package com.evolveum.midpoint.model.impl.lens;

import com.evolveum.midpoint.audit.api.AuditEventRecord;
import com.evolveum.midpoint.audit.api.AuditEventStage;
import com.evolveum.midpoint.audit.api.AuditEventType;
import com.evolveum.midpoint.model.impl.util.AuditHelper;
import com.evolveum.midpoint.model.impl.util.ModelImplUtils;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.xml.XmlTypeConverter;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.repo.common.expression.ExpressionFactory;
import com.evolveum.midpoint.repo.common.expression.ExpressionUtil;
import com.evolveum.midpoint.schema.ObjectDeltaOperation;
import com.evolveum.midpoint.schema.constants.ExpressionConstants;
import com.evolveum.midpoint.schema.expression.VariablesMap;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ExpressionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectSelectorType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationAuditEventRecordingPropertyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationAuditEventRecordingType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.xml.datatype.XMLGregorianCalendar;
import org.apache.commons.lang.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/model-impl-4.3.3-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/lens/ClockworkAuditHelper.class */
public class ClockworkAuditHelper {
    private static final Trace LOGGER;
    private static final String OP_EVALUATE_AUDIT_RECORD_PROPERTY;

    @Autowired
    private PrismContext prismContext;

    @Autowired
    private AuditHelper auditHelper;

    @Autowired
    private ExpressionFactory expressionFactory;

    @Autowired
    @Qualifier("cacheRepositoryService")
    private RepositoryService repositoryService;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public <F extends ObjectType> void audit(LensContext<F> lensContext, AuditEventStage auditEventStage, Task task, OperationResult operationResult, OperationResult operationResult2) throws SchemaException {
        if (!lensContext.isLazyAuditRequest()) {
            auditEvent(lensContext, auditEventStage, null, false, task, operationResult, operationResult2);
            return;
        }
        if (auditEventStage == AuditEventStage.REQUEST || auditEventStage != AuditEventStage.EXECUTION || lensContext.getUnauditedExecutedDeltas().isEmpty()) {
            return;
        }
        if (!lensContext.isRequestAudited()) {
            auditEvent(lensContext, AuditEventStage.REQUEST, lensContext.getStats().getRequestTimestamp(), false, task, operationResult, operationResult2);
        }
        auditEvent(lensContext, auditEventStage, null, false, task, operationResult, operationResult2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public <F extends ObjectType> void auditFinalExecution(LensContext<F> lensContext, Task task, OperationResult operationResult, OperationResult operationResult2) {
        if (!lensContext.isRequestAudited() || lensContext.isExecutionAudited()) {
            return;
        }
        auditEvent(lensContext, AuditEventStage.EXECUTION, null, true, task, operationResult, operationResult2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public <F extends ObjectType> void auditEvent(LensContext<F> lensContext, AuditEventStage auditEventStage, XMLGregorianCalendar xMLGregorianCalendar, boolean z, Task task, OperationResult operationResult, OperationResult operationResult2) {
        PrismObject<? extends ObjectType> objectOld;
        ObjectDelta<? extends ObjectType> currentDelta;
        boolean z2;
        List<SystemConfigurationAuditEventRecordingPropertyType> emptyList;
        ObjectReferenceType resourceRef;
        if (lensContext.getFocusContext() != null) {
            objectOld = lensContext.getFocusContext().getObjectOld() != null ? lensContext.getFocusContext().getObjectOld() : lensContext.getFocusContext().getObjectNew();
            currentDelta = lensContext.getFocusContext().getSummaryDelta();
        } else {
            Collection<LensProjectionContext> projectionContexts = lensContext.getProjectionContexts();
            if (projectionContexts.isEmpty()) {
                throw new IllegalStateException("No focus and no projections in " + lensContext);
            }
            if (projectionContexts.size() > 1) {
                throw new IllegalStateException("No focus and more than one projection in " + lensContext);
            }
            LensProjectionContext next = projectionContexts.iterator().next();
            objectOld = next.getObjectOld() != null ? next.getObjectOld() : next.getObjectNew();
            currentDelta = next.getCurrentDelta();
        }
        AuditEventRecord auditEventRecord = new AuditEventRecord(determineEventType(currentDelta), auditEventStage);
        auditEventRecord.setRequestIdentifier(lensContext.getRequestIdentifier());
        ExpressionType expressionType = null;
        SystemConfigurationType systemConfigurationType = lensContext.getSystemConfigurationType();
        if (systemConfigurationType == null || systemConfigurationType.getAudit() == null || systemConfigurationType.getAudit().getEventRecording() == null) {
            z2 = false;
            emptyList = Collections.emptyList();
        } else {
            SystemConfigurationAuditEventRecordingType eventRecording = systemConfigurationType.getAudit().getEventRecording();
            z2 = Boolean.TRUE.equals(eventRecording.isRecordResourceOids());
            emptyList = eventRecording.getProperty();
            expressionType = eventRecording.getExpression();
        }
        if (objectOld != null) {
            auditEventRecord.setTarget(objectOld, this.prismContext);
            if (z2) {
                if (objectOld.getRealValue() instanceof FocusType) {
                    Iterator<ObjectReferenceType> it = ((FocusType) objectOld.getRealValue()).getLinkRef().iterator();
                    while (it.hasNext()) {
                        LensProjectionContext findProjectionContextByOid = lensContext.findProjectionContextByOid(it.next().getOid());
                        if (findProjectionContextByOid != null && StringUtils.isNotBlank(findProjectionContextByOid.getResourceOid())) {
                            auditEventRecord.addResourceOid(findProjectionContextByOid.getResourceOid());
                        }
                    }
                } else if ((objectOld.getRealValue() instanceof ShadowType) && (resourceRef = ((ShadowType) objectOld.getRealValue()).getResourceRef()) != null && resourceRef.getOid() != null) {
                    auditEventRecord.addResourceOid(resourceRef.getOid());
                }
            }
        }
        auditEventRecord.setChannel(lensContext.getChannel());
        OperationResult clone = operationResult2.clone(2, false);
        Iterator<OperationResult> it2 = clone.getSubresults().iterator();
        while (it2.hasNext()) {
            it2.next().computeStatusIfUnknown();
        }
        clone.computeStatus();
        if (auditEventStage == AuditEventStage.REQUEST) {
            Collection<ObjectDeltaOperation<? extends ObjectType>> cloneDeltaCollection = ObjectDeltaOperation.cloneDeltaCollection(lensContext.getPrimaryChanges());
            checkNamesArePresent(cloneDeltaCollection, objectOld);
            auditEventRecord.addDeltas(cloneDeltaCollection);
            if (auditEventRecord.getTargetRef() == null) {
                auditEventRecord.setTargetRef(ModelImplUtils.determineAuditTargetDeltaOps(cloneDeltaCollection, lensContext.getPrismContext()));
            }
        } else {
            if (auditEventStage != AuditEventStage.EXECUTION) {
                throw new IllegalStateException("Unknown audit stage " + auditEventStage);
            }
            auditEventRecord.setOutcome(clone.getStatus());
            Collection<ObjectDeltaOperation<? extends ObjectType>> unauditedExecutedDeltas = lensContext.getUnauditedExecutedDeltas();
            if (!z && unauditedExecutedDeltas.isEmpty()) {
                return;
            }
            Collection<ObjectDeltaOperation<? extends ObjectType>> cloneCollection = ObjectDeltaOperation.cloneCollection(unauditedExecutedDeltas);
            checkNamesArePresent(cloneCollection, objectOld);
            auditEventRecord.addDeltas(cloneCollection);
        }
        if (xMLGregorianCalendar != null) {
            auditEventRecord.setTimestamp(Long.valueOf(XmlTypeConverter.toMillis(xMLGregorianCalendar)));
        }
        addRecordMessage(auditEventRecord, clone.getMessage());
        Iterator<SystemConfigurationAuditEventRecordingPropertyType> it3 = emptyList.iterator();
        while (it3.hasNext()) {
            evaluateAuditRecordProperty(it3.next(), auditEventRecord, objectOld, lensContext, task, operationResult);
        }
        if (expressionType != null) {
            auditEventRecord = this.auditHelper.evaluateRecordingExpression(expressionType, auditEventRecord, objectOld, lensContext, task, operationResult);
        }
        if (auditEventRecord != null) {
            this.auditHelper.audit(auditEventRecord, lensContext.getNameResolver(), task, operationResult);
        }
        if (auditEventStage == AuditEventStage.EXECUTION) {
            lensContext.markExecutedDeltasAudited();
            lensContext.setExecutionAudited(true);
        } else {
            if (!$assertionsDisabled && auditEventStage != AuditEventStage.REQUEST) {
                throw new AssertionError();
            }
            lensContext.setRequestAudited(true);
        }
    }

    private <F extends ObjectType> void evaluateAuditRecordProperty(SystemConfigurationAuditEventRecordingPropertyType systemConfigurationAuditEventRecordingPropertyType, AuditEventRecord auditEventRecord, PrismObject<? extends ObjectType> prismObject, LensContext<F> lensContext, Task task, OperationResult operationResult) {
        String name = systemConfigurationAuditEventRecordingPropertyType.getName();
        OperationResult build = operationResult.subresult(OP_EVALUATE_AUDIT_RECORD_PROPERTY).addParam("name", name).setMinor().build();
        try {
            try {
                if (StringUtils.isBlank(name)) {
                    throw new IllegalArgumentException("Name of SystemConfigurationAuditEventRecordingPropertyType is empty or null in " + systemConfigurationAuditEventRecordingPropertyType);
                }
                if (!targetSelectorMatches(systemConfigurationAuditEventRecordingPropertyType.getTargetSelector(), prismObject)) {
                    build.recordNotApplicable();
                    build.recordSuccessIfUnknown();
                    return;
                }
                ExpressionType expression = systemConfigurationAuditEventRecordingPropertyType.getExpression();
                if (expression != null) {
                    VariablesMap variablesMap = new VariablesMap();
                    variablesMap.put("target", prismObject, PrismObject.class);
                    variablesMap.put(ExpressionConstants.VAR_AUDIT_RECORD, auditEventRecord, AuditEventRecord.class);
                    Collection<String> evaluateStringExpression = ExpressionUtil.evaluateStringExpression(variablesMap, this.prismContext, expression, lensContext.getPrivilegedExpressionProfile(), this.expressionFactory, "value for custom column of audit table", task, build);
                    if (evaluateStringExpression != null && !evaluateStringExpression.isEmpty()) {
                        if (evaluateStringExpression.size() != 1) {
                            throw new IllegalArgumentException("Collection of expression result contains more than one value");
                        }
                        auditEventRecord.getCustomColumnProperty().put(name, evaluateStringExpression.iterator().next());
                    }
                }
                build.recordSuccessIfUnknown();
            } catch (Throwable th) {
                LoggingUtils.logUnexpectedException(LOGGER, "Couldn't evaluate audit record property expression {}", th, name);
                build.recordPartialError(th);
                build.recordSuccessIfUnknown();
            }
        } catch (Throwable th2) {
            build.recordSuccessIfUnknown();
            throw th2;
        }
    }

    private boolean targetSelectorMatches(List<ObjectSelectorType> list, PrismObject<? extends ObjectType> prismObject) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
        if (list.isEmpty()) {
            return true;
        }
        Iterator<ObjectSelectorType> it = list.iterator();
        while (it.hasNext()) {
            if (this.repositoryService.selectorMatches(it.next(), prismObject, null, LOGGER, "target selector")) {
                return true;
            }
        }
        LOGGER.debug("No selector matches for {}", prismObject);
        return false;
    }

    @NotNull
    private AuditEventType determineEventType(ObjectDelta<? extends ObjectType> objectDelta) {
        AuditEventType auditEventType;
        if (objectDelta == null) {
            auditEventType = AuditEventType.SYNCHRONIZATION;
        } else if (objectDelta.isAdd()) {
            auditEventType = AuditEventType.ADD_OBJECT;
        } else if (objectDelta.isModify()) {
            auditEventType = AuditEventType.MODIFY_OBJECT;
        } else {
            if (!objectDelta.isDelete()) {
                throw new IllegalStateException("Unknown state of delta " + objectDelta);
            }
            auditEventType = AuditEventType.DELETE_OBJECT;
        }
        return auditEventType;
    }

    private void checkNamesArePresent(Collection<ObjectDeltaOperation<? extends ObjectType>> collection, PrismObject<? extends ObjectType> prismObject) {
        if (prismObject != null) {
            for (ObjectDeltaOperation<? extends ObjectType> objectDeltaOperation : collection) {
                if (objectDeltaOperation.getObjectName() == null) {
                    objectDeltaOperation.setObjectName(prismObject.getName());
                }
            }
        }
    }

    private void addRecordMessage(AuditEventRecord auditEventRecord, String str) {
        if (auditEventRecord.getMessage() != null) {
            return;
        }
        if (!StringUtils.isEmpty(str)) {
            auditEventRecord.setMessage(str);
            return;
        }
        Collection<ObjectDeltaOperation<? extends ObjectType>> deltas = auditEventRecord.getDeltas();
        if (deltas.isEmpty()) {
            return;
        }
        StringBuilder sb = new StringBuilder();
        Iterator<ObjectDeltaOperation<? extends ObjectType>> it = deltas.iterator();
        while (it.hasNext()) {
            OperationResult executionResult = it.next().getExecutionResult();
            if (executionResult != null) {
                String message = executionResult.getMessage();
                if (!StringUtils.isEmpty(message)) {
                    if (sb.length() != 0) {
                        sb.append("; ");
                    }
                    sb.append(message);
                }
            }
        }
        auditEventRecord.setMessage(sb.toString());
    }

    static {
        $assertionsDisabled = !ClockworkAuditHelper.class.desiredAssertionStatus();
        LOGGER = TraceManager.getTrace((Class<?>) ClockworkAuditHelper.class);
        OP_EVALUATE_AUDIT_RECORD_PROPERTY = ClockworkAuditHelper.class.getName() + ".evaluateAuditRecordProperty";
    }
}
