package com.evolveum.midpoint.web.page.self;

import com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition;
import com.evolveum.midpoint.gui.api.model.LoadableModel;
import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
import com.evolveum.midpoint.prism.ItemFactory;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismReference;
import com.evolveum.midpoint.prism.PrismReferenceValue;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.schema.SchemaRegistry;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.SchemaConstantsGenerated;
import com.evolveum.midpoint.schema.SelectorOptions;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ResourceTypeUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.component.AjaxSubmitButton;
import com.evolveum.midpoint.web.component.TabbedPanel;
import com.evolveum.midpoint.web.component.form.Form;
import com.evolveum.midpoint.web.page.admin.home.dto.MyPasswordsDto;
import com.evolveum.midpoint.web.page.admin.home.dto.PasswordAccountDto;
import com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel;
import com.evolveum.midpoint.web.security.SecurityUtils;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPropagationUserControlType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordChangeSecurityType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.prism.xml.ns._public.types_3.EncryptedDataType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.extensions.markup.html.tabs.AbstractTab;
import org.apache.wicket.extensions.markup.html.tabs.ITab;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.model.Model;

/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/page/self/PageAbstractSelfCredentials.class */
public abstract class PageAbstractSelfCredentials extends PageSelf {
    private static final long serialVersionUID = 1;
    protected static final String ID_MAIN_FORM = "mainForm";
    private static final String ID_TAB_PANEL = "tabPanel";
    private static final String ID_SAVE_BUTTON = "save";
    private static final String ID_CANCEL_BUTTON = "cancel";
    private static final Trace LOGGER = TraceManager.getTrace(PageAbstractSelfCredentials.class);
    private static final String DOT_CLASS = PageSelfCredentials.class.getName() + ".";
    private static final String OPERATION_LOAD_USER_WITH_ACCOUNTS = DOT_CLASS + "loadUserWithAccounts";
    private static final String OPERATION_LOAD_USER = DOT_CLASS + "loadUser";
    private static final String OPERATION_LOAD_ACCOUNT = DOT_CLASS + "loadAccount";
    private static final String OPERATION_SAVE_PASSWORD = DOT_CLASS + "savePassword";
    private static final String OPERATION_CHECK_PASSWORD = DOT_CLASS + "checkPassword";
    private static final String OPERATION_GET_CREDENTIALS_POLICY = DOT_CLASS + "getCredentialsPolicy";
    private LoadableModel<MyPasswordsDto> model;
    private PrismObject<UserType> user;

    public PageAbstractSelfCredentials() {
        this.model = new LoadableModel<MyPasswordsDto>(false) { // from class: com.evolveum.midpoint.web.page.self.PageAbstractSelfCredentials.1
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.gui.api.model.LoadableModel
            /* renamed from: load */
            public MyPasswordsDto load2() {
                return PageAbstractSelfCredentials.this.loadPageModel();
            }
        };
        initLayout();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.gui.api.page.PageBase
    public void createBreadcrumb() {
        super.createBreadcrumb();
        getLastBreadcrumb().setIcon(new Model("fa fa-shield"));
    }

    public PageAbstractSelfCredentials(final MyPasswordsDto myPasswordsDto) {
        this.model = new LoadableModel<MyPasswordsDto>(myPasswordsDto, false) { // from class: com.evolveum.midpoint.web.page.self.PageAbstractSelfCredentials.2
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.gui.api.model.LoadableModel
            /* renamed from: load */
            public MyPasswordsDto load2() {
                return myPasswordsDto;
            }
        };
        initLayout();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public MyPasswordsDto loadPageModel() {
        PasswordCredentialsPolicyType password;
        LOGGER.debug("Loading user and accounts.");
        MyPasswordsDto myPasswordsDto = new MyPasswordsDto();
        OperationResult operationResult = new OperationResult(OPERATION_LOAD_USER_WITH_ACCOUNTS);
        try {
            try {
                String oid = SecurityUtils.getPrincipalUser().getOid();
                Task createSimpleTask = createSimpleTask(OPERATION_LOAD_USER);
                OperationResult createSubresult = operationResult.createSubresult(OPERATION_LOAD_USER);
                this.user = getModelService().getObject(UserType.class, oid, null, createSimpleTask, createSubresult);
                createSubresult.recordSuccessIfUnknown();
                myPasswordsDto.getAccounts().add(createDefaultPasswordAccountDto(this.user));
                CredentialsPolicyType passwordCredentialsPolicy = getPasswordCredentialsPolicy();
                if (passwordCredentialsPolicy != null && (password = passwordCredentialsPolicy.getPassword()) != null) {
                    CredentialsPropagationUserControlType propagationUserControl = password.getPropagationUserControl();
                    if (propagationUserControl != null) {
                        myPasswordsDto.setPropagation(propagationUserControl);
                    }
                    PasswordChangeSecurityType passwordChangeSecurity = password.getPasswordChangeSecurity();
                    if (passwordChangeSecurity != null) {
                        myPasswordsDto.setPasswordChangeSecurity(passwordChangeSecurity);
                    }
                }
                if (myPasswordsDto.getPropagation() == null || myPasswordsDto.getPropagation().equals(CredentialsPropagationUserControlType.USER_CHOICE)) {
                    PrismReference findReference = this.user.findReference(UserType.F_LINK_REF);
                    if (findReference == null || findReference.getValues() == null) {
                        LOGGER.debug("No accounts found for user {}.", oid);
                        operationResult.recomputeStatus();
                        return myPasswordsDto;
                    }
                    Collection<SelectorOptions<GetOperationOptions>> build = getOperationOptionsBuilder().item(ShadowType.F_RESOURCE_REF).resolve().build();
                    for (PrismReferenceValue prismReferenceValue : findReference.getValues()) {
                        OperationResult createSubresult2 = operationResult.createSubresult(OPERATION_LOAD_ACCOUNT);
                        try {
                            String oid2 = prismReferenceValue.getOid();
                            Task createSimpleTask2 = createSimpleTask(OPERATION_LOAD_ACCOUNT);
                            myPasswordsDto.getAccounts().add(createPasswordAccountDto(getModelService().getObject(ShadowType.class, oid2, build, createSimpleTask2, createSubresult2), createSimpleTask2, createSubresult2));
                            createSubresult2.recordSuccessIfUnknown();
                        } catch (Exception e) {
                            LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load account", e, new Object[0]);
                            createSubresult2.recordFatalError(getString("PageAbstractSelfCredentials.message.couldntLoadAccount.fatalError"), e);
                        }
                    }
                }
                operationResult.recordSuccessIfUnknown();
                operationResult.recomputeStatus();
            } catch (Throwable th) {
                operationResult.recomputeStatus();
                throw th;
            }
        } catch (Exception e2) {
            LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load accounts", e2, new Object[0]);
            operationResult.recordFatalError(getString("PageAbstractSelfCredentials.message.couldntLoadAccounts.fatalError"), e2);
            operationResult.recomputeStatus();
        }
        Collections.sort(myPasswordsDto.getAccounts());
        if (!operationResult.isSuccess() && !operationResult.isHandledError()) {
            showResult(operationResult);
        }
        return myPasswordsDto;
    }

    private void initLayout() {
        Form form = new Form("mainForm");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AbstractTab(createStringResource("PageSelfCredentials.tabs.password", new Object[0])) { // from class: com.evolveum.midpoint.web.page.self.PageAbstractSelfCredentials.3
            private static final long serialVersionUID = 1;

            @Override // org.apache.wicket.extensions.markup.html.tabs.AbstractTab, org.apache.wicket.extensions.markup.html.tabs.ITab
            public WebMarkupContainer getPanel(String str) {
                return new ChangePasswordPanel(str, PageAbstractSelfCredentials.this.isCheckOldPassword(), PageAbstractSelfCredentials.this.model, (MyPasswordsDto) PageAbstractSelfCredentials.this.model.getObject2());
            }
        });
        TabbedPanel<ITab> createTabPanel = WebComponentUtil.createTabPanel("tabPanel", this, arrayList, null);
        createTabPanel.setOutputMarkupId(true);
        form.add(createTabPanel);
        initButtons(form);
        add(form);
    }

    private void initButtons(org.apache.wicket.markup.html.form.Form<?> form) {
        AjaxSubmitButton ajaxSubmitButton = new AjaxSubmitButton(ID_SAVE_BUTTON, createStringResource("PageBase.button.save", new Object[0])) { // from class: com.evolveum.midpoint.web.page.self.PageAbstractSelfCredentials.4
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onError(AjaxRequestTarget ajaxRequestTarget) {
                ajaxRequestTarget.add(PageAbstractSelfCredentials.this.getFeedbackPanel());
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onSubmit(AjaxRequestTarget ajaxRequestTarget) {
                PageAbstractSelfCredentials.this.onSavePerformed(ajaxRequestTarget);
            }
        };
        form.setDefaultButton(ajaxSubmitButton);
        form.add(ajaxSubmitButton);
        form.add(new AjaxSubmitButton(ID_CANCEL_BUTTON, createStringResource("PageBase.button.back", new Object[0])) { // from class: com.evolveum.midpoint.web.page.self.PageAbstractSelfCredentials.5
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onError(AjaxRequestTarget ajaxRequestTarget) {
                PageAbstractSelfCredentials.this.onCancelPerformed(ajaxRequestTarget);
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onSubmit(AjaxRequestTarget ajaxRequestTarget) {
                PageAbstractSelfCredentials.this.onCancelPerformed(ajaxRequestTarget);
            }
        });
    }

    private PasswordAccountDto createDefaultPasswordAccountDto(PrismObject<UserType> prismObject) {
        return new PasswordAccountDto(prismObject.getOid(), prismObject.getName().getOrig(), getString("PageSelfCredentials.resourceMidpoint", WebComponentUtil.getMidpointCustomSystemName(this, "midpoint.default.system.name")), WebComponentUtil.isActivationEnabled(prismObject), true);
    }

    private PasswordAccountDto createPasswordAccountDto(PrismObject<ShadowType> prismObject, Task task, OperationResult operationResult) throws ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        PrismReference findReference = prismObject.findReference(ShadowType.F_RESOURCE_REF);
        PasswordAccountDto passwordAccountDto = new PasswordAccountDto(prismObject.getOid(), WebComponentUtil.getName(prismObject), (findReference == null || findReference.getValue() == null || findReference.getValue().getObject() == null) ? getString("PageSelfCredentials.couldntResolve") : WebComponentUtil.getName(findReference.getValue().getObject()), WebComponentUtil.isActivationEnabled(prismObject));
        passwordAccountDto.setPasswordOutbound(getPasswordOutbound(prismObject, task, operationResult));
        passwordAccountDto.setPasswordCapabilityEnabled(hasPasswordCapability(prismObject));
        return passwordAccountDto;
    }

    protected void onSavePerformed(AjaxRequestTarget ajaxRequestTarget) {
        List<PasswordAccountDto> selectedAccountsList = getSelectedAccountsList();
        ProtectedStringType protectedStringType = null;
        if (isCheckOldPassword()) {
            LOGGER.debug("Check old password");
            if (this.model.getObject2().getOldPassword() == null || this.model.getObject2().getOldPassword().trim().equals("")) {
                warn(getString("PageSelfCredentials.specifyOldPasswordMessage"));
                ajaxRequestTarget.add(getFeedbackPanel());
                return;
            }
            OperationResult operationResult = new OperationResult(OPERATION_CHECK_PASSWORD);
            Task createSimpleTask = createSimpleTask(OPERATION_CHECK_PASSWORD);
            try {
                try {
                    protectedStringType = new ProtectedStringType();
                    protectedStringType.setClearValue(this.model.getObject2().getOldPassword());
                    if (!getModelInteractionService().checkPassword(this.user.getOid(), protectedStringType, createSimpleTask, operationResult)) {
                        error(getString("PageSelfCredentials.incorrectOldPassword"));
                        ajaxRequestTarget.add(getFeedbackPanel());
                        operationResult.computeStatus();
                        return;
                    }
                    operationResult.computeStatus();
                } catch (Throwable th) {
                    operationResult.computeStatus();
                    throw th;
                }
            } catch (Exception e) {
                LoggingUtils.logUnexpectedException(LOGGER, "Couldn't check password", e, new Object[0]);
                operationResult.recordFatalError(getString("PageAbstractSelfCredentials.message.onSavePerformed.fatalError", e.getMessage()), e);
                ajaxRequestTarget.add(getFeedbackPanel());
                operationResult.computeStatus();
                return;
            }
        }
        if (selectedAccountsList.isEmpty()) {
            warn(getString("PageSelfCredentials.noAccountSelected"));
            ajaxRequestTarget.add(getFeedbackPanel());
            return;
        }
        if (getModelObject().getPassword() == null) {
            warn(getString("PageSelfCredentials.emptyPasswordFiled"));
            ajaxRequestTarget.add(getFeedbackPanel());
            return;
        }
        OperationResult operationResult2 = new OperationResult(OPERATION_SAVE_PASSWORD);
        try {
            try {
                ProtectedStringType password = this.model.getObject2().getPassword();
                if (!password.isEncrypted()) {
                    WebComponentUtil.encryptProtectedString(password, true, getMidpointApplication());
                }
                ItemPath create = ItemPath.create(SchemaConstantsGenerated.C_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE);
                SchemaRegistry schemaRegistry = getPrismContext().getSchemaRegistry();
                Collection<ObjectDelta<? extends ObjectType>> arrayList = new ArrayList<>();
                for (PasswordAccountDto passwordAccountDto : selectedAccountsList) {
                    ItemDelta createModificationReplaceProperty = getPrismContext().deltaFactory().property().createModificationReplaceProperty(create, passwordAccountDto.isMidpoint() ? schemaRegistry.findObjectDefinitionByCompileTimeClass(UserType.class) : schemaRegistry.findObjectDefinitionByCompileTimeClass(ShadowType.class), password);
                    if (protectedStringType != null) {
                        createModificationReplaceProperty.addEstimatedOldValue(getPrismContext().itemFactory().createPropertyValue((ItemFactory) protectedStringType));
                    }
                    arrayList.add(getPrismContext().deltaFactory().object().createModifyDelta(passwordAccountDto.getOid(), createModificationReplaceProperty, (Class) (passwordAccountDto.isMidpoint() ? UserType.class : ShadowType.class)));
                }
                getModelService().executeChanges(arrayList, null, createSimpleTask(OPERATION_SAVE_PASSWORD, SchemaConstants.CHANNEL_GUI_SELF_SERVICE_URI), operationResult2);
                operationResult2.computeStatus();
                operationResult2.computeStatusIfUnknown();
            } catch (Exception e2) {
                setEncryptedPasswordData(null);
                LoggingUtils.logUnexpectedException(LOGGER, "Couldn't save password changes", e2, new Object[0]);
                operationResult2.recordFatalError(getString("PageAbstractSelfCredentials.save.password.failed", e2.getMessage()), e2);
                operationResult2.computeStatusIfUnknown();
            }
            finishChangePassword(operationResult2, ajaxRequestTarget);
        } catch (Throwable th2) {
            operationResult2.computeStatusIfUnknown();
            throw th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setEncryptedPasswordData(EncryptedDataType encryptedDataType) {
        ProtectedStringType password = this.model.getObject2().getPassword();
        if (password != null) {
            password.setEncryptedData(encryptedDataType);
        }
    }

    protected abstract boolean isCheckOldPassword();

    protected abstract void finishChangePassword(OperationResult operationResult, AjaxRequestTarget ajaxRequestTarget);

    private List<PasswordAccountDto> getSelectedAccountsList() {
        List<PasswordAccountDto> accounts = this.model.getObject2().getAccounts();
        ArrayList arrayList = new ArrayList();
        if (this.model.getObject2().getPropagation() == null || !this.model.getObject2().getPropagation().equals(CredentialsPropagationUserControlType.MAPPING)) {
            for (PasswordAccountDto passwordAccountDto : accounts) {
                if (passwordAccountDto.getCssClass().equals("fa fa-check-square-o")) {
                    arrayList.add(passwordAccountDto);
                }
            }
        } else {
            arrayList.addAll(accounts);
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onCancelPerformed(AjaxRequestTarget ajaxRequestTarget) {
        redirectBack();
    }

    private boolean getPasswordOutbound(PrismObject<ShadowType> prismObject, Task task, OperationResult operationResult) throws ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        try {
            RefinedObjectClassDefinition editObjectClassDefinition = getModelInteractionService().getEditObjectClassDefinition(prismObject, prismObject.asObjectable().getResourceRef().asReferenceValue().getObject(), AuthorizationPhaseType.REQUEST, task, operationResult);
            if (editObjectClassDefinition != null) {
                return !CollectionUtils.isEmpty(editObjectClassDefinition.getPasswordOutbound());
            }
            return false;
        } catch (SchemaException e) {
            return false;
        }
    }

    private boolean hasPasswordCapability(PrismObject<ShadowType> prismObject) {
        ShadowType asObjectable = prismObject.asObjectable();
        ResourceType resourceType = (ResourceType) asObjectable.getResourceRef().asReferenceValue().getObject().asObjectable();
        return ResourceTypeUtil.isPasswordCapabilityEnabled(resourceType, ResourceTypeUtil.findObjectTypeDefinition(resourceType.asPrismObject(), asObjectable.getKind(), asObjectable.getIntent()));
    }

    public PrismObject<UserType> getUser() {
        return this.user;
    }

    private CredentialsPolicyType getPasswordCredentialsPolicy() {
        LOGGER.debug("Getting credentials policy");
        Task createSimpleTask = createSimpleTask(OPERATION_GET_CREDENTIALS_POLICY);
        OperationResult operationResult = new OperationResult(OPERATION_GET_CREDENTIALS_POLICY);
        CredentialsPolicyType credentialsPolicyType = null;
        try {
            try {
                credentialsPolicyType = getModelInteractionService().getCredentialsPolicy(this.user, createSimpleTask, operationResult);
                operationResult.recordSuccessIfUnknown();
                operationResult.computeStatus();
            } catch (Exception e) {
                LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load credentials policy", e, new Object[0]);
                operationResult.recordFatalError(getString("PageAbstractSelfCredentials.message.getPasswordCredentialsPolicy.fatalError", e.getMessage()), e);
                operationResult.computeStatus();
            }
            return credentialsPolicyType;
        } catch (Throwable th) {
            operationResult.computeStatus();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MyPasswordsDto getModelObject() {
        return this.model.getObject2();
    }
}
