package org.wso2.carbon.identity.recovery.password;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Random;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.recovery.ChallengeQuestionManager;
import org.wso2.carbon.identity.recovery.IdentityRecoveryClientException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
import org.wso2.carbon.identity.recovery.IdentityRecoveryException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryServerException;
import org.wso2.carbon.identity.recovery.RecoveryScenarios;
import org.wso2.carbon.identity.recovery.RecoverySteps;
import org.wso2.carbon.identity.recovery.bean.ChallengeQuestionResponse;
import org.wso2.carbon.identity.recovery.bean.ChallengeQuestionsResponse;
import org.wso2.carbon.identity.recovery.handler.ConfigStoreFunctionalityLockPropertyHandler;
import org.wso2.carbon.identity.recovery.internal.IdentityRecoveryServiceDataHolder;
import org.wso2.carbon.identity.recovery.model.ChallengeQuestion;
import org.wso2.carbon.identity.recovery.model.Property;
import org.wso2.carbon.identity.recovery.model.UserChallengeAnswer;
import org.wso2.carbon.identity.recovery.model.UserRecoveryData;
import org.wso2.carbon.identity.recovery.store.JDBCRecoveryDataStore;
import org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore;
import org.wso2.carbon.identity.recovery.util.Utils;
import org.wso2.carbon.identity.user.functionality.mgt.UserFunctionalityManager;
import org.wso2.carbon.identity.user.functionality.mgt.exception.UserFunctionalityManagementException;
import org.wso2.carbon.identity.user.functionality.mgt.exception.UserFunctionalityManagementServerException;
import org.wso2.carbon.identity.user.functionality.mgt.model.FunctionalityLockStatus;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;

/* loaded from: input_file:org/wso2/carbon/identity/recovery/password/SecurityQuestionPasswordRecoveryManager.class */
public class SecurityQuestionPasswordRecoveryManager {
    private static final String PROPERTY_ACCOUNT_LOCK_ON_FAILURE = "account.lock.handler.enable";
    private static final String PROPERTY_ACCOUNT_LOCK_ON_FAILURE_MAX = "account.lock.handler.On.Failure.Max.Attempts";
    private static final String PROPERTY_ACCOUNT_LOCK_TIME = "account.lock.handler.Time";
    private static final String PROPERTY_LOGIN_FAIL_TIMEOUT_RATIO = "account.lock.handler.login.fail.timeout.ratio";
    private static final Log log = LogFactory.getLog(SecurityQuestionPasswordRecoveryManager.class);
    private static final boolean isPerUserFunctionalityLockingEnabled = Utils.isPerUserFunctionalityLockingEnabled();
    private static final boolean isDetailedErrorMessagesEnabled = Utils.isDetailedErrorResponseEnabled();
    private static SecurityQuestionPasswordRecoveryManager instance = new SecurityQuestionPasswordRecoveryManager();

    private SecurityQuestionPasswordRecoveryManager() {
    }

    public static SecurityQuestionPasswordRecoveryManager getInstance() {
        return instance;
    }

    public ChallengeQuestionResponse initiateUserChallengeQuestion(User user) throws IdentityRecoveryException {
        Utils.validateEmailUsername(user.getUserName());
        if (StringUtils.isBlank(user.getTenantDomain())) {
            user.setTenantDomain("carbon.super");
            log.info("initiateUserChallengeQuestion :Tenant domain is not in the request. set to default for user : " + user.getUserName());
        }
        if (StringUtils.isBlank(user.getUserStoreDomain())) {
            user.setUserStoreDomain(IdentityUtil.getPrimaryDomainName());
            log.info("initiateUserChallengeQuestion :User store domain is not in the request. set to default for user : " + user.getUserName());
        }
        boolean parseBoolean = Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain()));
        if (!Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.QUESTION_BASED_PW_RECOVERY, user.getTenantDomain()))) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_QUESTION_BASED_RECOVERY_NOT_ENABLE, null);
        }
        validateFunctionalityForUser(user);
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        jDBCRecoveryDataStore.invalidate(user);
        String property = IdentityUtil.getProperty(IdentityRecoveryConstants.ConnectorConfig.QUESTION_CHALLENGE_SEPARATOR);
        if (StringUtils.isEmpty(property)) {
            property = "!";
        }
        verifyUserExists(user);
        if (Utils.isAccountDisabled(user)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_DISABLED_ACCOUNT, user.getUserName());
        }
        if (Utils.isAccountLocked(user)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_LOCKED_ACCOUNT, user.getUserName());
        }
        boolean parseBoolean2 = Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_SEND_RECOVERY_SECURITY_START, user.getTenantDomain()));
        if (parseBoolean && parseBoolean2) {
            try {
                triggerNotification(user, IdentityRecoveryConstants.NOTIFICATION_TYPE_PASSWORD_RESET_INITIATE, null);
            } catch (Exception e) {
                log.warn("Error while sending password reset initiating notification to user :" + user.getUserName());
            }
        }
        int parseInt = Integer.parseInt(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.QUESTION_MIN_NO_ANSWER, user.getTenantDomain()));
        ChallengeQuestionManager challengeQuestionManager = ChallengeQuestionManager.getInstance();
        String[] userChallengeQuestionIds = challengeQuestionManager.getUserChallengeQuestionIds(user);
        if (userChallengeQuestionIds == null || userChallengeQuestionIds.length == 0) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CHALLENGE_QUESTION_NOT_FOUND, user.getUserName());
        }
        if (userChallengeQuestionIds.length > parseInt) {
            userChallengeQuestionIds = getRandomQuestionIds(userChallengeQuestionIds, parseInt);
        }
        String str = null;
        int i = 1;
        while (i < userChallengeQuestionIds.length) {
            str = i == 1 ? userChallengeQuestionIds[1] : str + property + userChallengeQuestionIds[i];
            i++;
        }
        ChallengeQuestionResponse challengeQuestionResponse = new ChallengeQuestionResponse(challengeQuestionManager.getUserChallengeQuestion(user, userChallengeQuestionIds[0]));
        String generateUUID = UUIDGenerator.generateUUID();
        UserRecoveryData userRecoveryData = new UserRecoveryData(user, generateUUID, RecoveryScenarios.QUESTION_BASED_PWD_RECOVERY, RecoverySteps.VALIDATE_CHALLENGE_QUESTION);
        userRecoveryData.setRemainingSetIds(str);
        challengeQuestionResponse.setCode(generateUUID);
        if (userChallengeQuestionIds.length > 1) {
            challengeQuestionResponse.setStatus(IdentityRecoveryConstants.RECOVERY_STATUS_INCOMPLETE);
        }
        jDBCRecoveryDataStore.store(userRecoveryData);
        return challengeQuestionResponse;
    }

    private void validateFunctionalityForUser(User user) throws IdentityRecoveryServerException, IdentityRecoveryClientException {
        if (isPerUserFunctionalityLockingEnabled) {
            FunctionalityLockStatus functionalityStatusOfUser = getFunctionalityStatusOfUser(user, IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier());
            if (functionalityStatusOfUser.getLockStatus()) {
                StringBuilder sb = new StringBuilder(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_SECURITY_QUESTION_BASED_PWR_LOCKED.getMessage());
                if (isDetailedErrorMessagesEnabled) {
                    sb.append(": ").append(functionalityStatusOfUser.getLockReason());
                }
                throw ((IdentityRecoveryClientException) IdentityException.error(IdentityRecoveryClientException.class, IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_SECURITY_QUESTION_BASED_PWR_LOCKED.getCode(), sb.toString()));
            }
        }
    }

    public ChallengeQuestionsResponse initiateUserChallengeQuestionAtOnce(User user) throws IdentityRecoveryException {
        String property = IdentityUtil.getProperty(IdentityRecoveryConstants.ConnectorConfig.QUESTION_CHALLENGE_SEPARATOR);
        if (StringUtils.isEmpty(property)) {
            property = "!";
        }
        if (StringUtils.isBlank(user.getTenantDomain())) {
            user.setTenantDomain("carbon.super");
            log.info("initiateUserChallengeQuestionAtOnce :Tenant domain is not in the request. set to default for user : " + user.getUserName());
        }
        if (StringUtils.isBlank(user.getUserStoreDomain())) {
            user.setUserStoreDomain(IdentityUtil.getPrimaryDomainName());
            log.info("initiateUserChallengeQuestionAtOnce :User store domain is not in the request. set to default for user : " + user.getUserName());
        }
        if (!Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.QUESTION_BASED_PW_RECOVERY, user.getTenantDomain()))) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_QUESTION_BASED_RECOVERY_NOT_ENABLE, null);
        }
        boolean parseBoolean = Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain()));
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        jDBCRecoveryDataStore.invalidate(user);
        verifyUserExists(user);
        if (Utils.isAccountDisabled(user)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_DISABLED_ACCOUNT, null);
        }
        if (Utils.isAccountLocked(user)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_LOCKED_ACCOUNT, null);
        }
        boolean parseBoolean2 = Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_SEND_RECOVERY_SECURITY_START, user.getTenantDomain()));
        if (parseBoolean && parseBoolean2) {
            try {
                triggerNotification(user, IdentityRecoveryConstants.NOTIFICATION_TYPE_PASSWORD_RESET_INITIATE, null);
            } catch (Exception e) {
                log.warn("Error while sending password reset initiating notification to user :" + user.getUserName());
            }
        }
        int parseInt = Integer.parseInt(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.QUESTION_MIN_NO_ANSWER, user.getTenantDomain()));
        ChallengeQuestionManager challengeQuestionManager = ChallengeQuestionManager.getInstance();
        String[] userChallengeQuestionIds = challengeQuestionManager.getUserChallengeQuestionIds(user);
        if (userChallengeQuestionIds == null || userChallengeQuestionIds.length == 0) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CHALLENGE_QUESTION_NOT_FOUND, user.getUserName());
        }
        if (userChallengeQuestionIds.length > parseInt) {
            userChallengeQuestionIds = getRandomQuestionIds(userChallengeQuestionIds, parseInt);
        }
        ChallengeQuestion[] challengeQuestionArr = new ChallengeQuestion[userChallengeQuestionIds.length];
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < userChallengeQuestionIds.length; i++) {
            challengeQuestionArr[i] = challengeQuestionManager.getUserChallengeQuestion(user, userChallengeQuestionIds[i]);
            if (i == 0) {
                sb.append(userChallengeQuestionIds[0]);
            } else {
                sb.append(property).append(userChallengeQuestionIds[i]);
            }
        }
        ChallengeQuestionsResponse challengeQuestionsResponse = new ChallengeQuestionsResponse(challengeQuestionArr);
        String generateUUID = UUIDGenerator.generateUUID();
        UserRecoveryData userRecoveryData = new UserRecoveryData(user, generateUUID, RecoveryScenarios.QUESTION_BASED_PWD_RECOVERY, RecoverySteps.VALIDATE_ALL_CHALLENGE_QUESTION);
        userRecoveryData.setRemainingSetIds(sb.toString());
        challengeQuestionsResponse.setCode(generateUUID);
        jDBCRecoveryDataStore.store(userRecoveryData);
        return challengeQuestionsResponse;
    }

    public ChallengeQuestionResponse validateUserChallengeQuestions(UserChallengeAnswer[] userChallengeAnswerArr, String str, Property[] propertyArr) throws IdentityRecoveryException {
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        UserRecoveryData load = jDBCRecoveryDataStore.load(str);
        User user = load.getUser();
        validateFunctionalityForUser(user);
        try {
            if (!Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.QUESTION_BASED_PW_RECOVERY, load.getUser().getTenantDomain()))) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_QUESTION_BASED_RECOVERY_NOT_ENABLE, null);
            }
            verifyUserExists(user);
            if (Utils.isAccountDisabled(user)) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_DISABLED_ACCOUNT, user.getUserName());
            }
            if (Utils.isAccountLocked(user)) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_LOCKED_ACCOUNT, user.getUserName());
            }
            if (userChallengeAnswerArr == null) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CHALLENGE_QUESTION_NOT_FOUND, "Challenge answers cannot be found for user: " + load.getUser());
            }
            String property = IdentityUtil.getProperty(IdentityRecoveryConstants.ConnectorConfig.QUESTION_CHALLENGE_SEPARATOR);
            if (StringUtils.isEmpty(property)) {
                property = "!";
            }
            if (!RecoverySteps.VALIDATE_CHALLENGE_QUESTION.equals(load.getRecoveryStep())) {
                if (!RecoverySteps.VALIDATE_ALL_CHALLENGE_QUESTION.equals(load.getRecoveryStep())) {
                    throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE, null);
                }
                String remainingSetIds = load.getRemainingSetIds();
                if (!StringUtils.isNotBlank(remainingSetIds)) {
                    throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CHALLENGE_QUESTION_NOT_FOUND, "Could not find requested challenge questions for user: " + load.getUser());
                }
                String[] split = remainingSetIds.split(property);
                if (split.length != userChallengeAnswerArr.length) {
                    throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NEED_TO_ANSWER_TO_REQUESTED_QUESTIONS, null);
                }
                validateQuestion(split, userChallengeAnswerArr);
                ChallengeQuestionManager challengeQuestionManager = ChallengeQuestionManager.getInstance();
                for (UserChallengeAnswer userChallengeAnswer : userChallengeAnswerArr) {
                    if (!challengeQuestionManager.verifyUserChallengeAnswer(load.getUser(), userChallengeAnswer)) {
                        throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_ANSWER_FOR_SECURITY_QUESTION, null);
                    }
                }
                if (isPerUserFunctionalityLockingEnabled) {
                    resetRecoveryPasswordProperties(load.getUser(), true);
                } else {
                    resetRecoveryPasswordFailedAttempts(load.getUser(), true);
                }
                jDBCRecoveryDataStore.invalidate(str);
                ChallengeQuestionResponse challengeQuestionResponse = new ChallengeQuestionResponse();
                String generateUUID = UUIDGenerator.generateUUID();
                challengeQuestionResponse.setCode(generateUUID);
                challengeQuestionResponse.setStatus(IdentityRecoveryConstants.RECOVERY_STATUS_COMPLETE);
                UserRecoveryData userRecoveryData = new UserRecoveryData(load.getUser(), generateUUID, RecoveryScenarios.QUESTION_BASED_PWD_RECOVERY);
                userRecoveryData.setRecoveryStep(RecoverySteps.UPDATE_PASSWORD);
                jDBCRecoveryDataStore.store(userRecoveryData);
                return challengeQuestionResponse;
            }
            if (userChallengeAnswerArr.length > 1) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_MULTIPLE_QUESTION_NOT_ALLOWED, null);
            }
            ChallengeQuestionManager challengeQuestionManager2 = ChallengeQuestionManager.getInstance();
            if (!challengeQuestionManager2.verifyUserChallengeAnswer(load.getUser(), userChallengeAnswerArr[0])) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_ANSWER_FOR_SECURITY_QUESTION, null);
            }
            boolean z = false;
            jDBCRecoveryDataStore.invalidate(str);
            String remainingSetIds2 = load.getRemainingSetIds();
            ChallengeQuestionResponse challengeQuestionResponse2 = new ChallengeQuestionResponse();
            String generateUUID2 = UUIDGenerator.generateUUID();
            challengeQuestionResponse2.setCode(generateUUID2);
            UserRecoveryData userRecoveryData2 = new UserRecoveryData(load.getUser(), generateUUID2, RecoveryScenarios.QUESTION_BASED_PWD_RECOVERY);
            if (StringUtils.isNotBlank(remainingSetIds2)) {
                String[] split2 = remainingSetIds2.split(property);
                challengeQuestionResponse2.setQuestion(challengeQuestionManager2.getUserChallengeQuestion(load.getUser(), split2[0]));
                userRecoveryData2.setRecoveryStep(RecoverySteps.VALIDATE_CHALLENGE_QUESTION);
                challengeQuestionResponse2.setStatus(IdentityRecoveryConstants.RECOVERY_STATUS_INCOMPLETE);
                if (split2.length > 1) {
                    int i = 1;
                    while (i < split2.length) {
                        remainingSetIds2 = i == 1 ? split2[1] : remainingSetIds2 + property + split2[i];
                        i++;
                    }
                    userRecoveryData2.setRemainingSetIds(remainingSetIds2);
                }
            } else {
                z = true;
                userRecoveryData2.setRecoveryStep(RecoverySteps.UPDATE_PASSWORD);
                challengeQuestionResponse2.setStatus(IdentityRecoveryConstants.RECOVERY_STATUS_COMPLETE);
            }
            jDBCRecoveryDataStore.store(userRecoveryData2);
            if (isPerUserFunctionalityLockingEnabled) {
                resetRecoveryPasswordProperties(load.getUser(), z);
            } else {
                resetRecoveryPasswordFailedAttempts(load.getUser(), z);
            }
            return challengeQuestionResponse2;
        } catch (IdentityRecoveryClientException e) {
            if (isPerUserFunctionalityLockingEnabled) {
                handleAnswerVerificationFailInFunctionalityLockMode(load.getUser());
                throw e;
            }
            handleAnswerVerificationFail(load.getUser());
            throw e;
        }
    }

    private void validateQuestion(String[] strArr, UserChallengeAnswer[] userChallengeAnswerArr) throws IdentityRecoveryException {
        ArrayList arrayList = new ArrayList();
        for (UserChallengeAnswer userChallengeAnswer : userChallengeAnswerArr) {
            arrayList.add(userChallengeAnswer.getQuestion().getQuestionSetId().toLowerCase());
        }
        for (String str : strArr) {
            if (!arrayList.contains(str.toLowerCase())) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NEED_TO_ANSWER_TO_REQUESTED_QUESTIONS, null);
            }
        }
    }

    private static String[] getRandomQuestionIds(String[] strArr, int i) {
        ArrayList arrayList = new ArrayList(Arrays.asList(strArr));
        ArrayList arrayList2 = new ArrayList();
        for (int i2 = 0; i2 < i; i2++) {
            int nextInt = new Random().nextInt(arrayList.size());
            arrayList2.add(i2, arrayList.get(nextInt));
            arrayList.remove(nextInt);
        }
        return (String[]) arrayList2.toArray(new String[arrayList2.size()]);
    }

    private void triggerNotification(User user, String str, String str2) throws IdentityRecoveryException {
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", user.getUserName());
        hashMap.put("tenant-domain", user.getTenantDomain());
        hashMap.put("userstore-domain", user.getUserStoreDomain());
        if (StringUtils.isNotBlank(str2)) {
            hashMap.put(IdentityRecoveryConstants.CONFIRMATION_CODE, str2);
        }
        hashMap.put(IdentityRecoveryConstants.TEMPLATE_TYPE, str);
        try {
            IdentityRecoveryServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event("TRIGGER_NOTIFICATION", hashMap));
        } catch (IdentityEventException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_TRIGGER_NOTIFICATION, user.getUserName(), (Throwable) e);
        }
    }

    private org.wso2.carbon.identity.application.common.model.Property[] getConnectorConfigs(String str) throws IdentityRecoveryException {
        try {
            return IdentityRecoveryServiceDataHolder.getInstance().getIdentityGovernanceService().getConfiguration(new String[]{PROPERTY_ACCOUNT_LOCK_ON_FAILURE, PROPERTY_ACCOUNT_LOCK_ON_FAILURE_MAX, PROPERTY_ACCOUNT_LOCK_TIME, PROPERTY_LOGIN_FAIL_TIMEOUT_RATIO}, str);
        } catch (Exception e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_LOAD_GOV_CONFIGS, (String) null, e);
        }
    }

    private void resetRecoveryPasswordFailedAttempts(User user, boolean z) throws IdentityRecoveryException {
        for (org.wso2.carbon.identity.application.common.model.Property property : getConnectorConfigs(user.getTenantDomain())) {
            if (PROPERTY_ACCOUNT_LOCK_ON_FAILURE.equals(property.getName()) && !Boolean.parseBoolean(property.getValue())) {
                return;
            }
        }
        try {
            try {
                UserStoreManager userStoreManager = IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(user.getTenantDomain())).getUserStoreManager();
                HashMap hashMap = new HashMap();
                if (z) {
                    hashMap.put(IdentityRecoveryConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM, "0");
                }
                hashMap.put(IdentityRecoveryConstants.PASSWORD_RESET_FAIL_ATTEMPTS_CLAIM, "0");
                try {
                    userStoreManager.setUserClaimValues(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), hashMap, "default");
                } catch (UserStoreException e) {
                    throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_UPDATE_USER_CLAIMS, (String) null, (Throwable) e);
                }
            } catch (org.wso2.carbon.user.api.UserStoreException e2) {
                throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_LOAD_USER_STORE_MANAGER, (String) null, (Throwable) e2);
            }
        } catch (org.wso2.carbon.user.api.UserStoreException e3) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_LOAD_REALM_SERVICE, user.getTenantDomain(), (Throwable) e3);
        }
    }

    private void resetRecoveryPasswordProperties(User user, boolean z) throws IdentityRecoveryException {
        for (org.wso2.carbon.identity.application.common.model.Property property : getConnectorConfigs(user.getTenantDomain())) {
            if (PROPERTY_ACCOUNT_LOCK_ON_FAILURE.equals(property.getName()) && !Boolean.parseBoolean(property.getValue())) {
                return;
            }
        }
        int tenantId = IdentityTenantUtil.getTenantId(user.getTenantDomain());
        String userId = Utils.getUserId(user.getUserName(), tenantId);
        UserFunctionalityManager userFunctionalityManagerService = IdentityRecoveryServiceDataHolder.getInstance().getUserFunctionalityManagerService();
        if (z) {
            try {
                userFunctionalityManagerService.unlock(userId, tenantId, IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier());
                userFunctionalityManagerService.deleteAllPropertiesForUser(userId, tenantId, IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier());
            } catch (UserFunctionalityManagementException e) {
                throw Utils.handleFunctionalityLockMgtServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_UNLOCK_FUNCTIONALITY_FOR_USER, userId, tenantId, IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier(), isDetailedErrorMessagesEnabled);
            }
        } else {
            try {
                HashMap hashMap = new HashMap();
                hashMap.put(IdentityRecoveryConstants.FUNCTION_FAILED_ATTEMPTS_PROPERTY, "0");
                userFunctionalityManagerService.setProperties(userId, tenantId, IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier(), hashMap);
            } catch (UserFunctionalityManagementException e2) {
                throw Utils.handleFunctionalityLockMgtServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_UPDATE_PROPERTIES_FOR_FUNCTIONALITY, userId, tenantId, IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier(), isDetailedErrorMessagesEnabled);
            }
        }
    }

    private void handleAnswerVerificationFail(User user) throws IdentityRecoveryException {
        int i = 0;
        long j = 0;
        double d = 1.0d;
        for (org.wso2.carbon.identity.application.common.model.Property property : getConnectorConfigs(user.getTenantDomain())) {
            if (PROPERTY_ACCOUNT_LOCK_ON_FAILURE.equals(property.getName()) && !Boolean.parseBoolean(property.getValue())) {
                return;
            }
            if (PROPERTY_ACCOUNT_LOCK_ON_FAILURE_MAX.equals(property.getName()) && NumberUtils.isNumber(property.getValue())) {
                i = Integer.parseInt(property.getValue());
            } else if (PROPERTY_ACCOUNT_LOCK_TIME.equals(property.getName()) && NumberUtils.isNumber(property.getValue())) {
                j = Integer.parseInt(property.getValue());
            } else if (PROPERTY_LOGIN_FAIL_TIMEOUT_RATIO.equals(property.getName()) && NumberUtils.isNumber(property.getValue())) {
                double parseDouble = Double.parseDouble(property.getValue());
                if (parseDouble > 0.0d) {
                    d = parseDouble;
                }
            }
        }
        try {
            try {
                UserStoreManager userStoreManager = IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(user.getTenantDomain())).getUserStoreManager();
                if (Utils.isAccountLocked(user)) {
                    return;
                }
                try {
                    Map userClaimValues = userStoreManager.getUserClaimValues(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), new String[]{IdentityRecoveryConstants.PASSWORD_RESET_FAIL_ATTEMPTS_CLAIM, IdentityRecoveryConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM}, "default");
                    int parseInt = NumberUtils.isNumber((String) userClaimValues.get(IdentityRecoveryConstants.PASSWORD_RESET_FAIL_ATTEMPTS_CLAIM)) ? Integer.parseInt((String) userClaimValues.get(IdentityRecoveryConstants.PASSWORD_RESET_FAIL_ATTEMPTS_CLAIM)) : 0;
                    int parseInt2 = NumberUtils.isNumber((String) userClaimValues.get(IdentityRecoveryConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM)) ? Integer.parseInt((String) userClaimValues.get(IdentityRecoveryConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM)) : 0;
                    HashMap hashMap = new HashMap();
                    if (parseInt + 1 < i) {
                        hashMap.put(IdentityRecoveryConstants.PASSWORD_RESET_FAIL_ATTEMPTS_CLAIM, String.valueOf(parseInt + 1));
                        try {
                            userStoreManager.setUserClaimValues(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), hashMap, "default");
                            return;
                        } catch (UserStoreException e) {
                            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_UPDATE_USER_CLAIMS, (String) null, (Throwable) e);
                        }
                    }
                    long currentTimeMillis = System.currentTimeMillis() + ((long) (j * 1000 * 60 * Math.pow(d, parseInt2)));
                    hashMap.put("http://wso2.org/claims/identity/accountLocked", Boolean.TRUE.toString());
                    hashMap.put(IdentityRecoveryConstants.PASSWORD_RESET_FAIL_ATTEMPTS_CLAIM, "0");
                    hashMap.put(IdentityRecoveryConstants.ACCOUNT_UNLOCK_TIME_CLAIM, String.valueOf(currentTimeMillis));
                    hashMap.put(IdentityRecoveryConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM, String.valueOf(parseInt2 + 1));
                    try {
                        userStoreManager.setUserClaimValues(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), hashMap, "default");
                        throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_LOCKED_ACCOUNT, IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()));
                    } catch (UserStoreException e2) {
                        throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_UPDATE_USER_CLAIMS, (String) null, (Throwable) e2);
                    }
                } catch (UserStoreException e3) {
                    throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_LOAD_USER_CLAIMS, (String) null, (Throwable) e3);
                }
            } catch (org.wso2.carbon.user.api.UserStoreException e4) {
                throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_LOAD_USER_STORE_MANAGER, (String) null, (Throwable) e4);
            }
        } catch (org.wso2.carbon.user.api.UserStoreException e5) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_LOAD_REALM_SERVICE, user.getTenantDomain(), (Throwable) e5);
        }
    }

    private void handleAnswerVerificationFailInFunctionalityLockMode(User user) throws IdentityRecoveryException {
        if (Utils.isAccountLocked(user)) {
            return;
        }
        int tenantId = IdentityTenantUtil.getTenantId(user.getTenantDomain());
        String userId = Utils.getUserId(user.getUserName(), tenantId);
        Map<String, String> configStoreProperties = ConfigStoreFunctionalityLockPropertyHandler.getInstance().getConfigStoreProperties(user.getTenantDomain(), IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier());
        validateUserFunctionalityProperties(configStoreProperties);
        int parseInt = Integer.parseInt(configStoreProperties.get(IdentityRecoveryConstants.FUNCTION_MAX_ATTEMPTS_PROPERTY));
        long parseInt2 = Integer.parseInt(configStoreProperties.get(IdentityRecoveryConstants.FUNCTION_LOCKOUT_TIME_PROPERTY));
        double parseDouble = Double.parseDouble(configStoreProperties.get(IdentityRecoveryConstants.FUNCTION_LOGIN_FAIL_TIMEOUT_RATIO_PROPERTY));
        int i = 0;
        int i2 = 0;
        UserFunctionalityManager userFunctionalityManagerService = IdentityRecoveryServiceDataHolder.getInstance().getUserFunctionalityManagerService();
        try {
            Map properties = userFunctionalityManagerService.getProperties(userId, tenantId, IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier());
            if (properties.isEmpty()) {
                properties.put(IdentityRecoveryConstants.FUNCTION_LOCKOUT_COUNT_PROPERTY, String.valueOf(0));
                properties.put(IdentityRecoveryConstants.FUNCTION_FAILED_ATTEMPTS_PROPERTY, String.valueOf(0));
                properties.put(IdentityRecoveryConstants.FUNCTION_MAX_ATTEMPTS_PROPERTY, String.valueOf(parseInt));
                try {
                    userFunctionalityManagerService.setProperties(userId, tenantId, IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier(), properties);
                } catch (UserFunctionalityManagementException e) {
                    throw Utils.handleFunctionalityLockMgtServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_ADD_PROPERTIES_FOR_FUNCTIONALITY, userId, tenantId, IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier(), isDetailedErrorMessagesEnabled);
                }
            } else {
                if (NumberUtils.isNumber((String) properties.get(IdentityRecoveryConstants.FUNCTION_LOCKOUT_COUNT_PROPERTY))) {
                    i2 = Integer.parseInt((String) properties.get(IdentityRecoveryConstants.FUNCTION_LOCKOUT_COUNT_PROPERTY));
                }
                if (NumberUtils.isNumber((String) properties.get(IdentityRecoveryConstants.FUNCTION_FAILED_ATTEMPTS_PROPERTY))) {
                    i = Integer.parseInt((String) properties.get(IdentityRecoveryConstants.FUNCTION_FAILED_ATTEMPTS_PROPERTY));
                }
            }
            HashMap hashMap = new HashMap();
            if (i + 1 < parseInt) {
                try {
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put(IdentityRecoveryConstants.FUNCTION_FAILED_ATTEMPTS_PROPERTY, String.valueOf(i + 1));
                    userFunctionalityManagerService.setProperties(userId, tenantId, IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier(), hashMap2);
                    return;
                } catch (UserFunctionalityManagementException e2) {
                    throw Utils.handleFunctionalityLockMgtServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_UPDATE_PROPERTIES_FOR_FUNCTIONALITY, userId, tenantId, IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier(), isDetailedErrorMessagesEnabled);
                }
            }
            long pow = (long) (parseInt2 * 1000 * 60 * Math.pow(parseDouble, i2));
            try {
                hashMap.put(IdentityRecoveryConstants.FUNCTION_FAILED_ATTEMPTS_PROPERTY, "0");
                hashMap.put(IdentityRecoveryConstants.FUNCTION_LOCKOUT_COUNT_PROPERTY, String.valueOf(i2 + 1));
                userFunctionalityManagerService.lock(userId, tenantId, IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier(), pow, IdentityRecoveryConstants.RecoveryLockReasons.PWD_RECOVERY_MAX_ATTEMPTS_EXCEEDED.getFunctionalityLockCode(), IdentityRecoveryConstants.RecoveryLockReasons.PWD_RECOVERY_MAX_ATTEMPTS_EXCEEDED.getFunctionalityLockReason());
                userFunctionalityManagerService.setProperties(userId, tenantId, IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier(), hashMap);
            } catch (UserFunctionalityManagementServerException e3) {
                throw Utils.handleFunctionalityLockMgtServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_LOCK_FUNCTIONALITY_FOR_USER, userId, tenantId, IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier(), isDetailedErrorMessagesEnabled);
            } catch (UserFunctionalityManagementException e4) {
                e4.printStackTrace();
            }
            StringBuilder sb = new StringBuilder(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_SECURITY_QUESTION_BASED_PWR_LOCKED.getMessage());
            if (isDetailedErrorMessagesEnabled) {
                sb.append(": ").append(IdentityRecoveryConstants.RecoveryLockReasons.PWD_RECOVERY_MAX_ATTEMPTS_EXCEEDED.getFunctionalityLockReason());
            }
            throw ((IdentityRecoveryClientException) IdentityException.error(IdentityRecoveryClientException.class, IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_SECURITY_QUESTION_BASED_PWR_LOCKED.getCode(), sb.toString()));
        } catch (UserFunctionalityManagementException e5) {
            throw Utils.handleFunctionalityLockMgtServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_GET_PROPERTIES_FOR_FUNCTIONALITY, userId, tenantId, IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier(), isDetailedErrorMessagesEnabled);
        }
    }

    private void validateUserFunctionalityProperties(Map<String, String> map) {
        HashSet hashSet = new HashSet(Arrays.asList(IdentityRecoveryConstants.FUNCTION_MAX_ATTEMPTS_PROPERTY, IdentityRecoveryConstants.FUNCTION_LOCKOUT_TIME_PROPERTY, IdentityRecoveryConstants.FUNCTION_LOGIN_FAIL_TIMEOUT_RATIO_PROPERTY));
        if (MapUtils.isEmpty(map)) {
            throw new UnsupportedOperationException("User Functionality properties are not configured.");
        }
        if (!map.keySet().equals(hashSet)) {
            throw new UnsupportedOperationException("User Functionality properties are not configured.");
        }
        if (!NumberUtils.isNumber(map.get(IdentityRecoveryConstants.FUNCTION_MAX_ATTEMPTS_PROPERTY))) {
            throw new UnsupportedOperationException("User Functionality properties are not configured.");
        }
        if (!NumberUtils.isNumber(map.get(IdentityRecoveryConstants.FUNCTION_LOCKOUT_TIME_PROPERTY))) {
            throw new UnsupportedOperationException("User Functionality properties are not configured.");
        }
        if (!NumberUtils.isNumber(map.get(IdentityRecoveryConstants.FUNCTION_LOGIN_FAIL_TIMEOUT_RATIO_PROPERTY))) {
            throw new UnsupportedOperationException("User Functionality properties are not configured.");
        }
    }

    private void verifyUserExists(User user) throws IdentityRecoveryClientException, IdentityRecoveryServerException {
        try {
            org.wso2.carbon.user.api.UserStoreManager userStoreManager = IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(user.getTenantDomain())).getUserStoreManager();
            String addDomainToName = IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain());
            if (userStoreManager.isExistingUser(addDomainToName)) {
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug("No user found for recovery with username: " + user.toFullQualifiedUsername());
            }
            if (!Boolean.parseBoolean(IdentityUtil.getProperty(IdentityRecoveryConstants.ConnectorConfig.NOTIFY_USER_EXISTENCE))) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CHALLENGE_QUESTION_NOT_FOUND, user.getUserName());
            }
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_USER, addDomainToName);
        } catch (org.wso2.carbon.user.api.UserStoreException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED, null);
        }
    }

    private FunctionalityLockStatus getFunctionalityStatusOfUser(User user, String str) throws IdentityRecoveryServerException {
        int tenantId = IdentityTenantUtil.getTenantId(user.getTenantDomain());
        try {
            return IdentityRecoveryServiceDataHolder.getInstance().getUserFunctionalityManagerService().getLockStatus(Utils.getUserId(user.getUserName(), tenantId), tenantId, str);
        } catch (UserFunctionalityManagementException e) {
            String prependOperationScenarioToErrorCode = Utils.prependOperationScenarioToErrorCode(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_GET_LOCK_STATUS_FOR_FUNCTIONALITY.getCode(), IdentityRecoveryConstants.PASSWORD_RECOVERY_SCENARIO);
            StringBuilder sb = new StringBuilder(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FAILED_TO_GET_LOCK_STATUS_FOR_FUNCTIONALITY.getMessage());
            if (isDetailedErrorMessagesEnabled) {
                sb.append(String.format("functionalityIdentifier: %s for %s.", IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier(), user.getUserName()));
            }
            throw Utils.handleServerException(prependOperationScenarioToErrorCode, sb.toString(), (String) null);
        }
    }
}
