package com.evolveum.midpoint.web.page.self.component;

import com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition;
import com.evolveum.midpoint.gui.api.GuiStyleConstants;
import com.evolveum.midpoint.gui.api.component.BasePanel;
import com.evolveum.midpoint.gui.api.component.LabelWithHelpPanel;
import com.evolveum.midpoint.gui.api.component.password.PasswordPanel;
import com.evolveum.midpoint.gui.api.model.LoadableModel;
import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
import com.evolveum.midpoint.model.api.ProgressInformation;
import com.evolveum.midpoint.model.api.validator.StringLimitationResult;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismReference;
import com.evolveum.midpoint.prism.PrismReferenceValue;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.CapabilityUtil;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.SelectorOptions;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ResourceTypeUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.component.data.TablePanel;
import com.evolveum.midpoint.web.component.data.column.CheckBoxColumn;
import com.evolveum.midpoint.web.component.data.column.ColumnResultPanel;
import com.evolveum.midpoint.web.component.data.column.IconColumn;
import com.evolveum.midpoint.web.component.data.column.IsolatedCheckBoxPanel;
import com.evolveum.midpoint.web.component.data.column.PasswordPolicyValidationPanel;
import com.evolveum.midpoint.web.component.progress.ProgressReportActivityDto;
import com.evolveum.midpoint.web.component.util.ListDataProvider;
import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
import com.evolveum.midpoint.web.page.admin.home.dto.MyPasswordsDto;
import com.evolveum.midpoint.web.page.admin.home.dto.PasswordAccountDto;
import com.evolveum.midpoint.web.page.self.PageSelfCredentials;
import com.evolveum.midpoint.web.security.util.SecurityUtils;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPropagationUserControlType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.DisplayType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MappingStrengthType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationResultStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordChangeSecurityType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectTypeDefinitionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SchemaHandlingType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CredentialsCapabilityType;
import j2html.attributes.Attr;
import java.lang.invoke.SerializedLambda;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.wicket.AttributeModifier;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.behavior.AttributeAppender;
import org.apache.wicket.extensions.markup.html.repeater.data.grid.ICellPopulator;
import org.apache.wicket.extensions.markup.html.repeater.data.table.AbstractColumn;
import org.apache.wicket.extensions.markup.html.repeater.data.table.DataTable;
import org.apache.wicket.extensions.markup.html.repeater.data.table.IColumn;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.form.PasswordTextField;
import org.apache.wicket.markup.repeater.Item;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.Model;
import org.apache.wicket.model.PropertyModel;

/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/page/self/component/ChangePasswordPanel.class */
public class ChangePasswordPanel extends BasePanel<MyPasswordsDto> {
    private static final long serialVersionUID = 1;
    private static final String ID_PASSWORD_PANEL = "passwordPanel";
    private static final String ID_OLD_PASSWORD_CONTAINER = "oldPasswordContainer";
    private static final String ID_OLD_PASSWORD_FIELD = "oldPassword";
    private static final String ID_PASSWORD_LABEL = "passwordLabel";
    public static final String ID_ACCOUNTS_TABLE = "accounts";
    public static final String ID_ACCOUNTS_CONTAINER = "accountsContainer";
    private IModel<Boolean> midpointAccountSelected;
    private Map<String, List<StringLimitationResult>> limitationsByPolicyOid;
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ChangePasswordPanel.class);
    private static final String DOT_CLASS = PageSelfCredentials.class.getName() + ".";
    private static final String OPERATION_LOAD_USER_WITH_ACCOUNTS = DOT_CLASS + "loadUserWithAccounts";
    private static final String OPERATION_LOAD_USER = DOT_CLASS + "loadUser";
    private static final String OPERATION_LOAD_ACCOUNT = DOT_CLASS + "loadAccount";
    private static final String OPERATION_GET_CREDENTIALS_POLICY = DOT_CLASS + "getCredentialsPolicy";

    public ChangePasswordPanel(String str, IModel<MyPasswordsDto> iModel) {
        super(str, iModel);
        this.limitationsByPolicyOid = new HashMap();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.wicket.MarkupContainer, org.apache.wicket.Component
    public void onInitialize() {
        super.onInitialize();
        initPasswordModel();
        initMidpointAccountSelected();
        initLayout();
    }

    private void initPasswordModel() {
        if (getModelObject() == null) {
            getModel().setObject(loadPageModel());
        }
    }

    private void initMidpointAccountSelected() {
        PasswordAccountDto passwordAccountDto = null;
        for (PasswordAccountDto passwordAccountDto2 : getModelObject().getAccounts()) {
            if (passwordAccountDto2.isMidpoint()) {
                passwordAccountDto = passwordAccountDto2;
            }
        }
        this.midpointAccountSelected = new PropertyModel(passwordAccountDto, "selected");
    }

    private void initLayout() {
        WebMarkupContainer webMarkupContainer = new WebMarkupContainer(ID_OLD_PASSWORD_CONTAINER);
        webMarkupContainer.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel.1
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return ChangePasswordPanel.this.isCheckOldPassword();
            }
        });
        add(webMarkupContainer);
        PasswordTextField passwordTextField = new PasswordTextField("oldPassword", new PropertyModel(getModel(), "oldPassword"));
        passwordTextField.setRequired(false);
        webMarkupContainer.add(passwordTextField);
        add(new Label(ID_PASSWORD_LABEL, (IModel<?>) createStringResource("PageSelfCredentials.passwordLabel1", new Object[0])));
        PasswordPanel passwordPanel = new PasswordPanel(ID_PASSWORD_PANEL, new PropertyModel(getModel(), "password"), ((MyPasswordsDto) getModelObject()).getFocus(), getPageBase()) { // from class: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel.2
            @Override // com.evolveum.midpoint.gui.api.component.password.PasswordPanel
            protected <F extends FocusType> ValuePolicyType getValuePolicy(PrismObject<F> prismObject) {
                return ChangePasswordPanel.this.getModelObject().getFocusPolicy();
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // com.evolveum.midpoint.gui.api.component.password.PasswordPanel
            public void updatePasswordValidation(AjaxRequestTarget ajaxRequestTarget) {
                super.updatePasswordValidation(ajaxRequestTarget);
                ChangePasswordPanel.this.limitationsByPolicyOid.clear();
                ChangePasswordPanel.this.getTable().visitChildren(PasswordPolicyValidationPanel.class, (passwordPolicyValidationPanel, iVisit) -> {
                    passwordPolicyValidationPanel.refreshValidationPopup(ajaxRequestTarget);
                });
            }
        };
        passwordPanel.getBaseFormComponent().add(new AttributeModifier(Attr.AUTOFOCUS, ""));
        add(passwordPanel);
        WebMarkupContainer webMarkupContainer2 = new WebMarkupContainer(ID_ACCOUNTS_CONTAINER);
        TablePanel tablePanel = new TablePanel("accounts", new ListDataProvider(this, new PropertyModel(getModel(), "accounts")), initColumns());
        tablePanel.setItemsPerPage(30);
        tablePanel.setShowPaging(false);
        webMarkupContainer2.add(tablePanel);
        webMarkupContainer2.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel.3
            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return ChangePasswordPanel.this.shouldShowPasswordPropagation();
            }
        });
        add(webMarkupContainer2);
    }

    protected boolean shouldShowPasswordPropagation() {
        return true;
    }

    private List<IColumn<PasswordAccountDto, String>> initColumns() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new CheckBoxColumn<PasswordAccountDto>(Model.of(""), "selected") { // from class: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel.4
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // com.evolveum.midpoint.web.component.data.column.CheckBoxColumn
            public IModel<Boolean> getEnabled(IModel<PasswordAccountDto> iModel) {
                return () -> {
                    PasswordAccountDto passwordAccountDto = (PasswordAccountDto) iModel.getObject2();
                    if (!passwordAccountDto.isMidpoint() && !passwordAccountDto.isPasswordCapabilityEnabled()) {
                        passwordAccountDto.setSelected(false);
                        return false;
                    }
                    if (CredentialsPropagationUserControlType.ONLY_MAPPING.equals(ChangePasswordPanel.this.getModelObject().getPropagation())) {
                        if (!passwordAccountDto.isMidpoint() && !passwordAccountDto.isPasswordOutbound()) {
                            passwordAccountDto.setSelected(false);
                        }
                        return false;
                    }
                    if (passwordAccountDto.isMidpoint() && CredentialsPropagationUserControlType.IDENTITY_MANAGER_MANDATORY.equals(ChangePasswordPanel.this.getModelObject().getPropagation())) {
                        return false;
                    }
                    if (passwordAccountDto.isMidpoint() || !ChangePasswordPanel.this.midpointAccountSelected.getObject2().booleanValue() || !passwordAccountDto.isPasswordOutbound()) {
                        return true;
                    }
                    passwordAccountDto.setSelected(true);
                    return false;
                };
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // com.evolveum.midpoint.web.component.data.column.CheckBoxColumn
            public void processBehaviourOfCheckBox(IsolatedCheckBoxPanel isolatedCheckBoxPanel, IModel<PasswordAccountDto> iModel) {
                super.processBehaviourOfCheckBox(isolatedCheckBoxPanel, iModel);
                isolatedCheckBoxPanel.add(AttributeAppender.append("title", (IModel<?>) () -> {
                    PasswordAccountDto passwordAccountDto = (PasswordAccountDto) iModel.getObject2();
                    if (getEnabled(iModel).getObject2().booleanValue()) {
                        return "";
                    }
                    return ChangePasswordPanel.this.createStringResource((passwordAccountDto.isMidpoint() || passwordAccountDto.isPasswordCapabilityEnabled()) ? "ChangePasswordPanel.legendMessage.policy" : "ChangePasswordPanel.legendMessage.no.password.capability", new Object[0]).getString();
                }));
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // com.evolveum.midpoint.web.component.data.column.CheckBoxColumn
            public void onUpdateRow(AjaxRequestTarget ajaxRequestTarget, DataTable dataTable, IModel<PasswordAccountDto> iModel, IModel<Boolean> iModel2) {
                super.onUpdateRow(ajaxRequestTarget, dataTable, iModel, iModel2);
                if (iModel.getObject2().isMidpoint()) {
                    dataTable.visitChildren(IsolatedCheckBoxPanel.class, (isolatedCheckBoxPanel, iVisit) -> {
                        ajaxRequestTarget.add(isolatedCheckBoxPanel);
                    });
                }
            }

            private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
                String implMethodName = serializedLambda.getImplMethodName();
                boolean z = -1;
                switch (implMethodName.hashCode()) {
                    case -763875622:
                        if (implMethodName.equals("lambda$processBehaviourOfCheckBox$12b72d17$1")) {
                            z = true;
                            break;
                        }
                        break;
                    case 55182602:
                        if (implMethodName.equals("lambda$getEnabled$6051930a$1")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("org/apache/wicket/model/IModel") && serializedLambda.getFunctionalInterfaceMethodName().equals(RepositoryService.OP_GET_OBJECT) && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/web/page/self/component/ChangePasswordPanel$4") && serializedLambda.getImplMethodSignature().equals("(Lorg/apache/wicket/model/IModel;)Ljava/lang/Boolean;")) {
                            AnonymousClass4 anonymousClass4 = (AnonymousClass4) serializedLambda.getCapturedArg(0);
                            IModel iModel = (IModel) serializedLambda.getCapturedArg(1);
                            return () -> {
                                PasswordAccountDto passwordAccountDto = (PasswordAccountDto) iModel.getObject2();
                                if (!passwordAccountDto.isMidpoint() && !passwordAccountDto.isPasswordCapabilityEnabled()) {
                                    passwordAccountDto.setSelected(false);
                                    return false;
                                }
                                if (CredentialsPropagationUserControlType.ONLY_MAPPING.equals(ChangePasswordPanel.this.getModelObject().getPropagation())) {
                                    if (!passwordAccountDto.isMidpoint() && !passwordAccountDto.isPasswordOutbound()) {
                                        passwordAccountDto.setSelected(false);
                                    }
                                    return false;
                                }
                                if (passwordAccountDto.isMidpoint() && CredentialsPropagationUserControlType.IDENTITY_MANAGER_MANDATORY.equals(ChangePasswordPanel.this.getModelObject().getPropagation())) {
                                    return false;
                                }
                                if (passwordAccountDto.isMidpoint() || !ChangePasswordPanel.this.midpointAccountSelected.getObject2().booleanValue() || !passwordAccountDto.isPasswordOutbound()) {
                                    return true;
                                }
                                passwordAccountDto.setSelected(true);
                                return false;
                            };
                        }
                        break;
                    case true:
                        if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("org/apache/wicket/model/IModel") && serializedLambda.getFunctionalInterfaceMethodName().equals(RepositoryService.OP_GET_OBJECT) && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/web/page/self/component/ChangePasswordPanel$4") && serializedLambda.getImplMethodSignature().equals("(Lorg/apache/wicket/model/IModel;)Ljava/lang/String;")) {
                            AnonymousClass4 anonymousClass42 = (AnonymousClass4) serializedLambda.getCapturedArg(0);
                            IModel iModel2 = (IModel) serializedLambda.getCapturedArg(1);
                            return () -> {
                                PasswordAccountDto passwordAccountDto = (PasswordAccountDto) iModel2.getObject2();
                                if (getEnabled(iModel2).getObject2().booleanValue()) {
                                    return "";
                                }
                                return ChangePasswordPanel.this.createStringResource((passwordAccountDto.isMidpoint() || passwordAccountDto.isPasswordCapabilityEnabled()) ? "ChangePasswordPanel.legendMessage.policy" : "ChangePasswordPanel.legendMessage.no.password.capability", new Object[0]).getString();
                            };
                        }
                        break;
                }
                throw new IllegalArgumentException("Invalid lambda deserialization");
            }
        });
        arrayList.add(new AbstractColumn<PasswordAccountDto, String>(createStringResource("ChangePasswordPanel.name", new Object[0])) { // from class: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel.5
            private static final long serialVersionUID = 1;

            @Override // org.apache.wicket.extensions.markup.html.repeater.data.grid.ICellPopulator
            public void populateItem(Item<ICellPopulator<PasswordAccountDto>> item, String str, final IModel<PasswordAccountDto> iModel) {
                item.add(new Label(str, (IModel<?>) new IModel<Object>() { // from class: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel.5.1
                    private static final long serialVersionUID = 1;

                    @Override // org.apache.wicket.model.IModel
                    /* renamed from: getObject */
                    public Object getObject2() {
                        return ((PasswordAccountDto) iModel.getObject2()).getDisplayName();
                    }
                }));
            }
        });
        arrayList.add(new AbstractColumn<PasswordAccountDto, String>(createStringResource("ChangePasswordPanel.resourceName", new Object[0])) { // from class: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel.6
            private static final long serialVersionUID = 1;

            @Override // org.apache.wicket.extensions.markup.html.repeater.data.grid.ICellPopulator
            public void populateItem(Item<ICellPopulator<PasswordAccountDto>> item, String str, final IModel<PasswordAccountDto> iModel) {
                final IModel iModel2 = () -> {
                    String str2 = "";
                    if (!((PasswordAccountDto) iModel.getObject2()).isMidpoint() && !((PasswordAccountDto) iModel.getObject2()).isPasswordCapabilityEnabled()) {
                        str2 = ChangePasswordPanel.this.createStringResource("ChangePasswordPanel.legendMessage.no.password.capability", new Object[0]).getString();
                    }
                    if (((PasswordAccountDto) iModel.getObject2()).isMaintenanceState()) {
                        str2 = str2 + (StringUtils.isEmpty(str2) ? "" : " ") + ChangePasswordPanel.this.createStringResource("ChangePasswordPanel.legendMessage.maintenance", new Object[0]).getString();
                    }
                    return str2;
                };
                item.add(new LabelWithHelpPanel(str, new IModel<String>() { // from class: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel.6.2
                    private static final long serialVersionUID = 1;

                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // org.apache.wicket.model.IModel
                    /* renamed from: getObject */
                    public String getObject2() {
                        return ((PasswordAccountDto) iModel.getObject2()).getResourceName();
                    }
                }) { // from class: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel.6.1
                    @Override // com.evolveum.midpoint.gui.api.component.LabelWithHelpPanel
                    protected IModel<String> getHelpModel() {
                        return iModel2;
                    }
                });
            }

            private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
                String implMethodName = serializedLambda.getImplMethodName();
                boolean z = -1;
                switch (implMethodName.hashCode()) {
                    case 551981626:
                        if (implMethodName.equals("lambda$populateItem$27759856$1")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("org/apache/wicket/model/IModel") && serializedLambda.getFunctionalInterfaceMethodName().equals(RepositoryService.OP_GET_OBJECT) && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/web/page/self/component/ChangePasswordPanel$6") && serializedLambda.getImplMethodSignature().equals("(Lorg/apache/wicket/model/IModel;)Ljava/lang/String;")) {
                            AnonymousClass6 anonymousClass6 = (AnonymousClass6) serializedLambda.getCapturedArg(0);
                            IModel iModel = (IModel) serializedLambda.getCapturedArg(1);
                            return () -> {
                                String str2 = "";
                                if (!((PasswordAccountDto) iModel.getObject2()).isMidpoint() && !((PasswordAccountDto) iModel.getObject2()).isPasswordCapabilityEnabled()) {
                                    str2 = ChangePasswordPanel.this.createStringResource("ChangePasswordPanel.legendMessage.no.password.capability", new Object[0]).getString();
                                }
                                if (((PasswordAccountDto) iModel.getObject2()).isMaintenanceState()) {
                                    str2 = str2 + (StringUtils.isEmpty(str2) ? "" : " ") + ChangePasswordPanel.this.createStringResource("ChangePasswordPanel.legendMessage.maintenance", new Object[0]).getString();
                                }
                                return str2;
                            };
                        }
                        break;
                }
                throw new IllegalArgumentException("Invalid lambda deserialization");
            }
        });
        arrayList.add(new IconColumn<PasswordAccountDto>(createStringResource("ChangePasswordPanel.enabled", new Object[0])) { // from class: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel.7
            @Override // com.evolveum.midpoint.web.component.data.column.IconColumn
            protected DisplayType getIconDisplayType(IModel<PasswordAccountDto> iModel) {
                Object obj = "fa fa-question text-info";
                String str = "ActivationStatusType.null";
                if (iModel != null && iModel.getObject2() != null && iModel.getObject2().isEnabled() != null) {
                    if (iModel.getObject2().isEnabled().booleanValue()) {
                        obj = GuiStyleConstants.CLASS_APPROVAL_OUTCOME_ICON_APPROVED_COLORED;
                        str = "ActivationStatusType.ENABLED";
                    } else {
                        obj = GuiStyleConstants.CLASS_APPROVAL_OUTCOME_ICON_REJECTED_COLORED;
                        str = "ActivationStatusType.DISABLED";
                    }
                }
                return WebComponentUtil.createDisplayType(obj + " fa-fw fa-lg", "", ChangePasswordPanel.this.createStringResource(str, new Object[0]).getString());
            }

            @Override // com.evolveum.midpoint.web.component.data.column.IconColumn, org.apache.wicket.extensions.markup.html.repeater.data.table.AbstractColumn, org.apache.wicket.extensions.markup.html.repeater.data.table.IStyledColumn
            public String getCssClass() {
                return "col-lg-1";
            }
        });
        arrayList.add(new AbstractColumn<PasswordAccountDto, String>(createStringResource("ChangePasswordPanel.passwordValidation", new Object[0])) { // from class: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel.8
            private static final long serialVersionUID = 1;

            @Override // org.apache.wicket.extensions.markup.html.repeater.data.grid.ICellPopulator
            public void populateItem(Item<ICellPopulator<PasswordAccountDto>> item, String str, IModel<PasswordAccountDto> iModel) {
                final IModel iModel2 = () -> {
                    String passwordValuePolicyOid = ((PasswordAccountDto) iModel.getObject2()).getPasswordValuePolicyOid();
                    if (StringUtils.isEmpty(passwordValuePolicyOid) || !ChangePasswordPanel.this.getModelObject().getPasswordPolicies().containsKey(passwordValuePolicyOid)) {
                        return new ArrayList();
                    }
                    if (ChangePasswordPanel.this.limitationsByPolicyOid.containsKey(passwordValuePolicyOid)) {
                        return ChangePasswordPanel.this.limitationsByPolicyOid.get(passwordValuePolicyOid);
                    }
                    List<StringLimitationResult> limitationsForActualPassword = ChangePasswordPanel.this.getPasswordPanel().getLimitationsForActualPassword(ChangePasswordPanel.this.getModelObject().getPasswordPolicies().get(passwordValuePolicyOid), ((PasswordAccountDto) iModel.getObject2()).getObject());
                    ChangePasswordPanel.this.limitationsByPolicyOid.put(passwordValuePolicyOid, limitationsForActualPassword);
                    return limitationsForActualPassword;
                };
                PasswordPolicyValidationPanel passwordPolicyValidationPanel = new PasswordPolicyValidationPanel(str, iModel2);
                passwordPolicyValidationPanel.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel.8.1
                    @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
                    public boolean isVisible() {
                        return !((List) iModel2.getObject2()).isEmpty();
                    }
                });
                item.add(passwordPolicyValidationPanel);
            }

            @Override // org.apache.wicket.extensions.markup.html.repeater.data.table.AbstractColumn, org.apache.wicket.extensions.markup.html.repeater.data.table.IStyledColumn
            public String getCssClass() {
                return "col-lg-2";
            }

            private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
                String implMethodName = serializedLambda.getImplMethodName();
                boolean z = -1;
                switch (implMethodName.hashCode()) {
                    case 1414112434:
                        if (implMethodName.equals("lambda$populateItem$9cae28c$1")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("org/apache/wicket/model/IModel") && serializedLambda.getFunctionalInterfaceMethodName().equals(RepositoryService.OP_GET_OBJECT) && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/web/page/self/component/ChangePasswordPanel$8") && serializedLambda.getImplMethodSignature().equals("(Lorg/apache/wicket/model/IModel;)Ljava/util/List;")) {
                            AnonymousClass8 anonymousClass8 = (AnonymousClass8) serializedLambda.getCapturedArg(0);
                            IModel iModel = (IModel) serializedLambda.getCapturedArg(1);
                            return () -> {
                                String passwordValuePolicyOid = ((PasswordAccountDto) iModel.getObject2()).getPasswordValuePolicyOid();
                                if (StringUtils.isEmpty(passwordValuePolicyOid) || !ChangePasswordPanel.this.getModelObject().getPasswordPolicies().containsKey(passwordValuePolicyOid)) {
                                    return new ArrayList();
                                }
                                if (ChangePasswordPanel.this.limitationsByPolicyOid.containsKey(passwordValuePolicyOid)) {
                                    return ChangePasswordPanel.this.limitationsByPolicyOid.get(passwordValuePolicyOid);
                                }
                                List<StringLimitationResult> limitationsForActualPassword = ChangePasswordPanel.this.getPasswordPanel().getLimitationsForActualPassword(ChangePasswordPanel.this.getModelObject().getPasswordPolicies().get(passwordValuePolicyOid), ((PasswordAccountDto) iModel.getObject2()).getObject());
                                ChangePasswordPanel.this.limitationsByPolicyOid.put(passwordValuePolicyOid, limitationsForActualPassword);
                                return limitationsForActualPassword;
                            };
                        }
                        break;
                }
                throw new IllegalArgumentException("Invalid lambda deserialization");
            }
        });
        arrayList.add(new AbstractColumn<PasswordAccountDto, String>(createStringResource("ChangePasswordPanel.propagationResult", new Object[0])) { // from class: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel.9
            private static final long serialVersionUID = 1;

            @Override // org.apache.wicket.extensions.markup.html.repeater.data.grid.ICellPopulator
            public void populateItem(Item<ICellPopulator<PasswordAccountDto>> item, String str, final IModel<PasswordAccountDto> iModel) {
                ColumnResultPanel columnResultPanel = new ColumnResultPanel(str, new LoadableModel<OperationResult>() { // from class: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel.9.1
                    /* JADX INFO: Access modifiers changed from: protected */
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // com.evolveum.midpoint.gui.api.model.LoadableModel
                    /* renamed from: load */
                    public OperationResult load2() {
                        if (ChangePasswordPanel.this.getModelObject().getProgress() == null || ChangePasswordPanel.this.getModelObject().getProgress().getProgressReportActivities().isEmpty()) {
                            return null;
                        }
                        for (ProgressReportActivityDto progressReportActivityDto : ChangePasswordPanel.this.getModelObject().getProgress().getProgressReportActivities()) {
                            if (((PasswordAccountDto) iModel.getObject2()).isSelected() && progressReportActivityDto.getStatus() != null && ((PasswordAccountDto) iModel.getObject2()).isMidpoint() && (ProgressInformation.ActivityType.FOCUS_OPERATION.equals(progressReportActivityDto.getActivityType()) || (ProgressInformation.ActivityType.PROJECTOR.equals(progressReportActivityDto.getActivityType()) && !OperationResultStatusType.SUCCESS.equals(progressReportActivityDto.getStatus())))) {
                                return progressReportActivityDto.getOperationResult();
                            }
                            if (progressReportActivityDto.getStatus() != null && !((PasswordAccountDto) iModel.getObject2()).isMidpoint() && ProgressInformation.ActivityType.RESOURCE_OBJECT_OPERATION.equals(progressReportActivityDto.getActivityType()) && progressReportActivityDto.getResourceOperationResultList() != null && !progressReportActivityDto.getResourceOperationResultList().isEmpty()) {
                                String resourceOid = ((PasswordAccountDto) iModel.getObject2()).getResourceOid();
                                if (StringUtils.isNotEmpty(resourceOid) && progressReportActivityDto.getResourceShadowDiscriminator() != null && resourceOid.equals(progressReportActivityDto.getResourceShadowDiscriminator().getResourceOid())) {
                                    return progressReportActivityDto.getOperationResult();
                                }
                            }
                        }
                        return new OperationResult("Empty result");
                    }
                }) { // from class: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel.9.2

                    /* JADX INFO: Access modifiers changed from: package-private */
                    /* renamed from: com.evolveum.midpoint.web.page.self.component.ChangePasswordPanel$9$2$1, reason: invalid class name */
                    /* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/page/self/component/ChangePasswordPanel$9$2$1.class */
                    public class AnonymousClass1 {
                        boolean result = true;

                        AnonymousClass1() {
                        }
                    }

                    @Override // com.evolveum.midpoint.web.component.data.column.ColumnResultPanel
                    protected boolean isProjectionResult() {
                        return !((PasswordAccountDto) iModel.getObject2()).isMidpoint();
                    }

                    @Override // com.evolveum.midpoint.web.component.data.column.ColumnResultPanel
                    protected DisplayType getDisplayForEmptyResult() {
                        String passwordValuePolicyOid = ((PasswordAccountDto) iModel.getObject2()).getPasswordValuePolicyOid();
                        if (!StringUtils.isNotEmpty(passwordValuePolicyOid) || !ChangePasswordPanel.this.getModelObject().getPasswordPolicies().containsKey(passwordValuePolicyOid) || ChangePasswordPanel.this.limitationsByPolicyOid.get(passwordValuePolicyOid) == null) {
                            return null;
                        }
                        AnonymousClass1 anonymousClass1 = new AnonymousClass1();
                        ChangePasswordPanel.this.limitationsByPolicyOid.get(passwordValuePolicyOid).forEach(stringLimitationResult -> {
                            if (!anonymousClass1.result || stringLimitationResult.isSuccess().booleanValue()) {
                                return;
                            }
                            anonymousClass1.result = false;
                        });
                        if (anonymousClass1.result || !((PasswordAccountDto) iModel.getObject2()).isSelected()) {
                            return null;
                        }
                        return WebComponentUtil.createDisplayType("fa-fw fa fa-times-circle text-muted fa-lg", "", createStringResource("ChangePasswordPanel.result.validationError", new Object[0]).getString());
                    }
                };
                columnResultPanel.setOutputMarkupId(true);
                item.add(columnResultPanel);
            }

            @Override // org.apache.wicket.extensions.markup.html.repeater.data.table.AbstractColumn, org.apache.wicket.extensions.markup.html.repeater.data.table.IStyledColumn
            public String getCssClass() {
                return "col-lg-2";
            }
        });
        return arrayList;
    }

    public void updateResultColumnOfTable(AjaxRequestTarget ajaxRequestTarget) {
        getTable().visitChildren(ColumnResultPanel.class, (columnResultPanel, iVisit) -> {
            if (columnResultPanel.getModel() instanceof LoadableModel) {
                ((LoadableModel) columnResultPanel.getModel()).reset();
            }
            ajaxRequestTarget.add(columnResultPanel);
        });
    }

    private MyPasswordsDto loadPageModel() {
        String oid;
        Task createSimpleTask;
        PrismObject<? extends FocusType> object;
        LOGGER.debug("Loading user and accounts.");
        MyPasswordsDto myPasswordsDto = new MyPasswordsDto();
        OperationResult operationResult = new OperationResult(OPERATION_LOAD_USER_WITH_ACCOUNTS);
        try {
            try {
                oid = SecurityUtils.getPrincipalUser().getOid();
                createSimpleTask = getPageBase().createSimpleTask(OPERATION_LOAD_USER);
                OperationResult createSubresult = operationResult.createSubresult(OPERATION_LOAD_USER);
                object = getPageBase().getModelService().getObject(FocusType.class, oid, null, createSimpleTask, createSubresult);
                myPasswordsDto = createMyPasswordsDto(object);
                createSubresult.recordSuccessIfUnknown();
                getModel().setObject(myPasswordsDto);
            } catch (Exception e) {
                LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load accounts", e, new Object[0]);
                operationResult.recordFatalError(getString("PageAbstractSelfCredentials.message.couldntLoadAccounts.fatalError"), e);
                operationResult.recomputeStatus();
            }
            if (!shouldShowPasswordPropagation()) {
                LOGGER.debug("Skip loading account, because policy said so (enabled {} propagation).", myPasswordsDto.getPropagation());
                operationResult.recomputeStatus();
                return myPasswordsDto;
            }
            PrismReference findReference = object.findReference(FocusType.F_LINK_REF);
            if (findReference == null || CollectionUtils.isEmpty(findReference.getValues())) {
                LOGGER.debug("No accounts found for user {}.", oid);
                operationResult.recomputeStatus();
                return myPasswordsDto;
            }
            addAccountsToMyPasswordsDto(myPasswordsDto, findReference.getValues(), createSimpleTask, operationResult);
            operationResult.recordSuccessIfUnknown();
            operationResult.recomputeStatus();
            Collections.sort(myPasswordsDto.getAccounts());
            if (!operationResult.isSuccess() && !operationResult.isHandledError()) {
                getPageBase().showResult(operationResult);
            }
            return myPasswordsDto;
        } catch (Throwable th) {
            operationResult.recomputeStatus();
            throw th;
        }
    }

    private MyPasswordsDto createMyPasswordsDto(PrismObject<? extends FocusType> prismObject) {
        PasswordCredentialsPolicyType password;
        Task createSimpleTask;
        PrismObject resolveReferenceNoFetch;
        MyPasswordsDto myPasswordsDto = new MyPasswordsDto();
        myPasswordsDto.setFocus(prismObject);
        CredentialsPolicyType passwordCredentialsPolicy = WebComponentUtil.getPasswordCredentialsPolicy(prismObject, getPageBase(), getPageBase().createSimpleTask(OPERATION_GET_CREDENTIALS_POLICY));
        myPasswordsDto.getAccounts().add(createDefaultPasswordAccountDto(prismObject, getPasswordPolicyOid(passwordCredentialsPolicy)));
        if (passwordCredentialsPolicy != null && (password = passwordCredentialsPolicy.getPassword()) != null) {
            CredentialsPropagationUserControlType propagationUserControl = password.getPropagationUserControl();
            if (propagationUserControl != null) {
                myPasswordsDto.setPropagation(propagationUserControl);
            }
            PasswordChangeSecurityType passwordChangeSecurity = password.getPasswordChangeSecurity();
            if (passwordChangeSecurity != null) {
                myPasswordsDto.setPasswordChangeSecurity(passwordChangeSecurity);
            }
            ObjectReferenceType valuePolicyRef = password.getValuePolicyRef();
            if (valuePolicyRef != null && valuePolicyRef.getOid() != null && (resolveReferenceNoFetch = WebModelServiceUtils.resolveReferenceNoFetch(valuePolicyRef, getPageBase(), (createSimpleTask = getPageBase().createSimpleTask("load value policy")), createSimpleTask.getResult())) != null) {
                myPasswordsDto.addPasswordPolicy((ValuePolicyType) resolveReferenceNoFetch.asObjectable());
            }
        }
        return myPasswordsDto;
    }

    private PasswordAccountDto createDefaultPasswordAccountDto(PrismObject<? extends FocusType> prismObject, String str) {
        PasswordAccountDto passwordAccountDto = new PasswordAccountDto(prismObject, prismObject.getName().getOrig(), getString("PageSelfCredentials.resourceMidpoint", WebComponentUtil.getMidpointCustomSystemName(getPageBase(), "midpoint.default.system.name")), WebComponentUtil.isActivationEnabled(prismObject, ActivationType.F_EFFECTIVE_STATUS), true);
        passwordAccountDto.setPasswordValuePolicyOid(str);
        return passwordAccountDto;
    }

    private CredentialsPolicyType getPasswordCredentialsPolicy(RefinedObjectClassDefinition refinedObjectClassDefinition) {
        LOGGER.debug("Getting credentials policy");
        Task createSimpleTask = getPageBase().createSimpleTask(OPERATION_GET_CREDENTIALS_POLICY);
        OperationResult operationResult = new OperationResult(OPERATION_GET_CREDENTIALS_POLICY);
        CredentialsPolicyType credentialsPolicyType = null;
        try {
            try {
                SecurityPolicyType securityPolicy = getPageBase().getModelInteractionService().getSecurityPolicy(refinedObjectClassDefinition, createSimpleTask, operationResult);
                if (securityPolicy != null) {
                    credentialsPolicyType = securityPolicy.getCredentials();
                }
                operationResult.recordSuccessIfUnknown();
                operationResult.computeStatus();
            } catch (Exception e) {
                LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load security policy", e, new Object[0]);
                operationResult.recordFatalError(getString("PageAbstractSelfCredentials.message.getPasswordSecurityPolicy.fatalError", e.getMessage()), e);
                operationResult.computeStatus();
            }
            return credentialsPolicyType;
        } catch (Throwable th) {
            operationResult.computeStatus();
            throw th;
        }
    }

    private String getPasswordPolicyOid(CredentialsPolicyType credentialsPolicyType) {
        if (credentialsPolicyType == null || credentialsPolicyType.getPassword() == null || credentialsPolicyType.getPassword().getValuePolicyRef() == null) {
            return null;
        }
        return credentialsPolicyType.getPassword().getValuePolicyRef().getOid();
    }

    private void addAccountsToMyPasswordsDto(MyPasswordsDto myPasswordsDto, List<PrismReferenceValue> list, Task task, OperationResult operationResult) {
        Collection<SelectorOptions<GetOperationOptions>> build = getPageBase().getOperationOptionsBuilder().item(ShadowType.F_RESOURCE_REF).resolve().item(ItemPath.create(ResourceType.F_SCHEMA_HANDLING, SchemaHandlingType.F_OBJECT_TYPE, ResourceObjectTypeDefinitionType.F_SECURITY_POLICY_REF)).resolve().build();
        for (PrismReferenceValue prismReferenceValue : list) {
            OperationResult createSubresult = operationResult.createSubresult(OPERATION_LOAD_ACCOUNT);
            try {
                myPasswordsDto.getAccounts().add(createPasswordAccountDto(myPasswordsDto, getPageBase().getModelService().getObject(ShadowType.class, prismReferenceValue.getOid(), build, task, createSubresult), task, createSubresult));
                createSubresult.recordSuccessIfUnknown();
            } catch (Exception e) {
                LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load account", e, new Object[0]);
                createSubresult.recordFatalError(getString("PageAbstractSelfCredentials.message.couldntLoadAccount.fatalError"), e);
            }
        }
    }

    private PasswordAccountDto createPasswordAccountDto(MyPasswordsDto myPasswordsDto, PrismObject<ShadowType> prismObject, Task task, OperationResult operationResult) {
        PrismObject resolveReferenceNoFetch;
        PrismReference findReference = prismObject.findReference(ShadowType.F_RESOURCE_REF);
        PasswordAccountDto passwordAccountDto = new PasswordAccountDto(prismObject, (findReference == null || findReference.getValue() == null || findReference.getValue().getObject() == null) ? getString("PageSelfCredentials.couldntResolve") : WebComponentUtil.getName(findReference.getValue().getObject()), findReference.getOid());
        ShadowType asObjectable = prismObject.asObjectable();
        ResourceType resourceType = (ResourceType) asObjectable.getResourceRef().asReferenceValue().getObject().asObjectable();
        if (resourceType != null) {
            passwordAccountDto.setPasswordCapabilityEnabled(ResourceTypeUtil.isPasswordCapabilityEnabled(resourceType, ResourceTypeUtil.findObjectTypeDefinition(resourceType.asPrismObject(), asObjectable.getKind(), asObjectable.getIntent())));
            passwordAccountDto.setMaintenanceState(ResourceTypeUtil.isInMaintenance(resourceType));
            try {
                RefinedObjectClassDefinition editObjectClassDefinition = getPageBase().getModelInteractionService().getEditObjectClassDefinition(prismObject, resourceType.asPrismObject(), AuthorizationPhaseType.REQUEST, task, operationResult);
                if (editObjectClassDefinition != null) {
                    passwordAccountDto.setPasswordOutbound(getPasswordOutbound(prismObject, resourceType, editObjectClassDefinition));
                    CredentialsPolicyType passwordCredentialsPolicy = getPasswordCredentialsPolicy(editObjectClassDefinition);
                    if (passwordCredentialsPolicy != null && passwordCredentialsPolicy.getPassword() != null && passwordCredentialsPolicy.getPassword().getValuePolicyRef() != null && (resolveReferenceNoFetch = WebModelServiceUtils.resolveReferenceNoFetch(passwordCredentialsPolicy.getPassword().getValuePolicyRef(), getPageBase(), task, task.getResult())) != null) {
                        passwordAccountDto.setPasswordValuePolicyOid(resolveReferenceNoFetch.getOid());
                        myPasswordsDto.addPasswordPolicy((ValuePolicyType) resolveReferenceNoFetch.asObjectable());
                    }
                } else {
                    passwordAccountDto.setPasswordOutbound(false);
                }
            } catch (Exception e) {
                LoggingUtils.logUnexpectedException(LOGGER, "Fail to get RefinedObjectClassDefinition for {} ", e, prismObject);
                operationResult.recordFatalError("Fail to get RefinedObjectClassDefinition for " + prismObject, e);
                getPageBase().showResult(operationResult);
                passwordAccountDto.setPasswordOutbound(false);
            }
        } else {
            passwordAccountDto.setPasswordCapabilityEnabled(false);
            passwordAccountDto.setPasswordOutbound(false);
        }
        return passwordAccountDto;
    }

    private boolean getPasswordOutbound(PrismObject<ShadowType> prismObject, ResourceType resourceType, RefinedObjectClassDefinition refinedObjectClassDefinition) {
        List<MappingType> passwordOutbound = refinedObjectClassDefinition.getPasswordOutbound();
        if (passwordOutbound == null) {
            return false;
        }
        Iterator<MappingType> it = passwordOutbound.iterator();
        while (it.hasNext()) {
            if (MappingStrengthType.WEAK != it.next().getStrength() || CapabilityUtil.isPasswordReadable((CredentialsCapabilityType) ResourceTypeUtil.getEffectiveCapability(resourceType, CredentialsCapabilityType.class))) {
                return true;
            }
        }
        return false;
    }

    private PasswordPanel getPasswordPanel() {
        return (PasswordPanel) get(ID_PASSWORD_PANEL);
    }

    private TablePanel getTable() {
        return (TablePanel) get(getPageBase().createComponentPath(ID_ACCOUNTS_CONTAINER, "accounts"));
    }

    protected boolean isCheckOldPassword() {
        return false;
    }
}
