package com.evolveum.midpoint.repo.common;

import com.evolveum.midpoint.prism.PrismContainer;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.repo.common.ObjectMarkHelper;
import com.evolveum.midpoint.schema.RelationRegistry;
import com.evolveum.midpoint.schema.SchemaService;
import com.evolveum.midpoint.schema.TaskExecutionMode;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.processor.ResourceObjectDefinition;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ObjectOperationPolicyTypeUtil;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractOperationPolicyConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MarkType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectOperationPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationPolicyConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationPolicyViolationSeverityType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SyncInboundOperationPolicyConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SyncInboundOperationPolicyEnabledType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SynchronizeMembershipOperationPolicyConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SynchronizeOperationPolicyConfigurationType;
import jakarta.annotation.PostConstruct;
import jakarta.annotation.PreDestroy;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/repo-common-4.10-SNAPSHOT.jar:com/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper.class */
public class ObjectOperationPolicyHelper {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ObjectOperationPolicyHelper.class);
    private static final String OP_COMPUTE_EFFECTIVE_POLICY = ObjectOperationPolicyHelper.class.getName() + ".computeEffectivePolicy";
    private static ObjectOperationPolicyHelper instance = null;

    @Autowired
    @Qualifier("cacheRepositoryService")
    private RepositoryService cacheRepositoryService;

    @Autowired
    private ObjectMarkHelper objectMarkHelper;
    private Impl behaviour;

    /* loaded from: input_file:BOOT-INF/lib/repo-common-4.10-SNAPSHOT.jar:com/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$EffectiveMarksAndPolicies.class */
    public static final class EffectiveMarksAndPolicies extends Record {

        @NotNull
        private final Collection<ObjectReferenceType> productionModeEffectiveMarkRefs;

        @NotNull
        private final Collection<ObjectReferenceType> currentModeEffectiveMarkRefs;

        @NotNull
        private final ObjectOperationPolicyType effectiveOperationPolicy;
        private final boolean isProtected;

        public EffectiveMarksAndPolicies(@NotNull Collection<ObjectReferenceType> collection, @NotNull Collection<ObjectReferenceType> collection2, @NotNull ObjectOperationPolicyType objectOperationPolicyType, boolean z) {
            this.productionModeEffectiveMarkRefs = collection;
            this.currentModeEffectiveMarkRefs = collection2;
            this.effectiveOperationPolicy = objectOperationPolicyType;
            this.isProtected = z;
        }

        public void applyTo(@NotNull ObjectType objectType) {
            objectType.getEffectiveMarkRef().clear();
            objectType.getEffectiveMarkRef().addAll(this.currentModeEffectiveMarkRefs);
            objectType.setEffectiveOperationPolicy(this.effectiveOperationPolicy);
            if (objectType instanceof ShadowType) {
                ShadowType shadowType = (ShadowType) objectType;
                if (this.isProtected) {
                    shadowType.setProtectedObject(true);
                }
            }
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, EffectiveMarksAndPolicies.class), EffectiveMarksAndPolicies.class, "productionModeEffectiveMarkRefs;currentModeEffectiveMarkRefs;effectiveOperationPolicy;isProtected", "FIELD:Lcom/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$EffectiveMarksAndPolicies;->productionModeEffectiveMarkRefs:Ljava/util/Collection;", "FIELD:Lcom/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$EffectiveMarksAndPolicies;->currentModeEffectiveMarkRefs:Ljava/util/Collection;", "FIELD:Lcom/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$EffectiveMarksAndPolicies;->effectiveOperationPolicy:Lcom/evolveum/midpoint/xml/ns/_public/common/common_3/ObjectOperationPolicyType;", "FIELD:Lcom/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$EffectiveMarksAndPolicies;->isProtected:Z").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, EffectiveMarksAndPolicies.class), EffectiveMarksAndPolicies.class, "productionModeEffectiveMarkRefs;currentModeEffectiveMarkRefs;effectiveOperationPolicy;isProtected", "FIELD:Lcom/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$EffectiveMarksAndPolicies;->productionModeEffectiveMarkRefs:Ljava/util/Collection;", "FIELD:Lcom/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$EffectiveMarksAndPolicies;->currentModeEffectiveMarkRefs:Ljava/util/Collection;", "FIELD:Lcom/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$EffectiveMarksAndPolicies;->effectiveOperationPolicy:Lcom/evolveum/midpoint/xml/ns/_public/common/common_3/ObjectOperationPolicyType;", "FIELD:Lcom/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$EffectiveMarksAndPolicies;->isProtected:Z").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, EffectiveMarksAndPolicies.class, Object.class), EffectiveMarksAndPolicies.class, "productionModeEffectiveMarkRefs;currentModeEffectiveMarkRefs;effectiveOperationPolicy;isProtected", "FIELD:Lcom/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$EffectiveMarksAndPolicies;->productionModeEffectiveMarkRefs:Ljava/util/Collection;", "FIELD:Lcom/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$EffectiveMarksAndPolicies;->currentModeEffectiveMarkRefs:Ljava/util/Collection;", "FIELD:Lcom/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$EffectiveMarksAndPolicies;->effectiveOperationPolicy:Lcom/evolveum/midpoint/xml/ns/_public/common/common_3/ObjectOperationPolicyType;", "FIELD:Lcom/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$EffectiveMarksAndPolicies;->isProtected:Z").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        @NotNull
        public Collection<ObjectReferenceType> productionModeEffectiveMarkRefs() {
            return this.productionModeEffectiveMarkRefs;
        }

        @NotNull
        public Collection<ObjectReferenceType> currentModeEffectiveMarkRefs() {
            return this.currentModeEffectiveMarkRefs;
        }

        @NotNull
        public ObjectOperationPolicyType effectiveOperationPolicy() {
            return this.effectiveOperationPolicy;
        }

        public boolean isProtected() {
            return this.isProtected;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/repo-common-4.10-SNAPSHOT.jar:com/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$Impl.class */
    public static abstract class Impl {
        private Impl() {
        }

        @NotNull
        abstract ObjectOperationPolicyType computeEffectiveOperationPolicy(@NotNull Collection<ObjectReferenceType> collection, @Nullable ObjectOperationPolicyType objectOperationPolicyType, @NotNull Object obj, @NotNull OperationResult operationResult);

        @Nullable
        ObjectOperationPolicyType getDefaultPolicyForObject(@NotNull ObjectType objectType, @NotNull TaskExecutionMode taskExecutionMode, @NotNull OperationResult operationResult) throws ConfigurationException {
            return null;
        }

        @Nullable
        ObjectOperationPolicyType getDefaultPolicyForResourceObjectType(@NotNull ResourceObjectDefinition resourceObjectDefinition, @NotNull TaskExecutionMode taskExecutionMode, @NotNull OperationResult operationResult) throws ConfigurationException {
            return null;
        }

        boolean supportsMarks() {
            return false;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/repo-common-4.10-SNAPSHOT.jar:com/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$Legacy.class */
    private static class Legacy extends Impl {
        private Legacy() {
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        @NotNull
        ObjectOperationPolicyType computeEffectiveOperationPolicy(@NotNull Collection<ObjectReferenceType> collection, @Nullable ObjectOperationPolicyType objectOperationPolicyType, @NotNull Object obj, @NotNull OperationResult operationResult) {
            return ObjectOperationPolicyHelper.extractEffectiveMarkOids(collection).contains(SchemaConstants.MARK_PROTECTED_OID) ? new ObjectOperationPolicyType().synchronize(new SynchronizeOperationPolicyConfigurationType().inbound(syncDisabled(OperationPolicyViolationSeverityType.INFO)).outbound(disabled(OperationPolicyViolationSeverityType.INFO)).membership(new SynchronizeMembershipOperationPolicyConfigurationType().inbound(disabled(OperationPolicyViolationSeverityType.INFO)).outbound(disabled(OperationPolicyViolationSeverityType.INFO)).tolerant(true))).add(disabled(OperationPolicyViolationSeverityType.ERROR)).modify(disabled(OperationPolicyViolationSeverityType.ERROR)).delete(disabled(OperationPolicyViolationSeverityType.ERROR)) : new ObjectOperationPolicyType();
        }

        private OperationPolicyConfigurationType disabled(OperationPolicyViolationSeverityType operationPolicyViolationSeverityType) {
            return new OperationPolicyConfigurationType().enabled(false).severity(operationPolicyViolationSeverityType);
        }

        private SyncInboundOperationPolicyConfigurationType syncDisabled(OperationPolicyViolationSeverityType operationPolicyViolationSeverityType) {
            return new SyncInboundOperationPolicyConfigurationType().enabled(SyncInboundOperationPolicyEnabledType.FALSE).severity(operationPolicyViolationSeverityType);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/repo-common-4.10-SNAPSHOT.jar:com/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$MarkSupport.class */
    private class MarkSupport extends Impl {
        private MarkSupport() {
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        @NotNull
        ObjectOperationPolicyType computeEffectiveOperationPolicy(@NotNull Collection<ObjectReferenceType> collection, @Nullable ObjectOperationPolicyType objectOperationPolicyType, @NotNull Object obj, @NotNull OperationResult operationResult) {
            ObjectOperationPolicyType objectOperationPolicyType2 = new ObjectOperationPolicyType();
            Collection<MarkType> resolveMarkOids = resolveMarkOids(ObjectOperationPolicyHelper.extractEffectiveMarkOids(collection), obj, operationResult);
            try {
                computeEffectiveStatus(objectOperationPolicyType2, ObjectOperationPolicyTypeUtil.PATH_ADD, resolveMarkOids, objectOperationPolicyType);
                computeEffectiveStatus(objectOperationPolicyType2, ObjectOperationPolicyTypeUtil.PATH_MODIFY, resolveMarkOids, objectOperationPolicyType);
                computeEffectiveStatus(objectOperationPolicyType2, ObjectOperationPolicyTypeUtil.PATH_DELETE, resolveMarkOids, objectOperationPolicyType);
                computeEffectiveStatus(objectOperationPolicyType2, ObjectOperationPolicyTypeUtil.PATH_SYNC_INBOUND, resolveMarkOids, objectOperationPolicyType);
                computeEffectiveStatus(objectOperationPolicyType2, ObjectOperationPolicyTypeUtil.PATH_SYNC_OUTBOUND, resolveMarkOids, objectOperationPolicyType);
                computeEffectiveStatus(objectOperationPolicyType2, ObjectOperationPolicyTypeUtil.PATH_MEMBERSHIP_SYNC_INBOUND, resolveMarkOids, objectOperationPolicyType);
                computeEffectiveStatus(objectOperationPolicyType2, ObjectOperationPolicyTypeUtil.PATH_MEMBERSHIP_SYNC_OUTBOUND, resolveMarkOids, objectOperationPolicyType);
                Boolean computeToleranceOverride = computeToleranceOverride(resolveMarkOids, objectOperationPolicyType, obj);
                if (computeToleranceOverride != null) {
                    objectOperationPolicyType2.asPrismContainerValue().findOrCreateProperty(ObjectOperationPolicyTypeUtil.PATH_MEMBERSHIP_TOLERANCE).setRealValue(computeToleranceOverride);
                }
                return objectOperationPolicyType2;
            } catch (SchemaException e) {
                throw SystemException.unexpected(e);
            }
        }

        private void computeEffectiveStatus(@NotNull ObjectOperationPolicyType objectOperationPolicyType, @NotNull ItemPath itemPath, @NotNull Collection<MarkType> collection, @Nullable ObjectOperationPolicyType objectOperationPolicyType2) throws SchemaException {
            AbstractOperationPolicyConfigurationType abstractOperationPolicyConfigurationType = null;
            AbstractOperationPolicyConfigurationType abstractOperationPolicyConfigurationType2 = null;
            Iterator<MarkType> it = collection.iterator();
            while (it.hasNext()) {
                AbstractOperationPolicyConfigurationType policyItemValue = getPolicyItemValue(it.next().getObjectOperationPolicy(), itemPath);
                if (!isEmpty(policyItemValue)) {
                    if (isFullyEnabled(policyItemValue)) {
                        if (abstractOperationPolicyConfigurationType2 == null) {
                            abstractOperationPolicyConfigurationType2 = policyItemValue.mo1633clone();
                        }
                    } else if (isMoreRestricted(policyItemValue, abstractOperationPolicyConfigurationType)) {
                        abstractOperationPolicyConfigurationType = policyItemValue.mo1633clone();
                    }
                }
            }
            if (abstractOperationPolicyConfigurationType != null) {
                setPolicyItemValue(objectOperationPolicyType, itemPath, abstractOperationPolicyConfigurationType);
                return;
            }
            if (abstractOperationPolicyConfigurationType2 != null) {
                setPolicyItemValue(objectOperationPolicyType, itemPath, abstractOperationPolicyConfigurationType2);
                return;
            }
            AbstractOperationPolicyConfigurationType policyItemValue2 = getPolicyItemValue(objectOperationPolicyType2, itemPath);
            if (policyItemValue2 != null) {
                setPolicyItemValue(objectOperationPolicyType, itemPath, policyItemValue2.mo1633clone());
            }
        }

        private boolean isEmpty(AbstractOperationPolicyConfigurationType abstractOperationPolicyConfigurationType) {
            if (abstractOperationPolicyConfigurationType instanceof OperationPolicyConfigurationType) {
                return ((OperationPolicyConfigurationType) abstractOperationPolicyConfigurationType).getEnabled() == null;
            }
            if (abstractOperationPolicyConfigurationType instanceof SyncInboundOperationPolicyConfigurationType) {
                return ((SyncInboundOperationPolicyConfigurationType) abstractOperationPolicyConfigurationType).getEnabled() == null;
            }
            if (abstractOperationPolicyConfigurationType == null) {
                return true;
            }
            throw unsupported(abstractOperationPolicyConfigurationType);
        }

        @NotNull
        private static AssertionError unsupported(AbstractOperationPolicyConfigurationType abstractOperationPolicyConfigurationType) {
            return new AssertionError("Unsupported policy configuration type: " + MiscUtil.getValueWithClass(abstractOperationPolicyConfigurationType));
        }

        private boolean isMoreRestricted(@NotNull AbstractOperationPolicyConfigurationType abstractOperationPolicyConfigurationType, @Nullable AbstractOperationPolicyConfigurationType abstractOperationPolicyConfigurationType2) {
            if (abstractOperationPolicyConfigurationType2 == null) {
                return true;
            }
            if (abstractOperationPolicyConfigurationType instanceof SyncInboundOperationPolicyConfigurationType) {
                int restrictionValue = getRestrictionValue(((SyncInboundOperationPolicyConfigurationType) abstractOperationPolicyConfigurationType).getEnabled());
                if (!(abstractOperationPolicyConfigurationType2 instanceof SyncInboundOperationPolicyConfigurationType)) {
                    throw unsupported(abstractOperationPolicyConfigurationType2);
                }
                int restrictionValue2 = getRestrictionValue(((SyncInboundOperationPolicyConfigurationType) abstractOperationPolicyConfigurationType2).getEnabled());
                if (restrictionValue > restrictionValue2) {
                    return true;
                }
                if (restrictionValue < restrictionValue2) {
                    return false;
                }
            }
            return isHigher((OperationPolicyViolationSeverityType) Objects.requireNonNullElse(abstractOperationPolicyConfigurationType.getSeverity(), OperationPolicyViolationSeverityType.ERROR), (OperationPolicyViolationSeverityType) Objects.requireNonNullElse(abstractOperationPolicyConfigurationType2.getSeverity(), OperationPolicyViolationSeverityType.ERROR));
        }

        private boolean isFullyEnabled(@NotNull AbstractOperationPolicyConfigurationType abstractOperationPolicyConfigurationType) {
            if (abstractOperationPolicyConfigurationType instanceof OperationPolicyConfigurationType) {
                return Boolean.TRUE.equals(((OperationPolicyConfigurationType) abstractOperationPolicyConfigurationType).isEnabled());
            }
            if (abstractOperationPolicyConfigurationType instanceof SyncInboundOperationPolicyConfigurationType) {
                return ((SyncInboundOperationPolicyConfigurationType) abstractOperationPolicyConfigurationType).getEnabled() == SyncInboundOperationPolicyEnabledType.TRUE;
            }
            throw unsupported(abstractOperationPolicyConfigurationType);
        }

        @Nullable
        private static AbstractOperationPolicyConfigurationType getPolicyItemValue(@Nullable ObjectOperationPolicyType objectOperationPolicyType, @NotNull ItemPath itemPath) {
            PrismContainer prismContainer;
            if (objectOperationPolicyType == null || (prismContainer = (PrismContainer) objectOperationPolicyType.asPrismContainerValue().findItem(itemPath)) == null || prismContainer.hasNoValues()) {
                return null;
            }
            return (AbstractOperationPolicyConfigurationType) prismContainer.getRealValue(AbstractOperationPolicyConfigurationType.class);
        }

        private static void setPolicyItemValue(@NotNull ObjectOperationPolicyType objectOperationPolicyType, @NotNull ItemPath itemPath, @NotNull AbstractOperationPolicyConfigurationType abstractOperationPolicyConfigurationType) throws SchemaException {
            objectOperationPolicyType.asPrismContainerValue().findOrCreateItem(itemPath, PrismContainer.class, null).add(abstractOperationPolicyConfigurationType.asPrismContainerValue());
        }

        private boolean isHigher(@NotNull OperationPolicyViolationSeverityType operationPolicyViolationSeverityType, @NotNull OperationPolicyViolationSeverityType operationPolicyViolationSeverityType2) {
            return getValue(operationPolicyViolationSeverityType) > getValue(operationPolicyViolationSeverityType2);
        }

        private int getValue(@NotNull OperationPolicyViolationSeverityType operationPolicyViolationSeverityType) {
            switch (operationPolicyViolationSeverityType) {
                case INFO:
                    return 1;
                case ERROR:
                    return 2;
                default:
                    throw new IncompatibleClassChangeError();
            }
        }

        private int getRestrictionValue(@NotNull SyncInboundOperationPolicyEnabledType syncInboundOperationPolicyEnabledType) {
            switch (syncInboundOperationPolicyEnabledType) {
                case TRUE:
                    return 0;
                case EXCEPT_FOR_MAPPINGS:
                    return 1;
                case FALSE:
                    return 2;
                default:
                    throw new IncompatibleClassChangeError();
            }
        }

        private Boolean computeToleranceOverride(@NotNull Collection<MarkType> collection, @Nullable ObjectOperationPolicyType objectOperationPolicyType, @NotNull Object obj) {
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            collection.forEach(markType -> {
                Boolean toleranceOverride = getToleranceOverride(markType.getObjectOperationPolicy());
                if (Boolean.TRUE.equals(toleranceOverride)) {
                    arrayList.add(markType);
                } else if (Boolean.FALSE.equals(toleranceOverride)) {
                    arrayList2.add(markType);
                }
            });
            boolean z = !arrayList.isEmpty();
            boolean z2 = !arrayList2.isEmpty();
            if (z && z2) {
                ObjectOperationPolicyHelper.LOGGER.warn("Conflicting tolerance override setting in {}: marks giving TRUE: {}, FALSE: {} - continuing as tolerant (because it's safer)", obj, arrayList, arrayList2);
                return true;
            }
            if (z) {
                ObjectOperationPolicyHelper.LOGGER.trace("Tolerance override = true because of {} (for {})", arrayList, obj);
                return true;
            }
            if (!z2) {
                return getToleranceOverride(objectOperationPolicyType);
            }
            ObjectOperationPolicyHelper.LOGGER.trace("Tolerance override = false because of {} (for {})", arrayList2, obj);
            return false;
        }

        private static Boolean getToleranceOverride(ObjectOperationPolicyType objectOperationPolicyType) {
            SynchronizeOperationPolicyConfigurationType synchronize;
            SynchronizeMembershipOperationPolicyConfigurationType membership;
            if (objectOperationPolicyType == null || (synchronize = objectOperationPolicyType.getSynchronize()) == null || (membership = synchronize.getMembership()) == null) {
                return null;
            }
            return membership.getTolerant();
        }

        @NotNull
        private Collection<MarkType> resolveMarkOids(@NotNull Set<String> set, Object obj, @NotNull OperationResult operationResult) {
            if (!ObjectOperationPolicyHelper.this.cacheRepositoryService.supportsMarks() || set.isEmpty()) {
                return List.of();
            }
            try {
                List list = ObjectOperationPolicyHelper.this.cacheRepositoryService.searchObjects(MarkType.class, null, null, operationResult).stream().filter(prismObject -> {
                    return set.contains(prismObject.getOid());
                }).map(prismObject2 -> {
                    return (MarkType) prismObject2.asObjectable();
                }).toList();
                if (list.size() < set.size()) {
                    HashSet hashSet = new HashSet(set);
                    list.forEach(markType -> {
                        hashSet.remove(markType.getOid());
                    });
                    ObjectOperationPolicyHelper.LOGGER.warn("The following marks could not be resolved: {}; in {}", hashSet, obj);
                }
                return list;
            } catch (SchemaException e) {
                throw new SystemException(e);
            }
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        @Nullable
        ObjectOperationPolicyType getDefaultPolicyForObject(@NotNull ObjectType objectType, @NotNull TaskExecutionMode taskExecutionMode, @NotNull OperationResult operationResult) throws ConfigurationException {
            if (objectType instanceof ShadowType) {
                return getDefaultPolicyForResourceObjectType(ShadowUtil.getResourceObjectDefinition((ShadowType) objectType), taskExecutionMode, operationResult);
            }
            return null;
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        @Nullable
        ObjectOperationPolicyType getDefaultPolicyForResourceObjectType(@NotNull ResourceObjectDefinition resourceObjectDefinition, @NotNull TaskExecutionMode taskExecutionMode, @NotNull OperationResult operationResult) throws ConfigurationException {
            String defaultOperationPolicyOid = resourceObjectDefinition.getDefaultOperationPolicyOid(taskExecutionMode);
            if (defaultOperationPolicyOid == null) {
                return null;
            }
            Collection<MarkType> resolveMarkOids = resolveMarkOids(Set.of(defaultOperationPolicyOid), "determining default policy for " + resourceObjectDefinition, operationResult);
            if (resolveMarkOids.isEmpty()) {
                throw new ConfigurationException("Mark %s for the default policy for %s does not exist".formatted(defaultOperationPolicyOid, resourceObjectDefinition), new ObjectNotFoundException((Class<?>) MarkType.class, defaultOperationPolicyOid));
            }
            return resolveMarkOids.iterator().next().getObjectOperationPolicy();
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        boolean supportsMarks() {
            return true;
        }
    }

    @PostConstruct
    public void init() {
        this.behaviour = this.cacheRepositoryService.supportsMarks() ? new MarkSupport() : new Legacy();
        instance = this;
    }

    @PreDestroy
    public void destroy() {
        instance = null;
    }

    public static ObjectOperationPolicyHelper get() {
        return instance;
    }

    @NotNull
    public ObjectOperationPolicyType getEffectivePolicy(@NotNull ObjectType objectType, @NotNull TaskExecutionMode taskExecutionMode, @NotNull OperationResult operationResult) throws ConfigurationException {
        ObjectOperationPolicyType effectiveOperationPolicy = objectType.getEffectiveOperationPolicy();
        return effectiveOperationPolicy != null ? effectiveOperationPolicy : computeEffectivePolicy(objectType, taskExecutionMode, operationResult);
    }

    @NotNull
    public ObjectOperationPolicyType computeEffectivePolicy(@NotNull ObjectType objectType, @NotNull TaskExecutionMode taskExecutionMode, @NotNull OperationResult operationResult) throws ConfigurationException {
        OperationResult createMinorSubresult = operationResult.createMinorSubresult(OP_COMPUTE_EFFECTIVE_POLICY);
        try {
            try {
                ObjectOperationPolicyType computeEffectiveOperationPolicy = this.behaviour.computeEffectiveOperationPolicy(this.objectMarkHelper.computeObjectMarksWithoutComputer(objectType, taskExecutionMode), this.behaviour.getDefaultPolicyForObject(objectType, taskExecutionMode, createMinorSubresult), objectType, createMinorSubresult);
                createMinorSubresult.close();
                return computeEffectiveOperationPolicy;
            } catch (Throwable th) {
                createMinorSubresult.recordException(th);
                throw th;
            }
        } catch (Throwable th2) {
            createMinorSubresult.close();
            throw th2;
        }
    }

    public EffectiveMarksAndPolicies computeEffectiveMarksAndPolicies(@NotNull ObjectType objectType, @NotNull ObjectMarkHelper.ObjectMarksComputer objectMarksComputer, @NotNull TaskExecutionMode taskExecutionMode, @NotNull OperationResult operationResult) throws SchemaException, ConfigurationException {
        Collection<ObjectReferenceType> computeObjectMarks = this.objectMarkHelper.computeObjectMarks(objectType, objectMarksComputer, TaskExecutionMode.PRODUCTION, operationResult);
        Collection<ObjectReferenceType> copyOf = TaskExecutionMode.PRODUCTION.equals(taskExecutionMode) ? List.copyOf(computeObjectMarks) : this.objectMarkHelper.computeObjectMarks(objectType, objectMarksComputer, taskExecutionMode, operationResult);
        ObjectOperationPolicyType computeEffectiveOperationPolicy = this.behaviour.computeEffectiveOperationPolicy(copyOf, this.behaviour.getDefaultPolicyForObject(objectType, taskExecutionMode, operationResult), objectType, operationResult);
        return new EffectiveMarksAndPolicies(this.behaviour.supportsMarks() ? List.copyOf(computeObjectMarks) : List.of(), this.behaviour.supportsMarks() ? List.copyOf(copyOf) : List.of(), computeEffectiveOperationPolicy, (objectType instanceof ShadowType) && isProtected(computeEffectiveOperationPolicy));
    }

    private boolean isProtected(ObjectOperationPolicyType objectOperationPolicyType) {
        return ObjectOperationPolicyTypeUtil.isAddDisabled(objectOperationPolicyType) && ObjectOperationPolicyTypeUtil.isModifyDisabled(objectOperationPolicyType) && ObjectOperationPolicyTypeUtil.isDeleteDisabled(objectOperationPolicyType) && ObjectOperationPolicyTypeUtil.isSyncInboundDisabled(objectOperationPolicyType) && ObjectOperationPolicyTypeUtil.isSyncOutboundDisabled(objectOperationPolicyType) && ObjectOperationPolicyTypeUtil.isMembershipSyncInboundDisabled(objectOperationPolicyType) && ObjectOperationPolicyTypeUtil.isMembershipSyncOutboundDisabled(objectOperationPolicyType) && Boolean.TRUE.equals(ObjectOperationPolicyTypeUtil.getToleranceOverride(objectOperationPolicyType));
    }

    @NotNull
    private static Set<String> extractEffectiveMarkOids(@NotNull Collection<ObjectReferenceType> collection) {
        RelationRegistry relationRegistry = SchemaService.get().relationRegistry();
        return (Set) collection.stream().filter(objectReferenceType -> {
            return relationRegistry.isMember(objectReferenceType.getRelation());
        }).map(objectReferenceType2 -> {
            return objectReferenceType2.getOid();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet());
    }

    @Nullable
    public ObjectOperationPolicyType getDefaultPolicyForResourceObjectType(@NotNull ResourceObjectDefinition resourceObjectDefinition, @NotNull TaskExecutionMode taskExecutionMode, @NotNull OperationResult operationResult) throws ConfigurationException {
        return this.behaviour.getDefaultPolicyForResourceObjectType(resourceObjectDefinition, taskExecutionMode, operationResult);
    }
}
