package com.evolveum.midpoint.provisioning.impl.shadows;

import com.evolveum.midpoint.common.Clock;
import com.evolveum.midpoint.prism.Item;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.delta.DeltaFactory;
import com.evolveum.midpoint.provisioning.api.ConstraintsCheckingResult;
import com.evolveum.midpoint.provisioning.api.EventDispatcher;
import com.evolveum.midpoint.provisioning.api.ProvisioningOperationOptions;
import com.evolveum.midpoint.provisioning.api.ResourceOperationDescription;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContextFactory;
import com.evolveum.midpoint.provisioning.impl.ProvisioningOperationState;
import com.evolveum.midpoint.provisioning.impl.ShadowCaretaker;
import com.evolveum.midpoint.provisioning.impl.resourceobjects.ResourceObjectConverter;
import com.evolveum.midpoint.provisioning.impl.shadows.errors.ErrorHandler;
import com.evolveum.midpoint.provisioning.impl.shadows.errors.ErrorHandlerLocator;
import com.evolveum.midpoint.provisioning.impl.shadows.manager.ShadowManager;
import com.evolveum.midpoint.provisioning.ucf.api.ConnectorOperationOptions;
import com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException;
import com.evolveum.midpoint.provisioning.util.ProvisioningUtil;
import com.evolveum.midpoint.schema.cache.CacheConfigurationManager;
import com.evolveum.midpoint.schema.internals.InternalCounters;
import com.evolveum.midpoint.schema.internals.InternalMonitor;
import com.evolveum.midpoint.schema.processor.ResourceAttributeContainer;
import com.evolveum.midpoint.schema.result.AsynchronousOperationReturnValue;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.schema.util.ResourceTypeUtil;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.annotation.Experimental;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.MaintenanceException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationProvisioningScriptsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PendingOperationExecutionStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowCheckType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.prism.xml.ns._public.types_3.ChangeTypeType;
import java.util.Collection;
import java.util.Iterator;
import javax.xml.datatype.XMLGregorianCalendar;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

/* JADX INFO: Access modifiers changed from: package-private */
@Experimental
@Component
/* loaded from: input_file:WEB-INF/lib/provisioning-impl-4.5.1-SNAPSHOT.jar:com/evolveum/midpoint/provisioning/impl/shadows/AddHelper.class */
public class AddHelper {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) AddHelper.class);

    @Autowired
    private ErrorHandlerLocator errorHandlerLocator;

    @Autowired
    private Clock clock;

    @Autowired
    private PrismContext prismContext;

    @Autowired
    private ShadowsFacade shadowsFacade;

    @Autowired
    private ResourceObjectConverter resourceObjectConverter;

    @Autowired
    private ShadowCaretaker shadowCaretaker;

    @Autowired
    protected ShadowManager shadowManager;

    @Autowired
    private EventDispatcher eventDispatcher;

    @Autowired
    private AccessChecker accessChecker;

    @Autowired
    private ProvisioningContextFactory ctxFactory;

    @Autowired
    private CacheConfigurationManager cacheConfigurationManager;

    @Autowired
    private CommonHelper commonHelper;

    @Autowired
    private EntitlementsHelper entitlementsHelper;

    AddHelper() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String addResourceObject(@NotNull PrismObject<ShadowType> prismObject, OperationProvisioningScriptsType operationProvisioningScriptsType, ProvisioningOperationOptions provisioningOperationOptions, @NotNull Task task, @NotNull OperationResult operationResult) throws CommunicationException, GenericFrameworkException, ObjectAlreadyExistsException, SchemaException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException, EncryptionException {
        InternalMonitor.recordCount(InternalCounters.SHADOW_CHANGE_OPERATION_COUNT);
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Start adding shadow object{}:\n{}", Util.getAdditionalOperationDesc(operationProvisioningScriptsType, provisioningOperationOptions), prismObject.debugDump(1));
        }
        ResourceType resource = this.ctxFactory.getResource(prismObject, task, operationResult);
        try {
            ProvisioningContext createForShadow = this.ctxFactory.createForShadow(prismObject, resource, task);
            createForShadow.assertDefinition();
            return addShadowAttempt(createForShadow, prismObject, operationProvisioningScriptsType, new ProvisioningOperationState<>(), provisioningOperationOptions, task, operationResult);
        } catch (SchemaException e) {
            operationResult.recordFatalErrorNotFinish(e);
            this.eventDispatcher.notifyFailure(ProvisioningUtil.createResourceFailureDescription(prismObject, resource, prismObject.createAddDelta(), operationResult), task, operationResult);
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String addShadowAttempt(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, OperationProvisioningScriptsType operationProvisioningScriptsType, ProvisioningOperationState<AsynchronousOperationReturnValue<PrismObject<ShadowType>>> provisioningOperationState, ProvisioningOperationOptions provisioningOperationOptions, Task task, OperationResult operationResult) throws CommunicationException, GenericFrameworkException, ObjectAlreadyExistsException, SchemaException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException, EncryptionException {
        Item findContainer = prismObject.findContainer(ShadowType.F_ATTRIBUTES);
        if (findContainer == null || findContainer.isEmpty()) {
            SchemaException schemaException = new SchemaException("Attempt to add resource object without any attributes: " + prismObject);
            operationResult.recordFatalError(schemaException);
            this.eventDispatcher.notifyFailure(ProvisioningUtil.createResourceFailureDescription(prismObject, provisioningContext.getResource(), prismObject.createAddDelta(), operationResult), task, operationResult);
            throw schemaException;
        }
        if (!(findContainer instanceof ResourceAttributeContainer)) {
            this.shadowCaretaker.applyAttributesDefinition(provisioningContext, prismObject);
        }
        preAddChecks(provisioningContext, prismObject, provisioningOperationState, task, operationResult);
        this.shadowManager.addNewProposedShadow(provisioningContext, prismObject, provisioningOperationState, task, operationResult);
        this.entitlementsHelper.preprocessEntitlements(provisioningContext, prismObject, operationResult);
        this.shadowCaretaker.applyAttributesDefinition(provisioningContext, prismObject);
        this.shadowManager.setKindIfNecessary(prismObject.asObjectable(), provisioningContext);
        this.accessChecker.checkAdd(provisioningContext, prismObject, operationResult);
        PrismObject<ShadowType> prismObject2 = null;
        OperationResultStatus operationResultStatus = null;
        if (Util.shouldExecuteResourceOperationDirectly(provisioningContext)) {
            ConnectorOperationOptions createConnectorOperationOptions = this.commonHelper.createConnectorOperationOptions(provisioningContext, provisioningOperationOptions, operationResult);
            LOGGER.trace("ADD {}: resource operation, execution starting", prismObject);
            try {
            } catch (MaintenanceException e) {
                operationResultStatus = handleAddError(provisioningContext, prismObject, provisioningOperationOptions, provisioningOperationState, e, operationResult.getLastSubresult(), task, operationResult);
                if (provisioningOperationState.getRepoShadow() != null) {
                    Util.setParentOperationStatus(operationResult, provisioningOperationState, operationResultStatus);
                    return provisioningOperationState.getRepoShadow().getOid();
                }
            } catch (ObjectAlreadyExistsException e2) {
                LOGGER.trace("Object already exists error when trying to add {}, exploring the situation", ShadowUtil.shortDumpShadowLazily(prismObject));
                OperationResult lastSubresult = operationResult.getLastSubresult();
                if (hasDeadShadowWithDeleteOperation(provisioningContext, prismObject, operationResult)) {
                    if (lastSubresult.isError()) {
                        lastSubresult.setStatus(OperationResultStatus.HANDLED_ERROR);
                    }
                    try {
                        LOGGER.trace("ADD {}: retrying resource operation without uniqueness check (previous dead shadow found), execution starting", prismObject);
                        AsynchronousOperationReturnValue<PrismObject<ShadowType>> addResourceObject = this.resourceObjectConverter.addResourceObject(provisioningContext, prismObject, operationProvisioningScriptsType, createConnectorOperationOptions, true, operationResult);
                        provisioningOperationState.processAsyncResult(addResourceObject);
                        prismObject2 = addResourceObject.getReturnValue();
                    } catch (ObjectAlreadyExistsException e3) {
                        this.shadowManager.markShadowTombstone(provisioningOperationState.getRepoShadow(), task, operationResult);
                        operationResultStatus = handleAddError(provisioningContext, prismObject, provisioningOperationOptions, provisioningOperationState, e3, lastSubresult, task, operationResult);
                    } catch (Exception e4) {
                        operationResultStatus = handleAddError(provisioningContext, prismObject, provisioningOperationOptions, provisioningOperationState, e4, operationResult.getLastSubresult(), task, operationResult);
                    }
                } else {
                    this.shadowManager.markShadowTombstone(provisioningOperationState.getRepoShadow(), task, operationResult);
                    operationResultStatus = handleAddError(provisioningContext, prismObject, provisioningOperationOptions, provisioningOperationState, e2, lastSubresult, task, operationResult);
                }
            } catch (Exception e5) {
                operationResultStatus = handleAddError(provisioningContext, prismObject, provisioningOperationOptions, provisioningOperationState, e5, operationResult.getLastSubresult(), task, operationResult);
            }
            if (ResourceTypeUtil.isInMaintenance(provisioningContext.getResource())) {
                throw new MaintenanceException("Resource " + provisioningContext.getResource() + " is in the maintenance");
            }
            AsynchronousOperationReturnValue<PrismObject<ShadowType>> addResourceObject2 = this.resourceObjectConverter.addResourceObject(provisioningContext, prismObject, operationProvisioningScriptsType, createConnectorOperationOptions, false, operationResult);
            provisioningOperationState.processAsyncResult(addResourceObject2);
            prismObject2 = addResourceObject2.getReturnValue();
            LOGGER.debug("ADD {}: resource operation executed, operation state: {}", prismObject, provisioningOperationState.shortDumpLazily());
        } else {
            provisioningOperationState.setExecutionStatus(PendingOperationExecutionStatusType.EXECUTION_PENDING);
            operationResult.createSubresult(ShadowsFacade.OP_DELAYED_OPERATION).recordInProgress();
            LOGGER.debug("ADD {}: resource operation NOT executed, execution pending", prismObject);
        }
        this.shadowManager.recordAddResult(provisioningContext, prismObject, provisioningOperationState, operationResult);
        if (prismObject2 == null) {
            prismObject2 = prismObject;
        }
        prismObject2.setOid(provisioningOperationState.getRepoShadow().getOid());
        notifyAfterAdd(provisioningContext, prismObject2, provisioningOperationState, task, operationResult);
        Util.setParentOperationStatus(operationResult, provisioningOperationState, operationResultStatus);
        return provisioningOperationState.getRepoShadow().getOid();
    }

    private boolean hasDeadShadowWithDeleteOperation(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        Collection<PrismObject<ShadowType>> searchForPreviousDeadShadows = this.shadowManager.searchForPreviousDeadShadows(provisioningContext, prismObject, operationResult);
        if (searchForPreviousDeadShadows.isEmpty()) {
            return false;
        }
        LOGGER.trace("Previous dead shadows:\n{}", DebugUtil.debugDumpLazily(searchForPreviousDeadShadows, 1));
        XMLGregorianCalendar currentTimeXMLGregorianCalendar = this.clock.currentTimeXMLGregorianCalendar();
        Iterator<PrismObject<ShadowType>> it = searchForPreviousDeadShadows.iterator();
        while (it.hasNext()) {
            if (this.shadowCaretaker.findPreviousPendingLifecycleOperationInGracePeriod(provisioningContext, it.next(), currentTimeXMLGregorianCalendar) == ChangeTypeType.DELETE) {
                return true;
            }
        }
        return false;
    }

    private OperationResultStatus handleAddError(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, ProvisioningOperationOptions provisioningOperationOptions, ProvisioningOperationState<AsynchronousOperationReturnValue<PrismObject<ShadowType>>> provisioningOperationState, Exception exc, OperationResult operationResult, Task task, OperationResult operationResult2) throws SchemaException, GenericFrameworkException, CommunicationException, ObjectNotFoundException, ObjectAlreadyExistsException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException {
        ErrorHandler locateErrorHandler = this.errorHandlerLocator.locateErrorHandler(exc);
        if (locateErrorHandler == null) {
            operationResult2.recordFatalErrorNotFinish("Error without a handler: " + exc.getMessage(), exc);
            throw new SystemException(exc.getMessage(), exc);
        }
        LOGGER.debug("Handling provisioning ADD exception {}: {}", exc.getClass(), exc.getMessage());
        try {
            OperationResultStatus handleAddError = locateErrorHandler.handleAddError(provisioningContext, prismObject, provisioningOperationOptions, provisioningOperationState, exc, operationResult, task, operationResult2);
            LOGGER.debug("Handled provisioning ADD exception, final status: {}, operation state: {}", handleAddError, provisioningOperationState.shortDumpLazily());
            return handleAddError;
        } catch (CommonException e) {
            LOGGER.debug("Handled provisioning ADD exception, final exception: {}, operation state: {}", e, provisioningOperationState.shortDumpLazily());
            this.commonHelper.handleErrorHandlerException(provisioningContext, provisioningOperationState, prismObject.createAddDelta(), task, operationResult2);
            throw e;
        }
    }

    private void preAddChecks(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, ProvisioningOperationState<AsynchronousOperationReturnValue<PrismObject<ShadowType>>> provisioningOperationState, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException, ObjectAlreadyExistsException, SecurityViolationException {
        checkConstraints(prismObject, provisioningOperationState, provisioningContext, operationResult);
        provisioningContext.validateSchema(prismObject.asObjectable());
    }

    private void checkConstraints(PrismObject<ShadowType> prismObject, ProvisioningOperationState<AsynchronousOperationReturnValue<PrismObject<ShadowType>>> provisioningOperationState, ProvisioningContext provisioningContext, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException, ObjectAlreadyExistsException, SecurityViolationException {
        if (ResourceTypeUtil.getShadowConstraintsCheck(provisioningContext.getResource()) == ShadowCheckType.NONE) {
            return;
        }
        String oid = provisioningOperationState.getRepoShadow() != null ? provisioningOperationState.getRepoShadow().getOid() : prismObject.getOid();
        ConstraintsChecker constraintsChecker = new ConstraintsChecker();
        constraintsChecker.setCacheConfigurationManager(this.cacheConfigurationManager);
        constraintsChecker.setShadowsFacade(this.shadowsFacade);
        constraintsChecker.setProvisioningContext(provisioningContext);
        constraintsChecker.setShadowObject(prismObject);
        constraintsChecker.setShadowOid(oid);
        constraintsChecker.setConstraintViolationConfirmer(ShadowUtil::isNotDead);
        constraintsChecker.setUseCache(false);
        ConstraintsCheckingResult check = constraintsChecker.check(operationResult);
        LOGGER.trace("Checked {} constraints, result={}", prismObject.debugDumpLazily(), Boolean.valueOf(check.isSatisfiesConstraints()));
        if (!check.isSatisfiesConstraints()) {
            throw new ObjectAlreadyExistsException("Conflicting shadow already exists on " + provisioningContext.getResource());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void notifyAfterAdd(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, ProvisioningOperationState<AsynchronousOperationReturnValue<PrismObject<ShadowType>>> provisioningOperationState, Task task, OperationResult operationResult) {
        ResourceOperationDescription createSuccessOperationDescription = Util.createSuccessOperationDescription(provisioningContext, prismObject, DeltaFactory.Object.createAddDelta(prismObject), operationResult);
        if (provisioningOperationState.isExecuting()) {
            this.eventDispatcher.notifyInProgress(createSuccessOperationDescription, task, operationResult);
        } else if (provisioningOperationState.isCompleted()) {
            this.eventDispatcher.notifySuccess(createSuccessOperationDescription, task, operationResult);
        }
    }
}
