package org.wso2.carbon.identity.recovery.handler;

import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityRuntimeException;
import org.wso2.carbon.identity.core.bean.context.MessageContext;
import org.wso2.carbon.identity.core.handler.InitConfig;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
import org.wso2.carbon.identity.governance.IdentityGovernanceUtil;
import org.wso2.carbon.identity.governance.IdentityMgtConstants;
import org.wso2.carbon.identity.governance.exceptions.notiification.NotificationChannelManagerClientException;
import org.wso2.carbon.identity.governance.exceptions.notiification.NotificationChannelManagerException;
import org.wso2.carbon.identity.governance.service.notification.NotificationChannels;
import org.wso2.carbon.identity.recovery.IdentityRecoveryClientException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
import org.wso2.carbon.identity.recovery.IdentityRecoveryException;
import org.wso2.carbon.identity.recovery.RecoveryScenarios;
import org.wso2.carbon.identity.recovery.RecoverySteps;
import org.wso2.carbon.identity.recovery.internal.IdentityRecoveryServiceDataHolder;
import org.wso2.carbon.identity.recovery.model.Property;
import org.wso2.carbon.identity.recovery.model.UserRecoveryData;
import org.wso2.carbon.identity.recovery.store.JDBCRecoveryDataStore;
import org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore;
import org.wso2.carbon.identity.recovery.util.Utils;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;

/* loaded from: input_file:org/wso2/carbon/identity/recovery/handler/LiteUserRegistrationHandler.class */
public class LiteUserRegistrationHandler extends AbstractEventHandler {
    private static final Log log = LogFactory.getLog(LiteUserRegistrationHandler.class);

    public String getName() {
        return "liteUserRegistration";
    }

    public String getFriendlyName() {
        return "Lite User Registration";
    }

    public void handleEvent(Event event) throws IdentityEventException {
        Map<String, Object> eventProperties = event.getEventProperties();
        String str = (String) eventProperties.get("user-name");
        UserStoreManager userStoreManager = (UserStoreManager) eventProperties.get("userStoreManager");
        String str2 = (String) eventProperties.get("tenant-domain");
        String userStoreProperty = userStoreManager.getRealmConfiguration().getUserStoreProperty("DomainName");
        if (!Utils.isLiteSignUp(Utils.getArbitraryProperties())) {
            if (log.isDebugEnabled()) {
                log.debug("Not lite sign up flow for the user.");
                return;
            }
            return;
        }
        User user = new User();
        user.setUserName(str);
        user.setTenantDomain(str2);
        user.setUserStoreDomain(userStoreProperty);
        if (!Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.ENABLE_LITE_SIGN_UP, user.getTenantDomain()))) {
            if (log.isDebugEnabled()) {
                log.debug("Lite sign up feature is disabled in tenant: " + str2);
                return;
            }
            return;
        }
        boolean parseBoolean = Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.LITE_ACCOUNT_LOCK_ON_CREATION, user.getTenantDomain()));
        boolean parseBoolean2 = Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.LITE_SIGN_UP_NOTIFICATION_INTERNALLY_MANAGE, user.getTenantDomain()));
        if ("POST_ADD_USER".equals(event.getEventName())) {
            UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
            try {
                String resolveNotificationChannel = resolveNotificationChannel(eventProperties, str, str2, userStoreProperty);
                if (isNotificationChannelVerified(str, str2, resolveNotificationChannel, eventProperties)) {
                    return;
                }
                if (parseBoolean2 && parseBoolean) {
                    jDBCRecoveryDataStore.invalidate(user);
                    String generateSecretKey = generateSecretKey(resolveNotificationChannel);
                    String resolveEventName = resolveEventName(resolveNotificationChannel, str, userStoreProperty, str2);
                    UserRecoveryData userRecoveryData = new UserRecoveryData(user, generateSecretKey, RecoveryScenarios.LITE_SIGN_UP, RecoverySteps.CONFIRM_LITE_SIGN_UP);
                    userRecoveryData.setRemainingSetIds(resolveNotificationChannel);
                    jDBCRecoveryDataStore.store(userRecoveryData);
                    triggerNotification(user, resolveNotificationChannel, generateSecretKey, Utils.getArbitraryProperties(), resolveEventName);
                }
                if (parseBoolean) {
                    HashMap hashMap = new HashMap();
                    hashMap.put("http://wso2.org/claims/identity/accountLocked", Boolean.TRUE.toString());
                    if (Utils.isAccountStateClaimExisting(str2)) {
                        hashMap.put(IdentityRecoveryConstants.ACCOUNT_STATE_CLAIM_URI, IdentityRecoveryConstants.PENDING_LITE_REGISTRATION);
                    }
                    try {
                        userStoreManager.setUserClaimValues(user.getUserName(), hashMap, (String) null);
                        if (log.isDebugEnabled()) {
                            log.debug("Locked user account: " + user.getUserName());
                        }
                    } catch (UserStoreException e) {
                        throw new IdentityEventException("Error while lock user account :" + user.getUserName(), e);
                    }
                }
            } catch (IdentityRecoveryException e2) {
                throw new IdentityEventException("Error while sending lite sign up notification ", e2);
            }
        }
    }

    private String resolveEventName(String str, String str2, String str3, String str4) {
        String str5 = NotificationChannels.EMAIL_CHANNEL.getChannelType().equals(str) ? "TRIGGER_NOTIFICATION" : IdentityRecoveryConstants.NOTIFICATION_EVENTNAME_PREFIX + str + IdentityRecoveryConstants.NOTIFICATION_EVENTNAME_SUFFIX;
        if (log.isDebugEnabled()) {
            log.debug(String.format("For user : %1$s in domain : %2$s, notifications were sent from the event : %3$s", str3 + CarbonConstants.DOMAIN_SEPARATOR + str2, str4, str5));
        }
        return str5;
    }

    private String resolveNotificationChannel(Map<String, Object> map, String str, String str2, String str3) throws IdentityEventException {
        if (!Boolean.parseBoolean(IdentityUtil.getProperty("Notification.ResolveNotificationChannels.Enable"))) {
            return IdentityGovernanceUtil.getDefaultNotificationChannel();
        }
        String str4 = (String) map.get(IdentityRecoveryConstants.PREFERRED_CHANNEL_CLAIM);
        if (StringUtils.isEmpty(str4)) {
            try {
                str4 = Utils.getNotificationChannelManager().resolveCommunicationChannel(str, str2, str3);
            } catch (NotificationChannelManagerException e) {
                handledNotificationChannelManagerException(e, str, str3, str2);
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Notification channel : %1$s for the user : %2$s in domain : %3$s.", str4, str3 + CarbonConstants.DOMAIN_SEPARATOR + str, str2));
        }
        return str4;
    }

    private void handledNotificationChannelManagerException(NotificationChannelManagerException notificationChannelManagerException, String str, String str2, String str3) throws IdentityEventException {
        if (StringUtils.isNotEmpty(notificationChannelManagerException.getErrorCode()) && StringUtils.isNotEmpty(notificationChannelManagerException.getMessage())) {
            if (IdentityMgtConstants.ErrorMessages.ERROR_CODE_NO_NOTIFICATION_CHANNELS.getCode().equals(notificationChannelManagerException.getErrorCode())) {
                if (log.isDebugEnabled()) {
                    log.debug(String.format("No communication channel for user : %1$s in domain: %2$s", str2 + CarbonConstants.DOMAIN_SEPARATOR + str, str3), notificationChannelManagerException);
                }
            } else if (log.isDebugEnabled()) {
                log.debug(String.format("Error getting claim values for user : %1$s in domain: %2$s", str2 + CarbonConstants.DOMAIN_SEPARATOR + str, str3), notificationChannelManagerException);
            }
        } else if (log.isDebugEnabled()) {
            log.debug(String.format("Error getting claim values for user : %1$s in domain: %2$s", str2 + CarbonConstants.DOMAIN_SEPARATOR + str, str3), notificationChannelManagerException);
        }
        throw new IdentityEventException(notificationChannelManagerException.getErrorCode(), notificationChannelManagerException.getMessage());
    }

    private boolean isNotificationChannelVerified(String str, String str2, String str3, Map<String, Object> map) throws IdentityRecoveryClientException {
        if (Boolean.parseBoolean(IdentityUtil.getProperty(IdentityRecoveryConstants.ConnectorConfig.ENABLE_ACCOUNT_LOCK_FOR_VERIFIED_PREFERRED_CHANNEL))) {
            return false;
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("SkipAccountLockOnVerifiedPreferredChannel is enabled for user : %s in domain : %s. Checking whether the user is already verified", str, str2));
        }
        boolean parseBoolean = Boolean.parseBoolean((String) map.get(getNotificationChannel(str, str3).getVerifiedClaimUrl()));
        if (parseBoolean && log.isDebugEnabled()) {
            log.debug(String.format("Preferred Notification channel : %1$s is verified for the user : %2$s in domain : %3$s. Therefore, no notifications will be sent.", str3, str, str2));
        }
        return parseBoolean;
    }

    private NotificationChannels getNotificationChannel(String str, String str2) throws IdentityRecoveryClientException {
        try {
            return NotificationChannels.getNotificationChannel(str2);
        } catch (NotificationChannelManagerClientException e) {
            if (log.isDebugEnabled()) {
                log.debug("Unsupported channel type : " + str2);
            }
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNSUPPORTED_PREFERRED_CHANNELS, str, (Throwable) e);
        }
    }

    public void init(InitConfig initConfig) throws IdentityRuntimeException {
        super.init(initConfig);
    }

    public int getPriority(MessageContext messageContext) {
        return 60;
    }

    private void triggerNotification(User user, String str, String str2, Property[] propertyArr, String str3) throws IdentityRecoveryException {
        if (log.isDebugEnabled()) {
            log.debug("Sending lite user registration notification user: " + user.getUserName());
        }
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", user.getUserName());
        hashMap.put("tenant-domain", user.getTenantDomain());
        hashMap.put("userstore-domain", user.getUserStoreDomain());
        hashMap.put("notification-channel", str);
        if (propertyArr != null && propertyArr.length > 0) {
            for (Property property : propertyArr) {
                hashMap.put(property.getKey(), property.getValue());
            }
        }
        if (StringUtils.isNotBlank(str2)) {
            hashMap.put(IdentityRecoveryConstants.CONFIRMATION_CODE, str2);
        }
        hashMap.put(IdentityRecoveryConstants.TEMPLATE_TYPE, IdentityRecoveryConstants.NOTIFICATION_TYPE_LITE_USER_EMAIL_CONFIRM);
        try {
            IdentityRecoveryServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event(str3, hashMap));
        } catch (IdentityEventException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_TRIGGER_NOTIFICATION, user.getUserName(), (Throwable) e);
        }
    }

    private String generateSMSOTP() {
        char[] charArray = IdentityRecoveryConstants.SMS_OTP_GENERATE_CHAR_SET.toCharArray();
        SecureRandom secureRandom = new SecureRandom();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < 6; i++) {
            sb.append(charArray[secureRandom.nextInt(charArray.length)]);
        }
        return sb.toString();
    }

    private String generateSecretKey(String str) {
        if (NotificationChannels.SMS_CHANNEL.getChannelType().equals(str)) {
            if (log.isDebugEnabled()) {
                log.debug("OTP was generated for the user for channel : " + str);
            }
            return generateSMSOTP();
        }
        if (log.isDebugEnabled()) {
            log.debug("UUID was generated for the user for channel : " + str);
        }
        return UUIDGenerator.generateUUID();
    }
}
