package com.evolveum.midpoint.certification.impl.handlers;

import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.repo.common.expression.ExpressionVariables;
import com.evolveum.midpoint.schema.constants.ExpressionConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ActivationUtil;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractRoleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationAssignmentCaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationAssignmentReviewScopeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationObjectBasedScopeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ArchetypeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ExpressionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ServiceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.annotation.PostConstruct;
import javax.xml.namespace.QName;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/certification-impl-4.0.5-SNAPSHOT.jar:com/evolveum/midpoint/certification/impl/handlers/DirectAssignmentCertificationHandler.class */
public class DirectAssignmentCertificationHandler extends BaseCertificationHandler {
    public static final String URI = "http://midpoint.evolveum.com/xml/ns/public/certification/handlers-3#direct-assignment";

    @PostConstruct
    public void init() {
        this.certificationManager.registerHandler("http://midpoint.evolveum.com/xml/ns/public/certification/handlers-3#direct-assignment", this);
    }

    @Override // com.evolveum.midpoint.certification.impl.handlers.BaseCertificationHandler, com.evolveum.midpoint.certification.impl.handlers.CertificationHandler
    public QName getDefaultObjectType() {
        return UserType.COMPLEX_TYPE;
    }

    @Override // com.evolveum.midpoint.certification.impl.handlers.BaseCertificationHandler, com.evolveum.midpoint.certification.impl.handlers.CertificationHandler
    public <F extends FocusType> Collection<? extends AccessCertificationCaseType> createCasesForObject(PrismObject<F> prismObject, AccessCertificationCampaignType accessCertificationCampaignType, Task task, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
        AccessCertificationAssignmentReviewScopeType accessCertificationAssignmentReviewScopeType = null;
        if (accessCertificationCampaignType.getScopeDefinition() instanceof AccessCertificationAssignmentReviewScopeType) {
            accessCertificationAssignmentReviewScopeType = (AccessCertificationAssignmentReviewScopeType) accessCertificationCampaignType.getScopeDefinition();
        }
        F asObjectable = prismObject.asObjectable();
        List<AccessCertificationCaseType> arrayList = new ArrayList<>();
        if (isIncludeAssignments(accessCertificationAssignmentReviewScopeType)) {
            Iterator<AssignmentType> it = asObjectable.getAssignment().iterator();
            while (it.hasNext()) {
                processAssignment(it.next(), false, accessCertificationAssignmentReviewScopeType, accessCertificationCampaignType, asObjectable, arrayList, task, operationResult);
            }
        }
        if ((asObjectable instanceof AbstractRoleType) && isIncludeInducements(accessCertificationAssignmentReviewScopeType)) {
            Iterator<AssignmentType> it2 = ((AbstractRoleType) asObjectable).getInducement().iterator();
            while (it2.hasNext()) {
                processAssignment(it2.next(), true, accessCertificationAssignmentReviewScopeType, accessCertificationCampaignType, asObjectable, arrayList, task, operationResult);
            }
        }
        return arrayList;
    }

    private void processAssignment(AssignmentType assignmentType, boolean z, AccessCertificationAssignmentReviewScopeType accessCertificationAssignmentReviewScopeType, AccessCertificationCampaignType accessCertificationCampaignType, ObjectType objectType, List<AccessCertificationCaseType> list, Task task, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
        boolean z2;
        boolean z3;
        AccessCertificationAssignmentCaseType accessCertificationAssignmentCaseType = new AccessCertificationAssignmentCaseType(this.prismContext);
        accessCertificationAssignmentCaseType.setAssignment(assignmentType.m1855clone());
        accessCertificationAssignmentCaseType.setIsInducement(Boolean.valueOf(z));
        accessCertificationAssignmentCaseType.setObjectRef(ObjectTypeUtil.createObjectRef(objectType, this.prismContext));
        accessCertificationAssignmentCaseType.setTenantRef(assignmentType.getTenantRef());
        accessCertificationAssignmentCaseType.setOrgRef(assignmentType.getOrgRef());
        accessCertificationAssignmentCaseType.setActivation(assignmentType.getActivation());
        if (assignmentType.getTargetRef() != null) {
            accessCertificationAssignmentCaseType.setTargetRef(assignmentType.getTargetRef());
            if (RoleType.COMPLEX_TYPE.equals(assignmentType.getTargetRef().getType())) {
                z3 = isIncludeRoles(accessCertificationAssignmentReviewScopeType);
            } else if (OrgType.COMPLEX_TYPE.equals(assignmentType.getTargetRef().getType())) {
                z3 = isIncludeOrgs(accessCertificationAssignmentReviewScopeType);
            } else if (ServiceType.COMPLEX_TYPE.equals(assignmentType.getTargetRef().getType())) {
                z3 = isIncludeServices(accessCertificationAssignmentReviewScopeType);
            } else if (UserType.COMPLEX_TYPE.equals(assignmentType.getTargetRef().getType())) {
                z3 = isIncludeUsers(accessCertificationAssignmentReviewScopeType);
            } else {
                if (!ArchetypeType.COMPLEX_TYPE.equals(assignmentType.getTargetRef().getType())) {
                    throw new IllegalStateException("Unexpected targetRef type: " + assignmentType.getTargetRef().getType() + " in " + ObjectTypeUtil.toShortString(assignmentType));
                }
                z3 = false;
            }
            z2 = z3 && relationMatches(assignmentType.getTargetRef().getRelation(), accessCertificationAssignmentReviewScopeType.getRelation());
        } else if (assignmentType.getConstruction() != null) {
            accessCertificationAssignmentCaseType.setTargetRef(assignmentType.getConstruction().getResourceRef());
            z2 = isIncludeResources(accessCertificationAssignmentReviewScopeType);
        } else {
            z2 = false;
        }
        if ((z2 && (!isEnabledItemsOnly(accessCertificationAssignmentReviewScopeType) || ActivationUtil.isAdministrativeEnabledOrNull(assignmentType.getActivation()))) && itemSelectionExpressionAccepts(assignmentType, z, objectType, accessCertificationCampaignType, task, operationResult)) {
            list.add(accessCertificationAssignmentCaseType);
        }
    }

    private boolean relationMatches(QName qName, List<QName> list) {
        return (!list.isEmpty() ? list : Collections.singletonList(this.prismContext.getDefaultRelation())).stream().anyMatch(qName2 -> {
            return this.prismContext.relationMatches(qName2, qName);
        });
    }

    private boolean itemSelectionExpressionAccepts(AssignmentType assignmentType, boolean z, ObjectType objectType, AccessCertificationCampaignType accessCertificationCampaignType, Task task, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
        AccessCertificationObjectBasedScopeType accessCertificationObjectBasedScopeType = null;
        if (accessCertificationCampaignType.getScopeDefinition() instanceof AccessCertificationObjectBasedScopeType) {
            accessCertificationObjectBasedScopeType = (AccessCertificationObjectBasedScopeType) accessCertificationCampaignType.getScopeDefinition();
        }
        if (accessCertificationObjectBasedScopeType == null || accessCertificationObjectBasedScopeType.getItemSelectionExpression() == null) {
            return true;
        }
        ExpressionType itemSelectionExpression = accessCertificationObjectBasedScopeType.getItemSelectionExpression();
        ExpressionVariables expressionVariables = new ExpressionVariables();
        expressionVariables.put(ExpressionConstants.VAR_ASSIGNMENT, assignmentType, AssignmentType.class);
        if (objectType instanceof FocusType) {
            expressionVariables.putObject(ExpressionConstants.VAR_FOCUS, (String) objectType, (Class<String>) FocusType.class);
        }
        if (objectType instanceof UserType) {
            expressionVariables.putObject("user", (String) objectType, (Class<String>) UserType.class);
        }
        return this.expressionHelper.evaluateBooleanExpression(itemSelectionExpression, expressionVariables, "item selection for assignment " + ObjectTypeUtil.toShortString(assignmentType), task, operationResult);
    }

    private boolean isIncludeAssignments(AccessCertificationAssignmentReviewScopeType accessCertificationAssignmentReviewScopeType) {
        return accessCertificationAssignmentReviewScopeType == null || !Boolean.FALSE.equals(accessCertificationAssignmentReviewScopeType.isIncludeAssignments());
    }

    private boolean isIncludeInducements(AccessCertificationAssignmentReviewScopeType accessCertificationAssignmentReviewScopeType) {
        return accessCertificationAssignmentReviewScopeType == null || !Boolean.FALSE.equals(accessCertificationAssignmentReviewScopeType.isIncludeInducements());
    }

    private boolean isIncludeResources(AccessCertificationAssignmentReviewScopeType accessCertificationAssignmentReviewScopeType) {
        return accessCertificationAssignmentReviewScopeType == null || !Boolean.FALSE.equals(accessCertificationAssignmentReviewScopeType.isIncludeResources());
    }

    private boolean isIncludeRoles(AccessCertificationAssignmentReviewScopeType accessCertificationAssignmentReviewScopeType) {
        return accessCertificationAssignmentReviewScopeType == null || !Boolean.FALSE.equals(accessCertificationAssignmentReviewScopeType.isIncludeRoles());
    }

    private boolean isIncludeOrgs(AccessCertificationAssignmentReviewScopeType accessCertificationAssignmentReviewScopeType) {
        return accessCertificationAssignmentReviewScopeType == null || !Boolean.FALSE.equals(accessCertificationAssignmentReviewScopeType.isIncludeOrgs());
    }

    private boolean isIncludeServices(AccessCertificationAssignmentReviewScopeType accessCertificationAssignmentReviewScopeType) {
        return accessCertificationAssignmentReviewScopeType == null || !Boolean.FALSE.equals(accessCertificationAssignmentReviewScopeType.isIncludeServices());
    }

    private boolean isIncludeUsers(AccessCertificationAssignmentReviewScopeType accessCertificationAssignmentReviewScopeType) {
        return accessCertificationAssignmentReviewScopeType == null || !Boolean.FALSE.equals(accessCertificationAssignmentReviewScopeType.isIncludeUsers());
    }

    private boolean isEnabledItemsOnly(AccessCertificationAssignmentReviewScopeType accessCertificationAssignmentReviewScopeType) {
        return accessCertificationAssignmentReviewScopeType == null || !Boolean.FALSE.equals(accessCertificationAssignmentReviewScopeType.isEnabledItemsOnly());
    }

    @Override // com.evolveum.midpoint.certification.impl.handlers.CertificationHandler
    public void doRevoke(AccessCertificationCaseType accessCertificationCaseType, AccessCertificationCampaignType accessCertificationCampaignType, Task task, OperationResult operationResult) throws CommunicationException, ObjectAlreadyExistsException, ExpressionEvaluationException, PolicyViolationException, SchemaException, SecurityViolationException, ConfigurationException, ObjectNotFoundException {
        if (!(accessCertificationCaseType instanceof AccessCertificationAssignmentCaseType)) {
            throw new IllegalStateException("Expected " + AccessCertificationAssignmentCaseType.class + ", got " + accessCertificationCaseType.getClass() + " instead");
        }
        revokeAssignmentCase((AccessCertificationAssignmentCaseType) accessCertificationCaseType, accessCertificationCampaignType, operationResult, task);
    }
}
