package io.gravitee.am.management.service.impl;

import io.gravitee.am.common.jwt.JWT;
import io.gravitee.am.jwt.JWTBuilder;
import io.gravitee.am.management.service.DomainService;
import io.gravitee.am.management.service.EmailService;
import io.gravitee.am.model.Application;
import io.gravitee.am.model.Domain;
import io.gravitee.am.model.IdentityProvider;
import io.gravitee.am.model.PasswordPolicy;
import io.gravitee.am.model.Reference;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.Template;
import io.gravitee.am.model.User;
import io.gravitee.am.model.account.AccountSettings;
import io.gravitee.am.model.common.Page;
import io.gravitee.am.model.factor.EnrolledFactor;
import io.gravitee.am.model.oidc.Client;
import io.gravitee.am.repository.management.api.search.FilterCriteria;
import io.gravitee.am.repository.management.api.search.LoginAttemptCriteria;
import io.gravitee.am.service.ApplicationService;
import io.gravitee.am.service.LoginAttemptService;
import io.gravitee.am.service.PasswordPolicyService;
import io.gravitee.am.service.RoleService;
import io.gravitee.am.service.TokenService;
import io.gravitee.am.service.UserService;
import io.gravitee.am.service.exception.ClientNotFoundException;
import io.gravitee.am.service.exception.DomainNotFoundException;
import io.gravitee.am.service.exception.InvalidPasswordException;
import io.gravitee.am.service.exception.RoleNotFoundException;
import io.gravitee.am.service.exception.UserAlreadyExistsException;
import io.gravitee.am.service.exception.UserInvalidException;
import io.gravitee.am.service.exception.UserNotFoundException;
import io.gravitee.am.service.exception.UserProviderNotFoundException;
import io.gravitee.am.service.model.AbstractNewUser;
import io.gravitee.am.service.model.NewUser;
import io.gravitee.am.service.model.UpdateUser;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.management.UserAuditBuilder;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.CompletableSource;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Single;
import java.time.Instant;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Optional;
import java.util.function.BiFunction;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component("managementUserService")
/* loaded from: input_file:io/gravitee/am/management/service/impl/UserServiceImpl.class */
public class UserServiceImpl extends AbstractUserService<UserService> implements io.gravitee.am.management.service.UserService {
    private static final String DEFAULT_IDP_PREFIX = "default-idp-";

    @Value("${user.registration.token.expire-after:86400}")
    private Integer expireAfter;

    @Autowired
    private EmailService emailService;

    @Autowired
    @Qualifier("managementJwtBuilder")
    private JWTBuilder jwtBuilder;

    @Autowired
    private LoginAttemptService loginAttemptService;

    @Autowired
    private ApplicationService applicationService;

    @Autowired
    private RoleService roleService;

    @Autowired
    private DomainService domainService;

    @Autowired
    private UserService userService;

    @Autowired
    protected TokenService tokenService;

    @Autowired
    protected PasswordPolicyService passwordPolicyService;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.gravitee.am.management.service.impl.AbstractUserService
    public UserService getUserService() {
        return this.userService;
    }

    @Override // io.gravitee.am.management.service.CommonUserService
    public Single<Page<User>> search(ReferenceType referenceType, String str, String str2, int i, int i2) {
        return this.userService.search(referenceType, str, str2, i, i2);
    }

    @Override // io.gravitee.am.management.service.CommonUserService
    public Single<Page<User>> search(ReferenceType referenceType, String str, FilterCriteria filterCriteria, int i, int i2) {
        return this.userService.search(referenceType, str, filterCriteria, i, i2);
    }

    @Override // io.gravitee.am.management.service.CommonUserService
    public Single<Page<User>> findAll(ReferenceType referenceType, String str, int i, int i2) {
        return this.userService.findAll(referenceType, str, i, i2);
    }

    @Override // io.gravitee.am.management.service.UserService
    public Single<Page<User>> findByDomain(String str, int i, int i2) {
        return findAll(ReferenceType.DOMAIN, str, i, i2);
    }

    @Override // io.gravitee.am.management.service.UserService
    public Maybe<User> findById(String str) {
        return this.userService.findById(str);
    }

    @Override // io.gravitee.am.management.service.UserService
    public Single<User> create(Domain domain, NewUser newUser, io.gravitee.am.identityprovider.api.User user) {
        if (StringUtils.isBlank(newUser.getUsername())) {
            return Single.error(() -> {
                return new UserInvalidException("Field [username] is required");
            });
        }
        if (newUser.getPassword() == null && Boolean.FALSE.equals(Boolean.valueOf(newUser.isPreRegistration()))) {
            return Single.error(new UserInvalidException("Field [password] is required"));
        }
        String password = newUser.getPassword();
        if (newUser.getSource() == null) {
            newUser.setSource("default-idp-" + domain.getId());
        }
        return this.userService.findByDomainAndUsernameAndSource(domain.getId(), newUser.getUsername(), newUser.getSource()).isEmpty().flatMap(bool -> {
            return Boolean.FALSE.equals(bool) ? Single.error(new UserAlreadyExistsException(newUser.getUsername())) : this.identityProviderManager.getUserProvider(newUser.getSource()).switchIfEmpty(Single.error(() -> {
                return new UserProviderNotFoundException(newUser.getSource());
            })).flatMap(userProvider -> {
                return checkClientFunction().apply(domain.getId(), newUser.getClient()).map((v0) -> {
                    return Optional.of(v0);
                }).defaultIfEmpty(Optional.empty()).flatMap(optional -> {
                    Application application = (Application) optional.orElse(null);
                    newUser.setDomain(domain.getId());
                    newUser.setClient(application != null ? application.getId() : null);
                    newUser.setInternal(true);
                    if (newUser.isPreRegistration()) {
                        newUser.setPassword((String) null);
                        newUser.setRegistrationCompleted(false);
                        newUser.setEnabled(false);
                    } else {
                        newUser.setRegistrationCompleted(true);
                        newUser.setEnabled(true);
                        newUser.setDomain(domain.getId());
                    }
                    User transform = transform(newUser);
                    Optional<IdentityProvider> identityProvider = this.identityProviderManager.getIdentityProvider(newUser.getSource());
                    return this.passwordPolicyService.retrievePasswordPolicy(transform, application, identityProvider.orElse(null)).map((v0) -> {
                        return Optional.ofNullable(v0);
                    }).switchIfEmpty(Maybe.just(Optional.empty())).flatMapSingle(optional -> {
                        String password2 = newUser.getPassword();
                        return (password2 == null || !isInvalidUserPassword(password2, (PasswordPolicy) optional.orElse(null), transform)) ? Single.just(transform) : Single.error(InvalidPasswordException.of("Field [password] is invalid", "invalid_password_value"));
                    }).flatMapCompletable(user2 -> {
                        return (CompletableSource) this.userValidator.validate(user2);
                    }).doOnError(th -> {
                        this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("USER_CREATED").reference(Reference.domain(domain.getId())).throwable(th));
                    }).andThen(Single.defer(() -> {
                        return userProvider.create(convert((AbstractNewUser) newUser));
                    })).map(user3 -> {
                        newUser.setPassword((String) null);
                        newUser.setExternalId(user3.getId());
                        return newUser;
                    }).onErrorResumeNext(th2 -> {
                        return th2 instanceof UserAlreadyExistsException ? userProvider.findByUsername(newUser.getUsername()).flatMapSingle(user4 -> {
                            return this.userService.findByDomainAndUsernameAndSource(domain.getId(), user4.getUsername(), newUser.getSource()).isEmpty().map(bool -> {
                                if (!bool.booleanValue()) {
                                    throw new UserAlreadyExistsException(newUser.getUsername());
                                }
                                newUser.setPassword((String) null);
                                newUser.setExternalId(user4.getId());
                                newUser.setUsername(user4.getUsername());
                                return newUser;
                            });
                        }).toSingle() : Single.error(th2);
                    }).flatMap(newUser2 -> {
                        return Single.just(transform(newUser2)).flatMapMaybe(user4 -> {
                            AccountSettings accountSettings = AccountSettings.getInstance(domain, application);
                            return (Boolean.TRUE.equals(Boolean.valueOf(newUser.isPreRegistration() && accountSettings != null)) && accountSettings.isDynamicUserRegistration()) ? getUserRegistrationToken(user4).map(str -> {
                                user4.setRegistrationUserUri(this.domainService.buildUrl(domain, "/confirmRegistration"));
                                user4.setRegistrationAccessToken(str);
                                return user4;
                            }).defaultIfEmpty(user4).toMaybe() : Maybe.just(user4);
                        }).toSingle().flatMap(user5 -> {
                            return this.userService.create(user5).doOnSuccess(user5 -> {
                                this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("USER_CREATED").user(user5));
                            }).doOnError(th3 -> {
                                this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("USER_CREATED").reference(Reference.domain(domain.getId())).throwable(th3));
                            });
                        });
                    }).flatMap(user4 -> {
                        AccountSettings accountSettings = AccountSettings.getInstance(domain, application);
                        if (Boolean.TRUE.equals(Boolean.valueOf(newUser.isPreRegistration())) && (accountSettings == null || !accountSettings.isDynamicUserRegistration())) {
                            return sendRegistrationConfirmation(user4.getReferenceId(), user4.getId(), user).toSingleDefault(user4);
                        }
                        createPasswordHistory(domain, application, user4, password, user, (IdentityProvider) identityProvider.orElse(null));
                        return Single.just(user4);
                    });
                });
            });
        });
    }

    @Override // io.gravitee.am.management.service.UserService
    public Single<User> update(String str, String str2, UpdateUser updateUser, io.gravitee.am.identityprovider.api.User user) {
        return update(ReferenceType.DOMAIN, str, str2, updateUser, user);
    }

    @Override // io.gravitee.am.management.service.impl.AbstractUserService, io.gravitee.am.management.service.CommonUserService
    public Single<User> delete(ReferenceType referenceType, String str, String str2, io.gravitee.am.identityprovider.api.User user) {
        return super.delete(referenceType, str, str2, user).flatMap(user2 -> {
            return this.tokenService.deleteByUser(user2).toSingleDefault(user2);
        });
    }

    @Override // io.gravitee.am.management.service.UserService
    public Single<User> updateStatus(String str, String str2, boolean z, io.gravitee.am.identityprovider.api.User user) {
        return updateStatus(ReferenceType.DOMAIN, str, str2, z, user);
    }

    @Override // io.gravitee.am.management.service.impl.AbstractUserService, io.gravitee.am.management.service.CommonUserService
    public Single<User> updateStatus(ReferenceType referenceType, String str, String str2, boolean z, io.gravitee.am.identityprovider.api.User user) {
        Completable complete = z ? Completable.complete() : this.tokenService.deleteByUser(User.simpleUser(str2, referenceType, str));
        return getUserService().findById(referenceType, str, str2).flatMap(user2 -> {
            user2.setEnabled(Boolean.valueOf(z));
            return complete.andThen(getUserService().update(user2));
        }).doOnSuccess(user3 -> {
            this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type(z ? "USER_ENABLED" : "USER_DISABLED").user(user3));
        }).doOnError(th -> {
            this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type(z ? "USER_ENABLED" : "USER_DISABLED").throwable(th));
        });
    }

    @Override // io.gravitee.am.management.service.UserService
    public Completable resetPassword(Domain domain, String str, String str2, io.gravitee.am.identityprovider.api.User user) {
        return this.userService.findById(ReferenceType.DOMAIN, domain.getId(), str).flatMap(user2 -> {
            return checkClientFunction().apply(domain.getId(), user2.getClient()).map((v0) -> {
                return Optional.ofNullable(v0);
            }).defaultIfEmpty(Optional.empty()).flatMap(optional -> {
                Client client = (Client) optional.map((v0) -> {
                    return v0.toClient();
                }).orElse(new Client());
                return this.identityProviderManager.getUserProvider(user2.getSource()).switchIfEmpty(Single.error(() -> {
                    return new UserProviderNotFoundException(user2.getSource());
                })).flatMap(userProvider -> {
                    return this.passwordPolicyService.retrievePasswordPolicy(user2, client, this.identityProviderManager.getIdentityProvider(user2.getSource()).orElse(null)).map((v0) -> {
                        return Optional.ofNullable(v0);
                    }).switchIfEmpty(Maybe.just(Optional.empty())).filter(optional -> {
                        return !isInvalidUserPassword(str2, (PasswordPolicy) optional.orElse(null), user2);
                    }).switchIfEmpty(Maybe.error(() -> {
                        return InvalidPasswordException.of("Field [password] is invalid", "invalid_password_value");
                    })).flatMap(optional2 -> {
                        return this.passwordHistoryService.addPasswordToHistory(ReferenceType.DOMAIN, domain.getId(), user2, str2, user, (PasswordPolicy) optional2.orElse(null));
                    }).ignoreElement().andThen(Single.defer(() -> {
                        return userProvider.findByUsername(user2.getUsername()).switchIfEmpty(Single.error(() -> {
                            return new UserNotFoundException(user2.getUsername());
                        })).flatMap(user2 -> {
                            return userProvider.updatePassword(user2, str2);
                        }).onErrorResumeNext(th -> {
                            if (!(th instanceof UserNotFoundException)) {
                                return Single.error(th);
                            }
                            user2.setPassword(str2);
                            return userProvider.create(convert(user2));
                        });
                    }));
                }).flatMap(user2 -> {
                    if (user2.isPreRegistration().booleanValue()) {
                        user2.setRegistrationCompleted(true);
                        user2.setEnabled(true);
                    }
                    user2.setPassword((String) null);
                    user2.setExternalId(user2.getId());
                    user2.setLastPasswordReset(new Date());
                    user2.setUpdatedAt(new Date());
                    return this.userService.update(user2);
                }).flatMap(user3 -> {
                    return Single.defer(() -> {
                        return this.tokenService.deleteByUser(user3).toSingleDefault(user3).onErrorResumeNext(th -> {
                            this.logger.warn("Tokens not invalidated for user {} due to : {}", str, th.getMessage());
                            return Single.just(user3);
                        });
                    });
                }).doOnSuccess(user4 -> {
                    this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).client(client).principal(user).type("USER_PASSWORD_RESET").user(user2));
                }).doOnError(th -> {
                    this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).client(client).principal(user).type("USER_PASSWORD_RESET").user(user2).throwable(th));
                });
            });
        }).flatMapCompletable(user3 -> {
            return this.loginAttemptService.reset(new LoginAttemptCriteria.Builder().domain(user3.getReferenceId()).client(user3.getClient()).username(user3.getUsername()).build());
        });
    }

    @Override // io.gravitee.am.management.service.UserService
    public Completable sendRegistrationConfirmation(String str, String str2, io.gravitee.am.identityprovider.api.User user) {
        return this.domainService.findById(str).switchIfEmpty(Maybe.error(() -> {
            return new DomainNotFoundException(str);
        })).flatMapCompletable(domain -> {
            return findById(ReferenceType.DOMAIN, str, str2).flatMapCompletable(user2 -> {
                return !user2.isPreRegistration().booleanValue() ? Completable.error(new UserInvalidException("Pre-registration is disabled for the user " + str2)) : (user2.isPreRegistration().booleanValue() && user2.isRegistrationCompleted().booleanValue()) ? Completable.error(new UserInvalidException("Registration is completed for the user " + str2)) : checkClientFunction().apply(user2.getReferenceId(), user2.getClient()).map((v0) -> {
                    return Optional.of(v0);
                }).defaultIfEmpty(Optional.empty()).doOnSuccess(optional -> {
                    Template template = getTemplate(domain, optional, user2);
                    if (template == Template.ERROR) {
                        this.logger.warn("Cannot find template for provided case. Email will not be send.");
                    } else {
                        this.emailService.send(domain, (Application) optional.orElse(null), template, user2).doOnSuccess(email -> {
                            this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type(resoleEventType(template)).user(user2));
                        }).doOnError(th -> {
                            this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type(resoleEventType(template)).reference(Reference.domain(str)).throwable(th));
                        }).subscribe();
                    }
                }).onErrorComplete().ignoreElement();
            });
        });
    }

    @Override // io.gravitee.am.management.service.UserService
    public Completable lock(ReferenceType referenceType, String str, String str2, io.gravitee.am.identityprovider.api.User user) {
        return findById(referenceType, str, str2).flatMap(user2 -> {
            user2.setAccountNonLocked(false);
            user2.setAccountLockedAt((Date) null);
            user2.setAccountLockedUntil((Date) null);
            return this.identityProviderManager.getUserProvider(user2.getSource()).switchIfEmpty(this.identityProviderManager.getUserProvider(user2.getSource())).switchIfEmpty(Single.error(() -> {
                return new UserProviderNotFoundException(user2.getSource());
            })).flatMap(userProvider -> {
                return this.loginAttemptService.reset(new LoginAttemptCriteria.Builder().domain(user2.getReferenceId()).client(user2.getClient()).username(user2.getUsername()).build()).andThen(this.userService.update(user2));
            });
        }).doOnSuccess(user3 -> {
            this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("USER_LOCKED").user(user3));
        }).doOnError(th -> {
            this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("USER_LOCKED").reference(new Reference(referenceType, str)).throwable(th));
        }).ignoreElement();
    }

    @Override // io.gravitee.am.management.service.UserService
    public Completable unlock(ReferenceType referenceType, String str, String str2, io.gravitee.am.identityprovider.api.User user) {
        return findById(referenceType, str, str2).flatMap(user2 -> {
            user2.setAccountNonLocked(true);
            user2.setAccountLockedAt((Date) null);
            user2.setAccountLockedUntil((Date) null);
            return this.loginAttemptService.reset(new LoginAttemptCriteria.Builder().domain(user2.getReferenceId()).client(user2.getClient()).username(user2.getUsername()).build()).andThen(this.userService.update(user2));
        }).doOnSuccess(user3 -> {
            this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("USER_UNLOCKED").user(user3));
        }).doOnError(th -> {
            this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("USER_UNLOCKED").reference(new Reference(referenceType, str)).throwable(th));
        }).ignoreElement();
    }

    @Override // io.gravitee.am.management.service.UserService
    public Single<User> assignRoles(ReferenceType referenceType, String str, String str2, List<String> list, io.gravitee.am.identityprovider.api.User user) {
        return assignRoles0(referenceType, str, str2, list, user, false);
    }

    @Override // io.gravitee.am.management.service.UserService
    public Single<User> revokeRoles(ReferenceType referenceType, String str, String str2, List<String> list, io.gravitee.am.identityprovider.api.User user) {
        return assignRoles0(referenceType, str, str2, list, user, true);
    }

    @Override // io.gravitee.am.management.service.UserService
    public Single<User> enrollFactors(String str, List<EnrolledFactor> list, io.gravitee.am.identityprovider.api.User user) {
        return this.userService.findById(str).switchIfEmpty(Single.error(() -> {
            return new UserNotFoundException(str);
        })).flatMap(user2 -> {
            User user2 = new User(user2);
            user2.setFactors(list);
            return this.userService.update(user2).doOnSuccess(user3 -> {
                this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("USER_UPDATED").user(user3).oldValue(user2));
            }).doOnError(th -> {
                this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("USER_UPDATED").user(user2).throwable(th));
            });
        });
    }

    @Override // io.gravitee.am.management.service.UserService
    public Single<User> unlinkIdentity(String str, String str2, io.gravitee.am.identityprovider.api.User user) {
        return this.userService.findById(str).switchIfEmpty(Single.error(() -> {
            return new UserNotFoundException(str);
        })).flatMap(user2 -> {
            if (user2.getIdentities() == null) {
                return Single.just(user2);
            }
            User user2 = new User(user2);
            user2.setIdentities((List) user2.getIdentities().stream().filter(userIdentity -> {
                return !str2.equals(userIdentity.getUserId());
            }).collect(Collectors.toList()));
            return this.userService.update(user2).doOnSuccess(user3 -> {
                this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("USER_UPDATED").user(user3).oldValue(user2));
            }).doOnError(th -> {
                this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).reference(new Reference(user2.getReferenceType(), user2.getId())).type("USER_UPDATED").throwable(th));
            });
        });
    }

    public void setExpireAfter(Integer num) {
        this.expireAfter = num;
    }

    private Single<User> assignRoles0(ReferenceType referenceType, String str, String str2, List<String> list, io.gravitee.am.identityprovider.api.User user, boolean z) {
        return findById(referenceType, str, str2).flatMap(user2 -> {
            User user2 = new User(user2);
            if (!z) {
                user2.setRoles(list);
            } else if (user2.getRoles() != null) {
                user2.getRoles().removeAll(list);
            }
            return checkRoles(list).andThen(Single.defer(() -> {
                return this.userService.update(user2);
            })).doOnSuccess(user3 -> {
                this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("USER_ROLES_ASSIGNED").oldValue(user2).user(user3));
            }).doOnError(th -> {
                this.auditService.report(((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).principal(user).type("USER_ROLES_ASSIGNED").reference(new Reference(referenceType, str)).throwable(th));
            });
        });
    }

    @Override // io.gravitee.am.management.service.impl.AbstractUserService
    protected BiFunction<String, String, Maybe<Application>> checkClientFunction() {
        return (str, str2) -> {
            return str2 == null ? Maybe.empty() : this.applicationService.findById(str2).switchIfEmpty(Maybe.defer(() -> {
                return this.applicationService.findByDomainAndClientId(str, str2);
            })).switchIfEmpty(Maybe.empty()).map(application -> {
                if (str.equals(application.getDomain())) {
                    return application;
                }
                throw new ClientNotFoundException(str2);
            });
        };
    }

    private Completable checkRoles(List<String> list) {
        return this.roleService.findByIdIn(list).map(set -> {
            if (set.size() == list.size()) {
                return set;
            }
            list.removeAll((Collection) set.stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toList()));
            throw new RoleNotFoundException(String.join(",", list));
        }).ignoreElement();
    }

    private boolean isInvalidUserPassword(String str, PasswordPolicy passwordPolicy, User user) {
        return !this.passwordService.isValid(str, passwordPolicy, user);
    }

    private Maybe<String> getUserRegistrationToken(User user) {
        return this.emailService.getEmailTemplate(Template.REGISTRATION_CONFIRMATION, user).map(email -> {
            return getUserRegistrationToken(user, Integer.valueOf(email.getExpiresAfter()));
        });
    }

    private String getUserRegistrationToken(User user, Integer num) {
        HashMap hashMap = new HashMap();
        Instant now = Instant.now();
        hashMap.put("iat", Long.valueOf(now.getEpochSecond()));
        hashMap.put("exp", Long.valueOf(now.plusSeconds((num != null ? num : this.expireAfter).intValue()).getEpochSecond()));
        hashMap.put("sub", user.getId());
        if (user.getClient() != null) {
            hashMap.put("aud", user.getClient());
        }
        return this.jwtBuilder.sign(new JWT(hashMap));
    }

    private User transform(NewUser newUser) {
        return transform(newUser, ReferenceType.DOMAIN, newUser.getDomain());
    }

    private void createPasswordHistory(Domain domain, Application application, User user, String str, io.gravitee.am.identityprovider.api.User user2, IdentityProvider identityProvider) {
        this.passwordPolicyService.retrievePasswordPolicy(user, application, identityProvider).map((v0) -> {
            return Optional.of(v0);
        }).switchIfEmpty(Maybe.just(Optional.empty())).flatMap(optional -> {
            return this.passwordHistoryService.addPasswordToHistory(ReferenceType.DOMAIN, domain.getId(), user, str, user2, (PasswordPolicy) optional.orElse(null));
        }).subscribe(passwordHistory -> {
            this.logger.debug("Created password history for user with ID {}", user);
        }, th -> {
            this.logger.debug("Failed to create password history", th);
        });
    }

    private static Template getTemplate(Domain domain, Optional<Application> optional, User user) {
        return (user.getRegistrationUserUri() == null || !user.getRegistrationUserUri().contains(Template.REGISTRATION_VERIFY.redirectUri())) ? Template.REGISTRATION_CONFIRMATION : isSendVerifyRegistrationEmailEnabled(domain, optional) ? Template.REGISTRATION_VERIFY : Template.ERROR;
    }

    private static boolean isSendVerifyRegistrationEmailEnabled(Domain domain, Optional<Application> optional) {
        return ((Boolean) optional.map(application -> {
            AccountSettings accountSettings = AccountSettings.getInstance(domain, application);
            return Boolean.valueOf(accountSettings != null && accountSettings.isSendVerifyRegistrationAccountEmail());
        }).orElseGet(() -> {
            return Boolean.valueOf(domain.getAccountSettings() != null && domain.getAccountSettings().isSendVerifyRegistrationAccountEmail());
        })).booleanValue();
    }

    private String resoleEventType(Template template) {
        if (template == Template.REGISTRATION_VERIFY) {
            return "REGISTRATION_VERIFY_REQUESTED";
        }
        if (template == Template.REGISTRATION_CONFIRMATION) {
            return "REGISTRATION_CONFIRMATION_REQUESTED";
        }
        return null;
    }
}
