package org.wso2.carbon.identity.recovery.signup;

import com.google.gson.Gson;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.security.SecureRandom;
import java.text.SimpleDateFormat;
import java.time.Instant;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONObject;
import org.slf4j.MDC;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.CarbonException;
import org.wso2.carbon.consent.mgt.core.ConsentManager;
import org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException;
import org.wso2.carbon.consent.mgt.core.model.Purpose;
import org.wso2.carbon.consent.mgt.core.model.ReceiptInput;
import org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.AnonymousSessionUtil;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.consent.mgt.exceptions.ConsentUtilityServiceException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventClientException;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.IdentityEventServerException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.governance.IdentityGovernanceException;
import org.wso2.carbon.identity.governance.IdentityMgtConstants;
import org.wso2.carbon.identity.governance.exceptions.notiification.NotificationChannelManagerClientException;
import org.wso2.carbon.identity.governance.exceptions.notiification.NotificationChannelManagerException;
import org.wso2.carbon.identity.governance.service.notification.NotificationChannels;
import org.wso2.carbon.identity.mgt.policy.PolicyViolationException;
import org.wso2.carbon.identity.recovery.AuditConstants;
import org.wso2.carbon.identity.recovery.IdentityRecoveryClientException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
import org.wso2.carbon.identity.recovery.IdentityRecoveryException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryServerException;
import org.wso2.carbon.identity.recovery.RecoveryScenarios;
import org.wso2.carbon.identity.recovery.RecoverySteps;
import org.wso2.carbon.identity.recovery.bean.NotificationResponseBean;
import org.wso2.carbon.identity.recovery.confirmation.ResendConfirmationManager;
import org.wso2.carbon.identity.recovery.internal.IdentityRecoveryServiceDataHolder;
import org.wso2.carbon.identity.recovery.model.Property;
import org.wso2.carbon.identity.recovery.model.UserRecoveryData;
import org.wso2.carbon.identity.recovery.store.JDBCRecoveryDataStore;
import org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore;
import org.wso2.carbon.identity.recovery.util.Utils;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManager;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;
import org.wso2.carbon.user.api.Claim;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.Permission;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.class */
public class UserSelfRegistrationManager {
    private static final Log log = LogFactory.getLog(UserSelfRegistrationManager.class);
    private static UserSelfRegistrationManager instance = new UserSelfRegistrationManager();
    private static final String PURPOSE_GROUP_SELF_REGISTER = "SELF-SIGNUP";
    private static final String PURPOSE_GROUP_TYPE_SYSTEM = "SYSTEM";

    private UserSelfRegistrationManager() {
    }

    public static UserSelfRegistrationManager getInstance() {
        return instance;
    }

    public NotificationResponseBean registerUser(User user, String str, Claim[] claimArr, Property[] propertyArr) throws IdentityRecoveryException {
        publishEvent(user, claimArr, propertyArr, "PRE_SELF_SIGNUP_REGISTER");
        String propertyValue = getPropertyValue(propertyArr, IdentityRecoveryConstants.Consent.CONSENT);
        String tenantDomain = user.getTenantDomain();
        if (StringUtils.isEmpty(tenantDomain)) {
            tenantDomain = "carbon.super";
        }
        String str2 = null;
        try {
            str2 = Utils.getCallbackURLFromRegistration(propertyArr);
            if (StringUtils.isNotBlank(str2) && !Utils.validateCallbackURL(str2, tenantDomain, IdentityRecoveryConstants.ConnectorConfig.SELF_REGISTRATION_CALLBACK_REGEX)) {
                throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, str2);
            }
            if (StringUtils.isBlank(user.getTenantDomain())) {
                user.setTenantDomain("carbon.super");
                log.info("registerUser :Tenant domain is not in the request. set to default for user : " + user.getUserName());
            }
            if (StringUtils.isBlank(user.getUserStoreDomain())) {
                user.setUserStoreDomain(IdentityUtil.getPrimaryDomainName());
                log.info("registerUser :User store domain is not in the request. set to default for user : " + user.getUserName());
            }
            if (!Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.ENABLE_SELF_SIGNUP, user.getTenantDomain()))) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_DISABLE_SELF_SIGN_UP, user.getUserName());
            }
            try {
                try {
                    UserStoreManager userStoreManager = IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(user.getTenantDomain())).getUserStoreManager();
                    PrivilegedCarbonContext.startTenantFlow();
                    PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                    threadLocalCarbonContext.setTenantId(IdentityTenantUtil.getTenantId(user.getTenantDomain()));
                    threadLocalCarbonContext.setTenantDomain(user.getTenantDomain());
                    HashMap hashMap = new HashMap();
                    for (Claim claim : claimArr) {
                        hashMap.put(claim.getClaimUri(), claim.getValue());
                    }
                    Utils.setArbitraryProperties(propertyArr);
                    validateAndFilterFromReceipt(propertyValue, hashMap);
                    try {
                        if (!userStoreManager.isExistingRole(IdentityRecoveryConstants.SELF_SIGNUP_ROLE)) {
                            userStoreManager.addRole(IdentityRecoveryConstants.SELF_SIGNUP_ROLE, (String[]) null, new Permission[]{new Permission("/permission/admin/login", IdentityRecoveryConstants.EXECUTE_ACTION)});
                        }
                        String[] strArr = {IdentityRecoveryConstants.SELF_SIGNUP_ROLE};
                        try {
                            String resolveCommunicationChannel = Utils.getNotificationChannelManager().resolveCommunicationChannel(user.getUserName(), user.getTenantDomain(), user.getUserStoreDomain(), hashMap);
                            if (StringUtils.isEmpty(hashMap.get(IdentityRecoveryConstants.PREFERRED_CHANNEL_CLAIM)) && StringUtils.isNotEmpty(resolveCommunicationChannel)) {
                                hashMap.put(IdentityRecoveryConstants.PREFERRED_CHANNEL_CLAIM, resolveCommunicationChannel);
                            }
                            userStoreManager.addUser(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), str, strArr, hashMap, (String) null);
                            addUserConsent(propertyValue, tenantDomain);
                            NotificationResponseBean buildNotificationResponseBean = buildNotificationResponseBean(user, resolveCommunicationChannel, hashMap);
                            Utils.clearArbitraryProperties();
                            PrivilegedCarbonContext.endTenantFlow();
                            publishEvent(user, claimArr, propertyArr, "POST_SELF_SIGNUP_REGISTER");
                            return buildNotificationResponseBean;
                        } catch (NotificationChannelManagerException e) {
                            throw mapNotificationChannelManagerException(e, user);
                        }
                    } catch (UserStoreException e2) {
                        for (Throwable th = e2; th != null; th = th.getCause()) {
                            if (th instanceof PolicyViolationException) {
                                throw ((IdentityRecoveryClientException) IdentityException.error(IdentityRecoveryClientException.class, IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_POLICY_VIOLATION.getCode(), th.getMessage(), e2));
                            }
                        }
                        Utils.checkPasswordPatternViolation(e2, user);
                        NotificationResponseBean handleClientException = handleClientException(user, e2);
                        Utils.clearArbitraryProperties();
                        PrivilegedCarbonContext.endTenantFlow();
                        return handleClientException;
                    }
                } catch (UserStoreException e3) {
                    throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED, user.getUserName(), (Throwable) e3);
                }
            } catch (Throwable th2) {
                Utils.clearArbitraryProperties();
                PrivilegedCarbonContext.endTenantFlow();
                throw th2;
            }
        } catch (UnsupportedEncodingException | MalformedURLException | IdentityEventException e4) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, str2);
        }
    }

    private NotificationResponseBean buildNotificationResponseBean(User user, String str, Map<String, String> map) throws IdentityRecoveryException {
        boolean parseBoolean = Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.ACCOUNT_LOCK_ON_CREATION, user.getTenantDomain()));
        boolean parseBoolean2 = Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.SIGN_UP_NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain()));
        boolean isPreferredChannelVerified = isPreferredChannelVerified(user.getUserName(), str, map);
        NotificationResponseBean notificationResponseBean = new NotificationResponseBean(user);
        if (isPreferredChannelVerified) {
            notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_WITH_VERIFIED_CHANNEL.getCode());
            notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_WITH_VERIFIED_CHANNEL.getMessage());
        } else if (parseBoolean2 && parseBoolean) {
            notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_INTERNAL_VERIFICATION.getCode());
            notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_INTERNAL_VERIFICATION.getMessage());
            notificationResponseBean.setNotificationChannel(str);
        } else if (parseBoolean) {
            UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
            jDBCRecoveryDataStore.invalidate(user);
            String generateUUID = UUIDGenerator.generateUUID();
            UserRecoveryData userRecoveryData = new UserRecoveryData(user, generateUUID, RecoveryScenarios.SELF_SIGN_UP, RecoverySteps.CONFIRM_SIGN_UP);
            userRecoveryData.setRemainingSetIds(NotificationChannels.EXTERNAL_CHANNEL.getChannelType());
            jDBCRecoveryDataStore.store(userRecoveryData);
            notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_EXTERNAL_VERIFICATION.getCode());
            notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_EXTERNAL_VERIFICATION.getMessage());
            notificationResponseBean.setRecoveryId(generateUUID);
            notificationResponseBean.setNotificationChannel(NotificationChannels.EXTERNAL_CHANNEL.getChannelType());
            notificationResponseBean.setKey(generateUUID);
        } else {
            notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_UNLOCKED_WITH_NO_VERIFICATION.getCode());
            notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_UNLOCKED_WITH_NO_VERIFICATION.getMessage());
        }
        return notificationResponseBean;
    }

    private NotificationResponseBean handleClientException(User user, UserStoreException userStoreException) throws IdentityRecoveryException {
        if (StringUtils.isEmpty(userStoreException.getMessage())) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_ADD_SELF_USER, user.getUserName(), (Throwable) userStoreException);
        }
        if (userStoreException.getMessage().contains("31301")) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_USERNAME_POLICY_VIOLATED, user.getUserName(), (Throwable) userStoreException);
        }
        if (userStoreException.getMessage().contains("PasswordInvalidAsk")) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_PASSWORD_POLICY_VIOLATED, "", (Throwable) userStoreException);
        }
        if (userStoreException.getMessage().contains("UserAlreadyExisting")) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_USER_ALREADY_EXISTS, user.getUserName(), (Throwable) userStoreException);
        }
        if (userStoreException.getMessage().contains("Invalid Domain")) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_DOMAIN_VIOLATED, user.getUserStoreDomain(), (Throwable) userStoreException);
        }
        throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_ADD_SELF_USER, user.getUserName(), (Throwable) userStoreException);
    }

    private IdentityRecoveryException mapNotificationChannelManagerException(NotificationChannelManagerException notificationChannelManagerException, User user) throws IdentityRecoveryException {
        return (StringUtils.isNotEmpty(notificationChannelManagerException.getErrorCode()) && notificationChannelManagerException.getErrorCode().equals(IdentityMgtConstants.ErrorMessages.ERROR_CODE_NO_CLAIM_MATCHED_FOR_PREFERRED_CHANNEL.getCode())) ? Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_PREFERRED_CHANNEL_VALUE_EMPTY, user.getUserName(), (Throwable) notificationChannelManagerException) : (StringUtils.isNotEmpty(notificationChannelManagerException.getErrorCode()) && notificationChannelManagerException.getErrorCode().equals(IdentityMgtConstants.ErrorMessages.ERROR_CODE_UNSUPPORTED_PREFERRED_CHANNEL.getCode())) ? Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNSUPPORTED_PREFERRED_CHANNELS, user.getUserName(), (Throwable) notificationChannelManagerException) : Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_BAD_SELF_REGISTER_REQUEST, user.getUserName(), (Throwable) notificationChannelManagerException);
    }

    private boolean isPreferredChannelVerified(String str, String str2, Map<String, String> map) throws IdentityRecoveryClientException {
        if (Boolean.parseBoolean(IdentityUtil.getProperty(IdentityRecoveryConstants.ConnectorConfig.ENABLE_ACCOUNT_LOCK_FOR_VERIFIED_PREFERRED_CHANNEL))) {
            return false;
        }
        String str3 = map.get(getNotificationChannel(str, str2).getVerifiedClaimUrl());
        return StringUtils.isNotEmpty(str3) && Boolean.parseBoolean(str3);
    }

    private NotificationChannels getNotificationChannel(String str, String str2) throws IdentityRecoveryClientException {
        try {
            return NotificationChannels.getNotificationChannel(str2);
        } catch (NotificationChannelManagerClientException e) {
            if (log.isDebugEnabled()) {
                log.debug("Unsupported channel type : " + str2, e);
            }
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNSUPPORTED_PREFERRED_CHANNELS, str, e);
        }
    }

    public void addUserConsent(String str, String str2) throws IdentityRecoveryServerException {
        if (!StringUtils.isNotEmpty(str)) {
            if (log.isDebugEnabled()) {
                log.debug("Consent string is empty. Hence not adding consent");
            }
        } else {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Adding consent to tenant domain : %s : %s", str2, str));
            }
            try {
                addConsent(str, str2);
            } catch (ConsentManagementException e) {
                throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_ADD_USER_CONSENT, "", (Throwable) e);
            }
        }
    }

    private void validateAndFilterFromReceipt(String str, Map<String, String> map) throws IdentityRecoveryServerException {
        if (StringUtils.isEmpty(str)) {
            return;
        }
        try {
            List<Purpose> listPurposes = IdentityRecoveryServiceDataHolder.getInstance().getConsentManager().listPurposes(PURPOSE_GROUP_SELF_REGISTER, PURPOSE_GROUP_TYPE_SYSTEM, 0, 0);
            ReceiptInput receiptInput = (ReceiptInput) new Gson().fromJson(str, ReceiptInput.class);
            validateUserConsent(receiptInput, listPurposes);
            filterClaimsFromReceipt(receiptInput, map);
        } catch (ConsentManagementException e) {
            throw new IdentityRecoveryServerException("Error while retrieving System purposes for self registration", (Throwable) e);
        }
    }

    private void validateUserConsent(ReceiptInput receiptInput, List<Purpose> list) throws IdentityRecoveryServerException {
        try {
            IdentityRecoveryServiceDataHolder.getInstance().getConsentUtilityService().validateReceiptPIIs(receiptInput, list);
        } catch (ConsentUtilityServiceException e) {
            throw new IdentityRecoveryServerException("Receipt validation failed against purposes", (Throwable) e);
        }
    }

    private void filterClaimsFromReceipt(ReceiptInput receiptInput, Map<String, String> map) throws IdentityRecoveryServerException {
        try {
            map.keySet().retainAll(IdentityRecoveryServiceDataHolder.getInstance().getConsentUtilityService().filterPIIsFromReceipt(map.keySet(), receiptInput));
        } catch (ConsentUtilityServiceException e) {
            throw new IdentityRecoveryServerException("Receipt validation failed against purposes", (Throwable) e);
        }
    }

    public boolean isUserConfirmed(User user) throws IdentityRecoveryException {
        boolean z = false;
        if (StringUtils.isBlank(user.getTenantDomain())) {
            user.setTenantDomain("carbon.super");
            log.info("confirmUserSelfRegistration :Tenant domain is not in the request. set to default for user : " + user.getUserName());
        }
        if (StringUtils.isBlank(user.getUserStoreDomain())) {
            user.setUserStoreDomain(IdentityUtil.getPrimaryDomainName());
            log.info("confirmUserSelfRegistration :User store domain is not in the request. set to default for user : " + user.getUserName());
        }
        UserRecoveryData loadWithoutCodeExpiryValidation = JDBCRecoveryDataStore.getInstance().loadWithoutCodeExpiryValidation(user);
        if (loadWithoutCodeExpiryValidation == null || !RecoveryScenarios.SELF_SIGN_UP.equals(loadWithoutCodeExpiryValidation.getRecoveryScenario())) {
            z = true;
        }
        return z;
    }

    public void confirmUserSelfRegistration(String str) throws IdentityRecoveryException {
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        UserRecoveryData load = jDBCRecoveryDataStore.load(str);
        User user = load.getUser();
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        if (!StringUtils.equalsIgnoreCase(tenantDomain, user.getTenantDomain())) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_TENANT, tenantDomain);
        }
        if (!RecoverySteps.CONFIRM_SIGN_UP.equals(load.getRecoveryStep()) && !RecoverySteps.CONFIRM_LITE_SIGN_UP.equals(load.getRecoveryStep())) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE, null);
        }
        try {
            try {
                UserStoreManager userStoreManager = IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(user.getTenantDomain())).getUserStoreManager();
                PrivilegedCarbonContext.startTenantFlow();
                PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                threadLocalCarbonContext.setTenantId(IdentityTenantUtil.getTenantId(user.getTenantDomain()));
                threadLocalCarbonContext.setTenantDomain(user.getTenantDomain());
                HashMap hashMap = new HashMap();
                hashMap.put("http://wso2.org/claims/identity/accountLocked", Boolean.FALSE.toString());
                hashMap.put(IdentityRecoveryConstants.EMAIL_VERIFIED_CLAIM, Boolean.TRUE.toString());
                try {
                    userStoreManager.setUserClaimValues(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), hashMap, (String) null);
                    jDBCRecoveryDataStore.invalidate(str);
                } catch (UserStoreException e) {
                    throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNLOCK_USER_USER, user.getUserName(), (Throwable) e);
                }
            } catch (UserStoreException e2) {
                throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED, user.getUserName(), (Throwable) e2);
            }
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }

    public void confirmUserSelfRegistration(String str, String str2, String str3, Map<String, String> map) throws IdentityRecoveryException {
        publishEvent(str, str2, str3, map, "PRE_SELF_SIGNUP_CONFIRM");
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        User user = validateSelfRegistrationCode(str, str2, str3, map, false).getUser();
        jDBCRecoveryDataStore.invalidate(str);
        if (Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.SELF_REGISTRATION_NOTIFY_ACCOUNT_CONFIRMATION, user.getTenantDomain()))) {
            triggerNotification(user);
        }
        publishEvent(user, str, str2, str3, map, "POST_SELF_SIGNUP_CONFIRM");
    }

    public UserRecoveryData introspectUserSelfRegistration(String str, String str2, String str3, Map<String, String> map) throws IdentityRecoveryException {
        return introspectUserSelfRegistration(false, str, str2, str3, map);
    }

    public UserRecoveryData introspectUserSelfRegistration(boolean z, String str, String str2, String str3, Map<String, String> map) throws IdentityRecoveryException {
        return validateSelfRegistrationCode(str, str2, str3, map, z);
    }

    private UserRecoveryData validateSelfRegistrationCode(String str, String str2, String str3, Map<String, String> map, boolean z) throws IdentityRecoveryException {
        Utils.unsetThreadLocalToSkipSendingEmailVerificationOnUpdate();
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        UserRecoveryData load = !z ? jDBCRecoveryDataStore.load(str) : jDBCRecoveryDataStore.load(str, z);
        User user = load.getUser();
        validateContextTenantDomainWithUserTenantDomain(user);
        if (!RecoverySteps.CONFIRM_SIGN_UP.equals(load.getRecoveryStep()) && !RecoverySteps.VERIFY_EMAIL.equals(load.getRecoveryStep()) && !RecoverySteps.CONFIRM_LITE_SIGN_UP.equals(load.getRecoveryStep())) {
            auditRecoveryConfirm(load, IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE.getMessage(), "Failed");
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE, null);
        }
        UserStoreManager userStoreManager = getUserStoreManager(user);
        HashMap hashMap = new HashMap();
        hashMap.put("USER", user);
        hashMap.put("userStoreManager", userStoreManager);
        if (RecoverySteps.CONFIRM_SIGN_UP.equals(load.getRecoveryStep())) {
            triggerEvent(hashMap, "PRE_USER_ACCOUNT_CONFIRMATION");
        } else if (RecoverySteps.VERIFY_EMAIL.equals(load.getRecoveryStep())) {
            triggerEvent(hashMap, "PRE_EMAIL_CHANGE_VERIFICATION");
        }
        String str4 = null;
        if (!NotificationChannels.EXTERNAL_CHANNEL.getChannelType().equals(str2)) {
            str4 = getChannelVerifiedClaim(load.getUser().getUserName(), str2, str3);
        }
        HashMap<String, String> claimsListToUpdate = getClaimsListToUpdate(user, load.getRemainingSetIds(), str4, load.getRecoveryScenario().toString());
        if (RecoverySteps.VERIFY_EMAIL.equals(load.getRecoveryStep())) {
            String remainingSetIds = load.getRemainingSetIds();
            if (StringUtils.isNotBlank(remainingSetIds)) {
                hashMap.put("VERIFIED_EMAIL", remainingSetIds);
                claimsListToUpdate.put(IdentityRecoveryConstants.EMAIL_ADDRESS_PENDING_VALUE_CLAIM, "");
                claimsListToUpdate.put(IdentityRecoveryConstants.EMAIL_ADDRESS_CLAIM, remainingSetIds);
                Utils.setThreadLocalToSkipSendingEmailVerificationOnUpdate(IdentityRecoveryConstants.SkipEmailVerificationOnUpdateStates.SKIP_ON_CONFIRM.toString());
            }
        }
        updateUserClaims(userStoreManager, user, claimsListToUpdate);
        if (RecoverySteps.CONFIRM_SIGN_UP.equals(load.getRecoveryStep())) {
            hashMap.put("VERIFIED_CHANNEL", extractVerifiedChannelURI(claimsListToUpdate, str3));
            triggerEvent(hashMap, "POST_USER_ACCOUNT_CONFIRMATION");
        } else if (RecoverySteps.VERIFY_EMAIL.equals(load.getRecoveryStep())) {
            triggerEvent(hashMap, "POST_EMAIL_CHANGE_VERIFICATION");
        }
        auditRecoveryConfirm(load, null, "Success");
        return load;
    }

    private String extractVerifiedChannelURI(HashMap<String, String> hashMap, String str) {
        String str2 = null;
        Iterator<Map.Entry<String, String>> it = hashMap.entrySet().iterator();
        while (it.hasNext()) {
            String key = it.next().getKey();
            if (key.equals(str) || key.equals(IdentityRecoveryConstants.EMAIL_VERIFIED_CLAIM) || key.equals(NotificationChannels.SMS_CHANNEL.getVerifiedClaimUrl())) {
                str2 = key;
                break;
            }
        }
        return str2;
    }

    private void triggerEvent(Map<String, Object> map, String str) throws IdentityRecoveryServerException, IdentityRecoveryClientException {
        try {
            IdentityRecoveryServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event(str, map));
        } catch (IdentityEventException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_PUBLISH_EVENT, str, (Throwable) e);
        } catch (IdentityEventClientException e2) {
            throw new IdentityRecoveryClientException(e2.getErrorCode(), e2.getMessage(), e2);
        } catch (IdentityEventServerException e3) {
            throw new IdentityRecoveryServerException(e3.getErrorCode(), e3.getMessage(), e3);
        }
    }

    public void confirmVerificationCodeMe(String str, Map<String, String> map) throws IdentityRecoveryException {
        Utils.unsetThreadLocalToSkipSendingSmsOtpVerificationOnUpdate();
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        UserRecoveryData load = jDBCRecoveryDataStore.load(str);
        if (!RecoverySteps.VERIFY_MOBILE_NUMBER.equals(load.getRecoveryStep())) {
            auditRecoveryConfirm(load, IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE.getMessage(), "Failed");
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE, null);
        }
        User user = load.getUser();
        validateUser(user);
        UserStoreManager userStoreManager = getUserStoreManager(user);
        HashMap<String, String> hashMap = new HashMap<>();
        if (RecoverySteps.VERIFY_MOBILE_NUMBER.equals(load.getRecoveryStep())) {
            String remainingSetIds = load.getRemainingSetIds();
            if (StringUtils.isNotBlank(remainingSetIds)) {
                hashMap.put(IdentityRecoveryConstants.MOBILE_NUMBER_PENDING_VALUE_CLAIM, "");
                hashMap.put(IdentityRecoveryConstants.MOBILE_NUMBER_CLAIM, remainingSetIds);
                hashMap.put(NotificationChannels.SMS_CHANNEL.getVerifiedClaimUrl(), Boolean.TRUE.toString());
                Utils.setThreadLocalToSkipSendingSmsOtpVerificationOnUpdate(IdentityRecoveryConstants.SkipMobileNumberVerificationOnUpdateStates.SKIP_ON_CONFIRM.toString());
            }
        }
        updateUserClaims(userStoreManager, user, hashMap);
        jDBCRecoveryDataStore.invalidate(str);
        auditRecoveryConfirm(load, null, "Success");
    }

    private void updateUserClaims(UserStoreManager userStoreManager, User user, HashMap<String, String> hashMap) throws IdentityRecoveryException {
        try {
            userStoreManager.setUserClaimValues(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), hashMap, (String) null);
        } catch (UserStoreException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNLOCK_USER_USER, user.getUserName(), (Throwable) e);
        }
    }

    private String getChannelVerifiedClaim(String str, String str2, String str3) throws IdentityRecoveryException {
        if (!StringUtils.isNotEmpty(str2) || !StringUtils.isNotEmpty(str3)) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("Externally verified channels are not specified");
            return null;
        }
        NotificationChannels notificationChannel = getNotificationChannel(str, str2);
        if (notificationChannel.getClaimUri().equals(str3)) {
            return notificationChannel.getVerifiedClaimUrl();
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Channel claim: %s in the request does not match the channel claim bound to channelType : %s", str2, str2));
        }
        throw new IdentityRecoveryException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNSUPPORTED_VERIFICATION_CHANNEL.getMessage(), IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNSUPPORTED_VERIFICATION_CHANNEL.getCode());
    }

    private HashMap<String, String> getClaimsListToUpdate(User user, String str, String str2, String str3) {
        HashMap<String, String> hashMap = new HashMap<>();
        hashMap.put("http://wso2.org/claims/identity/accountLocked", Boolean.FALSE.toString());
        hashMap.put(IdentityRecoveryConstants.ACCOUNT_LOCKED_REASON_CLAIM, "");
        setVerificationClaims(user, str, str2, str3, hashMap);
        hashMap.put(IdentityRecoveryConstants.ACCOUNT_CONFIRMED_TIME_CLAIM, Instant.now().toString());
        return hashMap;
    }

    private UserStoreManager getUserStoreManager(User user) throws IdentityRecoveryException {
        try {
            UserRealm tenantUserRealm = IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(user.getTenantDomain()));
            return IdentityUtil.getPrimaryDomainName().equals(user.getUserStoreDomain()) ? tenantUserRealm.getUserStoreManager() : tenantUserRealm.getUserStoreManager().getSecondaryUserStoreManager(user.getUserStoreDomain());
        } catch (UserStoreException e) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Error getting the user store manager for the user : %s with in domain : %s.", user.getUserStoreDomain() + CarbonConstants.DOMAIN_SEPARATOR + user.getUserName(), user.getTenantDomain()));
            }
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED, user.getUserName(), (Throwable) e);
        }
    }

    private void validateUser(User user) throws IdentityRecoveryException {
        validateContextTenantDomainWithUserTenantDomain(user);
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        if (!StringUtils.equalsIgnoreCase(username, user.getUserName())) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_USER, username);
        }
    }

    private void validateContextTenantDomainWithUserTenantDomain(User user) throws IdentityRecoveryException {
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        if (!StringUtils.equalsIgnoreCase(tenantDomain, user.getTenantDomain())) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_TENANT, tenantDomain);
        }
    }

    private void setVerificationClaims(User user, String str, String str2, String str3, HashMap<String, String> hashMap) {
        if (NotificationChannels.EXTERNAL_CHANNEL.getChannelType().equals(str)) {
            if (StringUtils.isNotEmpty(str2)) {
                if (log.isDebugEnabled()) {
                    log.debug(String.format("Externally verified claim is available for user :%s in tenant domain : %s ", user.getUserName(), user.getTenantDomain()));
                }
                hashMap.put(str2, Boolean.TRUE.toString());
                return;
            } else {
                if (log.isDebugEnabled()) {
                    log.debug(String.format("Externally verified channel claims are not available for user : %s in tenant domain : %s. Therefore, setting %s claim as the default verified channel.", user.getUserName(), user.getTenantDomain(), NotificationChannels.EMAIL_CHANNEL.getVerifiedClaimUrl()));
                }
                hashMap.put(IdentityRecoveryConstants.EMAIL_VERIFIED_CLAIM, Boolean.TRUE.toString());
                return;
            }
        }
        if (NotificationChannels.SMS_CHANNEL.getChannelType().equalsIgnoreCase(str)) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Self sign-up via SMS channel detected. Updating %s value for user : %s in tenant domain : %s ", NotificationChannels.EMAIL_CHANNEL.getVerifiedClaimUrl(), user.getUserName(), user.getTenantDomain()));
            }
            hashMap.put(NotificationChannels.SMS_CHANNEL.getVerifiedClaimUrl(), Boolean.TRUE.toString());
        } else if (NotificationChannels.EMAIL_CHANNEL.getChannelType().equalsIgnoreCase(str)) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Self sign-up via EMAIL channel detected. Updating %s value for user : %s in tenant domain : %s ", NotificationChannels.EMAIL_CHANNEL.getVerifiedClaimUrl(), user.getUserName(), user.getTenantDomain()));
            }
            hashMap.put(IdentityRecoveryConstants.EMAIL_VERIFIED_CLAIM, Boolean.TRUE.toString());
        } else {
            if (log.isDebugEnabled()) {
                log.debug(String.format("No notification channel detected for user : %s in tenant domain : %s for recovery scenario : %s. Therefore setting email as the verified channel.", user.getUserName(), user.getTenantDomain(), str3));
            }
            hashMap.put(IdentityRecoveryConstants.EMAIL_VERIFIED_CLAIM, Boolean.TRUE.toString());
        }
    }

    @Deprecated
    public NotificationResponseBean resendConfirmationCode(User user, Property[] propertyArr) throws IdentityRecoveryException {
        if (StringUtils.isBlank(user.getTenantDomain())) {
            String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
            if (StringUtils.isBlank(tenantDomain)) {
                tenantDomain = "carbon.super";
            }
            user.setTenantDomain(tenantDomain);
            log.info("confirmUserSelfRegistration :Tenant domain is not in the request. set to default for user : " + user.getUserName());
        }
        if (StringUtils.isBlank(user.getUserStoreDomain())) {
            user.setUserStoreDomain(IdentityUtil.getPrimaryDomainName());
            log.info("confirmUserSelfRegistration :User store domain is not in the request. set to default for user : " + user.getUserName());
        }
        if (!Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.ENABLE_SELF_SIGNUP, user.getTenantDomain()))) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_DISABLE_SELF_SIGN_UP, user.getUserName());
        }
        NotificationResponseBean resendConfirmationCode = ResendConfirmationManager.getInstance().resendConfirmationCode(user, RecoveryScenarios.SELF_SIGN_UP.toString(), RecoverySteps.CONFIRM_SIGN_UP.toString(), IdentityRecoveryConstants.NOTIFICATION_TYPE_RESEND_ACCOUNT_CONFIRM, propertyArr);
        resendConfirmationCode.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_RESEND_CONFIRMATION_CODE.getCode());
        resendConfirmationCode.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_RESEND_CONFIRMATION_CODE.getMessage());
        return resendConfirmationCode;
    }

    public boolean isValidTenantDomain(String str) throws IdentityRecoveryException {
        try {
            return getUserRealm(str) != null;
        } catch (CarbonException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while getting user realm for user " + str);
            }
            throw new IdentityRecoveryException("Error while retrieving user realm for tenant : " + str, (Throwable) e);
        }
    }

    @Deprecated
    public boolean isUsernameAlreadyTaken(String str) throws IdentityRecoveryException {
        return isUsernameAlreadyTaken(str, null);
    }

    public boolean isUsernameAlreadyTaken(String str, String str2) throws IdentityRecoveryException {
        boolean z = true;
        if (StringUtils.isBlank(str2)) {
            str2 = MultitenantUtils.getTenantDomain(str);
        }
        try {
            String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
            org.wso2.carbon.user.core.UserRealm userRealm = getUserRealm(str2);
            if (userRealm != null) {
                z = userRealm.getUserStoreManager().isExistingUser(tenantAwareUsername);
            }
            return z;
        } catch (CarbonException | org.wso2.carbon.user.core.UserStoreException e) {
            throw new IdentityRecoveryException("Error while retrieving user realm for tenant : " + str2, (Throwable) e);
        }
    }

    public boolean isSelfRegistrationEnabled(String str) throws IdentityRecoveryException {
        return Boolean.parseBoolean(getIDPProperty(str, IdentityRecoveryConstants.ConnectorConfig.ENABLE_SELF_SIGNUP));
    }

    private String getIDPProperty(String str, String str2) throws IdentityRecoveryException {
        String str3 = "";
        try {
            for (org.wso2.carbon.identity.application.common.model.Property property : IdentityRecoveryServiceDataHolder.getInstance().getIdentityGovernanceService().getConfiguration(new String[]{IdentityRecoveryConstants.ConnectorConfig.ENABLE_SELF_SIGNUP}, str)) {
                if (property != null && str2.equalsIgnoreCase(property.getName())) {
                    str3 = property.getValue();
                }
            }
            return str3;
        } catch (IdentityGovernanceException e) {
            throw new IdentityRecoveryException("Error while retrieving resident identity provider for tenant : " + str, (Throwable) e);
        }
    }

    private void addConsent(String str, String str2) throws ConsentManagementException, IdentityRecoveryServerException {
        ReceiptInput receiptInput = (ReceiptInput) new Gson().fromJson(str, ReceiptInput.class);
        ConsentManager consentManager = IdentityRecoveryServiceDataHolder.getInstance().getConsentManager();
        if (receiptInput.getServices().size() < 0) {
            throw new IdentityRecoveryServerException("A service should be available in a receipt");
        }
        ReceiptServiceInput receiptServiceInput = (ReceiptServiceInput) receiptInput.getServices().get(0);
        if (receiptServiceInput.getPurposes().isEmpty()) {
            if (log.isDebugEnabled()) {
                log.debug("Consent does not contain any purposes. Hence not adding consent");
            }
        } else {
            receiptServiceInput.setTenantDomain(str2);
            try {
                setIDPData(str2, receiptServiceInput);
                receiptInput.setTenantDomain(str2);
                consentManager.addConsent(receiptInput);
            } catch (IdentityProviderManagementException e) {
                throw new ConsentManagementException("Error while retrieving identity provider data", "Error while setting IDP data", e);
            }
        }
    }

    private void setIDPData(String str, ReceiptServiceInput receiptServiceInput) throws IdentityProviderManagementException {
        IdentityProvider residentIdP = IdentityProviderManager.getInstance().getResidentIdP(str);
        if (StringUtils.isEmpty(receiptServiceInput.getService())) {
            if (log.isDebugEnabled()) {
                log.debug("No service name found. Hence adding resident IDP home realm ID");
            }
            receiptServiceInput.setService(residentIdP.getHomeRealmId());
        }
        if (StringUtils.isEmpty(receiptServiceInput.getTenantDomain())) {
            receiptServiceInput.setTenantDomain(str);
        }
        if (StringUtils.isEmpty(receiptServiceInput.getSpDescription())) {
            if (StringUtils.isNotEmpty(residentIdP.getIdentityProviderDescription())) {
                receiptServiceInput.setSpDescription(residentIdP.getIdentityProviderDescription());
            } else {
                receiptServiceInput.setSpDescription(IdentityRecoveryConstants.Consent.RESIDENT_IDP);
            }
        }
        if (StringUtils.isEmpty(receiptServiceInput.getSpDisplayName())) {
            if (StringUtils.isNotEmpty(residentIdP.getDisplayName())) {
                receiptServiceInput.setSpDisplayName(residentIdP.getDisplayName());
            } else {
                receiptServiceInput.setSpDisplayName(IdentityRecoveryConstants.Consent.RESIDENT_IDP);
            }
        }
    }

    private String getPropertyValue(Property[] propertyArr, String str) {
        String str2 = "";
        if (propertyArr != null && StringUtils.isNotEmpty(str)) {
            int i = 0;
            while (true) {
                if (i >= propertyArr.length) {
                    break;
                }
                Property property = propertyArr[i];
                if (str.equalsIgnoreCase(property.getKey())) {
                    str2 = property.getValue();
                    ArrayUtils.removeElement(propertyArr, property);
                    break;
                }
                i++;
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("Returning value for key : " + str + " - " + str2);
        }
        return str2;
    }

    private org.wso2.carbon.user.core.UserRealm getUserRealm(String str) throws CarbonException {
        return AnonymousSessionUtil.getRealmByTenantDomain(IdentityRecoveryServiceDataHolder.getInstance().getRegistryService(), IdentityRecoveryServiceDataHolder.getInstance().getRealmService(), str);
    }

    public boolean isMatchUserNameRegex(String str, String str2) throws IdentityRecoveryException {
        String extractDomainFromName = IdentityUtil.extractDomainFromName(str2);
        try {
            return checkUserNameValid(UserCoreUtil.removeDomainFromName(MultitenantUtils.getTenantAwareUsername(str2)), getUserRealm(str).getUserStoreManager().getSecondaryUserStoreManager(extractDomainFromName).getRealmConfiguration());
        } catch (CarbonException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while getting user realm for user " + str);
            }
            throw new IdentityRecoveryException("Error while retrieving user realm for tenant : " + str, (Throwable) e);
        } catch (org.wso2.carbon.user.core.UserStoreException e2) {
            if (log.isDebugEnabled()) {
                log.debug("Error while getting user store configuration for tenant: " + str + ", domain: " + extractDomainFromName);
            }
            throw new IdentityRecoveryException("Error while retrieving user store configuration for: " + extractDomainFromName, (Throwable) e2);
        }
    }

    private boolean checkUserNameValid(String str, RealmConfiguration realmConfiguration) {
        if (str == null || "wso2.system.user".equals(str)) {
            return false;
        }
        String trim = str.trim();
        if (trim.length() < 1) {
            return false;
        }
        String userStoreProperty = realmConfiguration.getUserStoreProperty("UsernameJavaRegEx");
        if (MultitenantUtils.isEmailUserName()) {
            userStoreProperty = realmConfiguration.getUserStoreProperty("UsernameWithEmailJavaScriptRegEx");
            if (userStoreProperty == null) {
                userStoreProperty = "^([a-zA-Z0-9_\\.\\-])+\\@(([a-zA-Z0-9\\-])+\\.)+([a-zA-Z0-9]{2,4})+$";
            }
        }
        if (userStoreProperty != null) {
            userStoreProperty = userStoreProperty.trim();
        }
        return StringUtils.isEmpty(userStoreProperty) || isFormatCorrect(userStoreProperty, trim);
    }

    private boolean isFormatCorrect(String str, String str2) {
        return Pattern.compile(str).matcher(str2).matches();
    }

    public void preValidatePasswordWithConfirmationKey(String str, String str2) throws IdentityEventException, IdentityRecoveryException {
        User user = JDBCRecoveryDataStore.getInstance().load(str).getUser();
        preValidatePassword(user.getUserName(), str2, user.getUserStoreDomain());
    }

    public void preValidatePasswordWithUsername(String str, String str2) throws IdentityEventException, IdentityRecoveryServerException {
        preValidatePassword(UserCoreUtil.removeDomainFromName(str), str2, IdentityUtil.extractDomainFromName(str));
    }

    private void preValidatePassword(String str, String str2, String str3) throws IdentityRecoveryServerException, IdentityEventException {
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", str);
        hashMap.put("CREDENTIAL", str2);
        hashMap.put("tenant-domain", tenantDomain);
        hashMap.put("tenantId", Integer.valueOf(tenantId));
        try {
            hashMap.put("userStoreManager", IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getUserStoreManager().getSecondaryUserStoreManager(str3));
            if (log.isDebugEnabled()) {
                log.debug(String.format("Validating password against policies for user: %s in tenant: %s and in user store: %s", str, tenantDomain, str3));
            }
            IdentityRecoveryServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event("PRE_UPDATE_CREDENTIAL_BY_ADMIN", hashMap));
        } catch (UserStoreException e) {
            String format = String.format("Error getting the user store manager for the user : %s in domain : %s.", str3 + CarbonConstants.DOMAIN_SEPARATOR + str, tenantDomain);
            if (log.isDebugEnabled()) {
                log.debug(format, e);
            }
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED, (String) null, e);
        }
    }

    public NotificationResponseBean registerLiteUser(User user, Claim[] claimArr, Property[] propertyArr) throws IdentityRecoveryException {
        String propertyValue = getPropertyValue(propertyArr, IdentityRecoveryConstants.Consent.CONSENT);
        String tenantDomain = user.getTenantDomain();
        if (StringUtils.isEmpty(tenantDomain)) {
            tenantDomain = "carbon.super";
        }
        String str = null;
        try {
            str = Utils.getCallbackURLFromRegistration(propertyArr);
            if (StringUtils.isNotBlank(str) && !Utils.validateCallbackURL(str, tenantDomain, IdentityRecoveryConstants.ConnectorConfig.SELF_REGISTRATION_CALLBACK_REGEX)) {
                throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, str);
            }
            if (StringUtils.isBlank(user.getTenantDomain())) {
                user.setTenantDomain("carbon.super");
                log.info("registerUser :Tenant domain is not in the request. set to default for user : " + user.getUserName());
            }
            if (StringUtils.isBlank(user.getUserStoreDomain())) {
                user.setUserStoreDomain(IdentityUtil.getPrimaryDomainName());
                log.info("registerUser :User store domain is not in the request. set to default for user : " + user.getUserName());
            }
            if (!Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.ENABLE_LITE_SIGN_UP, user.getTenantDomain()))) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_DISABLE_LITE_SIGN_UP, user.getUserName());
            }
            try {
                try {
                    UserStoreManager userStoreManager = IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(user.getTenantDomain())).getUserStoreManager();
                    PrivilegedCarbonContext.startTenantFlow();
                    PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                    threadLocalCarbonContext.setTenantId(IdentityTenantUtil.getTenantId(user.getTenantDomain()));
                    threadLocalCarbonContext.setTenantDomain(user.getTenantDomain());
                    HashMap hashMap = new HashMap();
                    for (Claim claim : claimArr) {
                        hashMap.put(claim.getClaimUri(), claim.getValue());
                    }
                    hashMap.put(IdentityRecoveryConstants.LITE_USER_CLAIM, Boolean.TRUE.toString());
                    Utils.setArbitraryProperties(propertyArr);
                    validateAndFilterFromReceipt(propertyValue, hashMap);
                    try {
                        String[] strArr = new String[0];
                        try {
                            String resolveCommunicationChannel = Utils.getNotificationChannelManager().resolveCommunicationChannel(user.getUserName(), user.getTenantDomain(), user.getUserStoreDomain(), hashMap);
                            if (StringUtils.isEmpty(hashMap.get(IdentityRecoveryConstants.PREFERRED_CHANNEL_CLAIM)) && StringUtils.isNotEmpty(resolveCommunicationChannel)) {
                                hashMap.put(IdentityRecoveryConstants.PREFERRED_CHANNEL_CLAIM, resolveCommunicationChannel);
                            }
                            userStoreManager.addUser(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), getRandomPassword(), strArr, hashMap, (String) null);
                            addUserConsent(propertyValue, tenantDomain);
                            NotificationResponseBean buildLiteNotificationResponseBean = buildLiteNotificationResponseBean(user, resolveCommunicationChannel, hashMap);
                            Utils.clearArbitraryProperties();
                            PrivilegedCarbonContext.endTenantFlow();
                            return buildLiteNotificationResponseBean;
                        } catch (NotificationChannelManagerException e) {
                            throw mapNotificationChannelManagerException(e, user);
                        }
                    } catch (UserStoreException e2) {
                        for (Throwable th = e2; th != null; th = th.getCause()) {
                            if (th instanceof PolicyViolationException) {
                                throw ((IdentityRecoveryClientException) IdentityException.error(IdentityRecoveryClientException.class, IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_POLICY_VIOLATION.getCode(), th.getMessage(), e2));
                            }
                        }
                        NotificationResponseBean handleClientException = handleClientException(user, e2);
                        Utils.clearArbitraryProperties();
                        PrivilegedCarbonContext.endTenantFlow();
                        return handleClientException;
                    }
                } catch (UserStoreException e3) {
                    throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED, user.getUserName(), (Throwable) e3);
                }
            } catch (Throwable th2) {
                Utils.clearArbitraryProperties();
                PrivilegedCarbonContext.endTenantFlow();
                throw th2;
            }
        } catch (UnsupportedEncodingException | MalformedURLException | IdentityEventException e4) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, str);
        }
    }

    private char[] getRandomPassword() {
        return (new SecureRandom().generateSeed(20) + "A$g0").toCharArray();
    }

    private NotificationResponseBean buildLiteNotificationResponseBean(User user, String str, Map<String, String> map) throws IdentityRecoveryException {
        boolean parseBoolean = Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.LITE_ACCOUNT_LOCK_ON_CREATION, user.getTenantDomain()));
        boolean parseBoolean2 = Boolean.parseBoolean(Utils.getSignUpConfigs(IdentityRecoveryConstants.ConnectorConfig.LITE_SIGN_UP_NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain()));
        boolean isPreferredChannelVerified = isPreferredChannelVerified(user.getUserName(), str, map);
        NotificationResponseBean notificationResponseBean = new NotificationResponseBean(user);
        if (isPreferredChannelVerified) {
            notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_WITH_VERIFIED_CHANNEL.getCode());
            notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_WITH_VERIFIED_CHANNEL.getMessage());
        } else if (parseBoolean2 && parseBoolean) {
            notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_INTERNAL_VERIFICATION.getCode());
            notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_INTERNAL_VERIFICATION.getMessage());
            notificationResponseBean.setNotificationChannel(str);
        } else if (parseBoolean) {
            UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
            jDBCRecoveryDataStore.invalidate(user);
            String generateUUID = UUIDGenerator.generateUUID();
            UserRecoveryData userRecoveryData = new UserRecoveryData(user, generateUUID, RecoveryScenarios.LITE_SIGN_UP, RecoverySteps.CONFIRM_LITE_SIGN_UP);
            userRecoveryData.setRemainingSetIds(NotificationChannels.EXTERNAL_CHANNEL.getChannelType());
            jDBCRecoveryDataStore.store(userRecoveryData);
            notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_EXTERNAL_VERIFICATION.getCode());
            notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_EXTERNAL_VERIFICATION.getMessage());
            notificationResponseBean.setRecoveryId(generateUUID);
            notificationResponseBean.setNotificationChannel(NotificationChannels.EXTERNAL_CHANNEL.getChannelType());
            notificationResponseBean.setKey(generateUUID);
        } else {
            notificationResponseBean.setCode(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_UNLOCKED_WITH_NO_VERIFICATION.getCode());
            notificationResponseBean.setMessage(IdentityRecoveryConstants.SuccessEvents.SUCCESS_STATUS_CODE_SUCCESSFUL_USER_CREATION_UNLOCKED_WITH_NO_VERIFICATION.getMessage());
        }
        return notificationResponseBean;
    }

    private void auditRecoveryConfirm(UserRecoveryData userRecoveryData, String str, String str2) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(AuditConstants.REMOTE_ADDRESS_KEY, MDC.get(AuditConstants.REMOTE_ADDRESS_QUERY_KEY));
        jSONObject.put(AuditConstants.USER_AGENT_KEY, MDC.get(AuditConstants.USER_AGENT_QUERY_KEY));
        jSONObject.put(AuditConstants.EMAIL_TO_BE_CHANGED, userRecoveryData.getRemainingSetIds());
        jSONObject.put(AuditConstants.SERVICE_PROVIDER_KEY, MDC.get(AuditConstants.SERVICE_PROVIDER_QUERY_KEY));
        if ("Failed".equals(str2)) {
            jSONObject.put(AuditConstants.ERROR_MESSAGE_KEY, str);
        }
        Utils.createAuditMessage(userRecoveryData.getRecoveryScenario().toString(), userRecoveryData.getUser().getUserName(), jSONObject, str2);
    }

    private void triggerNotification(User user) throws IdentityRecoveryServerException {
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", user.getUserName());
        hashMap.put("tenant-domain", user.getTenantDomain());
        hashMap.put("userstore-domain", user.getUserStoreDomain());
        hashMap.put(IdentityRecoveryConstants.TEMPLATE_TYPE, IdentityRecoveryConstants.NOTIFICATION_TYPE_SELF_SIGNUP_SUCCESS);
        hashMap.put("selfsignup-confirm-time", new SimpleDateFormat("dd/MM/yy hh:mm:ss").format(new Date(System.currentTimeMillis())));
        try {
            IdentityRecoveryServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event("TRIGGER_NOTIFICATION", hashMap));
        } catch (IdentityEventException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_TRIGGER_NOTIFICATION, user.getUserName(), (Throwable) e);
        }
    }

    private void publishEvent(User user, Claim[] claimArr, Property[] propertyArr, String str) throws IdentityRecoveryException {
        HashMap<String, Object> hashMap = new HashMap<>();
        hashMap.put("user-name", user.getUserName());
        hashMap.put("tenant-domain", user.getTenantDomain());
        hashMap.put("userstore-domain", user.getUserStoreDomain());
        hashMap.put("USER_CLAIMS", claimArr);
        if (propertyArr != null) {
            for (Property property : propertyArr) {
                if (StringUtils.isNotBlank(property.getValue()) && StringUtils.isNotBlank(property.getKey())) {
                    hashMap.put(property.getKey(), property.getValue());
                }
            }
        }
        handleEvent(str, hashMap, user);
    }

    private void publishEvent(User user, String str, String str2, String str3, Map<String, String> map, String str4) throws IdentityRecoveryException {
        HashMap<String, Object> hashMap = new HashMap<>();
        hashMap.put("user-name", user.getUserName());
        hashMap.put("tenant-domain", user.getTenantDomain());
        hashMap.put("userstore-domain", user.getUserStoreDomain());
        if (StringUtils.isNotBlank(str)) {
            hashMap.put("selfsignup-code", str);
        }
        if (StringUtils.isNotBlank(str2)) {
            hashMap.put("selfsignup-verify-channel", str2);
        }
        if (StringUtils.isNotBlank(str3)) {
            hashMap.put("selfsignup-verify-channel-claim", str3);
        }
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                if (StringUtils.isNotBlank(entry.getValue()) && StringUtils.isNotBlank(entry.getKey())) {
                    hashMap.put(entry.getKey(), entry.getValue());
                }
            }
        }
        handleEvent(str4, hashMap, user);
    }

    private void publishEvent(String str, String str2, String str3, Map<String, String> map, String str4) throws IdentityRecoveryException {
        HashMap hashMap = new HashMap();
        if (StringUtils.isNotBlank(str)) {
            hashMap.put("selfsignup-code", str);
        }
        if (StringUtils.isNotBlank(str2)) {
            hashMap.put("selfsignup-verify-channel", str2);
        }
        if (StringUtils.isNotBlank(str3)) {
            hashMap.put("selfsignup-verify-channel-claim", str3);
        }
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                if (StringUtils.isNotBlank(entry.getValue()) && StringUtils.isNotBlank(entry.getKey())) {
                    hashMap.put(entry.getKey(), entry.getValue());
                }
            }
        }
        try {
            IdentityRecoveryServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event(str4, hashMap));
        } catch (IdentityEventException e) {
            log.error("Error occurred while publishing event " + str4);
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_PUBLISH_EVENT, str4, (Throwable) e);
        }
    }

    private void handleEvent(String str, HashMap<String, Object> hashMap, User user) throws IdentityRecoveryServerException {
        try {
            IdentityRecoveryServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event(str, hashMap));
        } catch (IdentityEventException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_PUBLISH_EVENT, str, (Throwable) e);
        }
    }
}
