package com.evolveum.midpoint.model.impl.controller;

import com.evolveum.midpoint.audit.api.AuditEventRecord;
import com.evolveum.midpoint.audit.api.AuditEventStage;
import com.evolveum.midpoint.audit.api.AuditEventType;
import com.evolveum.midpoint.cases.api.CaseManager;
import com.evolveum.midpoint.cases.api.util.QueryUtils;
import com.evolveum.midpoint.certification.api.CertificationManager;
import com.evolveum.midpoint.common.LocalizationService;
import com.evolveum.midpoint.model.api.AccessCertificationService;
import com.evolveum.midpoint.model.api.BulkActionExecutionOptions;
import com.evolveum.midpoint.model.api.BulkActionExecutionResult;
import com.evolveum.midpoint.model.api.BulkActionsService;
import com.evolveum.midpoint.model.api.CaseService;
import com.evolveum.midpoint.model.api.ModelAuthorizationAction;
import com.evolveum.midpoint.model.api.ModelCompareOptions;
import com.evolveum.midpoint.model.api.ModelExecuteOptions;
import com.evolveum.midpoint.model.api.ModelService;
import com.evolveum.midpoint.model.api.ProgressListener;
import com.evolveum.midpoint.model.api.TaskService;
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipalManager;
import com.evolveum.midpoint.model.api.hooks.HookRegistry;
import com.evolveum.midpoint.model.impl.ModelObjectResolver;
import com.evolveum.midpoint.model.impl.importer.ObjectImporter;
import com.evolveum.midpoint.model.impl.lens.Clockwork;
import com.evolveum.midpoint.model.impl.lens.ClockworkAuditHelper;
import com.evolveum.midpoint.model.impl.lens.ClockworkMedic;
import com.evolveum.midpoint.model.impl.lens.ContextFactory;
import com.evolveum.midpoint.model.impl.lens.LensContext;
import com.evolveum.midpoint.model.impl.lens.LensFocusContext;
import com.evolveum.midpoint.model.impl.lens.LensProjectionContext;
import com.evolveum.midpoint.model.impl.lens.OperationalDataManager;
import com.evolveum.midpoint.model.impl.scripting.BulkActionsExecutor;
import com.evolveum.midpoint.model.impl.simulation.ProcessedObjectImpl;
import com.evolveum.midpoint.model.impl.sync.tasks.imp.ImportFromResourceLauncher;
import com.evolveum.midpoint.model.impl.util.ModelImplUtils;
import com.evolveum.midpoint.prism.Containerable;
import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismObjectDefinition;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.PrismPropertyDefinition;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.PrismReferenceValue;
import com.evolveum.midpoint.prism.PrismValue;
import com.evolveum.midpoint.prism.Visitable;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.prism.delta.ChangeType;
import com.evolveum.midpoint.prism.delta.DiffUtil;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.prism.query.ObjectFilter;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.prism.util.CloneUtil;
import com.evolveum.midpoint.provisioning.api.DiscoveredConfiguration;
import com.evolveum.midpoint.provisioning.api.EventDispatcher;
import com.evolveum.midpoint.provisioning.api.ExternalResourceEvent;
import com.evolveum.midpoint.provisioning.api.ProvisioningService;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.repo.common.AuditHelper;
import com.evolveum.midpoint.repo.common.SystemObjectCache;
import com.evolveum.midpoint.repo.common.activity.TaskActivityManager;
import com.evolveum.midpoint.schema.DeltaConvertor;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.ObjectDeltaOperation;
import com.evolveum.midpoint.schema.ObjectHandler;
import com.evolveum.midpoint.schema.ParsedGetOperationOptions;
import com.evolveum.midpoint.schema.ResultHandler;
import com.evolveum.midpoint.schema.SchemaService;
import com.evolveum.midpoint.schema.SearchResultList;
import com.evolveum.midpoint.schema.SearchResultMetadata;
import com.evolveum.midpoint.schema.SelectorOptions;
import com.evolveum.midpoint.schema.config.ExecuteScriptConfigItem;
import com.evolveum.midpoint.schema.constants.ObjectTypes;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.expression.VariablesMap;
import com.evolveum.midpoint.schema.internals.InternalsConfig;
import com.evolveum.midpoint.schema.processor.BareResourceSchema;
import com.evolveum.midpoint.schema.processor.ResourceSchemaRegistry;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultRunner;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.schema.util.AccessCertificationWorkItemId;
import com.evolveum.midpoint.schema.util.ObjectQueryUtil;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.schema.util.WorkItemId;
import com.evolveum.midpoint.schema.util.cases.ApprovalUtils;
import com.evolveum.midpoint.security.api.SecurityContextManager;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.security.enforcer.api.AuthorizationParameters;
import com.evolveum.midpoint.security.enforcer.api.SecurityEnforcer;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.DebugDumpable;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.QNameUtil;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.IndestructibilityViolationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.exception.TunnelException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.api_types_3.CompareResultType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractWorkItemOutputType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCasesStatisticsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationResponseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationWorkItemType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CaseWorkItemType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CleanupPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ConnectorHostType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ConnectorType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ImportOptionsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NodeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectTreeDeltasType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationExecutionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectShadowChangeDescriptionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SimulationResultProcessedObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TaskType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.WorkItemDelegationRequestType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.WorkItemResultType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CapabilityCollectionType;
import com.evolveum.prism.xml.ns._public.types_3.EvaluationTimeType;
import com.evolveum.prism.xml.ns._public.types_3.ObjectDeltaType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.xml.namespace.QName;
import org.apache.commons.lang3.Validate;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.jetbrains.annotations.VisibleForTesting;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/model-impl-4.10-M4.jar:com/evolveum/midpoint/model/impl/controller/ModelController.class */
public class ModelController implements ModelService, TaskService, CaseService, BulkActionsService, AccessCertificationService {
    private static final int OID_GENERATION_ATTEMPTS = 5;

    @Autowired
    private Clockwork clockwork;

    @Autowired
    private PrismContext prismContext;

    @Autowired
    private ProvisioningService provisioning;

    @Autowired
    private ModelObjectResolver objectResolver;

    @Autowired
    private ImportFromResourceLauncher importFromResourceLauncher;

    @Autowired
    private ObjectImporter objectImporter;

    @Autowired
    private HookRegistry hookRegistry;

    @Autowired
    private TaskManager taskManager;

    @Autowired
    private TaskActivityManager activityManager;

    @Autowired
    private BulkActionsExecutor bulkActionsExecutor;

    @Autowired
    private AuditHelper auditHelper;

    @Autowired
    private SecurityEnforcer securityEnforcer;

    @Autowired
    private SecurityContextManager securityContextManager;

    @Autowired
    private GuiProfiledPrincipalManager focusProfileService;

    @Autowired
    private Protector protector;

    @Autowired
    private LocalizationService localizationService;

    @Autowired
    private ContextFactory contextFactory;

    @Autowired
    private SchemaTransformer schemaTransformer;

    @Autowired
    private ObjectMerger objectMerger;

    @Autowired
    private SystemObjectCache systemObjectCache;

    @Autowired
    private ClockworkMedic clockworkMedic;

    @Autowired
    private ClockworkAuditHelper clockworkAuditHelper;

    @Autowired
    private EventDispatcher dispatcher;

    @Autowired
    @Qualifier("cacheRepositoryService")
    private RepositoryService cacheRepositoryService;

    @Autowired(required = false)
    private CaseManager caseManager;

    @Autowired(required = false)
    private CertificationManager certificationManager;

    @Autowired
    private OperationalDataManager operationalDataManager;

    @Autowired
    private ResourceSchemaRegistry resourceSchemaRegistry;
    private static final String CLASS_NAME_WITH_DOT = ModelController.class.getName() + ".";
    static final String RESOLVE_REFERENCE = CLASS_NAME_WITH_DOT + "resolveReference";
    private static final String OP_APPLY_PROVISIONING_DEFINITION = CLASS_NAME_WITH_DOT + "applyProvisioningDefinition";
    static final String OP_REEVALUATE_SEARCH_FILTERS = CLASS_NAME_WITH_DOT + "reevaluateSearchFilters";
    private static final String OP_AUTHORIZE_CHANGE_EXECUTION_START = CLASS_NAME_WITH_DOT + "authorizeChangeExecutionStart";

    @VisibleForTesting
    public static final String OP_HANDLE_OBJECT_FOUND = CLASS_NAME_WITH_DOT + "handleObjectFound";
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ModelController.class);
    private static final Trace OP_LOGGER = TraceManager.getTrace(ModelService.OPERATION_LOGGER_NAME);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/model-impl-4.10-M4.jar:com/evolveum/midpoint/model/impl/controller/ModelController$ContainerSearchLikeOpContext.class */
    public class ContainerSearchLikeOpContext<T extends Containerable> {
        final ObjectTypes.ObjectManager manager;
        final ObjectQuery securityRestrictedQuery;
        private final boolean skipSecurityPostProcessing;

        ContainerSearchLikeOpContext(Class<T> cls, ObjectQuery objectQuery, ParsedGetOperationOptions parsedGetOperationOptions, Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
            boolean equals = AssignmentType.class.equals(cls);
            boolean equals2 = SimulationResultProcessedObjectType.class.equals(cls);
            if (!AccessCertificationCaseType.class.equals(cls) && !AccessCertificationWorkItemType.class.equals(cls) && !CaseWorkItemType.class.equals(cls) && !OperationExecutionType.class.equals(cls) && !equals && !equals2) {
                throw new UnsupportedOperationException("searchContainers/countContainers methods are currently supported only for AccessCertificationCaseType, AccessCertificationWorkItemType, CaseWorkItemType, OperationExecutionType, AssignmentType, and SimulationResultProcessedObjectType objects");
            }
            this.manager = ObjectTypes.ObjectManager.REPOSITORY;
            this.securityRestrictedQuery = ModelController.this.preProcessQuerySecurity(cls, objectQuery, parsedGetOperationOptions.getRootOptions(), task, operationResult);
            this.skipSecurityPostProcessing = equals || equals2;
        }
    }

    public ModelObjectResolver getObjectResolver() {
        return this.objectResolver;
    }

    @NotNull
    private CaseManager getCaseManagerRequired() {
        return (CaseManager) Objects.requireNonNull(this.caseManager, "Case manager is not present");
    }

    private CertificationManager getCertificationManagerRequired() {
        return (CertificationManager) Objects.requireNonNull(this.certificationManager, "Certification manager is not present");
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    @NotNull
    public <T extends ObjectType> PrismObject<T> getObject(@NotNull Class<T> cls, @NotNull String str, @Nullable Collection<SelectorOptions<GetOperationOptions>> collection, @NotNull Task task, @NotNull OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        Validate.notEmpty(str, "Object oid must not be null or empty.", new Object[0]);
        Validate.notNull(operationResult, "Operation result must not be null.", new Object[0]);
        Validate.notNull(cls, "Object class must not be null.", new Object[0]);
        enterModelMethod();
        OP_LOGGER.trace("MODEL OP enter getObject({},{},{})", cls.getSimpleName(), str, collection);
        OperationResult build = operationResult.subresult(GET_OBJECT).setMinor().addParam("oid", str).addArbitraryObjectCollectionAsParam(OperationResult.PARAM_OPTIONS, collection).addParam("class", (Class<?>) cls).build();
        try {
            try {
                ParsedGetOperationOptions preProcessOptionsSecurity = preProcessOptionsSecurity(collection, task, build);
                if (GetOperationOptions.isRaw(preProcessOptionsSecurity.getRootOptions())) {
                    QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(true);
                }
                ModelImplUtils.clearRequestee(task);
                PrismObject<T> applySchemasAndSecurityToObject = this.schemaTransformer.applySchemasAndSecurityToObject(this.objectResolver.getObject(cls, str, preProcessOptionsSecurity.getCollection(), task, build).asPrismObject(), preProcessOptionsSecurity, task, build);
                executeResolveOptions(applySchemasAndSecurityToObject.asObjectable(), preProcessOptionsSecurity, task, build);
                build.close();
                build.cleanup();
                QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(false);
                exitModelMethod();
                OP_LOGGER.debug("MODEL OP exit getObject({},{},{}): {}", cls.getSimpleName(), str, collection, applySchemasAndSecurityToObject);
                OP_LOGGER.trace("MODEL OP exit getObject({},{},{}):\n{}", cls.getSimpleName(), str, collection, applySchemasAndSecurityToObject.debugDumpLazily(1));
                return applySchemasAndSecurityToObject;
            } catch (Throwable th) {
                OP_LOGGER.debug("MODEL OP error getObject({},{},{}): {}: {}", cls.getSimpleName(), str, collection, th.getClass().getSimpleName(), th.getMessage());
                ModelImplUtils.recordException(build, th);
                throw th;
            }
        } catch (Throwable th2) {
            build.close();
            build.cleanup();
            QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(false);
            exitModelMethod();
            throw th2;
        }
    }

    private void executeResolveOptions(@NotNull Containerable containerable, @NotNull ParsedGetOperationOptions parsedGetOperationOptions, Task task, OperationResult operationResult) {
        if (parsedGetOperationOptions.isEmpty()) {
            return;
        }
        new ResolveOptionExecutor(parsedGetOperationOptions, task, this.objectResolver, this.schemaTransformer).execute(containerable, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public Collection<ObjectDeltaOperation<? extends ObjectType>> executeChanges(Collection<ObjectDelta<? extends ObjectType>> collection, ModelExecuteOptions modelExecuteOptions, Task task, Collection<ProgressListener> collection2, OperationResult operationResult) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, SecurityViolationException {
        enterModelMethod();
        OperationResult build = operationResult.subresult(EXECUTE_CHANGES).addArbitraryObjectAsParam(OperationResult.PARAM_OPTIONS, modelExecuteOptions).build();
        try {
            try {
                if (ModelExecuteOptions.isReevaluateSearchFilters(modelExecuteOptions)) {
                    Iterator<ObjectDelta<? extends ObjectType>> it = collection.iterator();
                    while (it.hasNext()) {
                        ModelImplUtils.resolveReferences((ObjectDelta) it.next(), this.cacheRepositoryService, false, true, EvaluationTimeType.IMPORT, true, build);
                    }
                } else if (ModelExecuteOptions.isIsImport(modelExecuteOptions)) {
                    for (ObjectDelta<? extends ObjectType> objectDelta : collection) {
                        if (objectDelta.isAdd()) {
                            ModelImplUtils.resolveReferences((PrismObject) objectDelta.getObjectToAdd(), this.cacheRepositoryService, false, false, EvaluationTimeType.IMPORT, true, build);
                        }
                    }
                }
                applyDefinitions(collection, modelExecuteOptions, task, build);
                ModelImplUtils.encrypt(collection, this.protector, modelExecuteOptions, build);
                computePolyStrings(collection);
                LOGGER.debug("MODEL.executeChanges with options={}:\n{}", modelExecuteOptions, DebugUtil.lazy(() -> {
                    return getDeltasOnSeparateLines(collection);
                }));
                LOGGER.trace("MODEL.executeChanges(\n  deltas:\n{}\n  options:{}", DebugUtil.debugDumpLazily(collection, 2), modelExecuteOptions);
                if (InternalsConfig.consistencyChecks) {
                    OperationResultRunner.run(build, () -> {
                        Iterator it2 = collection.iterator();
                        while (it2.hasNext()) {
                            ((ObjectDelta) it2.next()).checkConsistence();
                        }
                    });
                }
                if (ModelExecuteOptions.isRaw(modelExecuteOptions)) {
                    Collection<ObjectDeltaOperation<? extends ObjectType>> execute = new RawChangesExecutor(collection, modelExecuteOptions, task, build).execute(build);
                    build.close();
                    exitModelMethod();
                    return execute;
                }
                Collection<ObjectDeltaOperation<? extends ObjectType>> executeChangesNonRaw = executeChangesNonRaw(collection, modelExecuteOptions, task, collection2, build);
                build.close();
                exitModelMethod();
                return executeChangesNonRaw;
            } catch (Throwable th) {
                ModelImplUtils.recordException(build, th);
                throw th;
            }
        } catch (Throwable th2) {
            build.close();
            exitModelMethod();
            throw th2;
        }
    }

    private String getDeltasOnSeparateLines(Collection<? extends ObjectDelta<?>> collection) {
        return (String) collection.stream().map(objectDelta -> {
            return " - " + objectDelta;
        }).collect(Collectors.joining("\n"));
    }

    private Collection<ObjectDeltaOperation<? extends ObjectType>> executeChangesNonRaw(Collection<ObjectDelta<? extends ObjectType>> collection, ModelExecuteOptions modelExecuteOptions, Task task, Collection<ProgressListener> collection2, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException, SecurityViolationException, PolicyViolationException, ObjectAlreadyExistsException {
        LensContext<? extends ObjectType> createContext = this.contextFactory.createContext(collection, modelExecuteOptions, task, operationResult);
        authorizeExecutionStart(createContext, modelExecuteOptions, task, operationResult);
        if (ModelExecuteOptions.isReevaluateSearchFilters(modelExecuteOptions)) {
            LOGGER.warn("{} Context = {}", "ReevaluateSearchFilters option is not fully supported for non-raw operations yet. Filters already present in the object will not be touched.", createContext.debugDump());
            operationResult.createSubresult(CLASS_NAME_WITH_DOT + "reevaluateSearchFilters").recordWarning("ReevaluateSearchFilters option is not fully supported for non-raw operations yet. Filters already present in the object will not be touched.");
        }
        createContext.setProgressListeners(collection2);
        generateFocusOidIfNeeded(createContext, operationResult);
        this.operationalDataManager.addExternalAssignmentProvenance(createContext, task);
        this.clockwork.run(createContext, task, operationResult);
        ArrayList arrayList = new ArrayList();
        if (createContext.getFocusContext() != null) {
            arrayList.addAll(createContext.getFocusContext().getExecutedDeltas());
        }
        Iterator<LensProjectionContext> it = createContext.getProjectionContexts().iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().getExecutedDeltas());
        }
        if (createContext.hasExplosiveProjection()) {
            PrismObject prismObject = (PrismObject) Objects.requireNonNull(createContext.getFocusContext().getObjectAny(), "no focus object");
            LOGGER.debug("Recomputing {} because there was explosive projection", prismObject);
            LensContext createRecomputeContext = this.contextFactory.createRecomputeContext(prismObject, modelExecuteOptions, task, operationResult);
            createRecomputeContext.setDoReconciliationForAllProjections(true);
            LOGGER.trace("Recomputing {}, context:\n{}", prismObject, createRecomputeContext.debugDumpLazily());
            this.clockwork.run(createRecomputeContext, task, operationResult);
        }
        cleanupOperationResult(operationResult);
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void generateFocusOidIfNeeded(LensContext<? extends ObjectType> lensContext, OperationResult operationResult) throws SchemaException {
        ObjectDelta<? extends ObjectType> primaryDelta;
        LensFocusContext<? extends ObjectType> focusContext = lensContext.getFocusContext();
        if (focusContext == null || (primaryDelta = focusContext.getPrimaryDelta()) == null || !primaryDelta.isAdd()) {
            return;
        }
        ObjectType asObjectable = primaryDelta.getObjectToAdd().asObjectable();
        if (asObjectable.getOid() != null) {
            return;
        }
        String newOid = getNewOid(asObjectable.getClass(), operationResult);
        focusContext.modifyPrimaryDelta(objectDelta -> {
            objectDelta.setOid(newOid);
        });
    }

    private String getNewOid(Class<? extends ObjectType> cls, OperationResult operationResult) {
        for (int i = 1; i <= 5; i++) {
            String uuid = UUID.randomUUID().toString();
            try {
                this.cacheRepositoryService.getObject(cls, uuid, GetOperationOptions.createAllowNotFoundCollection(), operationResult);
                LOGGER.info("Random UUID is not that random? Attempt {} of {}: {}", Integer.valueOf(i), 5, uuid);
            } catch (ObjectNotFoundException e) {
                operationResult.clearLastSubresultError();
                return uuid;
            } catch (SchemaException e2) {
                LoggingUtils.logException(LOGGER, "Couldn't check for existence of object with OID {}", e2, uuid);
            }
        }
        throw new IllegalStateException("Couldn't generate random OID even after 5 attempts");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkIndestructible(ObjectType objectType) throws IndestructibilityViolationException {
        if (objectType != null && Boolean.TRUE.equals(objectType.isIndestructible())) {
            throw new IndestructibilityViolationException("Attempt to delete indestructible object " + objectType);
        }
    }

    private void authorizeExecutionStart(LensContext<? extends ObjectType> lensContext, ModelExecuteOptions modelExecuteOptions, Task task, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ConfigurationException, ObjectNotFoundException {
        if (ModelExecuteOptions.isOperationStartPreAuthorized(modelExecuteOptions)) {
            MiscUtil.argCheck(!task.isExecutionFullyPersistent(), "operationStartPreAuthorized option can be used only for simulations", new Object[0]);
            return;
        }
        List<String> of = List.of(ModelAuthorizationAction.ADD.getUrl(), ModelAuthorizationAction.MODIFY.getUrl(), ModelAuthorizationAction.DELETE.getUrl(), ModelAuthorizationAction.RECOMPUTE.getUrl(), ModelAuthorizationAction.ASSIGN.getUrl(), ModelAuthorizationAction.UNASSIGN.getUrl(), ModelAuthorizationAction.DELEGATE.getUrl(), ModelAuthorizationAction.CHANGE_CREDENTIALS.getUrl());
        OperationResult createSubresult = operationResult.createSubresult(OP_AUTHORIZE_CHANGE_EXECUTION_START);
        try {
            try {
                AuthorizationPhaseType authorizationPhaseType = lensContext.isExecutionPhaseOnly() ? AuthorizationPhaseType.EXECUTION : AuthorizationPhaseType.REQUEST;
                if (!this.securityEnforcer.hasAnyAllowAuthorization(of, authorizationPhaseType)) {
                    throw new SecurityViolationException("Not authorized to request execution of changes");
                }
                if (ModelExecuteOptions.getPartialProcessing(modelExecuteOptions) != null) {
                    if (task.isExecutionFullyPersistent()) {
                        LensFocusContext<? extends ObjectType> focusContext = lensContext.getFocusContext();
                        this.securityEnforcer.authorize(ModelAuthorizationAction.PARTIAL_EXECUTION.getUrl(), authorizationPhaseType, focusContext != null ? AuthorizationParameters.Builder.buildObject(focusContext.getObjectAny()) : AuthorizationParameters.EMPTY, task, createSubresult);
                    } else {
                        LOGGER.trace("Partial processing is automatically authorized for simulation/preview mode");
                    }
                }
            } catch (Throwable th) {
                createSubresult.recordException(th);
                this.clockworkAuditHelper.auditRequestDenied(lensContext, task, createSubresult, operationResult);
                throw th;
            }
        } finally {
            createSubresult.close();
        }
    }

    private void cleanupOperationResult(OperationResult operationResult) {
        if (operationResult.isInProgress()) {
            operationResult.computeStatus();
            if (operationResult.isSuccess()) {
                operationResult.setInProgress();
            }
        } else {
            operationResult.computeStatus();
        }
        operationResult.cleanup();
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public <F extends ObjectType> void recompute(Class<F> cls, String str, ModelExecuteOptions modelExecuteOptions, Task task, OperationResult operationResult) throws SchemaException, PolicyViolationException, ExpressionEvaluationException, ObjectNotFoundException, ObjectAlreadyExistsException, CommunicationException, ConfigurationException, SecurityViolationException {
        OperationResult build = operationResult.subresult(RECOMPUTE).setMinor().addParam("oid", str).addParam("type", (Class<?>) cls).build();
        enterModelMethod();
        try {
            try {
                ModelImplUtils.clearRequestee(task);
                PrismObject asPrismContainer = this.objectResolver.getObject(cls, str, null, task, build).asPrismContainer();
                executeRecompute(asPrismContainer, modelExecuteOptions, task, build);
                build.close();
                build.cleanup();
                exitModelMethod();
                LOGGER.trace("Recomputing of {}: {}", asPrismContainer, build.getStatus());
            } finally {
            }
        } catch (Throwable th) {
            build.close();
            build.cleanup();
            exitModelMethod();
            throw th;
        }
    }

    public <F extends ObjectType> void executeRecompute(@NotNull PrismObject<F> prismObject, @Nullable ModelExecuteOptions modelExecuteOptions, @NotNull Task task, @NotNull OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, ObjectNotFoundException, SecurityViolationException, PolicyViolationException, ObjectAlreadyExistsException {
        LOGGER.debug("Recomputing {}", prismObject);
        LensContext<F> createRecomputeContext = this.contextFactory.createRecomputeContext(prismObject, modelExecuteOptions, task, operationResult);
        this.securityEnforcer.authorize(ModelAuthorizationAction.RECOMPUTE.getUrl(), AuthorizationPhaseType.REQUEST, AuthorizationParameters.forObject(prismObject.asObjectable()), SecurityEnforcer.Options.create(), task, operationResult);
        LOGGER.trace("Recomputing {}, context:\n{}", prismObject, createRecomputeContext.debugDumpLazily());
        this.clockwork.run(createRecomputeContext, task, operationResult);
    }

    private void applyDefinitions(Collection<ObjectDelta<? extends ObjectType>> collection, ModelExecuteOptions modelExecuteOptions, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        Iterator<ObjectDelta<? extends ObjectType>> it = collection.iterator();
        while (it.hasNext()) {
            applyDefinition(it.next(), modelExecuteOptions, task, operationResult);
        }
    }

    private <O extends ObjectType> void applyDefinition(ObjectDelta<O> objectDelta, ModelExecuteOptions modelExecuteOptions, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        Class<O> objectTypeClass = objectDelta.getObjectTypeClass();
        if (objectDelta.hasCompleteDefinition()) {
            return;
        }
        if (objectTypeClass != ResourceType.class && !ShadowType.class.isAssignableFrom(objectTypeClass)) {
            PrismObjectDefinition<O> findObjectDefinitionByCompileTimeClass = this.prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(objectTypeClass);
            if (findObjectDefinitionByCompileTimeClass == null) {
                throw new SchemaException("No definition for delta object type class: " + objectTypeClass);
            }
            objectDelta.applyDefinitionIfPresent(findObjectDefinitionByCompileTimeClass, ModelExecuteOptions.isRaw(modelExecuteOptions));
            return;
        }
        try {
            this.provisioning.applyDefinition(objectDelta, task, operationResult);
        } catch (CommonException e) {
            if (ModelExecuteOptions.isRaw(modelExecuteOptions)) {
                ModelImplUtils.recordPartialError(operationResult, e);
            } else {
                ModelImplUtils.recordFatalError(operationResult, e);
                throw e;
            }
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // com.evolveum.midpoint.model.api.ModelService
    public <T extends ObjectType> SearchResultList<PrismObject<T>> searchObjects(Class<T> cls, ObjectQuery objectQuery, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        SearchResultList<PrismObject<T>> searchObjects;
        Validate.notNull(cls, "Object type must not be null.", new Object[0]);
        Validate.notNull(operationResult, "Operation result must not be null.", new Object[0]);
        ObjectQuery m1778clone = objectQuery != null ? objectQuery.m1778clone() : null;
        if (m1778clone != null) {
            ModelImplUtils.validatePaging(m1778clone.getPaging());
        }
        OP_LOGGER.trace("MODEL OP enter searchObjects({},{},{})", cls.getSimpleName(), m1778clone, collection);
        OperationResult addParam = operationResult.createSubresult(SEARCH_OBJECTS).addParam("type", (Class<?>) cls).addParam("query", m1778clone);
        try {
            ParsedGetOperationOptions preProcessOptionsSecurity = preProcessOptionsSecurity(collection, task, addParam);
            Collection<SelectorOptions<GetOperationOptions>> collection2 = preProcessOptionsSecurity.getCollection();
            GetOperationOptions rootOptions = preProcessOptionsSecurity.getRootOptions();
            ObjectTypes.ObjectManager objectManager = getObjectManager(cls, collection2);
            addParam.addArbitraryObjectAsParam("searchProvider", (Object) objectManager);
            if (checkNoneFilterBeforeAutz(m1778clone)) {
                SearchResultList<PrismObject<T>> empty = SearchResultList.empty();
                addParam.close();
                addParam.cleanup();
                return empty;
            }
            ObjectQuery preProcessQuerySecurity = preProcessQuerySecurity(cls, m1778clone, rootOptions, task, addParam);
            if (checkNoneFilterAfterAutz(preProcessQuerySecurity, addParam)) {
                SearchResultList<PrismObject<T>> empty2 = SearchResultList.empty();
                addParam.close();
                addParam.cleanup();
                return empty2;
            }
            try {
                enterModelMethod();
                try {
                    try {
                        logQuery(preProcessQuerySecurity);
                        try {
                            if (GetOperationOptions.isRaw(rootOptions)) {
                                QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(true);
                            }
                            switch (objectManager) {
                                case REPOSITORY:
                                    searchObjects = this.cacheRepositoryService.searchObjects(cls, normalizeQueryIfShadowUsed(cls, preProcessQuerySecurity), collection2, addParam);
                                    break;
                                case PROVISIONING:
                                    searchObjects = this.provisioning.searchObjects(cls, preProcessQuerySecurity, collection2, task, addParam);
                                    break;
                                case TASK_MANAGER:
                                    searchObjects = this.taskManager.searchObjects(cls, preProcessQuerySecurity, collection2, addParam);
                                    break;
                                default:
                                    throw new AssertionError("Unexpected search provider: " + objectManager);
                            }
                            QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(false);
                            LOGGER.trace("Basic search returned {} results (before hooks, security, etc.)", Integer.valueOf(searchObjects.size()));
                            Iterator<PrismObject<T>> it = searchObjects.iterator();
                            while (it.hasNext()) {
                                PrismObject<T> next = it.next();
                                this.hookRegistry.invokeReadHooks(next, collection2, task, addParam);
                                executeResolveOptions(next.asObjectable(), preProcessOptionsSecurity, task, addParam);
                            }
                            if (objectManager == ObjectTypes.ObjectManager.REPOSITORY && !GetOperationOptions.isRaw(rootOptions)) {
                                Iterator<PrismObject<T>> it2 = searchObjects.iterator();
                                while (it2.hasNext()) {
                                    PrismObject<T> next2 = it2.next();
                                    if ((next2.asObjectable() instanceof ResourceType) || (next2.asObjectable() instanceof ShadowType)) {
                                        applyProvisioningDefinition(next2, task, addParam);
                                    }
                                }
                            }
                            SearchResultList<PrismObject<T>> applySchemasAndSecurityToObjects = this.schemaTransformer.applySchemasAndSecurityToObjects(searchObjects, preProcessOptionsSecurity, task, addParam);
                            exitModelMethod();
                            LOGGER.trace("Final search returned {} results (after hooks, security and all other processing)", Integer.valueOf(applySchemasAndSecurityToObjects.size()));
                            if (OP_LOGGER.isDebugEnabled()) {
                                OP_LOGGER.debug("MODEL OP exit searchObjects({},{},{}): {}", cls.getSimpleName(), m1778clone, collection, applySchemasAndSecurityToObjects.shortDump());
                            }
                            if (OP_LOGGER.isTraceEnabled()) {
                                OP_LOGGER.trace("MODEL OP exit searchObjects({},{},{}): {}\n{}", cls.getSimpleName(), m1778clone, collection, applySchemasAndSecurityToObjects.shortDump(), DebugUtil.debugDump((Collection<?>) applySchemasAndSecurityToObjects.getList(), 1));
                            }
                            return applySchemasAndSecurityToObjects;
                        } catch (Exception e) {
                            recordSearchException(e, objectManager, addParam);
                            throw e;
                        }
                    } catch (Throwable th) {
                        addParam.recordException(th);
                        throw th;
                    }
                } catch (Throwable th2) {
                    QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(false);
                    throw th2;
                }
            } catch (Throwable th3) {
                exitModelMethod();
                throw th3;
            }
        } finally {
            addParam.close();
            addParam.cleanup();
        }
    }

    private ObjectQuery normalizeQueryIfShadowUsed(Class<?> cls, ObjectQuery objectQuery) {
        return ShadowType.class.equals(cls) ? this.resourceSchemaRegistry.tryToNormalizeQuery(objectQuery) : objectQuery;
    }

    @NotNull
    public static <T extends ObjectType> ObjectTypes.ObjectManager getObjectManager(Class<T> cls, Collection<SelectorOptions<GetOperationOptions>> collection) {
        if (GetOperationOptions.isRaw((GetOperationOptions) SelectorOptions.findRootOptions(collection))) {
            return ObjectTypes.ObjectManager.REPOSITORY;
        }
        ObjectTypes.ObjectManager objectManagerForClass = ObjectTypes.getObjectManagerForClass(cls);
        return (objectManagerForClass == null || objectManagerForClass == ObjectTypes.ObjectManager.MODEL) ? ObjectTypes.ObjectManager.REPOSITORY : objectManagerForClass;
    }

    private <T extends ObjectType> void applyProvisioningDefinition(PrismObject<T> prismObject, Task task, OperationResult operationResult) {
        OperationResult build = operationResult.subresult(OP_APPLY_PROVISIONING_DEFINITION).setMinor().addParam("object", (PrismObject<? extends ObjectType>) prismObject).build();
        try {
            try {
                this.provisioning.applyDefinition(prismObject, task, build);
                build.close();
            } catch (Throwable th) {
                LoggingUtils.logExceptionAsWarning(LOGGER, "Couldn't apply definition to {} (returning with fetchResult set)", th, prismObject);
                build.recordPartialError(th);
                prismObject.asObjectable().setFetchResult(build.createBeanReduced());
                build.close();
            }
        } catch (Throwable th2) {
            build.close();
            throw th2;
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // com.evolveum.midpoint.model.api.ModelService
    public <T extends Containerable> SearchResultList<T> searchContainers(@NotNull Class<T> cls, @Nullable ObjectQuery objectQuery, @Nullable Collection<SelectorOptions<GetOperationOptions>> collection, @NotNull Task task, @NotNull OperationResult operationResult) throws SchemaException, SecurityViolationException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException {
        Validate.notNull(cls, "Container value type must not be null.", new Object[0]);
        Validate.notNull(operationResult, "Result type must not be null.", new Object[0]);
        if (objectQuery != null) {
            ModelImplUtils.validatePaging(objectQuery.getPaging());
        }
        OperationResult addParam = operationResult.createSubresult(SEARCH_CONTAINERS).addParam("type", (Class<?>) cls).addParam("query", objectQuery);
        try {
            try {
                ParsedGetOperationOptions preProcessOptionsSecurity = preProcessOptionsSecurity(GetOperationOptions.updateToReadWriteSafe(collection), task, addParam);
                Collection<SelectorOptions<GetOperationOptions>> collection2 = preProcessOptionsSecurity.getCollection();
                if (checkNoneFilterBeforeAutz(objectQuery)) {
                    SearchResultList<T> empty = SearchResultList.empty();
                    addParam.close();
                    addParam.cleanup();
                    return empty;
                }
                ContainerSearchLikeOpContext containerSearchLikeOpContext = new ContainerSearchLikeOpContext(cls, objectQuery, preProcessOptionsSecurity, task, addParam);
                GetOperationOptions rootOptions = preProcessOptionsSecurity.getRootOptions();
                ObjectQuery objectQuery2 = containerSearchLikeOpContext.securityRestrictedQuery;
                if (checkNoneFilterAfterAutz(objectQuery2, addParam)) {
                    SearchResultList<T> empty2 = SearchResultList.empty();
                    addParam.close();
                    addParam.cleanup();
                    return empty2;
                }
                enterModelMethod();
                try {
                    try {
                        logQuery(objectQuery2);
                        try {
                            if (GetOperationOptions.isRaw(rootOptions)) {
                                QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(true);
                            }
                            switch (containerSearchLikeOpContext.manager) {
                                case REPOSITORY:
                                    SearchResultList<T> searchContainers = this.cacheRepositoryService.searchContainers(cls, objectQuery2, collection2, addParam);
                                    QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(false);
                                    Iterator<T> it = searchContainers.iterator();
                                    while (it.hasNext()) {
                                        executeResolveOptions(it.next(), preProcessOptionsSecurity, task, addParam);
                                    }
                                    exitModelMethod();
                                    if (containerSearchLikeOpContext.skipSecurityPostProcessing) {
                                        LOGGER.debug("Objects of type '{}' do not have security constraints applied yet", cls.getSimpleName());
                                    } else {
                                        this.schemaTransformer.applySchemasAndSecurityToContainerValues(searchContainers, preProcessOptionsSecurity, task, addParam);
                                    }
                                    return searchContainers;
                                default:
                                    throw new IllegalStateException();
                            }
                        } catch (SchemaException | RuntimeException e) {
                            recordSearchException(e, containerSearchLikeOpContext.manager, addParam);
                            throw e;
                        }
                    } catch (Throwable th) {
                        exitModelMethod();
                        throw th;
                    }
                } catch (Throwable th2) {
                    QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(false);
                    throw th2;
                }
            } catch (Throwable th3) {
                addParam.recordException(th3);
                throw th3;
            }
        } finally {
            addParam.close();
            addParam.cleanup();
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // com.evolveum.midpoint.model.api.ModelService
    public <T extends Containerable> SearchResultMetadata searchContainersIterative(Class<T> cls, ObjectQuery objectQuery, ObjectHandler<T> objectHandler, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        Validate.notNull(cls, "Container type must not be null.", new Object[0]);
        Validate.notNull(operationResult, "Result type must not be null.", new Object[0]);
        ObjectQuery m1778clone = objectQuery != null ? objectQuery.m1778clone() : null;
        if (m1778clone != null) {
            ModelImplUtils.validatePaging(m1778clone.getPaging());
        }
        OP_LOGGER.trace("MODEL OP enter searchContainersIterative({},{},{})", cls.getSimpleName(), m1778clone, collection);
        OperationResult addParam = operationResult.createSubresult(SEARCH_CONTAINERS).addParam("query", m1778clone);
        try {
            ParsedGetOperationOptions preProcessOptionsSecurity = preProcessOptionsSecurity(GetOperationOptions.updateToReadWriteSafe(collection), task, addParam);
            Collection<SelectorOptions<GetOperationOptions>> collection2 = preProcessOptionsSecurity.getCollection();
            if (checkNoneFilterBeforeAutz(m1778clone)) {
                return null;
            }
            ContainerSearchLikeOpContext containerSearchLikeOpContext = new ContainerSearchLikeOpContext(cls, objectQuery, preProcessOptionsSecurity, task, addParam);
            GetOperationOptions rootOptions = preProcessOptionsSecurity.getRootOptions();
            ObjectQuery objectQuery2 = containerSearchLikeOpContext.securityRestrictedQuery;
            if (checkNoneFilterAfterAutz(objectQuery2, addParam)) {
                addParam.close();
                addParam.cleanup();
                return null;
            }
            ObjectHandler<T> objectHandler2 = (containerable, operationResult2) -> {
                PrismValue cloneIfImmutable = containerable.asPrismContainerValue().cloneIfImmutable();
                Containerable containerable = (Containerable) cloneIfImmutable.getRealValue();
                try {
                    if (containerSearchLikeOpContext.skipSecurityPostProcessing) {
                        LOGGER.debug("Objects of type '{}' do not have security constraints applied yet", cls.getSimpleName());
                    } else {
                        SearchResultList searchResultList = new SearchResultList();
                        searchResultList.add(containerable);
                        this.schemaTransformer.applySchemasAndSecurityToContainerValues(searchResultList, preProcessOptionsSecurity, task, addParam);
                    }
                    OP_LOGGER.debug("MODEL OP handle searchContainersIterative({},{},{}): {}", cls.getSimpleName(), m1778clone, collection, containerable);
                    if (OP_LOGGER.isTraceEnabled()) {
                        OP_LOGGER.trace("MODEL OP handle searchContainersIterative({},{},{}):\n{}", cls.getSimpleName(), m1778clone, collection, DebugUtil.debugDump((DebugDumpable) containerable, 1));
                    }
                    return objectHandler.handle((Containerable) cloneIfImmutable.getRealValue(), operationResult2);
                } catch (CommonException e) {
                    operationResult2.recordException(e);
                    throw new SystemException(e.getMessage(), e);
                }
            };
            try {
                try {
                    enterModelMethodNoRepoCache();
                    logQuery(objectQuery2);
                    if (GetOperationOptions.isRaw(rootOptions)) {
                        QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(true);
                    }
                    switch (containerSearchLikeOpContext.manager) {
                        case REPOSITORY:
                            SearchResultMetadata searchContainersIterative = this.cacheRepositoryService.searchContainersIterative(cls, objectQuery2, objectHandler2, collection2, addParam);
                            exitModelMethodNoRepoCache();
                            if (OP_LOGGER.isDebugEnabled()) {
                                OP_LOGGER.debug("MODEL OP exit searchObjects({},{},{}): {}", cls.getSimpleName(), m1778clone, collection, searchContainersIterative);
                            }
                            addParam.close();
                            addParam.cleanup();
                            return searchContainersIterative;
                        default:
                            throw new IllegalStateException();
                    }
                } catch (Throwable th) {
                    exitModelMethodNoRepoCache();
                    throw th;
                }
            } catch (Exception e) {
                addParam.recordException(e);
                throw e;
            }
        } finally {
            addParam.close();
            addParam.cleanup();
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public <T extends Containerable> Integer countContainers(Class<T> cls, ObjectQuery objectQuery, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        Validate.notNull(cls, "Container value type must not be null.", new Object[0]);
        Validate.notNull(operationResult, "Result type must not be null.", new Object[0]);
        OperationResult addParam = operationResult.createSubresult(COUNT_CONTAINERS).addParam("type", (Class<?>) cls).addParam("query", objectQuery);
        try {
            ParsedGetOperationOptions preProcessOptionsSecurity = preProcessOptionsSecurity(collection, task, addParam);
            if (checkNoneFilterBeforeAutz(objectQuery)) {
                addParam.close();
                addParam.cleanup();
                return 0;
            }
            ContainerSearchLikeOpContext containerSearchLikeOpContext = new ContainerSearchLikeOpContext(cls, objectQuery, preProcessOptionsSecurity, task, addParam);
            ObjectQuery objectQuery2 = containerSearchLikeOpContext.securityRestrictedQuery;
            if (checkNoneFilterAfterAutz(objectQuery2, addParam)) {
                addParam.close();
                addParam.cleanup();
                return 0;
            }
            enterModelMethod();
            try {
                try {
                    logQuery(objectQuery2);
                    Collection<SelectorOptions<GetOperationOptions>> collection2 = preProcessOptionsSecurity.getCollection();
                    switch (containerSearchLikeOpContext.manager) {
                        case REPOSITORY:
                            Integer valueOf = Integer.valueOf(this.cacheRepositoryService.countContainers(cls, objectQuery2, collection2, addParam));
                            exitModelMethod();
                            addParam.close();
                            addParam.cleanup();
                            return valueOf;
                        default:
                            throw new IllegalStateException();
                    }
                } catch (Throwable th) {
                    exitModelMethod();
                    throw th;
                }
            } catch (RuntimeException e) {
                recordSearchException(e, containerSearchLikeOpContext.manager, addParam);
                throw e;
            }
        } catch (Throwable th2) {
            addParam.close();
            addParam.cleanup();
            throw th2;
        }
    }

    private boolean checkNoneFilterBeforeAutz(ObjectQuery objectQuery) {
        if (!ObjectQueryUtil.isNoneQuery(objectQuery)) {
            return false;
        }
        LOGGER.trace("Skipping the search/count operation, as the NONE filter was requested");
        return true;
    }

    private boolean checkNoneFilterAfterAutz(ObjectQuery objectQuery, OperationResult operationResult) {
        if (!ObjectQueryUtil.isNoneQuery(objectQuery)) {
            return false;
        }
        LOGGER.trace("Security denied the search/coount operation");
        operationResult.setNotApplicable("Denied");
        return true;
    }

    private void logQuery(ObjectQuery objectQuery) {
        if (LOGGER.isTraceEnabled()) {
            if (objectQuery == null) {
                LOGGER.trace("Searching objects with null paging and null (processed) query.");
            } else if (objectQuery.getPaging() == null) {
                LOGGER.trace("Searching objects with null paging. Processed query:\n{}", objectQuery.debugDump(1));
            } else {
                LOGGER.trace("Searching objects from {} to {} ordered {} by {}. Processed query:\n{}", objectQuery.getPaging().getOffset(), objectQuery.getPaging().getMaxSize(), objectQuery.getPaging().getPrimaryOrderingDirection(), objectQuery.getPaging().getPrimaryOrderingPath(), objectQuery.debugDump(1));
            }
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // com.evolveum.midpoint.model.api.ModelService
    public <T extends ObjectType> SearchResultMetadata searchObjectsIterative(Class<T> cls, ObjectQuery objectQuery, ResultHandler<T> resultHandler, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        SearchResultMetadata searchObjectsIterative;
        Validate.notNull(cls, "Object type must not be null.", new Object[0]);
        Validate.notNull(operationResult, "Result type must not be null.", new Object[0]);
        ObjectQuery m1778clone = objectQuery != null ? objectQuery.m1778clone() : null;
        if (m1778clone != null) {
            ModelImplUtils.validatePaging(m1778clone.getPaging());
        }
        OP_LOGGER.trace("MODEL OP enter searchObjectsIterative({},{},{})", cls.getSimpleName(), m1778clone, collection);
        OperationResult addParam = operationResult.createSubresult(SEARCH_OBJECTS).addParam("query", m1778clone);
        try {
            ParsedGetOperationOptions preProcessOptionsSecurity = preProcessOptionsSecurity(collection, task, addParam);
            Collection<SelectorOptions<GetOperationOptions>> collection2 = preProcessOptionsSecurity.getCollection();
            GetOperationOptions getOperationOptions = (GetOperationOptions) SelectorOptions.findRootOptions(collection2);
            ObjectTypes.ObjectManager objectManager = getObjectManager(cls, collection2);
            addParam.addArbitraryObjectAsParam("searchProvider", (Object) objectManager);
            if (checkNoneFilterBeforeAutz(m1778clone)) {
                return null;
            }
            ObjectQuery preProcessQuerySecurity = preProcessQuerySecurity(cls, m1778clone, getOperationOptions, task, addParam);
            if (checkNoneFilterAfterAutz(preProcessQuerySecurity, addParam)) {
                addParam.close();
                addParam.cleanup();
                return null;
            }
            try {
                ResultHandler resultHandler2 = (prismObject, operationResult2) -> {
                    try {
                        PrismObject<? extends ObjectType> cloneIfImmutable = prismObject.cloneIfImmutable();
                        this.hookRegistry.invokeReadHooks(cloneIfImmutable, collection2, task, operationResult2);
                        executeResolveOptions(cloneIfImmutable.asObjectable(), preProcessOptionsSecurity, task, operationResult2);
                        this.schemaTransformer.applySchemasAndSecurityToObject(cloneIfImmutable, preProcessOptionsSecurity, task, operationResult2);
                        OP_LOGGER.debug("MODEL OP handle searchObjects({},{},{}): {}", cls.getSimpleName(), m1778clone, collection, cloneIfImmutable);
                        if (OP_LOGGER.isTraceEnabled()) {
                            OP_LOGGER.trace("MODEL OP handle searchObjects({},{},{}):\n{}", cls.getSimpleName(), m1778clone, collection, cloneIfImmutable.debugDump(1));
                        }
                        return resultHandler.handle(cloneIfImmutable, operationResult2);
                    } catch (CommonException e) {
                        operationResult2.recordException(e);
                        throw new SystemException(e.getMessage(), e);
                    }
                };
                ResultHandler<T> providingOwnOperationResult = resultHandler2.providingOwnOperationResult(OP_HANDLE_OBJECT_FOUND);
                try {
                    enterModelMethodNoRepoCache();
                    logQuery(preProcessQuerySecurity);
                    switch (objectManager) {
                        case REPOSITORY:
                            searchObjectsIterative = this.cacheRepositoryService.searchObjectsIterative(cls, normalizeQueryIfShadowUsed(cls, preProcessQuerySecurity), providingOwnOperationResult, collection2, true, addParam);
                            break;
                        case PROVISIONING:
                            searchObjectsIterative = this.provisioning.searchObjectsIterative(cls, preProcessQuerySecurity, collection2, providingOwnOperationResult, task, addParam);
                            break;
                        case TASK_MANAGER:
                            searchObjectsIterative = this.taskManager.searchObjectsIterative(cls, preProcessQuerySecurity, collection2, providingOwnOperationResult, addParam);
                            break;
                        default:
                            throw new AssertionError("Unexpected search provider: " + objectManager);
                    }
                    exitModelMethodNoRepoCache();
                    if (OP_LOGGER.isDebugEnabled()) {
                        OP_LOGGER.debug("MODEL OP exit searchObjects({},{},{}): {}", cls.getSimpleName(), m1778clone, collection, searchObjectsIterative);
                    }
                    SearchResultMetadata searchResultMetadata = searchObjectsIterative;
                    addParam.close();
                    addParam.cleanup();
                    return searchResultMetadata;
                } catch (Exception e) {
                    recordSearchException(e, objectManager, addParam);
                    throw e;
                }
            } catch (Throwable th) {
                exitModelMethodNoRepoCache();
                throw th;
            }
        } finally {
            addParam.close();
            addParam.cleanup();
        }
    }

    private void recordSearchException(Throwable th, ObjectTypes.ObjectManager objectManager, OperationResult operationResult) {
        String str;
        switch (objectManager) {
            case REPOSITORY:
                str = "Couldn't search objects in repository";
                break;
            case PROVISIONING:
                str = "Couldn't search objects in provisioning";
                break;
            case TASK_MANAGER:
                str = "Couldn't search objects in task manager";
                break;
            default:
                str = "Couldn't search objects";
                break;
        }
        LoggingUtils.logExceptionAsWarning(LOGGER, str, th, new Object[0]);
        operationResult.recordException(str, th);
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public <T extends ObjectType> Integer countObjects(Class<T> cls, ObjectQuery objectQuery, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, CommunicationException, ExpressionEvaluationException {
        Integer valueOf;
        ObjectQuery m1778clone = objectQuery != null ? objectQuery.m1778clone() : null;
        OperationResult createMinorSubresult = operationResult.createMinorSubresult(COUNT_OBJECTS);
        createMinorSubresult.addParam("query", m1778clone);
        enterModelMethod();
        try {
            try {
                ParsedGetOperationOptions preProcessOptionsSecurity = preProcessOptionsSecurity(collection, task, createMinorSubresult);
                GetOperationOptions rootOptions = preProcessOptionsSecurity.getRootOptions();
                Collection<SelectorOptions<GetOperationOptions>> collection2 = preProcessOptionsSecurity.getCollection();
                if (checkNoneFilterBeforeAutz(m1778clone)) {
                    exitModelMethod();
                    createMinorSubresult.close();
                    createMinorSubresult.cleanup();
                    return 0;
                }
                ObjectQuery preProcessQuerySecurity = preProcessQuerySecurity(cls, m1778clone, rootOptions, task, createMinorSubresult);
                if (checkNoneFilterAfterAutz(preProcessQuerySecurity, createMinorSubresult)) {
                    exitModelMethod();
                    createMinorSubresult.close();
                    createMinorSubresult.cleanup();
                    return 0;
                }
                ObjectTypes.ObjectManager objectManager = getObjectManager(cls, collection2);
                switch (objectManager) {
                    case REPOSITORY:
                        valueOf = Integer.valueOf(this.cacheRepositoryService.countObjects(cls, normalizeQueryIfShadowUsed(cls, preProcessQuerySecurity), collection2, operationResult));
                        break;
                    case PROVISIONING:
                        valueOf = this.provisioning.countObjects(cls, preProcessQuerySecurity, collection2, task, operationResult);
                        break;
                    case TASK_MANAGER:
                        valueOf = Integer.valueOf(this.taskManager.countObjects(cls, preProcessQuerySecurity, operationResult));
                        break;
                    default:
                        throw new AssertionError("Unexpected objectManager: " + objectManager);
                }
                return valueOf;
            } catch (Throwable th) {
                ModelImplUtils.recordException(createMinorSubresult, th);
                throw th;
            }
        } finally {
            exitModelMethod();
            createMinorSubresult.close();
            createMinorSubresult.cleanup();
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public PrismObject<? extends FocusType> searchShadowOwner(String str, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws ObjectNotFoundException, SecurityViolationException, SchemaException, ConfigurationException, ExpressionEvaluationException, CommunicationException {
        Validate.notEmpty(str, "Account oid must not be null or empty.", new Object[0]);
        Validate.notNull(operationResult, "Result type must not be null.", new Object[0]);
        enterModelMethod();
        LOGGER.trace("Listing account shadow owner for account with oid {}.", str);
        OperationResult createSubresult = operationResult.createSubresult(LIST_ACCOUNT_SHADOW_OWNER);
        createSubresult.addParam("shadowOid", str);
        try {
            try {
                PrismObject<? extends FocusType> searchShadowOwner = this.cacheRepositoryService.searchShadowOwner(str, preProcessOptionsSecurity(collection, task, createSubresult).getCollection(), createSubresult);
                if (searchShadowOwner != null) {
                    try {
                        searchShadowOwner = this.schemaTransformer.applySchemasAndSecurityToObject(searchShadowOwner, ParsedGetOperationOptions.empty(), task, createSubresult);
                    } catch (CommunicationException | ConfigurationException | ObjectNotFoundException | SchemaException | SecurityViolationException e) {
                        LoggingUtils.logException(LOGGER, "Couldn't list account shadow owner from repository for account with oid {}", e, str);
                        createSubresult.recordFatalError("Couldn't list account shadow owner for account with oid '" + str + "'.", e);
                        throw e;
                    }
                }
                return searchShadowOwner;
            } catch (Throwable th) {
                LoggingUtils.logException(LOGGER, "Couldn't list account shadow owner from repository for account with oid {}", th, str);
                createSubresult.recordFatalError("Couldn't list account shadow owner for account with oid '" + str + "'.", th);
                throw th;
            }
        } finally {
            exitModelMethod();
            createSubresult.close();
            createSubresult.cleanup();
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public SearchResultList<ObjectReferenceType> searchReferences(ObjectQuery objectQuery, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException {
        Objects.requireNonNull(objectQuery, "Query must be provided for reference search");
        Validate.notNull(operationResult, "Result type must not be null.", new Object[0]);
        ModelImplUtils.validatePaging(objectQuery.getPaging());
        OperationResult addParam = operationResult.createSubresult(SEARCH_REFERENCES).addParam("query", objectQuery);
        try {
            Collection<SelectorOptions<GetOperationOptions>> collection2 = preProcessOptionsSecurity(collection, task, addParam).getCollection();
            if (checkNoneFilterBeforeAutz(objectQuery)) {
                SearchResultList<ObjectReferenceType> empty = SearchResultList.empty();
                addParam.close();
                addParam.cleanup();
                return empty;
            }
            ObjectQuery preProcessReferenceQuerySecurity = preProcessReferenceQuerySecurity(objectQuery, task, addParam);
            if (checkNoneFilterAfterAutz(preProcessReferenceQuerySecurity, addParam)) {
                SearchResultList<ObjectReferenceType> empty2 = SearchResultList.empty();
                addParam.close();
                addParam.cleanup();
                return empty2;
            }
            enterModelMethod();
            try {
                try {
                    logQuery(preProcessReferenceQuerySecurity);
                    SearchResultList<ObjectReferenceType> searchReferences = this.cacheRepositoryService.searchReferences(preProcessReferenceQuerySecurity, collection2, addParam);
                    exitModelMethod();
                    return searchReferences;
                } catch (SchemaException | RuntimeException e) {
                    recordSearchException(e, ObjectTypes.ObjectManager.REPOSITORY, addParam);
                    throw e;
                }
            } catch (Throwable th) {
                exitModelMethod();
                throw th;
            }
        } finally {
            addParam.close();
            addParam.cleanup();
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public Integer countReferences(ObjectQuery objectQuery, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        Objects.requireNonNull(objectQuery, "Query must be provided for reference search");
        Validate.notNull(operationResult, "Result type must not be null.", new Object[0]);
        OperationResult addParam = operationResult.createSubresult(COUNT_REFERENCES).addParam("query", objectQuery);
        try {
            Collection<SelectorOptions<GetOperationOptions>> collection2 = preProcessOptionsSecurity(collection, task, addParam).getCollection();
            if (checkNoneFilterBeforeAutz(objectQuery)) {
                addParam.close();
                addParam.cleanup();
                return 0;
            }
            ObjectQuery preProcessReferenceQuerySecurity = preProcessReferenceQuerySecurity(objectQuery, task, addParam);
            if (checkNoneFilterAfterAutz(preProcessReferenceQuerySecurity, addParam)) {
                addParam.close();
                addParam.cleanup();
                return 0;
            }
            enterModelMethod();
            try {
                try {
                    logQuery(preProcessReferenceQuerySecurity);
                    Integer valueOf = Integer.valueOf(this.cacheRepositoryService.countReferences(preProcessReferenceQuerySecurity, collection2, addParam));
                    exitModelMethod();
                    addParam.close();
                    addParam.cleanup();
                    return valueOf;
                } catch (RuntimeException e) {
                    recordSearchException(e, ObjectTypes.ObjectManager.REPOSITORY, addParam);
                    throw e;
                }
            } catch (Throwable th) {
                exitModelMethod();
                throw th;
            }
        } catch (Throwable th2) {
            addParam.close();
            addParam.cleanup();
            throw th2;
        }
    }

    private ObjectQuery preProcessReferenceQuerySecurity(ObjectQuery objectQuery, Task task, OperationResult operationResult) {
        return objectQuery;
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public SearchResultMetadata searchReferencesIterative(@NotNull ObjectQuery objectQuery, @NotNull ObjectHandler<ObjectReferenceType> objectHandler, @Nullable Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException {
        Objects.requireNonNull(objectQuery, "Query must be provided for reference search");
        Validate.notNull(operationResult, "Result type must not be null.", new Object[0]);
        OP_LOGGER.trace("MODEL OP enter searchReferencesIterative({}, {})", objectQuery, collection);
        ModelImplUtils.validatePaging(objectQuery.getPaging());
        OperationResult addParam = operationResult.createSubresult(SEARCH_REFERENCES).addParam("query", objectQuery);
        try {
            Collection<SelectorOptions<GetOperationOptions>> collection2 = preProcessOptionsSecurity(collection, task, addParam).getCollection();
            if (checkNoneFilterBeforeAutz(objectQuery)) {
                return null;
            }
            ObjectQuery preProcessReferenceQuerySecurity = preProcessReferenceQuerySecurity(objectQuery, task, addParam);
            if (checkNoneFilterAfterAutz(preProcessReferenceQuerySecurity, addParam)) {
                addParam.close();
                addParam.cleanup();
                return null;
            }
            ObjectHandler<ObjectReferenceType> objectHandler2 = (objectReferenceType, operationResult2) -> {
                PrismReferenceValue asReferenceValue = objectReferenceType.asReferenceValue();
                if (OP_LOGGER.isTraceEnabled()) {
                    OP_LOGGER.trace("MODEL OP handle searchReferencesIterative({}, {}):\n{}", objectQuery, collection2, asReferenceValue.debugDump(1));
                } else {
                    OP_LOGGER.debug("MODEL OP handle searchReferencesIterative({}, {}): {}", objectQuery, collection2, asReferenceValue);
                }
                return objectHandler.handle(objectReferenceType, operationResult2);
            };
            try {
                try {
                    enterModelMethodNoRepoCache();
                    logQuery(preProcessReferenceQuerySecurity);
                    SearchResultMetadata searchReferencesIterative = this.cacheRepositoryService.searchReferencesIterative(preProcessReferenceQuerySecurity, objectHandler2, collection2, addParam);
                    exitModelMethodNoRepoCache();
                    addParam.close();
                    addParam.cleanup();
                    return searchReferencesIterative;
                } catch (SchemaException | RuntimeException e) {
                    recordSearchException(e, ObjectTypes.ObjectManager.REPOSITORY, addParam);
                    throw e;
                }
            } catch (Throwable th) {
                exitModelMethodNoRepoCache();
                throw th;
            }
        } finally {
            addParam.close();
            addParam.cleanup();
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public OperationResult testResource(String str, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, ConfigurationException, ExpressionEvaluationException, CommunicationException, SecurityViolationException {
        Validate.notEmpty(str, "Resource oid must not be null or empty.", new Object[0]);
        LOGGER.trace("Testing resource OID: {}", str);
        enterModelMethod();
        try {
            try {
                authorizeResourceOperation(ModelAuthorizationAction.TEST, str, task, operationResult);
                OperationResult testResource = this.provisioning.testResource(str, task, operationResult);
                LOGGER.debug("Finished testing resource OID: {}, result: {} ", str, testResource.getStatus());
                LOGGER.trace("Test result:\n{}", DebugUtil.lazy(() -> {
                    return testResource.dump(false);
                }));
                exitModelMethod();
                return testResource;
            } catch (Throwable th) {
                LOGGER.error("Error testing resource OID: {}: {}: {}", str, th.getClass().getSimpleName(), th.getMessage(), th);
                throw th;
            }
        } catch (Throwable th2) {
            exitModelMethod();
            throw th2;
        }
    }

    private ResourceType authorizeResourceOperation(@NotNull ModelAuthorizationAction modelAuthorizationAction, @NotNull String str, @NotNull Task task, @NotNull OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ConfigurationException, ObjectNotFoundException {
        PrismObject object = this.provisioning.getObject(ResourceType.class, str, GetOperationOptions.readOnly(), task, operationResult);
        this.securityEnforcer.authorize(modelAuthorizationAction.getUrl(), null, AuthorizationParameters.forObject((ResourceType) object.asObjectable()), task, operationResult);
        return (ResourceType) object.asObjectable();
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public OperationResult testResource(PrismObject<ResourceType> prismObject, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, ConfigurationException {
        Validate.notNull(prismObject, "Resource must not be null.", new Object[0]);
        LOGGER.trace("Testing resource: {}", prismObject);
        enterModelMethod();
        try {
            OperationResult testResource = this.provisioning.testResource(prismObject, task, operationResult);
            LOGGER.debug("Finished testing resource: {}, result: {} ", prismObject, testResource.getStatus());
            LOGGER.trace("Test result:\n{}", DebugUtil.lazy(() -> {
                return testResource.dump(false);
            }));
            exitModelMethod();
            return testResource;
        } catch (Throwable th) {
            exitModelMethod();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public OperationResult testResourcePartialConfiguration(PrismObject<ResourceType> prismObject, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, ConfigurationException {
        Validate.notNull(prismObject, "Resource must not be null.", new Object[0]);
        LOGGER.trace("Testing partial configuration of resource: {}", prismObject);
        enterModelMethodNoRepoCache();
        try {
            OperationResult testPartialConfiguration = this.provisioning.testPartialConfiguration(prismObject, task, operationResult);
            LOGGER.debug("Finished testing partial configuration of resource: {}, result: {} ", prismObject, testPartialConfiguration.getStatus());
            LOGGER.trace("Test result:\n{}", DebugUtil.lazy(() -> {
                return testPartialConfiguration.dump(false);
            }));
            exitModelMethodNoRepoCache();
            return testPartialConfiguration;
        } catch (Throwable th) {
            exitModelMethodNoRepoCache();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public DiscoveredConfiguration discoverResourceConnectorConfiguration(PrismObject<ResourceType> prismObject, OperationResult operationResult) {
        Validate.notNull(prismObject, "Resource must not be null.", new Object[0]);
        LOGGER.trace("Discover connector configuration for resource: {}", prismObject);
        enterModelMethodNoRepoCache();
        try {
            DiscoveredConfiguration discoverConfiguration = this.provisioning.discoverConfiguration(prismObject, operationResult);
            LOGGER.debug("Finished discover connector configuration for resource: {}, result: {} ", prismObject, operationResult.getStatus());
            LOGGER.trace("Discover connector configuration result:\n{}", DebugUtil.lazy(() -> {
                return operationResult.dump(false);
            }));
            exitModelMethodNoRepoCache();
            return discoverConfiguration;
        } catch (Throwable th) {
            exitModelMethodNoRepoCache();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    @Nullable
    public BareResourceSchema fetchSchema(@NotNull PrismObject<ResourceType> prismObject, @NotNull OperationResult operationResult) {
        Validate.notNull(prismObject, "Resource must not be null.", new Object[0]);
        LOGGER.trace("Fetch schema by connector configuration from resource: {}", prismObject);
        enterModelMethodNoRepoCache();
        try {
            BareResourceSchema fetchSchema = this.provisioning.fetchSchema(prismObject, operationResult);
            LOGGER.debug("Finished fetch schema by connector configuration from resource: {}, result: {} ", prismObject, operationResult.getStatus());
            LOGGER.trace("Fetch schema by connector configuration result:\n{}", DebugUtil.lazy(() -> {
                return operationResult.dump(false);
            }));
            exitModelMethodNoRepoCache();
            return fetchSchema;
        } catch (Throwable th) {
            exitModelMethodNoRepoCache();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    @NotNull
    public CapabilityCollectionType getNativeCapabilities(@NotNull String str, OperationResult operationResult) throws SchemaException, CommunicationException, ConfigurationException, ObjectNotFoundException {
        Validate.notNull(str, "ConnOid must not be null.", new Object[0]);
        LOGGER.trace("Getting native capabilities by connector oid: {}", str);
        enterModelMethodNoRepoCache();
        try {
            CapabilityCollectionType nativeCapabilities = this.provisioning.getNativeCapabilities(str, operationResult);
            LOGGER.debug("Finished getting native capabilities by connector oid: {}, result: {} ", str, operationResult.getStatus());
            LOGGER.trace("Getting native capabilities by connector oid:\n{}", DebugUtil.lazy(() -> {
                return operationResult.dump(false);
            }));
            exitModelMethodNoRepoCache();
            return nativeCapabilities;
        } catch (Throwable th) {
            exitModelMethodNoRepoCache();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public void importFromResource(String str, QName qName, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        Validate.notEmpty(str, "Resource oid must not be null or empty.", new Object[0]);
        Validate.notNull(qName, "Object class must not be null.", new Object[0]);
        Validate.notNull(task, "Task must not be null.", new Object[0]);
        enterModelMethod();
        LOGGER.trace("Launching import from resource with oid {} for object class {}.", str, qName);
        OperationResult createSubresult = operationResult.createSubresult(IMPORT_ACCOUNTS_FROM_RESOURCE);
        createSubresult.addParam("resourceOid", str);
        createSubresult.addParam("objectClass", qName);
        createSubresult.addArbitraryObjectAsParam("task", (Object) task);
        try {
            try {
                ResourceType authorizeResourceOperation = authorizeResourceOperation(ModelAuthorizationAction.IMPORT_FROM_RESOURCE, str, task, createSubresult);
                createSubresult.recordStatus(OperationResultStatus.IN_PROGRESS, "Task running in background");
                this.importFromResourceLauncher.launch(authorizeResourceOperation, qName, task, createSubresult);
                if (!task.isAsynchronous()) {
                    createSubresult.recordSuccess();
                }
            } finally {
            }
        } finally {
            exitModelMethod();
            createSubresult.close();
            createSubresult.cleanup();
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public void importFromResource(String str, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        Validate.notNull(str, "Shadow OID must not be null.", new Object[0]);
        Validate.notNull(task, "Task must not be null.", new Object[0]);
        enterModelMethod();
        LOGGER.trace("Launching importing shadow {} from resource.", str);
        OperationResult createSubresult = operationResult.createSubresult(IMPORT_ACCOUNTS_FROM_RESOURCE);
        createSubresult.addParam("oid", str);
        createSubresult.addArbitraryObjectAsParam("task", (Object) task);
        try {
            try {
                authorizeResourceOperation(ModelAuthorizationAction.IMPORT_FROM_RESOURCE, ShadowUtil.getResourceOidRequired((ShadowType) this.cacheRepositoryService.getObject(ShadowType.class, str, GetOperationOptions.readOnly(), createSubresult).asObjectable()), task, createSubresult);
                this.importFromResourceLauncher.importSingleShadow(str, task, createSubresult);
                exitModelMethod();
                createSubresult.close();
                createSubresult.cleanup();
            } finally {
            }
        } catch (Throwable th) {
            exitModelMethod();
            createSubresult.close();
            createSubresult.cleanup();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public void importObjectsFromFile(File file, ImportOptionsType importOptionsType, Task task, OperationResult operationResult) throws FileNotFoundException {
        OperationResult createSubresult = operationResult.createSubresult(IMPORT_OBJECTS_FROM_FILE);
        try {
            try {
                try {
                    FileInputStream fileInputStream = new FileInputStream(file);
                    try {
                        importObjectsFromStream(fileInputStream, "xml", importOptionsType, task, operationResult);
                        fileInputStream.close();
                        createSubresult.close();
                    } catch (Throwable th) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } catch (IOException e) {
                    LOGGER.error("Error closing file " + file + ": " + e.getMessage(), (Throwable) e);
                    createSubresult.close();
                }
            } catch (FileNotFoundException e2) {
                createSubresult.recordFatalError("Error reading from file " + file + ": " + e2.getMessage(), e2);
                throw e2;
            } catch (RuntimeException e3) {
                createSubresult.recordFatalError(e3);
                throw e3;
            }
        } catch (Throwable th3) {
            createSubresult.close();
            throw th3;
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public void importObjectsFromStream(InputStream inputStream, String str, ImportOptionsType importOptionsType, Task task, OperationResult operationResult) {
        enterModelMethod();
        OperationResult createSubresult = operationResult.createSubresult(IMPORT_OBJECTS_FROM_STREAM);
        createSubresult.addArbitraryObjectAsParam(OperationResult.PARAM_OPTIONS, (Object) importOptionsType);
        createSubresult.addParam("language", str);
        try {
            try {
                this.objectImporter.importObjects(inputStream, str, importOptionsType, task, createSubresult);
                LOGGER.trace("Import result:\n{}", createSubresult.debugDumpLazily());
                exitModelMethod();
                createSubresult.close();
                createSubresult.cleanup();
            } catch (RuntimeException e) {
                createSubresult.recordException(e);
                exitModelMethod();
                createSubresult.close();
                createSubresult.cleanup();
            }
        } catch (Throwable th) {
            exitModelMethod();
            createSubresult.close();
            createSubresult.cleanup();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public <O extends ObjectType> void importObject(PrismObject<O> prismObject, ImportOptionsType importOptionsType, Task task, OperationResult operationResult) {
        OperationResult createSubresult = operationResult.createSubresult(IMPORT_OBJECTS_FROM_STREAM);
        createSubresult.addArbitraryObjectAsParam(OperationResult.PARAM_OPTIONS, (Object) importOptionsType);
        enterModelMethod();
        try {
            try {
                this.objectImporter.importObject(prismObject, importOptionsType, task, createSubresult);
                exitModelMethod();
                createSubresult.close();
                createSubresult.cleanup();
            } catch (RuntimeException e) {
                createSubresult.recordException(e);
                throw e;
            }
        } catch (Throwable th) {
            exitModelMethod();
            createSubresult.close();
            createSubresult.cleanup();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public Set<ConnectorType> discoverConnectors(ConnectorHostType connectorHostType, Task task, OperationResult operationResult) throws CommunicationException, SecurityViolationException {
        enterModelMethod();
        OperationResult createSubresult = operationResult.createSubresult(DISCOVER_CONNECTORS);
        try {
            try {
                Set<ConnectorType> set = (Set) this.schemaTransformer.applySchemasAndSecurityToObjects((SearchResultList) this.provisioning.discoverConnectors(connectorHostType, createSubresult).stream().map(connectorType -> {
                    return connectorType.asPrismObject();
                }).collect(Collectors.toCollection(SearchResultList::new)), null, task, createSubresult).stream().map(prismObject -> {
                    return (ConnectorType) prismObject.asObjectable();
                }).collect(Collectors.toSet());
                exitModelMethod();
                createSubresult.close();
                createSubresult.cleanup();
                return set;
            } catch (Throwable th) {
                createSubresult.recordException(th);
                throw th;
            }
        } catch (Throwable th2) {
            exitModelMethod();
            createSubresult.close();
            createSubresult.cleanup();
            throw th2;
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public void postInit(OperationResult operationResult) {
        this.systemObjectCache.invalidateCaches();
        enterModelMethod();
        OperationResult createSubresult = operationResult.createSubresult(POST_INIT);
        createSubresult.addContext(OperationResult.CONTEXT_IMPLEMENTATION_CLASS, ModelController.class);
        try {
            try {
                this.cacheRepositoryService.postInit(createSubresult);
                this.securityContextManager.setUserProfileService(this.focusProfileService);
                this.provisioning.postInit(createSubresult);
                exitModelMethod();
                createSubresult.close();
                createSubresult.cleanup();
            } catch (SchemaException e) {
                createSubresult.recordFatalError(e);
                throw new SystemException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            exitModelMethod();
            createSubresult.close();
            createSubresult.cleanup();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public void shutdown() {
        enterModelMethod();
        this.provisioning.shutdown();
        exitModelMethod();
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public <T extends ObjectType> CompareResultType compareObject(PrismObject<T> prismObject, Collection<SelectorOptions<GetOperationOptions>> collection, ModelCompareOptions modelCompareOptions, @NotNull List<? extends ItemPath> list, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        Validate.notNull(prismObject, "Object must not be null or empty.", new Object[0]);
        Validate.notNull(operationResult, "Operation result must not be null.", new Object[0]);
        OperationResult createMinorSubresult = operationResult.createMinorSubresult(COMPARE_OBJECT);
        createMinorSubresult.addParam("oid", prismObject.getOid());
        createMinorSubresult.addParam("name", prismObject.getName());
        createMinorSubresult.addArbitraryObjectCollectionAsParam("readOptions", (Collection<?>) collection);
        createMinorSubresult.addArbitraryObjectAsParam("compareOptions", (Object) modelCompareOptions);
        createMinorSubresult.addArbitraryObjectCollectionAsParam("ignoreItems", (Collection<?>) list);
        CompareResultType compareResultType = new CompareResultType();
        try {
            try {
                Collection<SelectorOptions<GetOperationOptions>> collection2 = preProcessOptionsSecurity(collection, task, createMinorSubresult).getCollection();
                boolean isComputeCurrentToProvided = ModelCompareOptions.isComputeCurrentToProvided(modelCompareOptions);
                boolean isComputeProvidedToCurrent = ModelCompareOptions.isComputeProvidedToCurrent(modelCompareOptions);
                boolean isReturnCurrent = ModelCompareOptions.isReturnCurrent(modelCompareOptions);
                boolean isReturnNormalized = ModelCompareOptions.isReturnNormalized(modelCompareOptions);
                boolean isIgnoreOperationalItems = ModelCompareOptions.isIgnoreOperationalItems(modelCompareOptions);
                if (!isComputeCurrentToProvided && !isComputeProvidedToCurrent && !isReturnCurrent && !isReturnNormalized) {
                    return compareResultType;
                }
                PrismObject<T> prismObject2 = null;
                if (isComputeCurrentToProvided || isComputeProvidedToCurrent || isReturnCurrent) {
                    prismObject2 = fetchCurrentObject(prismObject.getCompileTimeClass(), prismObject.getOid(), prismObject.getName(), collection2, task, createMinorSubresult);
                    removeIgnoredItems(prismObject2, list);
                    if (isIgnoreOperationalItems) {
                        removeOperationalItems(prismObject2);
                    }
                }
                removeIgnoredItems(prismObject, list);
                if (isIgnoreOperationalItems) {
                    removeOperationalItems(prismObject);
                }
                if (isComputeCurrentToProvided) {
                    compareResultType.setCurrentToProvided(DeltaConvertor.toObjectDeltaType(DiffUtil.diff(prismObject2, prismObject)));
                }
                if (isComputeProvidedToCurrent) {
                    compareResultType.setProvidedToCurrent(DeltaConvertor.toObjectDeltaType(DiffUtil.diff(prismObject, prismObject2)));
                }
                if (isReturnCurrent && prismObject2 != null) {
                    compareResultType.setCurrentObject(prismObject2.asObjectable());
                }
                if (isReturnNormalized) {
                    compareResultType.setNormalizedObject(prismObject.asObjectable());
                }
                createMinorSubresult.close();
                createMinorSubresult.cleanup();
                return compareResultType;
            } finally {
            }
        } finally {
            createMinorSubresult.close();
            createMinorSubresult.cleanup();
        }
    }

    private <T extends ObjectType> void removeIgnoredItems(PrismObject<T> prismObject, List<? extends ItemPath> list) {
        if (prismObject != null) {
            prismObject.getValue().removeItems(list);
        }
    }

    private <T extends ObjectType> void removeOperationalItems(PrismObject<T> prismObject) {
        if (prismObject != null) {
            prismObject.getValue().removeOperationalItems();
        }
    }

    private <T extends ObjectType> PrismObject<T> fetchCurrentObject(Class<T> cls, String str, PolyString polyString, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        if (collection == null) {
            collection = new ArrayList();
        }
        GetOperationOptions getOperationOptions = (GetOperationOptions) SelectorOptions.findRootOptions(collection);
        if (getOperationOptions == null) {
            collection.add(SelectorOptions.create(GetOperationOptions.createAllowNotFound()));
        } else {
            getOperationOptions.setAllowNotFound(true);
        }
        if (str != null) {
            try {
                return getObject(cls, str, collection, task, operationResult);
            } catch (ObjectNotFoundException e) {
                return null;
            }
        }
        if (polyString == null || polyString.getOrig() == null) {
            throw new IllegalArgumentException("Neither OID nor name of the object is known.");
        }
        SearchResultList<PrismObject<T>> searchObjects = searchObjects(cls, this.prismContext.queryFor(cls).item(ObjectType.F_NAME).eqPoly(polyString.getOrig()).build(), collection, task, operationResult);
        if (searchObjects.isEmpty()) {
            return null;
        }
        if (searchObjects.size() == 1) {
            return searchObjects.get(0);
        }
        throw new SchemaException("More than 1 object of type " + cls + " with the name of " + polyString + ": There are " + searchObjects.size() + " of them.");
    }

    @NotNull
    private ParsedGetOperationOptions preProcessOptionsSecurity(Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        if (!GetOperationOptions.isAttachDiagData((GetOperationOptions) SelectorOptions.findRootOptions(collection)) || this.securityEnforcer.isAuthorizedAll(task, operationResult)) {
            return ParsedGetOperationOptions.of(collection);
        }
        List cloneCollectionMembers = CloneUtil.cloneCollectionMembers(collection);
        ((GetOperationOptions) SelectorOptions.findRootOptions(cloneCollectionMembers)).setAttachDiagData(false);
        return ParsedGetOperationOptions.of(cloneCollectionMembers);
    }

    private <T> ObjectQuery preProcessQuerySecurity(Class<T> cls, ObjectQuery objectQuery, GetOperationOptions getOperationOptions, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        return updateObjectQuery(objectQuery, this.securityEnforcer.preProcessObjectFilter(this.securityEnforcer.getMidPointPrincipal(), ModelAuthorizationAction.AUTZ_ACTIONS_URLS_SEARCH, ModelAuthorizationAction.AUTZ_ACTIONS_URLS_SEARCH_BY, GetOperationOptions.isExecutionPhase(getOperationOptions) ? AuthorizationPhaseType.EXECUTION : null, cls, objectQuery != null ? objectQuery.getFilter() : null, null, List.of(), SecurityEnforcer.Options.create(), task, operationResult));
    }

    private ObjectQuery updateObjectQuery(ObjectQuery objectQuery, ObjectFilter objectFilter) {
        if (objectQuery != null) {
            objectQuery.setFilter(objectFilter);
            return objectQuery;
        }
        if (objectFilter == null) {
            return null;
        }
        return getPrismContext().queryFactory().createQuery(objectFilter);
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public boolean suspendTasks(Collection<String> collection, long j, Task task, OperationResult operationResult) throws SecurityViolationException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        List<PrismObject<TaskType>> preprocessTaskCollectionOperation = preprocessTaskCollectionOperation(collection, ModelAuthorizationAction.SUSPEND_TASK, AuditEventType.SUSPEND_TASK, task, operationResult);
        OperationResult createSubresult = operationResult.createSubresult(CLASS_NAME_WITH_DOT + "suspendTasks");
        try {
            try {
                boolean suspendTasks = this.taskManager.suspendTasks(collection, j, createSubresult);
                postprocessTaskCollectionOperation(preprocessTaskCollectionOperation, AuditEventType.SUSPEND_TASK, task, operationResult, createSubresult);
                createSubresult.close();
                return suspendTasks;
            } finally {
            }
        } catch (Throwable th) {
            createSubresult.close();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public boolean suspendTask(String str, long j, Task task, OperationResult operationResult) throws SecurityViolationException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        List<PrismObject<TaskType>> preprocessTaskOperation = preprocessTaskOperation(str, ModelAuthorizationAction.SUSPEND_TASK, AuditEventType.SUSPEND_TASK, task, operationResult);
        OperationResult createSubresult = operationResult.createSubresult(CLASS_NAME_WITH_DOT + "suspendTasks");
        try {
            try {
                boolean suspendTask = this.taskManager.suspendTask(str, j, createSubresult);
                postprocessTaskCollectionOperation(preprocessTaskOperation, AuditEventType.SUSPEND_TASK, task, operationResult, createSubresult);
                createSubresult.close();
                return suspendTask;
            } finally {
            }
        } catch (Throwable th) {
            createSubresult.close();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public boolean suspendTaskTree(String str, long j, Task task, OperationResult operationResult) throws SecurityViolationException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        List<PrismObject<TaskType>> preprocessTaskOperation = preprocessTaskOperation(str, ModelAuthorizationAction.SUSPEND_TASK, AuditEventType.SUSPEND_TASK, task, operationResult);
        OperationResult createSubresult = operationResult.createSubresult(CLASS_NAME_WITH_DOT + "suspendTaskTree");
        try {
            try {
                boolean suspendTaskTree = this.taskManager.suspendTaskTree(str, j, createSubresult);
                postprocessTaskCollectionOperation(preprocessTaskOperation, AuditEventType.SUSPEND_TASK, task, operationResult, createSubresult);
                createSubresult.close();
                return suspendTaskTree;
            } finally {
            }
        } catch (Throwable th) {
            createSubresult.close();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public void suspendAndDeleteTasks(Collection<String> collection, long j, boolean z, Task task, OperationResult operationResult) throws SecurityViolationException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        List<PrismObject<TaskType>> preprocessTaskCollectionOperation = preprocessTaskCollectionOperation(collection, ModelAuthorizationAction.DELETE, AuditEventType.DELETE_OBJECT, task, operationResult);
        collection.removeAll(getIndestructibleTaskOids(preprocessTaskCollectionOperation, operationResult));
        OperationResult createSubresult = operationResult.createSubresult(CLASS_NAME_WITH_DOT + "suspendAndDeleteTasks");
        try {
            try {
                if (!collection.isEmpty()) {
                    this.taskManager.suspendAndDeleteTasks(collection, j, z, createSubresult);
                }
                postprocessTaskCollectionOperation(preprocessTaskCollectionOperation, AuditEventType.DELETE_OBJECT, task, operationResult, createSubresult);
                createSubresult.close();
            } finally {
            }
        } catch (Throwable th) {
            createSubresult.close();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public void suspendAndDeleteTask(String str, long j, boolean z, Task task, OperationResult operationResult) throws SecurityViolationException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        List<PrismObject<TaskType>> preprocessTaskOperation = preprocessTaskOperation(str, ModelAuthorizationAction.DELETE, AuditEventType.DELETE_OBJECT, task, operationResult);
        List<String> indestructibleTaskOids = getIndestructibleTaskOids(preprocessTaskOperation, operationResult);
        OperationResult createSubresult = operationResult.createSubresult(CLASS_NAME_WITH_DOT + "suspendAndDeleteTask");
        try {
            try {
                if (indestructibleTaskOids.isEmpty() || !indestructibleTaskOids.contains(str)) {
                    this.taskManager.suspendAndDeleteTask(str, j, z, createSubresult);
                }
                postprocessTaskCollectionOperation(preprocessTaskOperation, AuditEventType.DELETE_OBJECT, task, operationResult, createSubresult);
                createSubresult.close();
            } catch (Throwable th) {
                createSubresult.recordFatalError(th);
                throw th;
            }
        } catch (Throwable th2) {
            createSubresult.close();
            throw th2;
        }
    }

    private List<String> getIndestructibleTaskOids(List<PrismObject<TaskType>> list, OperationResult operationResult) {
        ArrayList arrayList = new ArrayList();
        for (PrismObject<TaskType> prismObject : list) {
            OperationResult createMinorSubresult = operationResult.createMinorSubresult(CHECK_INDESTRUCTIBLE);
            try {
                try {
                    checkIndestructible(prismObject.asObjectable());
                    createMinorSubresult.close();
                } catch (IndestructibilityViolationException e) {
                    arrayList.add(prismObject.getOid());
                    createMinorSubresult.recordException(e);
                    createMinorSubresult.close();
                }
            } catch (Throwable th) {
                createMinorSubresult.close();
                throw th;
            }
        }
        return arrayList;
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public void resumeTasks(Collection<String> collection, Task task, OperationResult operationResult) throws SecurityViolationException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        List<PrismObject<TaskType>> preprocessTaskCollectionOperation = preprocessTaskCollectionOperation(collection, ModelAuthorizationAction.RESUME_TASK, AuditEventType.RESUME_TASK, task, operationResult);
        OperationResult createSubresult = operationResult.createSubresult(CLASS_NAME_WITH_DOT + "resumeTasks");
        try {
            try {
                this.taskManager.resumeTasks(collection, createSubresult);
                postprocessTaskCollectionOperation(preprocessTaskCollectionOperation, AuditEventType.RESUME_TASK, task, operationResult, createSubresult);
                createSubresult.close();
            } finally {
            }
        } catch (Throwable th) {
            createSubresult.close();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public void resumeTask(String str, Task task, OperationResult operationResult) throws SecurityViolationException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        List<PrismObject<TaskType>> preprocessTaskOperation = preprocessTaskOperation(str, ModelAuthorizationAction.RESUME_TASK, AuditEventType.RESUME_TASK, task, operationResult);
        OperationResult createSubresult = operationResult.createSubresult(CLASS_NAME_WITH_DOT + "resumeTasks");
        try {
            try {
                this.taskManager.resumeTask(str, createSubresult);
                postprocessTaskCollectionOperation(preprocessTaskOperation, AuditEventType.RESUME_TASK, task, operationResult, createSubresult);
                createSubresult.close();
            } finally {
            }
        } catch (Throwable th) {
            createSubresult.close();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public void resumeTaskTree(String str, Task task, OperationResult operationResult) throws SecurityViolationException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        List<PrismObject<TaskType>> preprocessTaskOperation = preprocessTaskOperation(str, ModelAuthorizationAction.RESUME_TASK, AuditEventType.RESUME_TASK, task, operationResult);
        OperationResult createSubresult = operationResult.createSubresult(CLASS_NAME_WITH_DOT + "resumeTaskTree");
        try {
            try {
                this.taskManager.resumeTaskTree(str, createSubresult);
                postprocessTaskCollectionOperation(preprocessTaskOperation, AuditEventType.RESUME_TASK, task, operationResult, createSubresult);
                createSubresult.close();
            } finally {
            }
        } catch (Throwable th) {
            createSubresult.close();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public void scheduleTasksNow(Collection<String> collection, Task task, OperationResult operationResult) throws SecurityViolationException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        List<PrismObject<TaskType>> preprocessTaskCollectionOperation = preprocessTaskCollectionOperation(collection, ModelAuthorizationAction.RUN_TASK_IMMEDIATELY, AuditEventType.RUN_TASK_IMMEDIATELY, task, operationResult);
        OperationResult createSubresult = operationResult.createSubresult(CLASS_NAME_WITH_DOT + "scheduleTasksNow");
        try {
            try {
                this.taskManager.scheduleTasksNow(collection, createSubresult);
                postprocessTaskCollectionOperation(preprocessTaskCollectionOperation, AuditEventType.RUN_TASK_IMMEDIATELY, task, operationResult, createSubresult);
                createSubresult.close();
            } finally {
            }
        } catch (Throwable th) {
            createSubresult.close();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public void scheduleTaskNow(String str, Task task, OperationResult operationResult) throws SecurityViolationException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        List<PrismObject<TaskType>> preprocessTaskOperation = preprocessTaskOperation(str, ModelAuthorizationAction.RUN_TASK_IMMEDIATELY, AuditEventType.RUN_TASK_IMMEDIATELY, task, operationResult);
        OperationResult createSubresult = operationResult.createSubresult(CLASS_NAME_WITH_DOT + "scheduleTasksNow");
        try {
            try {
                this.taskManager.scheduleTaskNow(str, createSubresult);
                postprocessTaskCollectionOperation(preprocessTaskOperation, AuditEventType.RUN_TASK_IMMEDIATELY, task, operationResult, createSubresult);
                createSubresult.close();
            } finally {
            }
        } catch (Throwable th) {
            createSubresult.close();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public PrismObject<TaskType> getTaskByIdentifier(String str, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, CommunicationException {
        ParsedGetOperationOptions preProcessOptionsSecurity = preProcessOptionsSecurity(collection, task, operationResult);
        return this.schemaTransformer.applySchemasAndSecurityToObject(this.taskManager.getTaskTypeByIdentifier(str, preProcessOptionsSecurity.getCollection(), operationResult), preProcessOptionsSecurity, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public boolean deactivateServiceThreads(long j, Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        this.securityEnforcer.authorize(ModelAuthorizationAction.STOP_SERVICE_THREADS.getUrl(), task, operationResult);
        return this.taskManager.deactivateServiceThreads(j, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public void reactivateServiceThreads(Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        this.securityEnforcer.authorize(ModelAuthorizationAction.START_SERVICE_THREADS.getUrl(), task, operationResult);
        this.taskManager.reactivateServiceThreads(operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public boolean getServiceThreadsActivationState() {
        return this.taskManager.getServiceThreadsActivationState();
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public void stopSchedulers(Collection<String> collection, Task task, OperationResult operationResult) throws SecurityViolationException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        authorizeNodeCollectionOperation(ModelAuthorizationAction.STOP_TASK_SCHEDULER, collection, task, operationResult);
        this.taskManager.stopSchedulers(collection, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public boolean stopSchedulersAndTasks(Collection<String> collection, long j, Task task, OperationResult operationResult) throws SecurityViolationException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        authorizeNodeCollectionOperation(ModelAuthorizationAction.STOP_TASK_SCHEDULER, collection, task, operationResult);
        return this.taskManager.stopSchedulersAndTasks(collection, j, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public void startSchedulers(Collection<String> collection, Task task, OperationResult operationResult) throws SecurityViolationException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        authorizeNodeCollectionOperation(ModelAuthorizationAction.START_TASK_SCHEDULER, collection, task, operationResult);
        this.taskManager.startSchedulers(collection, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public void synchronizeTasks(Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        this.securityEnforcer.authorize(ModelAuthorizationAction.SYNCHRONIZE_TASKS.getUrl(), task, operationResult);
        this.taskManager.synchronizeTasks(operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public void reconcileWorkers(String str, Task task, OperationResult operationResult) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
        this.securityEnforcer.authorizeAll(task, operationResult);
        this.activityManager.reconcileWorkers(str, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public void deleteActivityStateAndWorkers(String str, boolean z, long j, Task task, OperationResult operationResult) throws SecurityViolationException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        this.securityEnforcer.authorizeAll(task, operationResult);
        this.activityManager.deleteActivityStateAndWorkers(str, z, j, operationResult);
    }

    private List<PrismObject<TaskType>> preprocessTaskOperation(String str, ModelAuthorizationAction modelAuthorizationAction, AuditEventType auditEventType, Task task, OperationResult operationResult) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
        return preprocessTaskCollectionOperation(Collections.singletonList(str), modelAuthorizationAction, auditEventType, task, operationResult);
    }

    private List<PrismObject<TaskType>> preprocessTaskCollectionOperation(Collection<String> collection, ModelAuthorizationAction modelAuthorizationAction, AuditEventType auditEventType, Task task, OperationResult operationResult) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
        List<PrismObject<TaskType>> createTaskList = createTaskList(collection, operationResult);
        authorizeResolvedTaskCollectionOperation(modelAuthorizationAction, createTaskList, task, operationResult);
        auditTaskCollectionOperation(createTaskList, auditEventType, AuditEventStage.REQUEST, task, operationResult, null);
        return createTaskList;
    }

    private void postprocessTaskCollectionOperation(Collection<PrismObject<TaskType>> collection, AuditEventType auditEventType, Task task, OperationResult operationResult, OperationResult operationResult2) {
        operationResult.computeStatusIfUnknown();
        auditTaskCollectionOperation(collection, auditEventType, AuditEventStage.EXECUTION, task, operationResult, operationResult2);
    }

    private void authorizeResolvedTaskCollectionOperation(ModelAuthorizationAction modelAuthorizationAction, Collection<PrismObject<TaskType>> collection, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, SecurityViolationException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        if (!this.securityEnforcer.isAuthorizedAll(task, operationResult) || this.securityEnforcer.isAuthorizationDenied(modelAuthorizationAction.getUrl())) {
            Iterator<PrismObject<TaskType>> it = collection.iterator();
            while (it.hasNext()) {
                this.securityEnforcer.authorize(modelAuthorizationAction.getUrl(), null, AuthorizationParameters.Builder.buildObject(it.next()), task, operationResult);
            }
        }
    }

    private void authorizeNodeCollectionOperation(ModelAuthorizationAction modelAuthorizationAction, Collection<String> collection, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, SecurityViolationException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        if (this.securityEnforcer.isAuthorizedAll(task, operationResult)) {
            return;
        }
        for (String str : collection) {
            SearchResultList searchObjects = this.cacheRepositoryService.searchObjects(NodeType.class, ObjectQueryUtil.createNameQuery(NodeType.class, str), GetOperationOptions.readOnly(), operationResult);
            if (searchObjects.isEmpty()) {
                throw new ObjectNotFoundException("Node with identifier '" + str + "' couldn't be found.", (Class<?>) NodeType.class, str);
            }
            if (searchObjects.size() > 1) {
                throw new SystemException("Multiple nodes with identifier '" + str + "'");
            }
            this.securityEnforcer.authorize(modelAuthorizationAction.getUrl(), null, AuthorizationParameters.Builder.buildObject((PrismObject) searchObjects.get(0)), task, operationResult);
        }
    }

    private List<PrismObject<TaskType>> createTaskList(Collection<String> collection, OperationResult operationResult) throws SchemaException, ObjectNotFoundException {
        ArrayList arrayList = new ArrayList(collection.size());
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(this.cacheRepositoryService.getObject(TaskType.class, it.next(), SchemaService.get().getOperationOptionsBuilder().raw().readOnly().build(), operationResult));
        }
        return arrayList;
    }

    private void auditTaskCollectionOperation(Collection<PrismObject<TaskType>> collection, AuditEventType auditEventType, AuditEventStage auditEventStage, Task task, OperationResult operationResult, @Nullable OperationResult operationResult2) {
        Iterator<PrismObject<TaskType>> it = collection.iterator();
        while (it.hasNext()) {
            auditTaskOperation(ObjectTypeUtil.createObjectRef(it.next(), SchemaConstants.ORG_DEFAULT).asReferenceValue(), auditEventType, auditEventStage, task, operationResult, operationResult2);
        }
    }

    private void auditTaskOperation(PrismReferenceValue prismReferenceValue, AuditEventType auditEventType, AuditEventStage auditEventStage, Task task, OperationResult operationResult, @Nullable OperationResult operationResult2) {
        AuditEventRecord auditEventRecord = new AuditEventRecord(auditEventType, auditEventStage);
        auditEventRecord.setRequestIdentifier(ModelImplUtils.generateRequestIdentifier());
        auditEventRecord.setTargetRef(prismReferenceValue);
        auditEventRecord.addDelta(new ObjectDeltaOperation<>(AuditEventType.DELETE_OBJECT == auditEventType ? this.prismContext.deltaFactory().object().createDeleteDelta(TaskType.class, prismReferenceValue.getOid()) : this.prismContext.deltaFactory().object().createEmptyModifyDelta(TaskType.class, prismReferenceValue.getOid()), operationResult2));
        if (operationResult2 != null) {
            auditEventRecord.setOutcome(operationResult2.getStatus());
        }
        this.auditHelper.audit(auditEventRecord, null, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.CaseService
    public void completeWorkItem(@NotNull WorkItemId workItemId, @NotNull AbstractWorkItemOutputType abstractWorkItemOutputType, @Nullable ObjectDelta<?> objectDelta, @NotNull Task task, @NotNull OperationResult operationResult) throws SecurityViolationException, SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        AbstractWorkItemOutputType abstractWorkItemOutputType2;
        if (objectDelta == null || !ApprovalUtils.isApproved(abstractWorkItemOutputType)) {
            abstractWorkItemOutputType2 = abstractWorkItemOutputType;
        } else {
            ObjectDeltaType objectDeltaType = DeltaConvertor.toObjectDeltaType(objectDelta);
            ObjectTreeDeltasType objectTreeDeltasType = new ObjectTreeDeltasType();
            objectTreeDeltasType.setFocusPrimaryDelta(objectDeltaType);
            WorkItemResultType workItemResultType = new WorkItemResultType();
            workItemResultType.asPrismContainerValue().mergeContent(abstractWorkItemOutputType.asPrismContainerValue(), Collections.emptyList());
            workItemResultType.setAdditionalDeltas(objectTreeDeltasType);
            abstractWorkItemOutputType2 = workItemResultType;
        }
        getCaseManagerRequired().completeWorkItem(workItemId, abstractWorkItemOutputType2, null, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.CaseService
    public void completeWorkItem(@NotNull WorkItemId workItemId, @NotNull AbstractWorkItemOutputType abstractWorkItemOutputType, @NotNull Task task, @NotNull OperationResult operationResult) throws SecurityViolationException, SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        getCaseManagerRequired().completeWorkItem(workItemId, abstractWorkItemOutputType, null, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.CaseService
    public void cancelCase(@NotNull String str, @NotNull Task task, @NotNull OperationResult operationResult) throws SchemaException, ObjectNotFoundException, SecurityViolationException, ExpressionEvaluationException, CommunicationException, ConfigurationException, ObjectAlreadyExistsException {
        getCaseManagerRequired().cancelCase(str, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.CaseService
    public void claimWorkItem(@NotNull WorkItemId workItemId, @NotNull Task task, @NotNull OperationResult operationResult) throws SecurityViolationException, ObjectNotFoundException, SchemaException, ObjectAlreadyExistsException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        getCaseManagerRequired().claimWorkItem(workItemId, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.CaseService
    public void releaseWorkItem(@NotNull WorkItemId workItemId, @NotNull Task task, @NotNull OperationResult operationResult) throws ObjectNotFoundException, SecurityViolationException, SchemaException, ObjectAlreadyExistsException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        getCaseManagerRequired().releaseWorkItem(workItemId, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.CaseService
    public void delegateWorkItem(@NotNull WorkItemId workItemId, @NotNull WorkItemDelegationRequestType workItemDelegationRequestType, @NotNull Task task, @NotNull OperationResult operationResult) throws ObjectNotFoundException, SecurityViolationException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        getCaseManagerRequired().delegateWorkItem(workItemId, workItemDelegationRequestType, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.BulkActionsService
    public BulkActionExecutionResult executeBulkAction(@NotNull ExecuteScriptConfigItem executeScriptConfigItem, @NotNull VariablesMap variablesMap, @NotNull BulkActionExecutionOptions bulkActionExecutionOptions, @NotNull Task task, @NotNull OperationResult operationResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, ObjectAlreadyExistsException {
        return this.bulkActionsExecutor.execute(executeScriptConfigItem, variablesMap, bulkActionExecutionOptions, task, operationResult).toExecutionResult();
    }

    @Override // com.evolveum.midpoint.model.api.AccessCertificationService
    public AccessCertificationCasesStatisticsType getCampaignStatistics(String str, boolean z, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        return getCertificationManagerRequired().getCampaignStatistics(str, z, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.AccessCertificationService
    public void cleanupCampaigns(@NotNull CleanupPolicyType cleanupPolicyType, Task task, OperationResult operationResult) {
        getCertificationManagerRequired().cleanupCampaigns(cleanupPolicyType, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.AccessCertificationService
    public void recordDecision(String str, long j, long j2, AccessCertificationResponseType accessCertificationResponseType, String str2, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        getCertificationManagerRequired().recordDecision(AccessCertificationWorkItemId.of(str, j, j2), accessCertificationResponseType, str2, false, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.AccessCertificationService
    public List<AccessCertificationWorkItemType> searchOpenWorkItems(ObjectQuery objectQuery, boolean z, boolean z2, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        return searchContainers(AccessCertificationWorkItemType.class, QueryUtils.createQueryForOpenWorkItems(objectQuery, z2 ? null : SecurityUtil.getPrincipalRequired(), z), collection, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.AccessCertificationService
    public int countOpenWorkItems(ObjectQuery objectQuery, boolean z, boolean z2, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        return countContainers(AccessCertificationWorkItemType.class, QueryUtils.createQueryForOpenWorkItems(objectQuery, z2 ? null : SecurityUtil.getPrincipalRequired(), z), collection, task, operationResult).intValue();
    }

    @Override // com.evolveum.midpoint.model.api.AccessCertificationService
    public void closeCampaign(String str, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        getCertificationManagerRequired().closeCampaign(str, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.AccessCertificationService
    public void reiterateCampaign(String str, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        getCertificationManagerRequired().reiterateCampaignTask(str, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.AccessCertificationService
    public void startRemediation(String str, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        getCertificationManagerRequired().startRemediation(str, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.AccessCertificationService
    public void closeCurrentStage(String str, Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        getCertificationManagerRequired().closeCurrentStageTask(str, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.AccessCertificationService
    public void openNextStage(String str, Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        getCertificationManagerRequired().createNextStageTask(str, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.AccessCertificationService
    public void openNextStage(AccessCertificationCampaignType accessCertificationCampaignType, Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        getCertificationManagerRequired().createNextStageTask(accessCertificationCampaignType, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.AccessCertificationService
    public AccessCertificationCampaignType createCampaign(String str, Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        return getCertificationManagerRequired().createCampaign(str, task, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public <O extends ObjectType> Collection<ObjectDeltaOperation<? extends ObjectType>> mergeObjects(Class<O> cls, String str, String str2, String str3, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, ConfigurationException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, PolicyViolationException, SecurityViolationException {
        OperationResult createSubresult = operationResult.createSubresult(MERGE_OBJECTS);
        createSubresult.addParam("leftOid", str);
        createSubresult.addParam("rightOid", str2);
        createSubresult.addParam("class", (Class<?>) cls);
        enterModelMethod();
        try {
            try {
                Collection<ObjectDeltaOperation<? extends ObjectType>> mergeObjects = this.objectMerger.mergeObjects(cls, str, str2, str3, task, createSubresult);
                QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(false);
                exitModelMethod();
                createSubresult.close();
                return mergeObjects;
            } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException | ObjectAlreadyExistsException | ObjectNotFoundException | PolicyViolationException | SchemaException | SecurityViolationException | Error | RuntimeException e) {
                ModelImplUtils.recordFatalError(createSubresult, e);
                throw e;
            }
        } catch (Throwable th) {
            QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(false);
            exitModelMethod();
            createSubresult.close();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    @NotNull
    public PrismContext getPrismContext() {
        return this.prismContext;
    }

    private void enterModelMethod() {
        this.clockworkMedic.enterModelMethod(true);
    }

    private void enterModelMethodNoRepoCache() {
        this.clockworkMedic.enterModelMethod(false);
    }

    private void exitModelMethod() {
        this.clockworkMedic.exitModelMethod(true);
    }

    private void exitModelMethodNoRepoCache() {
        this.clockworkMedic.exitModelMethod(false);
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public String getThreadsDump(@NotNull Task task, @NotNull OperationResult operationResult) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
        this.securityEnforcer.authorize(ModelAuthorizationAction.READ_THREADS.getUrl(), task, operationResult);
        return MiscUtil.takeThreadDump(null);
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public String getRunningTasksThreadsDump(@NotNull Task task, @NotNull OperationResult operationResult) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
        this.securityEnforcer.authorize(ModelAuthorizationAction.READ_THREADS.getUrl(), task, operationResult);
        return this.taskManager.getRunningTasksThreadsDump(operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public String recordRunningTasksThreadsDump(String str, @NotNull Task task, @NotNull OperationResult operationResult) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException, ObjectAlreadyExistsException {
        this.securityEnforcer.authorize(ModelAuthorizationAction.READ_THREADS.getUrl(), task, operationResult);
        return this.taskManager.recordRunningTasksThreadsDump(str, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.TaskService
    public String getTaskThreadsDump(@NotNull String str, @NotNull Task task, @NotNull OperationResult operationResult) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
        this.securityEnforcer.authorize(ModelAuthorizationAction.READ_THREADS.getUrl(), task, operationResult);
        return this.taskManager.getTaskThreadsDump(str, operationResult);
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public void notifyChange(ResourceObjectShadowChangeDescriptionType resourceObjectShadowChangeDescriptionType, Task task, OperationResult operationResult) throws CommonException {
        OperationResult createSubresult = operationResult.createSubresult(NOTIFY_CHANGE);
        try {
            try {
                PrismObject<ShadowType> oldRepoShadow = getOldRepoShadow(resourceObjectShadowChangeDescriptionType, task, createSubresult);
                PrismObject<ShadowType> resourceObject = getResourceObject(resourceObjectShadowChangeDescriptionType);
                ObjectDelta<ShadowType> objectDelta = getObjectDelta(resourceObjectShadowChangeDescriptionType, createSubresult);
                this.securityEnforcer.authorize(ModelAuthorizationAction.NOTIFY_CHANGE.getUrl(), task, createSubresult);
                ExternalResourceEvent externalResourceEvent = new ExternalResourceEvent(objectDelta, resourceObject, oldRepoShadow, resourceObjectShadowChangeDescriptionType.getChannel());
                LOGGER.trace("Created event description:\n{}", externalResourceEvent.debugDumpLazily());
                this.dispatcher.notifyEvent(externalResourceEvent, task, createSubresult);
                createSubresult.close();
            } catch (TunnelException e) {
                Throwable cause = e.getCause();
                if (cause instanceof CommonException) {
                    createSubresult.recordFatalError(cause);
                    throw ((CommonException) cause);
                }
                if (cause != null) {
                    createSubresult.recordFatalError(cause);
                    throw new SystemException(cause);
                }
                createSubresult.recordFatalError(e);
                throw e;
            } catch (Throwable th) {
                createSubresult.recordFatalError(th);
                throw th;
            }
        } catch (Throwable th2) {
            createSubresult.close();
            throw th2;
        }
    }

    @Nullable
    private ObjectDelta<ShadowType> getObjectDelta(ResourceObjectShadowChangeDescriptionType resourceObjectShadowChangeDescriptionType, OperationResult operationResult) throws SchemaException {
        ObjectDeltaType objectDelta = resourceObjectShadowChangeDescriptionType.getObjectDelta();
        if (objectDelta == null) {
            return null;
        }
        ObjectDelta<ShadowType> createEmptyDelta = this.prismContext.deltaFactory().object().createEmptyDelta(ShadowType.class, objectDelta.getOid(), ChangeType.toChangeType(objectDelta.getChangeType()));
        if (createEmptyDelta.getChangeType() != ChangeType.ADD) {
            createEmptyDelta.addModifications(DeltaConvertor.toModifications(objectDelta.getItemDelta(), this.prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ShadowType.class)));
        } else {
            if (objectDelta.getObjectToAdd() == null) {
                throw new IllegalArgumentException("No object to add specified. Check your delta. Add delta must contain object to add");
            }
            com.evolveum.prism.xml.ns._public.types_3.ObjectType objectToAdd = objectDelta.getObjectToAdd();
            if (!(objectToAdd instanceof ShadowType)) {
                throw new IllegalArgumentException("Wrong object specified in change description. Expected on the the shadow type, but got " + objectToAdd.getClass().getSimpleName());
            }
            this.prismContext.adopt(objectToAdd);
            createEmptyDelta.setObjectToAdd(((ShadowType) objectToAdd).asPrismObject());
        }
        ModelImplUtils.encrypt(Collections.singletonList(createEmptyDelta), this.protector, null, operationResult);
        return createEmptyDelta;
    }

    @Nullable
    private PrismObject<ShadowType> getResourceObject(ResourceObjectShadowChangeDescriptionType resourceObjectShadowChangeDescriptionType) throws SchemaException {
        ShadowType currentShadow = resourceObjectShadowChangeDescriptionType.getCurrentShadow();
        if (currentShadow == null) {
            return null;
        }
        PrismObject<ShadowType> asPrismObject = currentShadow.asPrismObject();
        this.prismContext.adopt(asPrismObject);
        return asPrismObject;
    }

    private PrismObject<ShadowType> getOldRepoShadow(ResourceObjectShadowChangeDescriptionType resourceObjectShadowChangeDescriptionType, Task task, OperationResult operationResult) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
        String oldShadowOid = resourceObjectShadowChangeDescriptionType.getOldShadowOid();
        if (oldShadowOid != null) {
            return getObject(ShadowType.class, oldShadowOid, GetOperationOptions.createNoFetchReadOnlyCollection(), task, operationResult);
        }
        return null;
    }

    private void computePolyStrings(Collection<ObjectDelta<? extends ObjectType>> collection) {
        Iterator<ObjectDelta<? extends ObjectType>> it = collection.iterator();
        while (it.hasNext()) {
            it.next().accept(this::computePolyStringVisit);
        }
    }

    private void computePolyStringVisit(Visitable<?> visitable) {
        PrismPropertyDefinition definition;
        if ((visitable instanceof PrismProperty) && (definition = ((PrismProperty) visitable).mo2532getDefinition()) != null && QNameUtil.match(PolyStringType.COMPLEX_TYPE, definition.getTypeName())) {
            Iterator it = ((PrismProperty) visitable).getValues().iterator();
            while (it.hasNext()) {
                PolyString polyString = (PolyString) ((PrismPropertyValue) it.next()).getValue();
                if (polyString != null && polyString.getOrig() == null) {
                    String translate = this.localizationService.translate(polyString);
                    LOGGER.trace("PPPP1: Filling out orig value of polyString {}: {}", polyString, translate);
                    polyString.setComputedOrig(translate);
                    polyString.recompute(this.prismContext.getDefaultPolyStringNormalizer());
                    LOGGER.trace("PPPP2: Resulting polyString: {}", polyString);
                }
            }
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public boolean isSupportedByRepository(@NotNull Class<? extends ObjectType> cls) {
        return this.cacheRepositoryService.supports(cls);
    }

    @Override // com.evolveum.midpoint.model.api.ModelService
    public <O extends ObjectType> ProcessedObjectImpl<O> parseProcessedObject(@NotNull SimulationResultProcessedObjectType simulationResultProcessedObjectType, @NotNull Task task, @NotNull OperationResult operationResult) throws SchemaException {
        PrismContainerValue asPrismContainerValue = simulationResultProcessedObjectType.asPrismContainerValue();
        Object userData = asPrismContainerValue.getUserData(ProcessedObjectImpl.KEY_PARSED);
        if (userData != null) {
            return (ProcessedObjectImpl) userData;
        }
        ProcessedObjectImpl<O> parse = ProcessedObjectImpl.parse(simulationResultProcessedObjectType);
        try {
            parse.applyDefinitions(task, operationResult);
        } catch (CommonException e) {
            LoggingUtils.logException(LOGGER, "Couldn't apply definitions on {}", e, parse);
        }
        asPrismContainerValue.setUserData(ProcessedObjectImpl.KEY_PARSED, parse);
        return parse;
    }
}
