package org.wso2.carbon.identity.mgt.services;

import java.util.UUID;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.captcha.mgt.beans.CaptchaInfoBean;
import org.wso2.carbon.captcha.mgt.util.CaptchaUtil;
import org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor;
import org.wso2.carbon.identity.mgt.IdentityMgtConfig;
import org.wso2.carbon.identity.mgt.IdentityMgtException;
import org.wso2.carbon.identity.mgt.beans.UserMgtBean;
import org.wso2.carbon.identity.mgt.beans.VerificationBean;
import org.wso2.carbon.identity.mgt.constants.IdentityMgtConstants;
import org.wso2.carbon.identity.mgt.dto.RecoveryDataDTO;
import org.wso2.carbon.identity.mgt.dto.UserChallengesDTO;
import org.wso2.carbon.identity.mgt.internal.IdentityMgtServiceComponent;
import org.wso2.carbon.identity.mgt.util.PasswordUtil;
import org.wso2.carbon.identity.mgt.util.Utils;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/mgt/services/IdentityManagementService.class */
public class IdentityManagementService {
    private static final Log log = LogFactory.getLog(IdentityManagementService.class);

    public VerificationBean verifyUser(UserMgtBean userMgtBean, CaptchaInfoBean captchaInfoBean) {
        VerificationBean verificationBean = new VerificationBean();
        if (IdentityMgtConfig.getInstance().isCaptchaVerificationInternallyManaged()) {
            try {
                CaptchaUtil.processCaptchaInfoBean(captchaInfoBean);
            } catch (Exception e) {
                log.error(e.getMessage());
                verificationBean.setError("Captcha validation is failed");
                verificationBean.setVerified(false);
                return verificationBean;
            }
        }
        try {
            Utils.processUserId(userMgtBean);
            int tenantId = Utils.getTenantId(userMgtBean.getTenantDomain());
            if (!Utils.verifyUserForRecovery(userMgtBean)) {
                log.error("User verification failed for user : " + userMgtBean.getUserId() + " from tenant domain " + userMgtBean.getTenantDomain());
                verificationBean.setError("User verification failed");
                verificationBean.setVerified(false);
                return verificationBean;
            }
            try {
                UserRegistry configSystemRegistry = IdentityMgtServiceComponent.getRegistryService().getConfigSystemRegistry(-1234);
                String str = "/repository/components/org.wso2.carbon.identity.mgt/keys/" + tenantId + "/" + userMgtBean.getUserId();
                if (configSystemRegistry.resourceExists(str)) {
                    configSystemRegistry.delete(str);
                }
                Utils.clearVerifiedChallenges(userMgtBean);
                String uuid = UUID.randomUUID().toString();
                Resource newResource = configSystemRegistry.newResource();
                newResource.addProperty(IdentityMgtConstants.USER_KEY, uuid);
                newResource.setVersionableChange(false);
                configSystemRegistry.put(str, newResource);
                verificationBean.setVerified(true);
                verificationBean.setKey(uuid);
                log.info("User verification successful for user : " + userMgtBean.getUserId() + " from tenant domain " + userMgtBean.getTenantDomain());
                return verificationBean;
            } catch (Exception e2) {
                log.error(e2.getMessage());
                verificationBean.setError("Unexpected error has occurred");
                verificationBean.setVerified(false);
                return verificationBean;
            }
        } catch (IdentityMgtException e3) {
            log.error(e3.getMessage());
            verificationBean.setError("Unexpected error has occurred");
            verificationBean.setVerified(false);
            return verificationBean;
        }
    }

    public boolean processPasswordRecovery(UserMgtBean userMgtBean) throws IdentityMgtException {
        Utils.processUserId(userMgtBean);
        if (!Utils.verifyUserId(userMgtBean)) {
            log.warn("Invalid user is trying to recover the password  : " + userMgtBean.getUserId());
            return false;
        }
        userMgtBean.setRecoveryType(IdentityMgtConstants.RECOVERY_TYPE_PASSWORD_RESET);
        return IdentityMgtServiceComponent.getRecoveryProcessor().processRecoveryUsingEmail(userMgtBean, Utils.getTenantId(userMgtBean.getTenantDomain())).isEmailSent();
    }

    public boolean processAccountConfirmation(UserMgtBean userMgtBean) throws IdentityMgtException {
        Utils.processUserId(userMgtBean);
        userMgtBean.setRecoveryType(IdentityMgtConstants.RECOVERY_TYPE_ACCOUNT_CONFORM);
        return IdentityMgtServiceComponent.getRecoveryProcessor().processRecoveryUsingEmail(userMgtBean, Utils.getTenantId(userMgtBean.getTenantDomain())).isEmailSent();
    }

    public boolean processTemporaryPassword(UserMgtBean userMgtBean) throws IdentityMgtException {
        Utils.processUserId(userMgtBean);
        if (!Utils.verifyUserId(userMgtBean)) {
            log.warn("Invalid user is trying to recover the password : " + userMgtBean.getUserId());
            return false;
        }
        userMgtBean.setRecoveryType("temporaryPassword");
        return IdentityMgtServiceComponent.getRecoveryProcessor().processRecoveryUsingEmail(userMgtBean, Utils.getTenantId(userMgtBean.getTenantDomain())).isEmailSent();
    }

    public boolean processAccountRecovery(UserMgtBean userMgtBean) throws IdentityMgtException {
        userMgtBean.setRecoveryType(IdentityMgtConstants.RECOVERY_TYPE_ACCOUNT_ID);
        if (userMgtBean.getTenantDomain() == null) {
            userMgtBean.setTenantDomain("carbon.super");
        }
        int tenantId = Utils.getTenantId(userMgtBean.getTenantDomain());
        String verifyUserEvidences = Utils.verifyUserEvidences(userMgtBean);
        if (verifyUserEvidences == null) {
            return false;
        }
        userMgtBean.setUserId(verifyUserEvidences);
        return IdentityMgtServiceComponent.getRecoveryProcessor().processRecoveryUsingEmail(userMgtBean, tenantId).isEmailSent();
    }

    public VerificationBean confirmUserAccount(String str) {
        return Utils.verifyConfirmationKey(str);
    }

    public boolean updateCredential(UserMgtBean userMgtBean, CaptchaInfoBean captchaInfoBean) {
        boolean z = false;
        UserRegistry userRegistry = null;
        try {
            try {
                if (IdentityMgtConfig.getInstance().isCaptchaVerificationInternallyManaged()) {
                    CaptchaUtil.processCaptchaInfoBean(captchaInfoBean);
                }
                Utils.processUserId(userMgtBean);
                UserRegistry configSystemRegistry = IdentityMgtServiceComponent.getRegistryService().getConfigSystemRegistry(-1234);
                String str = "/repository/components/org.wso2.carbon.identity.mgt/keys/" + Utils.getTenantId(userMgtBean.getTenantDomain()) + "/" + userMgtBean.getUserId();
                if (configSystemRegistry.resourceExists(str)) {
                    Resource resource = configSystemRegistry.get(str);
                    String str2 = null;
                    if (resource != null) {
                        str2 = resource.getProperty(IdentityMgtConstants.SECRET_KEY);
                    }
                    if (str2 == null || !str2.equals(userMgtBean.getSecretKey())) {
                        log.warn("Invalid user tried to update credential with user Id : " + userMgtBean.getUserId() + " and tenant domain : " + userMgtBean.getTenantDomain());
                    } else {
                        z = PasswordUtil.updatePassword(userMgtBean);
                        configSystemRegistry.delete(resource.getPath());
                        log.info("Credential is updated for user : " + userMgtBean.getUserId() + " and tenant domain : " + userMgtBean.getTenantDomain());
                    }
                } else {
                    log.warn("Invalid user tried to update credential with user Id  : " + userMgtBean.getUserId() + " with tenant domain : " + userMgtBean.getTenantDomain());
                }
                if (configSystemRegistry != null) {
                    try {
                        if (z) {
                            configSystemRegistry.commitTransaction();
                        } else {
                            configSystemRegistry.rollbackTransaction();
                        }
                    } catch (Exception e) {
                        log.error("Error while processing registry transaction", e);
                    }
                }
            } catch (Exception e2) {
                log.error("Error while updating credential for user : " + userMgtBean.getUserId() + " in tenant domain : " + userMgtBean.getTenantDomain(), e2);
                if (0 != 0) {
                    try {
                        if (0 != 0) {
                            userRegistry.commitTransaction();
                        } else {
                            userRegistry.rollbackTransaction();
                        }
                    } catch (Exception e3) {
                        log.error("Error while processing registry transaction", e3);
                    }
                }
            }
            return z;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    if (0 != 0) {
                        userRegistry.commitTransaction();
                    } else {
                        userRegistry.rollbackTransaction();
                    }
                } catch (Exception e4) {
                    log.error("Error while processing registry transaction", e4);
                }
            }
            throw th;
        }
    }

    public boolean unlockUserAccount(UserMgtBean userMgtBean) {
        UserRegistry userRegistry = null;
        boolean z = false;
        try {
            try {
                Utils.processUserId(userMgtBean);
                UserRegistry configSystemRegistry = IdentityMgtServiceComponent.getRegistryService().getConfigSystemRegistry(-1234);
                String str = "/repository/components/org.wso2.carbon.identity.mgt/keys/" + Utils.getTenantId(userMgtBean.getTenantDomain()) + "/" + userMgtBean.getUserId();
                if (configSystemRegistry.resourceExists(str)) {
                    Resource resource = configSystemRegistry.get(str);
                    String str2 = null;
                    if (resource != null) {
                        str2 = resource.getProperty(IdentityMgtConstants.SECRET_KEY);
                    }
                    if (str2 == null || !str2.equals(userMgtBean.getSecretKey())) {
                        log.warn("Invalid user tried to unlock account with user id : " + userMgtBean.getUserId() + " and tenant domain : " + userMgtBean.getTenantDomain());
                    } else {
                        Utils.persistAccountStatus(userMgtBean.getUserId(), Utils.getTenantId(userMgtBean.getTenantDomain()), "false");
                        configSystemRegistry.delete(resource.getPath());
                        z = true;
                        log.info("Account is unlocked for : " + userMgtBean.getUserId() + " in tenant domain : " + userMgtBean.getTenantDomain());
                    }
                } else {
                    log.warn("Invalid user tried to unlock account with user id : " + userMgtBean.getUserId() + " and tenant domain : " + userMgtBean.getTenantDomain());
                }
                if (configSystemRegistry != null) {
                    try {
                        if (z) {
                            configSystemRegistry.commitTransaction();
                        } else {
                            configSystemRegistry.rollbackTransaction();
                        }
                    } catch (Exception e) {
                        log.error("Error while processing registry transaction", e);
                    }
                }
            } catch (Exception e2) {
                log.error("Error while unlocking account for user : " + userMgtBean.getUserId() + " in tenant domain : " + userMgtBean.getTenantDomain(), e2);
                if (0 != 0) {
                    try {
                        if (0 != 0) {
                            userRegistry.commitTransaction();
                        } else {
                            userRegistry.rollbackTransaction();
                        }
                    } catch (Exception e3) {
                        log.error("Error while processing registry transaction", e3);
                    }
                }
            }
            return z;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    if (0 != 0) {
                        userRegistry.commitTransaction();
                    } else {
                        userRegistry.rollbackTransaction();
                    }
                } catch (Exception e4) {
                    log.error("Error while processing registry transaction", e4);
                }
            }
            throw th;
        }
    }

    public CaptchaInfoBean generateRandomCaptcha() throws IdentityMgtException {
        try {
            CaptchaUtil.cleanOldCaptchas();
            return CaptchaUtil.generateCaptchaImage();
        } catch (Exception e) {
            log.error("Error while generating captcha", e);
            throw new IdentityMgtException("Error while generating captcha", e);
        }
    }

    public UserChallengesDTO[] getChallengeQuestionsOfUser(UserMgtBean userMgtBean) throws IdentityMgtException {
        Utils.processUserId(userMgtBean);
        return IdentityMgtServiceComponent.getRecoveryProcessor().getQuestionProcessor().getChallengeQuestionsOfUser(userMgtBean.getUserId(), Utils.getTenantId(userMgtBean.getTenantDomain()), false);
    }

    public UserChallengesDTO[] getPrimaryQuestionsOfUser(UserMgtBean userMgtBean) throws IdentityMgtException {
        Utils.processUserId(userMgtBean);
        return IdentityMgtServiceComponent.getRecoveryProcessor().getQuestionProcessor().getPrimaryChallengeQuestionsOfUser(userMgtBean.getUserId(), Utils.getTenantId(userMgtBean.getTenantDomain()));
    }

    public VerificationBean verifyChallengeQuestion(UserMgtBean userMgtBean) throws IdentityMgtException {
        VerificationBean verificationBean = new VerificationBean();
        verificationBean.setVerified(false);
        UserChallengesDTO[] userChallenges = userMgtBean.getUserChallenges();
        if (userChallenges == null || userChallenges.length < 1) {
            log.error("no challenges provided by user for verifications");
            verificationBean.setError("no challenges provided by user for verifications");
            return verificationBean;
        }
        Utils.processUserId(userMgtBean);
        if (!Utils.verifyUserId(userMgtBean)) {
            log.warn("Invalid user is trying to verify user challenges");
            verificationBean.setError("Invalid user is trying to verify user challenges");
            return verificationBean;
        }
        ChallengeQuestionProcessor questionProcessor = IdentityMgtServiceComponent.getRecoveryProcessor().getQuestionProcessor();
        int tenantId = Utils.getTenantId(userMgtBean.getTenantDomain());
        if (questionProcessor.verifyChallengeQuestion(userMgtBean.getUserId(), tenantId, userChallenges)) {
            String str = Utils.getVerifiedChallenges(userMgtBean) == questionProcessor.getNoOfChallengeQuestions(userMgtBean.getUserId(), tenantId) - 1 ? IdentityMgtConstants.SECRET_KEY : IdentityMgtConstants.USER_KEY;
            try {
                UserRegistry configSystemRegistry = IdentityMgtServiceComponent.getRegistryService().getConfigSystemRegistry(-1234);
                String str2 = "/repository/components/org.wso2.carbon.identity.mgt/keys/" + Utils.getTenantId(userMgtBean.getTenantDomain()) + "/" + userMgtBean.getUserId();
                if (configSystemRegistry.resourceExists(str2)) {
                    configSystemRegistry.delete(str2);
                }
                String uuid = UUID.randomUUID().toString();
                Resource newResource = configSystemRegistry.newResource();
                newResource.addProperty(str, uuid);
                newResource.setVersionableChange(false);
                configSystemRegistry.put(str2, newResource);
                if (IdentityMgtConstants.USER_KEY.equals(str)) {
                    Utils.setVerifiedChallenges(userMgtBean);
                } else {
                    Utils.clearVerifiedChallenges(userMgtBean);
                }
                verificationBean.setVerified(true);
                verificationBean.setKey(uuid);
            } catch (RegistryException e) {
                log.error("Unexpected error has occurred", e);
                verificationBean.setError("Unexpected error has occurred");
                return verificationBean;
            }
        }
        return verificationBean;
    }

    public boolean verifyPrimaryChallengeQuestion(UserMgtBean userMgtBean) throws IdentityMgtException {
        Utils.processUserId(userMgtBean);
        UserChallengesDTO[] userChallenges = userMgtBean.getUserChallenges();
        if (userChallenges != null && userChallenges.length >= 1) {
            return IdentityMgtServiceComponent.getRecoveryProcessor().getQuestionProcessor().verifyPrimaryChallengeQuestion(userMgtBean.getUserId(), Utils.getTenantId(userMgtBean.getTenantDomain()), userChallenges);
        }
        log.error("no challenges provided by user for verifications");
        return false;
    }

    public RecoveryDataDTO getPasswordRecoveryData(UserMgtBean userMgtBean) throws IdentityMgtException {
        Utils.processUserId(userMgtBean);
        userMgtBean.setRecoveryType(IdentityMgtConstants.RECOVERY_TYPE_PASSWORD_RESET);
        return IdentityMgtServiceComponent.getRecoveryProcessor().processRecoveryUsingEmail(userMgtBean, Utils.getTenantId(userMgtBean.getTenantDomain()));
    }

    public RecoveryDataDTO getAccountConfirmationData(UserMgtBean userMgtBean) throws IdentityMgtException {
        Utils.processUserId(userMgtBean);
        userMgtBean.setRecoveryType(IdentityMgtConstants.RECOVERY_TYPE_ACCOUNT_CONFORM);
        return IdentityMgtServiceComponent.getRecoveryProcessor().processRecoveryUsingEmail(userMgtBean, Utils.getTenantId(userMgtBean.getTenantDomain()));
    }

    public RecoveryDataDTO getTemporaryPasswordData(UserMgtBean userMgtBean) throws IdentityMgtException {
        Utils.processUserId(userMgtBean);
        userMgtBean.setRecoveryType("temporaryPassword");
        return IdentityMgtServiceComponent.getRecoveryProcessor().processRecoveryUsingEmail(userMgtBean, Utils.getTenantId(userMgtBean.getTenantDomain()));
    }

    public RecoveryDataDTO getAccountRecoveryData(UserMgtBean userMgtBean) throws IdentityMgtException {
        Utils.processUserId(userMgtBean);
        userMgtBean.setRecoveryType(IdentityMgtConstants.RECOVERY_TYPE_ACCOUNT_ID);
        int tenantId = Utils.getTenantId(userMgtBean.getTenantDomain());
        String verifyUserEvidences = Utils.verifyUserEvidences(userMgtBean);
        if (verifyUserEvidences != null) {
            userMgtBean.setUserId(verifyUserEvidences);
            return IdentityMgtServiceComponent.getRecoveryProcessor().processRecoveryUsingEmail(userMgtBean, tenantId);
        }
        RecoveryDataDTO recoveryDataDTO = new RecoveryDataDTO();
        recoveryDataDTO.setEmailSent(false);
        return recoveryDataDTO;
    }

    public void setChallengeQuestionsOfUser(UserMgtBean userMgtBean) throws IdentityMgtException {
        Utils.processUserId(userMgtBean);
        UserChallengesDTO[] userChallenges = userMgtBean.getUserChallenges();
        if (userChallenges == null || userChallenges.length < 1) {
            log.error("no challenges provided by user");
            throw new IdentityMgtException("no challenges provided by user");
        }
        IdentityMgtServiceComponent.getRecoveryProcessor().getQuestionProcessor().setChallengesOfUser(userMgtBean.getUserId(), Utils.getTenantId(userMgtBean.getTenantDomain()), userChallenges);
    }

    public boolean authenticate(String str, String str2) {
        try {
            return IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(Utils.getTenantId(MultitenantUtils.getTenantDomain(str))).getUserStoreManager().authenticate(str, str2);
        } catch (Exception e) {
            log.error(e.getMessage());
            return false;
        }
    }

    public void updateEmail() {
    }

    public void verifyEmail() {
    }
}
