package org.cloudfoundry.identity.uaa.login;

import java.io.IOException;
import java.sql.Timestamp;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.time.DateUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.authentication.Origin;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCode;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore;
import org.cloudfoundry.identity.uaa.error.UaaException;
import org.cloudfoundry.identity.uaa.login.AccountCreationService;
import org.cloudfoundry.identity.uaa.oauth.Claims;
import org.cloudfoundry.identity.uaa.scim.ScimUser;
import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning;
import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceAlreadyExistsException;
import org.cloudfoundry.identity.uaa.util.UaaUrlUtils;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.type.TypeReference;
import org.springframework.http.HttpStatus;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.NoSuchClientException;
import org.springframework.web.client.HttpClientErrorException;
import org.thymeleaf.context.Context;
import org.thymeleaf.spring4.SpringTemplateEngine;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-login-2.2.6.jar:org/cloudfoundry/identity/uaa/login/EmailAccountCreationService.class */
public class EmailAccountCreationService implements AccountCreationService {
    public static final String SIGNUP_REDIRECT_URL = "signup_redirect_url";
    private final Log logger = LogFactory.getLog(getClass());
    private final SpringTemplateEngine templateEngine;
    private final MessageService messageService;
    private final ExpiringCodeStore codeStore;
    private final ScimUserProvisioning scimUserProvisioning;
    private final ClientDetailsService clientDetailsService;
    private final String brand;
    private final UaaUrlUtils uaaUrlUtils;
    private final ObjectMapper objectMapper;

    public EmailAccountCreationService(ObjectMapper objectMapper, SpringTemplateEngine springTemplateEngine, MessageService messageService, ExpiringCodeStore expiringCodeStore, ScimUserProvisioning scimUserProvisioning, ClientDetailsService clientDetailsService, UaaUrlUtils uaaUrlUtils, String str) {
        this.objectMapper = objectMapper;
        this.templateEngine = springTemplateEngine;
        this.messageService = messageService;
        this.codeStore = expiringCodeStore;
        this.scimUserProvisioning = scimUserProvisioning;
        this.clientDetailsService = clientDetailsService;
        this.uaaUrlUtils = uaaUrlUtils;
        this.brand = str;
    }

    @Override // org.cloudfoundry.identity.uaa.login.AccountCreationService
    public void beginActivation(String str, String str2, String str3) {
        String subjectText = getSubjectText();
        try {
            generateAndSendCode(str, str3, subjectText, createUser(str, str2).getId());
        } catch (IOException e) {
            this.logger.error("Exception raised while creating account activation email for " + str, e);
        } catch (ScimResourceAlreadyExistsException e2) {
            List<ScimUser> query = this.scimUserProvisioning.query("userName eq \"" + str + "\" and origin eq \"" + Origin.UAA + "\"");
            try {
                if (query.size() > 0) {
                    if (query.get(0).isVerified()) {
                        throw new UaaException("User already active.", HttpStatus.CONFLICT.value());
                    }
                    generateAndSendCode(str, str3, subjectText, query.get(0).getId());
                }
            } catch (IOException e3) {
                e3.printStackTrace();
            }
        }
    }

    private void generateAndSendCode(String str, String str2, String str3, String str4) throws IOException {
        ExpiringCode expiringCode = getExpiringCode(str4, str2, new Timestamp(System.currentTimeMillis() + DateUtils.MILLIS_PER_HOUR));
        this.messageService.sendMessage(str4, str, MessageType.CREATE_ACCOUNT_CONFIRMATION, str3, getEmailHtml(this.codeStore.generateCode(expiringCode.getData(), expiringCode.getExpiresAt()).getCode(), str));
    }

    private ExpiringCode getExpiringCode(String str, String str2, Timestamp timestamp) throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(Claims.USER_ID, str);
        hashMap.put("client_id", str2);
        return new ExpiringCode(null, timestamp, this.objectMapper.writeValueAsString(hashMap));
    }

    @Override // org.cloudfoundry.identity.uaa.login.AccountCreationService
    public AccountCreationService.AccountCreationResponse completeActivation(String str) throws IOException {
        String defaultRedirect;
        ExpiringCode retrieveCode = this.codeStore.retrieveCode(str);
        if (retrieveCode == null) {
            throw new HttpClientErrorException(HttpStatus.BAD_REQUEST);
        }
        Map map = (Map) this.objectMapper.readValue(retrieveCode.getData(), new TypeReference<Map<String, String>>() { // from class: org.cloudfoundry.identity.uaa.login.EmailAccountCreationService.1
        });
        ScimUser retrieve = this.scimUserProvisioning.retrieve((String) map.get(Claims.USER_ID));
        ScimUser verifyUser = this.scimUserProvisioning.verifyUser(retrieve.getId(), retrieve.getVersion());
        String str2 = (String) map.get("client_id");
        if (str2 != null) {
            try {
                defaultRedirect = (String) this.clientDetailsService.loadClientByClientId(str2).getAdditionalInformation().get(SIGNUP_REDIRECT_URL);
            } catch (NoSuchClientException e) {
                defaultRedirect = getDefaultRedirect();
            }
        } else {
            defaultRedirect = getDefaultRedirect();
        }
        return new AccountCreationService.AccountCreationResponse(verifyUser.getId(), verifyUser.getUserName(), verifyUser.getUserName(), defaultRedirect);
    }

    private String getDefaultRedirect() throws IOException {
        return "home";
    }

    @Override // org.cloudfoundry.identity.uaa.login.AccountCreationService
    public void resendVerificationCode(String str, String str2) {
        try {
            generateAndSendCode(str, str2, getSubjectText(), this.scimUserProvisioning.query("userName eq \"" + str + "\" and origin eq \"" + Origin.UAA + "\"").get(0).getId());
        } catch (IOException e) {
            this.logger.error("Exception raised while resending activation email for " + str, e);
        }
    }

    @Override // org.cloudfoundry.identity.uaa.login.AccountCreationService
    public ScimUser createUser(String str, String str2) {
        ScimUser scimUser = new ScimUser();
        scimUser.setUserName(str);
        ScimUser.Email email = new ScimUser.Email();
        email.setPrimary(true);
        email.setValue(str);
        scimUser.setEmails(Arrays.asList(email));
        scimUser.setOrigin(Origin.UAA);
        scimUser.setPassword(str2);
        try {
            return this.scimUserProvisioning.createUser(scimUser, str2);
        } catch (RuntimeException e) {
            if (e instanceof ScimResourceAlreadyExistsException) {
                throw e;
            }
            throw new UaaException("Couldn't create user:" + str, e);
        }
    }

    private String getSubjectText() {
        return this.brand.equals("pivotal") ? "Activate your Pivotal ID" : "Activate your account";
    }

    private String getEmailHtml(String str, String str2) {
        String uaaUrl = this.uaaUrlUtils.getUaaUrl("/verify_user");
        Context context = new Context();
        if (IdentityZoneHolder.get().equals(IdentityZone.getUaa())) {
            context.setVariable("serviceName", this.brand.equals("pivotal") ? "Pivotal" : "Cloud Foundry");
        } else {
            context.setVariable("serviceName", IdentityZoneHolder.get().getName());
        }
        context.setVariable("servicePhrase", this.brand.equals("pivotal") ? "a Pivotal ID" : "an account");
        context.setVariable("code", str);
        context.setVariable("email", str2);
        context.setVariable("accountsUrl", uaaUrl);
        return this.templateEngine.process("activate", context);
    }
}
