package com.evolveum.midpoint.provisioning.impl.resourceobjects;

import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.delta.PropertyDeltaCollectionsUtil;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.provisioning.impl.CommonBeans;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.provisioning.ucf.api.Operation;
import com.evolveum.midpoint.provisioning.ucf.api.PropertyModificationOperation;
import com.evolveum.midpoint.schema.CapabilityUtil;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.processor.ResourceAttribute;
import com.evolveum.midpoint.schema.processor.ResourceAttributeContainer;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.SchemaDebugUtil;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.PrettyPrinter;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationStatusCapabilityType;
import java.util.ArrayList;
import java.util.Collection;
import javax.xml.namespace.QName;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/provisioning-impl-4.3.3-SNAPSHOT.jar:com/evolveum/midpoint/provisioning/impl/resourceobjects/ActivationConverter.class */
public class ActivationConverter {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ActivationConverter.class);

    @NotNull
    private final ProvisioningContext ctx;

    @NotNull
    private final CommonBeans beans;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ActivationConverter(@NotNull ProvisioningContext provisioningContext, @NotNull CommonBeans commonBeans) {
        this.ctx = provisioningContext;
        this.beans = commonBeans;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void completeActivation(PrismObject<ShadowType> prismObject, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        ShadowType asObjectable = prismObject.asObjectable();
        ActivationCapabilityType activationCapabilityType = (ActivationCapabilityType) this.ctx.getEffectiveCapability(ActivationCapabilityType.class);
        if (!CapabilityUtil.isCapabilityEnabled(activationCapabilityType) && asObjectable.getActivation() == null) {
            LOGGER.trace("No activation capability and also no activation information in the resource object.");
            return;
        }
        ActivationStatusType determineActivationStatus = determineActivationStatus(prismObject, activationCapabilityType, operationResult);
        LockoutStatusType determineLockoutStatus = determineLockoutStatus(prismObject, activationCapabilityType, operationResult);
        if (determineActivationStatus == null && determineLockoutStatus == null) {
            if (asObjectable.getActivation() != null) {
                asObjectable.getActivation().setAdministrativeStatus(null);
                asObjectable.getActivation().setLockoutStatus(null);
                return;
            }
            return;
        }
        if (asObjectable.getActivation() == null) {
            asObjectable.setActivation(new ActivationType(this.beans.prismContext));
        }
        asObjectable.getActivation().setAdministrativeStatus(determineActivationStatus);
        asObjectable.getActivation().setLockoutStatus(determineLockoutStatus);
    }

    private ActivationStatusType determineActivationStatus(PrismObject<ShadowType> prismObject, ActivationCapabilityType activationCapabilityType, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        ActivationType activation = prismObject.asObjectable().getActivation();
        ActivationStatusType administrativeStatus = activation != null ? activation.getAdministrativeStatus() : null;
        ActivationStatusCapabilityType enabledActivationStatusStrict = CapabilityUtil.getEnabledActivationStatusStrict(activationCapabilityType);
        if (enabledActivationStatusStrict == null) {
            if (administrativeStatus == null) {
                return null;
            }
            LOGGER.trace("The status capability is disabled. Ignoring native value: {}", administrativeStatus);
            return null;
        }
        if (enabledActivationStatusStrict.getAttribute() == null) {
            LOGGER.trace("Simulated activation status is not configured. Using native value: {}", administrativeStatus);
            return administrativeStatus;
        }
        Collection<Object> simulatingAttributeValues = getSimulatingAttributeValues(prismObject, enabledActivationStatusStrict.getAttribute());
        ActivationStatusType activationStatusType = (ActivationStatusType) new TwoStateSimulatedToRealConverter(enabledActivationStatusStrict.getEnableValue(), enabledActivationStatusStrict.getDisableValue(), ActivationStatusType.ENABLED, ActivationStatusType.DISABLED, "activation status", this.ctx).convert(simulatingAttributeValues, operationResult);
        LOGGER.trace("Detected simulated activation administrativeStatus attribute {} on {} with value {}, resolved into {}", DebugUtil.lazy(() -> {
            return SchemaDebugUtil.prettyPrint(enabledActivationStatusStrict.getAttribute());
        }), this.ctx.getResource(), simulatingAttributeValues, activationStatusType);
        if (!Boolean.FALSE.equals(enabledActivationStatusStrict.isIgnoreAttribute())) {
            removeSimulatingAttribute(prismObject, enabledActivationStatusStrict.getAttribute());
        }
        return activationStatusType;
    }

    private LockoutStatusType determineLockoutStatus(PrismObject<ShadowType> prismObject, ActivationCapabilityType activationCapabilityType, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        ActivationType activation = prismObject.asObjectable().getActivation();
        LockoutStatusType lockoutStatus = activation != null ? activation.getLockoutStatus() : null;
        ActivationLockoutStatusCapabilityType enabledActivationLockoutStrict = CapabilityUtil.getEnabledActivationLockoutStrict(activationCapabilityType);
        if (enabledActivationLockoutStrict == null) {
            if (lockoutStatus == null) {
                return null;
            }
            LOGGER.trace("The lockout capability is disabled. Ignoring native value: {}", lockoutStatus);
            return null;
        }
        if (enabledActivationLockoutStrict.getAttribute() == null) {
            LOGGER.trace("Simulated lockout status is not configured. Using native value: {}", lockoutStatus);
            return lockoutStatus;
        }
        Collection<Object> simulatingAttributeValues = getSimulatingAttributeValues(prismObject, enabledActivationLockoutStrict.getAttribute());
        LockoutStatusType lockoutStatusType = (LockoutStatusType) new TwoStateSimulatedToRealConverter(enabledActivationLockoutStrict.getNormalValue(), enabledActivationLockoutStrict.getLockedValue(), LockoutStatusType.NORMAL, LockoutStatusType.LOCKED, "lockout status", this.ctx).convert(simulatingAttributeValues, operationResult);
        LOGGER.trace("Detected simulated activation lockoutStatus attribute {} on {} with value {}, resolved into {}", DebugUtil.lazy(() -> {
            return SchemaDebugUtil.prettyPrint(enabledActivationLockoutStrict.getAttribute());
        }), this.ctx.getResource(), simulatingAttributeValues, lockoutStatusType);
        if (!Boolean.FALSE.equals(enabledActivationLockoutStrict.isIgnoreAttribute())) {
            removeSimulatingAttribute(prismObject, enabledActivationLockoutStrict.getAttribute());
        }
        return lockoutStatusType;
    }

    @Nullable
    private Collection<Object> getSimulatingAttributeValues(PrismObject<ShadowType> prismObject, QName qName) {
        ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(prismObject);
        ResourceAttribute findAttribute = attributesContainer != null ? attributesContainer.findAttribute(qName) : null;
        if (findAttribute != null) {
            return findAttribute.getRealValues(Object.class);
        }
        return null;
    }

    private void removeSimulatingAttribute(PrismObject<ShadowType> prismObject, QName qName) {
        ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(prismObject);
        if (attributesContainer != null) {
            attributesContainer.removeProperty(ItemPath.create(qName));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void transformActivationOnAdd(ShadowType shadowType, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        ActivationType activation = shadowType.getActivation();
        if (activation == null) {
            return;
        }
        ActivationCapabilityType activationCapabilityType = (ActivationCapabilityType) this.ctx.getEffectiveCapability(ActivationCapabilityType.class);
        if (activation.getAdministrativeStatus() != null) {
            transformActivationStatusOnAdd(shadowType, activationCapabilityType, operationResult);
        }
        if (activation.getLockoutStatus() != null) {
            transformLockoutStatusOnAdd(shadowType, activationCapabilityType, operationResult);
        }
    }

    private void transformActivationStatusOnAdd(ShadowType shadowType, ActivationCapabilityType activationCapabilityType, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        ActivationStatusCapabilityType enabledActivationStatusStrict = CapabilityUtil.getEnabledActivationStatusStrict(activationCapabilityType);
        LOGGER.trace("Activation status capability:\n{}", enabledActivationStatusStrict);
        if (enabledActivationStatusStrict == null) {
            throw new SchemaException("Attempt to set activation/administrativeStatus on " + this.ctx.getResource() + " that has neither native nor simulated activation/status capability");
        }
        QName attribute = enabledActivationStatusStrict.getAttribute();
        if (attribute == null) {
            LOGGER.trace("Using native activation status capability");
        } else if (TwoStateRealToSimulatedConverter.create(enabledActivationStatusStrict, attribute, this.ctx, this.beans).convertProperty(shadowType.getActivation().getAdministrativeStatus(), shadowType, operationResult)) {
            shadowType.getActivation().setAdministrativeStatus(null);
        }
    }

    private void transformLockoutStatusOnAdd(ShadowType shadowType, ActivationCapabilityType activationCapabilityType, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        ActivationLockoutStatusCapabilityType enabledActivationLockoutStrict = CapabilityUtil.getEnabledActivationLockoutStrict(activationCapabilityType);
        LOGGER.trace("Lockout status capability:\n{}", enabledActivationLockoutStrict);
        if (enabledActivationLockoutStrict == null) {
            throw new SchemaException("Attempt to set activation/lockoutStatus on " + this.ctx.getResource() + " that has neither native nor simulated activation/lockoutStatus capability");
        }
        QName attribute = enabledActivationLockoutStrict.getAttribute();
        if (attribute == null) {
            LOGGER.trace("Using native lockout status capability");
        } else if (TwoStateRealToSimulatedConverter.create(enabledActivationLockoutStrict, attribute, this.ctx, this.beans).convertProperty(shadowType.getActivation().getLockoutStatus(), shadowType, operationResult)) {
            shadowType.getActivation().setLockoutStatus(null);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public Collection<Operation> createActivationChangeOperations(ShadowType shadowType, Collection<? extends ItemDelta<?, ?>> collection, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        ArrayList arrayList = new ArrayList();
        ResourceType resource = this.ctx.getResource();
        ActivationCapabilityType activationCapabilityType = (ActivationCapabilityType) this.ctx.getEffectiveCapability(ActivationCapabilityType.class);
        LOGGER.trace("Found activation capability: {}", PrettyPrinter.prettyPrint(activationCapabilityType));
        createActivationStatusChange(collection, shadowType, activationCapabilityType, resource, arrayList, operationResult);
        createLockoutStatusChange(collection, shadowType, activationCapabilityType, resource, arrayList, operationResult);
        createValidFromChange(collection, activationCapabilityType, resource, arrayList, operationResult);
        createValidToChange(collection, activationCapabilityType, resource, arrayList, operationResult);
        return arrayList;
    }

    private void createActivationStatusChange(Collection<? extends ItemDelta<?, ?>> collection, ShadowType shadowType, ActivationCapabilityType activationCapabilityType, ResourceType resourceType, Collection<Operation> collection2, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        PropertyDelta<?> findPropertyDelta = PropertyDeltaCollectionsUtil.findPropertyDelta(collection, SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS);
        if (findPropertyDelta == null) {
            return;
        }
        ActivationStatusCapabilityType enabledActivationStatus = CapabilityUtil.getEnabledActivationStatus(activationCapabilityType);
        if (enabledActivationStatus == null) {
            SchemaException schemaException = new SchemaException("Attempt to change activation administrativeStatus on " + resourceType + " which does not have the capability");
            operationResult.recordFatalError(schemaException);
            throw schemaException;
        }
        QName attribute = enabledActivationStatus.getAttribute();
        if (attribute == null) {
            LOGGER.trace("No simulation attribute, using native value");
            addModification(collection2, findPropertyDelta);
            return;
        }
        ActivationStatusType activationStatusType = (ActivationStatusType) PrismProperty.getRealValue(findPropertyDelta.getPropertyNewMatchingPath());
        LOGGER.trace("Found activation administrativeStatus change to: {}", activationStatusType);
        Operation convertDelta = TwoStateRealToSimulatedConverter.create(enabledActivationStatus, attribute, this.ctx, this.beans).convertDelta(activationStatusType, shadowType, operationResult);
        if (convertDelta != null) {
            collection2.add(convertDelta);
        } else {
            addModification(collection2, findPropertyDelta);
        }
    }

    private void createLockoutStatusChange(Collection<? extends ItemDelta<?, ?>> collection, ShadowType shadowType, ActivationCapabilityType activationCapabilityType, ResourceType resourceType, Collection<Operation> collection2, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        PropertyDelta<?> findPropertyDelta = PropertyDeltaCollectionsUtil.findPropertyDelta(collection, SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS);
        if (findPropertyDelta == null) {
            return;
        }
        ActivationLockoutStatusCapabilityType enabledActivationLockoutStrict = CapabilityUtil.getEnabledActivationLockoutStrict(activationCapabilityType);
        if (enabledActivationLockoutStrict == null) {
            SchemaException schemaException = new SchemaException("Attempt to change activation lockoutStatus on " + resourceType + " which does not have the capability");
            operationResult.recordFatalError(schemaException);
            throw schemaException;
        }
        QName attribute = enabledActivationLockoutStrict.getAttribute();
        if (attribute == null) {
            LOGGER.trace("No simulation attribute, using native value");
            addModification(collection2, findPropertyDelta);
            return;
        }
        LockoutStatusType lockoutStatusType = (LockoutStatusType) PrismProperty.getRealValue(findPropertyDelta.getPropertyNewMatchingPath());
        LOGGER.trace("Found activation lockout change to: {}", lockoutStatusType);
        Operation convertDelta = TwoStateRealToSimulatedConverter.create(enabledActivationLockoutStrict, attribute, this.ctx, this.beans).convertDelta(lockoutStatusType, shadowType, operationResult);
        if (convertDelta != null) {
            collection2.add(convertDelta);
        } else {
            addModification(collection2, findPropertyDelta);
        }
    }

    private void createValidFromChange(Collection<? extends ItemDelta<?, ?>> collection, ActivationCapabilityType activationCapabilityType, ResourceType resourceType, Collection<Operation> collection2, OperationResult operationResult) throws SchemaException {
        PropertyDelta<?> findPropertyDelta = PropertyDeltaCollectionsUtil.findPropertyDelta(collection, SchemaConstants.PATH_ACTIVATION_VALID_FROM);
        if (findPropertyDelta == null) {
            return;
        }
        if (CapabilityUtil.getEnabledActivationValidFrom(activationCapabilityType) == null) {
            SchemaException schemaException = new SchemaException("Attempt to change activation validFrom on " + resourceType + " which does not have the capability");
            operationResult.recordFatalError(schemaException);
            throw schemaException;
        }
        LOGGER.trace("Found activation validFrom change to: {}", PrismProperty.getRealValue(findPropertyDelta.getPropertyNewMatchingPath()));
        addModification(collection2, findPropertyDelta);
    }

    private void createValidToChange(Collection<? extends ItemDelta<?, ?>> collection, ActivationCapabilityType activationCapabilityType, ResourceType resourceType, Collection<Operation> collection2, OperationResult operationResult) throws SchemaException {
        PropertyDelta<?> findPropertyDelta = PropertyDeltaCollectionsUtil.findPropertyDelta(collection, SchemaConstants.PATH_ACTIVATION_VALID_TO);
        if (findPropertyDelta == null) {
            return;
        }
        if (CapabilityUtil.getEnabledActivationValidTo(activationCapabilityType) == null) {
            SchemaException schemaException = new SchemaException("Attempt to change activation validTo on " + resourceType + " which does not have the capability");
            operationResult.recordFatalError(schemaException);
            throw schemaException;
        }
        LOGGER.trace("Found activation validTo change to: {}", PrismProperty.getRealValue(findPropertyDelta.getPropertyNewMatchingPath()));
        addModification(collection2, findPropertyDelta);
    }

    private void addModification(Collection<Operation> collection, PropertyDelta<?> propertyDelta) {
        collection.add(new PropertyModificationOperation(propertyDelta));
    }
}
