package com.evolveum.midpoint.web.page.forgetpassword;

import com.evolveum.midpoint.common.policy.ValuePolicyGenerator;
import com.evolveum.midpoint.gui.api.page.PageBase;
import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.prism.query.builder.QueryBuilder;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.SearchResultList;
import com.evolveum.midpoint.schema.SelectorOptions;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.Producer;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.application.PageDescriptor;
import com.evolveum.midpoint.web.component.AjaxButton;
import com.evolveum.midpoint.web.component.AjaxSubmitButton;
import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
import com.evolveum.midpoint.web.page.forgetpassword.ResetPolicyDto;
import com.evolveum.midpoint.web.page.login.PageLogin;
import com.evolveum.midpoint.web.page.login.PageRegistrationBase;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import org.apache.wicket.Component;
import org.apache.wicket.RestartResponseException;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.extensions.validation.validator.RfcCompliantEmailAddressValidator;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.basic.MultiLineLabel;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.RequiredTextField;
import org.apache.wicket.model.Model;

@PageDescriptor(url = {"/forgotpassword"})
/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/page/forgetpassword/PageForgotPassword.class */
public class PageForgotPassword extends PageRegistrationBase {
    private static final long serialVersionUID = 1;
    private static final String ID_PWDRESETFORM = "pwdresetform";
    private static final String ID_USERNAME_CONTAINER = "usernameContainer";
    private static final String ID_USERNAME = "username";
    private static final String ID_EMAIL_CONTAINER = "emailContainer";
    private static final String ID_EMAIL = "email";
    private static final String ID_SUBMIT = "submitButton";
    private static final String ID_BACK = "back";
    private static final String ID_PASSWORD_RESET_SUBMITED = "resetPasswordInfo";
    private boolean submited;
    private static final String DOT_CLASS = PageForgotPassword.class.getName() + ".";
    protected static final String OPERATION_LOAD_RESET_PASSWORD_POLICY = DOT_CLASS + "loadPasswordResetPolicy";
    private static final String OPERATION_LOAD_USER = DOT_CLASS + "loadUser";
    private static final Trace LOGGER = TraceManager.getTrace(PageForgotPassword.class);

    public PageForgotPassword() {
        initLayout();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.gui.api.page.PageBase
    public void createBreadcrumb() {
    }

    private void initLayout() {
        Form form = new Form(ID_PWDRESETFORM);
        form.setOutputMarkupId(true);
        form.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.1
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return !PageForgotPassword.this.submited;
            }
        });
        WebMarkupContainer webMarkupContainer = new WebMarkupContainer(ID_USERNAME_CONTAINER);
        webMarkupContainer.setOutputMarkupId(true);
        form.add(webMarkupContainer);
        RequiredTextField requiredTextField = new RequiredTextField("username", new Model());
        requiredTextField.setOutputMarkupId(true);
        webMarkupContainer.add(requiredTextField);
        webMarkupContainer.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.2
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return PageForgotPassword.this.getResetPasswordPolicy().getResetMethod() == ResetPolicyDto.ResetMethod.SECURITY_QUESTIONS;
            }
        });
        WebMarkupContainer webMarkupContainer2 = new WebMarkupContainer(ID_EMAIL_CONTAINER);
        webMarkupContainer2.setOutputMarkupId(true);
        form.add(webMarkupContainer2);
        RequiredTextField requiredTextField2 = new RequiredTextField("email", new Model());
        requiredTextField2.add(RfcCompliantEmailAddressValidator.getInstance());
        requiredTextField2.setOutputMarkupId(true);
        webMarkupContainer2.add(requiredTextField2);
        webMarkupContainer2.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.3
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                ResetPolicyDto.ResetMethod resetMethod = PageForgotPassword.this.getResetPasswordPolicy().getResetMethod();
                return resetMethod == ResetPolicyDto.ResetMethod.SECURITY_QUESTIONS || resetMethod == ResetPolicyDto.ResetMethod.MAIL;
            }
        });
        Component component = new AjaxSubmitButton(ID_SUBMIT) { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.4
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onSubmit(AjaxRequestTarget ajaxRequestTarget, Form<?> form2) {
                PageForgotPassword.this.processResetPassword(ajaxRequestTarget, form2);
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onError(AjaxRequestTarget ajaxRequestTarget, Form<?> form2) {
                ajaxRequestTarget.add(PageForgotPassword.this.getFeedbackPanel());
            }
        };
        component.setOutputMarkupId(true);
        form.add(component);
        Component component2 = new AjaxButton("back") { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.5
            private static final long serialVersionUID = 1;

            @Override // org.apache.wicket.ajax.markup.html.AjaxLink, org.apache.wicket.ajax.markup.html.IAjaxLink
            public void onClick(AjaxRequestTarget ajaxRequestTarget) {
                setResponsePage(PageLogin.class);
            }
        };
        component2.setOutputMarkupId(true);
        form.add(component2);
        add(form);
        Component multiLineLabel = new MultiLineLabel(ID_PASSWORD_RESET_SUBMITED, createStringResource("PageForgotPassword.form.submited.message", new Object[0]));
        add(multiLineLabel);
        multiLineLabel.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.6
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return PageForgotPassword.this.submited;
            }

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isEnabled() {
                return PageForgotPassword.this.submited;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    public void processResetPassword(AjaxRequestTarget ajaxRequestTarget, Form<?> form) {
        RequiredTextField requiredTextField = (RequiredTextField) form.get(createComponentPath(ID_USERNAME_CONTAINER, "username"));
        RequiredTextField requiredTextField2 = (RequiredTextField) form.get(createComponentPath(ID_EMAIL_CONTAINER, "email"));
        String str = requiredTextField != null ? (String) requiredTextField.getModelObject() : null;
        String str2 = requiredTextField2 != null ? (String) requiredTextField2.getModelObject() : null;
        LOGGER.debug("Reset Password user info form submitted. username={}, email={}", str, str2);
        UserType checkUser = checkUser(str2, str);
        LOGGER.trace("Reset Password user: {}", checkUser);
        if (checkUser == null) {
            LOGGER.debug("User for username={}, email={} not found", str, str2);
            getSession().error(getString("pageForgetPassword.message.usernotfound"));
            throw new RestartResponseException(PageForgotPassword.class);
        }
        if (getResetPasswordPolicy() == null) {
            LOGGER.debug("No policies for reset password defined");
            getSession().error(getString("pageForgetPassword.message.policy.not.found"));
            throw new RestartResponseException(PageForgotPassword.class);
        }
        switch (getResetPasswordPolicy().getResetMethod()) {
            case MAIL:
                if (saveUserNonce(checkUser, getResetPasswordPolicy().getNoncePolicy()).getStatus() != OperationResultStatus.SUCCESS) {
                    getSession().error(getString("PageForgotPassword.send.nonce.failed"));
                    throw new RestartResponseException(this);
                }
                this.submited = true;
                ajaxRequestTarget.add(this);
                return;
            case SECURITY_QUESTIONS:
                getSession().setAttribute("pOid", checkUser.getOid());
                LOGGER.trace("Forward to PageSecurityQuestions");
                setResponsePage(PageSecurityQuestions.class);
                return;
            default:
                getSession().error(getString("pageForgetPassword.message.reset.method.not.supported"));
                throw new RestartResponseException(this);
        }
    }

    private OperationResult saveUserNonce(final UserType userType, final NonceCredentialsPolicyType nonceCredentialsPolicyType) {
        return (OperationResult) runPrivileged(new Producer<OperationResult>() { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.7
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.util.Producer
            public OperationResult run() {
                Task createAnonymousTask = PageForgotPassword.this.createAnonymousTask("generateUserNonce");
                createAnonymousTask.setChannel(SchemaConstants.CHANNEL_GUI_RESET_PASSWORD_URI);
                createAnonymousTask.setOwner(userType.asPrismObject());
                OperationResult operationResult = new OperationResult("generateUserNonce");
                ProtectedStringType protectedStringType = new ProtectedStringType();
                protectedStringType.setClearValue(PageForgotPassword.this.generateNonce(nonceCredentialsPolicyType, createAnonymousTask, operationResult));
                NonceType nonceType = new NonceType();
                nonceType.setValue(protectedStringType);
                try {
                    WebModelServiceUtils.save(ObjectDelta.createModificationReplaceContainer(UserType.class, userType.getOid(), SchemaConstants.PATH_NONCE, PageForgotPassword.this.getPrismContext(), nonceType), operationResult, createAnonymousTask, PageForgotPassword.this);
                } catch (SchemaException e) {
                    operationResult.recordFatalError("Failed to generate nonce for user");
                    LoggingUtils.logException(PageForgotPassword.LOGGER, "Failed to generate nonce for user: " + e.getMessage(), e, new Object[0]);
                }
                operationResult.computeStatusIfUnknown();
                return operationResult;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String generateNonce(NonceCredentialsPolicyType nonceCredentialsPolicyType, Task task, OperationResult operationResult) {
        ValuePolicyType valuePolicyType = null;
        if (nonceCredentialsPolicyType != null && nonceCredentialsPolicyType.getValuePolicyRef() != null) {
            valuePolicyType = (ValuePolicyType) WebModelServiceUtils.loadObject(ValuePolicyType.class, nonceCredentialsPolicyType.getValuePolicyRef().getOid(), this, task, operationResult).asObjectable();
        }
        return ValuePolicyGenerator.generate(valuePolicyType != null ? valuePolicyType.getStringPolicy() : null, 24, operationResult);
    }

    public UserType checkUser(final String str, final String str2) {
        UserType userType = (UserType) runPrivileged(new Producer<UserType>() { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.8
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.util.Producer
            public UserType run() {
                return PageForgotPassword.this.getUser(str, str2);
            }

            public String toString() {
                return PageForgotPassword.DOT_CLASS + "getUser";
            }
        });
        LOGGER.trace("got user {}", userType);
        if (userType == null) {
            return null;
        }
        if (userType.getEmailAddress().equalsIgnoreCase(str)) {
            return userType;
        }
        LOGGER.debug("The supplied e-mail address '{}' and the e-mail address of user {} '{}' do not match", str, userType, userType.getEmailAddress());
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    public UserType getUser(String str, String str2) {
        ObjectQuery build;
        try {
            Task createAnonymousTask = createAnonymousTask(OPERATION_LOAD_USER);
            OperationResult result = createAnonymousTask.getResult();
            switch (getResetPasswordPolicy().getResetMethod()) {
                case MAIL:
                    build = QueryBuilder.queryFor(UserType.class, getPrismContext()).item(UserType.F_EMAIL_ADDRESS).eq(str).matchingCaseIgnore().build();
                    break;
                case SECURITY_QUESTIONS:
                    build = QueryBuilder.queryFor(UserType.class, getPrismContext()).item(UserType.F_NAME).eqPoly(str2).matchingNorm().and().item(UserType.F_EMAIL_ADDRESS).eq(str).matchingCaseIgnore().build();
                    break;
                default:
                    getSession().error(getString("PageForgotPassword.unsupported.reset.type"));
                    throw new RestartResponseException(this);
            }
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("Searching for user with query:\n{}", build.debugDump(1));
            }
            SearchResultList searchObjects = ((PageBase) getPage()).getModelService().searchObjects(UserType.class, build, SelectorOptions.createCollection(GetOperationOptions.createNoFetch()), createAnonymousTask, result);
            if (searchObjects == null || searchObjects.isEmpty()) {
                LOGGER.trace("Empty user list in ForgetPassword");
                return null;
            }
            UserType userType = (UserType) ((PrismObject) searchObjects.get(0)).asObjectable();
            LOGGER.trace("User found for ForgetPassword: {}", userType);
            return userType;
        } catch (Exception e) {
            LOGGER.error("Error getting user: {}", e.getMessage(), e);
            return null;
        }
    }
}
