package org.wso2.carbon.identity.rest.api.user.backupcode.v1.core;

import java.util.Map;
import javax.ws.rs.core.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.identity.api.user.backupcode.common.BackupCodeConstants;
import org.wso2.carbon.identity.api.user.common.ContextLoader;
import org.wso2.carbon.identity.api.user.common.error.APIError;
import org.wso2.carbon.identity.api.user.common.error.ErrorResponse;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authenticator.backupcode.BackupCodeAPIHandler;
import org.wso2.carbon.identity.application.authenticator.backupcode.exception.BackupCodeException;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.rest.api.user.backupcode.v1.dto.BackupCodeResponseDTO;
import org.wso2.carbon.identity.rest.api.user.backupcode.v1.dto.RemainingBackupCodeResponseDTO;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.rest.api.user.backupcode.v1-1.3.36.jar:org/wso2/carbon/identity/rest/api/user/backupcode/v1/core/BackupCodeService.class */
public class BackupCodeService {
    private static final Log log = LogFactory.getLog(BackupCodeService.class);

    public RemainingBackupCodeResponseDTO getBackupCodes() {
        if (!isValidAuthenticationType()) {
            throw handleError(Response.Status.FORBIDDEN, BackupCodeConstants.ErrorMessage.USER_ERROR_ACCESS_DENIED_FOR_BASIC_AUTH);
        }
        RemainingBackupCodeResponseDTO remainingBackupCodeResponseDTO = new RemainingBackupCodeResponseDTO();
        try {
            remainingBackupCodeResponseDTO.setRemainingBackupCodesCount(Integer.valueOf(BackupCodeAPIHandler.getRemainingBackupCodesCount(getUser().toFullQualifiedUsername())));
            return remainingBackupCodeResponseDTO;
        } catch (BackupCodeException e) {
            throw handleException(e, BackupCodeConstants.ErrorMessage.SERVER_ERROR_RETRIEVE_BACKUP_CODES, new String[0]);
        }
    }

    public BackupCodeResponseDTO initBackupCodes() {
        if (!isValidAuthenticationType()) {
            throw handleError(Response.Status.FORBIDDEN, BackupCodeConstants.ErrorMessage.USER_ERROR_ACCESS_DENIED_FOR_BASIC_AUTH);
        }
        try {
            BackupCodeResponseDTO backupCodeResponseDTO = new BackupCodeResponseDTO();
            backupCodeResponseDTO.setBackupCodes(BackupCodeAPIHandler.generateBackupCodes(getUser().toFullQualifiedUsername()));
            return backupCodeResponseDTO;
        } catch (BackupCodeException e) {
            throw handleException(e, BackupCodeConstants.ErrorMessage.SERVER_ERROR_INIT_BACKUP_CODES, new String[0]);
        }
    }

    public APIError handleInvalidInput(BackupCodeConstants.ErrorMessage errorMessage, String... strArr) {
        return handleError(Response.Status.HTTP_VERSION_NOT_SUPPORTED, errorMessage);
    }

    public void deleteBackupCodes() {
        if (!isValidAuthenticationType()) {
            throw handleError(Response.Status.FORBIDDEN, BackupCodeConstants.ErrorMessage.USER_ERROR_ACCESS_DENIED_FOR_BASIC_AUTH);
        }
        try {
            BackupCodeAPIHandler.deleteBackupCodes(getUser().toFullQualifiedUsername());
        } catch (BackupCodeException e) {
            throw handleException(e, BackupCodeConstants.ErrorMessage.SERVER_ERROR_DELETING_BACKUP_CODES, new String[0]);
        }
    }

    public static User getUser() {
        return ContextLoader.getUserFromContext();
    }

    private boolean isValidAuthenticationType() {
        if (!Boolean.parseBoolean((String) ((Map) IdentityUtil.threadLocalProperties.get()).get("AuthenticatedWithBasicAuth"))) {
            return true;
        }
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug("Not a valid authentication method. This method is blocked for the requests with basic authentication.");
        return false;
    }

    private APIError handleError(Response.Status status, BackupCodeConstants.ErrorMessage errorMessage) {
        return new APIError(status, getErrorBuilder(errorMessage).build());
    }

    private ErrorResponse.Builder getErrorBuilder(BackupCodeConstants.ErrorMessage errorMessage) {
        return new ErrorResponse.Builder().withCode(errorMessage.getCode()).withMessage(errorMessage.getMessage()).withDescription(errorMessage.getDescription());
    }

    private APIError handleException(Exception exc, BackupCodeConstants.ErrorMessage errorMessage, String... strArr) {
        ErrorResponse build = strArr != null ? getErrorBuilder(errorMessage).build(log, exc, String.format(errorMessage.getDescription(), strArr)) : getErrorBuilder(errorMessage).build(log, exc, errorMessage.getDescription());
        if (exc instanceof AuthenticationFailedException) {
            return handleError(Response.Status.UNAUTHORIZED, BackupCodeConstants.ErrorMessage.USER_ERROR_UNAUTHORIZED_USER);
        }
        if ((exc instanceof UserStoreException) || (exc instanceof CryptoException)) {
            return new APIError(Response.Status.INTERNAL_SERVER_ERROR, build);
        }
        if (!(exc instanceof BackupCodeException)) {
            return new APIError(Response.Status.BAD_REQUEST, build);
        }
        build.setDescription(exc.getMessage());
        return new APIError(Response.Status.INTERNAL_SERVER_ERROR, build);
    }
}
