package org.geoserver.security.web.user;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import org.apache.wicket.Component;
import org.apache.wicket.WicketRuntimeException;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior;
import org.apache.wicket.ajax.form.OnChangeAjaxBehavior;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.form.CheckBox;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.FormComponent;
import org.apache.wicket.markup.html.form.PasswordTextField;
import org.apache.wicket.markup.html.form.SubmitLink;
import org.apache.wicket.markup.html.form.TextField;
import org.apache.wicket.markup.html.form.validation.AbstractFormValidator;
import org.apache.wicket.markup.html.form.validation.EqualInputValidator;
import org.apache.wicket.markup.html.list.ListItem;
import org.apache.wicket.markup.html.list.ListView;
import org.apache.wicket.model.CompoundPropertyModel;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.LoadableDetachableModel;
import org.apache.wicket.model.Model;
import org.apache.wicket.model.StringResourceModel;
import org.apache.wicket.model.util.ListModel;
import org.geoserver.security.GeoServerUserGroupService;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.impl.GeoServerUserGroup;
import org.geoserver.security.impl.GroupAdminProperty;
import org.geoserver.security.impl.RoleCalculator;
import org.geoserver.security.password.GeoServerEmptyPasswordEncoder;
import org.geoserver.security.validation.AbstractSecurityException;
import org.geoserver.security.validation.PasswordPolicyException;
import org.geoserver.security.web.AbstractSecurityPage;
import org.geoserver.security.web.role.EditRolePage;
import org.geoserver.security.web.role.RoleListProvider;
import org.geoserver.security.web.role.RolePaletteFormComponent;
import org.geoserver.security.xml.XMLConstants;
import org.geoserver.web.wicket.ParamResourceModel;
import org.geoserver.web.wicket.SimpleAjaxLink;
import org.geoserver.web.wicket.property.PropertyEditorFormComponent;

/* loaded from: input_file:WEB-INF/lib/gs-web-sec-core-2.25.3.jar:org/geoserver/security/web/user/AbstractUserPage.class */
public abstract class AbstractUserPage extends AbstractSecurityPage {
    protected RolePaletteFormComponent rolePalette;
    protected UserGroupPaletteFormComponent userGroupPalette;
    protected UserGroupListMultipleChoice adminGroupChoice;
    protected ListView<GeoServerRole> calculatedRoles;
    protected String ugServiceName;

    /* loaded from: input_file:WEB-INF/lib/gs-web-sec-core-2.25.3.jar:org/geoserver/security/web/user/AbstractUserPage$CalculatedRoleModel.class */
    class CalculatedRoleModel extends LoadableDetachableModel<List<GeoServerRole>> {
        GeoServerUser user;

        CalculatedRoleModel(GeoServerUser geoServerUser) {
            this.user = geoServerUser;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.wicket.model.LoadableDetachableModel
        public List<GeoServerRole> load() {
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            try {
                RoleCalculator roleCalculator = new RoleCalculator(AbstractUserPage.this.getSecurityManager().loadUserGroupService(AbstractUserPage.this.ugServiceName), AbstractUserPage.this.getSecurityManager().getActiveRoleService());
                arrayList.addAll(AbstractUserPage.this.rolePalette.getSelectedRoles());
                roleCalculator.addInheritedRoles(arrayList);
                for (GeoServerUserGroup geoServerUserGroup : AbstractUserPage.this.userGroupPalette.getSelectedGroups()) {
                    if (geoServerUserGroup.isEnabled()) {
                        arrayList.addAll(roleCalculator.calculateRoles(geoServerUserGroup));
                    }
                }
                arrayList2.addAll(roleCalculator.personalizeRoles(this.user, arrayList));
                Collections.sort(arrayList2);
                return arrayList2;
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/gs-web-sec-core-2.25.3.jar:org/geoserver/security/web/user/AbstractUserPage$GroupAdminValidator.class */
    class GroupAdminValidator extends AbstractFormValidator {
        GroupAdminValidator() {
        }

        @Override // org.apache.wicket.markup.html.form.validation.IFormValidator
        public FormComponent<?>[] getDependentFormComponents() {
            return new FormComponent[]{AbstractUserPage.this.adminGroupChoice};
        }

        @Override // org.apache.wicket.markup.html.form.validation.IFormValidator
        public void validate(Form<?> form) {
            if (AbstractUserPage.this.adminGroupChoice.isEnabled()) {
                AbstractUserPage.this.adminGroupChoice.updateModel();
                if (AbstractUserPage.this.adminGroupChoice.getModelObject().isEmpty()) {
                    form.error(new StringResourceModel("noAdminGroups", AbstractUserPage.this.getPage(), null).getString());
                }
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/gs-web-sec-core-2.25.3.jar:org/geoserver/security/web/user/AbstractUserPage$RoleEditLink.class */
    private class RoleEditLink extends SimpleAjaxLink<GeoServerRole> {
        public RoleEditLink(IModel<GeoServerRole> iModel) {
            super(XMLConstants.E_ROLE_RR, iModel, RoleListProvider.ROLENAME.getModel(iModel));
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.geoserver.web.wicket.SimpleAjaxLink
        public void onClick(AjaxRequestTarget ajaxRequestTarget) {
            setResponsePage(new EditRolePage(AbstractUserPage.this.getSecurityManager().getActiveRoleService().getName(), (GeoServerRole) getDefaultModelObject()).setReturnPage(getPage()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractUserPage(String str, final GeoServerUser geoServerUser) {
        this.ugServiceName = str;
        GeoServerUserGroupService userGroupService = getUserGroupService(str);
        boolean z = getSecurityManager().loadPasswordEncoder(userGroupService.getPasswordEncoderName()) instanceof GeoServerEmptyPasswordEncoder;
        boolean canCreateStore = userGroupService.canCreateStore();
        boolean hasRoleStore = hasRoleStore(getSecurityManager().getActiveRoleService().getName());
        Form form = new Form("form", new CompoundPropertyModel(geoServerUser));
        add(form);
        form.add(new TextField("username").setEnabled(canCreateStore));
        form.add(new CheckBox("enabled").setEnabled(canCreateStore));
        PasswordTextField passwordTextField = new PasswordTextField("password") { // from class: org.geoserver.security.web.user.AbstractUserPage.1
            @Override // org.apache.wicket.markup.html.form.FormComponent
            public boolean isRequired() {
                return AbstractUserPage.this.isFinalSubmit(this);
            }
        };
        form.add(passwordTextField);
        passwordTextField.setResetPassword(false);
        passwordTextField.setEnabled(canCreateStore && !z);
        PasswordTextField passwordTextField2 = new PasswordTextField("confirmPassword", new Model(geoServerUser.getPassword())) { // from class: org.geoserver.security.web.user.AbstractUserPage.2
            @Override // org.apache.wicket.markup.html.form.FormComponent
            public boolean isRequired() {
                return AbstractUserPage.this.isFinalSubmit(this);
            }
        };
        form.add(passwordTextField2);
        passwordTextField2.setResetPassword(false);
        passwordTextField2.setEnabled(canCreateStore && !z);
        form.add(new PropertyEditorFormComponent("properties").setEnabled(canCreateStore));
        UserGroupPaletteFormComponent userGroupPaletteFormComponent = new UserGroupPaletteFormComponent(XMLConstants.E_GROUPS_UR, str, geoServerUser);
        this.userGroupPalette = userGroupPaletteFormComponent;
        form.add(userGroupPaletteFormComponent);
        this.userGroupPalette.add(new AjaxFormComponentUpdatingBehavior(OnChangeAjaxBehavior.EVENT_CHANGE) { // from class: org.geoserver.security.web.user.AbstractUserPage.3
            @Override // org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior
            protected void onUpdate(AjaxRequestTarget ajaxRequestTarget) {
                AbstractUserPage.this.updateCalculatedRoles(ajaxRequestTarget);
            }
        });
        this.userGroupPalette.setEnabled(canCreateStore);
        try {
            ArrayList arrayList = new ArrayList(getSecurityManager().getActiveRoleService().getRolesForUser(geoServerUser.getUsername()));
            RolePaletteFormComponent rolePaletteFormComponent = new RolePaletteFormComponent("roles", new ListModel(arrayList));
            this.rolePalette = rolePaletteFormComponent;
            form.add(rolePaletteFormComponent);
            this.rolePalette.add(new AjaxFormComponentUpdatingBehavior(OnChangeAjaxBehavior.EVENT_CHANGE) { // from class: org.geoserver.security.web.user.AbstractUserPage.4
                @Override // org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior
                protected void onUpdate(AjaxRequestTarget ajaxRequestTarget) {
                    AbstractUserPage.this.updateCalculatedRoles(ajaxRequestTarget);
                    AbstractUserPage.this.updateGroupAdminList(ajaxRequestTarget);
                }
            });
            this.rolePalette.setOutputMarkupId(true);
            this.rolePalette.setEnabled(hasRoleStore);
            boolean contains = arrayList.contains(GeoServerRole.GROUP_ADMIN_ROLE);
            ArrayList arrayList2 = new ArrayList();
            if (contains) {
                for (String str2 : GroupAdminProperty.get(geoServerUser.getProperties())) {
                    try {
                        arrayList2.add(userGroupService.getGroupByGroupname(str2));
                    } catch (IOException e) {
                        throw new WicketRuntimeException(e);
                    }
                }
            }
            UserGroupListMultipleChoice userGroupListMultipleChoice = new UserGroupListMultipleChoice("adminGroups", new ListModel(arrayList2), new GroupsModel(str));
            this.adminGroupChoice = userGroupListMultipleChoice;
            form.add(userGroupListMultipleChoice);
            this.adminGroupChoice.setOutputMarkupId(true);
            this.adminGroupChoice.setEnabled(canCreateStore && contains);
            WebMarkupContainer webMarkupContainer = new WebMarkupContainer("calculatedRolesContainer");
            form.add(webMarkupContainer);
            webMarkupContainer.setOutputMarkupId(true);
            ListView<GeoServerRole> listView = new ListView<GeoServerRole>("calculatedRoles", new CalculatedRoleModel(geoServerUser)) { // from class: org.geoserver.security.web.user.AbstractUserPage.5
                @Override // org.apache.wicket.markup.html.list.ListView
                protected void populateItem(ListItem<GeoServerRole> listItem) {
                    listItem.add(new RoleEditLink(listItem.getModel()));
                }
            };
            this.calculatedRoles = listView;
            webMarkupContainer.add(listView);
            this.calculatedRoles.setOutputMarkupId(true);
            Component[] componentArr = new Component[1];
            componentArr[0] = new SubmitLink("save") { // from class: org.geoserver.security.web.user.AbstractUserPage.6
                @Override // org.apache.wicket.markup.html.form.SubmitLink, org.apache.wicket.markup.html.form.IFormSubmitter
                public void onSubmit() {
                    try {
                        if (AbstractUserPage.this.adminGroupChoice.isEnabled()) {
                            Collection modelObject = AbstractUserPage.this.adminGroupChoice.getModelObject();
                            String[] strArr = new String[modelObject.size()];
                            int i = 0;
                            Iterator it2 = modelObject.iterator();
                            while (it2.hasNext()) {
                                int i2 = i;
                                i++;
                                strArr[i2] = ((GeoServerUserGroup) it2.next()).getGroupname();
                            }
                            GroupAdminProperty.set(geoServerUser.getProperties(), strArr);
                        } else {
                            GroupAdminProperty.del(geoServerUser.getProperties());
                        }
                        AbstractUserPage.this.onFormSubmit(geoServerUser);
                        AbstractUserPage.this.setReturnPageDirtyAndReturn(true);
                    } catch (Exception e2) {
                        AbstractUserPage.this.handleSubmitError(e2);
                    }
                }
            }.setEnabled(canCreateStore || hasRoleStore(getSecurityManager().getActiveRoleService().getName()));
            form.add(componentArr);
            form.add(getCancelLink());
            form.add(new EqualInputValidator(passwordTextField, passwordTextField2) { // from class: org.geoserver.security.web.user.AbstractUserPage.7
                private static final long serialVersionUID = 1;

                @Override // org.apache.wicket.markup.html.form.validation.EqualInputValidator, org.apache.wicket.markup.html.form.validation.IFormValidator
                public void validate(Form<?> form2) {
                    if (AbstractUserPage.this.isFinalSubmit(form2)) {
                        super.validate(form2);
                    }
                }

                @Override // org.apache.wicket.markup.html.form.validation.AbstractFormValidator
                protected String resourceKey() {
                    return "AbstractUserPage.passwordMismatch";
                }
            });
            form.add(new GroupAdminValidator());
        } catch (IOException e2) {
            throw new WicketRuntimeException(e2);
        }
    }

    boolean isFinalSubmit(FormComponent formComponent) {
        return isFinalSubmit(Form.findForm(formComponent));
    }

    boolean isFinalSubmit(Form form) {
        return form != null && form.findSubmittingButton() == form.get("save");
    }

    void updateCalculatedRoles(AjaxRequestTarget ajaxRequestTarget) {
        this.calculatedRoles.modelChanged();
        ajaxRequestTarget.add(this.calculatedRoles.getParent2());
    }

    void updateGroupAdminList(AjaxRequestTarget ajaxRequestTarget) {
        this.adminGroupChoice.setEnabled(this.rolePalette.getSelectedRoles().contains(GeoServerRole.GROUP_ADMIN_ROLE));
        ajaxRequestTarget.add(this.adminGroupChoice);
    }

    void handleSubmitError(Exception exc) {
        LOGGER.log(Level.SEVERE, "Error occurred while saving user", (Throwable) exc);
        if ((exc instanceof RuntimeException) && (exc.getCause() instanceof Exception)) {
            exc = (Exception) exc.getCause();
        }
        if ((exc instanceof IOException) && (exc.getCause() instanceof AbstractSecurityException)) {
            exc = (Exception) exc.getCause();
        }
        if (exc instanceof AbstractSecurityException) {
            error(exc);
        } else {
            error(new ParamResourceModel("saveError", getPage(), exc.getMessage()).getObject());
        }
    }

    protected abstract void onFormSubmit(GeoServerUser geoServerUser) throws IOException, PasswordPolicyException;
}
