package com.evolveum.midpoint.web.page.self;

import com.evolveum.midpoint.authentication.api.authorization.PageDescriptor;
import com.evolveum.midpoint.authentication.api.authorization.Url;
import com.evolveum.midpoint.authentication.api.config.AuthenticationEvaluator;
import com.evolveum.midpoint.gui.api.model.LoadableModel;
import com.evolveum.midpoint.gui.api.page.PageBase;
import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
import com.evolveum.midpoint.gui.impl.page.login.PageLogin;
import com.evolveum.midpoint.model.api.ModelExecuteOptions;
import com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.Producer;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.component.AjaxSubmitButton;
import com.evolveum.midpoint.web.component.form.MidpointForm;
import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.apache.wicket.RestartResponseException;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.markup.html.AjaxLink;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.PasswordTextField;
import org.apache.wicket.markup.repeater.RepeatingView;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.Model;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.apache.wicket.spring.injection.annot.SpringBean;
import org.apache.wicket.util.string.StringValue;

@PageDescriptor(urls = {@Url(mountUrl = SchemaConstants.ACCOUNT_ACTIVATION_PREFIX)}, permitAll = true)
/* loaded from: input_file:BOOT-INF/lib/admin-gui-4.7.5-SNAPSHOT.jar:com/evolveum/midpoint/web/page/self/PageAccountActivation.class */
public class PageAccountActivation extends PageBase {
    private static final long serialVersionUID = 1;
    private IModel<UserType> userModel;
    private static final String ID_MAIN_FORM = "mainForm";
    private static final String ID_NAME = "username";
    private static final String ID_PASSWORD = "password";
    private static final String ID_CONFIRM = "confirm";
    private static final String ID_ACTIVATION_CONTAINER = "activationContainer";
    private static final String ID_CONFIRMATION_CONTAINER = "confirmationContainer";
    private static final String ID_ACTIVATED_SHADOWS = "activatedShadows";
    private static final String ID_LINK_TO_LOGIN = "linkToLogin";
    private boolean activated = false;

    @SpringBean(name = "passwordAuthenticationEvaluator")
    private AuthenticationEvaluator<PasswordAuthenticationContext> authenticationEvaluator;
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) PageAccountActivation.class);
    private static final String DOT_CLASS = PageAccountActivation.class.getName() + ".";
    private static final String LOAD_USER = DOT_CLASS + "loadUser";
    private static final String OPERATION_ACTIVATE_SHADOWS = DOT_CLASS + "activateShadows";

    public PageAccountActivation(PageParameters pageParameters) {
        final UserType loadUser = loadUser(pageParameters);
        if (loadUser == null) {
            getSession().error(getString("PageAccountActivation.account.activation.failed"));
            throw new RestartResponseException(PageLogin.class);
        }
        this.userModel = new LoadableModel<UserType>(false) { // from class: com.evolveum.midpoint.web.page.self.PageAccountActivation.1
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.gui.api.model.LoadableModel
            /* renamed from: load */
            public UserType load2() {
                return loadUser;
            }
        };
        initLayout();
    }

    private UserType loadUser(PageParameters pageParameters) {
        final String oidFromParameter = getOidFromParameter(pageParameters);
        if (oidFromParameter == null) {
            getSession().error(getString("PageAccountActivation.user.not.found"));
            throw new RestartResponseException(PageLogin.class);
        }
        final Task createAnonymousTask = createAnonymousTask(LOAD_USER);
        final OperationResult operationResult = new OperationResult(LOAD_USER);
        return (UserType) runPrivileged(new Producer<UserType>() { // from class: com.evolveum.midpoint.web.page.self.PageAccountActivation.2
            private static final long serialVersionUID = 1;

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.util.Producer
            public UserType run() {
                PrismObject loadObject = WebModelServiceUtils.loadObject(UserType.class, oidFromParameter, PageAccountActivation.this.getOperationOptionsBuilder().item(UserType.F_LINK_REF).resolve().item(UserType.F_LINK_REF, ShadowType.F_RESOURCE_REF).resolve().build(), PageAccountActivation.this, createAnonymousTask, operationResult);
                if (loadObject == null) {
                    return null;
                }
                return (UserType) loadObject.asObjectable();
            }
        });
    }

    private void initLayout() {
        WebMarkupContainer webMarkupContainer = new WebMarkupContainer(ID_ACTIVATION_CONTAINER);
        webMarkupContainer.setOutputMarkupId(true);
        add(webMarkupContainer);
        webMarkupContainer.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.self.PageAccountActivation.3
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return !PageAccountActivation.this.activated;
            }
        });
        MidpointForm midpointForm = new MidpointForm(ID_MAIN_FORM);
        webMarkupContainer.add(midpointForm);
        Object[] objArr = new Object[1];
        objArr[0] = (this.userModel == null || this.userModel.getObject2() == null || this.userModel.getObject2().getName() == null) ? "" : getLocalizationService().translate(this.userModel.getObject2().getName().toPolyString());
        Label label = new Label("username", (IModel<?>) createStringResource("PageAccountActivation.activate.accounts.label", objArr));
        label.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.self.PageAccountActivation.4
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isEnabled() {
                return false;
            }
        });
        midpointForm.add(label);
        midpointForm.add(new PasswordTextField("password", Model.of(new String())));
        AjaxSubmitButton ajaxSubmitButton = new AjaxSubmitButton(ID_CONFIRM) { // from class: com.evolveum.midpoint.web.page.self.PageAccountActivation.5
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onSubmit(AjaxRequestTarget ajaxRequestTarget) {
                PageAccountActivation.this.propagatePassword(ajaxRequestTarget, getForm());
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onError(AjaxRequestTarget ajaxRequestTarget) {
                getSession().error(getString("PageAccountActivation.account.activation.failed"));
                ajaxRequestTarget.add(PageAccountActivation.this.getFeedbackPanel());
            }
        };
        midpointForm.setDefaultButton(ajaxSubmitButton);
        midpointForm.add(ajaxSubmitButton);
        WebMarkupContainer webMarkupContainer2 = new WebMarkupContainer(ID_CONFIRMATION_CONTAINER);
        webMarkupContainer2.setOutputMarkupId(true);
        webMarkupContainer2.add(new VisibleEnableBehaviour() { // from class: com.evolveum.midpoint.web.page.self.PageAccountActivation.6
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour
            public boolean isVisible() {
                return PageAccountActivation.this.activated;
            }
        });
        add(webMarkupContainer2);
        webMarkupContainer2.add(new AjaxLink<Void>(ID_LINK_TO_LOGIN) { // from class: com.evolveum.midpoint.web.page.self.PageAccountActivation.7
            private static final long serialVersionUID = 1;

            @Override // org.apache.wicket.ajax.markup.html.AjaxLink, org.apache.wicket.ajax.markup.html.IAjaxLink
            public void onClick(AjaxRequestTarget ajaxRequestTarget) {
                setResponsePage(PageLogin.class);
            }
        });
        RepeatingView repeatingView = new RepeatingView(ID_ACTIVATED_SHADOWS);
        webMarkupContainer2.add(repeatingView);
        List<ShadowType> shadowsToActivate = getShadowsToActivate();
        if (shadowsToActivate.isEmpty()) {
            LOGGER.error("No accounts to validate for user {}", this.userModel.getObject2());
            getSession().warn(getString("PageAccountActivation.nothing.to.activate"));
            throw new RestartResponseException(PageLogin.class);
        }
        for (ShadowType shadowType : shadowsToActivate) {
            repeatingView.add(new Label(repeatingView.newChildId(), WebComponentUtil.getName(shadowType) + " on resource " + WebComponentUtil.getName(shadowType.getResourceRef())));
        }
    }

    private String getOidFromParameter(PageParameters pageParameters) {
        if (pageParameters == null || pageParameters.isEmpty()) {
            LOGGER.error("No page parameters found for account activation. No user to activate his/her accounts");
            return null;
        }
        StringValue stringValue = pageParameters.get("user");
        if (stringValue != null && !stringValue.isEmpty()) {
            return stringValue.toString();
        }
        LOGGER.error("No user defined in the page parameter. Expected user=? attribute filled but didmn't find one.");
        return null;
    }

    private void propagatePassword(AjaxRequestTarget ajaxRequestTarget, Form<?> form) {
        List<ShadowType> shadowsToActivate = getShadowsToActivate();
        String modelObject = ((PasswordTextField) form.get(createComponentPath("password"))).getModelObject();
        try {
            if (this.authenticationEvaluator.authenticate(ConnectionEnvironment.create(SchemaConstants.CHANNEL_USER_URI), new PasswordAuthenticationContext(this.userModel.getObject2().getName().getOrig(), modelObject, this.userModel.getObject2().getClass())) == null) {
                LOGGER.error("Failed to authenticate user");
                getSession().error(getString("PageAccountActivation.authentication.failed"));
                throw new RestartResponseException(PageAccountActivation.class, getPageParameters());
            }
            ProtectedStringType protectedStringType = new ProtectedStringType();
            protectedStringType.setClearValue(modelObject);
            final ArrayList arrayList = new ArrayList(shadowsToActivate.size());
            Iterator<ShadowType> it = shadowsToActivate.iterator();
            while (it.hasNext()) {
                ObjectDelta createModificationReplaceProperty = getPrismContext().deltaFactory().object().createModificationReplaceProperty(ShadowType.class, it.next().getOid(), SchemaConstants.PATH_PASSWORD_VALUE, protectedStringType);
                createModificationReplaceProperty.addModificationReplaceProperty(ShadowType.F_LIFECYCLE_STATE, "active");
                arrayList.add(createModificationReplaceProperty);
            }
            OperationResult operationResult = (OperationResult) runPrivileged(new Producer<OperationResult>() { // from class: com.evolveum.midpoint.web.page.self.PageAccountActivation.8
                private static final long serialVersionUID = 1;

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // com.evolveum.midpoint.util.Producer
                public OperationResult run() {
                    OperationResult operationResult2 = new OperationResult(PageAccountActivation.OPERATION_ACTIVATE_SHADOWS);
                    WebModelServiceUtils.save((Collection<ObjectDelta<? extends ObjectType>>) arrayList, (ModelExecuteOptions) null, operationResult2, PageAccountActivation.this.createAnonymousTask(PageAccountActivation.OPERATION_ACTIVATE_SHADOWS), PageAccountActivation.this);
                    return operationResult2;
                }
            });
            operationResult.recomputeStatus();
            if (operationResult.isSuccess()) {
                getSession().success(getString("PageAccountActivation.account.activation.successful"));
                ajaxRequestTarget.add(getFeedbackPanel());
                this.activated = true;
            } else {
                getSession().error(getString("PageAccountActivation.account.activation.failed"));
                LOGGER.error("Failed to acitvate accounts, reason: {} ", operationResult.getMessage());
                ajaxRequestTarget.add(getFeedbackPanel());
            }
            ajaxRequestTarget.add(this);
        } catch (Exception e) {
            LOGGER.error("Failed to authenticate user, reason {}", e.getMessage());
            getSession().error(getString("PageAccountActivation.authentication.failed"));
            throw new RestartResponseException(PageAccountActivation.class, getPageParameters());
        }
    }

    private List<ShadowType> getShadowsToActivate() {
        UserType object2 = this.userModel.getObject2();
        ArrayList arrayList = new ArrayList();
        Iterator<ObjectReferenceType> it = object2.getLinkRef().iterator();
        while (it.hasNext()) {
            ShadowType shadowType = (ShadowType) it.next().asReferenceValue().getObject().asObjectable();
            if (SchemaConstants.LIFECYCLE_PROPOSED.equals(shadowType.getLifecycleState())) {
                arrayList.add(shadowType);
            }
        }
        return arrayList;
    }
}
