package com.evolveum.midpoint.provisioning.util;

import com.evolveum.midpoint.common.ResourceObjectPattern;
import com.evolveum.midpoint.common.StaticExpressionUtil;
import com.evolveum.midpoint.common.crypto.CryptoUtil;
import com.evolveum.midpoint.common.refinery.RefinedAssociationDefinition;
import com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition;
import com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition;
import com.evolveum.midpoint.common.refinery.RefinedResourceSchema;
import com.evolveum.midpoint.common.refinery.RefinedResourceSchemaImpl;
import com.evolveum.midpoint.prism.Item;
import com.evolveum.midpoint.prism.MutablePrismPropertyDefinition;
import com.evolveum.midpoint.prism.Objectable;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismObjectDefinition;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.PrismPropertyDefinition;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.PrismValue;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.delta.builder.S_ItemEntry;
import com.evolveum.midpoint.prism.equivalence.EquivalenceStrategy;
import com.evolveum.midpoint.prism.match.MatchingRule;
import com.evolveum.midpoint.prism.match.MatchingRuleRegistry;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.util.CloneUtil;
import com.evolveum.midpoint.prism.xml.XmlTypeConverter;
import com.evolveum.midpoint.provisioning.api.ProvisioningOperationOptions;
import com.evolveum.midpoint.provisioning.api.ResourceOperationDescription;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.provisioning.impl.ProvisioningOperationState;
import com.evolveum.midpoint.provisioning.ucf.api.AttributesToReturn;
import com.evolveum.midpoint.provisioning.ucf.api.ExecuteProvisioningScriptOperation;
import com.evolveum.midpoint.provisioning.ucf.api.ExecuteScriptArgument;
import com.evolveum.midpoint.repo.common.expression.ExpressionFactory;
import com.evolveum.midpoint.schema.CapabilityUtil;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.PointInTimeType;
import com.evolveum.midpoint.schema.RelationRegistry;
import com.evolveum.midpoint.schema.SelectorOptions;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.internals.InternalsConfig;
import com.evolveum.midpoint.schema.processor.ObjectClassComplexTypeDefinition;
import com.evolveum.midpoint.schema.processor.ResourceAttribute;
import com.evolveum.midpoint.schema.processor.ResourceAttributeContainer;
import com.evolveum.midpoint.schema.processor.ResourceAttributeContainerDefinition;
import com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition;
import com.evolveum.midpoint.schema.result.AsynchronousOperationReturnValue;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.schema.util.ResourceTypeUtil;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.util.DOMUtil;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.QNameUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AttributeFetchStrategyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CachingPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CachingStategyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ExpressionReturnMultiplicityType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MetadataType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationResultStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PendingOperationExecutionStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PendingOperationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PendingOperationTypeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ProvisioningScriptArgumentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ProvisioningScriptHostType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ProvisioningScriptType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceConsistencyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectAssociationDirectionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourcePasswordDefinitionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CredentialsCapabilityType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ReadCapabilityType;
import com.evolveum.prism.xml.ns._public.types_3.ChangeTypeType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import javax.xml.datatype.Duration;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import org.apache.commons.lang.Validate;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:WEB-INF/lib/provisioning-impl-4.3.3-SNAPSHOT.jar:com/evolveum/midpoint/provisioning/util/ProvisioningUtil.class */
public class ProvisioningUtil {
    public static final int DEFAULT_OPERATION_RETRY_MAX_ATTEMPTS = 3;
    private static final QName FAKE_SCRIPT_ARGUMENT_NAME = new QName("http://midpoint.evolveum.com/xml/ns/public/common/common-3", "arg");
    public static final Duration DEFAULT_OPERATION_RETRY_PERIOD_DURATION = XmlTypeConverter.createDuration("PT30M");
    private static final Duration DEFAULT_PENDING_OPERATION_RETENTION_PERIOD_DURATION = XmlTypeConverter.createDuration("P1D");
    public static final Duration DEFAULT_DEAD_SHADOW_RETENTION_PERIOD_DURATION = XmlTypeConverter.createDuration("P7D");
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ProvisioningUtil.class);

    public static PrismObjectDefinition<ShadowType> getResourceObjectShadowDefinition(PrismContext prismContext) {
        return prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ShadowType.class);
    }

    public static ExecuteProvisioningScriptOperation convertToScriptOperation(ProvisioningScriptType provisioningScriptType, String str, PrismContext prismContext) throws SchemaException {
        ExecuteProvisioningScriptOperation executeProvisioningScriptOperation = new ExecuteProvisioningScriptOperation();
        MutablePrismPropertyDefinition createPropertyDefinition = prismContext.definitionFactory().createPropertyDefinition(FAKE_SCRIPT_ARGUMENT_NAME, DOMUtil.XSD_STRING);
        createPropertyDefinition.setMinOccurs(0);
        createPropertyDefinition.setMaxOccurs(-1);
        for (ProvisioningScriptArgumentType provisioningScriptArgumentType : provisioningScriptType.getArgument()) {
            executeProvisioningScriptOperation.getArgument().add(new ExecuteScriptArgument(provisioningScriptArgumentType.getName(), StaticExpressionUtil.getStaticOutput(provisioningScriptArgumentType, createPropertyDefinition, str, ExpressionReturnMultiplicityType.SINGLE, prismContext)));
        }
        executeProvisioningScriptOperation.setLanguage(provisioningScriptType.getLanguage());
        executeProvisioningScriptOperation.setTextCode(provisioningScriptType.getCode());
        if (provisioningScriptType.getHost() != null && provisioningScriptType.getHost().equals(ProvisioningScriptHostType.CONNECTOR)) {
            executeProvisioningScriptOperation.setConnectorHost(true);
            executeProvisioningScriptOperation.setResourceHost(false);
        }
        if (provisioningScriptType.getHost() == null || provisioningScriptType.getHost().equals(ProvisioningScriptHostType.RESOURCE)) {
            executeProvisioningScriptOperation.setConnectorHost(false);
            executeProvisioningScriptOperation.setResourceHost(true);
        }
        executeProvisioningScriptOperation.setCriticality(provisioningScriptType.getCriticality());
        return executeProvisioningScriptOperation;
    }

    public static AttributesToReturn createAttributesToReturn(ProvisioningContext provisioningContext) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException {
        RefinedObjectClassDefinition objectClassDefinition = provisioningContext.getObjectClassDefinition();
        ResourceType resource = provisioningContext.getResource();
        boolean z = false;
        AttributesToReturn attributesToReturn = new AttributesToReturn();
        boolean z2 = false;
        Iterator<? extends RefinedAttributeDefinition<?>> it = objectClassDefinition.getAttributeDefinitions().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (it.next().getFetchStrategy() == AttributeFetchStrategyType.MINIMAL) {
                z2 = true;
                break;
            }
        }
        attributesToReturn.setReturnDefaultAttributes(!z2);
        ArrayList arrayList = new ArrayList();
        for (RefinedAttributeDefinition<?> refinedAttributeDefinition : objectClassDefinition.getAttributeDefinitions()) {
            AttributeFetchStrategyType fetchStrategy = refinedAttributeDefinition.getFetchStrategy();
            if (fetchStrategy == AttributeFetchStrategyType.EXPLICIT) {
                arrayList.add(refinedAttributeDefinition);
            } else if (z2 && (fetchStrategy != AttributeFetchStrategyType.MINIMAL || SelectorOptions.hasToLoadPath(provisioningContext.getPrismContext().path(ShadowType.F_ATTRIBUTES, refinedAttributeDefinition.getItemName()), provisioningContext.getGetOperationOptions(), false) || SelectorOptions.hasToLoadPath(provisioningContext.getPrismContext().toUniformPath(refinedAttributeDefinition.getItemName()), provisioningContext.getGetOperationOptions(), false))) {
                arrayList.add(refinedAttributeDefinition);
            }
        }
        if (!arrayList.isEmpty()) {
            attributesToReturn.setAttributesToReturn(arrayList);
            z = true;
        }
        CredentialsCapabilityType credentialsCapabilityType = (CredentialsCapabilityType) ResourceTypeUtil.getEffectiveCapability(resource, CredentialsCapabilityType.class);
        if (credentialsCapabilityType != null) {
            if (SelectorOptions.hasToLoadPath(provisioningContext.getPrismContext().toUniformPath(SchemaConstants.PATH_PASSWORD_VALUE), provisioningContext.getGetOperationOptions())) {
                attributesToReturn.setReturnPasswordExplicit(true);
                z = true;
            } else if (!CapabilityUtil.isPasswordReturnedByDefault(credentialsCapabilityType) && objectClassDefinition.getPasswordFetchStrategy() == AttributeFetchStrategyType.EXPLICIT) {
                attributesToReturn.setReturnPasswordExplicit(true);
                z = true;
            }
        }
        ActivationCapabilityType activationCapabilityType = (ActivationCapabilityType) ResourceTypeUtil.getEffectiveCapability(resource, ActivationCapabilityType.class);
        if (activationCapabilityType != null) {
            if (CapabilityUtil.isCapabilityEnabled(activationCapabilityType.getStatus()) && !CapabilityUtil.isActivationStatusReturnedByDefault(activationCapabilityType)) {
                if (SelectorOptions.hasToLoadPath(provisioningContext.path(SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS), provisioningContext.getGetOperationOptions())) {
                    attributesToReturn.setReturnAdministrativeStatusExplicit(true);
                    z = true;
                } else if (objectClassDefinition.getActivationFetchStrategy(ActivationType.F_ADMINISTRATIVE_STATUS) == AttributeFetchStrategyType.EXPLICIT) {
                    attributesToReturn.setReturnAdministrativeStatusExplicit(true);
                    z = true;
                }
            }
            if (CapabilityUtil.isCapabilityEnabled(activationCapabilityType.getValidFrom()) && !CapabilityUtil.isActivationValidFromReturnedByDefault(activationCapabilityType)) {
                if (SelectorOptions.hasToLoadPath(provisioningContext.path(SchemaConstants.PATH_ACTIVATION_VALID_FROM), provisioningContext.getGetOperationOptions())) {
                    attributesToReturn.setReturnValidFromExplicit(true);
                    z = true;
                } else if (objectClassDefinition.getActivationFetchStrategy(ActivationType.F_VALID_FROM) == AttributeFetchStrategyType.EXPLICIT) {
                    attributesToReturn.setReturnValidFromExplicit(true);
                    z = true;
                }
            }
            if (CapabilityUtil.isCapabilityEnabled(activationCapabilityType.getValidTo()) && !CapabilityUtil.isActivationValidToReturnedByDefault(activationCapabilityType)) {
                if (SelectorOptions.hasToLoadPath(provisioningContext.path(SchemaConstants.PATH_ACTIVATION_VALID_TO), provisioningContext.getGetOperationOptions())) {
                    attributesToReturn.setReturnValidToExplicit(true);
                    z = true;
                } else if (objectClassDefinition.getActivationFetchStrategy(ActivationType.F_VALID_TO) == AttributeFetchStrategyType.EXPLICIT) {
                    attributesToReturn.setReturnValidToExplicit(true);
                    z = true;
                }
            }
            if (CapabilityUtil.isCapabilityEnabled(activationCapabilityType.getLockoutStatus()) && !CapabilityUtil.isActivationLockoutStatusReturnedByDefault(activationCapabilityType)) {
                if (SelectorOptions.hasToLoadPath(provisioningContext.path(SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS), provisioningContext.getGetOperationOptions())) {
                    attributesToReturn.setReturnAdministrativeStatusExplicit(true);
                    z = true;
                } else if (objectClassDefinition.getActivationFetchStrategy(ActivationType.F_LOCKOUT_STATUS) == AttributeFetchStrategyType.EXPLICIT) {
                    attributesToReturn.setReturnLockoutStatusExplicit(true);
                    z = true;
                }
            }
        }
        if (z) {
            return attributesToReturn;
        }
        return null;
    }

    public static <T> PropertyDelta<T> narrowPropertyDelta(PropertyDelta<T> propertyDelta, PrismObject<ShadowType> prismObject, QName qName, MatchingRuleRegistry matchingRuleRegistry) throws SchemaException {
        PrismPropertyDefinition<T> definition = propertyDelta.getDefinition();
        QName matchingRuleQName = qName != null ? qName : definition instanceof RefinedAttributeDefinition ? ((RefinedAttributeDefinition) definition).getMatchingRuleQName() : null;
        MatchingRule<T> matchingRule = (matchingRuleQName == null || definition == null) ? null : matchingRuleRegistry.getMatchingRule(matchingRuleQName, definition.getTypeName());
        LOGGER.trace("Narrowing attr def={}, matchingRule={} ({})", definition, matchingRule, matchingRuleQName);
        MatchingRule<T> matchingRule2 = matchingRule;
        Comparator<PrismPropertyValue<T>> comparator = (prismPropertyValue, prismPropertyValue2) -> {
            return prismPropertyValue.equals(prismPropertyValue2, EquivalenceStrategy.REAL_VALUE, matchingRule2) ? 0 : 1;
        };
        PropertyDelta<T> narrow = propertyDelta.narrow((PrismObject<? extends Objectable>) prismObject, (Comparator) comparator, (Comparator) comparator, true);
        if (narrow == null || !narrow.equals(propertyDelta)) {
            LOGGER.trace("Narrowed delta: {}", DebugUtil.debugDumpLazily(narrow));
        }
        return narrow;
    }

    public static RefinedResourceSchema getRefinedSchema(ResourceType resourceType) throws SchemaException, ConfigurationException {
        RefinedResourceSchema refinedSchema = RefinedResourceSchemaImpl.getRefinedSchema(resourceType);
        if (refinedSchema == null) {
            throw new ConfigurationException("No schema for " + resourceType);
        }
        return refinedSchema;
    }

    public static boolean isProtectedShadow(Collection<ResourceObjectPattern> collection, PrismObject<ShadowType> prismObject, MatchingRuleRegistry matchingRuleRegistry, RelationRegistry relationRegistry) throws SchemaException {
        boolean z = collection != null && ResourceObjectPattern.matches(prismObject, collection, matchingRuleRegistry, relationRegistry);
        LOGGER.trace("isProtectedShadow: {} = {}", prismObject, Boolean.valueOf(z));
        return z;
    }

    public static void setProtectedFlag(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, MatchingRuleRegistry matchingRuleRegistry, RelationRegistry relationRegistry, ExpressionFactory expressionFactory, OperationResult operationResult) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException, SecurityViolationException {
        if (isProtectedShadow(provisioningContext.getProtectedAccountPatterns(expressionFactory, operationResult), prismObject, matchingRuleRegistry, relationRegistry)) {
            prismObject.asObjectable().setProtectedObject(true);
        }
    }

    public static RefinedResourceSchema getRefinedSchema(PrismObject<ResourceType> prismObject) throws SchemaException, ConfigurationException {
        RefinedResourceSchema refinedSchema = RefinedResourceSchemaImpl.getRefinedSchema(prismObject);
        if (refinedSchema == null) {
            throw new ConfigurationException("No schema for " + prismObject);
        }
        return refinedSchema;
    }

    public static void recordFatalError(Trace trace, OperationResult operationResult, String str, Throwable th) {
        String message = str != null ? str : th.getMessage();
        LoggingUtils.logExceptionOnDebugLevel(trace, message, th, new Object[0]);
        operationResult.recordFatalError(message, th);
        operationResult.cleanupResult(th);
    }

    public static void logWarning(Trace trace, OperationResult operationResult, String str, Exception exc) {
        trace.error(str, (Throwable) exc);
        operationResult.recordWarning(str, exc);
    }

    public static boolean shouldStoreAttributeInShadow(RefinedObjectClassDefinition refinedObjectClassDefinition, QName qName, CachingStategyType cachingStategyType) throws ConfigurationException {
        if (cachingStategyType != null && cachingStategyType != CachingStategyType.NONE) {
            if (cachingStategyType == CachingStategyType.PASSIVE) {
                return refinedObjectClassDefinition.findAttributeDefinition(qName) != null;
            }
            throw new ConfigurationException("Unknown caching strategy " + cachingStategyType);
        }
        if (refinedObjectClassDefinition.isPrimaryIdentifier(qName) || refinedObjectClassDefinition.isSecondaryIdentifier(qName)) {
            return true;
        }
        for (RefinedAssociationDefinition refinedAssociationDefinition : refinedObjectClassDefinition.getAssociationDefinitions()) {
            if (refinedAssociationDefinition.getResourceObjectAssociationType().getDirection() == ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT && QNameUtil.match(qName, refinedAssociationDefinition.getResourceObjectAssociationType().getValueAttribute())) {
                return true;
            }
        }
        return false;
    }

    public static boolean shouldStoreActivationItemInShadow(QName qName, CachingStategyType cachingStategyType) {
        return cachingStategyType == CachingStategyType.PASSIVE || QNameUtil.match(qName, ActivationType.F_ARCHIVE_TIMESTAMP) || QNameUtil.match(qName, ActivationType.F_DISABLE_TIMESTAMP) || QNameUtil.match(qName, ActivationType.F_ENABLE_TIMESTAMP) || QNameUtil.match(qName, ActivationType.F_DISABLE_REASON);
    }

    public static void cleanupShadowActivation(ShadowType shadowType) {
        if (shadowType.getActivation() != null) {
            cleanupShadowActivation(shadowType.getActivation());
        }
    }

    public static void cleanupShadowActivation(ActivationType activationType) {
        activationType.setAdministrativeStatus(null);
        activationType.setEffectiveStatus(null);
        activationType.setValidFrom(null);
        activationType.setValidTo(null);
        activationType.setValidityStatus(null);
        activationType.setLockoutStatus(null);
        activationType.setLockoutExpirationTimestamp(null);
        activationType.setValidityChangeTimestamp(null);
    }

    public static List<ItemDelta<?, ?>> createShadowActivationCleanupDeltas(ShadowType shadowType, PrismContext prismContext) throws SchemaException {
        ActivationType activation = shadowType.getActivation();
        if (activation == null) {
            return Collections.emptyList();
        }
        S_ItemEntry deltaFor = prismContext.deltaFor(ShadowType.class);
        if (activation.getAdministrativeStatus() != null) {
            deltaFor = deltaFor.item(ShadowType.F_ACTIVATION, ActivationType.F_ADMINISTRATIVE_STATUS).replace(new PrismValue[0]);
        }
        if (activation.getEffectiveStatus() != null) {
            deltaFor = deltaFor.item(ShadowType.F_ACTIVATION, ActivationType.F_EFFECTIVE_STATUS).replace(new PrismValue[0]);
        }
        if (activation.getValidFrom() != null) {
            deltaFor = deltaFor.item(ShadowType.F_ACTIVATION, ActivationType.F_VALID_FROM).replace(new PrismValue[0]);
        }
        if (activation.getValidTo() != null) {
            deltaFor = deltaFor.item(ShadowType.F_ACTIVATION, ActivationType.F_VALID_TO).replace(new PrismValue[0]);
        }
        if (activation.getValidityStatus() != null) {
            deltaFor = deltaFor.item(ShadowType.F_ACTIVATION, ActivationType.F_VALIDITY_STATUS).replace(new PrismValue[0]);
        }
        if (activation.getLockoutStatus() != null) {
            deltaFor = deltaFor.item(ShadowType.F_ACTIVATION, ActivationType.F_LOCKOUT_STATUS).replace(new PrismValue[0]);
        }
        if (activation.getLockoutExpirationTimestamp() != null) {
            deltaFor = deltaFor.item(ShadowType.F_ACTIVATION, ActivationType.F_LOCKOUT_EXPIRATION_TIMESTAMP).replace(new PrismValue[0]);
        }
        if (activation.getValidityChangeTimestamp() != null) {
            deltaFor = deltaFor.item(ShadowType.F_ACTIVATION, ActivationType.F_VALIDITY_CHANGE_TIMESTAMP).replace(new PrismValue[0]);
        }
        return deltaFor.asItemDeltas();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v60, types: [java.util.List] */
    public static Collection<? extends ItemDelta<?, ?>> createShadowAttributesReconciliationDeltas(PrismObject<ShadowType> prismObject, PrismObject<ShadowType> prismObject2, PrismContext prismContext) throws SchemaException {
        ResourceAttributeDefinition findAttributeDefinition;
        ArrayList arrayList = new ArrayList();
        ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(prismObject);
        ResourceAttributeContainerDefinition definition = attributesContainer.getDefinition();
        if (definition == null) {
            throw new IllegalStateException("No definition for " + attributesContainer);
        }
        List list = (List) definition.getAllIdentifiers().stream().map((v0) -> {
            return v0.getItemName();
        }).collect(Collectors.toList());
        Item findContainer = prismObject2.findContainer(ShadowType.F_ATTRIBUTES);
        ArrayList<QName> arrayList2 = findContainer != null ? (List) findContainer.getValue().getItems().stream().map((v0) -> {
            return v0.getElementName();
        }).collect(Collectors.toCollection(ArrayList::new)) : new ArrayList();
        for (ResourceAttribute<?> resourceAttribute : attributesContainer.getAttributes()) {
            ItemName elementName = resourceAttribute.getElementName();
            if (QNameUtil.matchAny(elementName, list)) {
                List cloneCollectionMembers = CloneUtil.cloneCollectionMembers(resourceAttribute.getValues());
                LOGGER.trace("- updating identifier {} value of {}", elementName, resourceAttribute.getValues());
                arrayList.add(prismContext.deltaFor(ShadowType.class).item(ItemPath.create(ShadowType.F_ATTRIBUTES, elementName), resourceAttribute.getDefinition()).replace(cloneCollectionMembers).asItemDelta());
                QNameUtil.remove(arrayList2, elementName);
            }
        }
        for (QName qName : arrayList2) {
            if (!QNameUtil.matchAny(qName, list) && (findAttributeDefinition = definition.findAttributeDefinition(ItemName.fromQName(qName))) != null) {
                LOGGER.trace("- removing non-identifier {} value", qName);
                arrayList.add(prismContext.deltaFor(ShadowType.class).item(ItemPath.create(ShadowType.F_ATTRIBUTES, qName), findAttributeDefinition).replace(new PrismValue[0]).asItemDelta());
            }
        }
        return arrayList;
    }

    public static void cleanupShadowPassword(PasswordType passwordType) {
        passwordType.setValue(null);
    }

    public static void addPasswordMetadata(PasswordType passwordType, XMLGregorianCalendar xMLGregorianCalendar, ObjectReferenceType objectReferenceType) {
        if (passwordType.getMetadata() != null) {
            return;
        }
        MetadataType metadataType = new MetadataType();
        metadataType.setCreateTimestamp(xMLGregorianCalendar);
        if (objectReferenceType != null) {
            metadataType.creatorRef(objectReferenceType.getOid(), null);
        }
        passwordType.setMetadata(metadataType);
    }

    public static void checkShadowActivationConsistency(PrismObject<ShadowType> prismObject) {
        ActivationType activation;
        if (prismObject == null || (activation = prismObject.asObjectable().getActivation()) == null) {
            return;
        }
        if (activation.getAdministrativeStatus() == null && activation.getEffectiveStatus() == null && activation.getValidFrom() == null && activation.getValidTo() == null && activation.getValidityStatus() == null && activation.getLockoutStatus() == null && activation.getLockoutExpirationTimestamp() == null && activation.getValidityChangeTimestamp() == null) {
            return;
        }
        LOGGER.warn("{}", "Unexpected content in shadow.activation for " + ObjectTypeUtil.toShortString(prismObject) + ": " + activation);
    }

    public static CachingStategyType getCachingStrategy(ProvisioningContext provisioningContext) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        ResourceType resource = provisioningContext.getResource();
        CachingPolicyType caching = resource.getCaching();
        if (caching != null && caching.getCachingStategy() != null) {
            return caching.getCachingStategy();
        }
        ReadCapabilityType readCapabilityType = (ReadCapabilityType) ResourceTypeUtil.getEffectiveCapability(resource, ReadCapabilityType.class);
        if (readCapabilityType != null && readCapabilityType.isCachingOnly() == Boolean.TRUE) {
            return CachingStategyType.PASSIVE;
        }
        return CachingStategyType.NONE;
    }

    public static boolean shouldDoRepoSearch(GetOperationOptions getOperationOptions) {
        return GetOperationOptions.isNoFetch(getOperationOptions) || GetOperationOptions.isMaxStaleness(getOperationOptions);
    }

    public static boolean isResourceModification(ItemDelta itemDelta) {
        ItemName firstName = itemDelta.getPath().firstName();
        return isAttributeModification(firstName) || isNonAttributeResourceModification(firstName);
    }

    public static boolean isAttributeModification(ItemDelta itemDelta) {
        return isAttributeModification(itemDelta.getPath().firstName());
    }

    public static boolean isAttributeModification(QName qName) {
        return QNameUtil.match(qName, ShadowType.F_ATTRIBUTES);
    }

    public static boolean isNonAttributeResourceModification(ItemDelta itemDelta) {
        return isNonAttributeResourceModification(itemDelta.getPath().firstName());
    }

    public static boolean isNonAttributeResourceModification(QName qName) {
        return QNameUtil.match(qName, ShadowType.F_ACTIVATION) || QNameUtil.match(qName, ShadowType.F_CREDENTIALS) || QNameUtil.match(qName, ShadowType.F_ASSOCIATION) || QNameUtil.match(qName, ShadowType.F_AUXILIARY_OBJECT_CLASS);
    }

    public static boolean resourceReadIsCachingOnly(ResourceType resourceType) {
        ReadCapabilityType readCapabilityType = (ReadCapabilityType) ResourceTypeUtil.getEffectiveCapability(resourceType, ReadCapabilityType.class);
        if (readCapabilityType == null) {
            return false;
        }
        return Boolean.TRUE.equals(readCapabilityType.isCachingOnly());
    }

    public static Duration getGracePeriod(ProvisioningContext provisioningContext) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        Duration duration = null;
        ResourceConsistencyType consistency = provisioningContext.getResource().getConsistency();
        if (consistency != null) {
            duration = consistency.getPendingOperationGracePeriod();
        }
        return duration;
    }

    public static Duration getPendingOperationRetentionPeriod(ProvisioningContext provisioningContext) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        Duration duration = null;
        ResourceConsistencyType consistency = provisioningContext.getResource().getConsistency();
        if (consistency != null) {
            duration = consistency.getPendingOperationRetentionPeriod();
        }
        if (duration == null) {
            duration = DEFAULT_PENDING_OPERATION_RETENTION_PERIOD_DURATION;
        }
        return duration;
    }

    public static boolean isOverPeriod(XMLGregorianCalendar xMLGregorianCalendar, Duration duration, PendingOperationType pendingOperationType) {
        XMLGregorianCalendar completionTimestamp;
        if (isCompleted(pendingOperationType.getResultStatus()) && (completionTimestamp = pendingOperationType.getCompletionTimestamp()) != null) {
            return isOverPeriod(xMLGregorianCalendar, duration, completionTimestamp);
        }
        return false;
    }

    public static boolean isOverPeriod(XMLGregorianCalendar xMLGregorianCalendar, Duration duration, XMLGregorianCalendar xMLGregorianCalendar2) {
        return duration == null || XmlTypeConverter.compare(xMLGregorianCalendar, XmlTypeConverter.addDuration(xMLGregorianCalendar2, duration)) == 1;
    }

    public static Duration getRetryPeriod(ProvisioningContext provisioningContext) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        Duration duration = null;
        ResourceConsistencyType consistency = provisioningContext.getResource().getConsistency();
        if (consistency != null) {
            duration = consistency.getOperationRetryPeriod();
        }
        if (duration == null) {
            duration = DEFAULT_OPERATION_RETRY_PERIOD_DURATION;
        }
        return duration;
    }

    public static Duration getDeadShadowRetentionPeriod(ProvisioningContext provisioningContext) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        Duration duration = null;
        ResourceConsistencyType consistency = provisioningContext.getResource().getConsistency();
        if (consistency != null) {
            duration = consistency.getDeadShadowRetentionPeriod();
        }
        if (duration == null) {
            duration = DEFAULT_DEAD_SHADOW_RETENTION_PERIOD_DURATION;
        }
        return duration;
    }

    public static int getMaxRetryAttempts(ProvisioningContext provisioningContext) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        Integer operationRetryMaxAttempts;
        ResourceConsistencyType consistency = provisioningContext.getResource().getConsistency();
        if (consistency == null || (operationRetryMaxAttempts = consistency.getOperationRetryMaxAttempts()) == null) {
            return 3;
        }
        return operationRetryMaxAttempts.intValue();
    }

    public static boolean isCompleted(OperationResultStatusType operationResultStatusType) {
        return (operationResultStatusType == null || operationResultStatusType == OperationResultStatusType.IN_PROGRESS || operationResultStatusType == OperationResultStatusType.UNKNOWN) ? false : true;
    }

    public static boolean hasPendingAddOperation(PrismObject<ShadowType> prismObject) {
        Iterator<PendingOperationType> it = prismObject.asObjectable().getPendingOperation().iterator();
        while (it.hasNext()) {
            if (isPendingAddOperation(it.next())) {
                return true;
            }
        }
        return false;
    }

    private static boolean isPendingAddOperation(PendingOperationType pendingOperationType) {
        return ChangeTypeType.ADD.equals(pendingOperationType.getDelta().getChangeType()) && !PendingOperationExecutionStatusType.COMPLETED.equals(pendingOperationType.getExecutionStatus());
    }

    public static boolean isPrimaryCachingOnly(ResourceType resourceType) {
        ReadCapabilityType readCapabilityType = (ReadCapabilityType) CapabilityUtil.getEffectiveCapability(resourceType.getCapabilities(), ReadCapabilityType.class);
        if (readCapabilityType != null && CapabilityUtil.isCapabilityEnabled(readCapabilityType)) {
            return Boolean.TRUE.equals(readCapabilityType.isCachingOnly());
        }
        return false;
    }

    public static boolean isFuturePointInTime(Collection<SelectorOptions<GetOperationOptions>> collection) {
        return PointInTimeType.FUTURE.equals(GetOperationOptions.getPointInTimeType((GetOperationOptions) SelectorOptions.findRootOptions(collection)));
    }

    public static ResourceOperationDescription createResourceFailureDescription(PrismObject<ShadowType> prismObject, ResourceType resourceType, ObjectDelta<ShadowType> objectDelta, OperationResult operationResult) {
        ResourceOperationDescription resourceOperationDescription = new ResourceOperationDescription();
        resourceOperationDescription.setCurrentShadow(prismObject);
        resourceOperationDescription.setObjectDelta(objectDelta);
        resourceOperationDescription.setResource(resourceType.asPrismObject());
        resourceOperationDescription.setResult(operationResult);
        resourceOperationDescription.setSourceChannel(QNameUtil.qNameToUri(SchemaConstants.CHANNEL_DISCOVERY));
        return resourceOperationDescription;
    }

    public static boolean isDoDiscovery(ResourceType resourceType, GetOperationOptions getOperationOptions) {
        return !GetOperationOptions.isDoNotDiscovery(getOperationOptions) && isDoDiscovery(resourceType);
    }

    public static boolean isDoDiscovery(ResourceType resourceType, ProvisioningOperationOptions provisioningOperationOptions) {
        return !ProvisioningOperationOptions.isDoNotDiscovery(provisioningOperationOptions) && isDoDiscovery(resourceType);
    }

    public static boolean isDoDiscovery(ResourceType resourceType) {
        return resourceType == null || resourceType.getConsistency() == null || resourceType.getConsistency().isDiscovery() == null || resourceType.getConsistency().isDiscovery().booleanValue();
    }

    public static OperationResultStatus postponeModify(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, Collection<? extends ItemDelta> collection, ProvisioningOperationState<AsynchronousOperationReturnValue<Collection<PropertyDelta<PrismPropertyValue>>>> provisioningOperationState, OperationResult operationResult, OperationResult operationResult2) {
        LOGGER.trace("Postponing MODIFY operation for {}", prismObject);
        provisioningOperationState.setExecutionStatus(PendingOperationExecutionStatusType.EXECUTING);
        AsynchronousOperationReturnValue<Collection<PropertyDelta<PrismPropertyValue>>> asynchronousOperationReturnValue = new AsynchronousOperationReturnValue<>();
        asynchronousOperationReturnValue.setOperationResult(operationResult);
        asynchronousOperationReturnValue.setOperationType(PendingOperationTypeType.RETRY);
        provisioningOperationState.setAsyncResult(asynchronousOperationReturnValue);
        if (provisioningOperationState.getAttemptNumber() == null) {
            provisioningOperationState.setAttemptNumber(1);
        }
        operationResult2.recordInProgress();
        return OperationResultStatus.IN_PROGRESS;
    }

    @Nullable
    public static PrismObject<ShadowType> selectSingleShadow(@NotNull List<PrismObject<ShadowType>> list, Object obj) {
        LOGGER.trace("Selecting from {} objects", Integer.valueOf(list.size()));
        if (list.size() == 0) {
            return null;
        }
        if (list.size() <= 1) {
            return list.get(0);
        }
        LOGGER.error("Too many shadows ({}) for {}", Integer.valueOf(list.size()), obj);
        LOGGER.debug("Shadows:\n{}", DebugUtil.debugDumpLazily(list));
        throw new IllegalStateException("More than one shadow for " + obj);
    }

    @Nullable
    public static PrismObject<ShadowType> selectLiveShadow(List<PrismObject<ShadowType>> list) {
        if (list == null || list.isEmpty()) {
            return null;
        }
        List list2 = (List) list.stream().filter(ShadowUtil::isNotDead).collect(Collectors.toList());
        if (list2.isEmpty()) {
            return null;
        }
        if (list2.size() <= 1) {
            return (PrismObject) list2.get(0);
        }
        LOGGER.trace("More than one live shadow found ({} out of {}):\n{}", Integer.valueOf(list2.size()), Integer.valueOf(list.size()), DebugUtil.debugDumpLazily(list, 1));
        throw new IllegalStateException("Found more than one live shadow: " + list2);
    }

    public static PrismObject<ShadowType> selectLiveOrAnyShadow(List<PrismObject<ShadowType>> list) {
        PrismObject<ShadowType> selectLiveShadow = selectLiveShadow(list);
        if (selectLiveShadow != null) {
            return selectLiveShadow;
        }
        if (list.isEmpty()) {
            return null;
        }
        return list.get(0);
    }

    @Nullable
    public static PrismProperty<?> getSingleValuedPrimaryIdentifier(PrismObject<ShadowType> prismObject) {
        PrismProperty<?> primaryIdentifier = ShadowUtil.getAttributesContainer(prismObject).getPrimaryIdentifier();
        if (primaryIdentifier == null) {
            return null;
        }
        checkSingleIdentifierValue(primaryIdentifier);
        return primaryIdentifier;
    }

    private static void checkSingleIdentifierValue(PrismProperty<?> prismProperty) {
        int size = prismProperty.getValues().size();
        if (size > 1) {
            throw new IllegalArgumentException("More than one identifier value is not supported");
        }
        if (size < 1) {
            throw new IllegalArgumentException("The identifier has no value");
        }
    }

    public static CachingStategyType getPasswordCachingStrategy(RefinedObjectClassDefinition refinedObjectClassDefinition) {
        CachingPolicyType caching;
        ResourcePasswordDefinitionType passwordDefinition = refinedObjectClassDefinition.getPasswordDefinition();
        if (passwordDefinition == null || (caching = passwordDefinition.getCaching()) == null) {
            return null;
        }
        return caching.getCachingStategy();
    }

    public static void validateShadow(PrismObject<ShadowType> prismObject, boolean z) {
        if (z) {
            Validate.notNull(prismObject.getOid(), "null shadow OID");
        }
        if (InternalsConfig.encryptionChecks) {
            CryptoUtil.checkEncrypted(prismObject);
        }
    }

    public static Collection<ResourceAttribute<?>> selectPrimaryIdentifiers(Collection<ResourceAttribute<?>> collection, ObjectClassComplexTypeDefinition objectClassComplexTypeDefinition) {
        Collection collection2 = (Collection) objectClassComplexTypeDefinition.getPrimaryIdentifiers().stream().map((v0) -> {
            return v0.getItemName();
        }).collect(Collectors.toSet());
        return (Collection) collection.stream().filter(resourceAttribute -> {
            return QNameUtil.matchAny(resourceAttribute.getElementName(), collection2);
        }).collect(Collectors.toList());
    }
}
