package org.wso2.carbon.identity.recovery.password;

import java.util.HashMap;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.mgt.policy.PolicyViolationException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryClientException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
import org.wso2.carbon.identity.recovery.IdentityRecoveryException;
import org.wso2.carbon.identity.recovery.RecoveryScenarios;
import org.wso2.carbon.identity.recovery.RecoverySteps;
import org.wso2.carbon.identity.recovery.bean.NotificationResponseBean;
import org.wso2.carbon.identity.recovery.internal.IdentityRecoveryServiceDataHolder;
import org.wso2.carbon.identity.recovery.model.Property;
import org.wso2.carbon.identity.recovery.model.UserRecoveryData;
import org.wso2.carbon.identity.recovery.store.JDBCRecoveryDataStore;
import org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore;
import org.wso2.carbon.identity.recovery.util.Utils;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;

/* loaded from: input_file:org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.class */
public class NotificationPasswordRecoveryManager {
    private static final Log log = LogFactory.getLog(NotificationPasswordRecoveryManager.class);
    private static NotificationPasswordRecoveryManager instance = new NotificationPasswordRecoveryManager();

    private NotificationPasswordRecoveryManager() {
    }

    public static NotificationPasswordRecoveryManager getInstance() {
        return instance;
    }

    public NotificationResponseBean sendRecoveryNotification(User user, String str, Boolean bool, Property[] propertyArr) throws IdentityRecoveryException {
        if (StringUtils.isBlank(user.getTenantDomain())) {
            user.setTenantDomain("carbon.super");
            log.info("SendRecoveryNotification :Tenant domain is not in the request. set to default for user : " + user.getUserName());
        }
        if (StringUtils.isBlank(user.getUserStoreDomain())) {
            user.setUserStoreDomain(IdentityUtil.getPrimaryDomainName());
            log.info("SendRecoveryNotification :User store domain is not in the request. set to default for user : " + user.getUserName());
        }
        if (!Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_BASED_PW_RECOVERY, user.getTenantDomain()))) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NOTIFICATION_BASED_PASSWORD_RECOVERY_NOT_ENABLE, null);
        }
        boolean parseBoolean = bool == null ? Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain())) : bool.booleanValue();
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        try {
            if (!IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(user.getTenantDomain())).getUserStoreManager().isExistingUser(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()))) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_USER, user.getUserName());
            }
            if (Utils.isAccountDisabled(user)) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_DISABLED_ACCOUNT, user.getUserName());
            }
            if (Utils.isAccountLocked(user)) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_LOCKED_ACCOUNT, user.getUserName());
            }
            jDBCRecoveryDataStore.invalidate(user);
            String generateUUID = UUIDGenerator.generateUUID();
            jDBCRecoveryDataStore.store(new UserRecoveryData(user, generateUUID, RecoveryScenarios.NOTIFICATION_BASED_PW_RECOVERY, RecoverySteps.UPDATE_PASSWORD));
            NotificationResponseBean notificationResponseBean = new NotificationResponseBean(user);
            if (parseBoolean) {
                triggerNotification(user, IdentityRecoveryConstants.NOTIFICATION_TYPE_PASSWORD_RESET, generateUUID, propertyArr);
            } else {
                notificationResponseBean.setKey(generateUUID);
            }
            return notificationResponseBean;
        } catch (UserStoreException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED, null, e);
        }
    }

    public void updatePassword(String str, String str2, Property[] propertyArr) throws IdentityRecoveryException {
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        UserRecoveryData load = jDBCRecoveryDataStore.load(str);
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String tenantDomain2 = load.getUser().getTenantDomain();
        if (!StringUtils.equals(tenantDomain, tenantDomain2)) {
            throw new IdentityRecoveryClientException("invalid tenant domain: " + tenantDomain2);
        }
        if (!RecoverySteps.UPDATE_PASSWORD.equals(load.getRecoveryStep())) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE, null);
        }
        int tenantId = IdentityTenantUtil.getTenantId(load.getUser().getTenantDomain());
        String addDomainToName = IdentityUtil.addDomainToName(load.getUser().getUserName(), load.getUser().getUserStoreDomain());
        try {
            UserStoreManager userStoreManager = IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
            userStoreManager.updateCredentialByAdmin(addDomainToName, str2);
            if (RecoveryScenarios.ADMIN_FORCED_PASSWORD_RESET_VIA_EMAIL_LINK.equals(load.getRecoveryScenario()) || RecoveryScenarios.ADMIN_FORCED_PASSWORD_RESET_VIA_OTP.equals(load.getRecoveryScenario())) {
                HashMap hashMap = new HashMap();
                hashMap.put("http://wso2.org/claims/identity/accountLocked", Boolean.FALSE.toString());
                userStoreManager.setUserClaimValues(addDomainToName, hashMap, (String) null);
            }
            jDBCRecoveryDataStore.invalidate(str);
            boolean parseBoolean = Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_INTERNALLY_MANAGE, load.getUser().getTenantDomain()));
            boolean parseBoolean2 = Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_SEND_RECOVERY_NOTIFICATION_SUCCESS, load.getUser().getTenantDomain()));
            if (parseBoolean && parseBoolean2) {
                try {
                    triggerNotification(load.getUser(), IdentityRecoveryConstants.NOTIFICATION_TYPE_PASSWORD_RESET_SUCCESS, null, propertyArr);
                } catch (Exception e) {
                    log.warn("Error while sending password reset success notification to user :" + load.getUser().getUserName());
                }
            }
            if (log.isDebugEnabled()) {
                log.debug("Password is updated for  user: " + addDomainToName);
            }
        } catch (UserStoreException e2) {
            checkPasswordValidity(e2);
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED, null, e2);
        }
    }

    public void validateConfirmationCode(String str, String str2) throws IdentityRecoveryException {
        UserRecoveryData load = JDBCRecoveryDataStore.getInstance().load(str);
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String tenantDomain2 = load.getUser().getTenantDomain();
        if (!StringUtils.equals(tenantDomain, tenantDomain2)) {
            throw new IdentityRecoveryClientException("invalid tenant domain: " + tenantDomain2);
        }
        if (!str2.equals(load.getRecoveryStep().name())) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE, null);
        }
        String addDomainToName = IdentityUtil.addDomainToName(load.getUser().getUserName(), load.getUser().getUserStoreDomain());
        if (log.isDebugEnabled()) {
            log.debug("Valid confirmation code for user: " + addDomainToName);
        }
    }

    private void checkPasswordValidity(UserStoreException userStoreException) throws IdentityRecoveryClientException {
        IdentityEventException cause = userStoreException.getCause();
        while (true) {
            IdentityEventException identityEventException = cause;
            if (identityEventException == null) {
                return;
            }
            if ((identityEventException instanceof IdentityEventException) && StringUtils.equals(identityEventException.getErrorCode(), "22001")) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_HISTORY_VIOLATE, null, userStoreException);
            }
            if (identityEventException instanceof PolicyViolationException) {
                throw ((IdentityRecoveryClientException) IdentityException.error(IdentityRecoveryClientException.class, IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_POLICY_VIOLATION.getCode(), identityEventException.getMessage(), userStoreException));
            }
            cause = identityEventException.getCause();
        }
    }

    private void triggerNotification(User user, String str, String str2, Property[] propertyArr) throws IdentityRecoveryException {
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", user.getUserName());
        hashMap.put("tenant-domain", user.getTenantDomain());
        hashMap.put("userstore-domain", user.getUserStoreDomain());
        if (StringUtils.isNotBlank(str2)) {
            hashMap.put(IdentityRecoveryConstants.CONFIRMATION_CODE, str2);
        }
        if (propertyArr != null) {
            for (Property property : propertyArr) {
                if (StringUtils.isNotBlank(property.getValue()) && StringUtils.isNotBlank(property.getKey())) {
                    hashMap.put(property.getKey(), property.getValue());
                }
            }
        }
        hashMap.put(IdentityRecoveryConstants.TEMPLATE_TYPE, str);
        try {
            IdentityRecoveryServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event("TRIGGER_NOTIFICATION", hashMap));
        } catch (IdentityEventException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_TRIGGER_NOTIFICATION, user.getUserName(), e);
        }
    }
}
