package com.evolveum.midpoint.gui.impl.page.login;

import com.evolveum.midpoint.authentication.api.authorization.PageDescriptor;
import com.evolveum.midpoint.authentication.api.authorization.Url;
import com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication;
import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.authentication.api.util.AuthenticationModuleNameConstants;
import com.evolveum.midpoint.gui.api.model.LoadableModel;
import com.evolveum.midpoint.gui.api.page.PageBase;
import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.Producer;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.component.AjaxButton;
import com.evolveum.midpoint.web.component.AjaxSubmitButton;
import com.evolveum.midpoint.web.component.form.MidpointForm;
import com.evolveum.midpoint.web.component.prism.DynamicFormPanel;
import com.evolveum.midpoint.web.component.util.VisibleBehaviour;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.lang.invoke.SerializedLambda;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.apache.wicket.RestartResponseException;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.form.RequiredTextField;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.Model;
import org.apache.wicket.protocol.http.servlet.ServletWebRequest;
import org.apache.wicket.request.cycle.RequestCycle;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.WebAttributes;

@PageDescriptor(urls = {@Url(mountUrl = "/emailNonce", matchUrlForSecurity = "/emailNonce")}, permitAll = true, loginPage = true, authModule = AuthenticationModuleNameConstants.MAIL_NONCE)
/* loaded from: input_file:BOOT-INF/lib/admin-gui-4.7.5-SNAPSHOT.jar:com/evolveum/midpoint/gui/impl/page/login/PageEmailNonce.class */
public class PageEmailNonce extends PageAuthenticationBase {
    private static final long serialVersionUID = 1;
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) PageEmailNonce.class);
    private static final String ID_STATIC_LAYOUT = "staticLayout";
    private static final String ID_EMAIL = "email";
    private static final String ID_MAIN_FORM = "mainForm";
    private static final String ID_HINT_PANEL = "hintPanel";
    private static final String ID_HINT_LABEL = "hintLabel";
    private static final String ID_BACK_BUTTON = "back";
    private static final String ID_BACK_BUTTON_LABEL = "backButtonLabel";
    private static final String ID_SUBMIT_IDENTIFIER = "submitIdentifier";
    private static final String ID_CONTINUE_RESET_PASSWORD = "continueResetPassword";
    private boolean submited;
    private UserType user = null;

    public PageEmailNonce() {
        if (AuthUtil.getPrincipalUser() != null) {
            userIdentifierSubmitPerformed(null);
            this.submited = true;
        }
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected void initCustomLayout() {
        MidpointForm midpointForm = new MidpointForm(ID_MAIN_FORM);
        midpointForm.add(new VisibleBehaviour(() -> {
            return Boolean.valueOf(!this.submited);
        }));
        add(midpointForm);
        initStaticLayout(midpointForm);
        initDynamicLayout(midpointForm, this);
        initButtons(midpointForm);
    }

    private void initButtons(MidpointForm midpointForm) {
        AjaxSubmitButton ajaxSubmitButton = new AjaxSubmitButton(ID_SUBMIT_IDENTIFIER, createStringResource("PageBase.button.submit", new Object[0])) { // from class: com.evolveum.midpoint.gui.impl.page.login.PageEmailNonce.1
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onSubmit(AjaxRequestTarget ajaxRequestTarget) {
                PageEmailNonce.this.userIdentifierSubmitPerformed(ajaxRequestTarget);
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onError(AjaxRequestTarget ajaxRequestTarget) {
                ajaxRequestTarget.add(PageEmailNonce.this.getFeedbackPanel());
            }
        };
        ajaxSubmitButton.add(new VisibleBehaviour(() -> {
            return Boolean.valueOf(!this.submited);
        }));
        midpointForm.add(ajaxSubmitButton);
        add(createBackButton(ID_BACK_BUTTON));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.gui.impl.page.login.PageAuthenticationBase
    public AjaxButton createBackButton(String str) {
        AjaxButton ajaxButton = new AjaxButton(str) { // from class: com.evolveum.midpoint.gui.impl.page.login.PageEmailNonce.2
            private static final long serialVersionUID = 1;

            @Override // org.apache.wicket.ajax.markup.html.AjaxLink, org.apache.wicket.ajax.markup.html.IAjaxLink
            public void onClick(AjaxRequestTarget ajaxRequestTarget) {
                PageEmailNonce.this.cancelPerformed();
            }
        };
        ajaxButton.setOutputMarkupId(true);
        ajaxButton.add(new Label(ID_BACK_BUTTON_LABEL, (IModel<?>) createStringResource("PageEmailNonce.backButtonLabel", new Object[0])));
        return ajaxButton;
    }

    private void userIdentifierSubmitPerformed(AjaxRequestTarget ajaxRequestTarget) {
        if (this.user == null) {
            this.user = searchUser();
            validateUserNotNullOrFail();
        }
        LOGGER.trace("Reset Password user: {}", this.user);
        continuePasswordReset(ajaxRequestTarget);
    }

    private void continuePasswordReset(AjaxRequestTarget ajaxRequestTarget) {
        validateUserNotNullOrFail();
        NonceCredentialsPolicyType mailNoncePolicy = getMailNoncePolicy(this.user.asPrismObject());
        if (mailNoncePolicy == null) {
            LOGGER.debug("No policies for reset password defined");
            getSession().error(getString("pageForgetPassword.message.policy.not.found"));
            throw new RestartResponseException(PageEmailNonce.class);
        }
        OperationResult saveUserNonce = saveUserNonce(this.user, mailNoncePolicy);
        if (saveUserNonce.getStatus() != OperationResultStatus.SUCCESS) {
            getSession().error(getString("PageForgotPassword.send.nonce.failed"));
            LOGGER.error("Failed to send nonce to user: {} ", saveUserNonce.getMessage());
            throw new RestartResponseException(this);
        }
        this.submited = true;
        if (ajaxRequestTarget != null) {
            ajaxRequestTarget.add(this);
        }
    }

    private void validateUserNotNullOrFail() {
        if (this.user == null) {
            getSession().error(getString("pageForgetPassword.message.user.not.found"));
            throw new RestartResponseException(PageEmailNonce.class);
        }
    }

    private NonceCredentialsPolicyType getMailNoncePolicy(PrismObject<UserType> prismObject) {
        SecurityPolicyType resolveSecurityPolicy = resolveSecurityPolicy(prismObject);
        LOGGER.trace("Found security policy: {}", resolveSecurityPolicy);
        if (resolveSecurityPolicy == null) {
            getSession().error(getString("PageForgotPassword.send.nonce.failed"));
            LOGGER.error("No security policy, cannot process nonce credential");
            throw new RestartResponseException(PageEmailNonce.class);
        }
        if (resolveSecurityPolicy.getCredentials() == null) {
            getSession().error(getString("PageForgotPassword.send.nonce.failed"));
            LOGGER.error("No credential for security policy, cannot process nonce credential");
            throw new RestartResponseException(PageEmailNonce.class);
        }
        if (resolveSecurityPolicy.getCredentials().getNonce() == null) {
            getSession().error(getString("PageForgotPassword.send.nonce.failed"));
            LOGGER.error("No nonce credential for security policy, cannot process nonce credential");
            throw new RestartResponseException(PageEmailNonce.class);
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof MidpointAuthentication)) {
            getSession().error(getString("PageForgotPassword.send.nonce.failed"));
            LOGGER.error(("Bad type of authentication, support only MidpointAuthentication, but is " + authentication) != null ? authentication.getClass().getName() : null);
            throw new RestartResponseException(PageEmailNonce.class);
        }
        ModuleAuthentication processingModuleAuthentication = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
        if (!(processingModuleAuthentication instanceof CredentialModuleAuthentication) && !AuthenticationModuleNameConstants.MAIL_NONCE.equals(processingModuleAuthentication.getModuleTypeName())) {
            getSession().error(getString("PageForgotPassword.send.nonce.failed"));
            LOGGER.error(("Bad type of module authentication, support only EmailNonceModuleAuthentication, but is " + processingModuleAuthentication) != null ? processingModuleAuthentication.getClass().getName() : null);
            throw new RestartResponseException(PageEmailNonce.class);
        }
        CredentialModuleAuthentication credentialModuleAuthentication = (CredentialModuleAuthentication) processingModuleAuthentication;
        String credentialName = credentialModuleAuthentication.getCredentialName();
        if (credentialName == null) {
            getSession().error(getString("PageForgotPassword.send.nonce.failed"));
            LOGGER.error("EmailNonceModuleAuthentication " + credentialModuleAuthentication.getModuleIdentifier() + " haven't define name of credential");
            throw new RestartResponseException(PageEmailNonce.class);
        }
        NonceCredentialsPolicyType nonceCredentialsPolicyType = null;
        for (NonceCredentialsPolicyType nonceCredentialsPolicyType2 : resolveSecurityPolicy.getCredentials().getNonce()) {
            if (credentialName != null && credentialName.equals(nonceCredentialsPolicyType2.getName())) {
                nonceCredentialsPolicyType = nonceCredentialsPolicyType2;
            }
        }
        if (nonceCredentialsPolicyType != null) {
            return nonceCredentialsPolicyType;
        }
        getSession().error(getString("PageForgotPassword.send.nonce.failed"));
        LOGGER.error("Couldn't find nonce credentials by name " + credentialName);
        throw new RestartResponseException(PageEmailNonce.class);
    }

    private void initStaticLayout(MidpointForm midpointForm) {
        WebMarkupContainer webMarkupContainer = new WebMarkupContainer(ID_STATIC_LAYOUT);
        webMarkupContainer.setOutputMarkupId(true);
        webMarkupContainer.add(new VisibleBehaviour(() -> {
            return Boolean.valueOf(!isDynamicForm());
        }));
        midpointForm.add(webMarkupContainer);
        RequiredTextField requiredTextField = new RequiredTextField("email", new Model());
        requiredTextField.setOutputMarkupId(true);
        webMarkupContainer.add(requiredTextField);
    }

    public PageBase getPageBase() {
        return (PageBase) getPage();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.gui.impl.page.login.PageAuthenticationBase
    public boolean isDynamicFormVisible() {
        return super.isDynamicFormVisible();
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.PageAuthenticationBase
    protected ObjectQuery createStaticFormQuery() {
        RequiredTextField<String> email = getEmail();
        String modelObject = email != null ? email.getModelObject() : null;
        LOGGER.debug("Reset Password user info form submitted. email={}", modelObject);
        return getPrismContext().queryFor(UserType.class).item(UserType.F_EMAIL_ADDRESS).eq(modelObject).matchingCaseIgnore().build();
    }

    private MidpointForm getMainForm() {
        return (MidpointForm) get(ID_MAIN_FORM);
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.PageAuthenticationBase
    protected DynamicFormPanel getDynamicForm() {
        return (DynamicFormPanel) getMainForm().get(createComponentPath("dynamicLayout", "dynamicForm"));
    }

    private RequiredTextField<String> getEmail() {
        return (RequiredTextField) getMainForm().get(createComponentPath(ID_STATIC_LAYOUT, "email"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin, org.apache.wicket.Page, org.apache.wicket.Component
    public void onConfigure() {
        super.onConfigure();
        HttpSession session = ((ServletWebRequest) RequestCycle.get().getRequest()).getContainerRequest().getSession();
        Exception exc = (Exception) session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
        if (exc == null) {
            return;
        }
        String message = exc.getMessage();
        if (StringUtils.isEmpty(message)) {
            message = "web.security.provider.unavailable";
        }
        for (String str : message.split(";")) {
            error(getLocalizationService().translate(str, null, getLocale(), str));
        }
        session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin, org.apache.wicket.Page, org.apache.wicket.Component
    public void onBeforeRender() {
        super.onBeforeRender();
    }

    private OperationResult saveUserNonce(final UserType userType, final NonceCredentialsPolicyType nonceCredentialsPolicyType) {
        return (OperationResult) runPrivileged(new Producer<OperationResult>() { // from class: com.evolveum.midpoint.gui.impl.page.login.PageEmailNonce.3
            private static final long serialVersionUID = 1;

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.util.Producer
            public OperationResult run() {
                Task createAnonymousTask = PageEmailNonce.this.createAnonymousTask("generateUserNonce");
                createAnonymousTask.setChannel(SchemaConstants.CHANNEL_RESET_PASSWORD_URI);
                createAnonymousTask.setOwner(userType.asPrismObject());
                OperationResult operationResult = new OperationResult("generateUserNonce");
                ProtectedStringType protectedStringType = new ProtectedStringType();
                try {
                    protectedStringType.setClearValue(PageEmailNonce.this.generateNonce(nonceCredentialsPolicyType, createAnonymousTask, userType.asPrismObject(), operationResult));
                    WebModelServiceUtils.save(PageEmailNonce.this.getPrismContext().deltaFactory().object().createModificationReplaceProperty(UserType.class, userType.getOid(), SchemaConstants.PATH_NONCE_VALUE, protectedStringType), operationResult, createAnonymousTask, PageEmailNonce.this);
                } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException | ObjectNotFoundException | SchemaException | SecurityViolationException e) {
                    operationResult.recordFatalError(PageEmailNonce.this.getString("PageForgotPassword.message.saveUserNonce.fatalError"));
                    LoggingUtils.logException(PageEmailNonce.LOGGER, "Failed to generate nonce for user: " + e.getMessage(), e, new Object[0]);
                }
                operationResult.computeStatusIfUnknown();
                return operationResult;
            }
        });
    }

    private <O extends ObjectType> String generateNonce(NonceCredentialsPolicyType nonceCredentialsPolicyType, Task task, PrismObject<O> prismObject, OperationResult operationResult) throws ExpressionEvaluationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        ValuePolicyType valuePolicyType = null;
        if (nonceCredentialsPolicyType != null && nonceCredentialsPolicyType.getValuePolicyRef() != null) {
            valuePolicyType = (ValuePolicyType) WebModelServiceUtils.loadObject(ValuePolicyType.class, nonceCredentialsPolicyType.getValuePolicyRef().getOid(), this, task, operationResult).asObjectable();
        }
        return getModelInteractionService().generateValue(valuePolicyType, 24, false, prismObject, "nonce generation", task, operationResult);
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected IModel<String> getLoginPanelTitleModel() {
        return new LoadableModel<String>() { // from class: com.evolveum.midpoint.gui.impl.page.login.PageEmailNonce.4
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.gui.api.model.LoadableModel
            /* renamed from: load */
            public String load2() {
                return PageEmailNonce.this.createStringResource(PageEmailNonce.this.submited ? "PageEmailNonce.checkYourMail" : "PageEmailNonce.identification", new Object[0]).getString();
            }
        };
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected IModel<String> getLoginPanelDescriptionModel() {
        return new LoadableModel<String>() { // from class: com.evolveum.midpoint.gui.impl.page.login.PageEmailNonce.5
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.gui.api.model.LoadableModel
            /* renamed from: load */
            public String load2() {
                return PageEmailNonce.this.createStringResource(PageEmailNonce.this.submited ? "PageForgotPassword.form.submited.message" : "PageEmailNonce.specifyMailDescription", new Object[0]).getString();
            }
        };
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 820570503:
                if (implMethodName.equals("lambda$initStaticLayout$f6a33c9b$1")) {
                    z = 2;
                    break;
                }
                break;
            case 1222518488:
                if (implMethodName.equals("lambda$initButtons$f6a33c9b$1")) {
                    z = false;
                    break;
                }
                break;
            case 1703454751:
                if (implMethodName.equals("lambda$initCustomLayout$46f190a3$1")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/web/component/util/SerializableSupplier") && serializedLambda.getFunctionalInterfaceMethodName().equals("get") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/login/PageEmailNonce") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/Boolean;")) {
                    PageEmailNonce pageEmailNonce = (PageEmailNonce) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return Boolean.valueOf(!this.submited);
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/web/component/util/SerializableSupplier") && serializedLambda.getFunctionalInterfaceMethodName().equals("get") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/login/PageEmailNonce") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/Boolean;")) {
                    PageEmailNonce pageEmailNonce2 = (PageEmailNonce) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return Boolean.valueOf(!this.submited);
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/web/component/util/SerializableSupplier") && serializedLambda.getFunctionalInterfaceMethodName().equals("get") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/login/PageEmailNonce") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/Boolean;")) {
                    PageEmailNonce pageEmailNonce3 = (PageEmailNonce) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return Boolean.valueOf(!isDynamicForm());
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
