValidationRequired(true);
                            captchaPreValidationResponse.setMaxFailedLimitReached(true);
                            addPostValidationData(servletRequest);
                        }
                    } else if (parseInt2 == parseInt && !z) {
                        addPostValidationData(servletRequest);
                    }
                    return captchaPreValidationResponse;
                } catch (Exception e3) {
                    return captchaPreValidationResponse;
                }
            } catch (IdentityGovernanceException e4) {
                throw new CaptchaServerException("Unable to retrieve connector configs.", e4);
            }
        } catch (IOException e5) {
            log.error("Error occurred while wrapping ServletRequest.", e5);
            return captchaPreValidationResponse;
        }
    }

    @Override // org.wso2.carbon.identity.captcha.connector.recaptcha.AbstractReCaptchaConnector, org.wso2.carbon.identity.captcha.connector.CaptchaConnector
    public boolean verifyCaptcha(ServletRequest servletRequest, ServletResponse servletResponse) throws CaptchaException {
        String header = ((HttpServletRequest) servletRequest).getHeader("g-recaptcha-response");
        if (StringUtils.isBlank(header)) {
            throw new CaptchaClientException("reCaptcha response is not available in the request.");
        }
        return CaptchaUtil.isValidCaptcha(header);
    }

    @Override // org.wso2.carbon.identity.captcha.connector.CaptchaConnector
    public CaptchaPostValidationResponse postValidate(ServletRequest servletRequest, ServletResponse servletResponse) throws CaptchaException {
        return null;
    }

    private void addPostValidationData(ServletRequest servletRequest) {
        EnabledSecurityMechanism enabledSecurityMechanism = new EnabledSecurityMechanism();
        enabledSecurityMechanism.setMechanism("reCaptcha");
        HashMap hashMap = new HashMap();
        hashMap.put("reCaptchaKey", CaptchaDataHolder.getInstance().getReCaptchaSiteKey());
        hashMap.put("reCaptchaAPI", CaptchaDataHolder.getInstance().getReCaptchaAPIUrl());
        enabledSecurityMechanism.setProperties(hashMap);
        ((HttpServletRequest) servletRequest).getSession().setAttribute("enabled-security-mechanism", enabledSecurityMechanism);
    }
}
