package org.wso2.carbon.identity.recovery.password;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Random;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.recovery.ChallengeQuestionManager;
import org.wso2.carbon.identity.recovery.IdentityRecoveryClientException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
import org.wso2.carbon.identity.recovery.IdentityRecoveryException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryServerException;
import org.wso2.carbon.identity.recovery.RecoveryScenarios;
import org.wso2.carbon.identity.recovery.RecoverySteps;
import org.wso2.carbon.identity.recovery.bean.ChallengeQuestionResponse;
import org.wso2.carbon.identity.recovery.bean.ChallengeQuestionsResponse;
import org.wso2.carbon.identity.recovery.internal.IdentityRecoveryServiceDataHolder;
import org.wso2.carbon.identity.recovery.model.ChallengeQuestion;
import org.wso2.carbon.identity.recovery.model.Property;
import org.wso2.carbon.identity.recovery.model.UserChallengeAnswer;
import org.wso2.carbon.identity.recovery.model.UserRecoveryData;
import org.wso2.carbon.identity.recovery.store.JDBCRecoveryDataStore;
import org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore;
import org.wso2.carbon.identity.recovery.util.Utils;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;

/* loaded from: input_file:org/wso2/carbon/identity/recovery/password/SecurityQuestionPasswordRecoveryManager.class */
public class SecurityQuestionPasswordRecoveryManager {
    private static final String PROPERTY_ACCOUNT_LOCK_ON_FAILURE = "account.lock.handler.enable";
    private static final String PROPERTY_ACCOUNT_LOCK_ON_FAILURE_MAX = "account.lock.handler.On.Failure.Max.Attempts";
    private static final Log log = LogFactory.getLog(SecurityQuestionPasswordRecoveryManager.class);
    private static SecurityQuestionPasswordRecoveryManager instance = new SecurityQuestionPasswordRecoveryManager();

    private SecurityQuestionPasswordRecoveryManager() {
    }

    public static SecurityQuestionPasswordRecoveryManager getInstance() {
        return instance;
    }

    public ChallengeQuestionResponse initiateUserChallengeQuestion(User user) throws IdentityRecoveryException {
        if (StringUtils.isBlank(user.getTenantDomain())) {
            user.setTenantDomain("carbon.super");
            log.info("initiateUserChallengeQuestion :Tenant domain is not in the request. set to default for user : " + user.getUserName());
        }
        if (StringUtils.isBlank(user.getUserStoreDomain())) {
            user.setUserStoreDomain(IdentityUtil.getPrimaryDomainName());
            log.info("initiateUserChallengeQuestion :User store domain is not in the request. set to default for user : " + user.getUserName());
        }
        boolean parseBoolean = Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain()));
        if (!Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.QUESTION_BASED_PW_RECOVERY, user.getTenantDomain()))) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_QUESTION_BASED_RECOVERY_NOT_ENABLE, null);
        }
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        jDBCRecoveryDataStore.invalidate(user);
        String property = IdentityUtil.getProperty(IdentityRecoveryConstants.ConnectorConfig.QUESTION_CHALLENGE_SEPARATOR);
        if (StringUtils.isEmpty(property)) {
            property = "!";
        }
        verifyUserExists(user);
        if (Utils.isAccountDisabled(user)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_DISABLED_ACCOUNT, user.getUserName());
        }
        if (Utils.isAccountLocked(user)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_LOCKED_ACCOUNT, user.getUserName());
        }
        boolean parseBoolean2 = Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_SEND_RECOVERY_SECURITY_START, user.getTenantDomain()));
        if (parseBoolean && parseBoolean2) {
            try {
                triggerNotification(user, IdentityRecoveryConstants.NOTIFICATION_TYPE_PASSWORD_RESET_INITIATE, null);
            } catch (Exception e) {
                log.warn("Error while sending password reset initiating notification to user :" + user.getUserName());
            }
        }
        int parseInt = Integer.parseInt(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.QUESTION_MIN_NO_ANSWER, user.getTenantDomain()));
        ChallengeQuestionManager challengeQuestionManager = ChallengeQuestionManager.getInstance();
        String[] userChallengeQuestionIds = challengeQuestionManager.getUserChallengeQuestionIds(user);
        if (userChallengeQuestionIds == null || userChallengeQuestionIds.length == 0) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CHALLENGE_QUESTION_NOT_FOUND, user.getUserName());
        }
        if (userChallengeQuestionIds.length > parseInt) {
            userChallengeQuestionIds = getRandomQuestionIds(userChallengeQuestionIds, parseInt);
        }
        String str = null;
        int i = 1;
        while (i < userChallengeQuestionIds.length) {
            str = i == 1 ? userChallengeQuestionIds[1] : str + property + userChallengeQuestionIds[i];
            i++;
        }
        ChallengeQuestionResponse challengeQuestionResponse = new ChallengeQuestionResponse(challengeQuestionManager.getUserChallengeQuestion(user, userChallengeQuestionIds[0]));
        String generateUUID = UUIDGenerator.generateUUID();
        UserRecoveryData userRecoveryData = new UserRecoveryData(user, generateUUID, RecoveryScenarios.QUESTION_BASED_PWD_RECOVERY, RecoverySteps.VALIDATE_CHALLENGE_QUESTION);
        userRecoveryData.setRemainingSetIds(str);
        challengeQuestionResponse.setCode(generateUUID);
        if (userChallengeQuestionIds.length > 1) {
            challengeQuestionResponse.setStatus(IdentityRecoveryConstants.RECOVERY_STATUS_INCOMPLETE);
        }
        jDBCRecoveryDataStore.store(userRecoveryData);
        return challengeQuestionResponse;
    }

    public ChallengeQuestionsResponse initiateUserChallengeQuestionAtOnce(User user) throws IdentityRecoveryException {
        String property = IdentityUtil.getProperty(IdentityRecoveryConstants.ConnectorConfig.QUESTION_CHALLENGE_SEPARATOR);
        if (StringUtils.isEmpty(property)) {
            property = "!";
        }
        if (StringUtils.isBlank(user.getTenantDomain())) {
            user.setTenantDomain("carbon.super");
            log.info("initiateUserChallengeQuestionAtOnce :Tenant domain is not in the request. set to default for user : " + user.getUserName());
        }
        if (StringUtils.isBlank(user.getUserStoreDomain())) {
            user.setUserStoreDomain(IdentityUtil.getPrimaryDomainName());
            log.info("initiateUserChallengeQuestionAtOnce :User store domain is not in the request. set to default for user : " + user.getUserName());
        }
        if (!Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.QUESTION_BASED_PW_RECOVERY, user.getTenantDomain()))) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_QUESTION_BASED_RECOVERY_NOT_ENABLE, null);
        }
        boolean parseBoolean = Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain()));
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        jDBCRecoveryDataStore.invalidate(user);
        verifyUserExists(user);
        if (Utils.isAccountDisabled(user)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_DISABLED_ACCOUNT, null);
        }
        if (Utils.isAccountLocked(user)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_LOCKED_ACCOUNT, null);
        }
        boolean parseBoolean2 = Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_SEND_RECOVERY_SECURITY_START, user.getTenantDomain()));
        if (parseBoolean && parseBoolean2) {
            try {
                triggerNotification(user, IdentityRecoveryConstants.NOTIFICATION_TYPE_PASSWORD_RESET_INITIATE, null);
            } catch (Exception e) {
                log.warn("Error while sending password reset initiating notification to user :" + user.getUserName());
            }
        }
        int parseInt = Integer.parseInt(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.QUESTION_MIN_NO_ANSWER, user.getTenantDomain()));
        ChallengeQuestionManager challengeQuestionManager = ChallengeQuestionManager.getInstance();
        String[] userChallengeQuestionIds = challengeQuestionManager.getUserChallengeQuestionIds(user);
        if (userChallengeQuestionIds == null || userChallengeQuestionIds.length == 0) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CHALLENGE_QUESTION_NOT_FOUND, user.getUserName());
        }
        if (userChallengeQuestionIds.length > parseInt) {
            userChallengeQuestionIds = getRandomQuestionIds(userChallengeQuestionIds, parseInt);
        }
        ChallengeQuestion[] challengeQuestionArr = new ChallengeQuestion[userChallengeQuestionIds.length];
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < userChallengeQuestionIds.length; i++) {
            challengeQuestionArr[i] = challengeQuestionManager.getUserChallengeQuestion(user, userChallengeQuestionIds[i]);
            if (i == 0) {
                sb.append(userChallengeQuestionIds[0]);
            } else {
                sb.append(property).append(userChallengeQuestionIds[i]);
            }
        }
        ChallengeQuestionsResponse challengeQuestionsResponse = new ChallengeQuestionsResponse(challengeQuestionArr);
        String generateUUID = UUIDGenerator.generateUUID();
        UserRecoveryData userRecoveryData = new UserRecoveryData(user, generateUUID, RecoveryScenarios.QUESTION_BASED_PWD_RECOVERY, RecoverySteps.VALIDATE_ALL_CHALLENGE_QUESTION);
        userRecoveryData.setRemainingSetIds(sb.toString());
        challengeQuestionsResponse.setCode(generateUUID);
        jDBCRecoveryDataStore.store(userRecoveryData);
        return challengeQuestionsResponse;
    }

    public ChallengeQuestionResponse validateUserChallengeQuestions(UserChallengeAnswer[] userChallengeAnswerArr, String str, Property[] propertyArr) throws IdentityRecoveryException {
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        UserRecoveryData load = jDBCRecoveryDataStore.load(str);
        try {
            if (!Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.QUESTION_BASED_PW_RECOVERY, load.getUser().getTenantDomain()))) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_QUESTION_BASED_RECOVERY_NOT_ENABLE, null);
            }
            if (userChallengeAnswerArr == null) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CHALLENGE_QUESTION_NOT_FOUND, "Challenge answers cannot be found for user: " + load.getUser());
            }
            String property = IdentityUtil.getProperty(IdentityRecoveryConstants.ConnectorConfig.QUESTION_CHALLENGE_SEPARATOR);
            if (StringUtils.isEmpty(property)) {
                property = "!";
            }
            if (!RecoverySteps.VALIDATE_CHALLENGE_QUESTION.equals(load.getRecoveryStep())) {
                if (!RecoverySteps.VALIDATE_ALL_CHALLENGE_QUESTION.equals(load.getRecoveryStep())) {
                    throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE, null);
                }
                String remainingSetIds = load.getRemainingSetIds();
                if (!StringUtils.isNotBlank(remainingSetIds)) {
                    throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CHALLENGE_QUESTION_NOT_FOUND, "Could not find requested challenge questions for user: " + load.getUser());
                }
                String[] split = remainingSetIds.split(property);
                if (split.length != userChallengeAnswerArr.length) {
                    throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NEED_TO_ANSWER_TO_REQUESTED_QUESTIONS, null);
                }
                validateQuestion(split, userChallengeAnswerArr);
                ChallengeQuestionManager challengeQuestionManager = ChallengeQuestionManager.getInstance();
                for (UserChallengeAnswer userChallengeAnswer : userChallengeAnswerArr) {
                    if (!challengeQuestionManager.verifyUserChallengeAnswer(load.getUser(), userChallengeAnswer)) {
                        throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_ANSWER_FOR_SECURITY_QUESTION, null);
                    }
                }
                resetRecoveryPasswordFailedAttempts(load.getUser());
                jDBCRecoveryDataStore.invalidate(str);
                ChallengeQuestionResponse challengeQuestionResponse = new ChallengeQuestionResponse();
                String generateUUID = UUIDGenerator.generateUUID();
                challengeQuestionResponse.setCode(generateUUID);
                challengeQuestionResponse.setStatus(IdentityRecoveryConstants.RECOVERY_STATUS_COMPLETE);
                UserRecoveryData userRecoveryData = new UserRecoveryData(load.getUser(), generateUUID, RecoveryScenarios.QUESTION_BASED_PWD_RECOVERY);
                userRecoveryData.setRecoveryStep(RecoverySteps.UPDATE_PASSWORD);
                jDBCRecoveryDataStore.store(userRecoveryData);
                return challengeQuestionResponse;
            }
            if (userChallengeAnswerArr.length > 1) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_MULTIPLE_QUESTION_NOT_ALLOWED, null);
            }
            ChallengeQuestionManager challengeQuestionManager2 = ChallengeQuestionManager.getInstance();
            if (!challengeQuestionManager2.verifyUserChallengeAnswer(load.getUser(), userChallengeAnswerArr[0])) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_ANSWER_FOR_SECURITY_QUESTION, null);
            }
            jDBCRecoveryDataStore.invalidate(str);
            String remainingSetIds2 = load.getRemainingSetIds();
            ChallengeQuestionResponse challengeQuestionResponse2 = new ChallengeQuestionResponse();
            String generateUUID2 = UUIDGenerator.generateUUID();
            challengeQuestionResponse2.setCode(generateUUID2);
            UserRecoveryData userRecoveryData2 = new UserRecoveryData(load.getUser(), generateUUID2, RecoveryScenarios.QUESTION_BASED_PWD_RECOVERY);
            if (StringUtils.isNotBlank(remainingSetIds2)) {
                String[] split2 = remainingSetIds2.split(property);
                challengeQuestionResponse2.setQuestion(challengeQuestionManager2.getUserChallengeQuestion(load.getUser(), split2[0]));
                userRecoveryData2.setRecoveryStep(RecoverySteps.VALIDATE_CHALLENGE_QUESTION);
                challengeQuestionResponse2.setStatus(IdentityRecoveryConstants.RECOVERY_STATUS_INCOMPLETE);
                if (split2.length > 1) {
                    int i = 1;
                    while (i < split2.length) {
                        remainingSetIds2 = i == 1 ? split2[1] : remainingSetIds2 + property + split2[i];
                        i++;
                    }
                    userRecoveryData2.setRemainingSetIds(remainingSetIds2);
                }
            } else {
                userRecoveryData2.setRecoveryStep(RecoverySteps.UPDATE_PASSWORD);
                challengeQuestionResponse2.setStatus(IdentityRecoveryConstants.RECOVERY_STATUS_COMPLETE);
            }
            jDBCRecoveryDataStore.store(userRecoveryData2);
            resetRecoveryPasswordFailedAttempts(load.getUser());
            return challengeQuestionResponse2;
        } catch (IdentityRecoveryClientException e) {
            handleAnswerVerificationFail(load.getUser());
            throw e;
        }
    }

    private void validateQuestion(String[] strArr, UserChallengeAnswer[] userChallengeAnswerArr) throws IdentityRecoveryException {
        ArrayList arrayList = new ArrayList();
        for (UserChallengeAnswer userChallengeAnswer : userChallengeAnswerArr) {
            arrayList.add(userChallengeAnswer.getQuestion().getQuestionSetId().toLowerCase());
        }
        for (String str : strArr) {
            if (!arrayList.contains(str.toLowerCase())) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NEED_TO_ANSWER_TO_REQUESTED_QUESTIONS, null);
            }
        }
    }

    private static String[] getRandomQuestionIds(String[] strArr, int i) {
        ArrayList arrayList = new ArrayList(Arrays.asList(strArr));
        ArrayList arrayList2 = new ArrayList();
        for (int i2 = 0; i2 < i; i2++) {
            int nextInt = new Random().nextInt(arrayList.size());
            arrayList2.add(i2, arrayList.get(nextInt));
            arrayList.remove(nextInt);
        }
        return (String[]) arrayList2.toArray(new String[arrayList2.size()]);
    }

    private void triggerNotification(User user, String str, String str2) throws IdentityRecoveryException {
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", user.getUserName());
        hashMap.put("tenant-domain", user.getTenantDomain());
        hashMap.put("userstore-domain", user.getUserStoreDomain());
        if (StringUtils.isNotBlank(str2)) {
            hashMap.put(IdentityRecoveryConstants.CONFIRMATION_CODE, str2);
        }
        hashMap.put(IdentityRecoveryConstants.TEMPLATE_TYPE, str);
        try {
            IdentityRecoveryServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event("TRIGGER_NOTIFICATION", hashMap));
        } catch (IdentityEventException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_TRIGGER_NOTIFICATION, user.getUserName(), e);
        }
    }

    private org.wso2.carbon.identity.application.common.model.Property[] getConnectorConfigs(String str) throws IdentityRecoveryException {
        try {
            return IdentityRecoveryServiceDataHolder.getInstance().getIdentityGovernanceService().getConfiguration(new String[]{PROPERTY_ACCOUNT_LOCK_ON_FAILURE, PROPERTY_ACCOUNT_LOCK_ON_FAILURE_MAX}, str);
        } catch (Exception e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_LOAD_GOV_CONFIGS, null, e);
        }
    }

    private void resetRecoveryPasswordFailedAttempts(User user) throws IdentityRecoveryException {
        for (org.wso2.carbon.identity.application.common.model.Property property : getConnectorConfigs(user.getTenantDomain())) {
            if (PROPERTY_ACCOUNT_LOCK_ON_FAILURE.equals(property.getName()) && !Boolean.parseBoolean(property.getValue())) {
                return;
            }
        }
        try {
            try {
                UserStoreManager userStoreManager = IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(user.getTenantDomain())).getUserStoreManager();
                HashMap hashMap = new HashMap();
                hashMap.put(IdentityRecoveryConstants.PASSWORD_RESET_FAIL_ATTEMPTS_CLAIM, "0");
                try {
                    userStoreManager.setUserClaimValues(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), hashMap, "default");
                } catch (UserStoreException e) {
                    throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_UPDATE_USER_CLAIMS, null, e);
                }
            } catch (org.wso2.carbon.user.api.UserStoreException e2) {
                throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_LOAD_USER_STORE_MANAGER, null, e2);
            }
        } catch (org.wso2.carbon.user.api.UserStoreException e3) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_LOAD_REALM_SERVICE, user.getTenantDomain(), e3);
        }
    }

    private void handleAnswerVerificationFail(User user) throws IdentityRecoveryException {
        int i = 0;
        for (org.wso2.carbon.identity.application.common.model.Property property : getConnectorConfigs(user.getTenantDomain())) {
            if (PROPERTY_ACCOUNT_LOCK_ON_FAILURE.equals(property.getName()) && !Boolean.parseBoolean(property.getValue())) {
                return;
            }
            if (PROPERTY_ACCOUNT_LOCK_ON_FAILURE_MAX.equals(property.getName()) && NumberUtils.isNumber(property.getValue())) {
                i = Integer.parseInt(property.getValue());
            }
        }
        try {
            try {
                UserStoreManager userStoreManager = IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(user.getTenantDomain())).getUserStoreManager();
                if (Utils.isAccountLocked(user)) {
                    return;
                }
                try {
                    Map userClaimValues = userStoreManager.getUserClaimValues(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), new String[]{IdentityRecoveryConstants.PASSWORD_RESET_FAIL_ATTEMPTS_CLAIM}, "default");
                    int parseInt = NumberUtils.isNumber((String) userClaimValues.get(IdentityRecoveryConstants.PASSWORD_RESET_FAIL_ATTEMPTS_CLAIM)) ? Integer.parseInt((String) userClaimValues.get(IdentityRecoveryConstants.PASSWORD_RESET_FAIL_ATTEMPTS_CLAIM)) : 0;
                    HashMap hashMap = new HashMap();
                    if (parseInt + 1 < i) {
                        hashMap.put(IdentityRecoveryConstants.PASSWORD_RESET_FAIL_ATTEMPTS_CLAIM, String.valueOf(parseInt + 1));
                        try {
                            userStoreManager.setUserClaimValues(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), hashMap, "default");
                            return;
                        } catch (UserStoreException e) {
                            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_UPDATE_USER_CLAIMS, null, e);
                        }
                    }
                    hashMap.put("http://wso2.org/claims/identity/accountLocked", Boolean.TRUE.toString());
                    hashMap.put(IdentityRecoveryConstants.PASSWORD_RESET_FAIL_ATTEMPTS_CLAIM, "0");
                    hashMap.put(IdentityRecoveryConstants.ACCOUNT_UNLOCK_TIME_CLAIM, "0");
                    try {
                        userStoreManager.setUserClaimValues(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), hashMap, "default");
                        throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_LOCKED_ACCOUNT, IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()));
                    } catch (UserStoreException e2) {
                        throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_UPDATE_USER_CLAIMS, null, e2);
                    }
                } catch (UserStoreException e3) {
                    throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_LOAD_USER_CLAIMS, null, e3);
                }
            } catch (org.wso2.carbon.user.api.UserStoreException e4) {
                throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_LOAD_USER_STORE_MANAGER, null, e4);
            }
        } catch (org.wso2.carbon.user.api.UserStoreException e5) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_LOAD_REALM_SERVICE, user.getTenantDomain(), e5);
        }
    }

    private void verifyUserExists(User user) throws IdentityRecoveryClientException, IdentityRecoveryServerException {
        try {
            org.wso2.carbon.user.api.UserStoreManager userStoreManager = IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(user.getTenantDomain())).getUserStoreManager();
            String addDomainToName = IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain());
            if (userStoreManager.isExistingUser(addDomainToName)) {
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug("No user found for recovery with username: " + user.toFullQualifiedUsername());
            }
            if (!Boolean.parseBoolean(IdentityUtil.getProperty(IdentityRecoveryConstants.ConnectorConfig.NOTIFY_USER_EXISTENCE))) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CHALLENGE_QUESTION_NOT_FOUND, user.getUserName());
            }
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_USER, addDomainToName);
        } catch (org.wso2.carbon.user.api.UserStoreException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED, null);
        }
    }
}
