package com.evolveum.midpoint.model.impl.security;

import com.evolveum.midpoint.common.ActivationComputer;
import com.evolveum.midpoint.common.Clock;
import com.evolveum.midpoint.model.common.SystemObjectCache;
import com.evolveum.midpoint.model.common.expression.ItemDeltaItem;
import com.evolveum.midpoint.model.common.expression.ObjectDeltaObject;
import com.evolveum.midpoint.model.common.mapping.MappingFactory;
import com.evolveum.midpoint.model.impl.UserComputer;
import com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator;
import com.evolveum.midpoint.model.impl.lens.EvaluatedAssignmentImpl;
import com.evolveum.midpoint.model.impl.lens.LensContextPlaceholder;
import com.evolveum.midpoint.model.impl.lens.LensUtil;
import com.evolveum.midpoint.model.impl.lens.projector.MappingEvaluator;
import com.evolveum.midpoint.prism.PrismContainerDefinition;
import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.SearchResultList;
import com.evolveum.midpoint.schema.constants.ObjectTypes;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.AdminGuiConfigTypeUtil;
import com.evolveum.midpoint.schema.util.ObjectQueryUtil;
import com.evolveum.midpoint.schema.util.ObjectResolver;
import com.evolveum.midpoint.security.api.Authorization;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.UserProfileService;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractRoleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemObjectsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.util.ArrayList;
import java.util.Collection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
import org.springframework.stereotype.Service;

@Service("userDetailsService")
/* loaded from: input_file:WEB-INF/lib/model-impl-3.5.2-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/security/UserProfileServiceImpl.class */
public class UserProfileServiceImpl implements UserProfileService, UserDetailsService, UserDetailsContextMapper {
    private static final Trace LOGGER = TraceManager.getTrace(UserProfileServiceImpl.class);

    @Autowired(required = true)
    private transient RepositoryService repositoryService;

    @Autowired(required = true)
    private ObjectResolver objectResolver;

    @Autowired(required = true)
    private SystemObjectCache systemObjectCache;

    @Autowired(required = true)
    private MappingFactory mappingFactory;

    @Autowired(required = true)
    private MappingEvaluator mappingEvaluator;

    @Autowired(required = true)
    private UserComputer userComputer;

    @Autowired(required = true)
    private ActivationComputer activationComputer;

    @Autowired(required = true)
    private Clock clock;

    @Autowired(required = true)
    private PrismContext prismContext;

    @Autowired(required = true)
    private TaskManager taskManager;

    @Override // com.evolveum.midpoint.security.api.UserProfileService
    public MidPointPrincipal getPrincipal(String str) throws ObjectNotFoundException {
        OperationResult operationResult = new OperationResult(OPERATION_GET_PRINCIPAL);
        try {
            return createPrincipal(findByUsername(str, operationResult), operationResult);
        } catch (ObjectNotFoundException e) {
            LOGGER.trace("Couldn't find user with name '{}', reason: {}.", str, e.getMessage(), e);
            throw e;
        } catch (Exception e2) {
            LOGGER.warn("Error getting user with name '{}', reason: {}.", str, e2.getMessage(), e2);
            throw new SystemException(e2.getMessage(), e2);
        }
    }

    @Override // com.evolveum.midpoint.security.api.UserProfileService
    public MidPointPrincipal getPrincipal(PrismObject<UserType> prismObject) {
        return createPrincipal(prismObject, new OperationResult(OPERATION_GET_PRINCIPAL));
    }

    private MidPointPrincipal createPrincipal(PrismObject<UserType> prismObject, OperationResult operationResult) {
        if (prismObject == null) {
            return null;
        }
        PrismObject<SystemConfigurationType> prismObject2 = null;
        try {
            prismObject2 = this.repositoryService.getObject(SystemConfigurationType.class, SystemObjectsType.SYSTEM_CONFIGURATION.value(), null, operationResult);
        } catch (ObjectNotFoundException | SchemaException e) {
            LOGGER.warn("No system configuration: {}", e.getMessage(), e);
        }
        this.userComputer.recompute(prismObject);
        MidPointPrincipal midPointPrincipal = new MidPointPrincipal(prismObject.asObjectable());
        initializePrincipalFromAssignments(midPointPrincipal, prismObject2);
        return midPointPrincipal;
    }

    @Override // com.evolveum.midpoint.security.api.UserProfileService
    public void updateUser(MidPointPrincipal midPointPrincipal) {
        try {
            save(midPointPrincipal, new OperationResult(OPERATION_UPDATE_USER));
        } catch (Exception e) {
            LOGGER.warn("Couldn't save user '{}, ({})', reason: {}.", midPointPrincipal.getFullName(), midPointPrincipal.getOid(), e.getMessage(), e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private PrismObject<UserType> findByUsername(String str, OperationResult operationResult) throws SchemaException, ObjectNotFoundException {
        ObjectQuery createNormNameQuery = ObjectQueryUtil.createNormNameQuery(new PolyString(str), this.prismContext);
        LOGGER.trace("Looking for user, query:\n" + createNormNameQuery.debugDump());
        SearchResultList searchObjects = this.repositoryService.searchObjects(UserType.class, createNormNameQuery, null, operationResult);
        LOGGER.trace("Users found: {}.", Integer.valueOf(searchObjects != null ? searchObjects.size() : 0));
        if (searchObjects == null || searchObjects.size() != 1) {
            return null;
        }
        return (PrismObject) searchObjects.get(0);
    }

    private void initializePrincipalFromAssignments(MidPointPrincipal midPointPrincipal, PrismObject<SystemConfigurationType> prismObject) {
        UserType user = midPointPrincipal.getUser();
        Collection<Authorization> authorities = midPointPrincipal.getAuthorities();
        ArrayList arrayList = new ArrayList();
        Task createTaskInstance = this.taskManager.createTaskInstance(UserProfileServiceImpl.class.getName() + ".addAuthorizations");
        OperationResult result = createTaskInstance.getResult();
        midPointPrincipal.setApplicableSecurityPolicy(locateSecurityPolicy(midPointPrincipal, prismObject, createTaskInstance, result));
        if (!user.getAssignment().isEmpty()) {
            AssignmentEvaluator assignmentEvaluator = new AssignmentEvaluator();
            assignmentEvaluator.setRepository(this.repositoryService);
            assignmentEvaluator.setFocusOdo(new ObjectDeltaObject(user.asPrismObject(), null, user.asPrismObject()));
            assignmentEvaluator.setChannel(null);
            assignmentEvaluator.setObjectResolver(this.objectResolver);
            assignmentEvaluator.setSystemObjectCache(this.systemObjectCache);
            assignmentEvaluator.setPrismContext(this.prismContext);
            assignmentEvaluator.setMappingFactory(this.mappingFactory);
            assignmentEvaluator.setMappingEvaluator(this.mappingEvaluator);
            assignmentEvaluator.setActivationComputer(this.activationComputer);
            assignmentEvaluator.setNow(this.clock.currentTimeXMLGregorianCalendar());
            assignmentEvaluator.setEvaluateConstructions(false);
            assignmentEvaluator.setLensContext(new LensContextPlaceholder(this.prismContext));
            for (AssignmentType assignmentType : user.getAssignment()) {
                try {
                    ItemDeltaItem<PrismContainerValue<AssignmentType>, PrismContainerDefinition<AssignmentType>> itemDeltaItem = new ItemDeltaItem<>();
                    itemDeltaItem.setItemOld(LensUtil.createAssignmentSingleValueContainerClone(assignmentType));
                    itemDeltaItem.recompute();
                    EvaluatedAssignmentImpl evaluate = assignmentEvaluator.evaluate(itemDeltaItem, false, user, user.toString(), createTaskInstance, result);
                    if (evaluate.isValid()) {
                        authorities.addAll(evaluate.getAuthorizations());
                        arrayList.addAll(evaluate.getAdminGuiConfigurations());
                    }
                } catch (ExpressionEvaluationException e) {
                    LOGGER.error("Evaluation error while processing assignment of {}: {}; assignment: {}", user, e.getMessage(), assignmentType, e);
                } catch (ObjectNotFoundException e2) {
                    LOGGER.error("Object not found while processing assignment of {}: {}; assignment: {}", user, e2.getMessage(), assignmentType, e2);
                } catch (PolicyViolationException e3) {
                    LOGGER.error("Policy violation while processing assignment of {}: {}; assignment: {}", user, e3.getMessage(), assignmentType, e3);
                } catch (SchemaException e4) {
                    LOGGER.error("Schema violation while processing assignment of {}: {}; assignment: {}", user, e4.getMessage(), assignmentType, e4);
                }
            }
        }
        if (user.getAdminGuiConfiguration() != null) {
            arrayList.add(user.getAdminGuiConfiguration());
        }
        midPointPrincipal.setAdminGuiConfiguration(AdminGuiConfigTypeUtil.compileAdminGuiConfiguration(arrayList, prismObject));
    }

    private SecurityPolicyType locateSecurityPolicy(MidPointPrincipal midPointPrincipal, PrismObject<SystemConfigurationType> prismObject, Task task, OperationResult operationResult) {
        ObjectReferenceType globalSecurityPolicyRef;
        if (prismObject == null || (globalSecurityPolicyRef = prismObject.asObjectable().getGlobalSecurityPolicyRef()) == null) {
            return null;
        }
        try {
            return (SecurityPolicyType) this.objectResolver.resolve(globalSecurityPolicyRef, SecurityPolicyType.class, null, "global security policy reference in system configuration", task, operationResult);
        } catch (ObjectNotFoundException | SchemaException e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            return null;
        }
    }

    private MidPointPrincipal save(MidPointPrincipal midPointPrincipal, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, ObjectAlreadyExistsException {
        PrismObject asPrismObject = getUserByOid(midPointPrincipal.getOid(), operationResult).asPrismObject();
        PrismObject asPrismObject2 = midPointPrincipal.getUser().asPrismObject();
        ObjectDelta diff = asPrismObject.diff(asPrismObject2);
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Updating user {} with delta:\n{}", asPrismObject2, diff.debugDump());
        }
        this.repositoryService.modifyObject(UserType.class, diff.getOid(), diff.getModifications(), new OperationResult(OPERATION_UPDATE_USER));
        return midPointPrincipal;
    }

    private UserType getUserByOid(String str, OperationResult operationResult) throws ObjectNotFoundException, SchemaException {
        ObjectType objectType = (ObjectType) this.repositoryService.getObject(UserType.class, str, null, operationResult).asObjectable();
        if (objectType == null || !(objectType instanceof UserType)) {
            return null;
        }
        return (UserType) objectType;
    }

    @Override // com.evolveum.midpoint.security.api.OwnerResolver
    public <F extends FocusType, O extends ObjectType> PrismObject<F> resolveOwner(PrismObject<O> prismObject) {
        ObjectReferenceType ownerRef;
        if (prismObject == null || prismObject.getOid() == null) {
            return null;
        }
        PrismObject<F> prismObject2 = null;
        if (prismObject.canRepresent(ShadowType.class)) {
            prismObject2 = this.repositoryService.searchShadowOwner(prismObject.getOid(), null, new OperationResult(UserProfileServiceImpl.class + ".resolveOwner"));
        } else if (prismObject.canRepresent(AbstractRoleType.class) && (ownerRef = ((AbstractRoleType) prismObject.asObjectable()).getOwnerRef()) != null && ownerRef.getOid() != null && ownerRef.getType() != null) {
            try {
                prismObject2 = this.repositoryService.getObject(ObjectTypes.getObjectTypeFromTypeQName(ownerRef.getType()).getClassDefinition(), ownerRef.getOid(), null, new OperationResult(UserProfileService.class.getName() + ".resolveOwner"));
            } catch (ObjectNotFoundException | SchemaException e) {
                LOGGER.warn("Cannot resolve owner of {}: {}", prismObject, e.getMessage(), e);
            }
        }
        if (prismObject2 == null) {
            return null;
        }
        if (prismObject2.canRepresent(UserType.class)) {
            this.userComputer.recompute(prismObject2);
        }
        return prismObject2;
    }

    @Override // org.springframework.security.core.userdetails.UserDetailsService
    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
        try {
            return getPrincipal(str);
        } catch (ObjectNotFoundException e) {
            throw new UsernameNotFoundException(e.getMessage(), e);
        }
    }

    @Override // org.springframework.security.ldap.userdetails.UserDetailsContextMapper
    public UserDetails mapUserFromContext(DirContextOperations dirContextOperations, String str, Collection<? extends GrantedAuthority> collection) {
        try {
            return getPrincipal(str);
        } catch (ObjectNotFoundException e) {
            throw new UsernameNotFoundException(e.getMessage(), e);
        }
    }

    @Override // org.springframework.security.ldap.userdetails.UserDetailsContextMapper
    public void mapUserToContext(UserDetails userDetails, DirContextAdapter dirContextAdapter) {
    }
}
