package com.evolveum.midpoint.repo.common;

import com.evolveum.midpoint.audit.api.AuditEventRecord;
import com.evolveum.midpoint.audit.api.AuditService;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismValue;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.repo.common.expression.ExpressionEnvironmentThreadLocalHolder;
import com.evolveum.midpoint.repo.common.expression.ExpressionFactory;
import com.evolveum.midpoint.repo.common.expression.ExpressionUtil;
import com.evolveum.midpoint.schema.ObjectDeltaOperation;
import com.evolveum.midpoint.schema.SchemaService;
import com.evolveum.midpoint.schema.constants.ExpressionConstants;
import com.evolveum.midpoint.schema.expression.ExpressionProfile;
import com.evolveum.midpoint.schema.expression.VariablesMap;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ObjectDeltaSchemaLevelUtil;
import com.evolveum.midpoint.task.api.ExpressionEnvironmentSupplier;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.page.admin.reports.dto.AuditSearchDto;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ExpressionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectSelectorType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationKindType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationAuditEventRecordingPropertyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationAuditEventRecordingType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.math3.geometry.VectorFormat;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/repo-common-4.10-M4.jar:com/evolveum/midpoint/repo/common/AuditHelper.class */
public class AuditHelper {

    @Autowired
    private AuditService auditService;

    @Autowired
    private PrismContext prismContext;

    @Autowired
    private SchemaService schemaService;

    @Autowired
    private ExpressionFactory expressionFactory;

    @Autowired
    @Qualifier("cacheRepositoryService")
    private RepositoryService repositoryService;
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) AuditHelper.class);
    private static final String DOT_CLASS = AuditHelper.class.getName() + ".";
    private static final String OP_AUDIT = DOT_CLASS + "audit";
    private static final String OP_RESOLVE_NAME = DOT_CLASS + "resolveName";
    private static final String OP_EVALUATE_AUDIT_RECORD_PROPERTY = DOT_CLASS + "evaluateAuditRecordProperty";
    private static final String OP_EVALUATE_RECORDING_SCRIPT = DOT_CLASS + "evaluateRecordingScript";

    public void audit(AuditEventRecord auditEventRecord, ObjectDeltaSchemaLevelUtil.NameResolver nameResolver, Task task, OperationResult operationResult) {
        OperationResult build = operationResult.subresult(OP_AUDIT).operationKind(OperationKindType.MODEL_AUDIT).setMinor().addArbitraryObjectAsParam("stage", auditEventRecord.getEventStage()).addArbitraryObjectAsParam(AuditSearchDto.F_EVENT_TYPE, auditEventRecord.getEventType()).build();
        try {
            try {
                LOGGER.trace("Auditing the record:\n{}", auditEventRecord.debugDumpLazily());
                resolveNamesInDeltas(auditEventRecord, nameResolver, build);
                this.auditService.audit(auditEventRecord, task, build);
                if (auditEventRecord.getTargetRef() != null) {
                    build.addParam("targetOid", auditEventRecord.getTargetRef().getOid());
                    build.addParam("targetName", auditEventRecord.getTargetRef().getTargetName());
                }
                build.computeStatusIfUnknown();
            } catch (Throwable th) {
                build.recordFatalError(th);
                throw th;
            }
        } catch (Throwable th2) {
            if (auditEventRecord.getTargetRef() != null) {
                build.addParam("targetOid", auditEventRecord.getTargetRef().getOid());
                build.addParam("targetName", auditEventRecord.getTargetRef().getTargetName());
            }
            build.computeStatusIfUnknown();
            throw th2;
        }
    }

    private void resolveNamesInDeltas(AuditEventRecord auditEventRecord, ObjectDeltaSchemaLevelUtil.NameResolver nameResolver, OperationResult operationResult) {
        Iterator it = MiscUtil.emptyIfNull(auditEventRecord.getDeltas()).iterator();
        while (it.hasNext()) {
            ObjectDeltaSchemaLevelUtil.resolveNames(((ObjectDeltaOperation) it.next()).getObjectDelta(), (cls, str, operationResult2) -> {
                PolyString name;
                OperationResult build = operationResult2.subresult(OP_RESOLVE_NAME).setMinor().build();
                try {
                    try {
                        if (auditEventRecord.getNonExistingReferencedObjects().contains(str)) {
                            build.computeStatusIfUnknown();
                            return null;
                        }
                        if (nameResolver != null && (name = nameResolver.getName(cls, str, build)) != null) {
                            build.computeStatusIfUnknown();
                            return name;
                        }
                        PolyString name2 = this.repositoryService.getObject(cls, str, this.schemaService.getOperationOptionsBuilder().readOnly().allowNotFound().build(), build).getName();
                        build.computeStatusIfUnknown();
                        return name2;
                    } catch (ObjectNotFoundException e) {
                        auditEventRecord.addNonExistingReferencedObject(str);
                        build.computeStatusIfUnknown();
                        return null;
                    } catch (Throwable th) {
                        build.recordFatalError(th);
                        throw th;
                    }
                } catch (Throwable th2) {
                    build.computeStatusIfUnknown();
                    throw th2;
                }
            }, operationResult);
        }
    }

    public AuditEventRecord evaluateRecordingExpression(ExpressionType expressionType, AuditEventRecord auditEventRecord, PrismObject<? extends ObjectType> prismObject, ExpressionProfile expressionProfile, ExpressionEnvironmentSupplier expressionEnvironmentSupplier, Task task, OperationResult operationResult) {
        OperationResult createMinorSubresult = operationResult.createMinorSubresult(OP_EVALUATE_RECORDING_SCRIPT);
        try {
            try {
                VariablesMap variablesMap = new VariablesMap();
                variablesMap.put("target", prismObject, PrismObject.class);
                variablesMap.put(ExpressionConstants.VAR_AUDIT_RECORD, auditEventRecord, AuditEventRecord.class);
                if (expressionEnvironmentSupplier != null) {
                    ExpressionEnvironmentThreadLocalHolder.pushExpressionEnvironment(expressionEnvironmentSupplier.get(task, createMinorSubresult));
                }
                try {
                    PrismValue evaluateExpression = ExpressionUtil.evaluateExpression(variablesMap, null, expressionType, expressionProfile, this.expressionFactory, OP_EVALUATE_RECORDING_SCRIPT, task, createMinorSubresult);
                    AuditEventRecord auditEventRecord2 = evaluateExpression != null ? (AuditEventRecord) evaluateExpression.getRealValue() : null;
                    createMinorSubresult.recordSuccessIfUnknown();
                    return auditEventRecord2;
                } finally {
                    if (expressionEnvironmentSupplier != null) {
                        ExpressionEnvironmentThreadLocalHolder.popExpressionEnvironment();
                    }
                }
            } catch (Throwable th) {
                createMinorSubresult.recordSuccessIfUnknown();
                throw th;
            }
        } catch (Throwable th2) {
            LoggingUtils.logUnexpectedException(LOGGER, "Couldn't evaluate audit recording expression", th2, new Object[0]);
            createMinorSubresult.recordPartialError(th2);
            createMinorSubresult.recordSuccessIfUnknown();
            return auditEventRecord;
        }
    }

    public void evaluateAuditRecordProperty(SystemConfigurationAuditEventRecordingPropertyType systemConfigurationAuditEventRecordingPropertyType, AuditEventRecord auditEventRecord, PrismObject<? extends ObjectType> prismObject, ExpressionProfile expressionProfile, Task task, OperationResult operationResult) {
        String name = systemConfigurationAuditEventRecordingPropertyType.getName();
        OperationResult build = operationResult.subresult(OP_EVALUATE_AUDIT_RECORD_PROPERTY).addParam("name", name).setMinor().build();
        try {
            try {
                if (StringUtils.isBlank(name)) {
                    throw new IllegalArgumentException("Name of SystemConfigurationAuditEventRecordingPropertyType is empty or null in " + systemConfigurationAuditEventRecordingPropertyType);
                }
                if (!targetSelectorMatches(systemConfigurationAuditEventRecordingPropertyType.getTargetSelector(), prismObject)) {
                    build.recordNotApplicable();
                    build.recordSuccessIfUnknown();
                    return;
                }
                ExpressionType expression = systemConfigurationAuditEventRecordingPropertyType.getExpression();
                if (expression != null) {
                    VariablesMap variablesMap = new VariablesMap();
                    variablesMap.put("target", prismObject, PrismObject.class);
                    variablesMap.put(ExpressionConstants.VAR_AUDIT_RECORD, auditEventRecord, AuditEventRecord.class);
                    Collection<String> evaluateStringExpression = ExpressionUtil.evaluateStringExpression(variablesMap, expression, expressionProfile, this.expressionFactory, "value for custom column of audit table", task, build);
                    if (evaluateStringExpression != null && !evaluateStringExpression.isEmpty()) {
                        if (evaluateStringExpression.size() != 1) {
                            throw new IllegalArgumentException("Collection of expression result contains more than one value");
                        }
                        auditEventRecord.getCustomColumnProperty().put(name, evaluateStringExpression.iterator().next());
                    }
                }
                build.recordSuccessIfUnknown();
            } catch (Throwable th) {
                LoggingUtils.logUnexpectedException(LOGGER, "Couldn't evaluate audit record property expression {}", th, name);
                build.recordPartialError(th);
                build.recordSuccessIfUnknown();
            }
        } catch (Throwable th2) {
            build.recordSuccessIfUnknown();
            throw th2;
        }
    }

    private boolean targetSelectorMatches(List<ObjectSelectorType> list, PrismObject<? extends ObjectType> prismObject) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
        if (list.isEmpty()) {
            return true;
        }
        Iterator<ObjectSelectorType> it = list.iterator();
        while (it.hasNext()) {
            if (this.repositoryService.selectorMatches(it.next(), prismObject, null, LOGGER, "target selector")) {
                return true;
            }
        }
        LOGGER.debug("No selector matches for {}", prismObject);
        return false;
    }

    public AuditConfiguration getAuditConfiguration(SystemConfigurationType systemConfigurationType) {
        boolean z = false;
        List<SystemConfigurationAuditEventRecordingPropertyType> emptyList = Collections.emptyList();
        ExpressionType expressionType = null;
        if (systemConfigurationType != null && systemConfigurationType.getAudit() != null && systemConfigurationType.getAudit().getEventRecording() != null) {
            SystemConfigurationAuditEventRecordingType eventRecording = systemConfigurationType.getAudit().getEventRecording();
            z = Boolean.TRUE.equals(eventRecording.isRecordResourceOids());
            emptyList = eventRecording.getProperty();
            expressionType = eventRecording.getExpression();
        }
        return new AuditConfiguration(z, emptyList, expressionType);
    }

    public OperationResult cloneResultForAuditEventRecord(OperationResult operationResult) {
        OperationResult clone = operationResult.clone(2, false);
        Iterator<OperationResult> it = clone.getSubresults().iterator();
        while (it.hasNext()) {
            it.next().computeStatusIfUnknown();
        }
        clone.computeStatus();
        return clone;
    }

    public void addRecordMessage(AuditEventRecord auditEventRecord, String str) {
        if (auditEventRecord.getMessage() != null) {
            return;
        }
        if (!StringUtils.isEmpty(str)) {
            auditEventRecord.setMessage(str);
            return;
        }
        Collection<ObjectDeltaOperation<? extends ObjectType>> deltas = auditEventRecord.getDeltas();
        if (deltas.isEmpty()) {
            return;
        }
        StringBuilder sb = new StringBuilder();
        Iterator<ObjectDeltaOperation<? extends ObjectType>> it = deltas.iterator();
        while (it.hasNext()) {
            OperationResult executionResult = it.next().getExecutionResult();
            if (executionResult != null) {
                String message = executionResult.getMessage();
                if (!StringUtils.isEmpty(message)) {
                    if (sb.length() != 0) {
                        sb.append(VectorFormat.DEFAULT_SEPARATOR);
                    }
                    sb.append(message);
                }
            }
        }
        auditEventRecord.setMessage(sb.toString());
    }
}
