package org.wso2.carbon.identity.rest.api.user.mfa.v1.core;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.api.user.common.ContextLoader;
import org.wso2.carbon.identity.api.user.common.error.APIError;
import org.wso2.carbon.identity.api.user.common.error.ErrorResponse;
import org.wso2.carbon.identity.api.user.mfa.common.MFAConstants;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.rest.api.user.mfa.v1.dto.EnabledAuthenticatorsDTO;
import org.wso2.carbon.identity.rest.api.user.mfa.v1.util.UserMFAServiceHolder;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.rest.api.user.mfa.v1-1.3.31.jar:org/wso2/carbon/identity/rest/api/user/mfa/v1/core/MFAService.class */
public class MFAService {
    private static final Log log = LogFactory.getLog(MFAService.class);

    public EnabledAuthenticatorsDTO getEnabledAuthenticators() {
        if (!isValidAuthenticationType()) {
            throw handleError(Response.Status.FORBIDDEN, MFAConstants.ErrorMessage.USER_ERROR_ACCESS_DENIED_FOR_BASIC_AUTH);
        }
        try {
            UserStoreManager userStoreManager = UserMFAServiceHolder.getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(getTenantDomain())).getUserStoreManager();
            if (userStoreManager == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Unable to retrieve userstore manager.");
                }
                throw handleError(Response.Status.INTERNAL_SERVER_ERROR, MFAConstants.ErrorMessage.SERVER_ERROR_RETRIEVING_USERSTORE_MANAGER);
            }
            Map userClaimValues = userStoreManager.getUserClaimValues(getUserName(), new String[]{MFAConstants.ENABLED_AUTHENTICATORS_CLAIM}, (String) null);
            EnabledAuthenticatorsDTO enabledAuthenticatorsDTO = new EnabledAuthenticatorsDTO();
            enabledAuthenticatorsDTO.setEnabledAuthenticators((String) userClaimValues.get(MFAConstants.ENABLED_AUTHENTICATORS_CLAIM));
            return enabledAuthenticatorsDTO;
        } catch (UserStoreException e) {
            throw handleException(e, MFAConstants.ErrorMessage.SERVER_ERROR_RETRIEVE_CLAIM_USERSTORE, getUserName());
        }
    }

    public EnabledAuthenticatorsDTO updateEnabledAuthenticators(String str) {
        if (!isValidAuthenticationType()) {
            throw handleError(Response.Status.FORBIDDEN, MFAConstants.ErrorMessage.USER_ERROR_ACCESS_DENIED_FOR_BASIC_AUTH);
        }
        if (StringUtils.isNotBlank(str)) {
            validateAuthenticatorList(str);
        }
        try {
            UserStoreManager userStoreManager = UserMFAServiceHolder.getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(getTenantDomain())).getUserStoreManager();
            HashMap hashMap = new HashMap();
            if (userStoreManager == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Unable to retrieve userstore manager.");
                }
                throw handleError(Response.Status.INTERNAL_SERVER_ERROR, MFAConstants.ErrorMessage.SERVER_ERROR_RETRIEVING_USERSTORE_MANAGER);
            }
            hashMap.put(MFAConstants.ENABLED_AUTHENTICATORS_CLAIM, str);
            userStoreManager.setUserClaimValues(getUserName(), hashMap, (String) null);
            EnabledAuthenticatorsDTO enabledAuthenticatorsDTO = new EnabledAuthenticatorsDTO();
            enabledAuthenticatorsDTO.setEnabledAuthenticators(str);
            return enabledAuthenticatorsDTO;
        } catch (UserStoreException e) {
            throw handleException(e, MFAConstants.ErrorMessage.SERVER_ERROR_UPDATING_CLAIM_USERSTORE, getUserName());
        }
    }

    private void validateAuthenticatorList(String str) {
        for (String str2 : new ArrayList(Arrays.asList(str.split(",")))) {
            if (!MFAConstants.TOTP_AUTHENTICATOR.equals(str2) && !MFAConstants.BACKUP_CODE_AUTHENTICATOR.equals(str2)) {
                throw handleError(Response.Status.BAD_REQUEST, MFAConstants.ErrorMessage.USER_ERROR_INVALID_AUTHENTICATOR);
            }
        }
    }

    private String getUserName() {
        return ContextLoader.getUsernameFromContext();
    }

    private String getTenantDomain() {
        return IdentityTenantUtil.resolveTenantDomain();
    }

    private APIError handleException(Exception exc, MFAConstants.ErrorMessage errorMessage, String... strArr) {
        ErrorResponse build = strArr != null ? getErrorBuilder(errorMessage).build(log, exc, String.format(errorMessage.getDescription(), strArr)) : getErrorBuilder(errorMessage).build(log, exc, errorMessage.getDescription());
        return exc instanceof AuthenticationFailedException ? handleError(Response.Status.UNAUTHORIZED, MFAConstants.ErrorMessage.USER_ERROR_UNAUTHORIZED_USER) : exc instanceof UserStoreException ? new APIError(Response.Status.INTERNAL_SERVER_ERROR, build) : new APIError(Response.Status.BAD_REQUEST, build);
    }

    private APIError handleError(Response.Status status, MFAConstants.ErrorMessage errorMessage) {
        return new APIError(status, getErrorBuilder(errorMessage).build());
    }

    private ErrorResponse.Builder getErrorBuilder(MFAConstants.ErrorMessage errorMessage) {
        return new ErrorResponse.Builder().withCode(errorMessage.getCode()).withMessage(errorMessage.getMessage()).withDescription(errorMessage.getDescription());
    }

    private boolean isValidAuthenticationType() {
        if (!Boolean.parseBoolean((String) ((Map) IdentityUtil.threadLocalProperties.get()).get("AuthenticatedWithBasicAuth"))) {
            return true;
        }
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug("Not a valid authentication method. This method is blocked for the requests with basic authentication.");
        return false;
    }
}
