package com.evolveum.midpoint.provisioning.impl.shadows;

import com.evolveum.midpoint.prism.Freezable;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.PrismValue;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.xml.XmlTypeConverter;
import com.evolveum.midpoint.provisioning.api.ProvisioningOperationContext;
import com.evolveum.midpoint.provisioning.api.ProvisioningOperationOptions;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.provisioning.impl.RepoShadow;
import com.evolveum.midpoint.provisioning.impl.RepoShadowModifications;
import com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException;
import com.evolveum.midpoint.provisioning.util.ProvisioningUtil;
import com.evolveum.midpoint.schema.ObjectDeltaOperation;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.processor.ResourceObjectDefinition;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.schema.util.OperationResultUtil;
import com.evolveum.midpoint.schema.util.RawRepoShadow;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.schema.util.ValueMetadataTypeUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationResultStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PendingOperationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.xml.datatype.Duration;
import javax.xml.datatype.XMLGregorianCalendar;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.9.3.jar:com/evolveum/midpoint/provisioning/impl/shadows/ShadowRefreshOperation.class */
public class ShadowRefreshOperation {
    private static final String OP_OPERATION_RETRY;
    private static final Trace LOGGER;

    @NotNull
    private final ProvisioningContext ctx;

    @NotNull
    private RepoShadow shadow;
    private OperationResultStatus retriedOperationsResultStatus;
    private final ProvisioningOperationOptions options;
    static final /* synthetic */ boolean $assertionsDisabled;

    @NotNull
    private final ShadowsLocalBeans b = ShadowsLocalBeans.get();

    @NotNull
    private final Collection<ObjectDeltaOperation<ShadowType>> retriedOperations = new ArrayList();

    private ShadowRefreshOperation(@NotNull ProvisioningContext provisioningContext, @NotNull RepoShadow repoShadow, @Nullable ProvisioningOperationOptions provisioningOperationOptions) {
        this.ctx = provisioningContext;
        this.shadow = repoShadow;
        this.options = provisioningOperationOptions;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public static ShadowRefreshOperation executeFull(@NotNull RepoShadow repoShadow, ProvisioningOperationOptions provisioningOperationOptions, ProvisioningOperationContext provisioningOperationContext, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, ConfigurationException, ExpressionEvaluationException {
        ProvisioningContext createForRepoShadow = ShadowsLocalBeans.get().ctxFactory.createForRepoShadow(repoShadow, task);
        createForRepoShadow.applyCurrentDefinition(repoShadow.getBean());
        return executeFullInternal(createForRepoShadow, repoShadow, provisioningOperationOptions, provisioningOperationContext, operationResult);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void executeFull(@NotNull RawRepoShadow rawRepoShadow, ProvisioningOperationOptions provisioningOperationOptions, ProvisioningOperationContext provisioningOperationContext, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        ProvisioningContext createForShadow = ShadowsLocalBeans.get().ctxFactory.createForShadow(rawRepoShadow.getBean(), task, operationResult);
        executeFullInternal(createForShadow, createForShadow.adoptRawRepoShadow(rawRepoShadow), provisioningOperationOptions, provisioningOperationContext, operationResult);
    }

    @NotNull
    private static ShadowRefreshOperation executeFullInternal(@NotNull ProvisioningContext provisioningContext, @NotNull RepoShadow repoShadow, ProvisioningOperationOptions provisioningOperationOptions, ProvisioningOperationContext provisioningOperationContext, OperationResult operationResult) throws SchemaException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException {
        provisioningContext.setOperationContext(provisioningOperationContext);
        provisioningContext.assertDefinition();
        ShadowRefreshOperation shadowRefreshOperation = new ShadowRefreshOperation(provisioningContext, repoShadow, provisioningOperationOptions);
        shadowRefreshOperation.executeFull(operationResult);
        return shadowRefreshOperation;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public static RepoShadow executeQuick(ProvisioningContext provisioningContext, RepoShadow repoShadow, OperationResult operationResult) throws ObjectNotFoundException, SchemaException {
        ShadowRefreshOperation shadowRefreshOperation = new ShadowRefreshOperation(provisioningContext, repoShadow, null);
        shadowRefreshOperation.executeQuick(operationResult);
        return shadowRefreshOperation.shadow;
    }

    private void executeFull(OperationResult operationResult) throws ObjectNotFoundException, SchemaException, ConfigurationException, ExpressionEvaluationException {
        LOGGER.trace("Fully refreshing {}", this.shadow);
        try {
            this.b.shadowUpdater.refreshProvisioningIndexes(this.ctx, this.shadow, true, operationResult);
            if (!this.ctx.isExecutionFullyPersistent()) {
                LOGGER.trace("Skipping refresh of {} pending operations because the task is in simulation mode", this.shadow);
                return;
            }
            processPendingOperations(operationResult);
            deleteDeadShadowIfPossible(operationResult);
            if (this.shadow.isDeleted()) {
                LOGGER.trace("updateProvisioningIndexesAfterDeletion: no shadow");
            } else {
                updateProvisioningIndexesAfterDeletion(operationResult);
                updateCachedPasswordIfNeeded(operationResult);
            }
        } catch (ObjectAlreadyExistsException e) {
            throw SystemException.unexpected(e, "when refreshing provisioning indexes");
        }
    }

    private void executeQuick(OperationResult operationResult) throws SchemaException, ObjectNotFoundException {
        LOGGER.trace("Quickly refreshing {}", this.shadow);
        ObjectDelta<ShadowType> createModifyDelta = this.shadow.getPrismObject().createModifyDelta();
        expirePendingOperations(createModifyDelta);
        this.b.shadowUpdater.executeRepoShadowModifications(this.ctx, this.shadow, RepoShadowModifications.of(createModifyDelta.getModifications()), operationResult);
        deleteDeadShadowIfPossible(operationResult);
    }

    private void processPendingOperations(OperationResult operationResult) throws ObjectNotFoundException, SchemaException, ConfigurationException, ExpressionEvaluationException {
        boolean isDead = this.shadow.isDead();
        if (!isDead && !this.shadow.hasPendingOperations()) {
            LOGGER.trace("Skipping refresh of {} pending operations because shadow is not dead and there are no pending operations", this.shadow);
            return;
        }
        if (this.ctx.isInMaintenance()) {
            LOGGER.trace("Skipping refresh of {} pending operations because resource is in the maintenance mode", this.shadow);
            return;
        }
        PendingOperations pendingOperationsSorted = this.shadow.getPendingOperationsSorted();
        LOGGER.trace("Pending operations refresh of {}, dead={}, {} pending operations", this.shadow, Boolean.valueOf(isDead), Integer.valueOf(pendingOperationsSorted.size()));
        this.ctx.assertDefinition();
        refreshShadowAsyncStatus(pendingOperationsSorted, operationResult);
        retryOperations(pendingOperationsSorted, operationResult);
    }

    private void refreshShadowAsyncStatus(PendingOperations pendingOperations, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, ConfigurationException, ExpressionEvaluationException {
        String asynchronousOperationReference;
        OperationResultStatusType createStatusType;
        Duration gracePeriod = this.ctx.getGracePeriod();
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        OperationResultStatusType operationResultStatusType = null;
        ObjectDelta<ShadowType> createModifyDelta = this.shadow.getPrismObject().createModifyDelta();
        Iterator<PendingOperation> it = pendingOperations.iterator();
        while (it.hasNext()) {
            PendingOperation next = it.next();
            if (next.isExecuting() && (asynchronousOperationReference = next.getAsynchronousOperationReference()) != null) {
                try {
                    OperationResultStatus refreshOperationStatus = this.b.resourceObjectConverter.refreshOperationStatus(this.ctx, this.shadow, asynchronousOperationReference, operationResult);
                    if (refreshOperationStatus != null && (createStatusType = refreshOperationStatus.createStatusType()) != next.getResultStatus()) {
                        boolean z2 = ProvisioningUtil.isCompleted(createStatusType) && next.getCompletionTimestamp() == null;
                        if (z2 && gracePeriod == null) {
                            LOGGER.trace("Deleting pending operation because it is completed (no grace): {}", next);
                            createModifyDelta.addModification(next.createDeleteDelta());
                            if (next.isAdd()) {
                                z = true;
                                operationResultStatusType = createStatusType;
                            } else if (next.isDelete()) {
                                z = false;
                                createModifyDelta.addModifications(this.b.shadowUpdater.createTombstoneDeltas(this.shadow));
                            }
                        } else {
                            createModifyDelta.addModification(next.createResultStatusDelta(createStatusType));
                            if (z2) {
                                createModifyDelta.addModifications(next.createCompletionDeltas(this.b.clock.currentTimeXMLGregorianCalendar()));
                                ObjectDelta<ShadowType> delta = next.getDelta();
                                if (delta.isAdd()) {
                                    z = true;
                                    operationResultStatusType = createStatusType;
                                } else if (delta.isModify()) {
                                    Iterator<? extends ItemDelta<?, ?>> it2 = delta.getModifications().iterator();
                                    while (it2.hasNext()) {
                                        createModifyDelta.addModification(it2.next().mo1623clone());
                                    }
                                } else if (delta.isDelete()) {
                                    z = false;
                                    createModifyDelta.addModifications(this.b.shadowUpdater.createTombstoneDeltas(this.shadow));
                                }
                                arrayList.add(delta);
                            }
                        }
                    }
                } catch (CommunicationException e) {
                    LOGGER.debug("Communication error while trying to refresh pending operation of {}. Skipping refresh of this operation.", this.shadow, e);
                    operationResult.recordPartialError(e);
                } catch (ObjectNotFoundException e2) {
                    if (!CaseType.class.equals(e2.getType())) {
                        throw e2;
                    }
                    LOGGER.debug("The case was not found while trying to refresh pending operation of {}. Skipping refresh of this operation.", this.shadow, e2);
                    operationResult.recordPartialError(e2);
                }
            }
        }
        if (z) {
            createModifyDelta.addModificationReplaceProperty(ShadowType.F_EXISTS, Boolean.valueOf(OperationResultUtil.isSuccessful(operationResultStatusType)));
        }
        expirePendingOperations(createModifyDelta);
        if (!createModifyDelta.isEmpty()) {
            this.ctx.applyCurrentDefinition(createModifyDelta);
            this.b.shadowUpdater.modifyRepoShadow(this.ctx, this.shadow, createModifyDelta.getModifications(), operationResult);
        }
        Iterator it3 = arrayList.iterator();
        while (it3.hasNext()) {
            this.b.eventDispatcher.notifySuccess(ShadowsUtil.createSuccessOperationDescription(this.ctx, this.shadow, (ObjectDelta) it3.next()), this.ctx.getTask(), operationResult);
        }
    }

    private void retryOperations(PendingOperations pendingOperations, OperationResult operationResult) throws ObjectNotFoundException, SchemaException {
        this.retriedOperationsResultStatus = OperationResultStatus.SUCCESS;
        if (this.shadow.isDead()) {
            return;
        }
        Duration retryPeriod = ProvisioningUtil.getRetryPeriod(this.ctx);
        LOGGER.trace("Selecting operations to retry from {} one(s); retry period: {}", Integer.valueOf(pendingOperations.size()), retryPeriod);
        Iterator<PendingOperation> it = pendingOperations.iterator();
        while (it.hasNext()) {
            PendingOperation next = it.next();
            if (next.canBeRetried()) {
                XMLGregorianCalendar currentTimeXMLGregorianCalendar = this.b.clock.currentTimeXMLGregorianCalendar();
                if (next.isAfterRetryPeriod(retryPeriod, currentTimeXMLGregorianCalendar) || ProvisioningOperationOptions.isForceRetry(this.options)) {
                    LOGGER.trace("Going to retry operation {} on {}", next, this.shadow);
                    int attemptNumber = next.getAttemptNumber() + 1;
                    this.b.shadowUpdater.executeRepoShadowModifications(this.ctx, this.shadow, RepoShadowModifications.of(next.createNextAttemptDeltas(attemptNumber, currentTimeXMLGregorianCalendar)), operationResult);
                    if (!$assertionsDisabled && next.getAttemptNumber() != attemptNumber) {
                        throw new AssertionError();
                    }
                    this.ctx.updateShadowState(this.shadow);
                    LOGGER.debug("Retrying operation {} on {}, attempt #{}", next, this.shadow, Integer.valueOf(attemptNumber));
                    OperationResult createSubresult = operationResult.createSubresult(OP_OPERATION_RETRY);
                    try {
                        try {
                            try {
                                this.shadow = retryOperation(next, createSubresult);
                                createSubresult.computeStatus();
                                if (createSubresult.isError()) {
                                    this.retriedOperationsResultStatus = createSubresult.getStatus();
                                }
                                createSubresult.muteError();
                                createSubresult.close();
                            } catch (Throwable th) {
                                createSubresult.recordFatalError(th);
                                this.retriedOperationsResultStatus = OperationResultStatus.FATAL_ERROR;
                                createSubresult.close();
                            }
                        } catch (GenericFrameworkException | CommunicationException | ConfigurationException | ObjectAlreadyExistsException | ObjectNotFoundException | SchemaException | SecurityViolationException e) {
                            LOGGER.error("Operation {} on {} ended up with an error after {} retries: {}", next.getDelta(), this.shadow, Integer.valueOf(attemptNumber), e.getMessage(), e);
                            createSubresult.recordHandledError(e);
                            this.retriedOperationsResultStatus = OperationResultStatus.FATAL_ERROR;
                            createSubresult.close();
                        }
                        this.retriedOperations.add(new ObjectDeltaOperation<>(next.getDelta(), createSubresult));
                    } catch (Throwable th2) {
                        createSubresult.close();
                        throw th2;
                    }
                } else {
                    LOGGER.trace("Skipping the operation whose retry time has not elapsed yet: {}", next);
                }
            } else {
                LOGGER.trace("Skipping not retryable operation: {}", next);
            }
        }
    }

    @NotNull
    private RepoShadow retryOperation(@NotNull PendingOperation pendingOperation, @NotNull OperationResult operationResult) throws CommunicationException, GenericFrameworkException, ObjectAlreadyExistsException, SchemaException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException, EncryptionException {
        ProvisioningOperationOptions createForceRetry = ProvisioningOperationOptions.createForceRetry(false);
        if (pendingOperation.isAdd()) {
            return ShadowAddOperation.executeAsRetryInRefresh(this.ctx, this.shadow, pendingOperation, createForceRetry, operationResult);
        }
        if (pendingOperation.isModify()) {
            return ShadowModifyOperation.executeInRefresh(this.ctx, this.shadow, pendingOperation, createForceRetry, operationResult).getRepoShadow();
        }
        if (pendingOperation.isDelete()) {
            return ShadowDeleteOperation.executeInRefresh(this.ctx, this.shadow, pendingOperation, createForceRetry, operationResult).getRepoShadow();
        }
        throw new AssertionError(pendingOperation);
    }

    private void deleteDeadShadowIfPossible(OperationResult operationResult) {
        if (this.shadow.isDead()) {
            Duration gracePeriod = this.ctx.getGracePeriod();
            Duration deadShadowRetentionPeriod = ProvisioningUtil.getDeadShadowRetentionPeriod(this.ctx);
            Duration longerDuration = XmlTypeConverter.longerDuration(gracePeriod, deadShadowRetentionPeriod);
            XMLGregorianCalendar xMLGregorianCalendar = null;
            ShadowType bean = this.shadow.getBean();
            for (PendingOperationType pendingOperationType : bean.getPendingOperation()) {
                xMLGregorianCalendar = XmlTypeConverter.laterTimestamp(XmlTypeConverter.laterTimestamp(XmlTypeConverter.laterTimestamp(xMLGregorianCalendar, pendingOperationType.getRequestTimestamp()), pendingOperationType.getLastAttemptTimestamp()), pendingOperationType.getCompletionTimestamp());
            }
            if (xMLGregorianCalendar == null) {
                xMLGregorianCalendar = ValueMetadataTypeUtil.getLastChangeTimestamp(bean);
            }
            XMLGregorianCalendar currentTimeXMLGregorianCalendar = this.b.clock.currentTimeXMLGregorianCalendar();
            if (!XmlTypeConverter.isZero(deadShadowRetentionPeriod) && longerDuration != null && xMLGregorianCalendar != null && !XmlTypeConverter.isAfterInterval(xMLGregorianCalendar, longerDuration, currentTimeXMLGregorianCalendar)) {
                LOGGER.trace("Keeping dead {} because it is not expired yet, last activity={}, expiration period={}", this.shadow, xMLGregorianCalendar, longerDuration);
                return;
            }
            LOGGER.debug("Deleting dead {} because it is expired", this.shadow);
            Task task = this.ctx.getTask();
            this.b.shadowUpdater.deleteShadow(this.shadow, task, operationResult);
            this.b.eventDispatcher.notifySuccess(ShadowsUtil.createSuccessOperationDescription(this.ctx, this.shadow, this.shadow.getPrismObject().createDeleteDelta()), task, operationResult);
            this.shadow.setDeleted();
        }
    }

    private void expirePendingOperations(ObjectDelta<ShadowType> objectDelta) {
        XMLGregorianCalendar currentTimeXMLGregorianCalendar = this.b.clock.currentTimeXMLGregorianCalendar();
        Duration longerDuration = XmlTypeConverter.longerDuration(this.ctx.getGracePeriod(), ProvisioningUtil.getPendingOperationRetentionPeriod(this.ctx));
        Iterator<PendingOperation> it = this.shadow.getPendingOperations().iterator();
        while (it.hasNext()) {
            PendingOperation next = it.next();
            if (next.isCompletedAndOverPeriod(currentTimeXMLGregorianCalendar, longerDuration)) {
                LOGGER.trace("Deleting pending operation because it is completed '{}' and expired: {}", next.getResultStatus(), next);
                objectDelta.addModification(next.createDeleteDelta());
            }
        }
    }

    private void updateProvisioningIndexesAfterDeletion(OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ConfigurationException {
        if (this.retriedOperations.stream().noneMatch(objectDeltaOperation -> {
            return ObjectDelta.isDelete(objectDeltaOperation.getObjectDelta());
        })) {
            LOGGER.trace("updateProvisioningIndexesAfterDeletion: no DELETE delta found");
            return;
        }
        try {
            this.b.shadowUpdater.refreshProvisioningIndexes(this.ctx, this.shadow, false, operationResult);
        } catch (ObjectAlreadyExistsException e) {
            LOGGER.debug("Couldn't set `primaryIdentifierValue` for {} - probably a new one was created in the meanwhile. Marking this one as dead.", this.shadow, e);
            this.b.shadowUpdater.markShadowTombstone(this.shadow, this.ctx.getTask(), operationResult);
        }
    }

    private void updateCachedPasswordIfNeeded(OperationResult operationResult) throws SchemaException, ObjectNotFoundException {
        Freezable updateShadowPasswordIfNeeded;
        LOGGER.trace("Considering updating cached password for {}", this.shadow);
        PrismProperty<ProtectedStringType> passwordValueProperty = ShadowUtil.getPasswordValueProperty(this.shadow.getBean());
        if (passwordValueProperty == null || (!passwordValueProperty.isIncomplete() && passwordValueProperty.hasNoValues())) {
            LOGGER.trace(" -> nothing to transform here");
            return;
        }
        ProtectedStringType realValue = passwordValueProperty.getRealValue();
        ResourceObjectDefinition objectDefinition = this.shadow.getObjectDefinition();
        if (!objectDefinition.areCredentialsCached()) {
            LOGGER.trace(" -> caching turned off, removing the cached value");
            updateShadowPasswordIfNeeded = PrismContext.get().deltaFor(ShadowType.class).item(SchemaConstants.PATH_PASSWORD_VALUE).replace(new PrismValue[0]).asItemDelta();
        } else if (realValue == null) {
            LOGGER.trace(" -> no value stored (probably only the 'incomplete' flag), nothing to do");
            updateShadowPasswordIfNeeded = null;
        } else {
            LOGGER.trace(" -> caching is enabled, value is present; consulting the credentials storage manager");
            try {
                updateShadowPasswordIfNeeded = this.b.credentialsStorageManager.updateShadowPasswordIfNeeded(realValue, this.b.securityPolicyFinder.locateResourceObjectCredentialsPolicy(objectDefinition, operationResult), objectDefinition.areCredentialsCachedLegacy());
            } catch (EncryptionException e) {
                throw new SystemException("Couldn't transform cached password for " + this.shadow, e);
            }
        }
        if (updateShadowPasswordIfNeeded != null) {
            this.b.shadowUpdater.executeRepoShadowModifications(this.ctx, this.shadow, RepoShadowModifications.of(List.of(updateShadowPasswordIfNeeded)), operationResult);
        }
    }

    @NotNull
    public RepoShadow getShadow() {
        return this.shadow;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public Collection<ObjectDeltaOperation<ShadowType>> getRetriedOperations() {
        return this.retriedOperations;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public OperationResultStatus getRetriedOperationsResultStatus() {
        return (OperationResultStatus) Objects.requireNonNullElse(this.retriedOperationsResultStatus, OperationResultStatus.SUCCESS);
    }

    static {
        $assertionsDisabled = !ShadowRefreshOperation.class.desiredAssertionStatus();
        OP_OPERATION_RETRY = ShadowsFacade.class.getName() + ".operationRetry";
        LOGGER = TraceManager.getTrace((Class<?>) ShadowRefreshOperation.class);
    }
}
