package org.forgerock.selfservice.stages.kba;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.inject.Inject;
import org.forgerock.json.JsonPointer;
import org.forgerock.json.JsonValue;
import org.forgerock.json.resource.BadRequestException;
import org.forgerock.json.resource.Connection;
import org.forgerock.json.resource.ConnectionFactory;
import org.forgerock.json.resource.InternalServerErrorException;
import org.forgerock.json.resource.ReadRequest;
import org.forgerock.json.resource.Requests;
import org.forgerock.json.resource.ResourceException;
import org.forgerock.selfservice.core.ProcessContext;
import org.forgerock.selfservice.core.StageResponse;
import org.forgerock.selfservice.core.annotations.SelfService;
import org.forgerock.selfservice.core.crypto.JsonCryptoException;
import org.forgerock.selfservice.core.util.Answers;
import org.forgerock.selfservice.core.util.RequirementsBuilder;
import org.forgerock.selfservice.stages.CommonStateFields;
import org.forgerock.util.Reject;

/* loaded from: input_file:org/forgerock/selfservice/stages/kba/SecurityAnswerVerificationStage.class */
public final class SecurityAnswerVerificationStage extends AbstractKbaStage<SecurityAnswerVerificationConfig> {
    static final String KEY_STATE_ANSWER_VS_QUESTION = "KEY_STATE_ANSWER_VS_QUESTION";
    private static final String DEFAULT_VALUE_KBA_PROPERTY_NAME = "kba";

    @Inject
    public SecurityAnswerVerificationStage(@SelfService ConnectionFactory connectionFactory) {
        super(connectionFactory);
    }

    public JsonValue gatherInitialRequirements(ProcessContext processContext, SecurityAnswerVerificationConfig securityAnswerVerificationConfig) throws ResourceException {
        Reject.ifFalse(processContext.containsState(CommonStateFields.USER_ID_FIELD), "Security answer verification stage expects userId in the context");
        String asString = processContext.getState(CommonStateFields.USER_ID_FIELD).asString();
        Reject.ifNull(securityAnswerVerificationConfig.getIdentityServiceUrl(), "Identity service url should be configured");
        Reject.ifTrue(securityAnswerVerificationConfig.getQuestions() == null || securityAnswerVerificationConfig.getQuestions().size() < 1, "KBA questions should be configured");
        Reject.ifTrue(securityAnswerVerificationConfig.getNumberOfQuestionsUserMustAnswer() < 1, "Number of questions user must answer is configured as " + securityAnswerVerificationConfig.getNumberOfQuestionsUserMustAnswer());
        ArrayList arrayList = new ArrayList(getKbaAnswersSetDuringRegistration(processContext, securityAnswerVerificationConfig, asString).asList());
        Collections.shuffle(arrayList);
        int min = Math.min(securityAnswerVerificationConfig.getNumberOfQuestionsUserMustAnswer(), arrayList.size());
        if (min != securityAnswerVerificationConfig.getNumberOfQuestionsUserMustAnswer()) {
            throw new BadRequestException("Insufficient number of questions. Minimum number of questions user must answer: " + securityAnswerVerificationConfig.getNumberOfQuestionsUserMustAnswer() + ", Questions available: " + arrayList.size());
        }
        JsonValue json = JsonValue.json(arrayList.subList(0, min));
        HashMap hashMap = new HashMap();
        RequirementsBuilder newInstance = RequirementsBuilder.newInstance("Answer security questions");
        generateRequirement(securityAnswerVerificationConfig, json, hashMap, newInstance);
        putQuestionTrackersToState(processContext, hashMap);
        return newInstance.build();
    }

    private void generateRequirement(SecurityAnswerVerificationConfig securityAnswerVerificationConfig, JsonValue jsonValue, Map<String, String> map, RequirementsBuilder requirementsBuilder) {
        int i = 1;
        Iterator it = jsonValue.iterator();
        while (it.hasNext()) {
            JsonValue jsonValue2 = (JsonValue) it.next();
            int i2 = i;
            i++;
            String str = "answer" + i2;
            JsonValue jsonValue3 = jsonValue2.get("questionId");
            if (jsonValue3.isNotNull()) {
                Map map2 = (Map) securityAnswerVerificationConfig.getQuestions().get(jsonValue3.asString());
                Reject.ifNull(map2, "KBA question is not configured for the questionId: " + jsonValue3.asString());
                requirementsBuilder.addRequireProperty(str, RequirementsBuilder.newEmptyObject().addCustomField("systemQuestion", JsonValue.json(map2)).addCustomField("type", JsonValue.json("string")));
                map.put(str, jsonValue3.asString());
            } else {
                JsonValue jsonValue4 = jsonValue2.get("customQuestion");
                if (!jsonValue4.isNotNull()) {
                    throw new IllegalStateException("Invalid KBA question format. " + securityAnswerVerificationConfig.getQuestions());
                }
                requirementsBuilder.addRequireProperty(str, RequirementsBuilder.newEmptyObject().addCustomField("userQuestion", JsonValue.json(jsonValue4.asString())).addCustomField("type", JsonValue.json("string")));
                map.put(str, jsonValue4.asString());
            }
        }
    }

    public StageResponse advance(ProcessContext processContext, SecurityAnswerVerificationConfig securityAnswerVerificationConfig) throws ResourceException {
        String asString = processContext.getState(CommonStateFields.USER_ID_FIELD).asString();
        JsonValue input = processContext.getInput();
        Reject.ifTrue(input.isNull() || input.asMap().isEmpty(), "Answers for the security questions are not provided");
        JsonValue kbaAnswersSetDuringRegistration = getKbaAnswersSetDuringRegistration(processContext, securityAnswerVerificationConfig, asString);
        for (Map.Entry<String, String> entry : getQuestionTrackersFromState(processContext).entrySet()) {
            matchAnswer(entry.getKey(), entry.getValue(), input, kbaAnswersSetDuringRegistration);
        }
        return StageResponse.newBuilder().build();
    }

    private JsonValue getKbaAnswersSetDuringRegistration(ProcessContext processContext, SecurityAnswerVerificationConfig securityAnswerVerificationConfig, String str) throws ResourceException {
        return getKbaAnswersSetDuringRegistration(securityAnswerVerificationConfig, readUser(processContext, securityAnswerVerificationConfig, str));
    }

    private JsonValue readUser(ProcessContext processContext, SecurityAnswerVerificationConfig securityAnswerVerificationConfig, String str) throws ResourceException {
        ReadRequest newReadRequest = Requests.newReadRequest(securityAnswerVerificationConfig.getIdentityServiceUrl() + "/" + str);
        Connection connection = this.connectionFactory.getConnection();
        Throwable th = null;
        try {
            try {
                JsonValue content = connection.read(processContext.getRequestContext(), newReadRequest).getContent();
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connection.close();
                    }
                }
                return content;
            } finally {
            }
        } catch (Throwable th3) {
            if (connection != null) {
                if (th != null) {
                    try {
                        connection.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    connection.close();
                }
            }
            throw th3;
        }
    }

    private JsonValue getKbaAnswersSetDuringRegistration(SecurityAnswerVerificationConfig securityAnswerVerificationConfig, JsonValue jsonValue) {
        JsonValue jsonValue2 = jsonValue.get(new JsonPointer(securityAnswerVerificationConfig.getKbaPropertyName() != null ? securityAnswerVerificationConfig.getKbaPropertyName() : DEFAULT_VALUE_KBA_PROPERTY_NAME));
        return jsonValue2 == null ? JsonValue.json(JsonValue.array(new Object[0])) : jsonValue2;
    }

    private void matchAnswer(String str, String str2, JsonValue jsonValue, JsonValue jsonValue2) throws InternalServerErrorException, BadRequestException {
        if (!match(str, str2, jsonValue, jsonValue2)) {
            throw new BadRequestException("Answers are not matched");
        }
    }

    private boolean match(String str, String str2, JsonValue jsonValue, JsonValue jsonValue2) throws InternalServerErrorException {
        if (!jsonValue.asMap().containsKey(str)) {
            return false;
        }
        String asString = jsonValue.get(str).asString();
        Iterator it = jsonValue2.iterator();
        while (it.hasNext()) {
            JsonValue jsonValue3 = (JsonValue) it.next();
            JsonValue jsonValue4 = jsonValue3.get("questionId");
            if (jsonValue4.isNotNull() && jsonValue4.asString().equals(str2)) {
                return match(asString, jsonValue3.get("answer"));
            }
            JsonValue jsonValue5 = jsonValue3.get("customQuestion");
            if (jsonValue5.isNotNull() && jsonValue5.asString().equals(str2)) {
                return match(asString, jsonValue3.get("answer"));
            }
        }
        return false;
    }

    private boolean match(String str, JsonValue jsonValue) throws InternalServerErrorException {
        try {
            return this.cryptoService.matches(Answers.normaliseAnswer(str), jsonValue);
        } catch (JsonCryptoException e) {
            throw new InternalServerErrorException("Error while matching the answers", e);
        }
    }

    private void putQuestionTrackersToState(ProcessContext processContext, Map<String, String> map) {
        processContext.putState(KEY_STATE_ANSWER_VS_QUESTION, map);
    }

    private Map<String, String> getQuestionTrackersFromState(ProcessContext processContext) {
        Reject.ifNull(processContext.getState(KEY_STATE_ANSWER_VS_QUESTION), "Unable to track the questions asked to the user");
        return processContext.getState(KEY_STATE_ANSWER_VS_QUESTION).asMap(String.class);
    }
}
