package com.evolveum.midpoint.gui.impl.page.login;

import com.evolveum.midpoint.authentication.api.authorization.PageDescriptor;
import com.evolveum.midpoint.authentication.api.authorization.Url;
import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.authentication.api.util.AuthenticationModuleNameConstants;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.SecurityPolicyUtil;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.component.form.MidpointForm;
import com.evolveum.midpoint.web.component.util.VisibleBehaviour;
import com.evolveum.midpoint.web.security.util.SecurityUtils;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsResetPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SelfRegistrationPolicyType;
import java.lang.invoke.SerializedLambda;
import org.apache.commons.lang3.StringUtils;
import org.apache.wicket.AttributeModifier;
import org.apache.wicket.markup.html.link.ExternalLink;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.LoadableDetachableModel;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;

@PageDescriptor(urls = {@Url(mountUrl = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL, matchUrlForSecurity = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL)}, permitAll = true, loginPage = true)
/* loaded from: input_file:WEB-INF/lib/admin-gui-4.6-SNAPSHOT.jar:com/evolveum/midpoint/gui/impl/page/login/PageLogin.class */
public class PageLogin extends AbstractPageLogin {
    private static final long serialVersionUID = 1;
    private static final String ID_FORGET_PASSWORD = "forgotPassword";
    private static final String ID_SELF_REGISTRATION = "selfRegistration";
    private static final String ID_CSRF_FIELD = "csrfField";
    private static final String ID_FORM = "form";
    private final LoadableDetachableModel<SecurityPolicyType> securityPolicyModel;
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) PageLogin.class);
    private static final String DOT_CLASS = PageLogin.class.getName() + ".";
    protected static final String OPERATION_LOAD_RESET_PASSWORD_POLICY = DOT_CLASS + "loadPasswordResetPolicy";

    public PageLogin() {
        super(null);
        this.securityPolicyModel = new LoadableDetachableModel<SecurityPolicyType>() { // from class: com.evolveum.midpoint.gui.impl.page.login.PageLogin.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.wicket.model.LoadableDetachableModel
            public SecurityPolicyType load() {
                try {
                    return PageLogin.this.getModelInteractionService().getSecurityPolicy((PrismObject) null, PageLogin.this.createAnonymousTask(PageLogin.OPERATION_LOAD_RESET_PASSWORD_POLICY), new OperationResult(PageLogin.OPERATION_LOAD_RESET_PASSWORD_POLICY));
                } catch (CommonException e) {
                    PageLogin.LOGGER.warn("Cannot read credentials policy: " + e.getMessage(), (Throwable) e);
                    return null;
                }
            }
        };
    }

    @Override // com.evolveum.midpoint.gui.impl.page.login.AbstractPageLogin
    protected void initCustomLayout() {
        MidpointForm midpointForm = new MidpointForm("form");
        midpointForm.add(AttributeModifier.replace("action", (IModel<?>) this::getUrlProcessingLogin));
        add(midpointForm);
        SecurityPolicyType loadSecurityPolicyType = loadSecurityPolicyType();
        addForgotPasswordLink(loadSecurityPolicyType);
        addRegistrationLink(loadSecurityPolicyType);
        midpointForm.add(SecurityUtils.createHiddenInputForCsrf(ID_CSRF_FIELD));
    }

    private void addForgotPasswordLink(SecurityPolicyType securityPolicyType) {
        String passwordResetUrl = getPasswordResetUrl(securityPolicyType);
        ExternalLink externalLink = new ExternalLink(ID_FORGET_PASSWORD, passwordResetUrl);
        externalLink.add(new VisibleBehaviour(() -> {
            return Boolean.valueOf(StringUtils.isNotBlank(passwordResetUrl));
        }));
        add(externalLink);
    }

    private String getPasswordResetUrl(SecurityPolicyType securityPolicyType) {
        AuthenticationSequenceType sequenceByName;
        String resetPasswordAuthenticationSequenceName = getResetPasswordAuthenticationSequenceName(securityPolicyType);
        if (StringUtils.isBlank(resetPasswordAuthenticationSequenceName) || (sequenceByName = SecurityUtils.getSequenceByName(securityPolicyType.getCredentialsReset().getAuthenticationSequenceName(), securityPolicyType.getAuthentication())) == null) {
            return "";
        }
        if (sequenceByName.getChannel() != null && !StringUtils.isBlank(sequenceByName.getChannel().getUrlSuffix())) {
            return "./auth/" + sequenceByName.getChannel().getUrlSuffix();
        }
        String str = "Sequence with name " + resetPasswordAuthenticationSequenceName + " doesn't contain urlSuffix";
        LOGGER.error(str, (Throwable) new IllegalArgumentException(str));
        error(str);
        return "";
    }

    private void addRegistrationLink(SecurityPolicyType securityPolicyType) {
        String registrationUrl = getRegistrationUrl(securityPolicyType);
        ExternalLink externalLink = new ExternalLink(ID_SELF_REGISTRATION, registrationUrl);
        externalLink.add(new VisibleBehaviour(() -> {
            return Boolean.valueOf(StringUtils.isNotBlank(registrationUrl));
        }));
        add(externalLink);
    }

    private SecurityPolicyType loadSecurityPolicyType() {
        return this.securityPolicyModel.getObject2();
    }

    private String getResetPasswordAuthenticationSequenceName(SecurityPolicyType securityPolicyType) {
        CredentialsResetPolicyType credentialsReset;
        if (securityPolicyType == null || (credentialsReset = securityPolicyType.getCredentialsReset()) == null) {
            return null;
        }
        return credentialsReset.getAuthenticationSequenceName();
    }

    private String getRegistrationUrl(SecurityPolicyType securityPolicyType) {
        SelfRegistrationPolicyType selfRegistrationPolicy;
        AuthenticationSequenceType sequenceByName;
        return (securityPolicyType == null || (selfRegistrationPolicy = SecurityPolicyUtil.getSelfRegistrationPolicy(securityPolicyType)) == null || StringUtils.isBlank(selfRegistrationPolicy.getAdditionalAuthenticationSequence()) || (sequenceByName = SecurityUtils.getSequenceByName(selfRegistrationPolicy.getAdditionalAuthenticationSequence(), securityPolicyType.getAuthentication())) == null || sequenceByName.getChannel() == null || sequenceByName.getChannel().getUrlSuffix() == null) ? "" : "./auth/" + sequenceByName.getChannel().getUrlSuffix();
    }

    private String getUrlProcessingLogin() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof MidpointAuthentication)) {
            return "./spring_security_login";
        }
        ModuleAuthentication processingModuleAuthentication = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
        return isModuleApplicable(processingModuleAuthentication) ? AuthUtil.stripSlashes(processingModuleAuthentication.getPrefix()) + "/spring_security_login" : "./spring_security_login";
    }

    private boolean isModuleApplicable(ModuleAuthentication moduleAuthentication) {
        return moduleAuthentication != null && (AuthenticationModuleNameConstants.LOGIN_FORM.equals(moduleAuthentication.getNameOfModuleType()) || AuthenticationModuleNameConstants.LDAP.equals(moduleAuthentication.getNameOfModuleType()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.wicket.Page, org.apache.wicket.MarkupContainer, org.apache.wicket.Component
    public void onDetach() {
        this.securityPolicyModel.detach();
        super.onDetach();
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1962229019:
                if (implMethodName.equals("lambda$addRegistrationLink$c4c92578$1")) {
                    z = 2;
                    break;
                }
                break;
            case 762588317:
                if (implMethodName.equals("getUrlProcessingLogin")) {
                    z = false;
                    break;
                }
                break;
            case 1566336928:
                if (implMethodName.equals("lambda$addForgotPasswordLink$4f1d0567$1")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("org/apache/wicket/model/IModel") && serializedLambda.getFunctionalInterfaceMethodName().equals(RepositoryService.OP_GET_OBJECT) && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/login/PageLogin") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    PageLogin pageLogin = (PageLogin) serializedLambda.getCapturedArg(0);
                    return pageLogin::getUrlProcessingLogin;
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/web/component/util/SerializableSupplier") && serializedLambda.getFunctionalInterfaceMethodName().equals("get") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/login/PageLogin") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;)Ljava/lang/Boolean;")) {
                    String str = (String) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return Boolean.valueOf(StringUtils.isNotBlank(str));
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/web/component/util/SerializableSupplier") && serializedLambda.getFunctionalInterfaceMethodName().equals("get") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/gui/impl/page/login/PageLogin") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;)Ljava/lang/Boolean;")) {
                    String str2 = (String) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return Boolean.valueOf(StringUtils.isNotBlank(str2));
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
