package com.evolveum.midpoint.gui.impl.page.lostusername;

import com.evolveum.midpoint.audit.api.AuditEventRecord;
import com.evolveum.midpoint.audit.api.AuditEventType;
import com.evolveum.midpoint.authentication.api.AuthenticationModuleState;
import com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction;
import com.evolveum.midpoint.authentication.api.authorization.PageDescriptor;
import com.evolveum.midpoint.authentication.api.authorization.Url;
import com.evolveum.midpoint.authentication.api.config.CorrelationModuleAuthentication;
import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.gui.api.model.LoadableModel;
import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
import com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin;
import com.evolveum.midpoint.gui.impl.page.login.PageSelfRegistration;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.delta.ChangeType;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.schema.ObjectDeltaOperation;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.security.api.AuthorizationConstants;
import com.evolveum.midpoint.security.api.HttpConnectionInformation;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.component.data.paging.NavigatorPanel;
import com.evolveum.midpoint.web.component.util.VisibleBehaviour;
import com.evolveum.midpoint.web.page.error.PageError;
import com.evolveum.midpoint.web.page.self.PageSelf;
import com.evolveum.midpoint.web.security.util.SecurityUtils;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.lang.invoke.SerializedLambda;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.wicket.Component;
import org.apache.wicket.RestartResponseException;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.markup.html.AjaxLink;
import org.apache.wicket.markup.html.list.ListItem;
import org.apache.wicket.markup.html.list.PageableListView;
import org.apache.wicket.model.IModel;
import org.apache.wicket.request.flow.RedirectToUrlException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

@PageDescriptor(urls = {@Url(mountUrl = "/identityRecovery", matchUrlForSecurity = "/identityRecovery")}, action = {@AuthorizationAction(actionUri = "http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll", label = PageSelf.AUTH_SELF_ALL_LABEL, description = PageSelf.AUTH_SELF_ALL_DESCRIPTION), @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_IDENTITY_RECOVERY_URL)})
/* loaded from: input_file:BOOT-INF/lib/admin-gui-4.10-M4.jar:com/evolveum/midpoint/gui/impl/page/lostusername/PageIdentityRecovery.class */
public class PageIdentityRecovery extends AbstractPageLogin {
    private static final long serialVersionUID = 1;
    private static final String DOT_CLASS = PageIdentityRecovery.class.getName() + ".";
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) PageIdentityRecovery.class);
    private static final String OPERATION_GET_SECURITY_POLICY = DOT_CLASS + "getSecurityPolicy";
    private static final String OPERATION_AUDIT_FOUND_IDENTITIES = DOT_CLASS + "auditFoundIdentities";
    private static final String ID_RECOVERED_IDENTITIES = "recoveredIdentities";
    private static final String ID_DETAILS_PANEL = "detailsPanel";
    private static final String ID_REGISTRATION_LINK = "registrationLink";
    private static final String ID_RESTART_FLOW_LINK = "restartFlow";
    private static final String ID_PAGING = "paging";
    private LoadableModel<List<UserType>> recoveredIdentitiesModel;
    private LoadableModel<SecurityPolicyType> securityPolicyModel;
    private boolean isAudited;
    private static final int IDENTITY_PER_PAGE = 3;

    public PageIdentityRecovery() {
        initModels();
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected boolean isBackButtonVisible() {
        return true;
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected void initCustomLayout() {
        PageableListView<UserType> pageableListView = new PageableListView<UserType>(ID_RECOVERED_IDENTITIES, this.recoveredIdentitiesModel, 3L) { // from class: com.evolveum.midpoint.gui.impl.page.lostusername.PageIdentityRecovery.1
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.Component
            public void onAfterRender() {
                super.onAfterRender();
                if (PageIdentityRecovery.this.isAudited) {
                    return;
                }
                PageIdentityRecovery.this.auditInformationDisclosure();
                PageIdentityRecovery.this.isAudited = true;
            }

            @Override // org.apache.wicket.markup.html.list.ListView
            protected void populateItem(ListItem<UserType> listItem) {
                IdentityDetailsPanel identityDetailsPanel = new IdentityDetailsPanel(PageIdentityRecovery.ID_DETAILS_PANEL, listItem.getModel(), PageIdentityRecovery.this.securityPolicyModel.getObject2(), PageIdentityRecovery.this.isSingleRecoveredIdentity() || (listItem.getIndex() == 0));
                identityDetailsPanel.setOutputMarkupId(true);
                listItem.add(identityDetailsPanel);
            }
        };
        pageableListView.setOutputMarkupId(true);
        add(pageableListView);
        Component component = new NavigatorPanel(ID_PAGING, pageableListView, true) { // from class: com.evolveum.midpoint.gui.impl.page.lostusername.PageIdentityRecovery.2
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.data.paging.NavigatorPanel
            protected String getPaginationCssClass() {
                return null;
            }
        };
        component.add(new VisibleBehaviour(() -> {
            return Boolean.valueOf(!singlePageResult());
        }));
        add(component);
        add(new AjaxLink<String>(ID_RESTART_FLOW_LINK) { // from class: com.evolveum.midpoint.gui.impl.page.lostusername.PageIdentityRecovery.3
            private static final long serialVersionUID = 1;

            @Override // org.apache.wicket.ajax.markup.html.AjaxLink, org.apache.wicket.ajax.markup.html.IAjaxLink
            public void onClick(AjaxRequestTarget ajaxRequestTarget) {
                AuthUtil.clearMidpointAuthentication();
                throw new RedirectToUrlException(SecurityUtils.getIdentityRecoveryUrl(PageIdentityRecovery.this.securityPolicyModel.getObject2()));
            }
        });
        String registrationUrl = SecurityUtils.getRegistrationUrl(this.securityPolicyModel.getObject2());
        Component component2 = new AjaxLink<String>(ID_REGISTRATION_LINK) { // from class: com.evolveum.midpoint.gui.impl.page.lostusername.PageIdentityRecovery.4
            private static final long serialVersionUID = 1;

            @Override // org.apache.wicket.ajax.markup.html.AjaxLink, org.apache.wicket.ajax.markup.html.IAjaxLink
            public void onClick(AjaxRequestTarget ajaxRequestTarget) {
                PageSelfRegistration pageSelfRegistration = new PageSelfRegistration((UserType) SecurityUtils.findCorrelationModuleAuthentication(PageIdentityRecovery.this).getPreFocus());
                AuthUtil.clearMidpointAuthentication();
                setResponsePage(pageSelfRegistration);
            }
        };
        component2.add(new VisibleBehaviour(() -> {
            return Boolean.valueOf(StringUtils.isNotBlank(registrationUrl));
        }));
        add(component2);
    }

    private void initModels() {
        this.recoveredIdentitiesModel = new LoadableModel<List<UserType>>() { // from class: com.evolveum.midpoint.gui.impl.page.lostusername.PageIdentityRecovery.5
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.gui.api.model.LoadableModel
            /* renamed from: load */
            public List<UserType> load2() {
                return PageIdentityRecovery.this.getRecoveredIdentities();
            }
        };
        this.securityPolicyModel = new LoadableModel<SecurityPolicyType>(false) { // from class: com.evolveum.midpoint.gui.impl.page.lostusername.PageIdentityRecovery.6
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.gui.api.model.LoadableModel
            /* renamed from: load */
            public SecurityPolicyType load2() {
                String archetypeOid = PageIdentityRecovery.this.getMidpointAuthentication().getArchetypeOid();
                return (SecurityPolicyType) PageIdentityRecovery.this.runPrivileged(() -> {
                    try {
                        return PageIdentityRecovery.this.getModelInteractionService().getSecurityPolicyForArchetype(archetypeOid, PageIdentityRecovery.this.createAnonymousTask(PageIdentityRecovery.OPERATION_GET_SECURITY_POLICY), new OperationResult(PageIdentityRecovery.OPERATION_GET_SECURITY_POLICY));
                    } catch (Exception e) {
                        PageIdentityRecovery.LOGGER.debug("Unable to load the configured items list for identity recovery page, ", (Throwable) e);
                        return null;
                    }
                });
            }

            private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
                String implMethodName = serializedLambda.getImplMethodName();
                boolean z = -1;
                switch (implMethodName.hashCode()) {
                    case -550863251:
                        if (implMethodName.equals("lambda$load$53386e5b$1")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/util/Producer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/lostusername/PageIdentityRecovery$6") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;)Lcom/evolveum/midpoint/xml/ns/_public/common/common_3/SecurityPolicyType;")) {
                            AnonymousClass6 anonymousClass6 = (AnonymousClass6) serializedLambda.getCapturedArg(0);
                            String str = (String) serializedLambda.getCapturedArg(1);
                            return () -> {
                                try {
                                    return PageIdentityRecovery.this.getModelInteractionService().getSecurityPolicyForArchetype(str, PageIdentityRecovery.this.createAnonymousTask(PageIdentityRecovery.OPERATION_GET_SECURITY_POLICY), new OperationResult(PageIdentityRecovery.OPERATION_GET_SECURITY_POLICY));
                                } catch (Exception e) {
                                    PageIdentityRecovery.LOGGER.debug("Unable to load the configured items list for identity recovery page, ", (Throwable) e);
                                    return null;
                                }
                            };
                        }
                        break;
                }
                throw new IllegalArgumentException("Invalid lambda deserialization");
            }
        };
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected IModel<String> getDefaultLoginPanelTitleModel() {
        return createStringResource("PageIdentityRecovery.foundIdentities", new Object[0]);
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected IModel<String> getDefaultLoginPanelDescriptionModel() {
        return createStringResource(getTitleDescriptionKey(), new Object[0]);
    }

    private String getTitleDescriptionKey() {
        return recoveredIdentitiesExist() ? "PageIdentityRecovery.title.success.description" : "PageIdentityRecovery.title.fail.description";
    }

    private boolean isSingleRecoveredIdentity() {
        List<UserType> recoveredIdentities = getRecoveredIdentities();
        return recoveredIdentities != null && recoveredIdentities.size() == 1;
    }

    private boolean recoveredIdentitiesExist() {
        return CollectionUtils.isNotEmpty(getRecoveredIdentities());
    }

    private List<UserType> getRecoveredIdentities() {
        CorrelationModuleAuthentication findCorrelationModuleAuthentication = SecurityUtils.findCorrelationModuleAuthentication(this);
        return isSuccessfullyAuthenticated(findCorrelationModuleAuthentication) ? (List) findCorrelationModuleAuthentication.getOwners().stream().filter(objectType -> {
            return objectType instanceof UserType;
        }).map(objectType2 -> {
            return (UserType) objectType2;
        }).sorted((userType, userType2) -> {
            return String.CASE_INSENSITIVE_ORDER.compare(WebComponentUtil.getDisplayNameOrName(userType.asPrismObject()), WebComponentUtil.getDisplayNameOrName(userType2.asPrismObject()));
        }).collect(Collectors.toList()) : Collections.emptyList();
    }

    private boolean isSuccessfullyAuthenticated(CorrelationModuleAuthentication correlationModuleAuthentication) {
        return correlationModuleAuthentication != null && AuthenticationModuleState.SUCCESSFULLY.equals(correlationModuleAuthentication.getState());
    }

    private MidpointAuthentication getMidpointAuthentication() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof MidpointAuthentication) {
            return (MidpointAuthentication) authentication;
        }
        getSession().error(getString("No midPoint authentication is found"));
        throw new RestartResponseException(PageError.class);
    }

    private boolean singlePageResult() {
        List<UserType> object2 = this.recoveredIdentitiesModel.getObject2();
        return (object2 != null ? object2.size() : 0) <= 3;
    }

    private void auditInformationDisclosure() {
        OperationResult operationResult = new OperationResult(OPERATION_AUDIT_FOUND_IDENTITIES);
        Task createAnonymousTask = createAnonymousTask(OPERATION_AUDIT_FOUND_IDENTITIES);
        Object principal = getMidpointAuthentication().getPrincipal();
        if (!(principal instanceof MidPointPrincipal)) {
            LOGGER.error(getString("No midPoint principal is found"));
            throw new RestartResponseException(PageError.class);
        }
        MidPointPrincipal midPointPrincipal = (MidPointPrincipal) principal;
        try {
            runAsChecked(operationResult2 -> {
                getModelAuditService().audit(createAuditRecord(midPointPrincipal.getFocusPrismObject()), createAnonymousTask, operationResult);
                return null;
            }, getAdministratorPrivileged(operationResult), operationResult);
        } catch (Exception e) {
            LOGGER.error(getString("Unable to audit found identities, ", e));
        }
    }

    private AuditEventRecord createAuditRecord(PrismObject<? extends FocusType> prismObject) {
        AuditEventRecord auditEventRecord = new AuditEventRecord(AuditEventType.INFORMATION_DISCLOSURE);
        auditEventRecord.setInitiatorAndLoginParameter(prismObject);
        auditEventRecord.setTimestamp(Long.valueOf(System.currentTimeMillis()));
        auditEventRecord.setOutcome(OperationResultStatus.SUCCESS);
        auditEventRecord.setChannel(SchemaConstants.CHANNEL_IDENTITY_RECOVERY_URI);
        auditEventRecord.setSessionIdentifier(getSession().getId());
        HttpConnectionInformation currentConnectionInformation = SecurityUtil.getCurrentConnectionInformation();
        if (currentConnectionInformation != null) {
            auditEventRecord.setRemoteHostAddress(currentConnectionInformation.getRemoteHostAddress());
            auditEventRecord.setHostIdentifier(currentConnectionInformation.getLocalHostName());
        }
        auditEventRecord.addDeltas(createFoundIdentitiesDeltas());
        return auditEventRecord;
    }

    private List<ObjectDeltaOperation<UserType>> createFoundIdentitiesDeltas() {
        return (List) this.recoveredIdentitiesModel.getObject2().stream().map(this::createUserDeltaOperation).collect(Collectors.toList());
    }

    private ObjectDeltaOperation<UserType> createUserDeltaOperation(UserType userType) {
        ObjectDeltaOperation<UserType> objectDeltaOperation = new ObjectDeltaOperation<>();
        objectDeltaOperation.setObjectName(userType.getName().toPolyString());
        ObjectDelta<UserType> create = getPrismContext().deltaFactory().object().create(UserType.class, ChangeType.MODIFY);
        create.setOid(userType.getOid());
        objectDeltaOperation.setObjectDelta(create);
        objectDeltaOperation.setObjectOid(userType.getOid());
        return objectDeltaOperation;
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 201908720:
                if (implMethodName.equals("lambda$auditInformationDisclosure$74d461d6$1")) {
                    z = 2;
                    break;
                }
                break;
            case 1703454751:
                if (implMethodName.equals("lambda$initCustomLayout$46f190a3$1")) {
                    z = false;
                    break;
                }
                break;
            case 2077110774:
                if (implMethodName.equals("lambda$initCustomLayout$2d948437$1")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/web/component/util/SerializableSupplier") && serializedLambda.getFunctionalInterfaceMethodName().equals("get") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/lostusername/PageIdentityRecovery") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/Boolean;")) {
                    PageIdentityRecovery pageIdentityRecovery = (PageIdentityRecovery) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return Boolean.valueOf(!singlePageResult());
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/web/component/util/SerializableSupplier") && serializedLambda.getFunctionalInterfaceMethodName().equals("get") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/lostusername/PageIdentityRecovery") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;)Ljava/lang/Boolean;")) {
                    String str = (String) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return Boolean.valueOf(StringUtils.isNotBlank(str));
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/security/api/SecurityContextManager$ResultAwareCheckedProducer") && serializedLambda.getFunctionalInterfaceMethodName().equals("get") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lcom/evolveum/midpoint/schema/result/OperationResult;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/lostusername/PageIdentityRecovery") && serializedLambda.getImplMethodSignature().equals("(Lcom/evolveum/midpoint/security/api/MidPointPrincipal;Lcom/evolveum/midpoint/task/api/Task;Lcom/evolveum/midpoint/schema/result/OperationResult;Lcom/evolveum/midpoint/schema/result/OperationResult;)Ljava/lang/Object;")) {
                    PageIdentityRecovery pageIdentityRecovery2 = (PageIdentityRecovery) serializedLambda.getCapturedArg(0);
                    MidPointPrincipal midPointPrincipal = (MidPointPrincipal) serializedLambda.getCapturedArg(1);
                    Task task = (Task) serializedLambda.getCapturedArg(2);
                    OperationResult operationResult = (OperationResult) serializedLambda.getCapturedArg(3);
                    return operationResult2 -> {
                        getModelAuditService().audit(createAuditRecord(midPointPrincipal.getFocusPrismObject()), task, operationResult);
                        return null;
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
