package com.evolveum.midpoint.provisioning.impl.shadows;

import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.provisioning.api.ConstraintsCheckingResult;
import com.evolveum.midpoint.provisioning.api.ProvisioningOperationContext;
import com.evolveum.midpoint.provisioning.api.ProvisioningOperationOptions;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.provisioning.impl.RepoShadow;
import com.evolveum.midpoint.provisioning.impl.ShadowLifecycleStateDeterminer;
import com.evolveum.midpoint.provisioning.impl.resourceobjects.ResourceObjectAddReturnValue;
import com.evolveum.midpoint.provisioning.impl.resourceobjects.ResourceObjectShadow;
import com.evolveum.midpoint.provisioning.ucf.api.ConnectorOperationOptions;
import com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException;
import com.evolveum.midpoint.schema.internals.InternalCounters;
import com.evolveum.midpoint.schema.internals.InternalMonitor;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationProvisioningScriptsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowCheckType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowLifecycleStateType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.prism.xml.ns._public.types_3.ChangeTypeType;
import java.util.Collection;
import java.util.Objects;
import javax.xml.datatype.XMLGregorianCalendar;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.10-M4.jar:com/evolveum/midpoint/provisioning/impl/shadows/ShadowAddOperation.class */
public class ShadowAddOperation extends ShadowProvisioningOperation {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ShadowAddOperation.class);

    @NotNull
    private final ResourceObjectShadow objectToAdd;
    private ResourceObjectShadow createdObject;

    private ShadowAddOperation(@NotNull ProvisioningContext provisioningContext, @NotNull ResourceObjectShadow resourceObjectShadow, OperationProvisioningScriptsType operationProvisioningScriptsType, @NotNull ProvisioningOperationState provisioningOperationState, ProvisioningOperationOptions provisioningOperationOptions) {
        super(provisioningContext, provisioningOperationState, operationProvisioningScriptsType, provisioningOperationOptions, resourceObjectShadow.getPrismObject().createAddDelta());
        this.objectToAdd = resourceObjectShadow;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String executeDirectly(@NotNull ShadowType shadowType, @Nullable OperationProvisioningScriptsType operationProvisioningScriptsType, @Nullable ProvisioningOperationOptions provisioningOperationOptions, @Nullable ProvisioningOperationContext provisioningOperationContext, @NotNull Task task, @NotNull OperationResult operationResult) throws CommunicationException, GenericFrameworkException, ObjectAlreadyExistsException, SchemaException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException, EncryptionException {
        InternalMonitor.recordCount(InternalCounters.SHADOW_CHANGE_OPERATION_COUNT);
        LOGGER.trace("Start adding shadow object{}:\n{}", DebugUtil.lazy(() -> {
            return ShadowsUtil.getAdditionalOperationDesc(operationProvisioningScriptsType, provisioningOperationOptions);
        }), shadowType.debugDumpLazily(1));
        ProvisioningContext establishProvisioningContext = establishProvisioningContext(shadowType, provisioningOperationContext, task, operationResult);
        establishProvisioningContext.checkExecutionFullyPersistent();
        return new ShadowAddOperation(establishProvisioningContext, establishProvisioningContext.adoptNotYetExistingResourceObject(shadowType), operationProvisioningScriptsType, new ProvisioningOperationState(), provisioningOperationOptions).execute(operationResult);
    }

    @NotNull
    private static ProvisioningContext establishProvisioningContext(ShadowType shadowType, ProvisioningOperationContext provisioningOperationContext, Task task, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, ConfigurationException, CommunicationException {
        ProvisioningContext createForShadow = b().ctxFactory.createForShadow(shadowType, b().ctxFactory.getResource(shadowType, task, operationResult), task);
        createForShadow.assertDefinition();
        createForShadow.setOperationContext(provisioningOperationContext);
        return createForShadow;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RepoShadow executeAsRetryInRefresh(@NotNull ProvisioningContext provisioningContext, @NotNull RepoShadow repoShadow, @NotNull PendingOperation pendingOperation, @Nullable ProvisioningOperationOptions provisioningOperationOptions, @NotNull OperationResult operationResult) throws CommunicationException, GenericFrameworkException, ObjectAlreadyExistsException, SchemaException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException, EncryptionException {
        ResourceObjectShadow adoptNotYetExistingResourceObject = provisioningContext.adoptNotYetExistingResourceObject(pendingOperation.getDelta().getObjectToAdd().asObjectable());
        ProvisioningOperationState fromPendingOperation = ProvisioningOperationState.fromPendingOperation(repoShadow, pendingOperation);
        new ShadowAddOperation(provisioningContext, adoptNotYetExistingResourceObject, null, fromPendingOperation, provisioningOperationOptions).execute(operationResult);
        return fromPendingOperation.getRepoShadow();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void executeInPropagation(@NotNull ProvisioningContext provisioningContext, @NotNull RepoShadow repoShadow, @NotNull ShadowType shadowType, @NotNull PendingOperations pendingOperations, @NotNull OperationResult operationResult) throws CommunicationException, GenericFrameworkException, ObjectAlreadyExistsException, SchemaException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException, EncryptionException {
        new ShadowAddOperation(provisioningContext, provisioningContext.adoptNotYetExistingResourceObject(shadowType), null, ProvisioningOperationState.fromPropagatedPendingOperations(repoShadow, pendingOperations), null).execute(operationResult);
    }

    private String execute(OperationResult operationResult) throws CommunicationException, GenericFrameworkException, ObjectAlreadyExistsException, SchemaException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException, EncryptionException {
        this.objectToAdd.checkConsistence();
        checkAttributesOrAssociationsPresent();
        this.ctx.validateSchemaIfConfigured(this.objectToAdd.getBean());
        this.associationsHelper.provideObjectsIdentifiersToSubject(this.ctx, this.objectToAdd, operationResult);
        determineEffectiveMarksAndPolicies(this.objectToAdd, operationResult);
        this.accessChecker.checkAttributesAddAccess(this.ctx, this.objectToAdd, operationResult);
        executeShadowConstraintsCheck(operationResult);
        this.shadowCreator.addNewProposedShadow(this.ctx, this.objectToAdd, this.opState, operationResult);
        if (this.ctx.shouldExecuteResourceOperationDirectly()) {
            this.associationsHelper.provideObjectsIdentifiersToSubject(this.ctx, this.objectToAdd, operationResult);
            this.associationsHelper.convertAssociationsToReferenceAttributes(this.objectToAdd);
            executeAddOperationDirectly(operationResult);
        } else {
            markOperationExecutionAsPending(operationResult);
        }
        this.resultRecorder.recordAddResult(this, operationResult);
        setOid();
        sendSuccessOrInProgressNotification(this.opState.getRepoShadow(), operationResult);
        setParentOperationStatus(operationResult);
        return this.opState.getRepoShadowOid();
    }

    private void executeAddOperationDirectly(OperationResult operationResult) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException, GenericFrameworkException, ObjectAlreadyExistsException, SecurityViolationException, PolicyViolationException {
        LOGGER.trace("ADD {}: resource operation, execution starting", this.objectToAdd);
        ConnectorOperationOptions createConnectorOperationOptions = createConnectorOperationOptions(operationResult);
        try {
            this.ctx.checkNotInMaintenance();
            doExecuteAddOperation(createConnectorOperationOptions, false, operationResult);
        } catch (ObjectAlreadyExistsException e) {
            LOGGER.trace("Object already exists error when trying to add {}, exploring the situation", this.objectToAdd.shortDumpLazily());
            OperationResult lastSubresult = operationResult.getLastSubresult();
            if (hasDeadShadowWithDeleteOperation(operationResult)) {
                if (lastSubresult.isError()) {
                    lastSubresult.setStatus(OperationResultStatus.HANDLED_ERROR);
                }
                try {
                    LOGGER.trace("ADD {}: retrying resource operation without uniqueness check (previous dead shadow found)", this.objectToAdd);
                    doExecuteAddOperation(createConnectorOperationOptions, true, operationResult);
                } catch (ObjectAlreadyExistsException e2) {
                    markShadowTombstone(operationResult);
                    this.statusFromErrorHandling = handleAddError(e2, lastSubresult, operationResult);
                } catch (Exception e3) {
                    this.statusFromErrorHandling = handleAddError(e3, operationResult.getLastSubresult(), operationResult);
                }
            } else {
                markShadowTombstone(operationResult);
                this.statusFromErrorHandling = handleAddError(e, lastSubresult, operationResult);
            }
        } catch (Exception e4) {
            this.statusFromErrorHandling = handleAddError(e4, operationResult.getLastSubresult(), operationResult);
        }
        LOGGER.debug("ADD {}: resource operation executed, operation state: {}", this.objectToAdd, this.opState.shortDumpLazily());
    }

    private void markShadowTombstone(OperationResult operationResult) throws SchemaException {
        this.shadowUpdater.markShadowTombstone(this.opState.getRepoShadow(), this.task, operationResult);
    }

    private void doExecuteAddOperation(ConnectorOperationOptions connectorOperationOptions, boolean z, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ObjectAlreadyExistsException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException {
        ResourceObjectAddReturnValue addResourceObject = this.resourceObjectConverter.addResourceObject(this.ctx, this.objectToAdd, this.scripts, connectorOperationOptions, z, operationResult);
        setOperationStatus(addResourceObject);
        this.createdObject = addResourceObject.getCreatedObject();
        setExecutedDelta(this.createdObject.getPrismObject().createAddDelta());
    }

    private void checkAttributesOrAssociationsPresent() throws SchemaException {
        if (this.objectToAdd.getAttributes().isEmpty() && this.objectToAdd.getAssociations().isEmpty()) {
            throw new SchemaException("Attempt to add resource object without any attributes nor associations: " + this.objectToAdd);
        }
    }

    private boolean hasDeadShadowWithDeleteOperation(OperationResult operationResult) throws SchemaException {
        Collection<PrismObject<ShadowType>> searchForPreviousDeadShadows = this.shadowFinder.searchForPreviousDeadShadows(this.ctx, this.objectToAdd, operationResult);
        if (searchForPreviousDeadShadows.isEmpty()) {
            return false;
        }
        LOGGER.trace("Previous dead shadows:\n{}", DebugUtil.debugDumpLazily(searchForPreviousDeadShadows, 1));
        XMLGregorianCalendar currentTimeXMLGregorianCalendar = this.clock.currentTimeXMLGregorianCalendar();
        return searchForPreviousDeadShadows.stream().anyMatch(prismObject -> {
            return ShadowLifecycleStateDeterminer.findPendingLifecycleOperationInGracePeriod(this.ctx, (ShadowType) prismObject.asObjectable(), currentTimeXMLGregorianCalendar) == ChangeTypeType.DELETE;
        });
    }

    private OperationResultStatus handleAddError(Exception exc, OperationResult operationResult, OperationResult operationResult2) throws SchemaException, GenericFrameworkException, CommunicationException, ObjectNotFoundException, ObjectAlreadyExistsException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException {
        LOGGER.debug("Handling provisioning ADD exception {}: {}", exc.getClass(), exc.getMessage());
        try {
            OperationResultStatus handleAddError = this.errorHandlerLocator.locateErrorHandlerRequired(exc).handleAddError(this, exc, operationResult, operationResult2);
            LOGGER.debug("Handled provisioning ADD exception, final status: {}, operation state: {}", handleAddError, this.opState.shortDumpLazily());
            return handleAddError;
        } catch (CommonException e) {
            LOGGER.debug("Handled provisioning ADD exception, final exception: {}, operation state: {}", e, this.opState.shortDumpLazily());
            handleErrorHandlerException(e.getMessage(), operationResult2);
            throw e;
        }
    }

    private void executeShadowConstraintsCheck(OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException, ObjectAlreadyExistsException, SecurityViolationException {
        if (this.ctx.getShadowConstraintsCheck() == ShadowCheckType.NONE) {
            return;
        }
        String repoShadowOid = this.opState.getRepoShadow() != null ? this.opState.getRepoShadowOid() : this.objectToAdd.getOid();
        ConstraintsChecker constraintsChecker = new ConstraintsChecker();
        constraintsChecker.setProvisioningContext(this.ctx);
        constraintsChecker.setShadowObject(this.objectToAdd.getPrismObject());
        constraintsChecker.setShadowOid(repoShadowOid);
        constraintsChecker.setConstraintViolationConfirmer(prismObject -> {
            return isNotDeadOrReaping(prismObject, this.ctx);
        });
        constraintsChecker.setDoNotUseCache();
        ConstraintsCheckingResult check = constraintsChecker.check(operationResult);
        LOGGER.trace("Checked constraints with the result of {}, for:\n{}", this.objectToAdd.debugDumpLazily(1), Boolean.valueOf(check.isSatisfiesConstraints()));
        if (!check.isSatisfiesConstraints()) {
            throw new ObjectAlreadyExistsException("Conflicting shadow already exists on " + this.ctx.getResource());
        }
    }

    private boolean isNotDeadOrReaping(PrismObject<ShadowType> prismObject, ProvisioningContext provisioningContext) throws SchemaException, ConfigurationException {
        ShadowType asObjectable = prismObject.asObjectable();
        if (ShadowUtil.isDead(asObjectable)) {
            return false;
        }
        provisioningContext.spawnForShadow(asObjectable).updateShadowState(asObjectable);
        ShadowLifecycleStateType shadowLifecycleState = asObjectable.getShadowLifecycleState();
        return (shadowLifecycleState == ShadowLifecycleStateType.REAPING || shadowLifecycleState == ShadowLifecycleStateType.CORPSE || shadowLifecycleState == ShadowLifecycleStateType.TOMBSTONE) ? false : true;
    }

    @Override // com.evolveum.midpoint.provisioning.impl.shadows.ShadowProvisioningOperation
    public String getGerund() {
        return "adding";
    }

    @Override // com.evolveum.midpoint.provisioning.impl.shadows.ShadowProvisioningOperation
    public String getLogVerb() {
        return "ADD";
    }

    @Override // com.evolveum.midpoint.provisioning.impl.shadows.ShadowProvisioningOperation
    Trace getLogger() {
        return LOGGER;
    }

    @NotNull
    public ResourceObjectShadow getResourceObjectToAdd() {
        return this.objectToAdd;
    }

    @NotNull
    public ResourceObjectShadow getShadowAddedOrToAdd() {
        return (!this.opState.wasStarted() || this.createdObject == null) ? this.objectToAdd : this.createdObject;
    }

    private void setOid() {
        String str = (String) Objects.requireNonNull(this.opState.getRepoShadowOid(), "No shadow OID after ADD operation");
        this.objectToAdd.setOid(str);
        this.requestedDelta.setOid(str);
        if (this.createdObject != null) {
            this.createdObject.setOid(str);
        }
        if (this.executedDelta != null) {
            this.executedDelta.setOid(str);
        }
    }

    private static ShadowsLocalBeans b() {
        return ShadowsLocalBeans.get();
    }
}
