package com.evolveum.midpoint.model.impl.trigger;

import com.evolveum.midpoint.common.Clock;
import com.evolveum.midpoint.model.api.ModelService;
import com.evolveum.midpoint.model.api.trigger.TriggerHandlerRegistry;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.task.api.RunningTask;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationAttemptDataType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationBehavioralDataType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TriggerType;
import jakarta.annotation.PostConstruct;
import java.util.ArrayList;
import java.util.List;
import javax.xml.datatype.XMLGregorianCalendar;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/model-impl-4.10-M4.jar:com/evolveum/midpoint/model/impl/trigger/UnlockTriggerHandler.class */
public class UnlockTriggerHandler implements SingleTriggerHandler {
    public static final String HANDLER_URI = "http://midpoint.evolveum.com/xml/ns/public/model/trigger/unlock/handler-3";
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) UnlockTriggerHandler.class);

    @Autowired
    private TriggerHandlerRegistry triggerHandlerRegistry;

    @Autowired
    private ModelService modelService;

    @Autowired
    private PrismContext prismContext;

    @Autowired
    private Clock clock;

    @PostConstruct
    private void initialize() {
        this.triggerHandlerRegistry.register("http://midpoint.evolveum.com/xml/ns/public/model/trigger/unlock/handler-3", this);
    }

    @Override // com.evolveum.midpoint.model.impl.trigger.SingleTriggerHandler
    public <O extends ObjectType> void handle(@NotNull PrismObject<O> prismObject, @NotNull TriggerType triggerType, @NotNull RunningTask runningTask, @NotNull OperationResult operationResult) {
        O asObjectable = prismObject.asObjectable();
        LOGGER.trace("Considering unlocking {}", asObjectable);
        if (!(asObjectable instanceof FocusType)) {
            LOGGER.debug("Not a focus object: {}", asObjectable);
            operationResult.recordNotApplicable("Not a focus object");
            return;
        }
        FocusType focusType = (FocusType) asObjectable;
        try {
            ActivationType activation = focusType.getActivation();
            if (activation == null) {
                LOGGER.debug("No activation in {}", asObjectable);
                operationResult.recordNotApplicable("No activation");
                return;
            }
            ArrayList arrayList = new ArrayList();
            XMLGregorianCalendar lockoutExpirationTimestamp = activation.getLockoutExpirationTimestamp();
            if (lockoutExpirationTimestamp == null || this.clock.isPast(lockoutExpirationTimestamp)) {
                arrayList.addAll(this.prismContext.deltaFor(FocusType.class).item(FocusType.F_ACTIVATION, ActivationType.F_LOCKOUT_STATUS).replace(LockoutStatusType.NORMAL).asItemDeltas());
            }
            if (focusType.getBehavior() != null) {
                for (AuthenticationBehavioralDataType authenticationBehavioralDataType : focusType.getBehavior().getAuthentication()) {
                    ItemPath append = authenticationBehavioralDataType.asPrismContainerValue().getPath().append(AuthenticationBehavioralDataType.F_AUTHENTICATION_ATTEMPT);
                    for (AuthenticationAttemptDataType authenticationAttemptDataType : authenticationBehavioralDataType.getAuthenticationAttempt()) {
                        XMLGregorianCalendar lockoutExpirationTimestamp2 = authenticationAttemptDataType.getLockoutExpirationTimestamp();
                        if (lockoutExpirationTimestamp2 != null && this.clock.isPast(lockoutExpirationTimestamp2)) {
                            AuthenticationAttemptDataType mo1723clone = authenticationAttemptDataType.mo1723clone();
                            mo1723clone.setLockoutTimestamp(null);
                            mo1723clone.setLockoutExpirationTimestamp(null);
                            mo1723clone.setFailedAttempts(0);
                            arrayList.addAll(this.prismContext.deltaFor(FocusType.class).item(append).delete(authenticationAttemptDataType).item(append).add(mo1723clone).asItemDeltas());
                        }
                    }
                }
            }
            if (arrayList.isEmpty()) {
                LOGGER.debug("The lockout for {} has not expired yet: {}", focusType, lockoutExpirationTimestamp);
                operationResult.recordNotApplicable("The lockout has not expired yet");
                return;
            }
            LOGGER.debug("Unlocking {}", focusType);
            ObjectDelta<? extends FocusType> createModifyDelta = focusType.asPrismObject().createModifyDelta();
            createModifyDelta.addModifications(arrayList);
            this.modelService.executeChanges(List.of(createModifyDelta), null, runningTask, operationResult);
            LOGGER.debug("Unlocked {}", focusType);
        } catch (CommonException | Error | RuntimeException e) {
            LoggingUtils.logUnexpectedException(LOGGER, "Couldn't unlock object {}", e, prismObject);
        }
    }

    @Override // com.evolveum.midpoint.model.api.trigger.TriggerHandler
    public boolean isIdempotent() {
        return true;
    }
}
