package com.evolveum.midpoint.web.page.login;

import com.evolveum.midpoint.gui.api.page.PageBase;
import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication;
import com.evolveum.midpoint.model.api.authentication.ModuleAuthentication;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.Producer;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.application.PageDescriptor;
import com.evolveum.midpoint.web.application.Url;
import com.evolveum.midpoint.web.component.AjaxSubmitButton;
import com.evolveum.midpoint.web.component.form.MidpointForm;
import com.evolveum.midpoint.web.component.prism.DynamicFormPanel;
import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
import com.evolveum.midpoint.web.security.module.authentication.MailNonceModuleAuthentication;
import com.evolveum.midpoint.web.security.util.SecurityUtils;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.apache.wicket.Component;
import org.apache.wicket.RestartResponseException;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.basic.MultiLineLabel;
import org.apache.wicket.markup.html.form.RequiredTextField;
import org.apache.wicket.model.Model;
import org.apache.wicket.protocol.http.servlet.ServletWebRequest;
import org.apache.wicket.request.cycle.RequestCycle;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.WebAttributes;

@PageDescriptor(urls = {@Url(mountUrl = "/emailNonce", matchUrlForSecurity = "/emailNonce")}, permitAll = true, loginPage = true)
/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/page/login/PageEmailNonse.class */
public class PageEmailNonse extends PageAuthenticationBase {
    private static final long serialVersionUID = 1;
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) PageEmailNonse.class);
    private static final String DOT_CLASS = com.evolveum.midpoint.web.page.forgetpassword.PageSecurityQuestions.class.getName() + ".";
    private static final String OPERATION_LOAD_USER = DOT_CLASS + "loaduser";
    private static final String OPERATION_LOAD_QUESTION_POLICY = DOT_CLASS + "LOAD Question Policy";
    private static final String ID_STATIC_LAYOUT = "staticLayout";
    private static final String ID_EMAIL = "email";
    private static final String ID_MAIN_FORM = "mainForm";
    private static final String ID_BACK_BUTTON = "back";
    private static final String ID_SUBMIT = "submit";
    private static final String ID_PASSWORD_RESET_SUBMITED = "resetPasswordInfo";
    private boolean submited;

    @Override // com.evolveum.midpoint.web.page.login.AbstractPageLogin
    protected void initCustomLayer() {
        MidpointForm midpointForm = new MidpointForm("mainForm");
        midpointForm.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.login.PageEmailNonse.1
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return !PageEmailNonse.this.submited;
            }
        });
        add(midpointForm);
        initStaticLayout(midpointForm);
        initDynamicLayout(midpointForm, this);
        initButtons(midpointForm);
        Component multiLineLabel = new MultiLineLabel(ID_PASSWORD_RESET_SUBMITED, createStringResource("PageForgotPassword.form.submited.message", new Object[0]));
        add(multiLineLabel);
        multiLineLabel.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.login.PageEmailNonse.2
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return PageEmailNonse.this.submited;
            }

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isEnabled() {
                return PageEmailNonse.this.submited;
            }
        });
    }

    private void initButtons(MidpointForm midpointForm) {
        midpointForm.add(new AjaxSubmitButton(ID_SUBMIT, createStringResource("PageForgetPassword.resetPassword", new Object[0])) { // from class: com.evolveum.midpoint.web.page.login.PageEmailNonse.3
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onSubmit(AjaxRequestTarget ajaxRequestTarget) {
                PageEmailNonse.this.processResetPassword(ajaxRequestTarget);
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onError(AjaxRequestTarget ajaxRequestTarget) {
                ajaxRequestTarget.add(PageEmailNonse.this.getFeedbackPanel());
            }
        });
        midpointForm.add(createBackButton(ID_BACK_BUTTON));
    }

    private void processResetPassword(AjaxRequestTarget ajaxRequestTarget) {
        UserType searchUser = searchUser();
        if (searchUser == null) {
            getSession().error(getString("pageForgetPassword.message.user.not.found"));
            throw new RestartResponseException(PageEmailNonse.class);
        }
        LOGGER.trace("Reset Password user: {}", searchUser);
        if (getResetPasswordPolicy() == null) {
            LOGGER.debug("No policies for reset password defined");
            getSession().error(getString("pageForgetPassword.message.policy.not.found"));
            throw new RestartResponseException(PageEmailNonse.class);
        }
        OperationResult saveUserNonce = saveUserNonce(searchUser, getMailNoncePolicy(searchUser.asPrismObject()));
        if (saveUserNonce.getStatus() == OperationResultStatus.SUCCESS) {
            this.submited = true;
            ajaxRequestTarget.add(this);
        } else {
            getSession().error(getString("PageForgotPassword.send.nonce.failed"));
            LOGGER.error("Failed to send nonce to user: {} ", saveUserNonce.getMessage());
            throw new RestartResponseException(this);
        }
    }

    private NonceCredentialsPolicyType getMailNoncePolicy(PrismObject<UserType> prismObject) {
        SecurityPolicyType resolveSecurityPolicy = resolveSecurityPolicy(prismObject);
        LOGGER.trace("Found security policy: {}", resolveSecurityPolicy);
        if (resolveSecurityPolicy == null) {
            getSession().error(getString("PageForgotPassword.send.nonce.failed"));
            LOGGER.error("No security policy, cannot process nonce credential");
            throw new RestartResponseException(PageEmailNonse.class);
        }
        if (resolveSecurityPolicy.getCredentials() == null) {
            getSession().error(getString("PageForgotPassword.send.nonce.failed"));
            LOGGER.error("No credential for security policy, cannot process nonce credential");
            throw new RestartResponseException(PageEmailNonse.class);
        }
        if (resolveSecurityPolicy.getCredentials().getNonce() == null) {
            getSession().error(getString("PageForgotPassword.send.nonce.failed"));
            LOGGER.error("No nonce credential for security policy, cannot process nonce credential");
            throw new RestartResponseException(PageEmailNonse.class);
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof MidpointAuthentication)) {
            getSession().error(getString("PageForgotPassword.send.nonce.failed"));
            LOGGER.error(("Bad type of authentication, support only MidpointAuthentication, but is " + authentication) != null ? authentication.getClass().getName() : null);
            throw new RestartResponseException(PageEmailNonse.class);
        }
        ModuleAuthentication processingModuleAuthentication = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
        if (!(processingModuleAuthentication instanceof MailNonceModuleAuthentication)) {
            getSession().error(getString("PageForgotPassword.send.nonce.failed"));
            LOGGER.error(("Bad type of module authentication, support only EmailNonceModuleAuthentication, but is " + processingModuleAuthentication) != null ? processingModuleAuthentication.getClass().getName() : null);
            throw new RestartResponseException(PageEmailNonse.class);
        }
        MailNonceModuleAuthentication mailNonceModuleAuthentication = (MailNonceModuleAuthentication) processingModuleAuthentication;
        String credentialName = mailNonceModuleAuthentication.getCredentialName();
        if (credentialName == null) {
            getSession().error(getString("PageForgotPassword.send.nonce.failed"));
            LOGGER.error("EmailNonceModuleAuthentication " + mailNonceModuleAuthentication.getNameOfModule() + " haven't define name of credential");
            throw new RestartResponseException(PageEmailNonse.class);
        }
        NonceCredentialsPolicyType nonceCredentialsPolicyType = null;
        for (NonceCredentialsPolicyType nonceCredentialsPolicyType2 : resolveSecurityPolicy.getCredentials().getNonce()) {
            if (credentialName != null && credentialName.equals(nonceCredentialsPolicyType2.getName())) {
                nonceCredentialsPolicyType = nonceCredentialsPolicyType2;
            }
        }
        if (nonceCredentialsPolicyType != null) {
            return nonceCredentialsPolicyType;
        }
        getSession().error(getString("PageForgotPassword.send.nonce.failed"));
        LOGGER.error("Couldn't find nonce credentials by name " + credentialName);
        throw new RestartResponseException(PageEmailNonse.class);
    }

    private void initStaticLayout(MidpointForm midpointForm) {
        WebMarkupContainer webMarkupContainer = new WebMarkupContainer(ID_STATIC_LAYOUT);
        webMarkupContainer.setOutputMarkupId(true);
        webMarkupContainer.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.login.PageEmailNonse.4
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return !PageEmailNonse.this.isDynamicForm();
            }
        });
        midpointForm.add(webMarkupContainer);
        RequiredTextField requiredTextField = new RequiredTextField("email", new Model());
        requiredTextField.setOutputMarkupId(true);
        webMarkupContainer.add(requiredTextField);
    }

    public PageBase getPageBase() {
        return (PageBase) getPage();
    }

    @Override // com.evolveum.midpoint.web.page.login.PageAuthenticationBase
    protected ObjectQuery createStaticFormQuery() {
        RequiredTextField email = getEmail();
        String str = email != null ? (String) email.getModelObject() : null;
        LOGGER.debug("Reset Password user info form submitted. email={}", str);
        return getPrismContext().queryFor(UserType.class).item(UserType.F_EMAIL_ADDRESS).eq(str).matchingCaseIgnore().build();
    }

    private MidpointForm getMainForm() {
        return (MidpointForm) get("mainForm");
    }

    @Override // com.evolveum.midpoint.web.page.login.PageAuthenticationBase
    protected DynamicFormPanel getDynamicForm() {
        return (DynamicFormPanel) getMainForm().get(createComponentPath("dynamicLayout", "dynamicForm"));
    }

    private RequiredTextField getEmail() {
        return (RequiredTextField) getMainForm().get(createComponentPath(ID_STATIC_LAYOUT, "email"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.web.page.login.AbstractPageLogin, com.evolveum.midpoint.gui.api.page.PageBase, org.apache.wicket.Page, org.apache.wicket.Component
    public void onConfigure() {
        super.onConfigure();
        HttpSession session = ((ServletWebRequest) RequestCycle.get().getRequest()).getContainerRequest().getSession();
        Exception exc = (Exception) session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
        if (exc == null) {
            return;
        }
        String message = exc.getMessage();
        if (StringUtils.isEmpty(message)) {
            message = "web.security.provider.unavailable";
        }
        for (String str : message.split(";")) {
            error(getLocalizationService().translate(str, null, getLocale(), str));
        }
        session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
        clearBreadcrumbs();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.web.page.login.AbstractPageLogin, com.evolveum.midpoint.gui.api.page.PageBase
    public void createBreadcrumb() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.web.page.login.AbstractPageLogin, com.evolveum.midpoint.gui.api.page.PageBase, org.apache.wicket.Page, org.apache.wicket.Component
    public void onBeforeRender() {
        super.onBeforeRender();
        if (SecurityUtils.getPrincipalUser() != null) {
            throw new RestartResponseException(getMidpointApplication().getHomePage());
        }
    }

    private OperationResult saveUserNonce(final UserType userType, final NonceCredentialsPolicyType nonceCredentialsPolicyType) {
        return (OperationResult) runPrivileged(new Producer<OperationResult>() { // from class: com.evolveum.midpoint.web.page.login.PageEmailNonse.5
            private static final long serialVersionUID = 1;

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.util.Producer
            public OperationResult run() {
                Task createAnonymousTask = PageEmailNonse.this.createAnonymousTask("generateUserNonce");
                createAnonymousTask.setChannel(SchemaConstants.CHANNEL_RESET_PASSWORD_URI);
                createAnonymousTask.setOwner(userType.asPrismObject());
                OperationResult operationResult = new OperationResult("generateUserNonce");
                ProtectedStringType protectedStringType = new ProtectedStringType();
                try {
                    protectedStringType.setClearValue(PageEmailNonse.this.generateNonce(nonceCredentialsPolicyType, createAnonymousTask, userType.asPrismObject(), operationResult));
                    WebModelServiceUtils.save(PageEmailNonse.this.getPrismContext().deltaFactory().object().createModificationReplaceProperty(UserType.class, userType.getOid(), SchemaConstants.PATH_NONCE_VALUE, protectedStringType), operationResult, createAnonymousTask, PageEmailNonse.this);
                } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException | ObjectNotFoundException | SchemaException | SecurityViolationException e) {
                    operationResult.recordFatalError(PageEmailNonse.this.getString("PageForgotPassword.message.saveUserNonce.fatalError"));
                    LoggingUtils.logException(PageEmailNonse.LOGGER, "Failed to generate nonce for user: " + e.getMessage(), e, new Object[0]);
                }
                operationResult.computeStatusIfUnknown();
                return operationResult;
            }
        });
    }

    private <O extends ObjectType> String generateNonce(NonceCredentialsPolicyType nonceCredentialsPolicyType, Task task, PrismObject<O> prismObject, OperationResult operationResult) throws ExpressionEvaluationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        ValuePolicyType valuePolicyType = null;
        if (nonceCredentialsPolicyType != null && nonceCredentialsPolicyType.getValuePolicyRef() != null) {
            valuePolicyType = (ValuePolicyType) WebModelServiceUtils.loadObject(ValuePolicyType.class, nonceCredentialsPolicyType.getValuePolicyRef().getOid(), this, task, operationResult).asObjectable();
        }
        return getModelInteractionService().generateValue(valuePolicyType, 24, false, prismObject, "nonce generation", task, operationResult);
    }
}
