package com.evolveum.midpoint.gui.impl.page.self.credentials;

import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.gui.api.component.BasePanel;
import com.evolveum.midpoint.gui.api.component.password.PasswordLimitationsPanel;
import com.evolveum.midpoint.gui.api.component.password.PasswordPanel;
import com.evolveum.midpoint.gui.api.component.result.Toast;
import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
import com.evolveum.midpoint.model.api.validator.StringLimitationResult;
import com.evolveum.midpoint.prism.ItemFactory;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.schema.SchemaConstantsGenerated;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.component.AjaxSubmitButton;
import com.evolveum.midpoint.web.component.progress.ProgressDto;
import com.evolveum.midpoint.web.component.progress.ProgressReporter;
import com.evolveum.midpoint.web.component.util.EnableBehaviour;
import com.evolveum.midpoint.web.component.util.VisibleBehaviour;
import com.evolveum.midpoint.web.page.admin.configuration.component.EmptyOnBlurAjaxFormUpdatingBehaviour;
import com.evolveum.midpoint.web.security.MidPointApplication;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordChangeSecurityType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import j2html.attributes.Attr;
import java.lang.invoke.SerializedLambda;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import org.apache.wicket.AttributeModifier;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.feedback.FeedbackMessages;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.form.PasswordTextField;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.LoadableDetachableModel;
import org.apache.wicket.model.Model;

/* loaded from: input_file:WEB-INF/lib/admin-gui-4.6-SNAPSHOT.jar:com/evolveum/midpoint/gui/impl/page/self/credentials/ChangePasswordPanel.class */
public class ChangePasswordPanel<F extends FocusType> extends BasePanel<F> {
    private static final long serialVersionUID = 1;
    private static final String ID_PASSWORD_PANEL = "passwordPanel";
    private static final String ID_CURRENT_PASSWORD_FIELD = "currentPassword";
    private static final String ID_PASSWORD_LABEL = "passwordLabel";
    private static final String ID_CHANGE_PASSWORD = "changePassword";
    private static final String ID_PASSWORD_VALIDATION_PANEL = "passwordValidationPanel";
    protected String currentPasswordValue;
    protected ProtectedStringType newPasswordValue;
    protected LoadableDetachableModel<CredentialsPolicyType> credentialsPolicyModel;
    protected boolean savedPassword;
    protected ProgressDto progress;
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ChangePasswordPanel.class);
    private static final String DOT_CLASS = ChangePasswordPanel.class.getName() + ".";
    private static final String OPERATION_VALIDATE_PASSWORD = DOT_CLASS + "validatePassword";
    private static final String OPERATION_LOAD_CREDENTIALS_POLICY = DOT_CLASS + "loadCredentialsPolicy";
    protected static final String OPERATION_CHECK_PASSWORD = DOT_CLASS + "checkPassword";
    private static final String OPERATION_SAVE_PASSWORD = DOT_CLASS + "savePassword";

    public ChangePasswordPanel(String str, IModel<F> iModel) {
        super(str, iModel);
        this.currentPasswordValue = null;
        this.newPasswordValue = new ProtectedStringType();
        this.savedPassword = false;
        this.progress = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.wicket.MarkupContainer, org.apache.wicket.Component
    public void onInitialize() {
        super.onInitialize();
        initCredentialsPolicyModel();
        initLayout();
    }

    private void initCredentialsPolicyModel() {
        this.credentialsPolicyModel = new LoadableDetachableModel<CredentialsPolicyType>() { // from class: com.evolveum.midpoint.gui.impl.page.self.credentials.ChangePasswordPanel.1
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            /* JADX WARN: Multi-variable type inference failed */
            @Override // org.apache.wicket.model.LoadableDetachableModel
            public CredentialsPolicyType load() {
                return WebComponentUtil.getPasswordCredentialsPolicy(((FocusType) ChangePasswordPanel.this.getModelObject()).asPrismObject(), ChangePasswordPanel.this.getPageBase(), ChangePasswordPanel.this.getPageBase().createSimpleTask(ChangePasswordPanel.OPERATION_LOAD_CREDENTIALS_POLICY));
            }
        };
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void initLayout() {
        PasswordTextField passwordTextField = new PasswordTextField(ID_CURRENT_PASSWORD_FIELD, new IModel<String>() { // from class: com.evolveum.midpoint.gui.impl.page.self.credentials.ChangePasswordPanel.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.wicket.model.IModel
            /* renamed from: getObject */
            public String getObject2() {
                return ChangePasswordPanel.this.currentPasswordValue;
            }

            @Override // org.apache.wicket.model.IModel
            public void setObject(String str) {
                ChangePasswordPanel.this.currentPasswordValue = str;
            }
        });
        passwordTextField.add(new EmptyOnBlurAjaxFormUpdatingBehaviour());
        passwordTextField.add(new EnableBehaviour(() -> {
            return Boolean.valueOf(!this.savedPassword);
        }));
        passwordTextField.setRequired(false);
        passwordTextField.setResetPassword(false);
        passwordTextField.setOutputMarkupId(true);
        add(passwordTextField);
        add(new Label(ID_PASSWORD_LABEL, (IModel<?>) createStringResource("PageSelfCredentials.passwordLabel1", new Object[0])));
        PasswordPanel passwordPanel = new PasswordPanel(ID_PASSWORD_PANEL, Model.of(this.newPasswordValue), false, true, ((FocusType) getModelObject()).asPrismObject()) { // from class: com.evolveum.midpoint.gui.impl.page.self.credentials.ChangePasswordPanel.3
            private static final long serialVersionUID = 1;

            @Override // com.evolveum.midpoint.gui.api.component.password.PasswordPanel
            protected <F extends FocusType> ValuePolicyType getValuePolicy(PrismObject<F> prismObject) {
                return null;
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // com.evolveum.midpoint.gui.api.component.password.PasswordPanel
            public void updatePasswordValidation(AjaxRequestTarget ajaxRequestTarget) {
                super.updatePasswordValidation(ajaxRequestTarget);
                ChangePasswordPanel.this.updateNewPasswordValuePerformed(ajaxRequestTarget);
            }

            @Override // com.evolveum.midpoint.gui.api.component.password.PasswordPanel
            protected boolean canEditPassword() {
                return !ChangePasswordPanel.this.savedPassword;
            }

            @Override // com.evolveum.midpoint.gui.api.component.password.PasswordPanel
            protected boolean isRemovePasswordVisible() {
                return false;
            }
        };
        passwordPanel.getBaseFormComponent().add(new AttributeModifier(Attr.AUTOFOCUS, ""));
        add(passwordPanel);
        PasswordLimitationsPanel passwordLimitationsPanel = new PasswordLimitationsPanel(ID_PASSWORD_VALIDATION_PANEL, new LoadableDetachableModel<List<StringLimitationResult>>() { // from class: com.evolveum.midpoint.gui.impl.page.self.credentials.ChangePasswordPanel.4
            private static final long serialVersionUID = 1;

            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.wicket.model.LoadableDetachableModel
            public List<StringLimitationResult> load() {
                return ChangePasswordPanel.this.getLimitationsForActualPassword(ChangePasswordPanel.this.newPasswordValue);
            }
        });
        passwordLimitationsPanel.setOutputMarkupId(true);
        add(passwordLimitationsPanel);
        AjaxSubmitButton ajaxSubmitButton = new AjaxSubmitButton(ID_CHANGE_PASSWORD, createStringResource("ChangePasswordPanel.changePasswordButton", new Object[0])) { // from class: com.evolveum.midpoint.gui.impl.page.self.credentials.ChangePasswordPanel.5
            private static final long serialVersionUID = 1;

            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onError(AjaxRequestTarget ajaxRequestTarget) {
                FeedbackMessages feedbackMessages = ChangePasswordPanel.this.getPageBase().getFeedbackMessages();
                if (feedbackMessages == null || feedbackMessages.isEmpty()) {
                    return;
                }
                new Toast().cssClass("bg-danger m3").autohide(false).title(feedbackMessages.first().getMessage().toString()).show(ajaxRequestTarget);
            }

            @Override // org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink
            public void onSubmit(AjaxRequestTarget ajaxRequestTarget) {
                ChangePasswordPanel.this.changePasswordPerformed(ajaxRequestTarget);
            }
        };
        ajaxSubmitButton.add(new VisibleBehaviour(() -> {
            return Boolean.valueOf(!this.savedPassword);
        }));
        ajaxSubmitButton.setOutputMarkupId(true);
        add(ajaxSubmitButton);
    }

    protected void updateNewPasswordValuePerformed(AjaxRequestTarget ajaxRequestTarget) {
        ajaxRequestTarget.add(get(ID_PASSWORD_VALIDATION_PANEL));
    }

    /* JADX WARN: Multi-variable type inference failed */
    private List<StringLimitationResult> getLimitationsForActualPassword(ProtectedStringType protectedStringType) {
        ValuePolicyType valuePolicy = getValuePolicy();
        if (valuePolicy != null) {
            Task createAnonymousTask = getPageBase().createAnonymousTask(OPERATION_VALIDATE_PASSWORD);
            try {
                return getPageBase().getModelInteractionService().validateValue(protectedStringType == null ? new ProtectedStringType() : protectedStringType, valuePolicy, ((FocusType) getModelObject()).asPrismObject(), createAnonymousTask, createAnonymousTask.getResult());
            } catch (Exception e) {
                LOGGER.error("Couldn't validate password security policy", (Throwable) e);
            }
        }
        return new ArrayList();
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected boolean isCheckOldPassword() {
        return getPasswordChangeSecurity() == null || getPasswordChangeSecurity().equals(PasswordChangeSecurityType.OLD_PASSWORD) || (getPasswordChangeSecurity().equals(PasswordChangeSecurityType.OLD_PASSWORD_IF_EXISTS) && ((FocusType) getModelObject()).asPrismObject().findProperty(ItemPath.create(FocusType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE)) != null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected <F extends FocusType> ValuePolicyType getValuePolicy() {
        ValuePolicyType valuePolicyType = null;
        try {
            GuiProfiledPrincipal principalUser = AuthUtil.getPrincipalUser();
            if (getPageBase() != null) {
                valuePolicyType = principalUser != null ? getSearchValuePolicy(getPageBase().createSimpleTask("load value policy")) : (ValuePolicyType) getPageBase().getSecurityContextManager().runPrivileged(() -> {
                    return getSearchValuePolicy(getPageBase().createAnonymousTask("load value policy"));
                });
            }
        } catch (Exception e) {
            LOGGER.warn("Couldn't load security policy for focus " + ((FocusType) getModelObject()).asPrismObject(), (Throwable) e);
        }
        return valuePolicyType;
    }

    private ValuePolicyType getSearchValuePolicy(Task task) {
        PrismObject resolveReferenceNoFetch;
        CredentialsPolicyType object2 = this.credentialsPolicyModel.getObject2();
        if (object2 == null || object2.getPassword() == null || object2.getPassword().getValuePolicyRef() == null || (resolveReferenceNoFetch = WebModelServiceUtils.resolveReferenceNoFetch(object2.getPassword().getValuePolicyRef(), getPageBase(), task, task.getResult())) == null) {
            return null;
        }
        return (ValuePolicyType) resolveReferenceNoFetch.asObjectable();
    }

    private PasswordChangeSecurityType getPasswordChangeSecurity() {
        CredentialsPolicyType object2 = this.credentialsPolicyModel.getObject2();
        if (object2 == null || object2.getPassword() == null) {
            return null;
        }
        return object2.getPassword().getPasswordChangeSecurity();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void changePasswordPerformed(AjaxRequestTarget ajaxRequestTarget) {
        if (isCheckOldPassword()) {
            LOGGER.debug("Check old password");
            if (this.currentPasswordValue == null || this.currentPasswordValue.trim().equals("")) {
                new Toast().cssClass("bg-warning m3").autohide(false).title(getString("PageSelfCredentials.specifyOldPasswordMessage")).show(ajaxRequestTarget);
                return;
            }
            OperationResult operationResult = new OperationResult(OPERATION_CHECK_PASSWORD);
            Task createSimpleTask = getPageBase().createSimpleTask(OPERATION_CHECK_PASSWORD);
            try {
                try {
                    ProtectedStringType protectedStringType = new ProtectedStringType();
                    protectedStringType.setClearValue(this.currentPasswordValue);
                    if (!getPageBase().getModelInteractionService().checkPassword(((FocusType) getModelObject()).getOid(), protectedStringType, createSimpleTask, operationResult)) {
                        new Toast().cssClass("bg-danger m3").autohide(false).title(getString("PageSelfCredentials.incorrectOldPassword")).show(ajaxRequestTarget);
                        operationResult.computeStatus();
                        return;
                    }
                    operationResult.computeStatus();
                } catch (Throwable th) {
                    operationResult.computeStatus();
                    throw th;
                }
            } catch (Exception e) {
                LoggingUtils.logUnexpectedException(LOGGER, "Couldn't check password", e, new Object[0]);
                operationResult.recordFatalError(getString("PageAbstractSelfCredentials.message.onSavePerformed.fatalError", e.getMessage()), e);
                new Toast().cssClass("bg-danger m3").autohide(false).title(getString("PageAbstractSelfCredentials.message.onSavePerformed.fatalError")).show(ajaxRequestTarget);
                operationResult.computeStatus();
                return;
            }
        }
        if (this.newPasswordValue == null) {
            new Toast().cssClass("bg-warning m3").autohide(false).title(getString("PageSelfCredentials.emptyPasswordFiled")).show(ajaxRequestTarget);
            return;
        }
        OperationResult operationResult2 = new OperationResult(OPERATION_SAVE_PASSWORD);
        ProgressReporter progressReporter = new ProgressReporter(MidPointApplication.get());
        progressReporter.getProgress().clear();
        progressReporter.setWriteOpResultForProgressActivity(true);
        progressReporter.recordExecutionStart();
        try {
            try {
                if (!this.newPasswordValue.isEncrypted()) {
                    WebComponentUtil.encryptProtectedString(this.newPasswordValue, true, getPageBase().getMidpointApplication());
                }
                ArrayList arrayList = new ArrayList();
                collectDeltas(arrayList, this.newPasswordValue, ItemPath.create(SchemaConstantsGenerated.C_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE));
                getPageBase().getModelService().executeChanges(arrayList, null, getPageBase().createSimpleTask(OPERATION_SAVE_PASSWORD, SchemaConstants.CHANNEL_SELF_SERVICE_URI), Collections.singleton(progressReporter), operationResult2);
                operationResult2.computeStatus();
                progressReporter.recordExecutionStop();
                this.progress = progressReporter.getProgress();
                operationResult2.computeStatusIfUnknown();
                if (!operationResult2.isError()) {
                    this.savedPassword = true;
                    ajaxRequestTarget.add(this);
                }
            } catch (Throwable th2) {
                progressReporter.recordExecutionStop();
                this.progress = progressReporter.getProgress();
                operationResult2.computeStatusIfUnknown();
                if (!operationResult2.isError()) {
                    this.savedPassword = true;
                    ajaxRequestTarget.add(this);
                }
                throw th2;
            }
        } catch (Exception e2) {
            setNullEncryptedPasswordData();
            LoggingUtils.logUnexpectedException(LOGGER, "Couldn't save password changes", e2, new Object[0]);
            operationResult2.recordFatalError(getString("PageAbstractSelfCredentials.save.password.failed", e2.getMessage()), e2);
            progressReporter.recordExecutionStop();
            this.progress = progressReporter.getProgress();
            operationResult2.computeStatusIfUnknown();
            if (!operationResult2.isError()) {
                this.savedPassword = true;
                ajaxRequestTarget.add(this);
            }
        }
        finishChangePassword(operationResult2, ajaxRequestTarget, true);
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected void collectDeltas(Collection<ObjectDelta<? extends ObjectType>> collection, ProtectedStringType protectedStringType, ItemPath itemPath) {
        PropertyDelta createModificationReplaceProperty = getPrismContext().deltaFactory().property().createModificationReplaceProperty(itemPath, getPrismContext().getSchemaRegistry().findObjectDefinitionByCompileTimeClass(UserType.class), this.newPasswordValue);
        if (protectedStringType != null) {
            createModificationReplaceProperty.addEstimatedOldValue(getPrismContext().itemFactory().createPropertyValue((ItemFactory) protectedStringType));
        }
        collection.add(getPrismContext().deltaFactory().object().createModifyDelta(((FocusType) getModelObject()).getOid(), createModificationReplaceProperty, UserType.class));
    }

    protected void setNullEncryptedPasswordData() {
        if (this.newPasswordValue != null) {
            this.newPasswordValue.setEncryptedData(null);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void finishChangePassword(OperationResult operationResult, AjaxRequestTarget ajaxRequestTarget, boolean z) {
        if (WebComponentUtil.isSuccessOrHandledError(operationResult)) {
            new Toast().cssClass("bg-info m3").autohide(false).title(getString(operationResult.getMessage())).show(ajaxRequestTarget);
            return;
        }
        setNullEncryptedPasswordData();
        if (z) {
            new Toast().cssClass("bg-warning m3").autohide(false).title(getString(operationResult.getMessage())).show(ajaxRequestTarget);
        }
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -567013572:
                if (implMethodName.equals("lambda$getValuePolicy$319daaf2$1")) {
                    z = false;
                    break;
                }
                break;
            case 1505400272:
                if (implMethodName.equals("lambda$initLayout$46f190a3$1")) {
                    z = true;
                    break;
                }
                break;
            case 1505400273:
                if (implMethodName.equals("lambda$initLayout$46f190a3$2")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/util/Producer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/self/credentials/ChangePasswordPanel") && serializedLambda.getImplMethodSignature().equals("()Lcom/evolveum/midpoint/xml/ns/_public/common/common_3/ValuePolicyType;")) {
                    ChangePasswordPanel changePasswordPanel = (ChangePasswordPanel) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return getSearchValuePolicy(getPageBase().createAnonymousTask("load value policy"));
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/web/component/util/SerializableSupplier") && serializedLambda.getFunctionalInterfaceMethodName().equals("get") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/self/credentials/ChangePasswordPanel") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/Boolean;")) {
                    ChangePasswordPanel changePasswordPanel2 = (ChangePasswordPanel) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return Boolean.valueOf(!this.savedPassword);
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/web/component/util/SerializableSupplier") && serializedLambda.getFunctionalInterfaceMethodName().equals("get") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/self/credentials/ChangePasswordPanel") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/Boolean;")) {
                    ChangePasswordPanel changePasswordPanel3 = (ChangePasswordPanel) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return Boolean.valueOf(!this.savedPassword);
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
