package com.evolveum.midpoint.web.page.login;

import com.evolveum.midpoint.gui.api.page.PageBase;
import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication;
import com.evolveum.midpoint.model.api.authentication.ModuleAuthentication;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.application.PageDescriptor;
import com.evolveum.midpoint.web.application.Url;
import com.evolveum.midpoint.web.component.AjaxButton;
import com.evolveum.midpoint.web.component.AjaxSubmitButton;
import com.evolveum.midpoint.web.component.form.MidpointForm;
import com.evolveum.midpoint.web.component.prism.DynamicFormPanel;
import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
import com.evolveum.midpoint.web.page.error.PageError;
import com.evolveum.midpoint.web.security.filter.SecurityQuestionsAuthenticationFilter;
import com.evolveum.midpoint.web.security.module.authentication.SecurityQuestionFormModuleAuthentication;
import com.evolveum.midpoint.web.security.util.SecurityQuestionDto;
import com.evolveum.midpoint.web.security.util.SecurityUtils;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.github.openjson.JSONArray;
import com.github.openjson.JSONObject;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.wicket.AttributeModifier;
import org.apache.wicket.RestartResponseException;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.form.HiddenField;
import org.apache.wicket.markup.html.form.RequiredTextField;
import org.apache.wicket.markup.html.list.ListItem;
import org.apache.wicket.markup.html.list.ListView;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.Model;
import org.apache.wicket.model.PropertyModel;
import org.apache.wicket.model.util.ListModel;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

@PageDescriptor(urls = {@Url(mountUrl = "/securityquestions", matchUrlForSecurity = "/securityquestions")}, permitAll = true, loginPage = true)
/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/page/login/PageSecurityQuestions.class */
public class PageSecurityQuestions extends PageAuthenticationBase {
    private static final long serialVersionUID = 1;
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) PageSecurityQuestions.class);
    private static final String DOT_CLASS = com.evolveum.midpoint.web.page.forgetpassword.PageSecurityQuestions.class.getName() + ".";
    private static final String OPERATION_LOAD_USER = DOT_CLASS + "loaduser";
    private static final String OPERATION_LOAD_QUESTION_POLICY = DOT_CLASS + "LOAD Question Policy";
    private static final String ID_STATIC_LAYOUT = "staticLayout";
    private static final String ID_USERNAME = "username";
    private static final String ID_DYNAMIC_LAYOUT = "dynamicLayout";
    private static final String ID_DYNAMIC_FORM = "dynamicForm";
    private static final String ID_USER = "user";
    private static final String ID_CSRF_FIELD = "csrfField";
    private static final String ID_ANSWER_FIELD = "answer";
    private static final String ID_MAIN_FORM = "mainForm";
    private static final String ID_INSIDE_FORM = "insideForm";
    private static final String ID_FIRST_LEVEL_BUTTONS = "firstLevelButtons";
    private static final String ID_BACK_1_BUTTON = "back1";
    private static final String ID_SHOW_QUESTIONS_BUTTON = "showQuestions";
    private static final String ID_QUESTIONS = "questions";
    private static final String ID_QUESTION_TEXT = "questionText";
    private static final String ID_QUESTION_ANSWER = "questionAnswer";
    private static final String ID_BACK_2_BUTTON = "back2";
    private boolean showedQuestions = false;
    private IModel<String> answerModel = Model.of();
    private IModel<List<SecurityQuestionDto>> questionsModel = new ListModel(new ArrayList());

    @Override // com.evolveum.midpoint.web.page.login.AbstractPageLogin
    protected void initCustomLayer() {
        MidpointForm midpointForm = new MidpointForm("mainForm");
        midpointForm.add(AttributeModifier.replace("action", (IModel<?>) new IModel<String>() { // from class: com.evolveum.midpoint.web.page.login.PageSecurityQuestions.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.wicket.model.IModel
            /* renamed from: getObject */
            public String getObject2() {
                return PageSecurityQuestions.this.getUrlProcessingLogin();
            }
        }));
        add(midpointForm);
        initStaticLayout(midpointForm);
        initDynamicLayout(midpointForm, this);
        initButtons(midpointForm);
        initQuestionsSection(midpointForm);
        initSendingInformation(midpointForm);
    }

    private void initSendingInformation(MidpointForm midpointForm) {
        midpointForm.add(SecurityUtils.createHiddenInputForCsrf(ID_CSRF_FIELD));
        HiddenField hiddenField = new HiddenField("answer", this.answerModel);
        hiddenField.setOutputMarkupId(true);
        midpointForm.add(hiddenField);
        HiddenField hiddenField2 = new HiddenField("user", new Model());
        hiddenField2.setOutputMarkupId(true);
        midpointForm.add(hiddenField2);
    }

    private void initQuestionsSection(MidpointForm midpointForm) {
        WebMarkupContainer webMarkupContainer = new WebMarkupContainer(ID_INSIDE_FORM);
        webMarkupContainer.setOutputMarkupId(true);
        webMarkupContainer.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.login.PageSecurityQuestions.2
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return PageSecurityQuestions.this.showedQuestions;
            }
        });
        midpointForm.add(webMarkupContainer);
        ListView<SecurityQuestionDto> listView = new ListView<SecurityQuestionDto>(ID_QUESTIONS, this.questionsModel) { // from class: com.evolveum.midpoint.web.page.login.PageSecurityQuestions.3
            private static final long serialVersionUID = 1;

            @Override // org.apache.wicket.markup.html.list.ListView
            protected void populateItem(ListItem<SecurityQuestionDto> listItem) {
                listItem.getModelObject();
                listItem.add(new Label(PageSecurityQuestions.ID_QUESTION_TEXT, (IModel<?>) new PropertyModel(listItem.getModel(), PageSecurityQuestions.ID_QUESTION_TEXT)));
                RequiredTextField requiredTextField = new RequiredTextField(PageSecurityQuestions.ID_QUESTION_ANSWER, new PropertyModel(listItem.getModel(), PageSecurityQuestions.ID_QUESTION_ANSWER));
                requiredTextField.setOutputMarkupId(true);
                requiredTextField.add(new AjaxFormComponentUpdatingBehavior("blur") { // from class: com.evolveum.midpoint.web.page.login.PageSecurityQuestions.3.1
                    @Override // org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior
                    protected void onUpdate(AjaxRequestTarget ajaxRequestTarget) {
                        PageSecurityQuestions.this.answerModel.setObject(PageSecurityQuestions.this.generateAnswer());
                        ajaxRequestTarget.add(PageSecurityQuestions.this.getHiddenAnswer());
                    }
                });
                listItem.add(requiredTextField);
            }
        };
        listView.setOutputMarkupId(true);
        webMarkupContainer.add(listView);
        webMarkupContainer.add(new AjaxButton(ID_BACK_2_BUTTON) { // from class: com.evolveum.midpoint.web.page.login.PageSecurityQuestions.4
            private static final long serialVersionUID = 1;

            @Override // org.apache.wicket.ajax.markup.html.AjaxLink, org.apache.wicket.ajax.markup.html.IAjaxLink
            public void onClick(AjaxRequestTarget ajaxRequestTarget) {
                PageSecurityQuestions.this.showedQuestions = false;
                PageSecurityQuestions.this.questionsModel.setObject(new ArrayList());
                PageSecurityQuestions.this.getHiddenUsername().getModel().setObject(null);
                PageSecurityQuestions.this.getHiddenAnswer().getModel().setObject(null);
                ajaxRequestTarget.add(PageSecurityQuestions.this.getMainForm());
            }
        });
    }

    private String generateAnswer() {
        JSONArray jSONArray = new JSONArray();
        for (SecurityQuestionDto securityQuestionDto : this.questionsModel.getObject2()) {
            if (StringUtils.isNotBlank(securityQuestionDto.getQuestionAnswer())) {
                JSONObject jSONObject = new JSONObject();
                jSONObject.put(SecurityQuestionsAuthenticationFilter.J_QID, securityQuestionDto.getIdentifier());
                jSONObject.put(SecurityQuestionsAuthenticationFilter.J_QANS, securityQuestionDto.getQuestionAnswer());
                jSONArray.put(jSONObject);
            }
        }
        if (jSONArray.length() == 0) {
            return null;
        }
        return jSONArray.toString();
    }

    private void initButtons(MidpointForm midpointForm) {
        WebMarkupContainer webMarkupContainer = new WebMarkupContainer(ID_FIRST_LEVEL_BUTTONS);
        webMarkupContainer.setOutputMarkupId(true);
        webMarkupContainer.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.login.PageSecurityQuestions.5
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return !PageSecurityQuestions.this.showedQuestions;
            }
        });
        midpointForm.add(webMarkupContainer);
        webMarkupContainer.add(new AjaxSubmitButton(ID_SHOW_QUESTIONS_BUTTON) { // from class: com.evolveum.midpoint.web.page.login.PageSecurityQuestions.6
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onSubmit(AjaxRequestTarget ajaxRequestTarget) {
                PageSecurityQuestions.this.showQuestions(ajaxRequestTarget);
            }
        });
        webMarkupContainer.add(createBackButton(ID_BACK_1_BUTTON));
    }

    private void initStaticLayout(MidpointForm midpointForm) {
        WebMarkupContainer webMarkupContainer = new WebMarkupContainer(ID_STATIC_LAYOUT);
        webMarkupContainer.setOutputMarkupId(true);
        webMarkupContainer.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.login.PageSecurityQuestions.7
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return (PageSecurityQuestions.this.showedQuestions || PageSecurityQuestions.this.isDynamicForm()) ? false : true;
            }
        });
        midpointForm.add(webMarkupContainer);
        RequiredTextField requiredTextField = new RequiredTextField("username", new Model());
        requiredTextField.setOutputMarkupId(true);
        webMarkupContainer.add(requiredTextField);
    }

    private void showQuestions(AjaxRequestTarget ajaxRequestTarget) {
        UserType searchUser = searchUser();
        if (searchUser == null) {
            getSession().error(getString("pageForgetPassword.message.user.not.found"));
            throw new RestartResponseException(PageSecurityQuestions.class);
        }
        LOGGER.trace("Reset Password user: {}", searchUser);
        List<SecurityQuestionDto> createUsersSecurityQuestionsList = createUsersSecurityQuestionsList(searchUser.asPrismObject());
        if (createUsersSecurityQuestionsList.isEmpty()) {
            return;
        }
        this.showedQuestions = true;
        this.questionsModel.setObject(createUsersSecurityQuestionsList);
        getHiddenUsername().getModel().setObject(searchUser.getName().getOrig());
        ajaxRequestTarget.add(getMainForm());
    }

    private List<SecurityQuestionDto> createUsersSecurityQuestionsList(PrismObject<UserType> prismObject) {
        SecurityQuestionsCredentialsType securityQuestions = prismObject.asObjectable().getCredentials().getSecurityQuestions();
        if (securityQuestions == null || securityQuestions.getQuestionAnswer() == null || securityQuestions.getQuestionAnswer().isEmpty()) {
            error(getString("web.security.flexAuth.any.security.questions"));
            LOGGER.error("web.security.flexAuth.any.security.questions");
            throw new RestartResponseException(PageSecurityQuestions.class);
        }
        List<SecurityQuestionAnswerType> questionAnswer = securityQuestions.getQuestionAnswer();
        SecurityPolicyType resolveSecurityPolicy = resolveSecurityPolicy(prismObject);
        LOGGER.trace("Found security policy: {}", resolveSecurityPolicy);
        if (resolveSecurityPolicy == null) {
            LOGGER.error("No security policy, cannot process security questions");
            throw new RestartResponseException(PageError.class);
        }
        if (resolveSecurityPolicy.getCredentials() == null) {
            LOGGER.error("No credential for security policy, cannot process security questions");
            throw new RestartResponseException(PageError.class);
        }
        SecurityQuestionsCredentialsPolicyType securityQuestions2 = resolveSecurityPolicy.getCredentials().getSecurityQuestions();
        List<SecurityQuestionDefinitionType> question = securityQuestions2 != null ? securityQuestions2.getQuestion() : new ArrayList<>();
        ArrayList arrayList = new ArrayList();
        int intValue = securityQuestions2 != null ? securityQuestions2.getQuestionNumber().intValue() : 1;
        for (SecurityQuestionDefinitionType securityQuestionDefinitionType : question) {
            if (Boolean.TRUE.equals(securityQuestionDefinitionType.isEnabled())) {
                Iterator<SecurityQuestionAnswerType> it = questionAnswer.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (securityQuestionDefinitionType.getIdentifier().equals(it.next().getQuestionIdentifier())) {
                        SecurityQuestionDto securityQuestionDto = new SecurityQuestionDto(securityQuestionDefinitionType.getIdentifier());
                        securityQuestionDto.setQuestionText(securityQuestionDefinitionType.getQuestionText());
                        arrayList.add(securityQuestionDto);
                        break;
                    }
                }
            }
            if (intValue == arrayList.size()) {
                break;
            }
        }
        if (arrayList.size() >= intValue) {
            return arrayList;
        }
        error(getString("pageForgetPassword.message.ContactAdminQuestionsNotSetEnough"));
        LOGGER.error("pageForgetPassword.message.ContactAdminQuestionsNotSetEnough");
        throw new RestartResponseException(PageSecurityQuestions.class);
    }

    public PageBase getPageBase() {
        return (PageBase) getPage();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.evolveum.midpoint.web.page.login.PageAuthenticationBase
    protected ObjectQuery createStaticFormQuery() {
        RequiredTextField visibleUsername = getVisibleUsername();
        String str = visibleUsername != null ? (String) visibleUsername.getModelObject() : null;
        LOGGER.debug("Reset Password user info form submitted. username={}", str);
        return getPrismContext().queryFor(UserType.class).item(UserType.F_NAME).eqPoly(str).matchingNorm().build();
    }

    private MidpointForm getMainForm() {
        return (MidpointForm) get("mainForm");
    }

    private HiddenField getHiddenUsername() {
        return (HiddenField) getMainForm().get("user");
    }

    private HiddenField getHiddenAnswer() {
        return (HiddenField) getMainForm().get("answer");
    }

    @Override // com.evolveum.midpoint.web.page.login.PageAuthenticationBase
    protected DynamicFormPanel getDynamicForm() {
        return (DynamicFormPanel) getMainForm().get(createComponentPath(ID_DYNAMIC_LAYOUT, ID_DYNAMIC_FORM));
    }

    private RequiredTextField getVisibleUsername() {
        return (RequiredTextField) getMainForm().get(createComponentPath(ID_STATIC_LAYOUT, "username"));
    }

    private String getUrlProcessingLogin() {
        ModuleAuthentication processingModuleAuthentication;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if ((authentication instanceof MidpointAuthentication) && (processingModuleAuthentication = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication()) != null && (processingModuleAuthentication instanceof SecurityQuestionFormModuleAuthentication)) {
            return SecurityUtils.stripSlashes(((SecurityQuestionFormModuleAuthentication) processingModuleAuthentication).getPrefix()) + "/spring_security_login";
        }
        error(getString("web.security.flexAuth.unsupported.auth.type"));
        return "/midpoint/spring_security_login";
    }
}
