package org.wso2.carbon.identity.recovery.handler;

import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityRuntimeException;
import org.wso2.carbon.identity.core.bean.context.MessageContext;
import org.wso2.carbon.identity.core.handler.InitConfig;
import org.wso2.carbon.identity.core.model.IdentityErrorMsgContext;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
import org.wso2.carbon.identity.recovery.IdentityRecoveryException;
import org.wso2.carbon.identity.recovery.RecoveryScenarios;
import org.wso2.carbon.identity.recovery.model.UserRecoveryData;
import org.wso2.carbon.identity.recovery.signup.UserSelfRegistrationManager;
import org.wso2.carbon.identity.recovery.store.JDBCRecoveryDataStore;
import org.wso2.carbon.identity.recovery.util.Utils;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;

/* loaded from: input_file:org/wso2/carbon/identity/recovery/handler/AccountConfirmationValidationHandler.class */
public class AccountConfirmationValidationHandler extends AbstractEventHandler {
    private static final Log log = LogFactory.getLog(AccountConfirmationValidationHandler.class);
    public static final String ACCOUNT_LOCKED_CLAIM = "http://wso2.org/claims/identity/accountLocked";

    public String getName() {
        return "accountConfirmationValidation";
    }

    public String getFriendlyName() {
        return "Account Confirmation Validation";
    }

    public void handleEvent(Event event) throws IdentityEventException {
        Map eventProperties = event.getEventProperties();
        String str = (String) eventProperties.get("user-name");
        UserStoreManager userStoreManager = (UserStoreManager) eventProperties.get("userStoreManager");
        String str2 = (String) eventProperties.get("tenant-domain");
        String userStoreProperty = userStoreManager.getRealmConfiguration().getUserStoreProperty("DomainName");
        User user = new User();
        user.setUserName(str);
        user.setTenantDomain(str2);
        user.setUserStoreDomain(userStoreProperty);
        boolean parseBoolean = Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.ENABLE_SELF_SIGNUP, user.getTenantDomain()));
        boolean parseBoolean2 = Boolean.parseBoolean(Utils.getConnectorConfig(IdentityRecoveryConstants.ConnectorConfig.ENABLE_EMAIL_VERIFICATION, user.getTenantDomain()));
        if (!parseBoolean && !parseBoolean2) {
            if (log.isDebugEnabled()) {
                log.debug("Self signup feature and email verification are disabled in the tenant: " + str2);
                return;
            }
            return;
        }
        if ("POST_AUTHENTICATION".equals(event.getEventName())) {
            if (log.isDebugEnabled()) {
                log.debug("Handling PostAuthenticate for " + user);
            }
            try {
                if (isAuthPolicyAccountExistCheck() && !isUserExistsInDomain(userStoreManager, str)) {
                    IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext("17001"));
                    return;
                }
                if (Boolean.parseBoolean((String) userStoreManager.getUserClaimValues(str, new String[]{"http://wso2.org/claims/identity/accountLocked"}, "default").get("http://wso2.org/claims/identity/accountLocked"))) {
                    boolean booleanValue = ((Boolean) event.getEventProperties().get("OPERATION_STATUS")).booleanValue();
                    if (booleanValue && !isUserAccountConfirmed(user)) {
                        IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext("17005"));
                        throw new IdentityEventException("17005", "User : " + str + " not confirmed yet.");
                    }
                    if (isInvalidCredentialsScenario(booleanValue, user)) {
                        if (log.isDebugEnabled()) {
                            log.debug(String.format("Account unconfirmed user: %s in userstore: %s in tenant: %s is trying to log in with an invalid password", str, userStoreProperty, str2));
                        }
                        IdentityUtil.setIdentityErrorMsg(new IdentityErrorMsgContext("17010"));
                        throw new IdentityEventException("17010", "Invalid login attempt by self registered user: " + str);
                    }
                }
            } catch (UserStoreException e) {
                throw new IdentityEventException("Error while retrieving account lock claim value", e);
            }
        }
    }

    private boolean isInvalidCredentialsScenario(boolean z, User user) throws IdentityEventException {
        UserRecoveryData recoveryData;
        return (z || (recoveryData = getRecoveryData(user)) == null || !RecoveryScenarios.SELF_SIGN_UP.equals(recoveryData.getRecoveryScenario())) ? false : true;
    }

    private UserRecoveryData getRecoveryData(User user) throws IdentityEventException {
        try {
            return JDBCRecoveryDataStore.getInstance().loadWithoutCodeExpiryValidation(user);
        } catch (IdentityRecoveryException e) {
            throw new IdentityEventException("Error while loading recovery data for user ", e);
        }
    }

    public void init(InitConfig initConfig) throws IdentityRuntimeException {
        super.init(initConfig);
    }

    public int getPriority(MessageContext messageContext) {
        return 50;
    }

    /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable, org.wso2.carbon.identity.recovery.IdentityRecoveryException] */
    private boolean isUserAccountConfirmed(User user) throws IdentityEventException {
        try {
            return UserSelfRegistrationManager.getInstance().isUserConfirmed(user);
        } catch (IdentityRecoveryException e) {
            throw new IdentityEventException("Error occurred while checking whether this user is confirmed or not, " + e.getMessage(), (Throwable) e);
        }
    }

    private boolean isUserExistsInDomain(UserStoreManager userStoreManager, String str) throws UserStoreException {
        boolean z = false;
        if (userStoreManager.isExistingUser(str)) {
            z = true;
        }
        return z;
    }

    private boolean isAuthPolicyAccountExistCheck() {
        String property = IdentityUtil.getProperty("AuthenticationPolicy.CheckAccountExist");
        return property == null || Boolean.parseBoolean(property);
    }
}
