package com.evolveum.midpoint.model.impl.lens.projector.policy;

import ch.qos.logback.core.CoreConstants;
import com.evolveum.midpoint.model.api.context.EvaluatedAssignment;
import com.evolveum.midpoint.model.api.context.EvaluatedCompositeTrigger;
import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule;
import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRuleTrigger;
import com.evolveum.midpoint.model.common.mapping.MappingBuilder;
import com.evolveum.midpoint.model.common.mapping.MappingFactory;
import com.evolveum.midpoint.model.common.mapping.MappingImpl;
import com.evolveum.midpoint.model.impl.lens.EvaluatedPolicyRuleImpl;
import com.evolveum.midpoint.model.impl.lens.LensContext;
import com.evolveum.midpoint.model.impl.lens.LensFocusContext;
import com.evolveum.midpoint.model.impl.lens.LensUtil;
import com.evolveum.midpoint.model.impl.lens.assignments.EvaluatedAssignmentImpl;
import com.evolveum.midpoint.model.impl.lens.assignments.EvaluatedAssignmentTargetImpl;
import com.evolveum.midpoint.model.impl.lens.projector.ProjectorProcessor;
import com.evolveum.midpoint.model.impl.lens.projector.mappings.MappingEvaluator;
import com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators.AlwaysTrueConstraintEvaluator;
import com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators.AssignmentModificationConstraintEvaluator;
import com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators.CompositeConstraintEvaluator;
import com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators.ExclusionConstraintEvaluator;
import com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators.HasAssignmentConstraintEvaluator;
import com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators.MultiplicityConstraintEvaluator;
import com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators.ObjectModificationConstraintEvaluator;
import com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators.OrphanedConstraintEvaluator;
import com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators.PolicyConstraintEvaluator;
import com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators.PolicySituationConstraintEvaluator;
import com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators.StateConstraintEvaluator;
import com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators.TransitionConstraintEvaluator;
import com.evolveum.midpoint.model.impl.lens.projector.util.ProcessorExecution;
import com.evolveum.midpoint.model.impl.lens.projector.util.ProcessorMethod;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.delta.DeltaSetTriple;
import com.evolveum.midpoint.prism.delta.PlusMinusZero;
import com.evolveum.midpoint.prism.util.CloneUtil;
import com.evolveum.midpoint.prism.util.ObjectDeltaObject;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.repo.common.expression.ExpressionFactory;
import com.evolveum.midpoint.repo.common.expression.ExpressionUtil;
import com.evolveum.midpoint.schema.constants.ExpressionConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.PolicyRuleTypeUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractPolicyConstraintType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AlwaysTruePolicyConstraintType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentHolderType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentModificationPolicyConstraintType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ExclusionPolicyConstraintType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.GlobalPolicyRuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.HasAssignmentPolicyConstraintType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MappingKindType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ModificationPolicyConstraintType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MultiplicityPolicyConstraintType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OrphanedPolicyConstraintType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyConstraintsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyRuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicySituationPolicyConstraintType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.RecordPolicyActionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.StatePolicyConstraintType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TransitionPolicyConstraintType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import javax.xml.bind.JAXBElement;
import javax.xml.datatype.XMLGregorianCalendar;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

@ProcessorExecution(focusRequired = true, focusType = AssignmentHolderType.class)
@Component
/* loaded from: input_file:WEB-INF/lib/model-impl-4.3.3-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRuleProcessor.class */
public class PolicyRuleProcessor implements ProjectorProcessor {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) PolicyRuleProcessor.class);
    private static final String OP_EVALUATE_RULE = PolicyRuleProcessor.class.getName() + ".evaluateRule";

    @Autowired
    private PrismContext prismContext;

    @Autowired
    @Qualifier("cacheRepositoryService")
    private RepositoryService repositoryService;

    @Autowired
    private MappingFactory mappingFactory;

    @Autowired
    private MappingEvaluator mappingEvaluator;

    @Autowired
    private PolicyStateRecorder policyStateRecorder;

    @Autowired
    private AssignmentModificationConstraintEvaluator assignmentConstraintEvaluator;

    @Autowired
    private HasAssignmentConstraintEvaluator hasAssignmentConstraintEvaluator;

    @Autowired
    private ExclusionConstraintEvaluator exclusionConstraintEvaluator;

    @Autowired
    private MultiplicityConstraintEvaluator multiplicityConstraintEvaluator;

    @Autowired
    private PolicySituationConstraintEvaluator policySituationConstraintEvaluator;

    @Autowired
    private ObjectModificationConstraintEvaluator modificationConstraintEvaluator;

    @Autowired
    private StateConstraintEvaluator stateConstraintEvaluator;

    @Autowired
    private AlwaysTrueConstraintEvaluator alwaysTrueConstraintEvaluator;

    @Autowired
    private OrphanedConstraintEvaluator orphanedConstraintEvaluator;

    @Autowired
    private CompositeConstraintEvaluator compositeConstraintEvaluator;

    @Autowired
    private TransitionConstraintEvaluator transitionConstraintEvaluator;

    @Autowired
    private ExpressionFactory expressionFactory;

    public <F extends AssignmentHolderType> void evaluateAssignmentPolicyRules(LensContext<F> lensContext, DeltaSetTriple<EvaluatedAssignmentImpl<F>> deltaSetTriple, Task task, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        for (EvaluatedAssignmentImpl<F> evaluatedAssignmentImpl : deltaSetTriple.union()) {
            RulesEvaluationContext rulesEvaluationContext = new RulesEvaluationContext();
            resolveReferences(evaluatedAssignmentImpl.getAllTargetsPolicyRules(), getAllGlobalRules(lensContext));
            for (EvaluatedPolicyRuleImpl evaluatedPolicyRuleImpl : evaluatedAssignmentImpl.getThisTargetPolicyRules()) {
                if (!hasSituationConstraint(evaluatedPolicyRuleImpl) && checkApplicabilityToAssignment(evaluatedPolicyRuleImpl)) {
                    evaluateRule(new AssignmentPolicyRuleEvaluationContext(evaluatedPolicyRuleImpl, evaluatedAssignmentImpl, true, lensContext, deltaSetTriple, task, rulesEvaluationContext), operationResult);
                }
            }
            for (EvaluatedPolicyRuleImpl evaluatedPolicyRuleImpl2 : evaluatedAssignmentImpl.getOtherTargetsPolicyRules()) {
                if (!hasSituationConstraint(evaluatedPolicyRuleImpl2) && checkApplicabilityToAssignment(evaluatedPolicyRuleImpl2)) {
                    evaluateRule(new AssignmentPolicyRuleEvaluationContext(evaluatedPolicyRuleImpl2, evaluatedAssignmentImpl, false, lensContext, deltaSetTriple, task, rulesEvaluationContext), operationResult);
                }
            }
            for (EvaluatedPolicyRuleImpl evaluatedPolicyRuleImpl3 : evaluatedAssignmentImpl.getThisTargetPolicyRules()) {
                if (hasSituationConstraint(evaluatedPolicyRuleImpl3) && checkApplicabilityToAssignment(evaluatedPolicyRuleImpl3)) {
                    evaluateRule(new AssignmentPolicyRuleEvaluationContext(evaluatedPolicyRuleImpl3, evaluatedAssignmentImpl, true, lensContext, deltaSetTriple, task, rulesEvaluationContext), operationResult);
                }
            }
            for (EvaluatedPolicyRuleImpl evaluatedPolicyRuleImpl4 : evaluatedAssignmentImpl.getOtherTargetsPolicyRules()) {
                if (hasSituationConstraint(evaluatedPolicyRuleImpl4) && checkApplicabilityToAssignment(evaluatedPolicyRuleImpl4)) {
                    evaluateRule(new AssignmentPolicyRuleEvaluationContext(evaluatedPolicyRuleImpl4, evaluatedAssignmentImpl, false, lensContext, deltaSetTriple, task, rulesEvaluationContext), operationResult);
                }
            }
            this.policyStateRecorder.applyAssignmentState(lensContext, evaluatedAssignmentImpl, evaluatedAssignmentImpl.getOrigin().isBeingDeleted() ? PlusMinusZero.MINUS : evaluatedAssignmentImpl.getMode(), rulesEvaluationContext.rulesToRecord);
        }
    }

    private boolean checkApplicabilityToAssignment(EvaluatedPolicyRule evaluatedPolicyRule) {
        if (isApplicableToAssignment(evaluatedPolicyRule)) {
            return true;
        }
        LOGGER.trace("Skipping rule {} because it is not applicable to assignment: {}", evaluatedPolicyRule.getName(), evaluatedPolicyRule);
        return false;
    }

    private void resolveReferences(Collection<? extends EvaluatedPolicyRule> collection, Collection<? extends PolicyRuleType> collection2) {
        PolicyRuleTypeUtil.resolveReferences((List) collection.stream().map((v0) -> {
            return v0.getPolicyRule();
        }).collect(Collectors.toList()), collection2, this.prismContext);
    }

    @ProcessorMethod
    public <AH extends AssignmentHolderType> void evaluateObjectPolicyRules(LensContext<AH> lensContext, XMLGregorianCalendar xMLGregorianCalendar, Task task, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, SecurityViolationException, ConfigurationException, CommunicationException {
        RulesEvaluationContext rulesEvaluationContext = new RulesEvaluationContext();
        List<EvaluatedPolicyRuleImpl> arrayList = new ArrayList<>();
        collectFocusRulesFromAssignments(arrayList, lensContext);
        collectGlobalObjectRules(arrayList, lensContext, task, operationResult);
        resolveReferences(arrayList, getAllGlobalRules(lensContext));
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        LOGGER.trace("Evaluating {} object policy rules", Integer.valueOf(arrayList.size()));
        LensFocusContext<AH> focusContext = lensContext.getFocusContext();
        focusContext.clearPolicyRules();
        for (EvaluatedPolicyRuleImpl evaluatedPolicyRuleImpl : arrayList) {
            if (isApplicableToObject(evaluatedPolicyRuleImpl)) {
                if (hasSituationConstraint(evaluatedPolicyRuleImpl)) {
                    arrayList2.add(evaluatedPolicyRuleImpl);
                } else {
                    arrayList3.add(evaluatedPolicyRuleImpl);
                }
                focusContext.addPolicyRule(evaluatedPolicyRuleImpl);
            } else {
                LOGGER.trace("Rule {} is not applicable to an object, skipping: {}", evaluatedPolicyRuleImpl.getName(), evaluatedPolicyRuleImpl);
            }
        }
        Iterator it = arrayList3.iterator();
        while (it.hasNext()) {
            evaluateFocusRule((EvaluatedPolicyRule) it.next(), lensContext, rulesEvaluationContext, task, operationResult);
        }
        Iterator it2 = arrayList2.iterator();
        while (it2.hasNext()) {
            evaluateFocusRule((EvaluatedPolicyRule) it2.next(), lensContext, rulesEvaluationContext, task, operationResult);
        }
        this.policyStateRecorder.applyObjectState(lensContext, rulesEvaluationContext.rulesToRecord);
    }

    private <AH extends AssignmentHolderType> Collection<? extends PolicyRuleType> getAllGlobalRules(LensContext<AH> lensContext) {
        return lensContext.getSystemConfiguration() != null ? (Collection) CloneUtil.clone(lensContext.getSystemConfiguration().asObjectable().getGlobalPolicyRule()) : Collections.emptyList();
    }

    private <AH extends AssignmentHolderType> void evaluateFocusRule(EvaluatedPolicyRule evaluatedPolicyRule, LensContext<AH> lensContext, RulesEvaluationContext rulesEvaluationContext, Task task, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        evaluateRule(new ObjectPolicyRuleEvaluationContext(evaluatedPolicyRule, rulesEvaluationContext, lensContext, task), operationResult);
    }

    private <AH extends AssignmentHolderType> void collectFocusRulesFromAssignments(List<EvaluatedPolicyRuleImpl> list, LensContext<AH> lensContext) {
        Iterator<EvaluatedAssignmentImpl<?>> it = lensContext.getAllEvaluatedAssignments().iterator();
        while (it.hasNext()) {
            list.addAll(it.next().getFocusPolicyRules());
        }
    }

    private <AH extends AssignmentHolderType> void collectGlobalObjectRules(List<EvaluatedPolicyRuleImpl> list, LensContext<AH> lensContext, Task task, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, SecurityViolationException, ConfigurationException, CommunicationException {
        PrismObject<SystemConfigurationType> systemConfiguration = lensContext.getSystemConfiguration();
        if (systemConfiguration == null) {
            return;
        }
        LensFocusContext<AH> focusContext = lensContext.getFocusContext();
        PrismObject<AH> objectCurrent = focusContext.getObjectCurrent();
        if (objectCurrent == null) {
            objectCurrent = focusContext.getObjectNew();
        }
        List<GlobalPolicyRuleType> globalPolicyRule = systemConfiguration.asObjectable().getGlobalPolicyRule();
        LOGGER.trace("Checking {} global policy rules", Integer.valueOf(globalPolicyRule.size()));
        int i = 0;
        for (GlobalPolicyRuleType globalPolicyRuleType : globalPolicyRule) {
            if (!this.repositoryService.selectorMatches(globalPolicyRuleType.getFocusSelector(), objectCurrent, null, LOGGER, "Global policy rule " + globalPolicyRuleType.getName() + ": ")) {
                LOGGER.trace("Skipping global policy rule {} because the selector did not match: {}", globalPolicyRuleType.getName(), globalPolicyRuleType);
            } else if (isRuleConditionTrue(globalPolicyRuleType, objectCurrent, null, lensContext, task, operationResult)) {
                list.add(new EvaluatedPolicyRuleImpl(globalPolicyRuleType.mo2542clone(), null, null));
                i++;
            } else {
                LOGGER.trace("Skipping global policy rule {} because the condition evaluated to false: {}", globalPolicyRuleType.getName(), globalPolicyRuleType);
            }
        }
        LOGGER.trace("Selected {} global policy rules for further evaluation", Integer.valueOf(i));
    }

    private boolean hasSituationConstraint(EvaluatedPolicyRule evaluatedPolicyRule) {
        return hasSituationConstraint(evaluatedPolicyRule.getPolicyConstraints());
    }

    private boolean hasSituationConstraint(Collection<PolicyConstraintsType> collection) {
        return collection.stream().anyMatch(this::hasSituationConstraint);
    }

    private boolean hasSituationConstraint(PolicyConstraintsType policyConstraintsType) {
        return policyConstraintsType != null && (!policyConstraintsType.getSituation().isEmpty() || hasSituationConstraint(policyConstraintsType.getAnd()) || hasSituationConstraint(policyConstraintsType.getOr()) || hasSituationConstraint(policyConstraintsType.getNot()));
    }

    private boolean isApplicableToAssignment(EvaluatedPolicyRule evaluatedPolicyRule) {
        return PolicyRuleTypeUtil.isApplicableToAssignment(evaluatedPolicyRule.getPolicyRule());
    }

    private boolean isApplicableToObject(EvaluatedPolicyRule evaluatedPolicyRule) {
        return PolicyRuleTypeUtil.isApplicableToObject(evaluatedPolicyRule.getPolicyRule());
    }

    private <AH extends AssignmentHolderType> void evaluateRule(@NotNull PolicyRuleEvaluationContext<AH> policyRuleEvaluationContext, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        String shortString = policyRuleEvaluationContext.policyRule.toShortString();
        String shortDescription = policyRuleEvaluationContext.getShortDescription();
        OperationResult build = operationResult.subresult(OP_EVALUATE_RULE).addParam(ExpressionConstants.VAR_POLICY_RULE, shortString).addContext(CoreConstants.CONTEXT_SCOPE_VALUE, shortDescription).build();
        try {
            try {
                LOGGER.trace("Evaluating policy rule {} in {}", shortString, shortDescription);
                PolicyConstraintsType policyConstraints = policyRuleEvaluationContext.policyRule.getPolicyConstraints();
                EvaluatedCompositeTrigger evaluate = this.compositeConstraintEvaluator.evaluate(new JAXBElement<>(PolicyConstraintsType.F_AND, PolicyConstraintsType.class, policyConstraints), (PolicyRuleEvaluationContext) policyRuleEvaluationContext, build);
                LOGGER.trace("Evaluated composite trigger {} for ctx {}", evaluate, policyRuleEvaluationContext);
                if (evaluate != null && !evaluate.getInnerTriggers().isEmpty()) {
                    policyRuleEvaluationContext.triggerRule((policyConstraints.getName() == null && policyConstraints.getPresentation() == null) ? new ArrayList(evaluate.getInnerTriggers()) : Collections.singletonList(evaluate));
                }
                boolean isTriggered = policyRuleEvaluationContext.policyRule.isTriggered();
                LOGGER.trace("Policy rule triggered: {}", Boolean.valueOf(isTriggered));
                build.addReturn("triggered", isTriggered);
                if (isTriggered) {
                    LOGGER.trace("Start to compute actions");
                    ((EvaluatedPolicyRuleImpl) policyRuleEvaluationContext.policyRule).computeEnabledActions(policyRuleEvaluationContext, policyRuleEvaluationContext.getObject(), this.expressionFactory, this.prismContext, policyRuleEvaluationContext.task, build);
                    if (policyRuleEvaluationContext.policyRule.containsEnabledAction(RecordPolicyActionType.class)) {
                        policyRuleEvaluationContext.record();
                    }
                    build.addArbitraryObjectCollectionAsReturn("enabledActions", policyRuleEvaluationContext.policyRule.getEnabledActions());
                }
                traceRuleEvaluationResult(policyRuleEvaluationContext.policyRule, policyRuleEvaluationContext);
                build.computeStatusIfUnknown();
            } catch (Throwable th) {
                build.recordFatalError(th);
                throw th;
            }
        } catch (Throwable th2) {
            build.computeStatusIfUnknown();
            throw th2;
        }
    }

    @NotNull
    public <AH extends AssignmentHolderType> List<EvaluatedPolicyRuleTrigger<?>> evaluateConstraints(PolicyConstraintsType policyConstraintsType, boolean z, PolicyRuleEvaluationContext<AH> policyRuleEvaluationContext, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        if (policyConstraintsType == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (JAXBElement<AbstractPolicyConstraintType> jAXBElement : PolicyRuleTypeUtil.toConstraintsList(policyConstraintsType, false, false)) {
            EvaluatedPolicyRuleTrigger<?> evaluate = getConstraintEvaluator(jAXBElement).evaluate(jAXBElement, policyRuleEvaluationContext, operationResult);
            LOGGER.trace("Evaluated policy rule trigger: {}", evaluate);
            traceConstraintEvaluationResult(jAXBElement, policyRuleEvaluationContext, evaluate);
            if (evaluate != null) {
                arrayList.add(evaluate);
            } else if (z) {
                return Collections.emptyList();
            }
        }
        return arrayList;
    }

    private <AH extends AssignmentHolderType> void traceConstraintEvaluationResult(JAXBElement<AbstractPolicyConstraintType> jAXBElement, PolicyRuleEvaluationContext<AH> policyRuleEvaluationContext, EvaluatedPolicyRuleTrigger<?> evaluatedPolicyRuleTrigger) throws SchemaException {
        if (LOGGER.isTraceEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("\n---[ POLICY CONSTRAINT ");
            if (evaluatedPolicyRuleTrigger != null) {
                sb.append("# ");
            }
            AbstractPolicyConstraintType value = jAXBElement.getValue();
            if (value.getName() != null) {
                sb.append("'").append(value.getName()).append("'");
            }
            sb.append(" (").append(jAXBElement.getName().getLocalPart()).append(")");
            sb.append(" for ");
            sb.append(policyRuleEvaluationContext.getShortDescription());
            sb.append(" (").append(policyRuleEvaluationContext.lensContext.getState()).append(")");
            sb.append("]---------------------------");
            sb.append("\nConstraint:\n");
            sb.append(this.prismContext.serializerFor(DebugUtil.getPrettyPrintBeansAs("xml")).serialize(jAXBElement));
            sb.append("\nRule: ").append(policyRuleEvaluationContext.policyRule.toShortString());
            sb.append("\nResult: ").append(DebugUtil.debugDump(evaluatedPolicyRuleTrigger));
            LOGGER.trace("{}", sb.toString());
        }
    }

    private <AH extends AssignmentHolderType> void traceRuleEvaluationResult(EvaluatedPolicyRule evaluatedPolicyRule, PolicyRuleEvaluationContext<AH> policyRuleEvaluationContext) {
        if (LOGGER.isTraceEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("\n---[ POLICY RULE ");
            if (evaluatedPolicyRule.isTriggered()) {
                sb.append("# ");
            }
            sb.append(evaluatedPolicyRule.toShortString());
            sb.append(" for ");
            sb.append(policyRuleEvaluationContext.getShortDescription());
            sb.append(" (").append(policyRuleEvaluationContext.lensContext.getState()).append(")");
            sb.append("]---------------------------");
            sb.append("\n");
            sb.append(evaluatedPolicyRule.debugDump());
            LOGGER.trace("{}", sb.toString());
        }
    }

    private PolicyConstraintEvaluator<?> getConstraintEvaluator(JAXBElement<AbstractPolicyConstraintType> jAXBElement) {
        if (jAXBElement.getValue() instanceof AssignmentModificationPolicyConstraintType) {
            return this.assignmentConstraintEvaluator;
        }
        if (jAXBElement.getValue() instanceof HasAssignmentPolicyConstraintType) {
            return this.hasAssignmentConstraintEvaluator;
        }
        if (jAXBElement.getValue() instanceof ExclusionPolicyConstraintType) {
            return this.exclusionConstraintEvaluator;
        }
        if (jAXBElement.getValue() instanceof MultiplicityPolicyConstraintType) {
            return this.multiplicityConstraintEvaluator;
        }
        if (jAXBElement.getValue() instanceof PolicySituationPolicyConstraintType) {
            return this.policySituationConstraintEvaluator;
        }
        if (jAXBElement.getValue() instanceof ModificationPolicyConstraintType) {
            return this.modificationConstraintEvaluator;
        }
        if (jAXBElement.getValue() instanceof StatePolicyConstraintType) {
            return this.stateConstraintEvaluator;
        }
        if (jAXBElement.getValue() instanceof PolicyConstraintsType) {
            return this.compositeConstraintEvaluator;
        }
        if (jAXBElement.getValue() instanceof TransitionPolicyConstraintType) {
            return this.transitionConstraintEvaluator;
        }
        if (jAXBElement.getValue() instanceof AlwaysTruePolicyConstraintType) {
            return this.alwaysTrueConstraintEvaluator;
        }
        if (jAXBElement.getValue() instanceof OrphanedPolicyConstraintType) {
            return this.orphanedConstraintEvaluator;
        }
        throw new IllegalArgumentException("Unknown policy constraint: " + jAXBElement.getName() + "/" + jAXBElement.getValue().getClass());
    }

    public <F extends AssignmentHolderType> void addGlobalPolicyRulesToAssignments(LensContext<F> lensContext, DeltaSetTriple<EvaluatedAssignmentImpl<F>> deltaSetTriple, Task task, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, SecurityViolationException, ConfigurationException, CommunicationException {
        PrismObject<SystemConfigurationType> systemConfiguration = lensContext.getSystemConfiguration();
        if (systemConfiguration == null) {
            return;
        }
        LensFocusContext<F> focusContext = lensContext.getFocusContext();
        PrismObject<F> objectCurrent = focusContext.getObjectCurrent();
        if (objectCurrent == null) {
            objectCurrent = focusContext.getObjectNew();
        }
        List<GlobalPolicyRuleType> globalPolicyRule = systemConfiguration.asObjectable().getGlobalPolicyRule();
        LOGGER.trace("Checking {} global policy rules for selection to assignments", Integer.valueOf(globalPolicyRule.size()));
        int i = 0;
        for (GlobalPolicyRuleType globalPolicyRuleType : globalPolicyRule) {
            if (this.repositoryService.selectorMatches(globalPolicyRuleType.getFocusSelector(), objectCurrent, null, LOGGER, "Global policy rule " + globalPolicyRuleType.getName() + " focus selector: ")) {
                for (EvaluatedAssignmentImpl<F> evaluatedAssignmentImpl : deltaSetTriple.getAllValues()) {
                    for (EvaluatedAssignmentTargetImpl evaluatedAssignmentTargetImpl : evaluatedAssignmentImpl.getRoles().getNonNegativeValues()) {
                        if (evaluatedAssignmentTargetImpl.getAssignmentPath().last().isMatchingOrder() || evaluatedAssignmentTargetImpl.isDirectlyAssigned()) {
                            if (!this.repositoryService.selectorMatches(globalPolicyRuleType.getTargetSelector(), evaluatedAssignmentTargetImpl.getTarget(), null, LOGGER, "Global policy rule " + globalPolicyRuleType.getName() + " target selector: ")) {
                                LOGGER.trace("Skipping global policy rule {} because target selector did not match: {}", globalPolicyRuleType.getName(), globalPolicyRuleType);
                            } else if (isRuleConditionTrue(globalPolicyRuleType, objectCurrent, evaluatedAssignmentImpl, lensContext, task, operationResult)) {
                                EvaluatedPolicyRuleImpl evaluatedPolicyRuleImpl = new EvaluatedPolicyRuleImpl(globalPolicyRuleType.mo2542clone(), evaluatedAssignmentTargetImpl.getAssignmentPath().m565clone(), evaluatedAssignmentImpl);
                                if (evaluatedAssignmentTargetImpl.isDirectlyAssigned()) {
                                    evaluatedAssignmentImpl.addThisTargetPolicyRule(evaluatedPolicyRuleImpl);
                                } else {
                                    evaluatedAssignmentImpl.addOtherTargetPolicyRule(evaluatedPolicyRuleImpl);
                                }
                                i++;
                            } else {
                                LOGGER.trace("Skipping global policy rule {} because the condition evaluated to false: {}", globalPolicyRuleType.getName(), globalPolicyRuleType);
                            }
                        }
                    }
                }
            } else {
                LOGGER.trace("Skipping global policy rule {} because focus selector did not match: {}", globalPolicyRuleType.getName(), globalPolicyRuleType);
            }
        }
        LOGGER.trace("Global policy rules instantiated {} times for further evaluation", Integer.valueOf(i));
    }

    private <AH extends AssignmentHolderType> boolean isRuleConditionTrue(GlobalPolicyRuleType globalPolicyRuleType, PrismObject<AH> prismObject, EvaluatedAssignmentImpl<AH> evaluatedAssignmentImpl, LensContext<AH> lensContext, Task task, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, CommunicationException {
        MappingType condition = globalPolicyRuleType.getCondition();
        if (condition == null) {
            return true;
        }
        MappingBuilder createMappingBuilder = this.mappingFactory.createMappingBuilder();
        ObjectDeltaObject<?> objectDeltaObject = new ObjectDeltaObject<>(prismObject, null, prismObject, prismObject.getDefinition());
        MappingImpl build = createMappingBuilder.mappingBean(condition).mappingKind(MappingKindType.POLICY_RULE_CONDITION).contextDescription("condition in global policy rule " + globalPolicyRuleType.getName()).sourceContext(objectDeltaObject).defaultTargetDefinition(LensUtil.createConditionDefinition(this.prismContext)).addVariableDefinition("user", objectDeltaObject).addVariableDefinition("focus", objectDeltaObject).addAliasRegistration("user", null).addAliasRegistration("focus", null).addVariableDefinition("target", (Object) (evaluatedAssignmentImpl != null ? evaluatedAssignmentImpl.getTarget() : null), EvaluatedAssignment.class).addVariableDefinition(ExpressionConstants.VAR_EVALUATED_ASSIGNMENT, evaluatedAssignmentImpl, EvaluatedAssignment.class).addVariableDefinition(ExpressionConstants.VAR_ASSIGNMENT, evaluatedAssignmentImpl != null ? evaluatedAssignmentImpl.getAssignmentType() : null, AssignmentType.class).rootNode(objectDeltaObject).build();
        this.mappingEvaluator.evaluateMapping(build, lensContext, task, operationResult);
        DeltaSetTriple outputTriple = build.getOutputTriple();
        return outputTriple != null && ExpressionUtil.computeConditionResult(outputTriple.getNonNegativeValues());
    }
}
