package org.wso2.carbon.identity.mgt;

import java.util.Calendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.mgt.beans.UserIdentityMgtBean;
import org.wso2.carbon.identity.mgt.beans.VerificationBean;
import org.wso2.carbon.identity.mgt.config.ConfigBuilder;
import org.wso2.carbon.identity.mgt.config.ConfigType;
import org.wso2.carbon.identity.mgt.config.StorageType;
import org.wso2.carbon.identity.mgt.constants.IdentityMgtConstants;
import org.wso2.carbon.identity.mgt.dto.NotificationDataDTO;
import org.wso2.carbon.identity.mgt.dto.UserIdentityClaimsDO;
import org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO;
import org.wso2.carbon.identity.mgt.dto.UserRecoveryDataDO;
import org.wso2.carbon.identity.mgt.internal.IdentityMgtServiceComponent;
import org.wso2.carbon.identity.mgt.mail.Notification;
import org.wso2.carbon.identity.mgt.mail.NotificationBuilder;
import org.wso2.carbon.identity.mgt.mail.NotificationData;
import org.wso2.carbon.identity.mgt.policy.PolicyRegistry;
import org.wso2.carbon.identity.mgt.policy.PolicyViolationException;
import org.wso2.carbon.identity.mgt.store.UserIdentityDataStore;
import org.wso2.carbon.identity.mgt.util.UserIdentityManagementUtil;
import org.wso2.carbon.identity.mgt.util.Utils;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.common.AbstractUserOperationEventListener;

/* loaded from: input_file:org/wso2/carbon/identity/mgt/IdentityMgtEventListener.class */
public class IdentityMgtEventListener extends AbstractUserOperationEventListener {
    private static final String EMPTY_PASSWORD_USED = "EmptyPasswordUsed";
    private static final String USER_IDENTITY_DO = "UserIdentityDO";
    private UserIdentityDataStore module = IdentityMgtConfig.getInstance().getIdentityDataStore();
    PolicyRegistry policyRegistry;
    private static final Log log = LogFactory.getLog(IdentityMgtEventListener.class);
    public static final ThreadLocal<HashMap<String, Object>> threadLocalProperties = new ThreadLocal<HashMap<String, Object>>() { // from class: org.wso2.carbon.identity.mgt.IdentityMgtEventListener.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public HashMap<String, Object> initialValue() {
            return new HashMap<>();
        }
    };

    public IdentityMgtEventListener() {
        this.policyRegistry = null;
        String adminUserName = IdentityMgtServiceComponent.getRealmService().getBootstrapRealmConfiguration().getAdminUserName();
        try {
            IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
            this.policyRegistry = identityMgtConfig.getPolicyRegistry();
            if (identityMgtConfig.isListenerEnable()) {
                UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getBootstrapRealm().getUserStoreManager();
                if (!userStoreManager.isReadOnly()) {
                    userStoreManager.setUserClaimValue(adminUserName, UserIdentityDataStore.ACCOUNT_LOCK, Boolean.toString(false), (String) null);
                }
            }
        } catch (UserStoreException e) {
            log.error("Error while init identity listener", e);
        }
    }

    public int getExecutionOrderId() {
        return 1357;
    }

    public boolean doPreAuthenticate(String str, Object obj, UserStoreManager userStoreManager) throws UserStoreException {
        if (log.isDebugEnabled()) {
            log.debug("Pre authenticator is called in IdentityMgtEventListener");
        }
        IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
        if (!identityMgtConfig.isEnableAuthPolicy()) {
            return true;
        }
        if (identityMgtConfig.isAuthPolicyAccountExistCheck() && !userStoreManager.isExistingUser(str)) {
            log.warn("User name does not exist in system : " + str);
            throw new UserStoreException("17001");
        }
        UserIdentityClaimsDO load = this.module.load(str, userStoreManager);
        if (load == null || !load.isAccountLocked()) {
            return true;
        }
        if (load.getUnlockTime() == 0 || System.currentTimeMillis() < load.getUnlockTime()) {
            log.warn("User account is locked for user : " + str + ". cannot login until the account is unlocked ");
            throw new UserStoreException("17003");
        }
        load.setAccountLock(false);
        load.setUnlockTime(0L);
        try {
            this.module.store(load, userStoreManager);
            return true;
        } catch (IdentityException e) {
            throw new UserStoreException("Error while saving user", e);
        }
    }

    public boolean doPostAuthenticate(String str, boolean z, UserStoreManager userStoreManager) throws UserStoreException {
        if (log.isDebugEnabled()) {
            log.debug("Post authenticator is called in IdentityMgtEventListener");
        }
        IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
        if (!identityMgtConfig.isEnableAuthPolicy()) {
            return z;
        }
        UserIdentityClaimsDO load = this.module.load(str, userStoreManager);
        if (load == null) {
            load = new UserIdentityClaimsDO(str);
        }
        boolean oneTimeLogin = load.getOneTimeLogin();
        if (z && identityMgtConfig.isAuthPolicyOneTimePasswordCheck() && !userStoreManager.isReadOnly() && oneTimeLogin) {
            String obj = UserIdentityManagementUtil.generateTemporaryPassword().toString();
            userStoreManager.updateCredentialByAdmin(str, obj);
            String userClaimValue = userStoreManager.getUserClaimValue(str, "http://wso2.org/claims/emailaddress", (String) null);
            if (userClaimValue == null) {
                throw new UserStoreException("No user email provided for user " + str);
            }
            List<NotificationSendingModule> notificationSendingModules = identityMgtConfig.getNotificationSendingModules();
            if (notificationSendingModules == null) {
                throw new UserStoreException("No notification modules configured");
            }
            NotificationDataDTO notificationDataDTO = new NotificationDataDTO();
            NotificationData notificationData = new NotificationData();
            int tenantId = userStoreManager.getTenantId();
            try {
                notificationData.setTagData("first-name", Utils.getClaimFromUserStoreManager(str, tenantId, "http://wso2.org/claims/givenname"));
                notificationData.setTagData("user-name", str);
                notificationData.setTagData("otp-password", obj);
                notificationData.setSendTo(userClaimValue);
                try {
                    try {
                        Notification createNotification = NotificationBuilder.createNotification("EMAIL", ConfigBuilder.getInstance().loadConfiguration(ConfigType.EMAIL, StorageType.REGISTRY, tenantId).getProperty(IdentityMgtConstants.Notification.OTP_PASSWORD), notificationData);
                        NotificationSender notificationSender = new NotificationSender();
                        for (NotificationSendingModule notificationSendingModule : notificationSendingModules) {
                            if (IdentityMgtConfig.getInstance().isNotificationInternallyManaged()) {
                                notificationSendingModule.setNotificationData(notificationDataDTO);
                                notificationSendingModule.setNotification(createNotification);
                                notificationSender.sendNotification(notificationSendingModule);
                                notificationDataDTO.setNotificationSent(true);
                            }
                        }
                    } catch (Exception e) {
                        throw new UserStoreException("Could not create the email notification");
                    }
                } catch (Exception e2) {
                    throw new UserStoreException("Could not load the email template configuration");
                }
            } catch (IdentityException e3) {
                throw new UserStoreException("Could not load user given name");
            }
        }
        if (!z || !identityMgtConfig.isAuthPolicyExpirePasswordCheck() || oneTimeLogin || !userStoreManager.isReadOnly()) {
        }
        if (z || !identityMgtConfig.isAuthPolicyAccountLockOnFailure()) {
            if (!load.isAccountLocked() && load.getFailAttempts() <= 0) {
                return true;
            }
            load.setAccountLock(false);
            load.setFailAttempts(0);
            load.setUnlockTime(0L);
            try {
                this.module.store(load, userStoreManager);
                return true;
            } catch (IdentityException e4) {
                throw new UserStoreException("Error while doPostAuthenticate", e4);
            }
        }
        load.setFailAttempts();
        if (load.getFailAttempts() >= identityMgtConfig.getAuthPolicyMaxLoginAttempts()) {
            if (log.isDebugEnabled()) {
                log.debug("User, " + str + " has exceed the max failed login attempts. User account would be locked");
            }
            load.setAccountLock(true);
            if (IdentityMgtConfig.getInstance().getAuthPolicyLockingTime() != 0) {
                load.setUnlockTime(System.currentTimeMillis() + (r0 * 60 * 1000));
            }
        }
        try {
            this.module.store(load, userStoreManager);
            return true;
        } catch (IdentityException e5) {
            throw new UserStoreException("Error while doPostAuthenticate", e5);
        }
    }

    public boolean doPreAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        if (log.isDebugEnabled()) {
            log.debug("Pre add user is called in IdentityMgtEventListener");
        }
        IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
        if (!identityMgtConfig.isListenerEnable()) {
            return true;
        }
        if (obj != null) {
            try {
                if ((obj instanceof StringBuffer) && obj.toString().trim().length() > 0) {
                    this.policyRegistry.enforcePasswordPolicies(obj.toString(), str);
                }
            } catch (PolicyViolationException e) {
                log.error(e.getMessage());
                throw new UserStoreException(e.getMessage());
            }
        }
        if (obj == null || ((obj instanceof StringBuffer) && obj.toString().trim().length() < 1)) {
            if (!identityMgtConfig.isEnableTemporaryPassword()) {
                log.error("Empty passwords are not allowed");
                return false;
            }
            if (log.isDebugEnabled()) {
                log.debug("Credentials are null. Using a temporary password as credentials");
            }
            threadLocalProperties.get().put(EMPTY_PASSWORD_USED, true);
            char[] generateTemporaryPassword = UserIdentityManagementUtil.generateTemporaryPassword();
            ((StringBuffer) obj).replace(0, generateTemporaryPassword.length, new String(generateTemporaryPassword));
        }
        HashMap hashMap = new HashMap();
        Iterator<Map.Entry<String, String>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<String, String> next = it.next();
            if (next.getKey().contains("http://wso2.org/claims/challengeQuestion") || next.getKey().contains("http://wso2.org/claims/identity")) {
                hashMap.put(next.getKey(), next.getValue());
                it.remove();
            }
        }
        threadLocalProperties.get().put(USER_IDENTITY_DO, new UserIdentityClaimsDO(str, hashMap));
        return true;
    }

    public boolean doPostAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        if (log.isDebugEnabled()) {
            log.debug("Post add user is called in IdentityMgtEventListener");
        }
        IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
        if (!identityMgtConfig.isListenerEnable()) {
            return true;
        }
        UserIdentityClaimsDO userIdentityClaimsDO = (UserIdentityClaimsDO) threadLocalProperties.get().get(USER_IDENTITY_DO);
        if (!identityMgtConfig.isEnableUserAccountVerification() || !threadLocalProperties.get().containsKey(EMPTY_PASSWORD_USED)) {
            if (!identityMgtConfig.isAuthPolicyAccountLockOnCreation()) {
                return true;
            }
            userIdentityClaimsDO.setAccountLock(true);
            userIdentityClaimsDO.setPasswordTimeStamp(System.currentTimeMillis());
            try {
                identityMgtConfig.getIdentityDataStore().store(userIdentityClaimsDO, userStoreManager);
                return true;
            } catch (IdentityException e) {
                throw new UserStoreException("Error while doPostAddUser", e);
            }
        }
        userIdentityClaimsDO.setAccountLock(false).setPasswordTimeStamp(System.currentTimeMillis());
        try {
            this.module.store(userIdentityClaimsDO, userStoreManager);
            new UserRecoveryDataDO().setUserName(str).setTenantId(userStoreManager.getTenantId()).setCode((String) obj);
            RecoveryProcessor recoveryProcessor = new RecoveryProcessor();
            VerificationBean verificationBean = new VerificationBean();
            try {
                verificationBean = recoveryProcessor.updateConfirmationCode(1, str, userStoreManager.getTenantId());
            } catch (IdentityException e2) {
                e2.printStackTrace();
            }
            new UserIdentityMgtBean().setUserId(str).setConfirmationCode(verificationBean.getKey()).setRecoveryType("temporaryPassword").setEmail(map.get(identityMgtConfig.getAccountRecoveryClaim()));
            UserRecoveryDTO userRecoveryDTO = new UserRecoveryDTO(str);
            userRecoveryDTO.setNotification(IdentityMgtConstants.Notification.ASK_PASSWORD);
            userRecoveryDTO.setNotificationType("EMAIL");
            userRecoveryDTO.setTenantId(userStoreManager.getTenantId());
            userRecoveryDTO.setConfirmationCode(verificationBean.getKey());
            try {
                NotificationDataDTO recoverWithNotification = recoveryProcessor.recoverWithNotification(userRecoveryDTO);
                return recoverWithNotification != null && recoverWithNotification.isNotificationSent();
            } catch (IdentityException e3) {
                if (log.isDebugEnabled()) {
                    log.debug(e3.getMessage());
                }
                throw new UserStoreException("Error while sending notification. " + e3.getMessage());
            }
        } catch (IdentityException e4) {
            throw new UserStoreException("Error while doPostAddUser", e4);
        }
    }

    public boolean doPreUpdateCredential(String str, Object obj, Object obj2, UserStoreManager userStoreManager) throws UserStoreException {
        if (log.isDebugEnabled()) {
            log.debug("Pre update credential is called in IdentityMgtEventListener");
        }
        if (!IdentityMgtConfig.getInstance().isListenerEnable()) {
            return true;
        }
        if (obj != null) {
            try {
                if ((obj instanceof String) && obj.toString().trim().length() > 0) {
                    this.policyRegistry.enforcePasswordPolicies(obj.toString(), str);
                }
            } catch (PolicyViolationException e) {
                log.error(e.getMessage());
                throw new UserStoreException(e.getMessage());
            }
        }
        return true;
    }

    public boolean doPreUpdateCredentialByAdmin(String str, Object obj, UserStoreManager userStoreManager) throws UserStoreException {
        if (log.isDebugEnabled()) {
            log.debug("Pre update credential by admin is called in IdentityMgtEventListener");
        }
        IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
        if (!identityMgtConfig.isListenerEnable()) {
            return true;
        }
        if (obj != null) {
            try {
                if ((obj instanceof StringBuffer) && obj.toString().trim().length() > 0) {
                    this.policyRegistry.enforcePasswordPolicies(obj.toString(), str);
                }
            } catch (PolicyViolationException e) {
                log.error(e.getMessage());
                throw new UserStoreException(e.getMessage());
            }
        }
        if (obj != null && (!(obj instanceof StringBuffer) || ((StringBuffer) obj).toString().trim().length() >= 1)) {
            log.debug("Updating credentials of user " + str + " by admin with a non-empty password");
            return true;
        }
        if (!identityMgtConfig.isEnableTemporaryPassword()) {
            log.error("Empty passwords are not allowed");
            return false;
        }
        if (log.isDebugEnabled()) {
            log.debug("Credentials are null. Using a temporary password as credentials");
        }
        char[] generateTemporaryPassword = UserIdentityManagementUtil.generateTemporaryPassword();
        ((StringBuffer) obj).replace(0, generateTemporaryPassword.length, new String(generateTemporaryPassword));
        UserIdentityMgtBean userIdentityMgtBean = new UserIdentityMgtBean();
        userIdentityMgtBean.setUserId(str);
        userIdentityMgtBean.setConfirmationCode(obj.toString());
        userIdentityMgtBean.setRecoveryType("temporaryPassword");
        log.debug("Sending the tempory password to the user " + str);
        UserIdentityManagementUtil.notifyViaEmail(userIdentityMgtBean);
        return true;
    }

    public boolean doPreSetUserClaimValue(String str, String str2, String str3, String str4, UserStoreManager userStoreManager) throws UserStoreException {
        if (!IdentityMgtConfig.getInstance().isListenerEnable()) {
            return true;
        }
        IdentityMgtConfig.getInstance().getIdentityDataStore();
        return (str2.contains("http://wso2.org/claims/challengeQuestion") || str2.contains("http://wso2.org/claims/identity")) ? true : true;
    }

    public boolean doPreSetUserClaimValues(String str, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        if (!IdentityMgtConfig.getInstance().isListenerEnable()) {
            return true;
        }
        UserIdentityDataStore identityDataStore = IdentityMgtConfig.getInstance().getIdentityDataStore();
        UserIdentityClaimsDO userIdentityClaimsDO = new UserIdentityClaimsDO(str);
        Iterator<Map.Entry<String, String>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<String, String> next = it.next();
            if (next.getKey().contains("http://wso2.org/claims/challengeQuestion") || next.getKey().contains("http://wso2.org/claims/identity")) {
                userIdentityClaimsDO.setUserIdentityDataClaim(next.getKey(), next.getValue());
                it.remove();
            }
        }
        try {
            identityDataStore.store(userIdentityClaimsDO, userStoreManager);
            return true;
        } catch (IdentityException e) {
            throw new UserStoreException("Error while doPreSetUserClaimValues", e);
        }
    }

    public boolean doPostDeleteUser(String str, UserStoreManager userStoreManager) throws UserStoreException {
        if (!IdentityMgtConfig.getInstance().isListenerEnable()) {
            return true;
        }
        try {
            IdentityMgtConfig.getInstance().getIdentityDataStore().remove(str, userStoreManager);
            try {
                UserRegistry configSystemRegistry = IdentityMgtServiceComponent.getRegistryService().getConfigSystemRegistry(userStoreManager.getTenantId());
                String str2 = "/repository/components/org.wso2.carbon.identity.mgt/keys/" + userStoreManager.getTenantId() + "/" + str;
                if (configSystemRegistry.resourceExists(str2)) {
                    configSystemRegistry.delete(str2);
                }
                return true;
            } catch (RegistryException e) {
                log.error("Error while deleting recovery data for user : " + str + " in tenant : " + userStoreManager.getTenantId(), e);
                return true;
            }
        } catch (IdentityException e2) {
            throw new UserStoreException("Error while doPostDeleteUser", e2);
        }
    }

    public boolean doPostGetUserClaimValues(String str, String[] strArr, String str2, Map<String, String> map, UserStoreManager userStoreManager) throws UserStoreException {
        UserIdentityClaimsDO load;
        if (!IdentityMgtConfig.getInstance().isListenerEnable()) {
            return true;
        }
        if (map == null) {
            map = new HashMap();
        }
        UserIdentityDataStore identityDataStore = IdentityMgtConfig.getInstance().getIdentityDataStore();
        boolean z = false;
        for (String str3 : strArr) {
            if (str3.contains("http://wso2.org/claims/challengeQuestion") || str3.contains("http://wso2.org/claims/identity")) {
                z = true;
                break;
            }
        }
        if (!z || (load = identityDataStore.load(str, userStoreManager)) == null) {
            return true;
        }
        for (String str4 : strArr) {
            if (load.getUserDataMap().containsKey(str4)) {
                map.put(str4, load.getUserDataMap().get(str4));
            }
        }
        return true;
    }

    public boolean doPostGetUserClaimValue(String str, String str2, List<String> list, String str3, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPostUpdateCredential(String str, Object obj, UserStoreManager userStoreManager) throws UserStoreException {
        IdentityMgtConfig identityMgtConfig = IdentityMgtConfig.getInstance();
        UserIdentityClaimsDO load = this.module.load(str, userStoreManager);
        if (load == null) {
            load = new UserIdentityClaimsDO(str);
        }
        boolean oneTimeLogin = load.getOneTimeLogin();
        if (!identityMgtConfig.isAuthPolicyExpirePasswordCheck() || oneTimeLogin || userStoreManager.isReadOnly()) {
            return true;
        }
        Calendar.getInstance();
        load.setPasswordTimeStamp(Calendar.getInstance().getTimeInMillis());
        try {
            this.module.store(load, userStoreManager);
            return true;
        } catch (IdentityException e) {
            throw new UserStoreException(e.getMessage());
        }
    }
}
