package com.evolveum.midpoint.gui.impl.page.login.module;

import com.evolveum.midpoint.authentication.api.authorization.PageDescriptor;
import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.gui.api.page.PageBase;
import com.evolveum.midpoint.gui.api.util.GuiDisplayTypeUtil;
import com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin;
import com.evolveum.midpoint.gui.impl.util.DetailsPageUtil;
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.AuthenticationSequenceTypeUtil;
import com.evolveum.midpoint.schema.util.SecurityPolicyUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.component.form.MidpointForm;
import com.evolveum.midpoint.web.component.util.VisibleBehaviour;
import com.evolveum.midpoint.web.security.util.SecurityUtils;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.lang.invoke.SerializedLambda;
import org.apache.commons.lang3.StringUtils;
import org.apache.wicket.AttributeModifier;
import org.apache.wicket.RestartResponseException;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.link.ExternalLink;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.LoadableDetachableModel;
import org.apache.wicket.model.Model;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:BOOT-INF/lib/admin-gui-4.10-M4.jar:com/evolveum/midpoint/gui/impl/page/login/module/PageAbstractAuthenticationModule.class */
public abstract class PageAbstractAuthenticationModule<MA extends ModuleAuthentication> extends AbstractPageLogin<MA> {
    private static final long serialVersionUID = 1;
    private static final String ID_CSRF_FIELD = "csrfField";
    private static final String ID_FORM = "form";
    private final LoadableDetachableModel<SecurityPolicyType> securityPolicyModel;
    private static final String ID_FLOW_LINK_CONTAINER = "flowLinkContainer";
    private static final String ID_IDENTITY_RECOVERY = "identityRecovery";
    private static final String ID_IDENTITY_RECOVERY_LABEL = "identityRecoveryLabel";
    private static final String ID_RESET_PASSWORD = "resetPassword";
    private static final String ID_RESET_PASSWORD_LABEL = "resetPasswordLabel";
    private static final String ID_SELF_REGISTRATION = "selfRegistration";
    private static final String ID_SELF_REGISTRATION_LABEL = "selfRegistrationLabel";
    private static final String DOT_CLASS = PageLogin.class.getName() + ".";
    protected static final String OPERATION_LOAD_RESET_PASSWORD_POLICY = DOT_CLASS + "loadPasswordResetPolicy";
    private static final String OPERATION_GET_SECURITY_POLICY = DOT_CLASS + "getSecurityPolicy";
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) PageLogin.class);

    public PageAbstractAuthenticationModule(PageParameters pageParameters) {
        super(pageParameters);
        this.securityPolicyModel = new LoadableDetachableModel<SecurityPolicyType>() { // from class: com.evolveum.midpoint.gui.impl.page.login.module.PageAbstractAuthenticationModule.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.wicket.model.LoadableDetachableModel
            public SecurityPolicyType load() {
                try {
                    return PageAbstractAuthenticationModule.this.getModelInteractionService().getSecurityPolicyForArchetype(PageAbstractAuthenticationModule.this.getArchetypeOid(), PageAbstractAuthenticationModule.this.createAnonymousTask(PageAbstractAuthenticationModule.OPERATION_LOAD_RESET_PASSWORD_POLICY), new OperationResult(PageAbstractAuthenticationModule.OPERATION_LOAD_RESET_PASSWORD_POLICY));
                } catch (CommonException e) {
                    PageAbstractAuthenticationModule.LOGGER.warn("Cannot read credentials policy: " + e.getMessage(), (Throwable) e);
                    return null;
                }
            }
        };
    }

    public PageAbstractAuthenticationModule() {
        this(null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin, com.evolveum.midpoint.gui.api.page.PageAdminLTE, org.apache.wicket.Page, org.apache.wicket.MarkupContainer, org.apache.wicket.Component
    public void onInitialize() {
        super.onInitialize();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserType searchUser() {
        GuiProfiledPrincipal principalUser = AuthUtil.getPrincipalUser();
        if (principalUser != null) {
            return (UserType) principalUser.getFocus();
        }
        return null;
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected final void initCustomLayout() {
        MidpointForm midpointForm = new MidpointForm("form");
        midpointForm.add(AttributeModifier.replace("action", (IModel<?>) this::getUrlProcessingLogin));
        add(midpointForm);
        WebMarkupContainer webMarkupContainer = new WebMarkupContainer(ID_FLOW_LINK_CONTAINER);
        webMarkupContainer.setOutputMarkupId(true);
        add(webMarkupContainer);
        SecurityPolicyType loadSecurityPolicyType = loadSecurityPolicyType();
        addIdentityRecoveryLink(webMarkupContainer, loadSecurityPolicyType);
        addForgotPasswordLink(webMarkupContainer, loadSecurityPolicyType);
        addRegistrationLink(webMarkupContainer, loadSecurityPolicyType);
        webMarkupContainer.add(new VisibleBehaviour(() -> {
            return Boolean.valueOf(isFlowLinkContainerVisible(webMarkupContainer));
        }));
        midpointForm.add(SecurityUtils.createHiddenInputForCsrf(ID_CSRF_FIELD));
        initModuleLayout(midpointForm);
    }

    protected abstract void initModuleLayout(MidpointForm midpointForm);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.wicket.Page, org.apache.wicket.Component
    public void onBeforeRender() {
        super.onBeforeRender();
        confirmAuthentication();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin, org.apache.wicket.markup.html.WebPage, org.apache.wicket.Page, org.apache.wicket.Component
    public void onAfterRender() {
        super.onAfterRender();
    }

    protected void confirmAuthentication() {
        ModuleAuthentication processingModuleAuthentication;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        boolean z = false;
        if (authentication instanceof MidpointAuthentication) {
            MidpointAuthentication midpointAuthentication = (MidpointAuthentication) authentication;
            PageDescriptor pageDescriptor = (PageDescriptor) getClass().getAnnotation(PageDescriptor.class);
            if (pageDescriptor != null && !pageDescriptor.authModule().isEmpty() && (processingModuleAuthentication = midpointAuthentication.getProcessingModuleAuthentication()) != null) {
                z = !processingModuleAuthentication.getModuleTypeName().equals(pageDescriptor.authModule());
            }
        }
        if (authentication != null) {
            if (authentication.isAuthenticated() || z) {
                throw new RestartResponseException(getMidpointApplication().getHomePage());
            }
        }
    }

    private void addIdentityRecoveryLink(WebMarkupContainer webMarkupContainer, SecurityPolicyType securityPolicyType) {
        String identityRecoveryUrl = SecurityUtils.getIdentityRecoveryUrl(securityPolicyType);
        String identityRecoveryLabel = SecurityUtils.getIdentityRecoveryLabel(securityPolicyType);
        addExternalLink(webMarkupContainer, ID_IDENTITY_RECOVERY, identityRecoveryUrl, ID_IDENTITY_RECOVERY_LABEL, StringUtils.isEmpty(identityRecoveryLabel) ? "PageLogin.loginRecovery" : identityRecoveryLabel);
    }

    private void addExternalLink(WebMarkupContainer webMarkupContainer, String str, String str2, String str3, String str4) {
        ExternalLink externalLink = new ExternalLink(str, str2);
        externalLink.add(new VisibleBehaviour(() -> {
            return Boolean.valueOf(StringUtils.isNotBlank(str2) && isLoginAndFirstModule());
        }));
        webMarkupContainer.add(externalLink);
        externalLink.add(new Label(str3, (IModel<?>) createStringResource(str4, new Object[0])));
    }

    private boolean isLoginAndFirstModule() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof MidpointAuthentication)) {
            return true;
        }
        MidpointAuthentication midpointAuthentication = (MidpointAuthentication) authentication;
        return AuthenticationSequenceTypeUtil.hasChannelId(midpointAuthentication.getSequence(), SecurityPolicyUtil.DEFAULT_CHANNEL) && midpointAuthentication.getIndexOfModule(midpointAuthentication.getProcessingModuleAuthentication()) == 0;
    }

    private void addForgotPasswordLink(WebMarkupContainer webMarkupContainer, SecurityPolicyType securityPolicyType) {
        String passwordResetUrl = SecurityUtils.getPasswordResetUrl(securityPolicyType);
        String passwordResetLabel = SecurityUtils.getPasswordResetLabel(securityPolicyType);
        addExternalLink(webMarkupContainer, ID_RESET_PASSWORD, passwordResetUrl, ID_RESET_PASSWORD_LABEL, StringUtils.isEmpty(passwordResetLabel) ? "PageLogin.resetPassword" : passwordResetLabel);
    }

    private void addRegistrationLink(WebMarkupContainer webMarkupContainer, SecurityPolicyType securityPolicyType) {
        String registrationUrl = SecurityUtils.getRegistrationUrl(securityPolicyType);
        String registrationLabel = SecurityUtils.getRegistrationLabel(securityPolicyType);
        addExternalLink(webMarkupContainer, ID_SELF_REGISTRATION, registrationUrl, ID_SELF_REGISTRATION_LABEL, StringUtils.isEmpty(registrationLabel) ? "PageLogin.registerNewAccount" : registrationLabel);
    }

    private boolean isFlowLinkContainerVisible(WebMarkupContainer webMarkupContainer) {
        return webMarkupContainer.streamChildren().anyMatch(component -> {
            return (component instanceof ExternalLink) && isLinkVisible((ExternalLink) component);
        });
    }

    private boolean isLinkVisible(ExternalLink externalLink) {
        return externalLink.getBehaviors().stream().anyMatch(behavior -> {
            return (behavior instanceof VisibleBehaviour) && ((VisibleBehaviour) behavior).isVisible();
        });
    }

    private SecurityPolicyType loadSecurityPolicyType() {
        return this.securityPolicyModel.getObject2();
    }

    protected String getUrlProcessingLogin() {
        ModuleAuthentication processingModuleAuthentication;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if ((authentication instanceof MidpointAuthentication) && (processingModuleAuthentication = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication()) != null) {
            return AuthUtil.stripSlashes(processingModuleAuthentication.getPrefix()) + "/spring_security_login";
        }
        error(getString("web.security.flexAuth.unsupported.auth.type"));
        return "/midpoint/spring_security_login";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.wicket.Page, org.apache.wicket.MarkupContainer, org.apache.wicket.Component
    public void onDetach() {
        this.securityPolicyModel.detach();
        super.onDetach();
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected final boolean isBackButtonVisible() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof MidpointAuthentication)) {
            return false;
        }
        MidpointAuthentication midpointAuthentication = (MidpointAuthentication) authentication;
        int indexOfModule = midpointAuthentication.getIndexOfModule(midpointAuthentication.getProcessingModuleAuthentication());
        return (indexOfModule == 0 && !AuthenticationSequenceTypeUtil.hasChannelId(midpointAuthentication.getSequence(), SecurityPolicyUtil.DEFAULT_CHANNEL)) || indexOfModule > 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityPolicyType resolveSecurityPolicy(PrismObject<UserType> prismObject) {
        return (SecurityPolicyType) runPrivileged(() -> {
            Task createAnonymousTask = createAnonymousTask(OPERATION_GET_SECURITY_POLICY);
            createAnonymousTask.setChannel(SchemaConstants.CHANNEL_SELF_REGISTRATION_URI);
            try {
                return getModelInteractionService().getSecurityPolicy(prismObject, getArchetypeOid(), createAnonymousTask, new OperationResult(OPERATION_GET_SECURITY_POLICY));
            } catch (CommonException e) {
                LOGGER.error("Could not retrieve security policy: {}", e.getMessage(), e);
                return null;
            }
        });
    }

    public MidpointForm<?> getForm() {
        return (MidpointForm) get("form");
    }

    protected String getArchetypeOid() {
        return null;
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected boolean isActionDefined() {
        MA authenticationModuleConfiguration = getAuthenticationModuleConfiguration();
        return (authenticationModuleConfiguration == null || authenticationModuleConfiguration.getAction() == null || authenticationModuleConfiguration.getAction().getTarget() == null) ? false : true;
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected IModel<String> getActionLabelModel() {
        MA authenticationModuleConfiguration = getAuthenticationModuleConfiguration();
        if (authenticationModuleConfiguration == null || authenticationModuleConfiguration.getAction() == null || authenticationModuleConfiguration.getAction().getTarget() == null) {
            return Model.of("");
        }
        String translatedLabel = GuiDisplayTypeUtil.getTranslatedLabel(authenticationModuleConfiguration.getAction().getDisplay());
        return StringUtils.isNotEmpty(translatedLabel) ? Model.of(translatedLabel) : Model.of(authenticationModuleConfiguration.getAction().getTarget().getTargetUrl());
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected void actionPerformed() {
        MA authenticationModuleConfiguration = getAuthenticationModuleConfiguration();
        if (authenticationModuleConfiguration == null || authenticationModuleConfiguration.getAction() == null || authenticationModuleConfiguration.getAction().getTarget() == null) {
            return;
        }
        DetailsPageUtil.redirectFromDashboardWidget(authenticationModuleConfiguration.getAction(), null, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateUserNotNullOrFail(UserType userType) {
        if (userType == null) {
            LOGGER.error("Couldn't find principal user, you probably use wrong configuration. Please confirm order of authentication modules and add module for identification of user before '" + getModuleTypeName() + "' module, for example 'focusIdentification' module.", (Throwable) new IllegalArgumentException("principal user is null"));
            getSession().error(getString("pageForgetPassword.message.user.not.found"));
            throw new RestartResponseException(PageBase.class);
        }
    }

    protected String getModuleTypeName() {
        return getAuthenticationModuleConfiguration().getModuleTypeName();
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1518849504:
                if (implMethodName.equals("lambda$initCustomLayout$3aba8d53$1")) {
                    z = 2;
                    break;
                }
                break;
            case -974473746:
                if (implMethodName.equals("lambda$addExternalLink$193ddc8f$1")) {
                    z = true;
                    break;
                }
                break;
            case 762588317:
                if (implMethodName.equals("getUrlProcessingLogin")) {
                    z = 3;
                    break;
                }
                break;
            case 1128233535:
                if (implMethodName.equals("lambda$resolveSecurityPolicy$a5482f47$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/util/Producer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/login/module/PageAbstractAuthenticationModule") && serializedLambda.getImplMethodSignature().equals("(Lcom/evolveum/midpoint/prism/PrismObject;)Lcom/evolveum/midpoint/xml/ns/_public/common/common_3/SecurityPolicyType;")) {
                    PageAbstractAuthenticationModule pageAbstractAuthenticationModule = (PageAbstractAuthenticationModule) serializedLambda.getCapturedArg(0);
                    PrismObject prismObject = (PrismObject) serializedLambda.getCapturedArg(1);
                    return () -> {
                        Task createAnonymousTask = createAnonymousTask(OPERATION_GET_SECURITY_POLICY);
                        createAnonymousTask.setChannel(SchemaConstants.CHANNEL_SELF_REGISTRATION_URI);
                        try {
                            return getModelInteractionService().getSecurityPolicy(prismObject, getArchetypeOid(), createAnonymousTask, new OperationResult(OPERATION_GET_SECURITY_POLICY));
                        } catch (CommonException e) {
                            LOGGER.error("Could not retrieve security policy: {}", e.getMessage(), e);
                            return null;
                        }
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/web/component/util/SerializableSupplier") && serializedLambda.getFunctionalInterfaceMethodName().equals("get") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/login/module/PageAbstractAuthenticationModule") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;)Ljava/lang/Boolean;")) {
                    PageAbstractAuthenticationModule pageAbstractAuthenticationModule2 = (PageAbstractAuthenticationModule) serializedLambda.getCapturedArg(0);
                    String str = (String) serializedLambda.getCapturedArg(1);
                    return () -> {
                        return Boolean.valueOf(StringUtils.isNotBlank(str) && isLoginAndFirstModule());
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/web/component/util/SerializableSupplier") && serializedLambda.getFunctionalInterfaceMethodName().equals("get") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/login/module/PageAbstractAuthenticationModule") && serializedLambda.getImplMethodSignature().equals("(Lorg/apache/wicket/markup/html/WebMarkupContainer;)Ljava/lang/Boolean;")) {
                    PageAbstractAuthenticationModule pageAbstractAuthenticationModule3 = (PageAbstractAuthenticationModule) serializedLambda.getCapturedArg(0);
                    WebMarkupContainer webMarkupContainer = (WebMarkupContainer) serializedLambda.getCapturedArg(1);
                    return () -> {
                        return Boolean.valueOf(isFlowLinkContainerVisible(webMarkupContainer));
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("org/apache/wicket/model/IModel") && serializedLambda.getFunctionalInterfaceMethodName().equals(RepositoryService.OP_GET_OBJECT) && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/login/module/PageAbstractAuthenticationModule") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    PageAbstractAuthenticationModule pageAbstractAuthenticationModule4 = (PageAbstractAuthenticationModule) serializedLambda.getCapturedArg(0);
                    return pageAbstractAuthenticationModule4::getUrlProcessingLogin;
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
