package com.evolveum.midpoint.web.page.admin.configuration;

import com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction;
import com.evolveum.midpoint.authentication.api.authorization.PageDescriptor;
import com.evolveum.midpoint.authentication.api.authorization.Url;
import com.evolveum.midpoint.authentication.api.util.AuthConstants;
import com.evolveum.midpoint.gui.api.util.ObjectTypeListUtil;
import com.evolveum.midpoint.prism.util.CloneUtil;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.security.api.AuthorizationConstants;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.annotation.Experimental;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.component.AceEditor;
import com.evolveum.midpoint.web.component.AjaxSubmitButton;
import com.evolveum.midpoint.web.component.form.MidpointForm;
import com.evolveum.midpoint.web.component.form.ValueChoosePanel;
import com.evolveum.midpoint.web.component.input.DropDownChoicePanel;
import com.evolveum.midpoint.web.component.input.QNameObjectTypeChoiceRenderer;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AdditionalAuthorizationsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationEvaluationAccessDecisionRequestType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationEvaluationFilterProcessingRequestType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationEvaluationRequestType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationEvaluationResponseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationEvaluationTracingOptionsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.prism.xml.ns._public.query_3.SearchFilterType;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.lang.invoke.SerializedLambda;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.commons.lang3.StringUtils;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.markup.html.form.CheckBox;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.Model;

@Experimental
@PageDescriptor(urls = {@Url(mountUrl = "/admin/config/authorizationPlayground", matchUrlForSecurity = "/admin/config/authorizationPlayground")}, action = {@AuthorizationAction(actionUri = "http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configurationAll", label = AuthConstants.AUTH_CONFIGURATION_ALL_LABEL, description = AuthConstants.AUTH_CONFIGURATION_ALL_DESCRIPTION), @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_CONFIGURATION_AUTHORIZATION_PLAYGROUND_URL, label = "PageAuthorizationPlayground.auth.mapping.label", description = "PageAuthorizationPlayground.auth.mapping.description")}, experimental = true)
/* loaded from: input_file:BOOT-INF/lib/admin-gui-4.10-SNAPSHOT.jar:com/evolveum/midpoint/web/page/admin/configuration/PageAuthorizationPlayground.class */
public class PageAuthorizationPlayground extends PageAdminConfiguration {
    private static final String ID_MAIN_FORM = "mainForm";
    private static final String ID_SUBJECT_OID = "subjectOid";
    private static final String ID_ADDITIONAL_AUTHORIZATIONS = "additionalAuthorizations";
    private static final String ID_TYPE = "type";
    private static final String ID_OBJECT_FILTER = "objectFilter";
    private static final String ID_OBJECT_OID = "objectOid";
    private static final String ID_SAMPLE = "sample";
    private static final String ID_SELECTOR_TRACING = "selectorTracing";
    private static final String ID_EXECUTE = "execute";
    private static final String ID_RESULT_TEXT = "resultText";
    private static final String ID_COMPUTATION_TEXT = "computationText";
    private static final String SAMPLES_DIR = "authorization-samples";
    private final IModel<String> additionalAuthorizationsModel = new Model("<additionalAuthorizations>\n</additionalAuthorizations>");
    private final IModel<QName> typeModel = new Model(UserType.COMPLEX_TYPE);
    private final IModel<String> filterModel = new Model();
    private final IModel<ObjectReferenceType> objectModel = Model.of(new ObjectReferenceType());
    private final IModel<ObjectReferenceType> subjectModel = Model.of(new ObjectReferenceType());
    private final IModel<Boolean> selectorTracingModel = Model.of(false);
    private final IModel<String> resultModel = new Model();
    private final IModel<String> computationModel = new Model();
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) PageAuthorizationPlayground.class);
    private static final String DOT_CLASS = PageAuthorizationPlayground.class.getName() + ".";
    private static final String OP_EVALUATE_AUTHORIZATIONS = DOT_CLASS + "evaluateAuthorizations";
    private static final List<String> SAMPLES = List.of("no-autz", "full-autz", "read-modify-caribbean");

    public PageAuthorizationPlayground() {
        initLayout();
    }

    private void initLayout() {
        MidpointForm midpointForm = new MidpointForm(ID_MAIN_FORM);
        add(midpointForm);
        midpointForm.add(new ValueChoosePanel<ObjectReferenceType>(ID_SUBJECT_OID, this.subjectModel) { // from class: com.evolveum.midpoint.web.page.admin.configuration.PageAuthorizationPlayground.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // com.evolveum.midpoint.web.component.form.ValueChoosePanel
            public <O extends ObjectType> Class<O> getDefaultType(List<QName> list) {
                return UserType.class;
            }
        });
        AceEditor aceEditor = new AceEditor(ID_ADDITIONAL_AUTHORIZATIONS, this.additionalAuthorizationsModel);
        aceEditor.setHeight(400);
        aceEditor.setResizeToMaxHeight(false);
        midpointForm.add(aceEditor);
        midpointForm.add(new DropDownChoicePanel("type", this.typeModel, ObjectTypeListUtil::createSearchableTypeList, new QNameObjectTypeChoiceRenderer()));
        AceEditor aceEditor2 = new AceEditor(ID_OBJECT_FILTER, this.filterModel);
        aceEditor2.setHeight(400);
        aceEditor2.setResizeToMaxHeight(false);
        midpointForm.add(aceEditor2);
        midpointForm.add(new ValueChoosePanel(ID_OBJECT_OID, this.objectModel));
        midpointForm.add(new CheckBox(ID_SELECTOR_TRACING, this.selectorTracingModel));
        midpointForm.add(new AjaxSubmitButton(ID_EXECUTE, createStringResource("PageAuthorizationPlayground.button.evaluate", new Object[0])) { // from class: com.evolveum.midpoint.web.page.admin.configuration.PageAuthorizationPlayground.2
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onError(AjaxRequestTarget ajaxRequestTarget) {
                ajaxRequestTarget.add(PageAuthorizationPlayground.this.getFeedbackPanel());
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onSubmit(AjaxRequestTarget ajaxRequestTarget) {
                PageAuthorizationPlayground.this.evaluatePerformed(ajaxRequestTarget);
            }
        });
        midpointForm.add(new SamplesChoice(ID_SAMPLE, SAMPLES, "PageAuthorizationPlayground.sample") { // from class: com.evolveum.midpoint.web.page.admin.configuration.PageAuthorizationPlayground.3
            @Override // com.evolveum.midpoint.web.page.admin.configuration.SamplesChoice
            protected void update(String str, AjaxRequestTarget ajaxRequestTarget) {
                PageAuthorizationPlayground.this.additionalAuthorizationsModel.setObject(readResource(PageAuthorizationPlayground.sampleFile(str, "additional-authorizations")));
                PageAuthorizationPlayground.this.resultModel.setObject("");
                PageAuthorizationPlayground.this.computationModel.setObject("");
                ajaxRequestTarget.add(PageAuthorizationPlayground.this);
            }
        });
        AceEditor aceEditor3 = new AceEditor("resultText", this.resultModel);
        aceEditor3.setReadonly(true);
        aceEditor3.setHeight(300);
        aceEditor3.setResizeToMaxHeight(false);
        aceEditor3.setMode(null);
        midpointForm.add(aceEditor3);
        AceEditor aceEditor4 = new AceEditor(ID_COMPUTATION_TEXT, this.computationModel);
        aceEditor4.setReadonly(true);
        aceEditor4.setHeight(1000);
        aceEditor4.setResizeToMaxHeight(false);
        aceEditor4.setMode(null);
        midpointForm.add(aceEditor4);
    }

    private static String sampleFile(String str, String str2) {
        return "authorization-samples/" + str + "." + str2 + ".xml.data";
    }

    private void evaluatePerformed(AjaxRequestTarget ajaxRequestTarget) {
        AuthorizationEvaluationRequestType createRequestRaw;
        Task createSimpleTask = createSimpleTask(OP_EVALUATE_AUTHORIZATIONS);
        OperationResult operationResult = new OperationResult(OP_EVALUATE_AUTHORIZATIONS);
        try {
            try {
                createRequestRaw = createRequestRaw();
            } catch (CommonException | RuntimeException e) {
                operationResult.recordException(e);
                LoggingUtils.logUnexpectedException(LOGGER, "Couldn't evaluate authorizations", e, new Object[0]);
                StringWriter stringWriter = new StringWriter();
                PrintWriter printWriter = new PrintWriter(stringWriter);
                e.printStackTrace(printWriter);
                printWriter.close();
                this.resultModel.setObject(stringWriter.toString());
                operationResult.computeStatus();
            }
            if (createRequestRaw == null) {
                warn(getString("PageAuthorizationPlayground.message.noInputProvided"));
                ajaxRequestTarget.add(getFeedbackPanel());
                operationResult.computeStatus();
                return;
            }
            setSubjectRef(createRequestRaw);
            addExplicitAuthorizations(createRequestRaw);
            setTracing(createRequestRaw);
            AuthorizationEvaluationResponseType evaluateAuthorizations = getModelDiagnosticService().evaluateAuthorizations(createRequestRaw, createSimpleTask, operationResult);
            this.resultModel.setObject(evaluateAuthorizations.getResult());
            this.computationModel.setObject(evaluateAuthorizations.getComputation());
            operationResult.computeStatus();
            showResult(operationResult);
            ajaxRequestTarget.add(this);
        } catch (Throwable th) {
            operationResult.computeStatus();
            throw th;
        }
    }

    private AuthorizationEvaluationRequestType createRequestRaw() throws SchemaException {
        ObjectReferenceType object2 = this.objectModel.getObject2();
        if (StringUtils.isNotEmpty(object2.getOid())) {
            return new AuthorizationEvaluationAccessDecisionRequestType().objectRef(object2);
        }
        QName object22 = this.typeModel.getObject2();
        if (object22 != null) {
            return new AuthorizationEvaluationFilterProcessingRequestType().type(object22).filter(createFilterBean());
        }
        return null;
    }

    private SearchFilterType createFilterBean() throws SchemaException {
        String object2 = this.filterModel.getObject2();
        if (StringUtils.isEmpty(object2)) {
            return null;
        }
        return (SearchFilterType) getPrismContext().parserFor(object2).xml().parseRealValue(SearchFilterType.class);
    }

    private void setSubjectRef(AuthorizationEvaluationRequestType authorizationEvaluationRequestType) {
        ObjectReferenceType object2 = this.subjectModel.getObject2();
        if (StringUtils.isNotEmpty(object2.getOid())) {
            authorizationEvaluationRequestType.setSubjectRef(object2);
        }
    }

    private void addExplicitAuthorizations(AuthorizationEvaluationRequestType authorizationEvaluationRequestType) throws SchemaException {
        String object2 = this.additionalAuthorizationsModel.getObject2();
        if (StringUtils.isNotEmpty(object2)) {
            authorizationEvaluationRequestType.getAdditionalAuthorization().addAll(CloneUtil.cloneCollectionMembers(((AdditionalAuthorizationsType) getPrismContext().parserFor(object2).xml().parseRealValue(AdditionalAuthorizationsType.class)).getAuthorization()));
        }
    }

    private void setTracing(AuthorizationEvaluationRequestType authorizationEvaluationRequestType) {
        authorizationEvaluationRequestType.tracing(new AuthorizationEvaluationTracingOptionsType().selectorTracingEnabled(this.selectorTracingModel.getObject2()));
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 211764790:
                if (implMethodName.equals("createSearchableTypeList")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/apache/wicket/model/IModel") && serializedLambda.getFunctionalInterfaceMethodName().equals(RepositoryService.OP_GET_OBJECT) && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/api/util/ObjectTypeListUtil") && serializedLambda.getImplMethodSignature().equals("()Ljava/util/List;")) {
                    return ObjectTypeListUtil::createSearchableTypeList;
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
