package org.wso2.carbon.identity.recovery.password;

import java.io.UnsupportedEncodingException;
import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONObject;
import org.slf4j.MDC;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventClientException;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.governance.IdentityGovernanceUtil;
import org.wso2.carbon.identity.governance.service.notification.NotificationChannels;
import org.wso2.carbon.identity.mgt.policy.PolicyViolationException;
import org.wso2.carbon.identity.recovery.AuditConstants;
import org.wso2.carbon.identity.recovery.IdentityRecoveryClientException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
import org.wso2.carbon.identity.recovery.IdentityRecoveryException;
import org.wso2.carbon.identity.recovery.IdentityRecoveryServerException;
import org.wso2.carbon.identity.recovery.RecoveryScenarios;
import org.wso2.carbon.identity.recovery.RecoverySteps;
import org.wso2.carbon.identity.recovery.bean.NotificationResponseBean;
import org.wso2.carbon.identity.recovery.internal.IdentityRecoveryServiceDataHolder;
import org.wso2.carbon.identity.recovery.model.Property;
import org.wso2.carbon.identity.recovery.model.UserRecoveryData;
import org.wso2.carbon.identity.recovery.store.JDBCRecoveryDataStore;
import org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore;
import org.wso2.carbon.identity.recovery.util.Utils;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;

/* loaded from: input_file:org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.class */
public class NotificationPasswordRecoveryManager {
    private static final Log log = LogFactory.getLog(NotificationPasswordRecoveryManager.class);
    private static NotificationPasswordRecoveryManager instance = new NotificationPasswordRecoveryManager();

    private NotificationPasswordRecoveryManager() {
    }

    public static NotificationPasswordRecoveryManager getInstance() {
        return instance;
    }

    public NotificationResponseBean sendRecoveryNotification(User user, String str, Boolean bool, Property[] propertyArr) throws IdentityRecoveryException {
        publishEvent(user, String.valueOf(bool), null, null, propertyArr, "PRE_SEND_RECOVERY_NOTIFICATION", new UserRecoveryData(user, null, RecoveryScenarios.NOTIFICATION_BASED_PW_RECOVERY, RecoverySteps.UPDATE_PASSWORD));
        validateUserStoreDomain(user);
        Utils.validateEmailUsername(user);
        resolveUserAttributes(user);
        validatePasswordRecoveryConfiguration(user.getTenantDomain());
        validateCallback(propertyArr, user.getTenantDomain());
        HashMap<String, String> buildPropertyMap = buildPropertyMap(propertyArr);
        String notificationChannelFromProperties = getNotificationChannelFromProperties(buildPropertyMap);
        boolean isNotificationsInternallyManaged = isNotificationsInternallyManaged(user.getTenantDomain(), bool);
        if (!isNotificationsInternallyManaged) {
            notificationChannelFromProperties = NotificationChannels.EXTERNAL_CHANNEL.getChannelType();
        }
        if (!isUserVerified(buildPropertyMap) && !isExistingUser(user)) {
            if (Boolean.parseBoolean(IdentityUtil.getProperty(IdentityRecoveryConstants.ConnectorConfig.NOTIFY_USER_EXISTENCE))) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_USER, user.getUserName());
            }
            return new NotificationResponseBean(user);
        }
        if (!isLocalCredentialAvailable(user)) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_FEDERATED_USER, user.getUserName());
        }
        if (Utils.isAccountDisabled(user)) {
            if (getNotifyUserAccountStatus()) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_DISABLED_ACCOUNT, user.getUserName());
            }
            return new NotificationResponseBean(user);
        }
        if (Utils.isAccountLocked(user)) {
            checkAccountPendingStatus(user);
            if (getNotifyUserAccountStatus()) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_LOCKED_ACCOUNT, user.getUserName());
            }
            return new NotificationResponseBean(user);
        }
        UserRecoveryData loadWithoutCodeExpiryValidation = JDBCRecoveryDataStore.getInstance().loadWithoutCodeExpiryValidation(user, RecoveryScenarios.NOTIFICATION_BASED_PW_RECOVERY, RecoverySteps.UPDATE_PASSWORD);
        if (!Utils.reIssueExistingConfirmationCode(loadWithoutCodeExpiryValidation, notificationChannelFromProperties)) {
            loadWithoutCodeExpiryValidation = generateNewConfirmationCode(user, notificationChannelFromProperties);
        }
        String secret = loadWithoutCodeExpiryValidation.getSecret();
        NotificationResponseBean notificationResponseBean = new NotificationResponseBean(user);
        if (isNotificationsInternallyManaged) {
            triggerNotification(user, notificationChannelFromProperties, IdentityRecoveryConstants.NOTIFICATION_TYPE_PASSWORD_RESET, secret, Utils.resolveEventName(notificationChannelFromProperties), propertyArr, loadWithoutCodeExpiryValidation);
        } else {
            notificationResponseBean.setKey(secret);
        }
        publishEvent(user, String.valueOf(bool), secret, null, propertyArr, "POST_SEND_RECOVERY_NOTIFICATION", loadWithoutCodeExpiryValidation);
        return notificationResponseBean;
    }

    private boolean getNotifyUserAccountStatus() {
        String property = IdentityUtil.getProperty(IdentityRecoveryConstants.ConnectorConfig.NOTIFY_USER_ACCOUNT_STATUS);
        if (StringUtils.isBlank(property)) {
            return true;
        }
        return Boolean.parseBoolean(property);
    }

    private void checkAccountPendingStatus(User user) throws IdentityRecoveryException {
        String accountState = Utils.getAccountState(user);
        if (StringUtils.isNotBlank(accountState)) {
            if (IdentityRecoveryConstants.PENDING_SELF_REGISTRATION.equals(accountState)) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_PENDING_SELF_REGISTERED_ACCOUNT, user.getUserName());
            }
            if (IdentityRecoveryConstants.PENDING_ASK_PASSWORD.equals(accountState)) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_PENDING_PASSWORD_RESET_ACCOUNT, user.getUserName());
            }
        }
    }

    private UserRecoveryData generateNewConfirmationCode(User user, String str) throws IdentityRecoveryException {
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        jDBCRecoveryDataStore.invalidate(user);
        UserRecoveryData userRecoveryData = new UserRecoveryData(user, Utils.generateSecretKey(str, user.getTenantDomain(), RecoveryScenarios.NOTIFICATION_BASED_PW_RECOVERY.name()), RecoveryScenarios.NOTIFICATION_BASED_PW_RECOVERY, RecoverySteps.UPDATE_PASSWORD);
        userRecoveryData.setRemainingSetIds(str);
        jDBCRecoveryDataStore.store(userRecoveryData);
        return userRecoveryData;
    }

    private boolean isExistingUser(User user) throws IdentityRecoveryException {
        try {
            if (IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(user.getTenantDomain())).getUserStoreManager().isExistingUser(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()))) {
                return true;
            }
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("No user found for recovery with username: " + user.toFullQualifiedUsername());
            return false;
        } catch (UserStoreException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED, (String) null, (Throwable) e);
        }
    }

    private boolean isLocalCredentialAvailable(User user) throws IdentityRecoveryServerException {
        try {
            Map userClaimValues = IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(user.getTenantDomain())).getUserStoreManager().getUserClaimValues(IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()), new String[]{IdentityRecoveryConstants.USER_SOURCE_ID_CLAIM_URI, IdentityRecoveryConstants.LOCAL_CREDENTIAL_EXISTS_CLAIM_URI}, (String) null);
            if (!MapUtils.isNotEmpty(userClaimValues)) {
                return true;
            }
            String str = (String) userClaimValues.get(IdentityRecoveryConstants.USER_SOURCE_ID_CLAIM_URI);
            String str2 = (String) userClaimValues.get(IdentityRecoveryConstants.LOCAL_CREDENTIAL_EXISTS_CLAIM_URI);
            if (!StringUtils.isNotEmpty(str) || str2 == null) {
                return true;
            }
            return Boolean.parseBoolean(str2);
        } catch (UserStoreException e) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Error occurred while checking user's local credential availability. Error message: " + e.getMessage());
            return true;
        }
    }

    private boolean isNotificationsInternallyManaged(String str, Boolean bool) throws IdentityRecoveryException {
        if (bool != null) {
            if (log.isDebugEnabled()) {
                log.debug("Notify parameter in the request. ManageNotificationsInternally set to : " + bool);
            }
            return bool.booleanValue();
        }
        boolean parseBoolean = Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_INTERNALLY_MANAGE, str));
        if (log.isDebugEnabled()) {
            log.debug("Notify parameter not in the request. ManageNotificationsInternally set to server default value: " + parseBoolean);
        }
        return parseBoolean;
    }

    private boolean isUserVerified(HashMap<String, String> hashMap) {
        if (MapUtils.isEmpty(hashMap)) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Empty property map received in the recovery request");
            return false;
        }
        String str = hashMap.get(IdentityRecoveryConstants.VERIFIED_USER_PROPERTY_KEY);
        if (StringUtils.isBlank(str)) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Property : verifiedUser is not in the property map. Hence returning FALSE");
            return false;
        }
        try {
            return Boolean.parseBoolean(str);
        } catch (NumberFormatException e) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug(String.format("Value : %s given for property : %s is not a boolean. Therefore, returning false for the property.", str, IdentityRecoveryConstants.VERIFIED_USER_PROPERTY_KEY));
            return false;
        }
    }

    private String getNotificationChannelFromProperties(HashMap<String, String> hashMap) {
        return MapUtils.isEmpty(hashMap) ? NotificationChannels.EMAIL_CHANNEL.getChannelType() : getServerSupportedNotificationChannel(hashMap.get(IdentityRecoveryConstants.NOTIFICATION_CHANNEL_PROPERTY_KEY));
    }

    private String getServerSupportedNotificationChannel(String str) {
        if (StringUtils.isEmpty(str)) {
            if (log.isDebugEnabled()) {
                log.debug("No notification channel in the request properties. Configuring the notification channel to: " + NotificationChannels.EMAIL_CHANNEL.getChannelType());
            }
            return NotificationChannels.EMAIL_CHANNEL.getChannelType();
        }
        if (!NotificationChannels.EMAIL_CHANNEL.getChannelType().equals(str) && !NotificationChannels.SMS_CHANNEL.getChannelType().equals(str) && !NotificationChannels.EXTERNAL_CHANNEL.getChannelType().equals(str)) {
            String defaultNotificationChannel = IdentityGovernanceUtil.getDefaultNotificationChannel();
            if (log.isDebugEnabled()) {
                log.debug(String.format("Not a server supported notification channel : %s. Therefore default notification channel : %s will be used.", str, defaultNotificationChannel));
            }
            return defaultNotificationChannel;
        }
        return str;
    }

    private HashMap<String, String> buildPropertyMap(Property[] propertyArr) {
        HashMap<String, String> hashMap = new HashMap<>();
        if (ArrayUtils.isNotEmpty(propertyArr)) {
            for (Property property : propertyArr) {
                if (StringUtils.isNotEmpty(property.getKey())) {
                    hashMap.put(property.getKey(), property.getValue());
                }
            }
        }
        return hashMap;
    }

    private void validateCallback(Property[] propertyArr, String str) throws IdentityRecoveryServerException {
        String str2 = null;
        try {
            str2 = Utils.getCallbackURL(propertyArr);
            if (!StringUtils.isNotBlank(str2) || Utils.validateCallbackURL(str2, str, IdentityRecoveryConstants.ConnectorConfig.RECOVERY_CALLBACK_REGEX)) {
            } else {
                throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, str2);
            }
        } catch (UnsupportedEncodingException | URISyntaxException | IdentityEventException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, str2);
        }
    }

    private void validatePasswordRecoveryConfiguration(String str) throws IdentityRecoveryException {
        if (!Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_BASED_PW_RECOVERY, str))) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NOTIFICATION_BASED_PASSWORD_RECOVERY_NOT_ENABLE, null);
        }
    }

    private void resolveUserAttributes(User user) {
        if (StringUtils.isBlank(user.getTenantDomain())) {
            user.setTenantDomain("carbon.super");
            if (log.isDebugEnabled()) {
                log.debug("SendRecoveryNotification :Tenant domain is not in the request. set to default for user : " + user.getUserName());
            }
        }
        if (StringUtils.isBlank(user.getUserStoreDomain())) {
            user.setUserStoreDomain(IdentityUtil.getPrimaryDomainName());
            if (log.isDebugEnabled()) {
                log.debug("SendRecoveryNotification : User store domain is not in the request. set to default for user : " + user.getUserName());
            }
        }
    }

    public void updatePassword(String str, String str2, Property[] propertyArr) throws IdentityRecoveryException, IdentityEventException {
        updateUserPassword(str, str2, propertyArr);
    }

    public User updateUserPassword(String str, String str2, Property[] propertyArr) throws IdentityRecoveryException, IdentityEventException {
        UserRecoveryDataStore jDBCRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        UserRecoveryData load = jDBCRecoveryDataStore.load(str);
        validateCallback(propertyArr, load.getUser().getTenantDomain());
        publishEvent(load.getUser(), null, str, str2, propertyArr, "PRE_ADD_NEW_PASSWORD", load);
        validateTenantDomain(load.getUser());
        if (!RecoverySteps.UPDATE_PASSWORD.equals(load.getRecoveryStep())) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE, str);
        }
        String serverSupportedNotificationChannel = getServerSupportedNotificationChannel(load.getRemainingSetIds());
        boolean parseBoolean = Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_INTERNALLY_MANAGE, load.getUser().getTenantDomain()));
        boolean parseBoolean2 = Boolean.parseBoolean(Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_SEND_RECOVERY_NOTIFICATION_SUCCESS, load.getUser().getTenantDomain()));
        String addDomainToName = IdentityUtil.addDomainToName(load.getUser().getUserName(), load.getUser().getUserStoreDomain());
        updateNewPassword(load.getUser(), str2, addDomainToName, load, parseBoolean);
        jDBCRecoveryDataStore.invalidate(load.getUser());
        if (parseBoolean && !NotificationChannels.EXTERNAL_CHANNEL.getChannelType().equals(serverSupportedNotificationChannel)) {
            String str3 = null;
            if (isAskPasswordFlow(load) && isAskPasswordEmailTemplateTypeExists(load.getUser().getTenantDomain())) {
                str3 = IdentityRecoveryConstants.ACCOUNT_ACTIVATION_SUCCESS;
            } else if (parseBoolean2) {
                str3 = IdentityRecoveryConstants.NOTIFICATION_TYPE_PASSWORD_RESET_SUCCESS;
            }
            try {
                String resolveEventName = Utils.resolveEventName(serverSupportedNotificationChannel);
                if (StringUtils.isNotBlank(str3)) {
                    triggerNotification(load.getUser(), serverSupportedNotificationChannel, str3, "", resolveEventName, propertyArr, load);
                }
            } catch (IdentityRecoveryException e) {
                String format = String.format("Error while sending password reset success notification to user : %s", load.getUser().getUserName());
                log.error(format);
                auditPasswordReset(load.getUser(), AuditConstants.ACTION_PASSWORD_RESET, format, "Success", load.getRecoveryScenario().name(), load.getRecoveryStep().name());
            }
        }
        publishEvent(load.getUser(), null, str, str2, propertyArr, "POST_ADD_NEW_PASSWORD", load);
        if (log.isDebugEnabled()) {
            log.debug("Password is updated for  user: " + addDomainToName);
        }
        auditPasswordReset(load.getUser(), AuditConstants.ACTION_PASSWORD_RESET, null, "Success", load.getRecoveryScenario().name(), load.getRecoveryStep().name());
        return load.getUser();
    }

    private void updateNewPassword(User user, String str, String str2, UserRecoveryData userRecoveryData, boolean z) throws IdentityEventException, IdentityRecoveryException {
        try {
            UserStoreManager userStoreManager = IdentityRecoveryServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(userRecoveryData.getUser().getTenantDomain())).getUserStoreManager();
            userStoreManager.updateCredentialByAdmin(str2, str);
            HashMap<String, String> accountStateClaims = getAccountStateClaims(userRecoveryData, z);
            if (MapUtils.isNotEmpty(accountStateClaims)) {
                userStoreManager.setUserClaimValues(str2, accountStateClaims, (String) null);
            }
        } catch (UserStoreException e) {
            checkPasswordValidity(e, user);
            if (log.isDebugEnabled()) {
                log.debug("NotificationPasswordRecoveryManager: Unexpected Error occurred while updating password for the user: " + str2, e);
            }
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED, (String) null, e);
        }
    }

    private HashMap<String, String> getAccountStateClaims(UserRecoveryData userRecoveryData, boolean z) throws IdentityEventException {
        HashMap<String, String> hashMap = new HashMap<>();
        Enum recoveryScenario = userRecoveryData.getRecoveryScenario();
        if (z) {
            if (NotificationChannels.EMAIL_CHANNEL.getChannelType().equals(userRecoveryData.getRemainingSetIds())) {
                hashMap.put(NotificationChannels.EMAIL_CHANNEL.getVerifiedClaimUrl(), Boolean.TRUE.toString());
            } else if (NotificationChannels.SMS_CHANNEL.getChannelType().equals(userRecoveryData.getRemainingSetIds())) {
                hashMap.put(NotificationChannels.SMS_CHANNEL.getVerifiedClaimUrl(), Boolean.TRUE.toString());
            } else {
                if (log.isDebugEnabled()) {
                    log.debug(String.format("No notification channels for the user : %s in tenant domain : %s", userRecoveryData.getUser().getUserStoreDomain() + userRecoveryData.getUser().getUserName(), userRecoveryData.getUser().getTenantDomain()));
                }
                hashMap.put(NotificationChannels.EMAIL_CHANNEL.getVerifiedClaimUrl(), Boolean.TRUE.toString());
            }
        }
        if (!RecoveryScenarios.NOTIFICATION_BASED_PW_RECOVERY.equals(recoveryScenario) && !RecoveryScenarios.QUESTION_BASED_PWD_RECOVERY.equals(recoveryScenario) && Utils.isAccountStateClaimExisting(userRecoveryData.getUser().getTenantDomain())) {
            hashMap.put(IdentityRecoveryConstants.ACCOUNT_STATE_CLAIM_URI, IdentityRecoveryConstants.ACCOUNT_STATE_UNLOCKED);
            hashMap.put(IdentityRecoveryConstants.ACCOUNT_LOCKED_REASON_CLAIM, "");
            hashMap.put("http://wso2.org/claims/identity/accountLocked", Boolean.FALSE.toString());
        }
        if (RecoveryScenarios.ADMIN_FORCED_PASSWORD_RESET_VIA_EMAIL_LINK.equals(recoveryScenario) || RecoveryScenarios.ADMIN_FORCED_PASSWORD_RESET_VIA_OTP.equals(recoveryScenario) || RecoveryScenarios.ASK_PASSWORD.equals(recoveryScenario)) {
            hashMap.put("http://wso2.org/claims/identity/accountLocked", Boolean.FALSE.toString());
            hashMap.remove(IdentityRecoveryConstants.ACCOUNT_LOCKED_REASON_CLAIM);
            hashMap.remove(IdentityRecoveryConstants.ACCOUNT_STATE_CLAIM_URI);
        }
        return hashMap;
    }

    private void validateTenantDomain(User user) throws IdentityRecoveryClientException {
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String tenantDomain2 = user.getTenantDomain();
        if (!StringUtils.equals(tenantDomain, tenantDomain2)) {
            throw new IdentityRecoveryClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_USER_TENANT_DOMAIN_MISS_MATCH_WITH_CONTEXT.getCode(), "invalid tenant domain: " + tenantDomain2);
        }
    }

    private void checkPasswordValidity(UserStoreException userStoreException, User user) throws IdentityRecoveryClientException {
        IdentityEventException cause = userStoreException.getCause();
        while (true) {
            IdentityEventException identityEventException = cause;
            if (identityEventException == null) {
                Utils.checkPasswordPatternViolation(userStoreException, user);
                return;
            } else {
                if ((identityEventException instanceof IdentityEventException) && StringUtils.equals(identityEventException.getErrorCode(), "22001")) {
                    throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_HISTORY_VIOLATE, (String) null, (Throwable) userStoreException);
                }
                if (identityEventException instanceof PolicyViolationException) {
                    throw ((IdentityRecoveryClientException) IdentityException.error(IdentityRecoveryClientException.class, IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_POLICY_VIOLATION.getCode(), identityEventException.getMessage(), userStoreException));
                }
                cause = identityEventException.getCause();
            }
        }
    }

    private void triggerNotification(User user, String str, String str2, String str3, String str4, Property[] propertyArr, UserRecoveryData userRecoveryData) throws IdentityRecoveryException {
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", user.getUserName());
        hashMap.put("tenant-domain", user.getTenantDomain());
        hashMap.put("userstore-domain", user.getUserStoreDomain());
        hashMap.put("notification-channel", str);
        if (userRecoveryData != null) {
            hashMap.put("RECOVERY_SCENARIO", userRecoveryData.getRecoveryScenario().name());
        }
        if (StringUtils.isNotBlank(str3)) {
            hashMap.put(IdentityRecoveryConstants.CONFIRMATION_CODE, str3);
        }
        if (propertyArr != null) {
            for (Property property : propertyArr) {
                if (StringUtils.isNotBlank(property.getValue()) && StringUtils.isNotBlank(property.getKey())) {
                    hashMap.put(property.getKey(), property.getValue());
                }
            }
        }
        hashMap.put(IdentityRecoveryConstants.TEMPLATE_TYPE, str2);
        try {
            IdentityRecoveryServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event(str4, hashMap));
            auditPasswordRecovery(AuditConstants.ACTION_PASSWORD_RECOVERY, str, user, null, "Success", userRecoveryData, str2);
        } catch (IdentityEventException e) {
            auditPasswordRecovery(AuditConstants.ACTION_PASSWORD_RECOVERY, str, user, e.getMessage(), "Failed", userRecoveryData, str2);
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_TRIGGER_NOTIFICATION, user.getUserName(), (Throwable) e);
        }
    }

    private void publishEvent(User user, String str, String str2, String str3, Property[] propertyArr, String str4, UserRecoveryData userRecoveryData) throws IdentityRecoveryException {
        HashMap hashMap = new HashMap();
        hashMap.put(IdentityRecoveryConstants.ENTITY_TYPE_USER, user);
        hashMap.put("user-name", user.getUserName());
        hashMap.put("tenant-domain", user.getTenantDomain());
        hashMap.put("userstore-domain", user.getUserStoreDomain());
        if (userRecoveryData != null) {
            hashMap.put("RECOVERY_SCENARIO", userRecoveryData.getRecoveryScenario().name());
        }
        if (StringUtils.isNotBlank(str2)) {
            hashMap.put(IdentityRecoveryConstants.CONFIRMATION_CODE, str2);
        }
        if (StringUtils.isNotBlank(str)) {
            hashMap.put(IdentityRecoveryConstants.NOTIFY, str);
        }
        if (propertyArr != null) {
            for (Property property : propertyArr) {
                if (StringUtils.isNotBlank(property.getValue()) && StringUtils.isNotBlank(property.getKey())) {
                    hashMap.put(property.getKey(), property.getValue());
                }
            }
        }
        try {
            IdentityRecoveryServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event(str4, hashMap));
        } catch (IdentityEventException e) {
            log.error("Error occurred while publishing event " + str4 + " for user " + user);
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_PUBLISH_EVENT, str4, (Throwable) e);
        } catch (IdentityEventClientException e2) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_ERROR_HANDLING_THE_EVENT.getCode(), e2.getMessage(), (String) null);
        }
    }

    public void validateConfirmationCode(String str, String str2) throws IdentityRecoveryException {
        getValidatedUser(str, str2);
    }

    public User getValidatedUser(String str, String str2) throws IdentityRecoveryException {
        UserRecoveryData load = JDBCRecoveryDataStore.getInstance().load(str);
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String tenantDomain2 = load.getUser().getTenantDomain();
        if (!StringUtils.equals(tenantDomain, tenantDomain2)) {
            throw new IdentityRecoveryClientException("Invalid tenant domain: " + tenantDomain2);
        }
        if (StringUtils.isNotBlank(str2) && !str2.equals(load.getRecoveryStep().name())) {
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE, null);
        }
        User user = load.getUser();
        String addDomainToName = IdentityUtil.addDomainToName(user.getUserName(), load.getUser().getUserStoreDomain());
        if (log.isDebugEnabled()) {
            log.debug("Valid confirmation code for user: " + addDomainToName);
        }
        return user;
    }

    private void auditPasswordRecovery(String str, String str2, User user, String str3, String str4, UserRecoveryData userRecoveryData, String str5) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(AuditConstants.REMOTE_ADDRESS_KEY, MDC.get(AuditConstants.REMOTE_ADDRESS_QUERY_KEY));
        jSONObject.put(AuditConstants.USER_AGENT_KEY, MDC.get(AuditConstants.USER_AGENT_QUERY_KEY));
        jSONObject.put(AuditConstants.NOTIFICATION_CHANNEL, str2);
        jSONObject.put(AuditConstants.SERVICE_PROVIDER_KEY, MDC.get(AuditConstants.SERVICE_PROVIDER_QUERY_KEY));
        jSONObject.put(AuditConstants.USER_STORE_DOMAIN, user.getUserStoreDomain());
        if (userRecoveryData != null) {
            jSONObject.put(AuditConstants.RECOVERY_SCENARIO, userRecoveryData.getRecoveryScenario().name());
            jSONObject.put(AuditConstants.RECOVERY_STEP, userRecoveryData.getRecoveryStep().name());
        }
        jSONObject.put(AuditConstants.TENANT_DOMAIN, user.getTenantDomain());
        jSONObject.put(AuditConstants.NOTIFICATION_TEMPLATE_TYPE, str5);
        if ("Failed".equals(str4)) {
            jSONObject.put(AuditConstants.ERROR_MESSAGE_KEY, str3);
        }
        Utils.createAuditMessage(str, user.getUserName(), jSONObject, str4);
    }

    private void auditPasswordReset(User user, String str, String str2, String str3, String str4, String str5) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(AuditConstants.REMOTE_ADDRESS_KEY, MDC.get(AuditConstants.REMOTE_ADDRESS_QUERY_KEY));
        jSONObject.put(AuditConstants.USER_AGENT_KEY, MDC.get(AuditConstants.USER_AGENT_QUERY_KEY));
        jSONObject.put(AuditConstants.SERVICE_PROVIDER_KEY, MDC.get(AuditConstants.SERVICE_PROVIDER_QUERY_KEY));
        jSONObject.put(AuditConstants.USER_STORE_DOMAIN, user.getUserStoreDomain());
        jSONObject.put(AuditConstants.RECOVERY_SCENARIO, str4);
        jSONObject.put(AuditConstants.RECOVERY_STEP, str5);
        jSONObject.put(AuditConstants.TENANT_DOMAIN, user.getTenantDomain());
        if ("Failed".equals(str3)) {
            jSONObject.put(AuditConstants.ERROR_MESSAGE_KEY, str2);
        }
        Utils.createAuditMessage(str, user.getUserName(), jSONObject, str3);
    }

    private void validateUserStoreDomain(User user) throws IdentityRecoveryClientException, IdentityRecoveryServerException {
        int tenantId = IdentityTenantUtil.getTenantId(user.getTenantDomain());
        if (StringUtils.isBlank(user.getUserStoreDomain())) {
            String[] userList = getUserList(tenantId, user.getUserName());
            if (!ArrayUtils.isEmpty(userList)) {
                if (userList.length != 1) {
                    throw new IdentityRecoveryClientException("There are multiple users with username: " + user.getUserName() + " in the system, please send the correct user-store domain along with the username.");
                }
                user.setUserStoreDomain(IdentityUtil.extractDomainFromName(userList[0]));
            } else {
                String str = "Unable to find an user with username: " + user.getUserName() + " in the system.";
                if (log.isDebugEnabled()) {
                    log.debug(str);
                }
            }
        }
    }

    private static String[] getUserList(int i, String str) throws IdentityRecoveryServerException {
        String[] strArr = null;
        RealmService realmService = IdentityRecoveryServiceDataHolder.getInstance().getRealmService();
        try {
            if (realmService.getTenantUserRealm(i) != null) {
                strArr = realmService.getTenantUserRealm(i).getUserStoreManager().listUsers(str, 2);
            }
            return strArr;
        } catch (UserStoreException e) {
            throw new IdentityRecoveryServerException("Error retrieving the user-list for the tenant : " + i, (Throwable) e);
        }
    }

    private boolean isAskPasswordFlow(UserRecoveryData userRecoveryData) {
        return RecoveryScenarios.ASK_PASSWORD.equals(userRecoveryData.getRecoveryScenario());
    }

    private boolean isAskPasswordEmailTemplateTypeExists(String str) {
        return IdentityRecoveryServiceDataHolder.getInstance().getResourceMgtService().getIdentityResource(new StringBuilder().append("/identity/email/").append(IdentityRecoveryConstants.ACCOUNT_ACTIVATION_SUCCESS.toLowerCase()).toString(), str) != null;
    }
}
