package com.evolveum.midpoint.model.impl.correlator.idmatch;

import com.evolveum.midpoint.model.api.correlator.idmatch.IdMatchObject;
import com.evolveum.midpoint.model.api.correlator.idmatch.IdMatchService;
import com.evolveum.midpoint.model.api.correlator.idmatch.MatchingRequest;
import com.evolveum.midpoint.model.api.correlator.idmatch.MatchingResult;
import com.evolveum.midpoint.model.api.correlator.idmatch.PotentialMatch;
import com.evolveum.midpoint.model.impl.correlator.idmatch.constants.ResponseType;
import com.evolveum.midpoint.model.impl.correlator.idmatch.data.PersonRequest;
import com.evolveum.midpoint.model.impl.correlator.idmatch.operations.Client;
import com.evolveum.midpoint.prism.Item;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.PrismPropertyDefinition;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.IdMatchAttributesType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.IdMatchCorrelatorType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import com.evolveum.prism.xml.ns._public.types_3.RawType;
import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonGenerator;
import com.github.openjson.JSONArray;
import com.github.openjson.JSONException;
import com.github.openjson.JSONObject;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.xml.namespace.QName;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/evolveum/midpoint/model/impl/correlator/idmatch/IdMatchServiceImpl.class */
public class IdMatchServiceImpl implements IdMatchService {
    private static final Trace LOGGER = TraceManager.getTrace(IdMatchServiceImpl.class);
    private static final String REFERENCE_REQUEST_ID = "referenceId";
    private static final String MATCH_REQUEST_ID = "matchRequest";
    private static final String CANDIDATES = "candidates";
    private static final String MAPPED_ICFS_NAME = "icfs_name";
    private static final String MAPPED_ICFS_UID = "icfs_uid";
    private static final String NEW_REFERENCE_ID = "new";

    @NotNull
    private final String url;

    @Nullable
    private final String username;

    @Nullable
    private final ProtectedStringType password;

    @NotNull
    private final String sorLabel;
    private static final String DEFAULT_SOR_LABEL = "midpoint";

    private IdMatchServiceImpl(@NotNull String str, @Nullable String str2, @Nullable ProtectedStringType protectedStringType, @Nullable String str3) {
        this.url = str;
        this.username = str2;
        this.password = protectedStringType;
        this.sorLabel = (String) Objects.requireNonNullElse(str3, DEFAULT_SOR_LABEL);
    }

    @NotNull
    public MatchingResult executeMatch(@NotNull MatchingRequest matchingRequest, @NotNull OperationResult operationResult) throws CommunicationException, SchemaException, SecurityViolationException {
        LOGGER.trace("Executing match:\n{}", matchingRequest.debugDumpLazily(1));
        Client createClient = createClient();
        PersonRequest generateMatchOrUpdateRequest = generateMatchOrUpdateRequest(matchingRequest.getObject());
        createClient.putPerson(generateMatchOrUpdateRequest);
        int responseCode = createClient.getResponseCode();
        if (responseCode == ResponseType.CREATED.getResponseCode() || responseCode == ResponseType.EXISTING.getResponseCode()) {
            return processKnownReferenceId(createClient, generateMatchOrUpdateRequest);
        }
        if (responseCode == ResponseType.ACCEPTED.getResponseCode()) {
            return processUnknownReferenceId(createClient, createClient.getEntity());
        }
        throw new IllegalStateException("Unsupported ID Match Service response: " + responseCode + ": " + createClient.getMessage());
    }

    @NotNull
    private MatchingResult processKnownReferenceId(Client client, PersonRequest personRequest) throws CommunicationException, SecurityViolationException {
        client.getPerson(personRequest);
        String entity = client.getEntity();
        String jsonElement = getJsonElement(getJsonElement(entity, "meta"), REFERENCE_REQUEST_ID);
        MiscUtil.stateCheck((jsonElement == null || jsonElement.isEmpty()) ? false : true, "Null or empty reference ID in %s", new Object[]{entity});
        return MatchingResult.forReferenceId(jsonElement);
    }

    @NotNull
    private MatchingResult processUnknownReferenceId(Client client, String str) throws SchemaException, CommunicationException, SecurityViolationException {
        String jsonElement = getJsonElement(str, MATCH_REQUEST_ID);
        client.getMatchRequest(jsonElement);
        try {
            return MatchingResult.forUncertain(jsonElement, createPotentialMatches(client.getEntity()));
        } catch (JSONException e) {
            throw new SchemaException("Unexpected exception while parsing ID Match response: " + e.getMessage(), e);
        }
    }

    public void update(@NotNull IdMatchObject idMatchObject, @Nullable String str, @NotNull OperationResult operationResult) throws CommunicationException, SchemaException, SecurityViolationException {
        LOGGER.trace("Updating object with reference ID {}:\n{}", str, idMatchObject.debugDumpLazily(1));
        createClient().putPerson(generateMatchOrUpdateRequest(idMatchObject));
    }

    @NotNull
    private Client createClient() {
        return new Client(this.url, this.username, getPasswordCleartext());
    }

    @Nullable
    private String getPasswordCleartext() {
        try {
            if (this.password != null) {
                return PrismContext.get().getDefaultProtector().decryptString(this.password);
            }
            return null;
        } catch (EncryptionException e) {
            throw new SystemException("Couldn't decrypt the password: " + e.getMessage(), e);
        }
    }

    private List<PotentialMatch> createPotentialMatches(String str) throws SchemaException, JSONException {
        LOGGER.info("Creating potential matches from:\n{}", str);
        ArrayList arrayList = new ArrayList();
        JSONArray jSONArray = new JSONObject(str).getJSONArray(CANDIDATES);
        for (int i = 0; i < jSONArray.length(); i++) {
            arrayList.addAll(createPotentialMatches(jSONArray.get(i)));
        }
        return arrayList;
    }

    private List<PotentialMatch> createPotentialMatches(Object obj) throws SchemaException, JSONException {
        JSONObject jSONObject = (JSONObject) MiscUtil.castSafely(obj, JSONObject.class);
        String fromRawReferenceId = fromRawReferenceId(jSONObject.getString(REFERENCE_REQUEST_ID));
        if (!jSONObject.has("sorRecords")) {
            if (jSONObject.has("sorAttributes")) {
                return List.of(createPotentialMatchFromSorAttributes(fromRawReferenceId, jSONObject.getJSONObject("sorAttributes")));
            }
            throw new IllegalStateException("Unexpected candidate: neither sorRecords nor sorAttributes present: " + obj);
        }
        ArrayList arrayList = new ArrayList();
        JSONArray jSONArray = jSONObject.getJSONArray("sorRecords");
        for (int i = 0; i < jSONArray.length(); i++) {
            arrayList.add(createPotentialMatchFromSorAttributes(fromRawReferenceId, jSONArray.getJSONObject(i).getJSONObject("sorAttributes")));
        }
        return arrayList;
    }

    private String fromRawReferenceId(String str) {
        if (str == null || str.isEmpty() || str.equals(NEW_REFERENCE_ID)) {
            return null;
        }
        return str;
    }

    private PotentialMatch createPotentialMatchFromSorAttributes(String str, JSONObject jSONObject) throws JSONException, SchemaException {
        IdMatchAttributesType idMatchAttributesType = new IdMatchAttributesType(PrismContext.get());
        Iterator keys = jSONObject.keys();
        while (keys.hasNext()) {
            String str2 = (String) keys.next();
            if (!"identifiers".equals(str2)) {
                QName midPointAttributeName = toMidPointAttributeName(str2);
                String valueOf = String.valueOf(jSONObject.get(str2));
                PrismProperty createProperty = PrismContext.get().itemFactory().createProperty(midPointAttributeName, (PrismPropertyDefinition) null);
                createProperty.setRealValue(valueOf);
                idMatchAttributesType.asPrismContainerValue().add(createProperty);
            }
        }
        return new PotentialMatch((Integer) null, str, idMatchAttributesType);
    }

    private String fromMidPointAttributeName(ItemName itemName) {
        return SchemaConstants.ICFS_NAME.equals(itemName) ? MAPPED_ICFS_NAME : SchemaConstants.ICFS_UID.equals(itemName) ? MAPPED_ICFS_UID : itemName.getLocalPart();
    }

    @NotNull
    private QName toMidPointAttributeName(String str) {
        return MAPPED_ICFS_NAME.equals(str) ? SchemaConstants.ICFS_NAME : MAPPED_ICFS_UID.equals(str) ? SchemaConstants.ICFS_UID : new QName("http://midpoint.evolveum.com/xml/ns/public/resource/instance-3", str);
    }

    private String getJsonElement(String str, String str2) {
        try {
            return new JSONObject(str).getString(str2);
        } catch (JSONException e) {
            throw new SystemException(e);
        }
    }

    private PersonRequest createPersonRequest(@NotNull IdMatchObject idMatchObject, @Nullable String str, @Nullable String str2) {
        try {
            JsonFactory jsonFactory = new JsonFactory();
            StringWriter stringWriter = new StringWriter();
            JsonGenerator createGenerator = jsonFactory.createGenerator(stringWriter);
            createGenerator.useDefaultPrettyPrinter();
            createGenerator.writeStartObject();
            if (str2 != null) {
                createGenerator.writeFieldName(MATCH_REQUEST_ID);
                createGenerator.writeString(str2);
            }
            createGenerator.writeFieldName("sorAttributes");
            createGenerator.writeStartObject();
            for (PrismProperty prismProperty : idMatchObject.getProperties()) {
                String fromMidPointAttributeName = fromMidPointAttributeName(prismProperty.getElementName());
                String stringValue = getStringValue(prismProperty);
                createGenerator.writeFieldName(fromMidPointAttributeName);
                createGenerator.writeString(stringValue);
            }
            createGenerator.writeEndObject();
            if (str != null && !str.isEmpty()) {
                createGenerator.writeFieldName(REFERENCE_REQUEST_ID);
                createGenerator.writeString(str);
            }
            createGenerator.writeEndObject();
            createGenerator.close();
            return new PersonRequest(this.sorLabel, idMatchObject.getSorIdentifierValue(), String.valueOf(stringWriter));
        } catch (IOException e) {
            throw SystemException.unexpected(e, "while constructing ID Match JSON request");
        }
    }

    private String getStringValue(Item<?, ?> item) {
        Object realValue = item.getRealValue();
        if (realValue instanceof String) {
            return (String) realValue;
        }
        if (realValue instanceof PolyString) {
            return ((PolyString) realValue).getOrig();
        }
        if (realValue instanceof RawType) {
            return ((RawType) realValue).extractString();
        }
        throw new UnsupportedOperationException("Non-string attributes are not supported: " + item);
    }

    private PersonRequest generateMatchOrUpdateRequest(@NotNull IdMatchObject idMatchObject) {
        return createPersonRequest(idMatchObject, null, null);
    }

    public PersonRequest generateResolveRequest(@NotNull IdMatchObject idMatchObject, @NotNull String str, @Nullable String str2) throws SchemaException {
        return createPersonRequest(idMatchObject, str, str2);
    }

    @NotNull
    public String resolve(@NotNull IdMatchObject idMatchObject, @Nullable String str, @Nullable String str2, @NotNull OperationResult operationResult) throws CommunicationException, SchemaException, SecurityViolationException {
        PersonRequest generateResolveRequest = generateResolveRequest(idMatchObject, str2 != null ? str2 : NEW_REFERENCE_ID, str);
        Client createClient = createClient();
        createClient.putPerson(generateResolveRequest);
        return (String) MiscUtil.requireNonNull(processKnownReferenceId(createClient, generateResolveRequest).getReferenceId(), () -> {
            return new IllegalStateException("No reference ID after resolution of " + idMatchObject.getSorIdentifierValue());
        });
    }

    public static IdMatchServiceImpl instantiate(@NotNull IdMatchCorrelatorType idMatchCorrelatorType) throws ConfigurationException {
        return new IdMatchServiceImpl((String) MiscUtil.requireNonNull(idMatchCorrelatorType.getUrl(), () -> {
            return new ConfigurationException("No URL in ID Match service configuration");
        }), idMatchCorrelatorType.getUsername(), idMatchCorrelatorType.getPassword(), idMatchCorrelatorType.getSorLabel());
    }

    @VisibleForTesting
    public static IdMatchServiceImpl instantiate(@NotNull String str, @Nullable String str2, @Nullable ProtectedStringType protectedStringType) {
        return new IdMatchServiceImpl(str, str2, protectedStringType, null);
    }
}
