package com.evolveum.midpoint.model.impl.lens.projector.policy;

import com.evolveum.midpoint.common.LocalizationService;
import com.evolveum.midpoint.model.api.ModelExecuteOptions;
import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule;
import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRuleTrigger;
import com.evolveum.midpoint.model.api.context.PolicyRuleExternalizationOptions;
import com.evolveum.midpoint.model.api.util.EvaluatedPolicyRuleUtil;
import com.evolveum.midpoint.model.common.ModelCommonBeans;
import com.evolveum.midpoint.model.impl.lens.EvaluatedPolicyRuleImpl;
import com.evolveum.midpoint.model.impl.lens.LensContext;
import com.evolveum.midpoint.model.impl.lens.LensFocusContext;
import com.evolveum.midpoint.model.impl.lens.assignments.EvaluatedAssignmentImpl;
import com.evolveum.midpoint.prism.delta.DeltaSetTriple;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.util.LocalizableMessage;
import com.evolveum.midpoint.util.LocalizableMessageList;
import com.evolveum.midpoint.util.LocalizableMessageListBuilder;
import com.evolveum.midpoint.util.SingleLocalizableMessage;
import com.evolveum.midpoint.util.TreeNode;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.ThresholdPolicyViolationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentHolderType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.EnforcementPolicyActionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.EvaluatedPolicyRuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyRuleEnforcerPreviewOutputType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SuspendTaskPolicyActionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TriggeredPolicyRulesStorageStrategyType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.jetbrains.annotations.NotNull;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/model-impl-4.10-M4.jar:com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleEnforcer.class */
public class PolicyRuleEnforcer<O extends ObjectType> {

    @NotNull
    private final LensContext<O> context;

    @NotNull
    private final List<LocalizableMessage> messages = new ArrayList();

    @NotNull
    private final List<EvaluatedPolicyRuleType> rulesBeans = new ArrayList();

    /* JADX INFO: Access modifiers changed from: package-private */
    public PolicyRuleEnforcer(@NotNull LensContext<O> lensContext) {
        this.context = lensContext;
    }

    public void enforce(OperationResult operationResult) throws PolicyViolationException, ConfigurationException {
        enforceRulesWithoutThresholds(operationResult);
        enforceThresholds();
    }

    private void enforceRulesWithoutThresholds(OperationResult operationResult) throws PolicyViolationException {
        if (!this.context.hasFocusOfType(AssignmentHolderType.class)) {
            operationResult.recordNotApplicable();
            return;
        }
        computeEnforcementForFocusRules();
        computeEnforcementForAssignmentRules();
        if (isEnforcementPreviewMode()) {
            enforceInPreviewMode();
        } else {
            enforceInRegularMode();
        }
    }

    private boolean isEnforcementPreviewMode() {
        return ModelExecuteOptions.isPreviewPolicyRulesEnforcement(this.context.getOptions());
    }

    private void enforceInPreviewMode() {
        PolicyRuleEnforcerPreviewOutputType policyRuleEnforcerPreviewOutputType = new PolicyRuleEnforcerPreviewOutputType();
        policyRuleEnforcerPreviewOutputType.getRule().addAll(this.rulesBeans);
        this.context.setPolicyRuleEnforcerPreviewOutput(policyRuleEnforcerPreviewOutputType);
    }

    private void enforceInRegularMode() throws PolicyViolationException {
        if (this.messages.isEmpty()) {
            return;
        }
        throw ((PolicyViolationException) ModelCommonBeans.get().localizationService.translate((LocalizationService) new PolicyViolationException(new LocalizableMessageListBuilder().messages(this.messages).separator(LocalizableMessageList.SEMICOLON).buildOptimized())));
    }

    private void computeEnforcementForFocusRules() {
        LensFocusContext<O> focusContext = this.context.getFocusContext();
        if (focusContext != null) {
            computeEnforcementForTriggeredRules(focusContext.getObjectPolicyRules());
        }
    }

    private void computeEnforcementForAssignmentRules() {
        DeltaSetTriple<EvaluatedAssignmentImpl<?>> evaluatedAssignmentTriple = this.context.getEvaluatedAssignmentTriple();
        if (evaluatedAssignmentTriple != null) {
            evaluatedAssignmentTriple.simpleAccept(evaluatedAssignment -> {
                computeEnforcementForTriggeredRules(evaluatedAssignment.getAllTargetsPolicyRules());
            });
        }
    }

    private void computeEnforcementForTriggeredRules(Collection<? extends EvaluatedPolicyRule> collection) {
        Collection<EvaluatedPolicyRuleTrigger<?>> collection2;
        for (EvaluatedPolicyRule evaluatedPolicyRule : collection) {
            Collection<EvaluatedPolicyRuleTrigger<?>> triggers = evaluatedPolicyRule.getTriggers();
            if (!triggers.isEmpty()) {
                boolean containsEnabledAction = evaluatedPolicyRule.containsEnabledAction(EnforcementPolicyActionType.class);
                if (containsEnabledAction) {
                    collection2 = triggers;
                } else {
                    collection2 = (Collection) triggers.stream().filter((v0) -> {
                        return v0.isEnforcementOverride();
                    }).collect(Collectors.toList());
                    if (collection2.isEmpty()) {
                    }
                }
                evaluatedPolicyRule.addToEvaluatedPolicyRuleBeans(this.rulesBeans, new PolicyRuleExternalizationOptions(TriggeredPolicyRulesStorageStrategyType.FULL, true), evaluatedPolicyRuleTrigger -> {
                    return containsEnabledAction || evaluatedPolicyRuleTrigger.isEnforcementOverride();
                }, evaluatedPolicyRule.getNewOwner());
                Iterator<TreeNode<LocalizableMessage>> it = EvaluatedPolicyRuleUtil.extractMessages(collection2, EvaluatedPolicyRuleUtil.MessageKind.NORMAL).iterator();
                while (it.hasNext()) {
                    this.messages.add(it.next().getUserObject());
                }
            }
        }
    }

    private void enforceThresholds() throws ThresholdPolicyViolationException, ConfigurationException {
        LensFocusContext<O> focusContext;
        if (isEnforcementPreviewMode() || (focusContext = this.context.getFocusContext()) == null) {
            return;
        }
        for (EvaluatedPolicyRuleImpl evaluatedPolicyRuleImpl : focusContext.getObjectPolicyRules()) {
            if (evaluatedPolicyRuleImpl.containsEnabledAction(SuspendTaskPolicyActionType.class) && evaluatedPolicyRuleImpl.isOverThreshold()) {
                throw new ThresholdPolicyViolationException(new SingleLocalizableMessage("PolicyRuleEnforces.policyViolationMessage", new Object[]{evaluatedPolicyRuleImpl.getPolicyRule()}), "Policy rule violation: " + evaluatedPolicyRuleImpl.getPolicyRule());
            }
        }
    }
}
