package com.evolveum.midpoint.gui.impl.page.login.module;

import com.evolveum.midpoint.authentication.api.authorization.PageDescriptor;
import com.evolveum.midpoint.authentication.api.authorization.Url;
import com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication;
import com.evolveum.midpoint.gui.api.component.result.Toast;
import com.evolveum.midpoint.gui.api.model.LoadableModel;
import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.xml.XmlTypeConverter;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.schema.util.ValueMetadataTypeUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.component.AjaxButton;
import com.evolveum.midpoint.web.component.form.MidpointForm;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.lang.invoke.SerializedLambda;
import javax.xml.datatype.Duration;
import javax.xml.datatype.XMLGregorianCalendar;
import org.apache.wicket.Component;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.LoadableDetachableModel;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@PageDescriptor(urls = {@Url(mountUrl = "/emailNonce", matchUrlForSecurity = "/emailNonce")}, permitAll = true, loginPage = true, authModule = "MailNonce")
/* loaded from: input_file:com/evolveum/midpoint/gui/impl/page/login/module/PageEmailNonce.class */
public class PageEmailNonce extends PageAbstractAuthenticationModule<CredentialModuleAuthentication> {
    private static final long serialVersionUID = 1;
    private static final String ID_SEND_NONCE = "sendNonce";
    private NonceCredentialsPolicyType noncePolicy;
    private LoadableDetachableModel<UserType> userModel;
    private LoadableDetachableModel<String> panelDescriptionModel;
    private static final Trace LOGGER = TraceManager.getTrace(PageEmailNonce.class);
    private static final String DOT_CLASS = PageEmailNonce.class.getName() + ".";
    private static final String OPERATION_DETERMINE_NONCE_CREDENTIALS_POLICY = DOT_CLASS + "determineNonceCredentialsPolicy";
    private static final String OPERATION_LOAD_USER = DOT_CLASS + "loadAuthenticatedUser";

    public PageEmailNonce() {
        initUserModel();
        initNoncePolicy();
        initDescriptionModel();
        if (userHasValidNonce()) {
            LOGGER.debug("Nonce won't be generated automatically, user already has one.");
        } else {
            LOGGER.debug("Nonce will be generated and saved to user.");
            generateAndSendNonce(null);
        }
    }

    private void initUserModel() {
        this.userModel = new LoadableDetachableModel<UserType>() { // from class: com.evolveum.midpoint.gui.impl.page.login.module.PageEmailNonce.1
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            /* renamed from: load, reason: merged with bridge method [inline-methods] */
            public UserType m773load() {
                UserType searchUser = PageEmailNonce.this.searchUser();
                PageEmailNonce.this.validateUserNotNullOrFail(searchUser);
                OperationResult operationResult = new OperationResult("loadUser");
                Task createAnonymousTask = PageEmailNonce.this.createAnonymousTask(PageEmailNonce.OPERATION_LOAD_USER);
                return ((PrismObject) PageEmailNonce.this.runPrivileged(() -> {
                    return WebModelServiceUtils.loadObject(UserType.class, searchUser.getOid(), PageEmailNonce.this, createAnonymousTask, operationResult);
                })).asObjectable();
            }

            private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
                String implMethodName = serializedLambda.getImplMethodName();
                boolean z = -1;
                switch (implMethodName.hashCode()) {
                    case -217561913:
                        if (implMethodName.equals("lambda$load$50b70757$1")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/util/Producer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/login/module/PageEmailNonce$1") && serializedLambda.getImplMethodSignature().equals("(Lcom/evolveum/midpoint/xml/ns/_public/common/common_3/UserType;Lcom/evolveum/midpoint/task/api/Task;Lcom/evolveum/midpoint/schema/result/OperationResult;)Lcom/evolveum/midpoint/prism/PrismObject;")) {
                            AnonymousClass1 anonymousClass1 = (AnonymousClass1) serializedLambda.getCapturedArg(0);
                            UserType userType = (UserType) serializedLambda.getCapturedArg(1);
                            Task task = (Task) serializedLambda.getCapturedArg(2);
                            OperationResult operationResult = (OperationResult) serializedLambda.getCapturedArg(3);
                            return () -> {
                                return WebModelServiceUtils.loadObject(UserType.class, userType.getOid(), PageEmailNonce.this, task, operationResult);
                            };
                        }
                        break;
                }
                throw new IllegalArgumentException("Invalid lambda deserialization");
            }
        };
    }

    private void initNoncePolicy() {
        this.noncePolicy = getMailNoncePolicy();
    }

    private void initDescriptionModel() {
        this.panelDescriptionModel = new LoadableDetachableModel<String>() { // from class: com.evolveum.midpoint.gui.impl.page.login.module.PageEmailNonce.2
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            /* renamed from: load, reason: merged with bridge method [inline-methods] */
            public String m774load() {
                NonceType userNonce = PageEmailNonce.this.getUserNonce();
                XMLGregorianCalendar lastChangeTimestamp = userNonce != null ? ValueMetadataTypeUtil.getLastChangeTimestamp(ValueMetadataTypeUtil.getMetadata(userNonce)) : null;
                StringBuilder sb = new StringBuilder();
                sb.append(PageEmailNonce.this.createStringResource("PageForgotPassword.form.submited.message", new Object[0]).getString());
                if (lastChangeTimestamp != null) {
                    sb.append("\n");
                    sb.append(PageEmailNonce.this.createStringResource("PageForgotPassword.form.mailSent.additionalInfo", WebComponentUtil.formatDate(lastChangeTimestamp)).getString());
                }
                return sb.toString();
            }
        };
    }

    private boolean userHasValidNonce() {
        NonceType userNonce = getUserNonce();
        return userNonce != null && isNonceValid(userNonce);
    }

    private NonceType getUserNonce() {
        UserType userType = (UserType) this.userModel.getObject();
        if (userType.getCredentials() == null) {
            return null;
        }
        return userType.getCredentials().getNonce();
    }

    private boolean isNonceValid(@NotNull NonceType nonceType) {
        Duration maxAge;
        XMLGregorianCalendar lastChangeTimestamp;
        if (this.noncePolicy == null || (maxAge = this.noncePolicy.getMaxAge()) == null || (lastChangeTimestamp = ValueMetadataTypeUtil.getLastChangeTimestamp(ValueMetadataTypeUtil.getMetadata(nonceType))) == null) {
            return true;
        }
        return System.currentTimeMillis() < XmlTypeConverter.toMillis(XmlTypeConverter.addDuration(lastChangeTimestamp, maxAge));
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.module.PageAbstractAuthenticationModule
    protected void initModuleLayout(MidpointForm midpointForm) {
        initButtons(midpointForm);
    }

    private void initButtons(MidpointForm midpointForm) {
        midpointForm.add(new Component[]{new AjaxButton(ID_SEND_NONCE, createStringResource("PageBase.button.nonce.send.new", new Object[0])) { // from class: com.evolveum.midpoint.gui.impl.page.login.module.PageEmailNonce.3
            private static final long serialVersionUID = 1;

            public void onClick(AjaxRequestTarget ajaxRequestTarget) {
                PageEmailNonce.this.generateAndSendNonce(ajaxRequestTarget);
            }
        }});
    }

    private void generateAndSendNonce(AjaxRequestTarget ajaxRequestTarget) {
        UserType userType = (UserType) this.userModel.getObject();
        LOGGER.trace("Reset Password user: {}", userType);
        OperationResult saveUserNonce = saveUserNonce(userType, this.noncePolicy);
        this.panelDescriptionModel.detach();
        this.userModel.detach();
        if (saveUserNonce.getStatus() != OperationResultStatus.SUCCESS) {
            LOGGER.error("Failed to send nonce to user: {} ", saveUserNonce.getMessage());
        } else if (ajaxRequestTarget != null) {
            new Toast().success().title(getString("PageEmailNonce.sentNonce")).icon("fas fa-circle-check").autohide(true).delay(5000).body(getString("PageEmailNonce.sentNonce.message")).show(ajaxRequestTarget);
            reloadDescriptionPanel(ajaxRequestTarget);
        }
    }

    @Nullable
    private NonceCredentialsPolicyType getMailNoncePolicy() {
        CredentialModuleAuthentication credentialModuleAuthentication = (CredentialModuleAuthentication) getAuthenticationModuleConfiguration();
        String credentialName = credentialModuleAuthentication.getCredentialName();
        if (credentialName != null) {
            return resolveNoncePolicy(credentialName);
        }
        LOGGER.error("EmailNonceModuleAuthentication " + credentialModuleAuthentication.getModuleIdentifier() + " haven't define name of credential");
        return null;
    }

    private NonceCredentialsPolicyType resolveNoncePolicy(String str) {
        Task createAnonymousTask = createAnonymousTask(OPERATION_DETERMINE_NONCE_CREDENTIALS_POLICY);
        createAnonymousTask.setChannel(SchemaConstants.CHANNEL_SELF_REGISTRATION_URI);
        OperationResult result = createAnonymousTask.getResult();
        try {
            return getModelInteractionService().determineNonceCredentialsPolicy(((UserType) this.userModel.getObject()).asPrismObject(), str, createAnonymousTask, result);
        } catch (CommonException e) {
            LOGGER.error("Could not retrieve nonce policy: {}", e.getMessage(), e);
            return null;
        }
    }

    private OperationResult saveUserNonce(UserType userType, NonceCredentialsPolicyType nonceCredentialsPolicyType) {
        return (OperationResult) runPrivileged(() -> {
            return saveNonce(userType, nonceCredentialsPolicyType);
        });
    }

    private OperationResult saveNonce(UserType userType, NonceCredentialsPolicyType nonceCredentialsPolicyType) {
        Task createAnonymousTask = createAnonymousTask("generateUserNonce");
        createAnonymousTask.setChannel(SchemaConstants.CHANNEL_RESET_PASSWORD_URI);
        createAnonymousTask.setOwner(userType.asPrismObject());
        OperationResult operationResult = new OperationResult("generateUserNonce");
        ProtectedStringType protectedStringType = new ProtectedStringType();
        try {
            protectedStringType.setClearValue(generateNonce(nonceCredentialsPolicyType, createAnonymousTask, userType.asPrismObject(), operationResult));
            WebModelServiceUtils.save(getPrismContext().deltaFactory().object().createModificationReplaceProperty(UserType.class, userType.getOid(), SchemaConstants.PATH_NONCE_VALUE, new ProtectedStringType[]{protectedStringType}), operationResult, createAnonymousTask, this);
        } catch (SchemaException | ExpressionEvaluationException | ObjectNotFoundException | CommunicationException | ConfigurationException | SecurityViolationException e) {
            operationResult.recordFatalError(getString("PageForgotPassword.message.saveUserNonce.fatalError"));
            LoggingUtils.logException(LOGGER, "Failed to generate nonce for user: " + e.getMessage(), e, new Object[0]);
        }
        operationResult.computeStatusIfUnknown();
        return operationResult;
    }

    private <O extends ObjectType> String generateNonce(NonceCredentialsPolicyType nonceCredentialsPolicyType, Task task, PrismObject<O> prismObject, OperationResult operationResult) throws ExpressionEvaluationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        return getModelInteractionService().generateValue(resolveValuePolicy(nonceCredentialsPolicyType, task, operationResult), 24, false, prismObject, "nonce generation", task, operationResult);
    }

    private ValuePolicyType resolveValuePolicy(NonceCredentialsPolicyType nonceCredentialsPolicyType, Task task, OperationResult operationResult) {
        PrismObject loadObject;
        if (nonceCredentialsPolicyType == null || nonceCredentialsPolicyType.getValuePolicyRef() == null || (loadObject = WebModelServiceUtils.loadObject(ValuePolicyType.class, nonceCredentialsPolicyType.getValuePolicyRef().getOid(), this, task, operationResult)) == null) {
            return null;
        }
        return loadObject.asObjectable();
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected IModel<String> getDefaultLoginPanelTitleModel() {
        return new LoadableModel<String>() { // from class: com.evolveum.midpoint.gui.impl.page.login.module.PageEmailNonce.4
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.gui.api.model.LoadableModel
            /* renamed from: load */
            public String load2() {
                return PageEmailNonce.this.createStringResource("PageEmailNonce.checkYourMail", new Object[0]).getString();
            }
        };
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected IModel<String> getDefaultLoginPanelDescriptionModel() {
        return this.panelDescriptionModel;
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.module.PageAbstractAuthenticationModule
    protected String getModuleTypeName() {
        return "mailNonce";
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 1732376919:
                if (implMethodName.equals("lambda$saveUserNonce$c3a141d7$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/util/Producer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/login/module/PageEmailNonce") && serializedLambda.getImplMethodSignature().equals("(Lcom/evolveum/midpoint/xml/ns/_public/common/common_3/UserType;Lcom/evolveum/midpoint/xml/ns/_public/common/common_3/NonceCredentialsPolicyType;)Lcom/evolveum/midpoint/schema/result/OperationResult;")) {
                    PageEmailNonce pageEmailNonce = (PageEmailNonce) serializedLambda.getCapturedArg(0);
                    UserType userType = (UserType) serializedLambda.getCapturedArg(1);
                    NonceCredentialsPolicyType nonceCredentialsPolicyType = (NonceCredentialsPolicyType) serializedLambda.getCapturedArg(2);
                    return () -> {
                        return saveNonce(userType, nonceCredentialsPolicyType);
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
