package com.evolveum.midpoint.model.impl.hooks;

import com.evolveum.midpoint.model.api.context.EvaluatedAssignment;
import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule;
import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRuleTrigger;
import com.evolveum.midpoint.model.api.context.ModelContext;
import com.evolveum.midpoint.model.api.context.ModelElementContext;
import com.evolveum.midpoint.model.api.context.ModelState;
import com.evolveum.midpoint.model.api.hooks.ChangeHook;
import com.evolveum.midpoint.model.api.hooks.HookOperationMode;
import com.evolveum.midpoint.model.api.hooks.HookRegistry;
import com.evolveum.midpoint.prism.delta.DeltaSetTriple;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyActionsType;
import java.util.Collection;
import javax.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/model-impl-3.5.2-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/hooks/PolicyRuleEnforcerHook.class */
public class PolicyRuleEnforcerHook implements ChangeHook {
    private static final Trace LOGGER = TraceManager.getTrace(PolicyRuleEnforcerHook.class);
    public static final String HOOK_URI = "http://midpoint.evolveum.com/xml/ns/public/model/policy-rule-enforcer-hook-3";

    @Autowired(required = true)
    private HookRegistry hookRegistry;

    @PostConstruct
    public void init() {
        this.hookRegistry.registerChangeHook(HOOK_URI, this);
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("PolicyRuleEnforcerHook registered.");
        }
    }

    @Override // com.evolveum.midpoint.model.api.hooks.ChangeHook
    public <O extends ObjectType> HookOperationMode invoke(ModelContext<O> modelContext, Task task, OperationResult operationResult) throws PolicyViolationException {
        ModelElementContext<O> focusContext;
        if (modelContext.getState() == ModelState.PRIMARY && (focusContext = modelContext.getFocusContext()) != null && FocusType.class.isAssignableFrom(focusContext.getObjectTypeClass())) {
            evaluateFocusRules(modelContext, task, operationResult);
            evaluateAssignmentRules(modelContext, task, operationResult);
            return HookOperationMode.FOREGROUND;
        }
        return HookOperationMode.FOREGROUND;
    }

    private <F extends FocusType> void evaluateFocusRules(ModelContext<F> modelContext, Task task, OperationResult operationResult) throws PolicyViolationException {
        ModelElementContext<F> focusContext = modelContext.getFocusContext();
        StringBuilder sb = new StringBuilder();
        enforceTriggeredRules(sb, focusContext.getPolicyRules());
        if (sb.length() != 0) {
            throw new PolicyViolationException(sb.toString());
        }
    }

    private <F extends FocusType> void evaluateAssignmentRules(ModelContext<F> modelContext, Task task, OperationResult operationResult) throws PolicyViolationException {
        DeltaSetTriple<? extends EvaluatedAssignment> evaluatedAssignmentTriple = modelContext.getEvaluatedAssignmentTriple();
        if (evaluatedAssignmentTriple == null) {
            return;
        }
        StringBuilder sb = new StringBuilder();
        evaluatedAssignmentTriple.accept(evaluatedAssignment -> {
            enforceTriggeredRules(sb, evaluatedAssignment.getFocusPolicyRules());
            enforceTriggeredRules(sb, evaluatedAssignment.getTargetPolicyRules());
        });
        if (sb.length() != 0) {
            throw new PolicyViolationException(sb.toString());
        }
    }

    private <F extends FocusType> void enforceTriggeredRules(StringBuilder sb, Collection<EvaluatedPolicyRule> collection) {
        for (EvaluatedPolicyRule evaluatedPolicyRule : collection) {
            Collection<EvaluatedPolicyRuleTrigger> triggers = evaluatedPolicyRule.getTriggers();
            if (!triggers.isEmpty() && isEnforce(evaluatedPolicyRule)) {
                for (EvaluatedPolicyRuleTrigger evaluatedPolicyRuleTrigger : triggers) {
                    if (evaluatedPolicyRuleTrigger.getMessage() != null) {
                        if (sb.length() != 0) {
                            sb.append("; ");
                        }
                        sb.append(evaluatedPolicyRuleTrigger.getMessage());
                    }
                }
            }
        }
    }

    private boolean isEnforce(EvaluatedPolicyRule evaluatedPolicyRule) {
        PolicyActionsType actions = evaluatedPolicyRule.getActions();
        return actions == null || actions.getEnforcement() != null;
    }

    @Override // com.evolveum.midpoint.model.api.hooks.ChangeHook
    public void invokeOnException(ModelContext modelContext, Throwable th, Task task, OperationResult operationResult) {
    }
}
