package org.wso2.carbon.identity.recovery.handler;

import java.util.Map;
import java.util.Random;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.bean.context.MessageContext;
import org.wso2.carbon.identity.core.model.IdentityErrorMsgContext;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
import org.wso2.carbon.identity.recovery.IdentityRecoveryException;
import org.wso2.carbon.identity.recovery.RecoveryScenarios;
import org.wso2.carbon.identity.recovery.RecoverySteps;
import org.wso2.carbon.identity.recovery.model.UserRecoveryData;
import org.wso2.carbon.identity.recovery.util.Utils;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;
import org.wso2.carbon.user.core.UserStoreManager;

/* loaded from: input_file:org/wso2/carbon/identity/recovery/handler/AdminForcedPasswordResetHandler.class */
public class AdminForcedPasswordResetHandler extends UserEmailVerificationHandler {
    private static final Log log = LogFactory.getLog(AdminForcedPasswordResetHandler.class);

    @Override // org.wso2.carbon.identity.recovery.handler.UserEmailVerificationHandler
    public void handleEvent(Event event) throws IdentityEventException {
        String eventName = event.getEventName();
        if (log.isDebugEnabled()) {
            log.debug("Handling event : " + eventName);
        }
        Map eventProperties = event.getEventProperties();
        UserStoreManager userStoreManager = (UserStoreManager) eventProperties.get("userStoreManager");
        User user = getUser(eventProperties, userStoreManager);
        if ("PRE_SET_USER_CLAIMS".equals(eventName)) {
            handleClaimUpdate(eventProperties, userStoreManager, user);
        }
        if ("PRE_AUTHENTICATION".equals(eventName)) {
            handleAuthenticate(eventProperties, user);
        }
    }

    protected void handleClaimUpdate(Map<String, Object> map, UserStoreManager userStoreManager, User user) throws IdentityEventException {
        if (log.isDebugEnabled()) {
            log.debug("PreAuthenticate - AdminForcedPasswordResetHandler for : " + user.toString());
        }
        Map map2 = (Map) map.get("USER_CLAIMS");
        boolean parseBoolean = Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.ENABLE_ADMIN_PASSWORD_RESET_OFFLINE, user.getTenantDomain()));
        boolean parseBoolean2 = Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.ENABLE_ADMIN_PASSWORD_RESET_WITH_OTP, user.getTenantDomain()));
        boolean parseBoolean3 = Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.ENABLE_ADMIN_PASSWORD_RESET_WITH_RECOVERY_LINK, user.getTenantDomain()));
        if ((!(parseBoolean | parseBoolean2) && !parseBoolean3) || !Boolean.valueOf((String) map2.get(IdentityRecoveryConstants.ADMIN_FORCED_PASSWORD_RESET_CLAIM)).booleanValue()) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("http://wso2.org/claims/identity/adminForcedPasswordReset update request.");
        }
        map2.remove(IdentityRecoveryConstants.ADMIN_FORCED_PASSWORD_RESET_CLAIM);
        String generateOTPValue = generateOTPValue();
        RecoveryScenarios recoveryScenarios = RecoveryScenarios.ADMIN_FORCED_PASSWORD_RESET_VIA_OTP;
        if (parseBoolean) {
            setUserClaim(IdentityRecoveryConstants.OTP_PASSWORD_CLAIM, generateOTPValue, userStoreManager, user);
        }
        String str = parseBoolean2 ? IdentityRecoveryConstants.NOTIFICATION_TYPE_ADMIN_FORCED_PASSWORD_RESET_WITH_OTP.toString() : "";
        if (parseBoolean3) {
            generateOTPValue = UUIDGenerator.generateUUID();
            recoveryScenarios = RecoveryScenarios.ADMIN_FORCED_PASSWORD_RESET_VIA_EMAIL_LINK;
            str = IdentityRecoveryConstants.NOTIFICATION_TYPE_ADMIN_FORCED_PASSWORD_RESET.toString();
        }
        if (map2.containsKey("http://wso2.org/claims/identity/accountLocked")) {
            map2.remove("http://wso2.org/claims/identity/accountLocked");
        }
        setRecoveryData(user, recoveryScenarios, RecoverySteps.UPDATE_PASSWORD, generateOTPValue);
        lockAccount(user, userStoreManager);
        if (parseBoolean2 || parseBoolean3) {
            try {
                triggerNotification(user, str, generateOTPValue, Utils.getArbitraryProperties());
            } catch (IdentityRecoveryException e) {
                throw new IdentityEventException("Error while sending  notification ", e);
            }
        }
    }

    protected void handleAuthenticate(Map<String, Object> map, User user) throws IdentityEventException {
        if (log.isDebugEnabled()) {
            log.debug("PreAuthenticate - AdminForcedPasswordResetHandler for user : " + user.toString());
        }
        UserRecoveryData recoveryData = getRecoveryData(user);
        if (recoveryData != null) {
            Enum recoveryScenario = recoveryData.getRecoveryScenario();
            if (log.isDebugEnabled()) {
                log.debug("Handling recovery scenario : " + recoveryScenario.toString() + " for user : " + user.toString());
            }
            String str = null;
            String str2 = "User : " + user.toString();
            boolean z = false;
            if (RecoveryScenarios.ADMIN_FORCED_PASSWORD_RESET_VIA_EMAIL_LINK.equals(recoveryScenario)) {
                str = "17006";
                str2 = str2 + " needs to reset the password using the given link in email";
                z = true;
            } else if (RecoveryScenarios.ADMIN_FORCED_PASSWORD_RESET_VIA_OTP.equals(recoveryScenario)) {
                z = true;
                if (recoveryData.getSecret().equals((String) map.get("CREDENTIAL"))) {
                    str = "17007";
                    str2 = str2 + " has given correct OTP";
                } else {
                    str = "17008";
                    str2 = str2 + " has given in-correct OTP";
                }
            }
            if (z) {
                if (log.isDebugEnabled()) {
                    log.debug(str2);
                }
                IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext(str));
                throw new IdentityEventException(str2);
            }
        }
    }

    @Override // org.wso2.carbon.identity.recovery.handler.UserEmailVerificationHandler
    public String getName() {
        return "adminForcedPasswordReset";
    }

    @Override // org.wso2.carbon.identity.recovery.handler.UserEmailVerificationHandler
    public String getFriendlyName() {
        return "Admin Forced Password Reset";
    }

    @Override // org.wso2.carbon.identity.recovery.handler.UserEmailVerificationHandler
    public int getPriority(MessageContext messageContext) {
        return 27;
    }

    private String generateOTPValue() {
        char[] charArray = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789".toCharArray();
        Random random = new Random();
        StringBuilder sb = new StringBuilder("");
        for (int i = 0; i < 6; i++) {
            sb.append(charArray[random.nextInt(charArray.length)]);
        }
        return sb.toString();
    }
}
