package com.evolveum.midpoint.model.impl.lens.projector.policy;

import com.evolveum.midpoint.common.LocalizationService;
import com.evolveum.midpoint.model.api.context.EvaluatedAssignment;
import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule;
import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRuleTrigger;
import com.evolveum.midpoint.model.api.context.ModelContext;
import com.evolveum.midpoint.model.api.context.ModelElementContext;
import com.evolveum.midpoint.model.api.context.PolicyRuleExternalizationOptions;
import com.evolveum.midpoint.model.api.util.EvaluatedPolicyRuleUtil;
import com.evolveum.midpoint.model.impl.lens.LensContext;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.delta.DeltaSetTriple;
import com.evolveum.midpoint.util.LocalizableMessage;
import com.evolveum.midpoint.util.LocalizableMessageList;
import com.evolveum.midpoint.util.LocalizableMessageListBuilder;
import com.evolveum.midpoint.util.TreeNode;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.EnforcementPolicyActionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.EvaluatedPolicyRuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyRuleEnforcerHookPreviewOutputType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TriggeredPolicyRulesStorageStrategyType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/model-impl-3.7.3-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleEnforcer.class */
public class PolicyRuleEnforcer {
    private static final String HOOK_URI = "http://midpoint.evolveum.com/xml/ns/public/model/policy-rule-enforcer-hook-3";

    @Autowired
    private PrismContext prismContext;

    @Autowired
    private LocalizationService localizationService;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/model-impl-3.7.3-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleEnforcer$EvaluationContext.class */
    public class EvaluationContext {
        private final List<LocalizableMessage> messages;
        private final List<EvaluatedPolicyRuleType> rules;

        private EvaluationContext() {
            this.messages = new ArrayList();
            this.rules = new ArrayList();
        }
    }

    public <O extends ObjectType> void execute(@NotNull ModelContext<O> modelContext) throws PolicyViolationException {
        EvaluationContext executeInternal = executeInternal(modelContext);
        if (modelContext.isPreview()) {
            executePreview(modelContext, executeInternal);
        } else {
            executeRegular(executeInternal);
        }
    }

    private void executeRegular(EvaluationContext evaluationContext) throws PolicyViolationException {
        if (evaluationContext.messages.isEmpty()) {
            return;
        }
        throw ((PolicyViolationException) this.localizationService.translate((LocalizationService) new PolicyViolationException(new LocalizableMessageListBuilder().messages(evaluationContext.messages).separator(LocalizableMessageList.SEMICOLON).buildOptimized())));
    }

    private void executePreview(@NotNull ModelContext<? extends ObjectType> modelContext, EvaluationContext evaluationContext) {
        PolicyRuleEnforcerHookPreviewOutputType policyRuleEnforcerHookPreviewOutputType = new PolicyRuleEnforcerHookPreviewOutputType(this.prismContext);
        policyRuleEnforcerHookPreviewOutputType.getRule().addAll(evaluationContext.rules);
        ((LensContext) modelContext).addHookPreviewResults(HOOK_URI, Collections.singletonList(policyRuleEnforcerHookPreviewOutputType));
    }

    @NotNull
    private <O extends ObjectType> EvaluationContext executeInternal(@NotNull ModelContext<O> modelContext) {
        EvaluationContext evaluationContext = new EvaluationContext();
        ModelElementContext<O> focusContext = modelContext.getFocusContext();
        if (focusContext == null || !FocusType.class.isAssignableFrom(focusContext.getObjectTypeClass())) {
            return evaluationContext;
        }
        evaluateFocusRules(evaluationContext, modelContext);
        evaluateAssignmentRules(evaluationContext, modelContext);
        return evaluationContext;
    }

    private <F extends FocusType> void evaluateFocusRules(EvaluationContext evaluationContext, ModelContext<F> modelContext) {
        enforceTriggeredRules(evaluationContext, modelContext.getFocusContext().getPolicyRules());
    }

    private <F extends FocusType> void evaluateAssignmentRules(EvaluationContext evaluationContext, ModelContext<F> modelContext) {
        DeltaSetTriple<? extends EvaluatedAssignment<?>> evaluatedAssignmentTriple = modelContext.getEvaluatedAssignmentTriple();
        if (evaluatedAssignmentTriple == null) {
            return;
        }
        evaluatedAssignmentTriple.simpleAccept(evaluatedAssignment -> {
            enforceTriggeredRules(evaluationContext, evaluatedAssignment.getAllTargetsPolicyRules());
        });
    }

    private void enforceTriggeredRules(EvaluationContext evaluationContext, Collection<EvaluatedPolicyRule> collection) {
        Collection<EvaluatedPolicyRuleTrigger<?>> collection2;
        for (EvaluatedPolicyRule evaluatedPolicyRule : collection) {
            Collection<EvaluatedPolicyRuleTrigger<?>> triggers = evaluatedPolicyRule.getTriggers();
            if (!triggers.isEmpty()) {
                boolean containsEnabledAction = evaluatedPolicyRule.containsEnabledAction(EnforcementPolicyActionType.class);
                if (containsEnabledAction) {
                    collection2 = triggers;
                } else {
                    collection2 = (Collection) triggers.stream().filter((v0) -> {
                        return v0.isEnforcementOverride();
                    }).collect(Collectors.toList());
                    if (collection2.isEmpty()) {
                    }
                }
                evaluatedPolicyRule.addToEvaluatedPolicyRuleTypes(evaluationContext.rules, new PolicyRuleExternalizationOptions(TriggeredPolicyRulesStorageStrategyType.FULL, true, true), evaluatedPolicyRuleTrigger -> {
                    return containsEnabledAction || evaluatedPolicyRuleTrigger.isEnforcementOverride();
                });
                Iterator<TreeNode<LocalizableMessage>> it = EvaluatedPolicyRuleUtil.extractMessages(collection2, EvaluatedPolicyRuleUtil.MessageKind.NORMAL).iterator();
                while (it.hasNext()) {
                    evaluationContext.messages.add(it.next().getUserObject());
                }
            }
        }
    }
}
