package org.wso2.carbon.admin.mgt.internal.util;

import java.util.HashMap;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.admin.mgt.beans.AdminMgtInfoBean;
import org.wso2.carbon.admin.mgt.constants.AdminMgtConstants;
import org.wso2.carbon.admin.mgt.exception.AdminManagementException;
import org.wso2.carbon.admin.mgt.internal.AdminManagementServiceComponent;
import org.wso2.carbon.admin.mgt.util.AdminMgtUtil;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.tenant.Tenant;
import org.wso2.carbon.user.core.tenant.TenantManager;

/* loaded from: input_file:org/wso2/carbon/admin/mgt/internal/util/PasswordUtil.class */
public class PasswordUtil {
    private static final Log log = LogFactory.getLog(PasswordUtil.class);
    private static Log audit = CarbonConstants.AUDIT_LOG;

    public static boolean initiatePasswordReset(AdminMgtInfoBean adminMgtInfoBean) throws AdminManagementException {
        String tenantLessUserName = adminMgtInfoBean.getTenantLessUserName();
        String tenantDomain = adminMgtInfoBean.getTenantDomain();
        TenantManager tenantManager = AdminManagementServiceComponent.getTenantManager();
        int tenantIdFromDomain = AdminMgtUtil.getTenantIdFromDomain(tenantDomain);
        String str = tenantIdFromDomain == -1234 ? tenantLessUserName : tenantLessUserName + "@" + tenantDomain;
        try {
            try {
                String emailAddressForUser = getEmailAddressForUser(tenantLessUserName, str, tenantIdFromDomain, tenantManager.getTenant(tenantIdFromDomain));
                if (emailAddressForUser == null || emailAddressForUser.trim().equalsIgnoreCase("")) {
                    if (!log.isDebugEnabled()) {
                        return false;
                    }
                    log.debug(AdminMgtConstants.NO_EMAIL_ADDRESS_SET_ERROR);
                    return false;
                }
                try {
                    return verifyPasswordResetRequest(str, populateDataMap(adminMgtInfoBean, tenantLessUserName, str, emailAddressForUser, tenantIdFromDomain, generateConfirmationKey(tenantLessUserName, tenantDomain)));
                } catch (RegistryException e) {
                    log.error("Error in generating the confirmation key for the password reset", e);
                    throw new AdminManagementException("Error in generating the confirmation key for the password reset", e);
                }
            } catch (AdminManagementException e2) {
                log.error(AdminMgtConstants.NO_EMAIL_ADDRESS_SET_ERROR, e2);
                return false;
            }
        } catch (UserStoreException e3) {
            String str2 = "Unable to get the tenant with the tenantId: " + tenantIdFromDomain;
            log.error(str2, e3);
            throw new AdminManagementException(str2, e3);
        }
    }

    private static boolean verifyPasswordResetRequest(String str, Map<String, String> map) throws AdminManagementException {
        try {
            AdminManagementServiceComponent.getEmailVerificationService().requestUserVerification(map, AdminManagementServiceComponent.getEmailVerifierConfig());
            if (log.isDebugEnabled()) {
                log.debug("Email verification for the password reset.");
            }
            return true;
        } catch (Exception e) {
            String str2 = "Error in notifying the user " + str;
            log.error(str2);
            throw new AdminManagementException(str2, e);
        }
    }

    private static String generateConfirmationKey(String str, String str2) throws RegistryException, AdminManagementException {
        String generateUUID = UUIDGenerator.generateUUID();
        UserRegistry governanceSystemRegistry = AdminManagementServiceComponent.getGovernanceSystemRegistry(-1234);
        String adminManagementPath = AdminMgtUtil.getAdminManagementPath(str, str2);
        Resource newResource = governanceSystemRegistry.resourceExists(adminManagementPath) ? governanceSystemRegistry.get(adminManagementPath) : governanceSystemRegistry.newResource();
        newResource.setContent(generateUUID);
        governanceSystemRegistry.put(adminManagementPath, newResource);
        return generateUUID;
    }

    private static Map<String, String> populateDataMap(AdminMgtInfoBean adminMgtInfoBean, String str, String str2, String str3, int i, String str4) throws AdminManagementException {
        HashMap hashMap = new HashMap();
        hashMap.put(AdminMgtConstants.EMAIL_CONF_DIRECTORY, str3);
        hashMap.put("first-name", ClaimsMgtUtil.getFirstName(AdminManagementServiceComponent.getRealmService(), i));
        hashMap.put("admin", str);
        hashMap.put("userName", str2);
        hashMap.put("tenantDomain", adminMgtInfoBean.getTenantDomain());
        hashMap.put("confirmationKey", str4);
        return hashMap;
    }

    private static String getEmailAddressForUser(String str, String str2, int i, Tenant tenant) throws AdminManagementException {
        String str3 = "";
        try {
            if (i == -1234) {
                if (log.isDebugEnabled()) {
                    log.debug("Getting email address for the super tenant user password reset");
                }
                str3 = ClaimsMgtUtil.getEmailAddressFromUserProfile(AdminManagementServiceComponent.getRealmService(), str2, i);
                audit.info("Password reset link for the user " + str2 + " of the super tenant to be sent to the email address " + str3);
            } else if (i > 0) {
                str3 = getEmailAddressForTenants(str2, str, i, tenant, ClaimsMgtUtil.getAdminUserNameFromTenantId(AdminManagementServiceComponent.getRealmService(), i));
            }
            return str3;
        } catch (AdminManagementException e) {
            log.info("Unable to retrieve an email address associated with the given user.", e);
            throw new AdminManagementException("Unable to retrieve an email address associated with the given user.", e);
        }
    }

    private static String getEmailAddressForTenants(String str, String str2, int i, Tenant tenant, String str3) throws AdminManagementException {
        String str4 = "";
        if (str3.equalsIgnoreCase(str2)) {
            if (log.isDebugEnabled()) {
                log.debug("Password reset for a tenant admin");
            }
            str4 = tenant.getEmail();
            audit.info("Password reset link for the tenant admin " + str + " of tenant id: " + i + " to be sent to the email address " + str4);
        } else if (!str3.equalsIgnoreCase(str2)) {
            if (log.isDebugEnabled()) {
                log.debug("Password reset for a non-admin tenant user");
            }
            str4 = ClaimsMgtUtil.getEmailAddressFromUserProfile(AdminManagementServiceComponent.getRealmService(), str, i);
            audit.info("Password reset link for a user " + str + " of the tenant of tenant id: " + i + " to be sent to the email address " + str4);
        }
        return str4;
    }

    private static boolean updatePassword(AdminMgtInfoBean adminMgtInfoBean, UserStoreManager userStoreManager) throws AdminManagementException {
        String tenantLessUserName = adminMgtInfoBean.getTenantLessUserName();
        String tenantDomain = adminMgtInfoBean.getTenantDomain();
        String password = adminMgtInfoBean.getPassword();
        String userNameWithDomain = AdminMgtUtil.getUserNameWithDomain(tenantLessUserName, tenantDomain);
        try {
            userStoreManager.updateCredentialByAdmin(tenantLessUserName, password);
            log.info("Password reset for the user: " + userNameWithDomain);
            audit.info("Password for the user " + userNameWithDomain + " is successfully reset");
            return true;
        } catch (org.wso2.carbon.user.core.UserStoreException e) {
            String str = "Error in changing the password for user: " + userNameWithDomain;
            audit.error("Error in changing the password for the user: " + userNameWithDomain, e);
            log.error(str, e);
            throw new AdminManagementException(str, e);
        }
    }

    public static boolean updateCredentials(AdminMgtInfoBean adminMgtInfoBean) throws AdminManagementException {
        String tenantDomain = adminMgtInfoBean.getTenantDomain();
        try {
            UserRegistry configSystemRegistry = AdminManagementServiceComponent.getConfigSystemRegistry(AdminMgtUtil.getTenantIdFromDomain(tenantDomain));
            boolean z = false;
            if (adminMgtInfoBean.getPassword() != null && !adminMgtInfoBean.getPassword().equals("")) {
                z = true;
            }
            try {
                UserStoreManager userStoreManager = configSystemRegistry.getUserRealm().getUserStoreManager();
                if (userStoreManager.isReadOnly() || !z) {
                    return false;
                }
                return updatePassword(adminMgtInfoBean, userStoreManager);
            } catch (org.wso2.carbon.user.core.UserStoreException e) {
                log.error("Error in getting the user store manager for the user.", e);
                throw new AdminManagementException("Error in getting the user store manager for the user.", e);
            }
        } catch (RegistryException e2) {
            String str = "Error in getting the config system registry for the tenant, " + tenantDomain;
            log.error(str, e2);
            throw new AdminManagementException(str, e2);
        }
    }

    public static boolean proceedUpdateCredentials(String str, String str2, String str3) throws AdminManagementException {
        String adminManagementPath = AdminMgtUtil.getAdminManagementPath(str2, str);
        try {
            UserRegistry governanceSystemRegistry = AdminManagementServiceComponent.getGovernanceSystemRegistry(-1234);
            if (governanceSystemRegistry.resourceExists(adminManagementPath)) {
                String str4 = null;
                Object content = governanceSystemRegistry.get(adminManagementPath).getContent();
                if (content instanceof String) {
                    str4 = (String) content;
                } else if (content instanceof byte[]) {
                    str4 = new String((byte[]) content);
                }
                if (str4 != null && str4.equals(str3)) {
                    if (!log.isDebugEnabled()) {
                        return true;
                    }
                    log.debug("Password resetting for the user of the domain: " + str);
                    return true;
                }
                if (str4 == null || !str4.equals(str3)) {
                    log.error(AdminMgtConstants.CONFIRMATION_KEY_NOT_MACHING);
                    return false;
                }
            } else {
                log.warn("The confirmationKey doesn't exist in service.");
            }
            return false;
        } catch (RegistryException e) {
            log.error("Unable to verify the update credentials request", e);
            throw new AdminManagementException("Unable to verify the update credentials request", e);
        }
    }
}
