package com.evolveum.midpoint.provisioning.impl.resourceobjects;

import com.evolveum.midpoint.audit.api.AuditEventType;
import com.evolveum.midpoint.provisioning.api.GenericConnectorException;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.provisioning.ucf.api.ConnectorInstance;
import com.evolveum.midpoint.provisioning.ucf.api.ConnectorOperationOptions;
import com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException;
import com.evolveum.midpoint.provisioning.ucf.api.ShadowItemsToReturn;
import com.evolveum.midpoint.provisioning.ucf.api.UcfAddReturnValue;
import com.evolveum.midpoint.provisioning.ucf.api.UcfResourceObject;
import com.evolveum.midpoint.schema.processor.ResourceObjectIdentification;
import com.evolveum.midpoint.schema.processor.ShadowAttribute;
import com.evolveum.midpoint.schema.processor.ShadowAttributeDefinition;
import com.evolveum.midpoint.schema.processor.ShadowAttributesContainer;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.ResourceOperationStatus;
import com.evolveum.midpoint.schema.util.SchemaDebugUtil;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.QNameUtil;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.BeforeAfterType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationProvisioningScriptsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ProvisioningOperationTypeType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CreateCapabilityType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ReadCapabilityType;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.jetbrains.annotations.NotNull;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.10-M4.jar:com/evolveum/midpoint/provisioning/impl/resourceobjects/ResourceObjectAddOperation.class */
public class ResourceObjectAddOperation extends ResourceObjectProvisioningOperation {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ResourceObjectAddOperation.class);

    @NotNull
    private final ResourceObjectShadow originalObject;

    @NotNull
    private final ResourceObjectShadow workingObject;
    private final boolean skipExplicitUniquenessCheck;
    private final EntitlementConverter entitlementConverter;
    private final ActivationConverter activationConverter;

    private ResourceObjectAddOperation(@NotNull ProvisioningContext provisioningContext, @NotNull ResourceObjectShadow resourceObjectShadow, OperationProvisioningScriptsType operationProvisioningScriptsType, ConnectorOperationOptions connectorOperationOptions, boolean z) {
        super(provisioningContext, operationProvisioningScriptsType, connectorOperationOptions);
        this.entitlementConverter = new EntitlementConverter(this.ctx);
        this.activationConverter = new ActivationConverter(this.ctx);
        this.originalObject = resourceObjectShadow;
        this.workingObject = resourceObjectShadow.m1880clone();
        this.skipExplicitUniquenessCheck = z;
    }

    @NotNull
    public static ResourceObjectAddReturnValue execute(@NotNull ProvisioningContext provisioningContext, @NotNull ResourceObjectShadow resourceObjectShadow, OperationProvisioningScriptsType operationProvisioningScriptsType, ConnectorOperationOptions connectorOperationOptions, boolean z, @NotNull OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ObjectAlreadyExistsException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException {
        return new ResourceObjectAddOperation(provisioningContext, resourceObjectShadow, operationProvisioningScriptsType, connectorOperationOptions, z).doExecute(operationResult);
    }

    @NotNull
    private ResourceObjectAddReturnValue doExecute(OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ObjectAlreadyExistsException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException {
        LOGGER.trace("Adding resource object {}", this.workingObject);
        this.ctx.checkExecutionFullyPersistent();
        this.ctx.checkProtectedObjectAddition(this.workingObject);
        this.ctx.checkForCapability(CreateCapabilityType.class);
        if (!this.skipExplicitUniquenessCheck) {
            checkForAddConflictsForMultiConnectors(operationResult);
        }
        executeProvisioningScripts(ProvisioningOperationTypeType.ADD, BeforeAfterType.BEFORE, operationResult);
        ConnectorInstance connector = this.ctx.getConnector(CreateCapabilityType.class, operationResult);
        try {
            try {
                try {
                    LOGGER.debug("PROVISIONING ADD operation on resource {}\nADD object:\n{}\n", this.ctx.getResource(), this.workingObject.debugDumpLazily(1));
                    this.entitlementConverter.transformToSubjectOpsOnAdd(this.workingObject);
                    this.activationConverter.transformOnAdd(this.workingObject, operationResult);
                    UcfAddReturnValue addObject = connector.addObject(this.workingObject.getPrismObject(), this.ctx.getUcfExecutionContext(), operationResult);
                    ResourceOperationStatus opStatus = addObject.getOpStatus();
                    Collection<ShadowAttribute<?, ?, ?, ?>> knownCreatedObjectAttributes = addObject.getKnownCreatedObjectAttributes();
                    LOGGER.debug("PROVISIONING ADD successful, returned attributes:\n{}", SchemaDebugUtil.prettyPrintLazily(knownCreatedObjectAttributes));
                    storeInto(this.workingObject, knownCreatedObjectAttributes);
                    storeInto(this.originalObject, knownCreatedObjectAttributes);
                    if (!opStatus.isInProgress()) {
                        Collection<ShadowAttribute<?, ?, ?, ?>> fetchVolatileAttributes = fetchVolatileAttributes(operationResult);
                        LOGGER.debug("Fetched volatile attributes:\n{}", SchemaDebugUtil.prettyPrintLazily(fetchVolatileAttributes));
                        storeInto(this.workingObject, fetchVolatileAttributes);
                        storeInto(this.originalObject, fetchVolatileAttributes);
                    }
                    executeEntitlementObjectsOperations(this.entitlementConverter.transformToObjectOpsOnAdd(this.workingObject, operationResult), operationResult);
                    executeProvisioningScripts(ProvisioningOperationTypeType.ADD, BeforeAfterType.AFTER, operationResult);
                    ResourceObjectConverter.computeResultStatusAndAsyncOpReference(operationResult);
                    return ResourceObjectAddReturnValue.fromResult(this.originalObject, operationResult, opStatus);
                } catch (ObjectAlreadyExistsException e) {
                    throw ResourceObjectConverter.objectAlreadyExistsException("", this.ctx, connector, e);
                }
            } catch (GenericFrameworkException e2) {
                throw ResourceObjectConverter.genericConnectorException(this.ctx, connector, e2);
            } catch (CommunicationException e3) {
                throw ResourceObjectConverter.communicationException(this.ctx, connector, e3);
            }
        } finally {
            this.b.shadowAuditHelper.auditEvent(AuditEventType.ADD_OBJECT, this.workingObject.getBean(), this.ctx, operationResult);
        }
    }

    private Collection<ShadowAttribute<?, ?, ?, ?>> fetchVolatileAttributes(OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, ObjectNotFoundException, SecurityViolationException {
        Collection<ShadowAttributeDefinition<?, ?, ?, ?>> attributesVolatileOnAddOperation = this.ctx.getObjectDefinitionRequired().getAttributesVolatileOnAddOperation();
        if (attributesVolatileOnAddOperation.isEmpty()) {
            return List.of();
        }
        Set set = (Set) attributesVolatileOnAddOperation.stream().map((v0) -> {
            return v0.getItemName();
        }).collect(Collectors.toSet());
        if (!this.ctx.hasRealReadCapability()) {
            LOGGER.debug("Volatile attributes present but there's no read capability: not attempting to fetch them: {}", set);
            return List.of();
        }
        ResourceObjectIdentification<?> identification = this.originalObject.getIdentification();
        if (!(identification instanceof ResourceObjectIdentification.WithPrimary)) {
            LOGGER.debug("Volatile attributes present but no primary identification: not attempting to fetch them: {}", set);
            return List.of();
        }
        ResourceObjectIdentification.WithPrimary withPrimary = (ResourceObjectIdentification.WithPrimary) identification;
        ShadowItemsToReturn shadowItemsToReturn = new ShadowItemsToReturn();
        shadowItemsToReturn.setReturnDefaultAttributes(false);
        shadowItemsToReturn.setItemsToReturn(attributesVolatileOnAddOperation);
        try {
            UcfResourceObject fetchObject = this.ctx.getConnector(ReadCapabilityType.class, operationResult).fetchObject(withPrimary, shadowItemsToReturn, this.ctx.getUcfExecutionContext(), operationResult);
            boolean isCaseIgnoreAttributeNames = this.ctx.isCaseIgnoreAttributeNames();
            return fetchObject.getAttributes().stream().filter(shadowAttribute -> {
                return QNameUtil.contains(set, shadowAttribute.getElementName(), isCaseIgnoreAttributeNames);
            }).toList();
        } catch (GenericFrameworkException e) {
            throw new GenericConnectorException(volatileAttributesFetchFailureMessage(withPrimary, e), e);
        } catch (CommonException e2) {
            MiscUtil.throwAsSame(e2, volatileAttributesFetchFailureMessage(withPrimary, e2));
            throw e2;
        }
    }

    private static String volatileAttributesFetchFailureMessage(ResourceObjectIdentification<?> resourceObjectIdentification, Exception exc) {
        return "Couldn't fetch volatile attributes for " + resourceObjectIdentification + ": " + exc.getMessage();
    }

    private void checkForAddConflictsForMultiConnectors(OperationResult operationResult) throws ObjectAlreadyExistsException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        UcfResourceObject ucfResourceObject;
        LOGGER.trace("Checking for add conflicts for {}", this.workingObject.shortDumpLazily());
        try {
            ConnectorInstance connector = this.ctx.getConnector(CreateCapabilityType.class, operationResult);
            ConnectorInstance connector2 = this.ctx.getConnector(ReadCapabilityType.class, operationResult);
            if (connector2 == connector) {
                return;
            }
            ResourceObjectIdentification<?> identification = this.workingObject.getIdentification();
            if (identification instanceof ResourceObjectIdentification.WithPrimary) {
                ucfResourceObject = connector2.fetchObject((ResourceObjectIdentification.WithPrimary) identification, null, this.ctx.getUcfExecutionContext(), operationResult);
            } else {
                LOGGER.trace("No primary identifier present, skipping add conflict check for {}", identification);
                ucfResourceObject = null;
            }
            if (ucfResourceObject == null) {
                LOGGER.trace("No add conflicts for {}", this.workingObject);
            } else {
                LOGGER.debug("Detected add conflict for {}, conflicting shadow: {}", this.workingObject.shortDumpLazily(), ucfResourceObject.shortDumpLazily());
                LOGGER.trace("Conflicting shadow:\n{}", ucfResourceObject.debugDumpLazily(1));
                throw new ObjectAlreadyExistsException(String.format("Object %s already exists in the snapshot of %s as %s", this.workingObject.shortDump(), this.ctx.getResource(), ucfResourceObject.shortDump()));
            }
        } catch (GenericFrameworkException e) {
            throw ResourceObjectConverter.genericConnectorException(this.ctx, null, e);
        } catch (CommunicationException e2) {
            throw ResourceObjectConverter.communicationException(this.ctx, null, e2);
        } catch (ObjectNotFoundException e3) {
            operationResult.muteLastSubresultError();
        }
    }

    private void storeInto(ResourceObjectShadow resourceObjectShadow, Collection<ShadowAttribute<?, ?, ?, ?>> collection) throws SchemaException {
        ShadowAttributesContainer attributesContainer = resourceObjectShadow.getAttributesContainer();
        for (ShadowAttribute shadowAttribute : MiscUtil.emptyIfNull(collection)) {
            attributesContainer.removeAttribute(shadowAttribute.getElementName());
            ShadowAttribute<?, ?, ?, ?> mo2536clone = shadowAttribute.mo2536clone();
            mo2536clone.applyDefinitionFrom(resourceObjectShadow.getObjectDefinition());
            attributesContainer.addAttribute(mo2536clone);
        }
    }

    @Override // com.evolveum.midpoint.provisioning.impl.resourceobjects.ResourceObjectProvisioningOperation
    Trace getLogger() {
        return LOGGER;
    }
}
