package org.wso2.carbon.identity.mgt;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.axiom.om.util.Base64;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.mgt.beans.UserMgtBean;
import org.wso2.carbon.identity.mgt.constants.IdentityMgtConstants;
import org.wso2.carbon.identity.mgt.dto.UserIdentityDTO;
import org.wso2.carbon.identity.mgt.internal.IdentityMgtServiceComponent;
import org.wso2.carbon.identity.mgt.store.UserIdentityDataStore;
import org.wso2.carbon.identity.mgt.util.Utils;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.common.AbstractUserOperationEventListener;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;

/* loaded from: input_file:org/wso2/carbon/identity/mgt/IdentityMgtEventListener.class */
public class IdentityMgtEventListener extends AbstractUserOperationEventListener {
    private static final Log log = LogFactory.getLog(IdentityMgtEventListener.class);
    private IdentityMgtProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
    private UserIdentityDataStore module = IdentityMgtConfig.getInstance().getIdentityDataStore();

    public IdentityMgtEventListener() {
        try {
            IdentityMgtServiceComponent.getRealmService().getBootstrapRealm().getUserStoreManager().setUserClaimValue(IdentityMgtServiceComponent.getRealmService().getBootstrapRealmConfiguration().getAdminUserName(), UserIdentityDataStore.ACCOUNT_LOCK, Boolean.toString(false), (String) null);
        } catch (UserStoreException e) {
            log.error("Error while init identity listener", e);
        }
    }

    public int getExecutionOrderId() {
        return 1357;
    }

    public boolean doPreAuthenticate(String str, Object obj, UserStoreManager userStoreManager) throws UserStoreException {
        if (log.isDebugEnabled()) {
            log.debug("Pre authenticator is called in IdentityMgtEventListener");
        }
        IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
        if (!identityMgtConfig.isListenerEnable() || !identityMgtConfig.isEnableAuthPolicy()) {
            return true;
        }
        UserIdentityDTO load = this.module.load(str, userStoreManager);
        if (load == null) {
            log.warn("Invalid user name " + str);
            return false;
        }
        if (!identityMgtConfig.isAuthPolicyAccountLockCheck() || !load.getAccountLock()) {
            return true;
        }
        log.warn("User account is locked for user : " + str);
        return false;
    }

    public boolean doPostAuthenticate(String str, boolean z, UserStoreManager userStoreManager) throws UserStoreException {
        if (log.isDebugEnabled()) {
            log.debug("Post authenticator is called in IdentityMgtEventListener");
        }
        IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
        if (!identityMgtConfig.isListenerEnable()) {
            return true;
        }
        if (!identityMgtConfig.isEnableAuthPolicy()) {
            return z;
        }
        UserIdentityDTO load = this.module.load(str, userStoreManager);
        if (z || !identityMgtConfig.isAuthPolicyAccountLockOnFailure()) {
            if (!load.getAccountLock() && load.getFailAttempts() <= 0) {
                return true;
            }
            load.setAccountLock(false);
            load.setFailAttempts(0);
            load.setUnlockTime(0L);
            this.module.store(load, userStoreManager);
            return true;
        }
        load.setFailAttempts();
        if (load.getFailAttempts() >= identityMgtConfig.getAuthPolicyMaxLoginAttempts()) {
            if (log.isDebugEnabled()) {
                log.debug("User, " + str + " has exceed the max failed login attempts. User account would be locked");
            }
            load.setAccountLock(true);
            load.setTemporaryLock(true);
            if (IdentityMgtConfig.getInstance().getAuthPolicyLockingTime() != 0) {
                load.setUnlockTime(System.currentTimeMillis() + (r0 * 60 * 1000));
            }
        }
        this.module.store(load, userStoreManager);
        return true;
    }

    public boolean doPreAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        if (log.isDebugEnabled()) {
            log.debug("Pre add user is called in IdentityMgtEventListener");
        }
        IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
        if (!identityMgtConfig.isListenerEnable()) {
            return true;
        }
        processUserChallenges(str, map, true, userStoreManager);
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (Arrays.asList(identityMgtConfig.getIdentityDataStore().getSupportedTypes()).contains(entry.getKey())) {
                String value = entry.getValue();
                if (value != null) {
                    if (UserIdentityDataStore.ACCOUNT_LOCK.equals(entry.getKey())) {
                        value = "true".equals(value) ? Integer.toString(1) : Integer.toString(2);
                    }
                    hashMap.put(entry.getKey(), value);
                }
            }
        }
        if (hashMap.size() > 0) {
            Iterator it = hashMap.keySet().iterator();
            while (it.hasNext()) {
                map.remove((String) it.next());
            }
        }
        if (!identityMgtConfig.isEnableUserAccountVerification()) {
            if (identityMgtConfig.isAuthPolicyAccountLockOnCreation()) {
                map.put(UserIdentityDataStore.ACCOUNT_LOCK, "true");
            } else {
                map.put(UserIdentityDataStore.ACCOUNT_LOCK, "false");
            }
            map.put(UserIdentityDataStore.PASSWORD_TIME_STAMP, Long.toString(System.currentTimeMillis()));
            return true;
        }
        if (obj != null && (!(obj instanceof String) || ((String) obj).trim().length() >= 1)) {
            ((AbstractUserStoreManager) userStoreManager).doAddUser(str, obj, strArr, map, str2);
            UserIdentityDTO userIdentityDTO = new UserIdentityDTO(str, hashMap);
            userIdentityDTO.setAccountLock(true);
            userIdentityDTO.setTemporaryLock(false);
            identityMgtConfig.getIdentityDataStore().store(userIdentityDTO, userStoreManager);
            UserMgtBean userMgtBean = new UserMgtBean();
            userMgtBean.setUserId(str);
            userMgtBean.setRecoveryType(IdentityMgtConstants.RECOVERY_TYPE_ACCOUNT_CONFORM);
            try {
                this.processor.processRecoveryUsingEmail(userMgtBean, userStoreManager.getTenantId());
                return false;
            } catch (IdentityMgtException e) {
                log.error("Error while sending confirmation link to user's email account for user " + str);
                return false;
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("Credentials are null. Using default user password as credentials");
        }
        String temporaryDefaultPassword = identityMgtConfig.getTemporaryDefaultPassword();
        if (temporaryDefaultPassword == null || temporaryDefaultPassword.trim().length() < 1) {
            throw new UserStoreException("Default user password has not been properly configured");
        }
        ((AbstractUserStoreManager) userStoreManager).doAddUser(str, temporaryDefaultPassword, strArr, map, str2);
        UserMgtBean userMgtBean2 = new UserMgtBean();
        userMgtBean2.setUserId(str);
        if (identityMgtConfig.isEnableTemporaryPassword()) {
            userMgtBean2.setRecoveryType("temporaryPassword");
            UserIdentityDTO userIdentityDTO2 = new UserIdentityDTO(str, hashMap);
            userIdentityDTO2.setAccountLock(false);
            identityMgtConfig.getIdentityDataStore().store(userIdentityDTO2, userStoreManager);
        } else {
            userMgtBean2.setRecoveryType(IdentityMgtConstants.RECOVERY_TYPE_ACCOUNT_CONFORM);
            UserIdentityDTO userIdentityDTO3 = new UserIdentityDTO(str, hashMap);
            userIdentityDTO3.setAccountLock(true);
            userIdentityDTO3.setTemporaryLock(false);
            identityMgtConfig.getIdentityDataStore().store(userIdentityDTO3, userStoreManager);
        }
        try {
            this.processor.processRecoveryUsingEmail(userMgtBean2, userStoreManager.getTenantId());
            if (!identityMgtConfig.isEnableTemporaryPassword()) {
                userMgtBean2.setRecoveryType(IdentityMgtConstants.RECOVERY_TYPE_PASSWORD_RESET);
                this.processor.processRecoveryUsingEmail(userMgtBean2, userStoreManager.getTenantId());
            }
            return false;
        } catch (IdentityMgtException e2) {
            log.error("Error while sending temporary password to user's email account");
            return false;
        }
    }

    public boolean doPostAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        return !IdentityMgtConfig.getInstance().isListenerEnable() ? true : true;
    }

    public boolean doPreUpdateCredentialByAdmin(String str, Object obj, UserStoreManager userStoreManager) throws UserStoreException {
        IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
        if (!identityMgtConfig.isListenerEnable()) {
            return true;
        }
        if (obj != null && (!(obj instanceof String) || ((String) obj).trim().length() >= 1)) {
            return true;
        }
        if (log.isDebugEnabled()) {
            log.debug("Credentials are null. Using default user password as credentials");
        }
        String temporaryDefaultPassword = identityMgtConfig.getTemporaryDefaultPassword();
        if (temporaryDefaultPassword == null || temporaryDefaultPassword.trim().length() < 1) {
            throw new UserStoreException("Default user password has not been properly configured");
        }
        ((AbstractUserStoreManager) userStoreManager).doUpdateCredentialByAdmin(str, temporaryDefaultPassword);
        UserMgtBean userMgtBean = new UserMgtBean();
        userMgtBean.setUserId(str);
        if (identityMgtConfig.isEnableTemporaryPassword()) {
            userMgtBean.setRecoveryType("temporaryPassword");
        } else {
            userMgtBean.setRecoveryType(IdentityMgtConstants.RECOVERY_TYPE_PASSWORD_RESET);
        }
        try {
            this.processor.processRecoveryUsingEmail(userMgtBean, userStoreManager.getTenantId());
            return false;
        } catch (IdentityMgtException e) {
            log.error("Error while sending temporary password to user's email account");
            return false;
        }
    }

    public boolean doPreSetUserClaimValue(String str, String str2, String str3, String str4, UserStoreManager userStoreManager) throws UserStoreException {
        if (!IdentityMgtConfig.getInstance().isListenerEnable()) {
            return true;
        }
        UserIdentityDTO userIdentityDTO = null;
        UserIdentityDataStore identityDataStore = IdentityMgtConfig.getInstance().getIdentityDataStore();
        if (Arrays.asList(identityDataStore.getSupportedTypes()).contains(str2)) {
            userIdentityDTO = identityDataStore.load(str, userStoreManager);
        }
        if ("http://wso2.org/claims/primaryChallengeQuestion".equals(str2)) {
            throw new UserStoreException("Primary challenges can not be modified");
        }
        if (UserIdentityDataStore.ACCOUNT_LOCK.equals(str2)) {
            if (isLoggedInUser(str)) {
                throw new UserStoreException("You can not change your own account status");
            }
            if (userIdentityDTO == null) {
                return false;
            }
            userIdentityDTO.setAccountLock(Boolean.parseBoolean(str3));
            identityDataStore.store(userIdentityDTO, userStoreManager);
            return false;
        }
        List<String> challengeQuestionUris = this.processor.getQuestionProcessor().getChallengeQuestionUris(str, userStoreManager.getTenantId());
        String challengeQuestionSeparator = IdentityMgtConfig.getInstance().getChallengeQuestionSeparator();
        if (!challengeQuestionUris.contains(str2) || !isNewAnswer(str, str2, str3, userStoreManager) || str3 == null) {
            return true;
        }
        String trim = str3.trim();
        String substring = trim.substring(0, trim.indexOf(challengeQuestionSeparator));
        String substring2 = trim.substring(trim.indexOf(challengeQuestionSeparator) + 1);
        if (substring == null || substring2 == null) {
            return true;
        }
        String str5 = substring.trim() + challengeQuestionSeparator + doHash(substring2.trim().toLowerCase());
        if (userIdentityDTO == null) {
            return true;
        }
        userIdentityDTO.getUserDataMap().put(str2, str5);
        identityDataStore.store(userIdentityDTO, userStoreManager);
        return false;
    }

    public boolean doPreSetUserClaimValues(String str, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        String value;
        if (!IdentityMgtConfig.getInstance().isListenerEnable()) {
            return true;
        }
        UserIdentityDataStore identityDataStore = IdentityMgtConfig.getInstance().getIdentityDataStore();
        if (map.containsKey("http://wso2.org/claims/primaryChallengeQuestion")) {
            throw new UserStoreException("Primary challenges can not be modified");
        }
        boolean z = true;
        try {
            String userClaimValue = userStoreManager.getUserClaimValue(str, "http://wso2.org/claims/primaryChallengeQuestion", (String) null);
            if (userClaimValue != null) {
                if (userClaimValue.trim().length() > 0) {
                    z = false;
                }
            }
        } catch (Exception e) {
        }
        processUserChallenges(str, map, z, userStoreManager);
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (Arrays.asList(identityDataStore.getSupportedTypes()).contains(entry.getKey()) && (value = entry.getValue()) != null) {
                hashMap.put(entry.getKey(), value);
            }
        }
        if (hashMap.size() <= 0) {
            return true;
        }
        identityDataStore.store(new UserIdentityDTO(str, hashMap), userStoreManager);
        Iterator it = hashMap.keySet().iterator();
        while (it.hasNext()) {
            map.remove((String) it.next());
        }
        return true;
    }

    public boolean doPostDeleteUser(String str, UserStoreManager userStoreManager) throws UserStoreException {
        if (!IdentityMgtConfig.getInstance().isListenerEnable()) {
            return true;
        }
        IdentityMgtConfig.getInstance().getIdentityDataStore().remove(str, userStoreManager);
        try {
            UserRegistry configSystemRegistry = IdentityMgtServiceComponent.getRegistryService().getConfigSystemRegistry(userStoreManager.getTenantId());
            String str2 = "/repository/components/org.wso2.carbon.identity.mgt/keys/" + userStoreManager.getTenantId() + "/" + str;
            if (configSystemRegistry.resourceExists(str2)) {
                configSystemRegistry.delete(str2);
            }
            return true;
        } catch (RegistryException e) {
            log.error("Error while deleting recovery data for user : " + str + " in tenant : " + userStoreManager.getTenantId(), e);
            return true;
        }
    }

    private boolean isLoggedInUser(String str) {
        String str2;
        HttpSession session = ((HttpServletRequest) MessageContext.getCurrentMessageContext().getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getSession(false);
        return (session == null || (str2 = (String) session.getAttribute("wso2carbon.admin.logged.in")) == null || !str2.equals(str)) ? false : true;
    }

    public boolean doPostGetUserClaimValues(String str, String[] strArr, String str2, Map<String, String> map, UserStoreManager userStoreManager) {
        if (!IdentityMgtConfig.getInstance().isListenerEnable()) {
            return true;
        }
        if (map == null) {
            map = new HashMap();
        }
        UserIdentityDTO load = IdentityMgtConfig.getInstance().getIdentityDataStore().load(str, userStoreManager);
        for (String str3 : strArr) {
            if (load.getUserDataMap().containsKey(str3)) {
                map.put(str3, load.getUserDataMap().get(str3));
            }
        }
        return false;
    }

    public boolean doPostGetUserClaimValue(String str, String str2, List<String> list, String str3, UserStoreManager userStoreManager) {
        if (!IdentityMgtConfig.getInstance().isListenerEnable()) {
            return true;
        }
        UserIdentityDTO load = IdentityMgtConfig.getInstance().getIdentityDataStore().load(str, userStoreManager);
        if (!load.getUserDataMap().containsKey(str2)) {
            return false;
        }
        list.add(load.getUserDataMap().get(str2));
        return false;
    }

    private void processUserChallenges(String str, Map<String, String> map, boolean z, UserStoreManager userStoreManager) throws UserStoreException {
        String[] challengeUris = Utils.getChallengeUris();
        ArrayList<String> arrayList = new ArrayList();
        String challengeQuestionSeparator = IdentityMgtConfig.getInstance().getChallengeQuestionSeparator();
        if (challengeUris != null) {
            HashMap hashMap = new HashMap();
            for (String str2 : challengeUris) {
                String trim = str2.trim();
                String str3 = map.get(trim);
                if (str3 != null) {
                    arrayList.add(trim);
                    if (isNewAnswer(str, trim, str3, userStoreManager)) {
                        String trim2 = str3.trim();
                        String substring = trim2.substring(0, trim2.indexOf(challengeQuestionSeparator));
                        String substring2 = trim2.substring(trim2.indexOf(challengeQuestionSeparator) + 1);
                        if (substring == null || substring2 == null) {
                            map.remove(trim);
                        } else {
                            String trim3 = substring.trim();
                            String trim4 = substring2.trim();
                            hashMap.put(trim3, trim4);
                            map.put(trim, trim3 + challengeQuestionSeparator + doHash(trim4.toLowerCase()));
                        }
                    }
                }
            }
            if (z) {
                String str4 = "";
                for (Map.Entry entry : hashMap.entrySet()) {
                    str4 = "".equals(str4) ? ((String) entry.getKey()) + challengeQuestionSeparator + doHash(((String) entry.getValue()).toLowerCase()) : str4 + challengeQuestionSeparator + ((String) entry.getKey()) + challengeQuestionSeparator + doHash(((String) entry.getValue()).toLowerCase());
                }
                if (!"".equals(str4)) {
                    map.put("http://wso2.org/claims/primaryChallengeQuestion", str4);
                }
                String str5 = "";
                if (arrayList.size() == 0) {
                    arrayList.addAll(Arrays.asList(challengeUris));
                }
                for (String str6 : arrayList) {
                    str5 = "".equals(str5) ? str6 : str5 + challengeQuestionSeparator + str6;
                }
                if ("".equals(str5)) {
                    return;
                }
                map.put("http://wso2.org/claims/challengeQuestionUris", str5);
            }
        }
    }

    private String doHash(String str) throws UserStoreException {
        try {
            String digsestFunction = IdentityMgtConfig.getInstance().getDigsestFunction();
            return Base64.encode((digsestFunction != null ? MessageDigest.getInstance(digsestFunction) : MessageDigest.getInstance("SHA-256")).digest(str.getBytes()));
        } catch (NoSuchAlgorithmException e) {
            log.error(e.getMessage(), e);
            throw new UserStoreException(e.getMessage(), e);
        }
    }

    private boolean isNewAnswer(String str, String str2, String str3, UserStoreManager userStoreManager) throws UserStoreException {
        String userClaimValue = userStoreManager.getUserClaimValue(str, str2, (String) null);
        return userClaimValue == null || !userClaimValue.equals(str3);
    }
}
