package org.wso2.carbon.identity.mgt.util;

import java.io.ByteArrayInputStream;
import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.wso2.carbon.identity.mgt.IdentityMgtConfig;
import org.wso2.carbon.identity.mgt.IdentityMgtException;
import org.wso2.carbon.identity.mgt.beans.UserMgtBean;
import org.wso2.carbon.identity.mgt.beans.VerificationBean;
import org.wso2.carbon.identity.mgt.constants.IdentityMgtConstants;
import org.wso2.carbon.identity.mgt.dto.UserEvidenceDTO;
import org.wso2.carbon.identity.mgt.internal.IdentityMgtServiceComponent;
import org.wso2.carbon.identity.mgt.store.UserIdentityDataStore;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.tenant.TenantManager;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/mgt/util/Utils.class */
public class Utils {
    private static final Log log = LogFactory.getLog(Utils.class);

    public static void processUserId(UserMgtBean userMgtBean) throws IdentityMgtException {
        String userId = userMgtBean.getUserId();
        if (userId == null || userId.trim().length() < 1) {
            throw new IdentityMgtException("Can not proceed with out a user id");
        }
        String tenantDomain = (userMgtBean.getTenantDomain() == null || userMgtBean.getTenantDomain().trim().length() < 1) ? MultitenantUtils.getTenantDomain(userId) : userMgtBean.getTenantDomain();
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(userId);
        userMgtBean.setTenantDomain(tenantDomain);
        userMgtBean.setUserId(tenantAwareUsername);
    }

    public static boolean verifyUserId(UserMgtBean userMgtBean) throws IdentityMgtException {
        String property;
        boolean z = false;
        String userKey = userMgtBean.getUserKey();
        if (userKey == null || userKey.trim().length() < 1) {
            return false;
        }
        UserRegistry userRegistry = null;
        try {
            try {
                userRegistry = IdentityMgtServiceComponent.getRegistryService().getConfigSystemRegistry(-1234);
                userRegistry.beginTransaction();
                String str = "/repository/components/org.wso2.carbon.identity.mgt/keys/" + getTenantId(userMgtBean.getTenantDomain()) + "/" + userMgtBean.getUserId();
                if (userRegistry.resourceExists(str) && (property = userRegistry.get(str).getProperty(IdentityMgtConstants.USER_KEY)) != null && property.equals(userKey)) {
                    z = true;
                    userRegistry.delete(str);
                }
                if (userRegistry != null) {
                    try {
                        if (z) {
                            userRegistry.commitTransaction();
                        } else {
                            userRegistry.rollbackTransaction();
                        }
                    } catch (RegistryException e) {
                        log.error("Error while processing registry transaction", e);
                    }
                }
            } catch (RegistryException e2) {
                log.error("Error while processing userKey", e2);
                if (userRegistry != null) {
                    try {
                        if (z) {
                            userRegistry.commitTransaction();
                        } else {
                            userRegistry.rollbackTransaction();
                        }
                    } catch (RegistryException e3) {
                        log.error("Error while processing registry transaction", e3);
                    }
                }
            }
            return z;
        } catch (Throwable th) {
            if (userRegistry != null) {
                try {
                    if (z) {
                        userRegistry.commitTransaction();
                    } else {
                        userRegistry.rollbackTransaction();
                    }
                } catch (RegistryException e4) {
                    log.error("Error while processing registry transaction", e4);
                }
            }
            throw th;
        }
    }

    public static int getVerifiedChallenges(UserMgtBean userMgtBean) throws IdentityMgtException {
        String property;
        try {
            UserRegistry configSystemRegistry = IdentityMgtServiceComponent.getRegistryService().getConfigSystemRegistry(-1234);
            String str = "/repository/components/org.wso2.carbon.identity.mgt/challenges/" + getTenantId(userMgtBean.getTenantDomain()) + "/" + userMgtBean.getUserId();
            if (configSystemRegistry.resourceExists(str) && (property = configSystemRegistry.get(str).getProperty(IdentityMgtConstants.VERIFIED_CHALLENGES)) != null) {
                return Integer.valueOf(property).intValue();
            }
        } catch (RegistryException e) {
            log.error("Error while processing userKey", e);
        }
        return 0;
    }

    public static void clearVerifiedChallenges(UserMgtBean userMgtBean) throws IdentityMgtException {
        try {
            UserRegistry configSystemRegistry = IdentityMgtServiceComponent.getRegistryService().getConfigSystemRegistry(-1234);
            String str = "/repository/components/org.wso2.carbon.identity.mgt/challenges/" + getTenantId(userMgtBean.getTenantDomain()) + "/" + userMgtBean.getUserId();
            if (configSystemRegistry.resourceExists(str)) {
                configSystemRegistry.delete(str);
            }
        } catch (RegistryException e) {
            log.error("Error while clearing meta data in challenge verification process", e);
        }
    }

    public static void setVerifiedChallenges(UserMgtBean userMgtBean) throws IdentityMgtException {
        try {
            UserRegistry configSystemRegistry = IdentityMgtServiceComponent.getRegistryService().getConfigSystemRegistry(-1234);
            String str = "/repository/components/org.wso2.carbon.identity.mgt/challenges/" + getTenantId(userMgtBean.getTenantDomain()) + "/" + userMgtBean.getUserId();
            if (configSystemRegistry.resourceExists(str)) {
                Resource resource = configSystemRegistry.get(str);
                String property = resource.getProperty(IdentityMgtConstants.VERIFIED_CHALLENGES);
                int i = 0;
                if (property != null) {
                    i = Integer.valueOf(property).intValue() + 1;
                }
                resource.setProperty(IdentityMgtConstants.VERIFIED_CHALLENGES, Integer.toString(i));
                configSystemRegistry.put(str, resource);
            } else {
                Resource newResource = configSystemRegistry.newResource();
                newResource.addProperty(IdentityMgtConstants.VERIFIED_CHALLENGES, "1");
                newResource.setVersionableChange(false);
                configSystemRegistry.put(str, newResource);
            }
        } catch (RegistryException e) {
            log.error("Error while processing userKey", e);
        }
    }

    public static int getTenantId(String str) throws IdentityMgtException {
        int tenantId;
        TenantManager tenantManager = IdentityMgtServiceComponent.getRealmService().getTenantManager();
        if ("carbon.super".equals(str)) {
            tenantId = -1234;
            if (log.isDebugEnabled()) {
                log.debug("Domain is not defined implicitly. So it is Super Tenant domain.");
            }
        } else {
            try {
                tenantId = tenantManager.getTenantId(str);
                if (tenantId < 1 && tenantId != -1234) {
                    log.error("This action can not be performed by the users in non-existing domains.");
                    throw new IdentityMgtException("This action can not be performed by the users in non-existing domains.");
                }
            } catch (UserStoreException e) {
                String str2 = "Error in retrieving tenant id of tenant domain: " + str + ".";
                log.error(str2, e);
                throw new IdentityMgtException(str2, e);
            }
        }
        return tenantId;
    }

    public static void persistAccountStatus(String str, int i, String str2) throws IdentityMgtException {
        try {
            ClaimsMgtUtil.setClaimInUserStoreManager(str, i, UserIdentityDataStore.ACCOUNT_LOCK, "true".equals(str2) ? "true" : "false");
        } catch (IdentityMgtException e) {
            String str3 = "Error while persisting account status for user : " + str;
            log.error(str3, e);
            throw new IdentityMgtException(str3, e);
        }
    }

    public static VerificationBean verifyConfirmationKey(String str) {
        VerificationBean verificationBean = new VerificationBean();
        boolean z = false;
        boolean z2 = false;
        Registry registry = null;
        try {
            try {
                UserRegistry configSystemRegistry = IdentityMgtServiceComponent.getRegistryService().getConfigSystemRegistry(-1234);
                configSystemRegistry.beginTransaction();
                String str2 = "/repository/components/org.wso2.carbon.identity.mgt/data/" + str;
                if (configSystemRegistry.resourceExists(str2)) {
                    Resource resource = configSystemRegistry.get(str2);
                    Iterator it = resource.getProperties().keySet().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        String str3 = (String) it.next();
                        if (str3.equals(IdentityMgtConstants.REDIRECT_PATH)) {
                            verificationBean.setRedirectPath(resource.getProperty(str3));
                        } else if (str3.equals(IdentityMgtConstants.USER_NAME)) {
                            verificationBean.setUserId(resource.getProperty(str3));
                        } else if (str3.equals(IdentityMgtConstants.SECRET_KEY)) {
                            verificationBean.setKey(resource.getProperty(str3));
                        } else if (str3.equals(IdentityMgtConstants.EXPIRE_TIME)) {
                            if (System.currentTimeMillis() > Long.parseLong(resource.getProperty(str3))) {
                                log.warn("Expired confirmation key : " + str);
                                verificationBean.setError("Expired confirmation key");
                                z2 = true;
                                break;
                            }
                        } else {
                            continue;
                        }
                    }
                    configSystemRegistry.delete(resource.getPath());
                    if (!z2) {
                        z = true;
                        log.info("confirmation is success for key : " + str);
                    }
                } else {
                    log.warn("invalid confirmation key : " + str);
                    verificationBean.setError("Invalid confirmation key");
                }
                if (configSystemRegistry != null) {
                    try {
                        if (z || z2) {
                            configSystemRegistry.commitTransaction();
                        } else {
                            configSystemRegistry.rollbackTransaction();
                        }
                    } catch (RegistryException e) {
                        log.error("Error while processing registry transaction", e);
                    }
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        if (0 == 0 && 0 == 0) {
                            registry.rollbackTransaction();
                        } else {
                            registry.commitTransaction();
                        }
                    } catch (RegistryException e2) {
                        log.error("Error while processing registry transaction", e2);
                    }
                }
                throw th;
            }
        } catch (RegistryException e3) {
            log.error(e3.getMessage(), e3);
            verificationBean.setError("Unexpected error has occurred");
            if (0 != 0) {
                try {
                    if (0 == 0 && 0 == 0) {
                        registry.rollbackTransaction();
                    } else {
                        registry.commitTransaction();
                    }
                } catch (RegistryException e4) {
                    log.error("Error while processing registry transaction", e4);
                }
            }
        }
        if (z2) {
            verificationBean.setVerified(false);
        } else {
            verificationBean.setVerified(z);
        }
        return verificationBean;
    }

    public static boolean verifyUserForRecovery(UserMgtBean userMgtBean) {
        String userId = userMgtBean.getUserId();
        try {
            int tenantId = getTenantId(userMgtBean.getTenantDomain());
            UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
            TenantManager tenantManager = IdentityMgtServiceComponent.getRealmService().getTenantManager();
            if (tenantId == -1234) {
                if (!userStoreManager.isExistingUser(userId)) {
                    return false;
                }
                if (IdentityMgtConfig.getInstance().isAuthPolicyAccountLockCheck()) {
                    return !Boolean.parseBoolean(userStoreManager.getUserClaimValue(userId, UserIdentityDataStore.ACCOUNT_LOCK, (String) null));
                }
                return true;
            }
            if (tenantId <= 0) {
                return false;
            }
            if (userStoreManager.isExistingUser(userId)) {
                return userId.equals(tenantManager.getTenant(tenantId).getAdminName());
            }
            log.warn("Tenant user from tenant domain : " + userMgtBean.getTenantDomain() + " is trying to recover his user account");
            return false;
        } catch (UserStoreException e) {
            log.error(e.getMessage(), e);
            return false;
        } catch (IdentityMgtException e2) {
            log.error(e2.getMessage(), e2);
            return false;
        }
    }

    public static String verifyUserEvidences(UserMgtBean userMgtBean) throws IdentityMgtException {
        int tenantId = getTenantId(userMgtBean.getTenantDomain());
        UserEvidenceDTO[] userEvidenceDTOs = userMgtBean.getUserEvidenceDTOs();
        if (userEvidenceDTOs == null || userEvidenceDTOs.length < 1) {
            log.error("no evidence provided by user for verification process");
            return null;
        }
        String str = null;
        try {
            for (UserEvidenceDTO userEvidenceDTO : userEvidenceDTOs) {
                if (userEvidenceDTO.getClaimUri() != null && userEvidenceDTO.getClaimValue() != null) {
                    String[] userList = ClaimsMgtUtil.getUserList(tenantId, userEvidenceDTO.getClaimUri(), userEvidenceDTO.getClaimValue());
                    if (userList != null && userList.length > 0) {
                        if (userList.length != 1) {
                            log.error("More than one user is associated with the given claim values");
                            throw new Exception("More than one user is associated with the given claim values");
                        }
                        if (str == null) {
                            str = userList[0];
                        } else {
                            if (!str.equals(userList[0])) {
                                return null;
                            }
                            str = userList[0];
                        }
                    } else if (log.isDebugEnabled()) {
                        log.debug("No associated user is found for given claim values");
                    }
                }
            }
        } catch (Exception e) {
            log.error("Error while retrieving user list for given claim values", e);
        }
        return str;
    }

    public static String[] getChallengeUris() {
        return new String[]{IdentityMgtConstants.DEFAULT_CHALLENGE_QUESTION_URI01, IdentityMgtConstants.DEFAULT_CHALLENGE_QUESTION_URI02};
    }

    public static Policy getSecurityPolicy() {
        return PolicyEngine.getPolicy(new ByteArrayInputStream("        <wsp:Policy wsu:Id=\"UTOverTransport\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\"\n                    xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">\n          <wsp:ExactlyOne>\n            <wsp:All>\n              <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n                <wsp:Policy>\n                  <sp:TransportToken>\n                    <wsp:Policy>\n                      <sp:HttpsToken RequireClientCertificate=\"true\"/>\n                    </wsp:Policy>\n                  </sp:TransportToken>\n                  <sp:AlgorithmSuite>\n                    <wsp:Policy>\n                      <sp:Basic256/>\n                    </wsp:Policy>\n                  </sp:AlgorithmSuite>\n                  <sp:Layout>\n                    <wsp:Policy>\n                      <sp:Lax/>\n                    </wsp:Policy>\n                  </sp:Layout>\n                  <sp:IncludeTimestamp/>\n                </wsp:Policy>\n              </sp:TransportBinding>\n            </wsp:All>\n          </wsp:ExactlyOne>\n        </wsp:Policy>".getBytes()));
    }
}
