package com.evolveum.midpoint.web.page.forgetpassword;

import com.evolveum.midpoint.model.api.authentication.AuthModule;
import com.evolveum.midpoint.model.api.authentication.AuthenticationChannel;
import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication;
import com.evolveum.midpoint.model.api.authentication.ModuleAuthentication;
import com.evolveum.midpoint.model.api.authentication.StateOfModule;
import com.evolveum.midpoint.model.api.context.NonceAuthenticationContext;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.schema.util.SecurityPolicyUtil;
import com.evolveum.midpoint.security.api.Authorization;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.application.PageDescriptor;
import com.evolveum.midpoint.web.application.Url;
import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
import com.evolveum.midpoint.web.component.wizard.resource.dto.IterationSpecificationTypeDto;
import com.evolveum.midpoint.web.page.login.PageRegistrationBase;
import com.evolveum.midpoint.web.page.login.PageRegistrationConfirmation;
import com.evolveum.midpoint.web.security.factory.channel.ResetPasswordChannelFactory;
import com.evolveum.midpoint.web.security.factory.module.LoginFormModuleFactory;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModuleLoginFormType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModulesType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import org.apache.commons.lang.Validate;
import org.apache.wicket.Component;
import org.apache.wicket.Session;
import org.apache.wicket.behavior.Behavior;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.apache.wicket.spring.injection.annot.SpringBean;
import org.apache.wicket.util.string.StringValue;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;

@PageDescriptor(urls = {@Url(mountUrl = "/confirm/reset")}, permitAll = true)
/* loaded from: input_file:com/evolveum/midpoint/web/page/forgetpassword/PageResetPasswordConfirmation.class */
public class PageResetPasswordConfirmation extends PageRegistrationBase {

    @SpringBean(name = "loginFormModuleFactory")
    private LoginFormModuleFactory moduleFactory;

    @SpringBean(name = "resetPasswordChannelFactory")
    private ResetPasswordChannelFactory channelFactory;
    private static final String ID_LABEL_ERROR = "errorLabel";
    private static final String ID_ERROR_PANEL = "errorPanel";
    private static final long serialVersionUID = 1;
    private static final Trace LOGGER = TraceManager.getTrace(PageRegistrationConfirmation.class);
    private static final String DOT_CLASS = PageRegistrationConfirmation.class.getName() + ".";
    private static final String OPERATION_ASSIGN_DEFAULT_ROLES = DOT_CLASS + ".assignDefaultRoles";
    private static final String OPERATION_FINISH_REGISTRATION = DOT_CLASS + "finishRegistration";

    public PageResetPasswordConfirmation() {
        init(null);
    }

    public PageResetPasswordConfirmation(PageParameters pageParameters) {
        init(pageParameters);
    }

    private void init(PageParameters pageParameters) {
        PageParameters pageParameters2 = pageParameters;
        if (pageParameters2 == null) {
            pageParameters2 = getPageParameters();
        }
        OperationResult operationResult = new OperationResult(OPERATION_FINISH_REGISTRATION);
        if (pageParameters2 == null) {
            LOGGER.error("Confirmation link is not valid. No credentials provided in it");
            String string = createStringResource("PageSelfRegistration.invalid.registration.link", new Object[0]).getString();
            getSession().error(createStringResource(string, new Object[0]));
            operationResult.recordFatalError(string);
            initLayout(operationResult);
            return;
        }
        StringValue stringValue = pageParameters2.get("user");
        Validate.notEmpty(stringValue.toString());
        StringValue stringValue2 = pageParameters2.get(IterationSpecificationTypeDto.TOKEN_EXPRESSION_PREFIX);
        Validate.notEmpty(stringValue2.toString());
        UsernamePasswordAuthenticationToken authenticateUser = authenticateUser(stringValue.toString(), stringValue2.toString(), operationResult);
        if (authenticateUser == null) {
            initLayout(operationResult);
            return;
        }
        MidPointPrincipal midPointPrincipal = (MidPointPrincipal) authenticateUser.getPrincipal();
        Collection authorities = midPointPrincipal.getAuthorities();
        if (authorities != null) {
            Iterator it = authorities.iterator();
            while (it.hasNext()) {
                Iterator it2 = ((Authorization) it.next()).getAction().iterator();
                while (it2.hasNext()) {
                    if (((String) it2.next()).contains("http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3")) {
                        it2.remove();
                    }
                }
            }
        }
        AuthorizationType authorizationType = new AuthorizationType();
        authorizationType.getAction().add("http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials");
        authorities.add(new Authorization(authorizationType));
        AuthenticationSequenceType createPaswordResetSequence = SecurityPolicyUtil.createPaswordResetSequence();
        HashMap hashMap = new HashMap();
        AuthenticationModulesType authenticationModulesType = new AuthenticationModulesType();
        AbstractAuthenticationModuleType authenticationModuleLoginFormType = new AuthenticationModuleLoginFormType();
        authenticationModuleLoginFormType.name("loginForm");
        authenticationModulesType.loginForm(authenticationModuleLoginFormType);
        AuthModule authModule = null;
        AuthenticationChannel authenticationChannel = null;
        try {
            authenticationChannel = this.channelFactory.createAuthChannel(createPaswordResetSequence.getChannel());
            authModule = this.moduleFactory.createModuleFilter(authenticationModuleLoginFormType, createPaswordResetSequence.getChannel().getUrlSuffix(), null, hashMap, authenticationModulesType, null, authenticationChannel);
        } catch (Exception e) {
            LOGGER.error("Couldn't build filter for module moduleFactory", e);
        }
        MidpointAuthentication midpointAuthentication = new MidpointAuthentication(createPaswordResetSequence);
        ArrayList arrayList = new ArrayList();
        arrayList.add(authModule);
        midpointAuthentication.setAuthModules(arrayList);
        midpointAuthentication.setSessionId(Session.get().getId());
        ModuleAuthentication baseModuleAuthentication = authModule.getBaseModuleAuthentication();
        baseModuleAuthentication.setAuthentication(authenticateUser);
        baseModuleAuthentication.setState(StateOfModule.SUCCESSFULLY);
        midpointAuthentication.addAuthentications(baseModuleAuthentication);
        midpointAuthentication.setPrincipal(midPointPrincipal);
        midpointAuthentication.setAuthorities(authenticateUser.getAuthorities());
        midpointAuthentication.setAuthenticationChannel(authenticationChannel);
        SecurityContextHolder.getContext().setAuthentication(midpointAuthentication);
        setResponsePage(PageResetPassword.class);
        initLayout(operationResult);
    }

    private UsernamePasswordAuthenticationToken authenticateUser(String str, String str2, OperationResult operationResult) {
        try {
            return getAuthenticationEvaluator().authenticate(ConnectionEnvironment.create(SchemaConstants.CHANNEL_GUI_SELF_REGISTRATION_URI), new NonceAuthenticationContext(str, UserType.class, str2, getResetPasswordPolicy().getNoncePolicy()));
        } catch (AuthenticationException e) {
            getSession().error(getString(e.getMessage()));
            operationResult.recordFatalError(getString("PageResetPasswordConfirmation.message.authenticateUser.fatalError"));
            LoggingUtils.logException(LOGGER, e.getMessage(), e, new Object[0]);
            return null;
        } catch (Exception e2) {
            getSession().error(createStringResource("PageResetPasswordConfirmation.authnetication.failed", new Object[0]).getString());
            LoggingUtils.logException(LOGGER, "Failed to confirm registration", e2, new Object[0]);
            return null;
        }
    }

    private void initLayout(final OperationResult operationResult) {
        WebMarkupContainer webMarkupContainer = new WebMarkupContainer(ID_ERROR_PANEL);
        add(new Component[]{webMarkupContainer});
        webMarkupContainer.add(new Behavior[]{new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageResetPasswordConfirmation.1
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isEnabled() {
                return operationResult.getStatus() == OperationResultStatus.FATAL_ERROR;
            }

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return operationResult.getStatus() == OperationResultStatus.FATAL_ERROR;
            }
        }});
        webMarkupContainer.add(new Component[]{new Label(ID_LABEL_ERROR, createStringResource("PageResetPasswordConfirmation.confirmation.error", new Object[0]))});
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.gui.api.page.PageBase
    public void createBreadcrumb() {
    }
}
