package com.evolveum.midpoint.web.page.self;

import com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismObjectDefinition;
import com.evolveum.midpoint.prism.PrismReference;
import com.evolveum.midpoint.prism.PrismReferenceValue;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.schema.SchemaRegistry;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.SchemaConstantsGenerated;
import com.evolveum.midpoint.schema.SelectorOptions;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.security.api.AuthorizationConstants;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.application.AuthorizationAction;
import com.evolveum.midpoint.web.application.PageDescriptor;
import com.evolveum.midpoint.web.component.AjaxSubmitButton;
import com.evolveum.midpoint.web.component.TabbedPanel;
import com.evolveum.midpoint.web.component.util.LoadableModel;
import com.evolveum.midpoint.web.page.admin.home.PageDashboard;
import com.evolveum.midpoint.web.page.admin.home.dto.MyPasswordsDto;
import com.evolveum.midpoint.web.page.admin.home.dto.PasswordAccountDto;
import com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel;
import com.evolveum.midpoint.web.security.SecurityUtils;
import com.evolveum.midpoint.web.util.WebMiscUtil;
import com.evolveum.midpoint.web.util.WebModelUtils;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPropagationUserControlType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordChangeSecurityType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import org.apache.wicket.Component;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink;
import org.apache.wicket.extensions.markup.html.tabs.AbstractTab;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.form.Form;

@PageDescriptor(url = {"/self/credentials"}, action = {@AuthorizationAction(actionUri = "http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll", label = PageSelf.AUTH_SELF_ALL_LABEL, description = PageSelf.AUTH_SELF_ALL_DESCRIPTION), @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_SELF_CREDENTIALS_URL, label = "PageSelfCredentials.auth.credentials.label", description = "PageSelfCredentials.auth.credentials.description")})
/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/page/self/PageSelfCredentials.class */
public class PageSelfCredentials extends PageSelf {
    private static final String ID_MAIN_FORM = "mainForm";
    private static final String ID_TAB_PANEL = "tabPanel";
    private static final String ID_SAVE_BUTTON = "save";
    private static final String ID_CANCEL_BUTTON = "cancel";
    private static final String ID_PANEL = "panel";
    private static final Trace LOGGER = TraceManager.getTrace(PageSelfCredentials.class);
    private static final String DOT_CLASS = String.valueOf(PageSelfCredentials.class.getName()) + ".";
    private static final String OPERATION_LOAD_USER_WITH_ACCOUNTS = String.valueOf(DOT_CLASS) + "loadUserWithAccounts";
    private static final String OPERATION_LOAD_USER = String.valueOf(DOT_CLASS) + "loadUser";
    private static final String OPERATION_LOAD_ACCOUNT = String.valueOf(DOT_CLASS) + "loadAccount";
    private static final String OPERATION_SAVE_PASSWORD = String.valueOf(DOT_CLASS) + "savePassword";
    private static final String OPERATION_CHECK_PASSWORD = String.valueOf(DOT_CLASS) + "checkPassword";
    private static final String OPERATION_LOAD_SHADOW = String.valueOf(DOT_CLASS) + "loadShadow";
    private static final String OPERATION_GET_CREDENTIALS_POLICY = String.valueOf(DOT_CLASS) + "getCredentialsPolicy";
    private LoadableModel<MyPasswordsDto> model;
    private PrismObject<UserType> user;

    public PageSelfCredentials() {
        this.model = new LoadableModel<MyPasswordsDto>(false) { // from class: com.evolveum.midpoint.web.page.self.PageSelfCredentials.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.web.component.util.LoadableModel
            /* renamed from: load */
            public MyPasswordsDto load2() {
                return PageSelfCredentials.this.loadPageModel();
            }
        };
        initLayout();
    }

    public PageSelfCredentials(final MyPasswordsDto myPasswordsDto) {
        this.model = new LoadableModel<MyPasswordsDto>(myPasswordsDto, false) { // from class: com.evolveum.midpoint.web.page.self.PageSelfCredentials.2
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.web.component.util.LoadableModel
            /* renamed from: load */
            public MyPasswordsDto load2() {
                return myPasswordsDto;
            }
        };
        initLayout();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public MyPasswordsDto loadPageModel() {
        PasswordCredentialsPolicyType password;
        LOGGER.debug("Loading user and accounts.");
        MyPasswordsDto myPasswordsDto = new MyPasswordsDto();
        OperationResult operationResult = new OperationResult(OPERATION_LOAD_USER_WITH_ACCOUNTS);
        try {
            String oid = SecurityUtils.getPrincipalUser().getOid();
            Task createSimpleTask = createSimpleTask(OPERATION_LOAD_USER);
            OperationResult createSubresult = operationResult.createSubresult(OPERATION_LOAD_USER);
            this.user = getModelService().getObject(UserType.class, oid, null, createSimpleTask, createSubresult);
            createSubresult.recordSuccessIfUnknown();
            myPasswordsDto.getAccounts().add(createDefaultPasswordAccountDto(this.user));
            CredentialsPolicyType passwordCredentialsPolicy = getPasswordCredentialsPolicy();
            if (passwordCredentialsPolicy != null && (password = passwordCredentialsPolicy.getPassword()) != null) {
                CredentialsPropagationUserControlType propagationUserControl = password.getPropagationUserControl();
                if (propagationUserControl != null) {
                    myPasswordsDto.setPropagation(propagationUserControl);
                }
                PasswordChangeSecurityType passwordChangeSecurity = password.getPasswordChangeSecurity();
                if (passwordChangeSecurity != null) {
                    myPasswordsDto.setPasswordChangeSecurity(passwordChangeSecurity);
                }
            }
            if (myPasswordsDto.getPropagation() == null || myPasswordsDto.getPropagation().equals(CredentialsPropagationUserControlType.USER_CHOICE)) {
                PrismReference findReference = this.user.findReference(FocusType.F_LINK_REF);
                if (findReference == null || findReference.getValues() == null) {
                    LOGGER.debug("No accounts found for user {}.", oid);
                    return myPasswordsDto;
                }
                Collection<SelectorOptions<GetOperationOptions>> createCollection = SelectorOptions.createCollection(ShadowType.F_RESOURCE, GetOperationOptions.createResolve());
                for (PrismReferenceValue prismReferenceValue : findReference.getValues()) {
                    OperationResult createSubresult2 = operationResult.createSubresult(OPERATION_LOAD_ACCOUNT);
                    try {
                        myPasswordsDto.getAccounts().add(createPasswordAccountDto(getModelService().getObject(ShadowType.class, prismReferenceValue.getOid(), createCollection, createSimpleTask(OPERATION_LOAD_ACCOUNT), createSubresult2)));
                        createSubresult2.recordSuccessIfUnknown();
                    } catch (Exception e) {
                        LoggingUtils.logException(LOGGER, "Couldn't load account", e, new Object[0]);
                        createSubresult2.recordFatalError("Couldn't load account.", e);
                    }
                }
            }
            operationResult.recordSuccessIfUnknown();
        } catch (Exception e2) {
            LoggingUtils.logException(LOGGER, "Couldn't load accounts", e2, new Object[0]);
            operationResult.recordFatalError("Couldn't load accounts", e2);
        } finally {
            operationResult.recomputeStatus();
        }
        Collections.sort(myPasswordsDto.getAccounts());
        if (!operationResult.isSuccess() && !operationResult.isHandledError()) {
            showResult(operationResult);
        }
        return myPasswordsDto;
    }

    private void initLayout() {
        Form form = new Form(ID_MAIN_FORM);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AbstractTab(createStringResource("PageSelfCredentials.tabs.password", new Object[0])) { // from class: com.evolveum.midpoint.web.page.self.PageSelfCredentials.3
            @Override // org.apache.wicket.extensions.markup.html.tabs.AbstractTab, org.apache.wicket.extensions.markup.html.tabs.ITab
            public WebMarkupContainer getPanel(String str) {
                return new ChangePasswordPanel(str, PageSelfCredentials.this.model, (MyPasswordsDto) PageSelfCredentials.this.model.getObject());
            }
        });
        TabbedPanel tabbedPanel = new TabbedPanel(ID_TAB_PANEL, arrayList) { // from class: com.evolveum.midpoint.web.page.self.PageSelfCredentials.4
            @Override // com.evolveum.midpoint.web.component.TabbedPanel
            protected WebMarkupContainer newLink(String str, final int i) {
                return new AjaxSubmitLink(str) { // from class: com.evolveum.midpoint.web.page.self.PageSelfCredentials.4.1
                    /* JADX INFO: Access modifiers changed from: protected */
                    @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
                    public void onError(AjaxRequestTarget ajaxRequestTarget, Form<?> form2) {
                        super.onError(ajaxRequestTarget, form2);
                        ajaxRequestTarget.add(PageSelfCredentials.this.getFeedbackPanel());
                    }

                    /* JADX INFO: Access modifiers changed from: protected */
                    @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
                    public void onSubmit(AjaxRequestTarget ajaxRequestTarget, Form<?> form2) {
                        super.onSubmit(ajaxRequestTarget, form2);
                        setSelectedTab(i);
                        if (ajaxRequestTarget != null) {
                            ajaxRequestTarget.add((Component) findParent(TabbedPanel.class));
                        }
                    }
                };
            }
        };
        tabbedPanel.setOutputMarkupId(true);
        form.add(tabbedPanel);
        initButtons(form);
        add(form);
    }

    private void initButtons(Form form) {
        AjaxSubmitButton ajaxSubmitButton = new AjaxSubmitButton(ID_SAVE_BUTTON, createStringResource("PageBase.button.save", new Object[0])) { // from class: com.evolveum.midpoint.web.page.self.PageSelfCredentials.5
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onError(AjaxRequestTarget ajaxRequestTarget, Form<?> form2) {
                ajaxRequestTarget.add(PageSelfCredentials.this.getFeedbackPanel());
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onSubmit(AjaxRequestTarget ajaxRequestTarget, Form<?> form2) {
                PageSelfCredentials.this.onSavePerformed(ajaxRequestTarget);
            }
        };
        form.setDefaultButton(ajaxSubmitButton);
        form.add(ajaxSubmitButton);
        form.add(new AjaxSubmitButton(ID_CANCEL_BUTTON, createStringResource("PageBase.button.cancel", new Object[0])) { // from class: com.evolveum.midpoint.web.page.self.PageSelfCredentials.6
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onError(AjaxRequestTarget ajaxRequestTarget, Form<?> form2) {
                ajaxRequestTarget.add(PageSelfCredentials.this.getFeedbackPanel());
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onSubmit(AjaxRequestTarget ajaxRequestTarget, Form<?> form2) {
                PageSelfCredentials.this.onCancelPerformed(ajaxRequestTarget);
            }
        });
    }

    private PasswordAccountDto createDefaultPasswordAccountDto(PrismObject<UserType> prismObject) {
        return new PasswordAccountDto(prismObject.getOid(), prismObject.getName().getNorm(), getString("PageSelfCredentials.resourceMidpoint"), WebMiscUtil.isActivationEnabled(prismObject), true);
    }

    private PasswordAccountDto createPasswordAccountDto(PrismObject<ShadowType> prismObject) {
        PrismReference findReference = prismObject.findReference(ShadowType.F_RESOURCE_REF);
        PasswordAccountDto passwordAccountDto = new PasswordAccountDto(prismObject.getOid(), WebMiscUtil.getName(prismObject), (findReference == null || findReference.getValue() == null || findReference.getValue().getObject() == null) ? getString("PageSelfCredentials.couldntResolve") : WebMiscUtil.getName(findReference.getValue().getObject()), WebMiscUtil.isActivationEnabled(prismObject));
        passwordAccountDto.setPasswordOutbound(getPasswordOutbound(prismObject));
        return passwordAccountDto;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onSavePerformed(AjaxRequestTarget ajaxRequestTarget) {
        List<PasswordAccountDto> selectedAccountsList = getSelectedAccountsList();
        if (this.model.getObject().getPasswordChangeSecurity() == null || (this.model.getObject().getPasswordChangeSecurity() != null && this.model.getObject().getPasswordChangeSecurity().equals(PasswordChangeSecurityType.OLD_PASSWORD))) {
            LOGGER.debug("Check old password");
            if (this.model.getObject().getOldPassword() == null || this.model.getObject().getOldPassword().trim().equals("")) {
                warn(getString("PageSelfCredentials.specifyOldPasswordMessage"));
                ajaxRequestTarget.add(getFeedbackPanel());
                return;
            }
            OperationResult operationResult = new OperationResult(OPERATION_CHECK_PASSWORD);
            Task createSimpleTask = createSimpleTask(OPERATION_CHECK_PASSWORD);
            try {
                ProtectedStringType protectedStringType = new ProtectedStringType();
                protectedStringType.setClearValue(this.model.getObject().getOldPassword());
                if (!getModelInteractionService().checkPassword(this.user.getOid(), protectedStringType, createSimpleTask, operationResult)) {
                    warn(getString("PageSelfCredentials.incorrectOldPassword"));
                    ajaxRequestTarget.add(getFeedbackPanel());
                    return;
                }
            } catch (Exception e) {
                LoggingUtils.logException(LOGGER, "Couldn't check password", e, new Object[0]);
                operationResult.recordFatalError("Couldn't check password." + e.getMessage(), e);
                ajaxRequestTarget.add(getFeedbackPanel());
                return;
            } finally {
                operationResult.computeStatus();
            }
        }
        if (selectedAccountsList.isEmpty()) {
            warn(getString("PageSelfCredentials.noAccountSelected"));
            ajaxRequestTarget.add(getFeedbackPanel());
            return;
        }
        OperationResult operationResult2 = new OperationResult(OPERATION_SAVE_PASSWORD);
        try {
            ProtectedStringType password = this.model.getObject().getPassword();
            WebMiscUtil.encryptProtectedString(password, true, getMidpointApplication());
            ItemPath itemPath = new ItemPath(SchemaConstantsGenerated.C_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE);
            SchemaRegistry schemaRegistry = getPrismContext().getSchemaRegistry();
            ArrayList arrayList = new ArrayList();
            for (PasswordAccountDto passwordAccountDto : selectedAccountsList) {
                arrayList.add(ObjectDelta.createModifyDelta(passwordAccountDto.getOid(), PropertyDelta.createModificationReplaceProperty(itemPath, (PrismObjectDefinition<?>) (passwordAccountDto.isMidpoint() ? schemaRegistry.findObjectDefinitionByCompileTimeClass(UserType.class) : schemaRegistry.findObjectDefinitionByCompileTimeClass(ShadowType.class)), password, password), passwordAccountDto.isMidpoint() ? UserType.class : ShadowType.class, getPrismContext()));
            }
            getModelService().executeChanges(arrayList, null, createSimpleTask(OPERATION_SAVE_PASSWORD), operationResult2);
            operationResult2.recordSuccess();
        } catch (Exception e2) {
            ProtectedStringType password2 = this.model.getObject().getPassword();
            if (password2 != null) {
                password2.setEncryptedData(null);
            }
            LoggingUtils.logException(LOGGER, "Couldn't save password changes", e2, new Object[0]);
            operationResult2.recordFatalError("Couldn't save password changes.", e2);
        } finally {
            operationResult2.recomputeStatus();
        }
        if (!WebMiscUtil.isSuccessOrHandledError(operationResult2)) {
            showResult(operationResult2);
            ajaxRequestTarget.add(getFeedbackPanel());
            return;
        }
        showResultInSession(operationResult2);
        if (WebMiscUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_DASHBOARD_URL, "http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#home")) {
            setResponsePage(PageDashboard.class);
        } else {
            setResponsePage(PageSelfDashboard.class);
        }
    }

    private List<PasswordAccountDto> getSelectedAccountsList() {
        List<PasswordAccountDto> accounts = this.model.getObject().getAccounts();
        ArrayList arrayList = new ArrayList();
        if (this.model.getObject().getPropagation() == null || !this.model.getObject().getPropagation().equals(CredentialsPropagationUserControlType.MAPPING)) {
            for (PasswordAccountDto passwordAccountDto : accounts) {
                if (passwordAccountDto.getCssClass().equals(ChangePasswordPanel.SELECTED_ACCOUNT_ICON_CSS)) {
                    arrayList.add(passwordAccountDto);
                }
            }
        } else {
            arrayList.addAll(accounts);
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onCancelPerformed(AjaxRequestTarget ajaxRequestTarget) {
        if (WebMiscUtil.isAuthorized(AuthorizationConstants.AUTZ_UI_DASHBOARD_URL, "http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#home")) {
            setResponsePage(PageDashboard.class);
        } else {
            setResponsePage(PageSelfDashboard.class);
        }
    }

    private List<ShadowType> loadShadowTypeList() {
        List<ObjectReferenceType> linkRef = this.user.asObjectable().getLinkRef();
        Task createSimpleTask = createSimpleTask(OPERATION_LOAD_SHADOW);
        ArrayList arrayList = new ArrayList();
        for (ObjectReferenceType objectReferenceType : linkRef) {
            OperationResult operationResult = new OperationResult(OPERATION_LOAD_SHADOW);
            try {
                Collection createCollection = SelectorOptions.createCollection(ShadowType.F_RESOURCE, GetOperationOptions.createResolve());
                if (objectReferenceType.getOid() == null) {
                    operationResult.computeStatus();
                } else {
                    arrayList.add((ShadowType) WebModelUtils.loadObject(ShadowType.class, objectReferenceType.getOid(), createCollection, this, createSimpleTask, operationResult).asObjectable());
                }
            } catch (Exception e) {
                LoggingUtils.logException(LOGGER, "Couldn't load account", e, new Object[0]);
                operationResult.recordFatalError("Couldn't load account." + e.getMessage(), e);
            } finally {
                operationResult.computeStatus();
            }
        }
        return arrayList;
    }

    private boolean getPasswordOutbound(PrismObject<ShadowType> prismObject) {
        try {
            RefinedObjectClassDefinition editObjectClassDefinition = getModelInteractionService().getEditObjectClassDefinition(prismObject, prismObject.asObjectable().getResource().asPrismObject(), AuthorizationPhaseType.REQUEST);
            if (editObjectClassDefinition != null) {
                return editObjectClassDefinition.getPasswordOutbound() != null;
            }
            return false;
        } catch (SchemaException unused) {
            return false;
        }
    }

    public PrismObject<UserType> getUser() {
        return this.user;
    }

    private CredentialsPolicyType getPasswordCredentialsPolicy() {
        LOGGER.debug("Getting credentials policy");
        Task createSimpleTask = createSimpleTask(OPERATION_GET_CREDENTIALS_POLICY);
        OperationResult operationResult = new OperationResult(OPERATION_GET_CREDENTIALS_POLICY);
        CredentialsPolicyType credentialsPolicyType = null;
        try {
            credentialsPolicyType = getModelInteractionService().getCredentialsPolicy(this.user, createSimpleTask, operationResult);
            operationResult.recordSuccessIfUnknown();
        } catch (Exception e) {
            LoggingUtils.logException(LOGGER, "Couldn't load credentials policy", e, new Object[0]);
            operationResult.recordFatalError("Couldn't load credentials policy." + e.getMessage(), e);
        } finally {
            operationResult.computeStatus();
        }
        return credentialsPolicyType;
    }
}
