package com.evolveum.midpoint.web.page.forgetpassword;

import com.evolveum.midpoint.gui.api.page.PageBase;
import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
import com.evolveum.midpoint.prism.Item;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismPropertyDefinition;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.query.EqualFilter;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.prism.query.QueryFactory;
import com.evolveum.midpoint.schema.SearchResultList;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.Producer;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.application.PageDescriptor;
import com.evolveum.midpoint.web.component.AjaxButton;
import com.evolveum.midpoint.web.component.AjaxSubmitButton;
import com.evolveum.midpoint.web.component.form.MidpointForm;
import com.evolveum.midpoint.web.component.prism.DynamicFormPanel;
import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
import com.evolveum.midpoint.web.page.forgetpassword.ResetPolicyDto;
import com.evolveum.midpoint.web.page.login.PageLogin;
import com.evolveum.midpoint.web.page.login.PageRegistrationBase;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.lang.invoke.SerializedLambda;
import java.util.ArrayList;
import java.util.List;
import org.apache.wicket.RestartResponseException;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.extensions.validation.validator.RfcCompliantEmailAddressValidator;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.basic.MultiLineLabel;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.RequiredTextField;
import org.apache.wicket.model.Model;
import org.apache.wicket.request.mapper.parameter.PageParameters;

@PageDescriptor(url = {"/forgotpassword"}, permitAll = true)
/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/page/forgetpassword/PageForgotPassword.class */
public class PageForgotPassword extends PageRegistrationBase {
    private static final long serialVersionUID = 1;
    private static final String ID_PWDRESETFORM = "pwdresetform";
    private static final String ID_USERNAME_CONTAINER = "usernameContainer";
    private static final String ID_USERNAME = "username";
    private static final String ID_EMAIL_CONTAINER = "emailContainer";
    private static final String ID_EMAIL = "email";
    private static final String ID_SUBMIT = "submitButton";
    private static final String ID_BACK = "back";
    private static final String ID_STATIC_LAYOUT = "staticLayout";
    private static final String ID_DYNAMIC_LAYOUT = "dynamicLayout";
    private static final String ID_DYNAMIC_FORM = "dynamicForm";
    private static final String ID_PASSWORD_RESET_SUBMITED = "resetPasswordInfo";
    private boolean submited;
    private static final String DOT_CLASS = PageForgotPassword.class.getName() + ".";
    protected static final String OPERATION_LOAD_RESET_PASSWORD_POLICY = DOT_CLASS + "loadPasswordResetPolicy";
    private static final String OPERATION_LOAD_USER = DOT_CLASS + "loadUser";
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) PageForgotPassword.class);

    public PageForgotPassword() {
        initLayout();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.gui.api.page.PageBase
    public void createBreadcrumb() {
    }

    private void initLayout() {
        MidpointForm midpointForm = new MidpointForm(ID_PWDRESETFORM);
        midpointForm.setOutputMarkupId(true);
        midpointForm.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.1
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return !PageForgotPassword.this.submited;
            }
        });
        initStaticLayout(midpointForm);
        initDynamicLayout(midpointForm);
        initButtons(midpointForm);
    }

    private void initStaticLayout(Form<?> form) {
        WebMarkupContainer webMarkupContainer = new WebMarkupContainer(ID_STATIC_LAYOUT);
        webMarkupContainer.setOutputMarkupId(true);
        form.add(webMarkupContainer);
        webMarkupContainer.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.2
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return !PageForgotPassword.this.isDynamicForm();
            }
        });
        WebMarkupContainer webMarkupContainer2 = new WebMarkupContainer(ID_USERNAME_CONTAINER);
        webMarkupContainer2.setOutputMarkupId(true);
        webMarkupContainer.add(webMarkupContainer2);
        RequiredTextField requiredTextField = new RequiredTextField("username", new Model());
        requiredTextField.setOutputMarkupId(true);
        webMarkupContainer2.add(requiredTextField);
        webMarkupContainer2.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.3
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return PageForgotPassword.this.getResetPasswordPolicy().getResetMethod() == ResetPolicyDto.ResetMethod.SECURITY_QUESTIONS;
            }
        });
        WebMarkupContainer webMarkupContainer3 = new WebMarkupContainer(ID_EMAIL_CONTAINER);
        webMarkupContainer3.setOutputMarkupId(true);
        webMarkupContainer.add(webMarkupContainer3);
        RequiredTextField requiredTextField2 = new RequiredTextField("email", new Model());
        requiredTextField2.add(RfcCompliantEmailAddressValidator.getInstance());
        requiredTextField2.setOutputMarkupId(true);
        webMarkupContainer3.add(requiredTextField2);
        webMarkupContainer3.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.4
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                ResetPolicyDto.ResetMethod resetMethod = PageForgotPassword.this.getResetPasswordPolicy().getResetMethod();
                return resetMethod == ResetPolicyDto.ResetMethod.SECURITY_QUESTIONS || resetMethod == ResetPolicyDto.ResetMethod.MAIL;
            }
        });
    }

    private boolean isDynamicForm() {
        return getResetPasswordPolicy().getFormRef() != null;
    }

    private void initDynamicLayout(Form<?> form) {
        WebMarkupContainer webMarkupContainer = new WebMarkupContainer(ID_DYNAMIC_LAYOUT);
        webMarkupContainer.setOutputMarkupId(true);
        form.add(webMarkupContainer);
        webMarkupContainer.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.5
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return PageForgotPassword.this.isDynamicForm();
            }
        });
        DynamicFormPanel dynamicFormPanel = (DynamicFormPanel) runPrivileged(() -> {
            ObjectReferenceType formRef = getResetPasswordPolicy().getFormRef();
            if (formRef == null) {
                return null;
            }
            return new DynamicFormPanel(ID_DYNAMIC_FORM, UserType.COMPLEX_TYPE, formRef.getOid(), (Form<?>) form, createAnonymousTask(OPERATION_LOAD_DYNAMIC_FORM), (PageBase) this, true);
        });
        if (dynamicFormPanel != null) {
            webMarkupContainer.add(dynamicFormPanel);
        }
    }

    private void initButtons(final Form<?> form) {
        AjaxSubmitButton ajaxSubmitButton = new AjaxSubmitButton(ID_SUBMIT, createStringResource("PageForgetPassword.resetPassword", new Object[0])) { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.6
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onSubmit(AjaxRequestTarget ajaxRequestTarget) {
                PageForgotPassword.this.processResetPassword(ajaxRequestTarget, form);
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onError(AjaxRequestTarget ajaxRequestTarget) {
                ajaxRequestTarget.add(PageForgotPassword.this.getFeedbackPanel());
            }
        };
        ajaxSubmitButton.setOutputMarkupId(true);
        form.add(ajaxSubmitButton);
        form.setDefaultButton(ajaxSubmitButton);
        AjaxButton ajaxButton = new AjaxButton(ID_BACK, createStringResource("PageForgetPassword.back", new Object[0])) { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.7
            private static final long serialVersionUID = 1;

            @Override // org.apache.wicket.ajax.markup.html.AjaxLink, org.apache.wicket.ajax.markup.html.IAjaxLink
            public void onClick(AjaxRequestTarget ajaxRequestTarget) {
                setResponsePage(PageLogin.class);
            }
        };
        ajaxButton.setOutputMarkupId(true);
        form.add(ajaxButton);
        add(form);
        MultiLineLabel multiLineLabel = new MultiLineLabel(ID_PASSWORD_RESET_SUBMITED, createStringResource("PageForgotPassword.form.submited.message", new Object[0]));
        add(multiLineLabel);
        multiLineLabel.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.8
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return PageForgotPassword.this.submited;
            }

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isEnabled() {
                return PageForgotPassword.this.submited;
            }
        });
    }

    private void processResetPassword(AjaxRequestTarget ajaxRequestTarget, Form<?> form) {
        UserType searchUser = searchUser(form);
        if (searchUser == null) {
            getSession().error(getString("pageForgetPassword.message.user.not.found"));
            throw new RestartResponseException(PageForgotPassword.class);
        }
        LOGGER.trace("Reset Password user: {}", searchUser);
        if (getResetPasswordPolicy() == null) {
            LOGGER.debug("No policies for reset password defined");
            getSession().error(getString("pageForgetPassword.message.policy.not.found"));
            throw new RestartResponseException(PageForgotPassword.class);
        }
        switch (getResetPasswordPolicy().getResetMethod()) {
            case MAIL:
                OperationResult saveUserNonce = saveUserNonce(searchUser, getResetPasswordPolicy().getNoncePolicy());
                if (saveUserNonce.getStatus() == OperationResultStatus.SUCCESS) {
                    this.submited = true;
                    ajaxRequestTarget.add(this);
                    return;
                } else {
                    getSession().error(getString("PageForgotPassword.send.nonce.failed"));
                    LOGGER.error("Failed to send nonce to user: {} ", saveUserNonce.getMessage());
                    throw new RestartResponseException(this);
                }
            case SECURITY_QUESTIONS:
                LOGGER.trace("Forward to PageSecurityQuestions");
                PageParameters pageParameters = new PageParameters();
                pageParameters.add("pOid", searchUser.getOid());
                setResponsePage(PageSecurityQuestions.class, pageParameters);
                return;
            default:
                getSession().error(getString("pageForgetPassword.message.reset.method.not.supported"));
                LOGGER.error("Reset method {} not supported.", getResetPasswordPolicy().getResetMethod());
                throw new RestartResponseException(this);
        }
    }

    private UserType searchUser(Form form) {
        ObjectQuery createDynamicFormQuery = isDynamicForm() ? createDynamicFormQuery(form) : createStaticFormQuery(form);
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Searching for user with query:\n{}", createDynamicFormQuery.debugDump(1));
        }
        return searchUserPrivileged(createDynamicFormQuery);
    }

    private ObjectQuery createDynamicFormQuery(Form form) {
        DynamicFormPanel dynamicFormPanel = (DynamicFormPanel) form.get(createComponentPath(ID_DYNAMIC_LAYOUT, ID_DYNAMIC_FORM));
        List<ItemPath> changedItems = dynamicFormPanel.getChangedItems();
        try {
            PrismObject object = dynamicFormPanel.getObject();
            ArrayList arrayList = new ArrayList();
            QueryFactory queryFactory = getPrismContext().queryFactory();
            for (ItemPath itemPath : changedItems) {
                Item findProperty = object.findProperty(itemPath);
                EqualFilter createEqual = queryFactory.createEqual(itemPath, (PrismPropertyDefinition) findProperty.getDefinition(), null);
                createEqual.setValue(((PrismPropertyValue) findProperty.getAnyValue()).mo825clone());
                arrayList.add(createEqual);
            }
            return queryFactory.createQuery(queryFactory.createAnd(arrayList));
        } catch (SchemaException e) {
            getSession().error(getString("pageForgetPassword.message.usernotfound"));
            throw new RestartResponseException(PageForgotPassword.class);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private ObjectQuery createStaticFormQuery(Form form) {
        RequiredTextField requiredTextField = (RequiredTextField) form.get(createComponentPath(ID_STATIC_LAYOUT, ID_USERNAME_CONTAINER, "username"));
        RequiredTextField requiredTextField2 = (RequiredTextField) form.get(createComponentPath(ID_STATIC_LAYOUT, ID_EMAIL_CONTAINER, "email"));
        String str = requiredTextField != null ? (String) requiredTextField.getModelObject() : null;
        String str2 = requiredTextField2 != null ? (String) requiredTextField2.getModelObject() : null;
        LOGGER.debug("Reset Password user info form submitted. username={}, email={}", str, str2);
        ResetPolicyDto resetPasswordPolicy = getResetPasswordPolicy();
        if (resetPasswordPolicy == null) {
            passwordResetNotSupported();
        }
        ResetPolicyDto.ResetMethod resetMethod = resetPasswordPolicy.getResetMethod();
        if (resetMethod == null) {
            passwordResetNotSupported();
        }
        switch (resetMethod) {
            case MAIL:
                return getPrismContext().queryFor(UserType.class).item(UserType.F_EMAIL_ADDRESS).eq(str2).matchingCaseIgnore().build();
            case SECURITY_QUESTIONS:
                return getPrismContext().queryFor(UserType.class).item(UserType.F_NAME).eqPoly(str).matchingNorm().and().item(UserType.F_EMAIL_ADDRESS).eq(str2).matchingCaseIgnore().build();
            default:
                passwordResetNotSupported();
                return null;
        }
    }

    private void passwordResetNotSupported() {
        getSession().error(getString("PageForgotPassword.unsupported.reset.type"));
        throw new RestartResponseException(this);
    }

    private UserType searchUserPrivileged(final ObjectQuery objectQuery) {
        return (UserType) runPrivileged(new Producer<UserType>() { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.9
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.util.Producer
            public UserType run() {
                try {
                    SearchResultList searchObjects = PageForgotPassword.this.getModelService().searchObjects(UserType.class, objectQuery, null, PageForgotPassword.this.createAnonymousTask("load user"), new OperationResult("search user"));
                    if (searchObjects == null || searchObjects.isEmpty()) {
                        PageForgotPassword.LOGGER.trace("Empty user list in ForgetPassword");
                        return null;
                    }
                    if (searchObjects.size() > 1) {
                        PageForgotPassword.LOGGER.trace("Problem while seeking for user");
                        return null;
                    }
                    UserType userType = (UserType) ((PrismObject) searchObjects.iterator().next()).asObjectable();
                    PageForgotPassword.LOGGER.trace("User found for ForgetPassword: {}", userType);
                    return userType;
                } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException | ObjectNotFoundException | SchemaException | SecurityViolationException e) {
                    LoggingUtils.logException(PageForgotPassword.LOGGER, "failed to search user", e, new Object[0]);
                    return null;
                }
            }
        });
    }

    private OperationResult saveUserNonce(final UserType userType, final NonceCredentialsPolicyType nonceCredentialsPolicyType) {
        return (OperationResult) runPrivileged(new Producer<OperationResult>() { // from class: com.evolveum.midpoint.web.page.forgetpassword.PageForgotPassword.10
            private static final long serialVersionUID = 1;

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.util.Producer
            public OperationResult run() {
                Task createAnonymousTask = PageForgotPassword.this.createAnonymousTask("generateUserNonce");
                createAnonymousTask.setChannel(SchemaConstants.CHANNEL_RESET_PASSWORD_URI);
                createAnonymousTask.setOwner(userType.asPrismObject());
                OperationResult operationResult = new OperationResult("generateUserNonce");
                ProtectedStringType protectedStringType = new ProtectedStringType();
                try {
                    protectedStringType.setClearValue(PageForgotPassword.this.generateNonce(nonceCredentialsPolicyType, createAnonymousTask, userType.asPrismObject(), operationResult));
                    WebModelServiceUtils.save(PageForgotPassword.this.getPrismContext().deltaFactory().object().createModificationReplaceProperty(UserType.class, userType.getOid(), SchemaConstants.PATH_NONCE_VALUE, protectedStringType), operationResult, createAnonymousTask, PageForgotPassword.this);
                } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException | ObjectNotFoundException | SchemaException | SecurityViolationException e) {
                    operationResult.recordFatalError(PageForgotPassword.this.getString("PageForgotPassword.message.saveUserNonce.fatalError"));
                    LoggingUtils.logException(PageForgotPassword.LOGGER, "Failed to generate nonce for user: " + e.getMessage(), e, new Object[0]);
                }
                operationResult.computeStatusIfUnknown();
                return operationResult;
            }
        });
    }

    private <O extends ObjectType> String generateNonce(NonceCredentialsPolicyType nonceCredentialsPolicyType, Task task, PrismObject<O> prismObject, OperationResult operationResult) throws ExpressionEvaluationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        ValuePolicyType valuePolicyType = null;
        if (nonceCredentialsPolicyType != null && nonceCredentialsPolicyType.getValuePolicyRef() != null) {
            valuePolicyType = (ValuePolicyType) WebModelServiceUtils.loadObject(ValuePolicyType.class, nonceCredentialsPolicyType.getValuePolicyRef().getOid(), this, task, operationResult).asObjectable();
        }
        return getModelInteractionService().generateValue(valuePolicyType, 24, false, prismObject, "nonce generation", task, operationResult);
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 1704898595:
                if (implMethodName.equals("lambda$initDynamicLayout$d8ac070a$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/util/Producer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/web/page/forgetpassword/PageForgotPassword") && serializedLambda.getImplMethodSignature().equals("(Lorg/apache/wicket/markup/html/form/Form;)Lcom/evolveum/midpoint/web/component/prism/DynamicFormPanel;")) {
                    PageForgotPassword pageForgotPassword = (PageForgotPassword) serializedLambda.getCapturedArg(0);
                    Form form = (Form) serializedLambda.getCapturedArg(1);
                    return () -> {
                        ObjectReferenceType formRef = getResetPasswordPolicy().getFormRef();
                        if (formRef == null) {
                            return null;
                        }
                        return new DynamicFormPanel(ID_DYNAMIC_FORM, UserType.COMPLEX_TYPE, formRef.getOid(), (Form<?>) form, createAnonymousTask(OPERATION_LOAD_DYNAMIC_FORM), (PageBase) this, true);
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
