package com.evolveum.midpoint.provisioning.impl.resourceobjects;

import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.provisioning.impl.RepoShadow;
import com.evolveum.midpoint.provisioning.impl.ResourceObjectOperations;
import com.evolveum.midpoint.provisioning.ucf.api.Operation;
import com.evolveum.midpoint.provisioning.ucf.api.PropertyModificationOperation;
import com.evolveum.midpoint.provisioning.ucf.api.ReferenceModificationOperation;
import com.evolveum.midpoint.provisioning.ucf.api.UcfResourceObject;
import com.evolveum.midpoint.schema.config.AssociationConfigItem;
import com.evolveum.midpoint.schema.processor.ShadowReferenceAttributeDefinition;
import com.evolveum.midpoint.schema.processor.ShadowSimpleAttributeDefinition;
import com.evolveum.midpoint.schema.processor.SimulatedReferenceTypeParticipantDefinition;
import com.evolveum.midpoint.schema.processor.SimulatedShadowReferenceTypeDefinition;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ShadowReferenceAttributesCollection;
import com.evolveum.midpoint.util.DebugDumpable;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import javax.xml.namespace.QName;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.9.3.jar:com/evolveum/midpoint/provisioning/impl/resourceobjects/EntitlementConverter.class */
class EntitlementConverter {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) EntitlementConverter.class);

    @NotNull
    private final ProvisioningContext subjectCtx;

    @NotNull
    private final Object errorCtx;
    private final ResourceObjectsBeans b = ResourceObjectsBeans.get();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.9.3.jar:com/evolveum/midpoint/provisioning/impl/resourceobjects/EntitlementConverter$EntitlementObjectsOperations.class */
    public static class EntitlementObjectsOperations implements DebugDumpable {
        final Map<ResourceObjectDiscriminator, ResourceObjectOperations> roMap = new HashMap();

        @NotNull
        ResourceObjectOperations findOrCreate(@NotNull ResourceObjectDiscriminator resourceObjectDiscriminator, @NotNull ProvisioningContext provisioningContext) {
            ResourceObjectOperations resourceObjectOperations = this.roMap.get(resourceObjectDiscriminator);
            if (resourceObjectOperations != null) {
                return resourceObjectOperations;
            }
            ResourceObjectOperations resourceObjectOperations2 = new ResourceObjectOperations(provisioningContext);
            this.roMap.put(resourceObjectDiscriminator, resourceObjectOperations2);
            return resourceObjectOperations2;
        }

        @Override // com.evolveum.midpoint.util.DebugDumpable
        public String debugDump(int i) {
            return DebugUtil.debugDump((Map<?, ?>) this.roMap, i);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.9.3.jar:com/evolveum/midpoint/provisioning/impl/resourceobjects/EntitlementConverter$SubjectOperations.class */
    public static class SubjectOperations implements DebugDumpable {
        private final Map<QName, Operation> operationMap = new HashMap();

        SubjectOperations() {
        }

        public Collection<Operation> getOperations() {
            return this.operationMap.values();
        }

        Operation get(QName qName) {
            return this.operationMap.get(qName);
        }

        void put(QName qName, Operation operation) {
            this.operationMap.put(qName, operation);
        }

        @NotNull
        <T> PropertyModificationOperation<T> findOrCreateOperation(ShadowSimpleAttributeDefinition<T> shadowSimpleAttributeDefinition, QName qName) {
            QName itemName = shadowSimpleAttributeDefinition.getItemName();
            PropertyModificationOperation<T> propertyModificationOperation = (PropertyModificationOperation) get(itemName);
            if (propertyModificationOperation != null) {
                return propertyModificationOperation;
            }
            PropertyModificationOperation<T> propertyModificationOperation2 = new PropertyModificationOperation<>(shadowSimpleAttributeDefinition.createEmptyDelta());
            propertyModificationOperation2.setMatchingRuleQName(qName);
            put(itemName, propertyModificationOperation2);
            return propertyModificationOperation2;
        }

        @NotNull
        ReferenceModificationOperation findOrCreateOperation(ShadowReferenceAttributeDefinition shadowReferenceAttributeDefinition) {
            QName itemName = shadowReferenceAttributeDefinition.getItemName();
            ReferenceModificationOperation referenceModificationOperation = (ReferenceModificationOperation) get(itemName);
            if (referenceModificationOperation != null) {
                return referenceModificationOperation;
            }
            ReferenceModificationOperation referenceModificationOperation2 = new ReferenceModificationOperation(shadowReferenceAttributeDefinition.createEmptyDelta());
            put(itemName, referenceModificationOperation2);
            return referenceModificationOperation2;
        }

        @Override // com.evolveum.midpoint.util.DebugDumpable
        public String debugDump(int i) {
            return DebugUtil.debugDump((Map<?, ?>) this.operationMap, i);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EntitlementConverter(@NotNull ProvisioningContext provisioningContext) {
        this.subjectCtx = provisioningContext;
        this.errorCtx = provisioningContext.getExceptionDescriptionLazy();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void transformToSubjectOpsOnAdd(ResourceObjectShadow resourceObjectShadow) throws SchemaException {
        resourceObjectShadow.applyOperations(transformToSubjectOps(ShadowReferenceAttributesCollection.ofShadow(resourceObjectShadow.getBean()).getAllIterableValues()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public Collection<Operation> transformToSubjectOpsOnModify(@NotNull ShadowReferenceAttributesCollection shadowReferenceAttributesCollection) throws SchemaException {
        checkNoReplace(shadowReferenceAttributesCollection);
        return transformToSubjectOps(shadowReferenceAttributesCollection.getAllIterableValues()).getOperations();
    }

    @NotNull
    private SubjectOperations transformToSubjectOps(@NotNull Collection<ShadowReferenceAttributesCollection.IterableReferenceAttributeValue> collection) throws SchemaException {
        LOGGER.trace("Transforming {} iterable reference attribute values to subject operations", Integer.valueOf(collection.size()));
        SubjectOperations subjectOperations = new SubjectOperations();
        for (ShadowReferenceAttributesCollection.IterableReferenceAttributeValue iterableReferenceAttributeValue : collection) {
            ShadowReferenceAttributeDefinition referenceAttributeDefinition = getReferenceAttributeDefinition(iterableReferenceAttributeValue.name());
            if (EntitlementUtils.isVisible(referenceAttributeDefinition, this.subjectCtx)) {
                SimulatedShadowReferenceTypeDefinition simulationDefinition = referenceAttributeDefinition.getSimulationDefinition();
                if (simulationDefinition == null) {
                    subjectOperations.findOrCreateOperation(referenceAttributeDefinition).swallowValue(iterableReferenceAttributeValue.value().mo1609clone(), iterableReferenceAttributeValue.isAddNotDelete());
                } else if (EntitlementUtils.isSimulatedSubjectToObject(referenceAttributeDefinition) && EntitlementUtils.doesMatchSubjectDelineation(referenceAttributeDefinition, this.subjectCtx)) {
                    subjectOperations.findOrCreateOperation(simulationDefinition.getSubjectSidePrimaryBindingAttributeDef(), simulationDefinition.getPrimaryBindingMatchingRuleLegacy()).swallowValue(iterableReferenceAttributeValue.value().getSingleIdentifierValueRequired(simulationDefinition.getPrimaryObjectBindingAttributeName(), this.errorCtx).mo1609clone(), iterableReferenceAttributeValue.isAddNotDelete());
                }
            }
        }
        LOGGER.trace("Transformed iterable association values to:\n{}", subjectOperations.debugDumpLazily(1));
        return subjectOperations;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public EntitlementObjectsOperations transformToObjectOpsOnAdd(ResourceObjectShadow resourceObjectShadow, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ConfigurationException {
        EntitlementObjectsOperations entitlementObjectsOperations = new EntitlementObjectsOperations();
        collectObjectOps(entitlementObjectsOperations, ShadowReferenceAttributesCollection.ofShadow(resourceObjectShadow.getBean()).getAllIterableValues(), null, resourceObjectShadow.getBean(), operationResult);
        return entitlementObjectsOperations;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void transformToObjectOpsOnModify(@NotNull EntitlementObjectsOperations entitlementObjectsOperations, @NotNull ShadowReferenceAttributesCollection shadowReferenceAttributesCollection, ShadowType shadowType, ShadowType shadowType2, @NotNull OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ConfigurationException {
        checkNoReplace(shadowReferenceAttributesCollection);
        collectObjectOps(entitlementObjectsOperations, shadowReferenceAttributesCollection.getAllIterableValues(), shadowType, shadowType2, operationResult);
    }

    private void collectObjectOps(@NotNull EntitlementObjectsOperations entitlementObjectsOperations, @NotNull Collection<ShadowReferenceAttributesCollection.IterableReferenceAttributeValue> collection, ShadowType shadowType, ShadowType shadowType2, @NotNull OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ConfigurationException {
        for (ShadowReferenceAttributesCollection.IterableReferenceAttributeValue iterableReferenceAttributeValue : collection) {
            ItemName name = iterableReferenceAttributeValue.name();
            boolean isAddNotDelete = iterableReferenceAttributeValue.isAddNotDelete();
            if (this.subjectCtx.getOperationContext() != null) {
                this.subjectCtx.setAssociationShadowRef(iterableReferenceAttributeValue.value().asObjectReferenceType());
            }
            ShadowReferenceAttributeDefinition referenceAttributeDefinition = getReferenceAttributeDefinition(name);
            if (EntitlementUtils.isSimulatedObjectToSubject(referenceAttributeDefinition) && EntitlementUtils.isVisible(referenceAttributeDefinition, this.subjectCtx) && EntitlementUtils.doesMatchSubjectDelineation(referenceAttributeDefinition, this.subjectCtx)) {
                SimulatedShadowReferenceTypeDefinition simulationDefinitionRequired = referenceAttributeDefinition.getSimulationDefinitionRequired();
                AssociationConfigItem.AttributeBinding primaryAttributeBinding = simulationDefinitionRequired.getPrimaryAttributeBinding();
                for (SimulatedReferenceTypeParticipantDefinition simulatedReferenceTypeParticipantDefinition : simulationDefinitionRequired.getObjects()) {
                    ProvisioningContext spawnForDefinition = this.subjectCtx.spawnForDefinition(simulatedReferenceTypeParticipantDefinition.getObjectDefinition());
                    PrismPropertyValue<?> singleValueRequired = EntitlementUtils.getSingleValueRequired(selectSourceShadow(shadowType, shadowType2, isAddNotDelete, simulationDefinitionRequired.requiresExplicitReferentialIntegrity()), primaryAttributeBinding.subjectSide(), name, this.errorCtx);
                    ShadowSimpleAttributeDefinition objectAttributeDefinition = simulatedReferenceTypeParticipantDefinition.getObjectAttributeDefinition(primaryAttributeBinding);
                    entitlementObjectsOperations.findOrCreate(getEntitlementDiscriminator(iterableReferenceAttributeValue, spawnForDefinition, operationResult), spawnForDefinition).findOrCreateAttributeOperation(objectAttributeDefinition, simulationDefinitionRequired.getPrimaryBindingMatchingRuleLegacy()).swallowValue(objectAttributeDefinition.convertPrismValue(singleValueRequired).mo1609clone(), isAddNotDelete);
                }
            }
        }
    }

    private static ShadowType selectSourceShadow(ShadowType shadowType, ShadowType shadowType2, boolean z, boolean z2) {
        if (!z && z2) {
            return shadowType;
        }
        return shadowType2;
    }

    private ResourceObjectDiscriminator getEntitlementDiscriminator(ShadowReferenceAttributesCollection.IterableReferenceAttributeValue iterableReferenceAttributeValue, ProvisioningContext provisioningContext, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ConfigurationException {
        return ResourceObjectDiscriminator.of(this.b.resourceObjectReferenceResolver.resolvePrimaryIdentifier(provisioningContext, iterableReferenceAttributeValue.value().getIdentification(), operationResult));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public EntitlementObjectsOperations transformToObjectOpsOnSubjectDelete(@NotNull RepoShadow repoShadow, @NotNull OperationResult operationResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        EntitlementObjectsOperations entitlementObjectsOperations = new EntitlementObjectsOperations();
        for (ShadowReferenceAttributeDefinition shadowReferenceAttributeDefinition : this.subjectCtx.getReferenceAttributeDefinitions()) {
            if (EntitlementUtils.isSimulatedObjectToSubject(shadowReferenceAttributeDefinition) && EntitlementUtils.isVisible(shadowReferenceAttributeDefinition, this.subjectCtx) && EntitlementUtils.requiresExplicitReferentialIntegrity(shadowReferenceAttributeDefinition) && EntitlementUtils.doesMatchSubjectDelineation(shadowReferenceAttributeDefinition, this.subjectCtx)) {
                SimulatedShadowReferenceTypeDefinition simulationDefinitionRequired = shadowReferenceAttributeDefinition.getSimulationDefinitionRequired();
                AssociationConfigItem.AttributeBinding primaryAttributeBinding = simulationDefinitionRequired.getPrimaryAttributeBinding();
                EntitlementObjectSearch entitlementObjectSearch = new EntitlementObjectSearch(this.subjectCtx, simulationDefinitionRequired, primaryAttributeBinding, repoShadow.getBean());
                PrismPropertyValue subjectAttrValue = entitlementObjectSearch.getSubjectAttrValue();
                if (subjectAttrValue == null) {
                    LOGGER.error("No value of binding attribute '{}' in the subject repo shadow:\n{}\nSimulation definition:\n{}\nSubject context:\n{}\n\nMost probably, the attribute is not cached. The recommended way is to mark it as a secondary identifier.", entitlementObjectSearch.getSubjectAttrName(), repoShadow.debugDump(1), simulationDefinitionRequired.debugDump(1), this.subjectCtx.debugDump(1));
                    throw new SchemaException(String.format("Cannot delete references for the subject, as the value of binding attribute '%s' is unknown or missing in the subject shadow.", entitlementObjectSearch.getSubjectAttrName()));
                }
                entitlementObjectSearch.execute((resourceObjectFound, operationResult2) -> {
                    UcfResourceObject initialUcfResourceObject = resourceObjectFound.getInitialUcfResourceObject();
                    entitlementObjectsOperations.findOrCreate(ResourceObjectDiscriminator.of(initialUcfResourceObject.getBean()), this.subjectCtx.spawnForDefinition(initialUcfResourceObject.getObjectDefinition())).findOrCreateAttributeOperation(initialUcfResourceObject.getObjectDefinition().findSimpleAttributeDefinitionRequired(primaryAttributeBinding.objectSide()), simulationDefinitionRequired.getPrimaryBindingMatchingRuleLegacy()).swallowValueToDelete(subjectAttrValue.mo1609clone());
                    return true;
                }, operationResult);
            }
        }
        LOGGER.trace("Entitlement objects operations on subject delete:\n{}", entitlementObjectsOperations.debugDumpLazily(1));
        return entitlementObjectsOperations;
    }

    @NotNull
    private ShadowReferenceAttributeDefinition getReferenceAttributeDefinition(@NotNull ItemName itemName) throws SchemaException {
        return this.subjectCtx.findReferenceAttributeDefinitionRequired(itemName);
    }

    private void checkNoReplace(@NotNull ShadowReferenceAttributesCollection shadowReferenceAttributesCollection) throws SchemaException {
        if (shadowReferenceAttributesCollection.hasReplace()) {
            LOGGER.error("Replace delta not supported for\nreference attribute modifications:\n{}\nin provisioning context:\n{}", shadowReferenceAttributesCollection.debugDump(1), this.subjectCtx.debugDump(1));
            throw new SchemaException("Cannot perform replace delta for reference attribute");
        }
    }
}
