package org.wso2.carbon.identity.recovery.services;

import java.util.List;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.recovery.ChallengeQuestionManager;
import org.wso2.carbon.identity.recovery.IdentityRecoveryClientException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
import org.wso2.carbon.identity.recovery.IdentityRecoveryException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryServerException;
import org.wso2.carbon.identity.recovery.internal.IdentityRecoveryServiceDataHolder;
import org.wso2.carbon.identity.recovery.model.ChallengeQuestion;
import org.wso2.carbon.identity.recovery.model.UserChallengeAnswer;
import org.wso2.carbon.identity.recovery.util.Utils;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/recovery/services/ChallengeQuestionManagementAdminService.class */
public class ChallengeQuestionManagementAdminService {
    private static Log log = LogFactory.getLog(ChallengeQuestionManagementAdminService.class);
    private ChallengeQuestionManager questionManager = ChallengeQuestionManager.getInstance();

    public ChallengeQuestion[] getChallengeQuestionsOfTenant(String str) throws IdentityRecoveryException {
        checkCrossTenantAccess(str);
        try {
            List<ChallengeQuestion> allChallengeQuestions = this.questionManager.getAllChallengeQuestions(str);
            return (ChallengeQuestion[]) allChallengeQuestions.toArray(new ChallengeQuestion[allChallengeQuestions.size()]);
        } catch (IdentityRecoveryException e) {
            log.error(String.format("Error loading challenge questions for tenant : %s.", str), e);
            throw new IdentityRecoveryException(String.format("Error loading challenge questions for tenant : %s.", str), e);
        }
    }

    public ChallengeQuestion[] getChallengeQuestionsForUser(User user) throws IdentityRecoveryException {
        if (user == null) {
            log.error("User object provided is null.");
            throw new IdentityRecoveryClientException("User object provided is null.");
        }
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(user.getUserName());
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        try {
            List<ChallengeQuestion> allChallengeQuestions = this.questionManager.getAllChallengeQuestions(tenantDomain, getLocaleOfUser(user, tenantDomain));
            return (ChallengeQuestion[]) allChallengeQuestions.toArray(new ChallengeQuestion[allChallengeQuestions.size()]);
        } catch (IdentityRecoveryException e) {
            log.error(String.format("Error loading challenge questions for user : %s@%s.", tenantAwareUsername, tenantDomain), e);
            throw new IdentityRecoveryException(String.format("Error loading challenge questions for user : %s@%s.", tenantAwareUsername, tenantDomain), e);
        }
    }

    public ChallengeQuestion[] getChallengeQuestionsForLocale(String str, String str2) throws IdentityRecoveryException {
        checkCrossTenantAccess(str);
        try {
            List<ChallengeQuestion> allChallengeQuestions = this.questionManager.getAllChallengeQuestions(str, str2);
            return (ChallengeQuestion[]) allChallengeQuestions.toArray(new ChallengeQuestion[allChallengeQuestions.size()]);
        } catch (IdentityRecoveryException e) {
            String format = String.format("Error loading challenge questions for tenant %s in %s locale.", str, str2);
            log.error(format, e);
            throw new IdentityRecoveryException(format, e);
        }
    }

    public void setChallengeQuestionsOfTenant(ChallengeQuestion[] challengeQuestionArr, String str) throws IdentityRecoveryException {
        checkCrossTenantAccess(str);
        try {
            this.questionManager.addChallengeQuestions(challengeQuestionArr, str);
        } catch (IdentityRecoveryException e) {
            log.error(String.format("Error setting challenge questions for tenant domain %s.", str), e);
            throw new IdentityRecoveryException(String.format("Error setting challenge questions for tenant domain %s.", str), e);
        }
    }

    public void deleteChallengeQuestionsOfTenant(ChallengeQuestion[] challengeQuestionArr, String str) throws IdentityRecoveryException {
        checkCrossTenantAccess(str);
        try {
            this.questionManager.deleteChallengeQuestions(challengeQuestionArr, str);
        } catch (IdentityRecoveryException e) {
            log.error(String.format("Error deleting challenge questions in tenant domain %s.", str), e);
            throw new IdentityRecoveryException(String.format("Error deleting challenge questions in tenant domain %s.", str), e);
        }
    }

    public void setUserChallengeAnswers(User user, UserChallengeAnswer[] userChallengeAnswerArr) throws IdentityRecoveryException {
        if (user == null) {
            log.error("User object provided is null.");
            throw new IdentityRecoveryClientException("User object provided is null.");
        }
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(user.getUserName());
        if (ArrayUtils.isEmpty(userChallengeAnswerArr)) {
            String str = "No challenge question answers provided by the user " + tenantAwareUsername;
            log.error(str);
            throw new IdentityRecoveryClientException(str);
        }
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        if (tenantAwareUsername == null || tenantAwareUsername.equals(username)) {
            if (tenantAwareUsername == null) {
                tenantAwareUsername = username;
            }
        } else if (!isUserAuthorized(tenantAwareUsername, tenantDomain)) {
            throw new IdentityRecoveryClientException("Unauthorized access!! Possible elevation of privilege attack. User " + username + " trying to change challenge questions for user " + tenantAwareUsername);
        }
        try {
            this.questionManager.setChallengesOfUser(user, userChallengeAnswerArr);
        } catch (IdentityException e) {
            String str2 = "Error while persisting user challenges for user : " + tenantAwareUsername;
            log.error(str2, e);
            throw new IdentityRecoveryException(str2, e);
        }
    }

    public UserChallengeAnswer[] getUserChallengeAnswers(User user) throws IdentityRecoveryException {
        if (user == null) {
            log.error("User object provided is null.");
            throw new IdentityRecoveryClientException("User object provided is null.");
        }
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(user.getUserName());
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        if (tenantAwareUsername == null || tenantAwareUsername.equals(username)) {
            if (tenantAwareUsername == null) {
                tenantAwareUsername = username;
            }
        } else if (!isUserAuthorized(tenantAwareUsername, tenantDomain)) {
            throw new IdentityRecoveryClientException("Unauthorized access!! Possible violation of confidentiality. User " + username + " trying to get challenge questions for user " + tenantAwareUsername);
        }
        try {
            return this.questionManager.getChallengeAnswersOfUser(user);
        } catch (IdentityRecoveryException e) {
            String str = "Error retrieving user challenge answers for " + tenantAwareUsername;
            log.error(str, e);
            throw new IdentityRecoveryException(str, e);
        }
    }

    private String getLocaleOfUser(User user, String str) throws IdentityRecoveryException {
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(user.getUserName());
        String str2 = IdentityRecoveryConstants.LOCALE_EN_US;
        try {
            String claimFromUserStoreManager = Utils.getClaimFromUserStoreManager(user, IdentityRecoveryConstants.Questions.LOCALE_CLAIM);
            if (StringUtils.isNotBlank(claimFromUserStoreManager)) {
                str2 = claimFromUserStoreManager;
            }
            return str2;
        } catch (UserStoreException e) {
            String format = String.format("Error when retrieving the locale claim of user '%s' of '%s' domain.", tenantAwareUsername, str);
            log.error(format);
            throw new IdentityRecoveryServerException(format, e);
        }
    }

    private boolean isUserAuthorized(String str, String str2) throws IdentityRecoveryException {
        try {
            return IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(str2)).getAuthorizationManager().isUserAuthorized(str, "/permission/admin/configure/security", IdentityRecoveryConstants.EXECUTE_ACTION);
        } catch (UserStoreException e) {
            throw new IdentityRecoveryServerException("Error occurred while checking access level for user " + str + " in tenant " + str2, e);
        }
    }

    private void checkCrossTenantAccess(String str) throws IdentityRecoveryClientException {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        if (!StringUtils.equals(tenantDomain, str)) {
            throw new IdentityRecoveryClientException(String.format("Unauthorized Access. User %s@%s trying to retrieve challenge questions of %s tenant", username, tenantDomain, str));
        }
    }
}
