package org.forgerock.openam.selfservice.config.flows;

import java.util.ArrayList;
import org.forgerock.openam.selfservice.KeyStoreJwtTokenConfig;
import org.forgerock.openam.selfservice.config.ServiceConfigProvider;
import org.forgerock.openam.selfservice.config.beans.ForgottenPasswordConsoleConfig;
import org.forgerock.selfservice.core.StorageType;
import org.forgerock.selfservice.core.config.ProcessInstanceConfig;
import org.forgerock.selfservice.stages.captcha.CaptchaStageConfig;
import org.forgerock.selfservice.stages.email.VerifyEmailAccountConfig;
import org.forgerock.selfservice.stages.kba.KbaConfig;
import org.forgerock.selfservice.stages.kba.SecurityAnswerVerificationConfig;
import org.forgerock.selfservice.stages.reset.ResetStageConfig;
import org.forgerock.selfservice.stages.user.UserQueryConfig;
import org.forgerock.services.context.Context;

/* loaded from: input_file:org/forgerock/openam/selfservice/config/flows/ForgottenPasswordConfigProvider.class */
public final class ForgottenPasswordConfigProvider implements ServiceConfigProvider<ForgottenPasswordConsoleConfig> {
    @Override // org.forgerock.openam.selfservice.config.ServiceConfigProvider
    public boolean isServiceEnabled(ForgottenPasswordConsoleConfig forgottenPasswordConsoleConfig) {
        return forgottenPasswordConsoleConfig.isEnabled();
    }

    @Override // org.forgerock.openam.selfservice.config.ServiceConfigProvider
    public ProcessInstanceConfig getServiceConfig(ForgottenPasswordConsoleConfig forgottenPasswordConsoleConfig, Context context, String str) {
        ArrayList arrayList = new ArrayList();
        if (forgottenPasswordConsoleConfig.isCaptchaEnabled()) {
            arrayList.add(new CaptchaStageConfig().setRecaptchaSiteKey(forgottenPasswordConsoleConfig.getCaptchaSiteKey()).setRecaptchaSecretKey(forgottenPasswordConsoleConfig.getCaptchaSecretKey()).setRecaptchaUri(forgottenPasswordConsoleConfig.getCaptchaVerificationUrl()));
        }
        arrayList.add(new UserQueryConfig().setValidQueryFields(forgottenPasswordConsoleConfig.getValidQueryAttributes()).setIdentityIdField("/username").setIdentityUsernameField("/username").setIdentityEmailField("/" + forgottenPasswordConsoleConfig.getEmailAttributeName() + "/0").setIdentityServiceUrl("/users"));
        if (forgottenPasswordConsoleConfig.isEmailEnabled()) {
            arrayList.add(new VerifyEmailAccountConfig().setEmailServiceUrl("/email").setIdentityEmailField(forgottenPasswordConsoleConfig.getEmailAttributeName()).setSubjectTranslations(forgottenPasswordConsoleConfig.getSubjectTranslations()).setMessageTranslations(forgottenPasswordConsoleConfig.getMessageTranslations()).setMimeType("text/html").setVerificationLinkToken("%link%").setVerificationLink(forgottenPasswordConsoleConfig.getEmailVerificationUrl(str)));
        }
        if (forgottenPasswordConsoleConfig.isKbaEnabled()) {
            arrayList.add(new SecurityAnswerVerificationConfig(new KbaConfig()).setQuestions(forgottenPasswordConsoleConfig.getSecurityQuestions()).setKbaPropertyName("kbaInfo").setNumberOfQuestionsUserMustAnswer(forgottenPasswordConsoleConfig.getMinimumAnswersToVerify()).setIdentityServiceUrl("/users"));
        }
        arrayList.add(new ResetStageConfig().setIdentityServiceUrl("/users").setIdentityPasswordField("userPassword"));
        return new ProcessInstanceConfig().setStageConfigs(arrayList).setSnapshotTokenConfig(new KeyStoreJwtTokenConfig().withEncryptionKeyPairAlias(forgottenPasswordConsoleConfig.getEncryptionKeyPairAlias()).withSigningSecretKeyAlias(forgottenPasswordConsoleConfig.getSigningSecretKeyAlias()).withTokenLifeTimeInSeconds(forgottenPasswordConsoleConfig.getTokenExpiry())).setStorageType(StorageType.STATELESS);
    }
}
