package pl.edu.icm.unity.stdext.credential;

import java.security.SecureRandom;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Random;
import org.apache.log4j.Logger;
import org.bouncycastle.util.Arrays;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.exceptions.IllegalIdentityValueException;
import pl.edu.icm.unity.exceptions.TooManyAttempts;
import pl.edu.icm.unity.exceptions.WrongArgumentException;
import pl.edu.icm.unity.notifications.NotificationProducer;
import pl.edu.icm.unity.server.api.internal.IdentityResolver;
import pl.edu.icm.unity.server.authn.CredentialHelper;
import pl.edu.icm.unity.server.authn.CredentialReset;
import pl.edu.icm.unity.server.authn.CredentialResetSettings;
import pl.edu.icm.unity.server.authn.EntityWithCredential;
import pl.edu.icm.unity.server.authn.LocalCredentialVerificator;
import pl.edu.icm.unity.server.utils.Log;
import pl.edu.icm.unity.server.utils.UnityMessageSource;
import pl.edu.icm.unity.stdext.utils.CryptoUtils;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.types.basic.IdentityTaV;

/* loaded from: input_file:pl/edu/icm/unity/stdext/credential/CredentialResetImpl.class */
public class CredentialResetImpl implements CredentialReset {
    private static final int MAX_ANSWER_ATTEMPTS = 2;
    private static final int MAX_RESENDS = 3;
    private static final long MAX_CODE_VALIDITY = 108000;
    private NotificationProducer notificationProducer;
    private IdentityResolver identityResolver;
    private CredentialHelper credentialHelper;
    private LocalCredentialVerificator localCredentialHandler;
    private IdentityTaV requestedSubject;
    private EntityWithCredential resolved;
    private PasswordCredentialDBState credState;
    private String credentialId;
    private String completeCredentialConfiguration;
    private CredentialResetSettings settings;
    private String codeSent;
    private long codeValidityEnd;
    private int answerAttempts = 0;
    private int dynamicAnswerAttempts = 0;
    private int codeSendingAttempts = 0;
    private static final Logger log = Log.getLogger("unity.server", CredentialResetImpl.class);
    private static final char[] CHARS_POOL = {'Q', 'W', 'E', 'R', 'T', 'Y', 'U', 'I', 'O', 'P', 'A', 'S', 'D', 'F', 'G', 'H', 'J', 'K', 'L', 'Z', 'X', 'C', 'V', 'B', 'N', 'M', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0'};
    private static final Random rnd = new SecureRandom();

    public CredentialResetImpl(NotificationProducer notificationProducer, IdentityResolver identityResolver, LocalCredentialVerificator localCredentialVerificator, CredentialHelper credentialHelper, String str, String str2, CredentialResetSettings credentialResetSettings) {
        this.notificationProducer = notificationProducer;
        this.credentialHelper = credentialHelper;
        this.identityResolver = identityResolver;
        this.credentialId = str;
        this.localCredentialHandler = localCredentialVerificator;
        this.completeCredentialConfiguration = str2;
        this.settings = credentialResetSettings;
    }

    public void setSubject(IdentityTaV identityTaV) {
        this.requestedSubject = identityTaV;
        try {
            this.resolved = this.identityResolver.resolveIdentity(identityTaV.getValue(), PasswordVerificator.IDENTITY_TYPES, this.credentialId);
            this.credState = PasswordCredentialDBState.fromJson(this.resolved.getCredentialValue());
        } catch (IllegalIdentityValueException e) {
        } catch (Exception e2) {
            log.error("Exception when trying to resolve identity", e2);
        }
    }

    public CredentialResetSettings getSettings() {
        return this.settings;
    }

    public String getSecurityQuestion() {
        String securityQuestion;
        if (this.credState != null && (securityQuestion = this.credState.getSecurityQuestion()) != null) {
            return securityQuestion;
        }
        return getFakeQuestion();
    }

    private String getFakeQuestion() {
        List questions = this.settings.getQuestions();
        int hashCode = this.requestedSubject.getValue().hashCode();
        return (String) questions.get((hashCode < 0 ? -hashCode : hashCode) % questions.size());
    }

    public void verifyStaticData(String str) throws WrongArgumentException, IllegalIdentityValueException, TooManyAttempts {
        if (this.credState == null) {
            throw new IllegalIdentityValueException("Identity was not resolved.");
        }
        if (this.answerAttempts >= MAX_ANSWER_ATTEMPTS) {
            throw new TooManyAttempts();
        }
        this.answerAttempts++;
        byte[] answerHash = this.credState.getAnswerHash();
        int answerRehashNumber = this.credState.getAnswerRehashNumber();
        String securityQuestion = this.credState.getSecurityQuestion();
        if (answerHash == null || securityQuestion == null) {
            throw new IllegalIdentityValueException("Identity has no question set.");
        }
        if (!Arrays.areEqual(CryptoUtils.hash(str.toLowerCase(), securityQuestion, answerRehashNumber), answerHash)) {
            throw new WrongArgumentException("The answer is incorrect");
        }
    }

    private void createCode() {
        int codeLength = this.settings.getCodeLength();
        char[] cArr = new char[codeLength];
        for (int i = 0; i < codeLength; i++) {
            cArr[i] = CHARS_POOL[rnd.nextInt(CHARS_POOL.length)];
        }
        this.codeSent = new String(cArr);
        this.codeValidityEnd = System.currentTimeMillis() + MAX_CODE_VALIDITY;
    }

    public void sendCode() throws EngineException {
        if (this.credState == null) {
            throw new IllegalIdentityValueException("Identity was not resolved.");
        }
        if (this.codeSendingAttempts >= MAX_RESENDS) {
            throw new TooManyAttempts();
        }
        this.codeSendingAttempts++;
        if (this.codeSent == null) {
            createCode();
        }
        HashMap hashMap = new HashMap();
        hashMap.put(PasswordResetTemplateDef.VAR_CODE, this.codeSent);
        hashMap.put(PasswordResetTemplateDef.VAR_USER, this.requestedSubject.getValue());
        String securityCodeMsgTemplate = this.settings.getSecurityCodeMsgTemplate();
        Locale locale = UnityMessageSource.getLocale((Locale) null);
        this.notificationProducer.sendNotification(new EntityParam(Long.valueOf(this.resolved.getEntityId())), "Default e-mail channel", securityCodeMsgTemplate, hashMap, locale == null ? null : locale.toString(), this.requestedSubject.getValue());
    }

    public void verifyDynamicData(String str) throws WrongArgumentException, TooManyAttempts {
        if (this.dynamicAnswerAttempts >= MAX_ANSWER_ATTEMPTS) {
            throw new TooManyAttempts();
        }
        this.dynamicAnswerAttempts++;
        if (System.currentTimeMillis() > this.codeValidityEnd) {
            throw new TooManyAttempts();
        }
        if (this.codeSent == null || !this.codeSent.equals(str)) {
            throw new WrongArgumentException("The code is invalid");
        }
    }

    public String getCredentialConfiguration() {
        return this.completeCredentialConfiguration;
    }

    public void updateCredential(String str) throws EngineException {
        if (this.credState == null) {
            throw new IllegalStateException("Identity was not resolved.");
        }
        this.credentialHelper.setCredential(this.resolved.getEntityId(), this.credentialId, str, this.localCredentialHandler);
    }
}
