package com.evolveum.midpoint.model.impl.lens;

import com.evolveum.midpoint.model.api.ModelExecuteOptions;
import com.evolveum.midpoint.model.test.CommonInitialObjects;
import com.evolveum.midpoint.model.test.asserter.ModelContextAsserter;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismValue;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.schema.TaskExecutionMode;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.Resource;
import com.evolveum.midpoint.schema.util.ShadowAssociationsUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.test.DummyTestResource;
import com.evolveum.midpoint.test.TestObject;
import com.evolveum.midpoint.test.util.MidPointTestConstants;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ConstructionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.io.File;
import java.util.Collection;
import java.util.List;
import javax.xml.namespace.QName;
import org.testng.annotations.Test;

/* loaded from: input_file:com/evolveum/midpoint/model/impl/lens/TestProjectionPolicyRules.class */
public class TestProjectionPolicyRules extends AbstractLensTest {
    private static final String ATTR_SAM_ACCOUNT_NAME = "samAccountName";
    private static final String ATTR_MEMBER_OF_ORG = "memberOfOrg";
    private ShadowType wheelShadow;
    private ShadowType topOrgShadow;
    private static final File TEST_DIR = new File(MidPointTestConstants.TEST_RESOURCES_DIR, "lens/policy/projection");
    private static final ItemName ASSOCIATION_GROUP = new ItemName("http://midpoint.evolveum.com/xml/ns/public/resource/instance-3", "group");
    private static final ItemName ASSOCIATION_ORG = new ItemName("http://midpoint.evolveum.com/xml/ns/public/resource/instance-3", "org");
    private static final QName CUSTOM_ORG_OBJECT_CLASS = new QName("http://midpoint.evolveum.com/xml/ns/public/resource/instance-3", "CustomorgObjectClass");
    private static final DummyTestResource RESOURCE_DUMMY_EVENT_MARKS = new DummyTestResource(TEST_DIR, "resource-dummy-event-marks.xml", "b951c40b-2f57-4f1d-a881-8ba37e973c11", "event-marks", dummyResourceContoller -> {
        dummyResourceContoller.populateWithDefaultSchema();
        dummyResourceContoller.addAttrDef(dummyResourceContoller.getAccountObjectClass(), ATTR_SAM_ACCOUNT_NAME, String.class, false, false);
        dummyResourceContoller.addAttrDef(dummyResourceContoller.getAccountObjectClass(), ATTR_MEMBER_OF_ORG, String.class, false, true);
    });

    protected boolean requiresNativeRepository() {
        return true;
    }

    @Override // com.evolveum.midpoint.model.impl.lens.AbstractLensTest, com.evolveum.midpoint.model.impl.AbstractInternalModelIntegrationTest, com.evolveum.midpoint.model.impl.AbstractModelImplementationIntegrationTest
    public void initSystem(Task task, OperationResult operationResult) throws Exception {
        super.initSystem(task, operationResult);
        CommonInitialObjects.addMarks(this, task, operationResult);
        RESOURCE_DUMMY_EVENT_MARKS.initAndTest(this, task, operationResult);
        RESOURCE_DUMMY_EVENT_MARKS.controller.addGroup("wheel");
        this.wheelShadow = ((PrismObject) MiscUtil.extractSingletonRequired(this.provisioningService.searchObjects(ShadowType.class, Resource.of(RESOURCE_DUMMY_EVENT_MARKS.get()).queryFor(SchemaConstants.RI_GROUP_OBJECT_CLASS).build(), (Collection) null, task, operationResult))).asObjectable();
        RESOURCE_DUMMY_EVENT_MARKS.controller.addOrgTop();
        this.topOrgShadow = ((PrismObject) MiscUtil.extractSingletonRequired(this.provisioningService.searchObjects(ShadowType.class, Resource.of(RESOURCE_DUMMY_EVENT_MARKS.get()).queryFor(CUSTOM_ORG_OBJECT_CLASS).build(), (Collection) null, task, operationResult))).asObjectable();
    }

    @Test
    public void test100DisableAccount() throws Exception {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        given("a user with an account exists");
        UserType createUserWithAccount = createUserWithAccount("test100", null, testTask, result);
        switchToSimulationMode(testTask);
        when("user and account are disabled (in simulation mode)");
        LensContext runClockwork = runClockwork(deltaFor(UserType.class).item(SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS).replace(new Object[]{ActivationStatusType.DISABLED}).asObjectDelta(createUserWithAccount.getOid()), (ModelExecuteOptions) null, testTask, result);
        then("marks are set correctly");
        ((ModelContextAsserter) assertModelContext(runClockwork, "disable context").focusContext().assertEventMarks(new TestObject[]{CommonInitialObjects.MARK_FOCUS_DEACTIVATED}).end()).projectionContexts().single().assertEventMarks(new TestObject[]{CommonInitialObjects.MARK_PROJECTION_DEACTIVATED, CommonInitialObjects.MARK_PROJECTION_RESOURCE_OBJECT_AFFECTED});
    }

    @Test
    public void test105EnableAccount() throws Exception {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        given("a (disabled) user with an account exists");
        UserType createUserWithAccount = createUserWithAccount("test105", ActivationStatusType.DISABLED, testTask, result);
        switchToSimulationMode(testTask);
        when("user and account are enabled");
        LensContext runClockwork = runClockwork(deltaFor(UserType.class).item(SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS).replace(new PrismValue[0]).asObjectDelta(createUserWithAccount.getOid()), (ModelExecuteOptions) null, testTask, result);
        then("marks are set correctly");
        ((ModelContextAsserter) assertModelContext(runClockwork, "enable context").focusContext().assertEventMarks(new TestObject[]{CommonInitialObjects.MARK_FOCUS_ACTIVATED}).end()).projectionContexts().single().assertEventMarks(new TestObject[]{CommonInitialObjects.MARK_PROJECTION_ACTIVATED, CommonInitialObjects.MARK_PROJECTION_RESOURCE_OBJECT_AFFECTED});
    }

    private UserType createUserWithAccount(String str, ActivationStatusType activationStatusType, Task task, OperationResult operationResult) throws CommonException {
        UserType assignment = new UserType().name(str).activation(new ActivationType().administrativeStatus(activationStatusType)).assignment(new AssignmentType().construction(new ConstructionType().resourceRef(RESOURCE_DUMMY_EVENT_MARKS.oid, ResourceType.COMPLEX_TYPE)));
        addObject(assignment, task, operationResult);
        return this.repositoryService.getObject(UserType.class, assignment.getOid(), (Collection) null, operationResult).asObjectable();
    }

    @Test
    public void test110RenameAccount() throws Exception {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        given("a user with an account exists");
        UserType createUserWithAccount = createUserWithAccount("test110", null, testTask, result);
        switchToSimulationMode(testTask);
        when("user and account are renamed");
        LensContext runClockwork = runClockwork(deltaFor(UserType.class).item(UserType.F_NAME).replace(new Object[]{PolyString.fromOrig("renamed")}).asObjectDelta(createUserWithAccount.getOid()), (ModelExecuteOptions) null, testTask, result);
        then("marks are set correctly");
        ((ModelContextAsserter) assertModelContext(runClockwork, "context").focusContext().assertEventMarks(new TestObject[]{CommonInitialObjects.MARK_FOCUS_RENAMED}).end()).projectionContexts().single().assertEventMarks(new TestObject[]{CommonInitialObjects.MARK_PROJECTION_RENAMED, CommonInitialObjects.MARK_PROJECTION_IDENTIFIER_CHANGED, CommonInitialObjects.MARK_PROJECTION_RESOURCE_OBJECT_AFFECTED});
    }

    @Test
    public void test120ChangeNonNamingIdentifier() throws Exception {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        given("a user with an account exists");
        UserType createUserWithAccount = createUserWithAccount("test120", null, testTask, result);
        switchToSimulationMode(testTask);
        when("account non-naming identifier is changed");
        LensContext runClockwork = runClockwork(deltaFor(UserType.class).item(UserType.F_EMPLOYEE_NUMBER).replace(new Object[]{"new-emp-id"}).asObjectDelta(createUserWithAccount.getOid()), (ModelExecuteOptions) null, testTask, result);
        then("marks are set correctly");
        ((ModelContextAsserter) assertModelContext(runClockwork, "context").focusContext().assertEventMarks(new TestObject[0]).end()).projectionContexts().single().assertEventMarks(new TestObject[]{CommonInitialObjects.MARK_PROJECTION_IDENTIFIER_CHANGED, CommonInitialObjects.MARK_PROJECTION_RESOURCE_OBJECT_AFFECTED});
    }

    @Test
    public void test130ChangeEntitlement() throws Exception {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        given("a user with an account exists");
        UserType createUserWithAccount = createUserWithAccount("test130", null, testTask, result);
        switchToSimulationMode(testTask);
        when("account group membership is changed");
        LensContext runClockwork = runClockwork(List.of(Resource.of(RESOURCE_DUMMY_EVENT_MARKS.get()).deltaFor(SchemaConstants.RI_ACCOUNT_OBJECT_CLASS).item(new QName[]{ShadowType.F_ASSOCIATIONS, ASSOCIATION_GROUP}).add(new Object[]{ShadowAssociationsUtil.createSingleRefRawValue(ASSOCIATION_GROUP, this.wheelShadow)}).asObjectDelta(((ObjectReferenceType) createUserWithAccount.getLinkRef().get(0)).getOid())), (ModelExecuteOptions) null, testTask, result);
        then("marks are set correctly");
        ((ModelContextAsserter) assertModelContext(runClockwork, "context").focusContext().assertEventMarks(new TestObject[0]).end()).projectionContexts().single().assertEventMarks(new TestObject[]{CommonInitialObjects.MARK_PROJECTION_ENTITLEMENT_CHANGED, CommonInitialObjects.MARK_PROJECTION_RESOURCE_OBJECT_AFFECTED});
    }

    @Test
    public void test140ChangeNonEntitlementAssociation() throws Exception {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        given("a user with an account exists");
        UserType createUserWithAccount = createUserWithAccount("test140", null, testTask, result);
        switchToSimulationMode(testTask);
        when("account org membership is changed");
        LensContext runClockwork = runClockwork(List.of(Resource.of(RESOURCE_DUMMY_EVENT_MARKS.get()).deltaFor(SchemaConstants.RI_ACCOUNT_OBJECT_CLASS).item(new QName[]{ShadowType.F_ASSOCIATIONS, ASSOCIATION_ORG}).add(new Object[]{ShadowAssociationsUtil.createSingleRefRawValue(ASSOCIATION_ORG, this.topOrgShadow)}).asObjectDelta(((ObjectReferenceType) createUserWithAccount.getLinkRef().get(0)).getOid())), (ModelExecuteOptions) null, testTask, result);
        then("'entitlement changed' mark is not present");
        ((ModelContextAsserter) assertModelContext(runClockwork, "context").focusContext().assertEventMarks(new TestObject[0]).end()).projectionContexts().single().assertEventMarks(new TestObject[]{CommonInitialObjects.MARK_PROJECTION_RESOURCE_OBJECT_AFFECTED});
    }

    @Test
    public void test150ChangeAccountPassword() throws Exception {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        given("a user with an account exists");
        UserType createUserWithAccount = createUserWithAccount("test150", null, testTask, result);
        switchToSimulationMode(testTask);
        when("account password is changed");
        LensContext runClockwork = runClockwork(deltaFor(UserType.class).item(SchemaConstants.PATH_PASSWORD_VALUE).replace(new Object[]{this.protector.encryptString("secret")}).asObjectDelta(createUserWithAccount.getOid()), (ModelExecuteOptions) null, testTask, result);
        then("marks are set correctly");
        ((ModelContextAsserter) assertModelContext(runClockwork, "context").focusContext().assertEventMarks(new TestObject[0]).end()).projectionContexts().single().assertEventMarks(new TestObject[]{CommonInitialObjects.MARK_PROJECTION_PASSWORD_CHANGED, CommonInitialObjects.MARK_PROJECTION_RESOURCE_OBJECT_AFFECTED});
    }

    @Test
    public void test200DeleteAccountOnImport() throws Exception {
        OperationResult result = getTestTask().getResult();
        given("sensitive account on the resource");
        RESOURCE_DUMMY_EVENT_MARKS.addAccount("sensitive");
        when("account is imported");
        String execute = importAccountsRequest().withResourceOid(RESOURCE_DUMMY_EVENT_MARKS.oid).withNameValue("sensitive").withTaskExecutionMode(TaskExecutionMode.SIMULATED_PRODUCTION).execute(result);
        then("simulation result is OK");
        assertProcessedObjects(execute, "after").display().single().assertEventMarks(new TestObject[]{CommonInitialObjects.MARK_PROJECTION_DEACTIVATED, CommonInitialObjects.MARK_PROJECTION_RESOURCE_OBJECT_AFFECTED}).delta().assertDelete();
    }

    private static void switchToSimulationMode(Task task) {
        task.setExecutionMode(TaskExecutionMode.SIMULATED_PRODUCTION);
    }
}
