package com.evolveum.midpoint.model.common.stringpolicy;

import com.evolveum.midpoint.model.api.validator.StringLimitationResult;
import com.evolveum.midpoint.model.common.stringpolicy.StringPolicy;
import com.evolveum.midpoint.prism.PrimitiveType;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismObjectDefinition;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.repo.common.expression.ExpressionFactory;
import com.evolveum.midpoint.repo.common.expression.ExpressionUtil;
import com.evolveum.midpoint.schema.constants.ExpressionConstants;
import com.evolveum.midpoint.schema.expression.ExpressionProfile;
import com.evolveum.midpoint.schema.expression.VariablesMap;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.LocalizationUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.LocalizableMessageBuilder;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CheckExpressionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ExpressionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ProhibitedValueItemType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ProhibitedValuesType;
import com.evolveum.prism.xml.ns._public.types_3.ItemPathType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringTranslationType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.function.Consumer;
import org.apache.commons.lang3.mutable.MutableBoolean;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/model-common-4.10-M4.jar:com/evolveum/midpoint/model/common/stringpolicy/ValueChecker.class */
public class ValueChecker {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ValueChecker.class);

    @NotNull
    private final StringPolicy stringPolicy;

    @Nullable
    private final ProhibitedValuesType prohibitedValues;
    private final ExpressionProfile expressionProfile;

    @Nullable
    private final ObjectBasedValuePolicyOriginResolver<?> originResolver;

    @NotNull
    private final String shortDesc;

    @NotNull
    private final Protector protector;

    @NotNull
    private final ExpressionFactory expressionFactory;

    @NotNull
    private final Task task;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/model-common-4.10-M4.jar:com/evolveum/midpoint/model/common/stringpolicy/ValueChecker$Operation.class */
    public class Operation {

        @NotNull
        private final String value;

        @NotNull
        private final Set<Character> distinctCharacters;

        @NotNull
        private final List<StringLimitationResult> resultList = new ArrayList();

        Operation(@NotNull String str) {
            this.value = str;
            this.distinctCharacters = StringPolicyUtils.stringAsCharacters(str);
        }

        boolean executeForExpressionsAndProhibitions(OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
            if (!checkExpressions(operationResult)) {
                ValueChecker.LOGGER.trace("Check expression returned false for value in {}", ValueChecker.this.shortDesc);
                return false;
            }
            if (checkProhibitedValues(null, operationResult)) {
                return true;
            }
            ValueChecker.LOGGER.trace("Value is prohibited in {}", ValueChecker.this.shortDesc);
            return false;
        }

        List<StringLimitationResult> executeFully(OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ConfigurationException, ObjectNotFoundException {
            testLength();
            testMinimalUniqueCharacters();
            testProhibitedValues(operationResult);
            testCheckExpression(operationResult);
            testCharacterClasses();
            return this.resultList;
        }

        private <R extends ObjectType> boolean checkProhibitedValues(Consumer<ProhibitedValueItemType> consumer, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
            if (ValueChecker.this.prohibitedValues == null || ValueChecker.this.originResolver == null) {
                return true;
            }
            MutableBoolean mutableBoolean = new MutableBoolean(true);
            for (ProhibitedValueItemType prohibitedValueItemType : ValueChecker.this.prohibitedValues.getItem()) {
                ItemPathType path = prohibitedValueItemType.getPath();
                if (path == null) {
                    throw new SchemaException("No item path defined in prohibited item in " + ValueChecker.this.shortDesc);
                }
                ItemPath itemPath = path.getItemPath();
                ValueChecker.this.originResolver.resolve(prohibitedValueItemType, (prismObject, operationResult2) -> {
                    PrismProperty<Object> findProperty = prismObject.findProperty(itemPath);
                    if (findProperty == null || !isMatching(this.value, findProperty)) {
                        return true;
                    }
                    if (consumer != null) {
                        consumer.accept(prohibitedValueItemType);
                    }
                    mutableBoolean.setValue(false);
                    return false;
                }, ValueChecker.this.shortDesc, ValueChecker.this.task, operationResult);
            }
            return mutableBoolean.booleanValue();
        }

        private boolean isMatching(String str, PrismProperty<Object> prismProperty) {
            for (Object obj : prismProperty.getRealValues()) {
                if (obj instanceof String) {
                    if (str.equals(obj)) {
                        return true;
                    }
                } else if (obj instanceof ProtectedStringType) {
                    try {
                        if (ValueChecker.this.protector.compareCleartext(new ProtectedStringType().clearValue(str), (ProtectedStringType) obj)) {
                            return true;
                        }
                    } catch (EncryptionException | SchemaException e) {
                        throw new SystemException(e);
                    }
                } else if (str.equals(obj.toString())) {
                    return true;
                }
            }
            return false;
        }

        private void testLength() {
            int minLength = ValueChecker.this.stringPolicy.getMinLength();
            Integer declaredMaxLength = ValueChecker.this.stringPolicy.getDeclaredMaxLength();
            int effectiveMaxLength = ValueChecker.this.stringPolicy.getEffectiveMaxLength();
            if (minLength == 0 && declaredMaxLength == null) {
                return;
            }
            StringLimitationResult stringLimitationResult = new StringLimitationResult();
            PolyStringType polyStringType = new PolyStringType("characters");
            PolyStringTranslationType polyStringTranslationType = new PolyStringTranslationType();
            polyStringTranslationType.setKey("ValuePolicy.characters");
            polyStringType.setTranslation(polyStringTranslationType);
            stringLimitationResult.setName(polyStringType);
            stringLimitationResult.setMinOccurs(Integer.valueOf(minLength));
            if (this.value.length() < minLength) {
                stringLimitationResult.recordFailure(new LocalizableMessageBuilder().key("ValuePolicy.minimalSizeNotMet").arg(Integer.valueOf(minLength)).arg(Integer.valueOf(this.value.length())).build());
            }
            stringLimitationResult.setMaxOccurs(declaredMaxLength);
            if (this.value.length() > effectiveMaxLength) {
                stringLimitationResult.recordFailure(new LocalizableMessageBuilder().key("ValuePolicy.maximalSizeExceeded").arg(Integer.valueOf(effectiveMaxLength)).arg(Integer.valueOf(this.value.length())).build());
            }
            addResult(stringLimitationResult);
        }

        private void testMinimalUniqueCharacters() {
            int minUniqueChars = ValueChecker.this.stringPolicy.getMinUniqueChars();
            if (minUniqueChars == 0) {
                return;
            }
            StringLimitationResult stringLimitationResult = new StringLimitationResult();
            PolyStringType polyStringType = new PolyStringType("unique characters");
            PolyStringTranslationType polyStringTranslationType = new PolyStringTranslationType();
            polyStringTranslationType.setKey("ValuePolicy.uniqueCharacters");
            polyStringType.setTranslation(polyStringTranslationType);
            stringLimitationResult.setName(polyStringType);
            stringLimitationResult.setMinOccurs(Integer.valueOf(minUniqueChars));
            if (this.distinctCharacters.size() < minUniqueChars) {
                stringLimitationResult.recordFailure(new LocalizableMessageBuilder().key("ValuePolicy.minimalUniqueCharactersNotMet").arg(Integer.valueOf(minUniqueChars)).arg(Integer.valueOf(this.distinctCharacters.size())).build());
            }
            addResult(stringLimitationResult);
        }

        private void testProhibitedValues(OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
            if (ValueChecker.this.prohibitedValues == null || ValueChecker.this.originResolver == null) {
                return;
            }
            StringLimitationResult stringLimitationResult = new StringLimitationResult();
            PolyStringType polyStringType = new PolyStringType("prohibited value");
            PolyStringTranslationType polyStringTranslationType = new PolyStringTranslationType();
            polyStringTranslationType.setKey("ValuePolicy.prohibitedValueName");
            polyStringType.setTranslation(polyStringTranslationType);
            stringLimitationResult.setName(polyStringType);
            PolyStringType polyStringType2 = new PolyStringType("");
            PolyStringTranslationType polyStringTranslationType2 = new PolyStringTranslationType();
            polyStringTranslationType2.setKey("ValuePolicy.prohibitedValue");
            polyStringType2.setTranslation(polyStringTranslationType2);
            stringLimitationResult.setHelp(polyStringType2);
            checkProhibitedValues(prohibitedValueItemType -> {
                stringLimitationResult.recordFailure(new LocalizableMessageBuilder().key("ValuePolicy.prohibitedValue").build());
            }, operationResult);
            addResult(stringLimitationResult);
        }

        private void testCheckExpression(OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
            for (CheckExpressionType checkExpressionType : ValueChecker.this.stringPolicy.getCheckExpressions()) {
                ExpressionType expression = checkExpressionType.getExpression();
                if (expression != null) {
                    StringLimitationResult stringLimitationResult = new StringLimitationResult();
                    PolyStringType polyStringType = null;
                    if (checkExpressionType.getDisplay() != null) {
                        polyStringType = checkExpressionType.getDisplay().getLabel();
                        stringLimitationResult.setHelp(checkExpressionType.getDisplay().getHelp());
                    }
                    if (polyStringType == null) {
                        polyStringType = new PolyStringType("Check expression");
                        PolyStringTranslationType polyStringTranslationType = new PolyStringTranslationType();
                        polyStringTranslationType.setKey("ValuePolicy.checkExpression");
                        polyStringType.setTranslation(polyStringTranslationType);
                    }
                    stringLimitationResult.setName(polyStringType);
                    if (!checkExpression(expression, operationResult)) {
                        stringLimitationResult.recordFailure(checkExpressionType.getLocalizableFailureMessage() != null ? LocalizationUtil.toLocalizableMessage(checkExpressionType.getLocalizableFailureMessage()) : checkExpressionType.getFailureMessage() != null ? LocalizableMessageBuilder.buildFallbackMessage(checkExpressionType.getFailureMessage()) : LocalizableMessageBuilder.buildKey("ValuePolicy.checkExpressionFailed"));
                    }
                    addResult(stringLimitationResult);
                }
            }
        }

        private boolean checkExpressions(OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
            Iterator<CheckExpressionType> it = ValueChecker.this.stringPolicy.getCheckExpressions().iterator();
            while (it.hasNext()) {
                if (!checkExpression(it.next().getExpression(), operationResult)) {
                    return false;
                }
            }
            return true;
        }

        private boolean checkExpression(ExpressionType expressionType, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
            VariablesMap variablesMap = new VariablesMap();
            variablesMap.addVariableDefinition(ExpressionConstants.VAR_INPUT, this.value, PrismContext.get().definitionFactory().newPropertyDefinition(new ItemName("http://midpoint.evolveum.com/xml/ns/public/common/common-3", ExpressionConstants.VAR_INPUT), PrimitiveType.STRING.getQname()));
            PrismObject<?> prismObject = null;
            PrismObjectDefinition<?> prismObjectDefinition = null;
            if (ValueChecker.this.originResolver != null) {
                prismObject = ValueChecker.this.originResolver.getObject();
                if (prismObject != null) {
                    prismObjectDefinition = prismObject.mo2532getDefinition();
                }
            }
            if (prismObjectDefinition == null) {
                prismObjectDefinition = PrismContext.get().getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ObjectType.class);
            }
            variablesMap.addVariableDefinition("object", prismObject, prismObjectDefinition);
            return ExpressionUtil.evaluateConditionDefaultFalse(variablesMap, expressionType, ValueChecker.this.expressionProfile, ValueChecker.this.expressionFactory, ValueChecker.this.shortDesc, ValueChecker.this.task, operationResult);
        }

        private void testCharacterClasses() {
            Collection<StringPolicy.CharacterClassLimitation> characterClassLimitations = ValueChecker.this.stringPolicy.getCharacterClassLimitations();
            if (characterClassLimitations.isEmpty()) {
                return;
            }
            HashSet hashSet = new HashSet();
            for (StringPolicy.CharacterClassLimitation characterClassLimitation : characterClassLimitations) {
                CharacterClass characterClass = characterClassLimitation.characterClass();
                testCharacterClass(characterClassLimitation);
                hashSet.addAll(characterClass.characters);
            }
            testInvalidCharacters(hashSet);
        }

        private void testCharacterClass(StringPolicy.CharacterClassLimitation characterClassLimitation) {
            int minOccurrences = characterClassLimitation.minOccurrences();
            Integer declaredMaxOccurrences = characterClassLimitation.declaredMaxOccurrences();
            int effectiveMaxOccurrences = characterClassLimitation.effectiveMaxOccurrences();
            boolean mustBeFirst = characterClassLimitation.mustBeFirst();
            if (minOccurrences == 0 && declaredMaxOccurrences == null && !mustBeFirst) {
                return;
            }
            String description = characterClassLimitation.getDescription();
            CharacterClass characterClass = characterClassLimitation.characterClass();
            int countOccurrences = characterClass.countOccurrences(this.value);
            StringLimitationResult stringLimitationResult = new StringLimitationResult();
            PolyStringType name = characterClassLimitation.getName();
            if (name == null) {
                name = new PolyStringType((String) Objects.requireNonNullElse(description, "limitation"));
                if (description != null) {
                    PolyStringTranslationType polyStringTranslationType = new PolyStringTranslationType();
                    polyStringTranslationType.setKey(description);
                    name.setTranslation(polyStringTranslationType);
                }
            }
            stringLimitationResult.setName(name);
            stringLimitationResult.setHelp(new PolyStringType(characterClass.getCharactersAsString()));
            if (minOccurrences > 0) {
                stringLimitationResult.setMinOccurs(Integer.valueOf(minOccurrences));
            }
            stringLimitationResult.setMaxOccurs(declaredMaxOccurrences);
            stringLimitationResult.setMustBeFirst(Boolean.valueOf(mustBeFirst));
            if (countOccurrences < minOccurrences) {
                stringLimitationResult.recordFailure(new LocalizableMessageBuilder().key("ValuePolicy.minimalOccurrenceNotMet").arg(Integer.valueOf(minOccurrences)).arg(description).arg(Integer.valueOf(countOccurrences)).build());
            }
            if (countOccurrences > effectiveMaxOccurrences) {
                stringLimitationResult.recordFailure(new LocalizableMessageBuilder().key("ValuePolicy.maximalOccurrenceExceeded").arg(declaredMaxOccurrences).arg(description).arg(Integer.valueOf(countOccurrences)).build());
            }
            if (mustBeFirst && !this.value.isEmpty() && !characterClass.characters.contains(Character.valueOf(this.value.charAt(0)))) {
                stringLimitationResult.recordFailure(new LocalizableMessageBuilder().key("ValuePolicy.firstCharacterNotAllowed").arg(characterClass.getCharactersAsString()).build());
            }
            addResult(stringLimitationResult);
        }

        private void testInvalidCharacters(Set<Character> set) {
            StringBuilder sb = new StringBuilder();
            for (Character ch2 : this.distinctCharacters) {
                if (!set.contains(ch2)) {
                    sb.append(ch2);
                }
            }
            StringLimitationResult stringLimitationResult = new StringLimitationResult();
            PolyStringType polyStringType = new PolyStringType("invalid characters");
            PolyStringTranslationType polyStringTranslationType = new PolyStringTranslationType();
            polyStringTranslationType.setKey("ValuePolicy.invalidCharacters");
            polyStringType.setTranslation(polyStringTranslationType);
            stringLimitationResult.setName(polyStringType);
            stringLimitationResult.setHelp(new PolyStringType(StringPolicyUtils.charactersAsString(set)));
            if (!sb.isEmpty()) {
                stringLimitationResult.recordFailure(new LocalizableMessageBuilder().key("ValuePolicy.charactersNotAllowed").arg(sb).build());
            }
            addResult(stringLimitationResult);
        }

        private void addResult(StringLimitationResult stringLimitationResult) {
            this.resultList.add(stringLimitationResult);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ValueChecker(@NotNull StringPolicy stringPolicy, @Nullable ProhibitedValuesType prohibitedValuesType, ExpressionProfile expressionProfile, @Nullable ObjectBasedValuePolicyOriginResolver<?> objectBasedValuePolicyOriginResolver, @NotNull String str, @NotNull Protector protector, @NotNull ExpressionFactory expressionFactory, @NotNull Task task) {
        this.stringPolicy = stringPolicy;
        this.prohibitedValues = prohibitedValuesType;
        this.expressionProfile = expressionProfile;
        this.originResolver = objectBasedValuePolicyOriginResolver;
        this.shortDesc = str;
        this.protector = protector;
        this.expressionFactory = expressionFactory;
        this.task = task;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean checkExpressionsAndProhibitions(@NotNull String str, @NotNull OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        return new Operation(str).executeForExpressionsAndProhibitions(operationResult);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<StringLimitationResult> checkFully(@NotNull String str, @NotNull OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        return new Operation(str).executeFully(operationResult);
    }
}
