package com.evolveum.midpoint.gui.impl.page.login.module;

import com.evolveum.midpoint.authentication.api.authorization.PageDescriptor;
import com.evolveum.midpoint.authentication.api.authorization.Url;
import com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication;
import com.evolveum.midpoint.authentication.api.util.AuthConstants;
import com.evolveum.midpoint.authentication.api.util.AuthenticationModuleNameConstants;
import com.evolveum.midpoint.gui.api.model.LoadableModel;
import com.evolveum.midpoint.gui.api.page.PageBase;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.component.form.MidpointForm;
import com.evolveum.midpoint.web.component.util.VisibleBehaviour;
import com.evolveum.midpoint.web.security.util.SecurityQuestionDto;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.github.openjson.JSONArray;
import com.github.openjson.JSONObject;
import java.lang.invoke.SerializedLambda;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.wicket.RestartResponseException;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.form.HiddenField;
import org.apache.wicket.markup.html.form.RequiredTextField;
import org.apache.wicket.markup.html.list.ListItem;
import org.apache.wicket.markup.html.list.ListView;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.Model;
import org.apache.wicket.model.PropertyModel;
import org.springframework.security.authentication.BadCredentialsException;

@PageDescriptor(urls = {@Url(mountUrl = "/securityquestions", matchUrlForSecurity = "/securityquestions")}, permitAll = true, loginPage = true, authModule = AuthenticationModuleNameConstants.SECURITY_QUESTIONS_FORM)
/* loaded from: input_file:BOOT-INF/lib/admin-gui-4.9.3.jar:com/evolveum/midpoint/gui/impl/page/login/module/PageSecurityQuestions.class */
public class PageSecurityQuestions extends PageAbstractAuthenticationModule<CredentialModuleAuthentication> {
    private static final long serialVersionUID = 1;
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) PageSecurityQuestions.class);
    private static final String ID_USER = "user";
    private static final String ID_ANSWER_FIELD = "answer";
    private static final String ID_INSIDE_FORM = "insideForm";
    private static final String ID_QUESTIONS = "questions";
    private static final String ID_QUESTION_TEXT = "questionText";
    private static final String ID_QUESTION_ANSWER = "questionAnswer";
    private IModel<String> answerModel;
    private LoadableModel<List<SecurityQuestionDto>> questionsModel;

    public PageSecurityQuestions() {
        initModels();
    }

    protected void initModels() {
        this.answerModel = Model.of();
        this.questionsModel = new LoadableModel<List<SecurityQuestionDto>>(false) { // from class: com.evolveum.midpoint.gui.impl.page.login.module.PageSecurityQuestions.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.gui.api.model.LoadableModel
            /* renamed from: load */
            public List<SecurityQuestionDto> load2() {
                try {
                    return PageSecurityQuestions.this.createUsersSecurityQuestionsList();
                } catch (BadCredentialsException e) {
                    PageSecurityQuestions.LOGGER.debug(PageSecurityQuestions.this.getString(e.getMessage()));
                    PageSecurityQuestions.this.saveException(e);
                    throw new RestartResponseException(PageSecurityQuestions.this.getMidpointApplication().getHomePage());
                }
            }
        };
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.module.PageAbstractAuthenticationModule
    protected void initModuleLayout(MidpointForm midpointForm) {
        validateUserNotNullOrFail(searchUser());
        initQuestionsSection(midpointForm);
        initSendingInformation(midpointForm);
    }

    private void initSendingInformation(MidpointForm<?> midpointForm) {
        HiddenField hiddenField = new HiddenField("answer", this.answerModel);
        hiddenField.setOutputMarkupId(true);
        midpointForm.add(hiddenField);
        HiddenField hiddenField2 = new HiddenField("user", new Model());
        hiddenField2.setOutputMarkupId(true);
        midpointForm.add(hiddenField2);
    }

    private void initQuestionsSection(MidpointForm<?> midpointForm) {
        WebMarkupContainer webMarkupContainer = new WebMarkupContainer(ID_INSIDE_FORM);
        webMarkupContainer.setOutputMarkupId(true);
        webMarkupContainer.add(new VisibleBehaviour(() -> {
            return Boolean.valueOf(searchUser() != null);
        }));
        midpointForm.add(webMarkupContainer);
        ListView<SecurityQuestionDto> listView = new ListView<SecurityQuestionDto>(ID_QUESTIONS, this.questionsModel) { // from class: com.evolveum.midpoint.gui.impl.page.login.module.PageSecurityQuestions.2
            private static final long serialVersionUID = 1;

            @Override // org.apache.wicket.markup.html.list.ListView
            protected void populateItem(ListItem<SecurityQuestionDto> listItem) {
                listItem.add(new Label(PageSecurityQuestions.ID_QUESTION_TEXT, (IModel<?>) new PropertyModel(listItem.getModel(), PageSecurityQuestions.ID_QUESTION_TEXT)));
                RequiredTextField requiredTextField = new RequiredTextField(PageSecurityQuestions.ID_QUESTION_ANSWER, new PropertyModel(listItem.getModel(), PageSecurityQuestions.ID_QUESTION_ANSWER));
                requiredTextField.setOutputMarkupId(true);
                requiredTextField.add(new AjaxFormComponentUpdatingBehavior("blur") { // from class: com.evolveum.midpoint.gui.impl.page.login.module.PageSecurityQuestions.2.1
                    @Override // org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior
                    protected void onUpdate(AjaxRequestTarget ajaxRequestTarget) {
                        PageSecurityQuestions.this.answerModel.setObject(PageSecurityQuestions.this.generateAnswer());
                        ajaxRequestTarget.add(PageSecurityQuestions.this.getHiddenAnswer());
                    }
                });
                listItem.add(requiredTextField);
            }
        };
        listView.setOutputMarkupId(true);
        webMarkupContainer.add(listView);
    }

    private String generateAnswer() {
        JSONArray jSONArray = new JSONArray();
        for (SecurityQuestionDto securityQuestionDto : this.questionsModel.getObject2()) {
            if (StringUtils.isNotBlank(securityQuestionDto.getQuestionAnswer())) {
                JSONObject jSONObject = new JSONObject();
                jSONObject.put(AuthConstants.SEC_QUESTION_J_QID, securityQuestionDto.getIdentifier());
                jSONObject.put(AuthConstants.SEC_QUESTION_J_QANS, securityQuestionDto.getQuestionAnswer());
                jSONArray.put(jSONObject);
            }
        }
        if (jSONArray.length() == 0) {
            return null;
        }
        return jSONArray.toString();
    }

    private List<SecurityQuestionDto> createUsersSecurityQuestionsList() throws BadCredentialsException {
        UserType searchUser = searchUser();
        if (searchUser == null) {
            return new ArrayList();
        }
        if (shouldThrowException(searchUser.getCredentials())) {
            throw new BadCredentialsException("pageForgetPassword.message.ContactAdminQuestionsNotSet");
        }
        List<SecurityQuestionAnswerType> questionAnswer = searchUser.getCredentials().getSecurityQuestions().getQuestionAnswer();
        SecurityQuestionsCredentialsPolicyType effectiveSecurityQuestionsCredentialsPolicy = SecurityUtil.getEffectiveSecurityQuestionsCredentialsPolicy(resolveSecurityPolicy(searchUser.asPrismObject()));
        LOGGER.trace("Found security questions policy: {}", effectiveSecurityQuestionsCredentialsPolicy);
        List<SecurityQuestionDefinitionType> question = effectiveSecurityQuestionsCredentialsPolicy != null ? effectiveSecurityQuestionsCredentialsPolicy.getQuestion() : new ArrayList<>();
        ArrayList arrayList = new ArrayList();
        int intValue = (effectiveSecurityQuestionsCredentialsPolicy == null || effectiveSecurityQuestionsCredentialsPolicy.getQuestionNumber() == null) ? 1 : effectiveSecurityQuestionsCredentialsPolicy.getQuestionNumber().intValue();
        for (SecurityQuestionDefinitionType securityQuestionDefinitionType : question) {
            if (!Boolean.FALSE.equals(securityQuestionDefinitionType.isEnabled())) {
                Iterator<SecurityQuestionAnswerType> it = questionAnswer.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (securityQuestionDefinitionType.getIdentifier().equals(it.next().getQuestionIdentifier())) {
                        SecurityQuestionDto securityQuestionDto = new SecurityQuestionDto(securityQuestionDefinitionType.getIdentifier());
                        securityQuestionDto.setQuestionText(securityQuestionDefinitionType.getQuestionText());
                        arrayList.add(securityQuestionDto);
                        break;
                    }
                }
            }
            if (intValue == arrayList.size()) {
                break;
            }
        }
        if (arrayList.size() < intValue) {
            throw new BadCredentialsException("pageForgetPassword.message.ContactAdminQuestionsNotSetEnough");
        }
        return arrayList;
    }

    private boolean shouldThrowException(CredentialsType credentialsType) {
        return credentialsType == null || credentialsType.getSecurityQuestions() == null || CollectionUtils.isEmpty(credentialsType.getSecurityQuestions().getQuestionAnswer());
    }

    public PageBase getPageBase() {
        return (PageBase) getPage();
    }

    private HiddenField<String> getHiddenAnswer() {
        return (HiddenField) getForm().get("answer");
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected IModel<String> getDefaultLoginPanelTitleModel() {
        return createStringResource("PageSecurityQuestions.questions", new Object[0]);
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected IModel<String> getDefaultLoginPanelDescriptionModel() {
        return createStringResource("PageSecurityQuestions.description", new Object[0]);
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.module.PageAbstractAuthenticationModule
    protected String getModuleTypeName() {
        return "securityQuestionsForm";
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1922020846:
                if (implMethodName.equals("lambda$initQuestionsSection$118dea75$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/web/component/util/SerializableSupplier") && serializedLambda.getFunctionalInterfaceMethodName().equals("get") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/login/module/PageSecurityQuestions") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/Boolean;")) {
                    PageSecurityQuestions pageSecurityQuestions = (PageSecurityQuestions) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return Boolean.valueOf(searchUser() != null);
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
