package com.evolveum.midpoint.certification.impl;

import com.evolveum.midpoint.certification.api.AccessCertificationEventListener;
import com.evolveum.midpoint.certification.api.CertificationManager;
import com.evolveum.midpoint.certification.api.OutcomeUtils;
import com.evolveum.midpoint.certification.impl.handlers.CertificationHandler;
import com.evolveum.midpoint.model.api.ModelAuthorizationAction;
import com.evolveum.midpoint.model.api.ModelService;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.prism.query.builder.S_FilterEntryOrEmpty;
import com.evolveum.midpoint.prism.query.builder.S_MatchingRuleEntry;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.SelectorOptions;
import com.evolveum.midpoint.schema.constants.ExpressionConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.CertCampaignTypeUtil;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.security.api.AuthorizationConstants;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.SecurityContextManager;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.security.enforcer.api.AuthorizationParameters;
import com.evolveum.midpoint.security.enforcer.api.SecurityEnforcer;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.session.SessionStorage;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignStateType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCasesStatisticsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationDefinitionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationResponseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationWorkItemType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CertificationPolicyActionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CleanupPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.DelegateWorkItemActionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemObjectsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.lang.invoke.SerializedLambda;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;

@Service("certificationManager")
/* loaded from: input_file:BOOT-INF/lib/certification-impl-4.6.2-SNAPSHOT.jar:com/evolveum/midpoint/certification/impl/CertificationManagerImpl.class */
public class CertificationManagerImpl implements CertificationManager {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) CertificationManagerImpl.class);
    private static final String INTERFACE_DOT = CertificationManager.class.getName() + ".";
    private static final String OPERATION_CREATE_CAMPAIGN = INTERFACE_DOT + "createCampaign";
    private static final String OPERATION_CREATE_AD_HOC_CAMPAIGNS = INTERFACE_DOT + "createAdHocCampaigns";
    private static final String OPERATION_OPEN_NEXT_STAGE = INTERFACE_DOT + "openNextStage";
    private static final String OPERATION_CLOSE_CURRENT_STAGE = INTERFACE_DOT + "closeCurrentStage";
    private static final String OPERATION_RECORD_DECISION = INTERFACE_DOT + "recordDecision";
    private static final String OPERATION_SEARCH_OPEN_WORK_ITEMS = INTERFACE_DOT + "searchOpenWorkItems";
    private static final String OPERATION_COUNT_OPEN_WORK_ITEMS = INTERFACE_DOT + "countOpenWorkItems";
    private static final String OPERATION_CLOSE_CAMPAIGN = INTERFACE_DOT + "closeCampaign";
    private static final String OPERATION_REITERATE_CAMPAIGN = INTERFACE_DOT + "reiterateCampaign";
    private static final String OPERATION_DELEGATE_WORK_ITEMS = INTERFACE_DOT + "delegateWorkItems";
    private static final String OPERATION_GET_CAMPAIGN_STATISTICS = INTERFACE_DOT + "getCampaignStatistics";
    private static final String OPERATION_CLEANUP_CAMPAIGNS = INTERFACE_DOT + "cleanupCampaigns";

    @Autowired
    private PrismContext prismContext;

    @Autowired
    @Qualifier("cacheRepositoryService")
    private RepositoryService repositoryService;

    @Autowired
    private ModelService modelService;

    @Autowired
    protected SecurityEnforcer securityEnforcer;

    @Autowired
    protected SecurityContextManager securityContextManager;

    @Autowired
    protected AccCertGeneralHelper generalHelper;

    @Autowired
    protected AccCertEventHelper eventHelper;

    @Autowired
    protected AccCertQueryHelper queryHelper;

    @Autowired
    protected AccCertUpdateHelper updateHelper;

    @Autowired
    protected AccCertOpenerHelper openerHelper;

    @Autowired
    protected AccCertCloserHelper closerHelper;

    @Autowired
    protected AccCertCaseOperationsHelper operationsHelper;

    @Autowired
    private AccessCertificationRemediationTaskHandler remediationTaskHandler;

    @Autowired
    private AccessCertificationClosingTaskHandler closingTaskHandler;
    private Map<String, CertificationHandler> registeredHandlers = new HashMap();

    public void registerHandler(String str, CertificationHandler certificationHandler) {
        if (this.registeredHandlers.containsKey(str)) {
            throw new IllegalStateException("There is already a handler with URI " + str);
        }
        this.registeredHandlers.put(str, certificationHandler);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertificationHandler findCertificationHandler(AccessCertificationCampaignType accessCertificationCampaignType) {
        if (StringUtils.isBlank(accessCertificationCampaignType.getHandlerUri())) {
            throw new IllegalArgumentException("No handler URI for access certification campaign " + ObjectTypeUtil.toShortString(accessCertificationCampaignType));
        }
        CertificationHandler certificationHandler = this.registeredHandlers.get(accessCertificationCampaignType.getHandlerUri());
        if (certificationHandler == null) {
            throw new IllegalStateException("No handler for URI " + accessCertificationCampaignType.getHandlerUri());
        }
        return certificationHandler;
    }

    @Override // com.evolveum.midpoint.certification.api.CertificationManager
    public AccessCertificationCampaignType createCampaign(String str, Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        Validate.notNull(str, "definitionOid", new Object[0]);
        Validate.notNull(task, "task", new Object[0]);
        Validate.notNull(operationResult, "parentResult", new Object[0]);
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_CREATE_CAMPAIGN);
        try {
            try {
                PrismObject<AccessCertificationDefinitionType> object = this.repositoryService.getObject(AccessCertificationDefinitionType.class, str, null, createSubresult);
                this.securityEnforcer.authorize(ModelAuthorizationAction.CREATE_CERTIFICATION_CAMPAIGN.getUrl(), null, AuthorizationParameters.Builder.buildObject(object), null, task, createSubresult);
                AccessCertificationCampaignType createCampaign = this.openerHelper.createCampaign(object, createSubresult, task);
                createSubresult.computeStatusIfUnknown();
                return createCampaign;
            } catch (RuntimeException e) {
                createSubresult.recordFatalError("Couldn't create certification campaign: unexpected exception: " + e.getMessage(), e);
                throw e;
            }
        } catch (Throwable th) {
            createSubresult.computeStatusIfUnknown();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public <O extends ObjectType> void startAdHocCertifications(PrismObject<O> prismObject, List<CertificationPolicyActionType> list, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        HashSet hashSet = new HashSet();
        for (CertificationPolicyActionType certificationPolicyActionType : list) {
            if (certificationPolicyActionType.getDefinitionRef() != null) {
                for (ObjectReferenceType objectReferenceType : certificationPolicyActionType.getDefinitionRef()) {
                    if (objectReferenceType.getOid() != null) {
                        hashSet.add(objectReferenceType.getOid());
                    } else {
                        LOGGER.warn("Certification action having definition reference with no OID; the reference will be ignored: {}", objectReferenceType);
                    }
                }
            } else {
                LOGGER.warn("Certification action without definition reference; will be ignored: {}", certificationPolicyActionType);
            }
        }
        if (hashSet.isEmpty()) {
            return;
        }
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_CREATE_AD_HOC_CAMPAIGNS);
        createSubresult.addParam("focus", (PrismObject<? extends ObjectType>) prismObject);
        createSubresult.addArbitraryObjectCollectionAsParam("definitionOids", (Collection<?>) hashSet);
        try {
            this.securityContextManager.runAs(() -> {
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    startAdHocCertification(prismObject, (String) it.next(), task, createSubresult);
                }
                operationResult.computeStatus();
                return null;
            }, this.repositoryService.getObject(UserType.class, SystemObjectsType.USER_ADMINISTRATOR.value(), null, createSubresult));
        } catch (Throwable th) {
            createSubresult.recordFatalError(th.getMessage(), th);
            throw th;
        }
    }

    private <O extends ObjectType> void startAdHocCertification(PrismObject<O> prismObject, String str, Task task, OperationResult operationResult) {
        try {
            AccessCertificationCampaignType createAdHocCampaignObject = this.openerHelper.createAdHocCampaignObject((AccessCertificationDefinitionType) this.repositoryService.getObject(AccessCertificationDefinitionType.class, str, null, operationResult).asObjectable(), prismObject, task, operationResult);
            this.updateHelper.addObjectPreAuthorized(createAdHocCampaignObject, task, operationResult);
            openNextStage(createAdHocCampaignObject.getOid(), task, operationResult);
            operationResult.computeStatus();
        } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException | ObjectAlreadyExistsException | ObjectNotFoundException | SchemaException | SecurityViolationException | RuntimeException e) {
            operationResult.recordFatalError("Couldn't create ad-hoc certification campaign: " + e.getMessage(), e);
            throw new SystemException("Couldn't create ad-hoc certification campaign: " + e.getMessage(), e);
        }
    }

    @Override // com.evolveum.midpoint.certification.api.CertificationManager
    public void openNextStage(@NotNull String str, @NotNull Task task, @NotNull OperationResult operationResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_OPEN_NEXT_STAGE);
        createSubresult.addParam("campaignOid", str);
        try {
            try {
                AccessCertificationCampaignType campaign = this.generalHelper.getCampaign(str, null, task, createSubresult);
                createSubresult.addParam(ExpressionConstants.VAR_CAMPAIGN, ObjectTypeUtil.toShortString(campaign));
                LOGGER.debug("openNextStage starting for {}", ObjectTypeUtil.toShortStringLazy(campaign));
                this.securityEnforcer.authorize(ModelAuthorizationAction.OPEN_CERTIFICATION_CAMPAIGN_REVIEW_STAGE.getUrl(), null, AuthorizationParameters.Builder.buildObject(campaign.asPrismObject()), null, task, createSubresult);
                int stageNumber = campaign.getStageNumber();
                int numberOfStages = CertCampaignTypeUtil.getNumberOfStages(campaign);
                AccessCertificationCampaignStateType state = campaign.getState();
                LOGGER.trace("openNextStage: iteration={}, currentStageNumber={}, stages={}, state={}", Integer.valueOf(CertCampaignTypeUtil.norm(campaign.getIteration())), Integer.valueOf(stageNumber), Integer.valueOf(numberOfStages), state);
                if (AccessCertificationCampaignStateType.IN_REVIEW_STAGE.equals(state)) {
                    createSubresult.recordFatalError("Couldn't advance to the next review stage as the stage " + stageNumber + " is currently open.");
                } else if (AccessCertificationCampaignStateType.IN_REMEDIATION.equals(state)) {
                    createSubresult.recordFatalError("Couldn't advance to the next review stage as the campaign is currently in the remediation phase.");
                } else if (AccessCertificationCampaignStateType.CLOSED.equals(state)) {
                    createSubresult.recordFatalError("Couldn't advance to the next review stage as the campaign is already closed.");
                } else {
                    if (!AccessCertificationCampaignStateType.REVIEW_STAGE_DONE.equals(state) && !AccessCertificationCampaignStateType.CREATED.equals(state)) {
                        throw new IllegalStateException("Unexpected campaign state: " + state);
                    }
                    if (stageNumber >= numberOfStages) {
                        createSubresult.recordFatalError("Couldn't advance to the next review stage as the campaign has only " + numberOfStages + " stages");
                    } else {
                        this.openerHelper.openNextStage(campaign, findCertificationHandler(campaign), task, createSubresult);
                    }
                }
            } catch (RuntimeException e) {
                createSubresult.recordFatalError("Couldn't move to the next certification campaign stage: unexpected exception: " + e.getMessage(), e);
                throw e;
            }
        } finally {
            createSubresult.computeStatusIfUnknown();
        }
    }

    @Override // com.evolveum.midpoint.certification.api.CertificationManager
    public void closeCurrentStage(String str, Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        Validate.notNull(str, "campaignOid", new Object[0]);
        Validate.notNull(task, "task", new Object[0]);
        Validate.notNull(operationResult, "parentResult", new Object[0]);
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_CLOSE_CURRENT_STAGE);
        createSubresult.addParam("campaignOid", str);
        try {
            try {
                AccessCertificationCampaignType campaign = this.generalHelper.getCampaign(str, null, task, createSubresult);
                createSubresult.addParam(ExpressionConstants.VAR_CAMPAIGN, ObjectTypeUtil.toShortString(campaign));
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("closeCurrentStage starting for {}", ObjectTypeUtil.toShortString(campaign));
                }
                this.securityEnforcer.authorize(ModelAuthorizationAction.CLOSE_CERTIFICATION_CAMPAIGN_REVIEW_STAGE.getUrl(), null, AuthorizationParameters.Builder.buildObject(campaign.asPrismObject()), null, task, createSubresult);
                int stageNumber = campaign.getStageNumber();
                int numberOfStages = CertCampaignTypeUtil.getNumberOfStages(campaign);
                AccessCertificationCampaignStateType state = campaign.getState();
                LOGGER.trace("closeCurrentStage: currentStageNumber={}, stages={}, state={}", Integer.valueOf(stageNumber), Integer.valueOf(numberOfStages), state);
                if (AccessCertificationCampaignStateType.IN_REVIEW_STAGE.equals(state)) {
                    this.closerHelper.closeStage(campaign, task, createSubresult);
                } else {
                    createSubresult.recordFatalError("Couldn't close the current review stage as it is currently not open");
                }
            } catch (RuntimeException e) {
                createSubresult.recordFatalError("Couldn't close current certification campaign stage: unexpected exception: " + e.getMessage(), e);
                throw e;
            }
        } finally {
            createSubresult.computeStatusIfUnknown();
        }
    }

    @Override // com.evolveum.midpoint.certification.api.CertificationManager
    public void startRemediation(String str, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        Validate.notNull(str, "campaignOid", new Object[0]);
        Validate.notNull(task, "task", new Object[0]);
        Validate.notNull(operationResult, "parentResult", new Object[0]);
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_CLOSE_CURRENT_STAGE);
        createSubresult.addParam("campaignOid", str);
        try {
            try {
                AccessCertificationCampaignType campaign = this.generalHelper.getCampaign(str, null, task, createSubresult);
                createSubresult.addParam(ExpressionConstants.VAR_CAMPAIGN, ObjectTypeUtil.toShortString(campaign));
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("startRemediation starting for {}", ObjectTypeUtil.toShortString(campaign));
                }
                this.securityEnforcer.authorize(ModelAuthorizationAction.START_CERTIFICATION_REMEDIATION.getUrl(), null, AuthorizationParameters.Builder.buildObject(campaign.asPrismObject()), null, task, createSubresult);
                int stageNumber = campaign.getStageNumber();
                int numberOfStages = CertCampaignTypeUtil.getNumberOfStages(campaign);
                AccessCertificationCampaignStateType state = campaign.getState();
                LOGGER.trace("startRemediation: currentStageNumber={}, stages={}, state={}", Integer.valueOf(stageNumber), Integer.valueOf(numberOfStages), state);
                if (stageNumber != numberOfStages) {
                    createSubresult.recordFatalError("Couldn't start the remediation as the campaign is not in its last stage (" + numberOfStages + "); current stage: " + stageNumber);
                } else if (AccessCertificationCampaignStateType.REVIEW_STAGE_DONE.equals(state)) {
                    this.updateHelper.modifyObjectPreAuthorized(AccessCertificationCampaignType.class, str, this.updateHelper.createDeltasForStageNumberAndState(numberOfStages + 1, AccessCertificationCampaignStateType.IN_REMEDIATION), task, createSubresult);
                    if (CertCampaignTypeUtil.isRemediationAutomatic(campaign)) {
                        this.remediationTaskHandler.launch(campaign, createSubresult);
                    } else {
                        createSubresult.recordWarning("The automated remediation is not configured. The campaign state was set to IN REMEDIATION, but all remediation actions have to be done by hand.");
                    }
                    this.eventHelper.onCampaignStageStart(this.updateHelper.refreshCampaign(campaign, createSubresult), task, createSubresult);
                } else {
                    createSubresult.recordFatalError("Couldn't start the remediation as the last stage was not properly closed.");
                }
            } catch (RuntimeException e) {
                createSubresult.recordFatalError("Couldn't start the remediation: unexpected exception: " + e.getMessage(), e);
                throw e;
            }
        } finally {
            createSubresult.computeStatusIfUnknown();
        }
    }

    @Override // com.evolveum.midpoint.certification.api.CertificationManager
    public List<AccessCertificationWorkItemType> searchOpenWorkItems(ObjectQuery objectQuery, boolean z, boolean z2, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_SEARCH_OPEN_WORK_ITEMS);
        try {
            try {
                List<AccessCertificationWorkItemType> searchOpenWorkItems = this.queryHelper.searchOpenWorkItems(objectQuery, getAuthorizedPrincipal(z2, task, createSubresult), z, collection, createSubresult);
                createSubresult.computeStatusIfUnknown();
                return searchOpenWorkItems;
            } catch (RuntimeException e) {
                createSubresult.recordFatalError("Couldn't search for certification work items: unexpected exception: " + e.getMessage(), e);
                throw e;
            }
        } catch (Throwable th) {
            createSubresult.computeStatusIfUnknown();
            throw th;
        }
    }

    @Nullable
    private MidPointPrincipal getAuthorizedPrincipal(boolean z, Task task, OperationResult operationResult) throws SecurityViolationException, SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        if (z) {
            this.securityEnforcer.authorize(AuthorizationConstants.AUTZ_ALL_URL, null, AuthorizationParameters.EMPTY, null, task, operationResult);
            return null;
        }
        this.securityEnforcer.authorize(ModelAuthorizationAction.READ_OWN_CERTIFICATION_DECISIONS.getUrl(), null, AuthorizationParameters.EMPTY, null, task, operationResult);
        MidPointPrincipal principal = SecurityUtil.getPrincipal();
        if (principal == null) {
            throw new IllegalStateException("No principal");
        }
        return principal;
    }

    @Override // com.evolveum.midpoint.certification.api.CertificationManager
    public int countOpenWorkItems(ObjectQuery objectQuery, boolean z, boolean z2, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_COUNT_OPEN_WORK_ITEMS);
        try {
            try {
                int countOpenWorkItems = this.queryHelper.countOpenWorkItems(objectQuery, getAuthorizedPrincipal(z2, task, createSubresult), z, collection, createSubresult);
                createSubresult.computeStatusIfUnknown();
                return countOpenWorkItems;
            } catch (RuntimeException e) {
                createSubresult.recordFatalError("Couldn't search for certification work items: unexpected exception: " + e.getMessage(), e);
                throw e;
            }
        } catch (Throwable th) {
            createSubresult.computeStatusIfUnknown();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.certification.api.CertificationManager
    public void recordDecision(@NotNull String str, long j, long j2, @Nullable AccessCertificationResponseType accessCertificationResponseType, @Nullable String str2, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_RECORD_DECISION);
        try {
            try {
                this.securityEnforcer.authorize(ModelAuthorizationAction.RECORD_CERTIFICATION_DECISION.getUrl(), null, AuthorizationParameters.EMPTY, null, task, createSubresult);
                this.operationsHelper.recordDecision(str, j, j2, accessCertificationResponseType, str2, task, createSubresult);
                createSubresult.computeStatusIfUnknown();
            } catch (RuntimeException e) {
                createSubresult.recordFatalError("Couldn't record reviewer decision: unexpected exception: " + e.getMessage(), e);
                throw e;
            }
        } catch (Throwable th) {
            createSubresult.computeStatusIfUnknown();
            throw th;
        }
    }

    public void delegateWorkItems(@NotNull String str, @NotNull List<AccessCertificationWorkItemType> list, @NotNull DelegateWorkItemActionType delegateWorkItemActionType, Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ExpressionEvaluationException, ObjectNotFoundException, ObjectAlreadyExistsException, ConfigurationException, CommunicationException {
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_DELEGATE_WORK_ITEMS);
        createSubresult.addParam("campaignOid", str);
        createSubresult.addArbitraryObjectCollectionAsParam(SessionStorage.KEY_WORK_ITEMS, (Collection<?>) list);
        createSubresult.addArbitraryObjectAsParam("delegateAction", (Object) delegateWorkItemActionType);
        try {
            try {
                this.securityEnforcer.authorize(ModelAuthorizationAction.DELEGATE_ALL_WORK_ITEMS.getUrl(), null, AuthorizationParameters.EMPTY, null, task, createSubresult);
                this.operationsHelper.delegateWorkItems(str, list, delegateWorkItemActionType, task, createSubresult);
                createSubresult.computeStatusIfUnknown();
            } catch (CommonException | RuntimeException e) {
                createSubresult.recordFatalError("Couldn't delegate work items: unexpected exception: " + e.getMessage(), e);
                throw e;
            }
        } catch (Throwable th) {
            createSubresult.computeStatusIfUnknown();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.certification.api.CertificationManager
    public void closeCampaign(String str, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        closeCampaign(str, false, task, operationResult);
    }

    public void closeCampaign(String str, boolean z, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        Validate.notNull(str, "campaignOid", new Object[0]);
        Validate.notNull(task, "task", new Object[0]);
        Validate.notNull(operationResult, "parentResult", new Object[0]);
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_CLOSE_CAMPAIGN);
        try {
            try {
                AccessCertificationCampaignType campaign = this.generalHelper.getCampaign(str, null, task, createSubresult);
                this.securityEnforcer.authorize(ModelAuthorizationAction.CLOSE_CERTIFICATION_CAMPAIGN.getUrl(), null, AuthorizationParameters.Builder.buildObject(campaign.asPrismObject()), null, task, createSubresult);
                this.closerHelper.closeCampaign(campaign, task, createSubresult);
                if (!z) {
                    this.closingTaskHandler.launch(campaign, createSubresult);
                }
            } catch (RuntimeException e) {
                createSubresult.recordFatalError("Couldn't close certification campaign: unexpected exception: " + e.getMessage(), e);
                throw e;
            }
        } finally {
            createSubresult.computeStatusIfUnknown();
        }
    }

    @Override // com.evolveum.midpoint.certification.api.CertificationManager
    public void reiterateCampaign(String str, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_REITERATE_CAMPAIGN);
        try {
            try {
                AccessCertificationCampaignType campaign = this.generalHelper.getCampaign(str, null, task, createSubresult);
                this.securityEnforcer.authorize(ModelAuthorizationAction.REITERATE_CERTIFICATION_CAMPAIGN.getUrl(), null, AuthorizationParameters.Builder.buildObject(campaign.asPrismObject()), null, task, createSubresult);
                this.openerHelper.reiterateCampaign(campaign, task, createSubresult);
                createSubresult.computeStatusIfUnknown();
            } catch (RuntimeException e) {
                createSubresult.recordFatalError("Couldn't reiterate certification campaign: unexpected exception: " + e.getMessage(), e);
                throw e;
            }
        } catch (Throwable th) {
            createSubresult.computeStatusIfUnknown();
            throw th;
        }
    }

    @Override // com.evolveum.midpoint.certification.api.CertificationManager
    public AccessCertificationCasesStatisticsType getCampaignStatistics(String str, boolean z, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        Validate.notNull(str, "campaignOid", new Object[0]);
        Validate.notNull(task, "task", new Object[0]);
        Validate.notNull(operationResult, "parentResult", new Object[0]);
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_GET_CAMPAIGN_STATISTICS);
        try {
            try {
                try {
                    Integer valueOf = z ? Integer.valueOf(((AccessCertificationCampaignType) this.modelService.getObject(AccessCertificationCampaignType.class, str, null, task, operationResult).asObjectable()).getStageNumber()) : null;
                    AccessCertificationCasesStatisticsType accessCertificationCasesStatisticsType = new AccessCertificationCasesStatisticsType(this.prismContext);
                    accessCertificationCasesStatisticsType.setMarkedAsAccept(Integer.valueOf(getCount(str, valueOf, AccessCertificationResponseType.ACCEPT, false, task, createSubresult)));
                    accessCertificationCasesStatisticsType.setMarkedAsRevoke(Integer.valueOf(getCount(str, valueOf, AccessCertificationResponseType.REVOKE, false, task, createSubresult)));
                    accessCertificationCasesStatisticsType.setMarkedAsRevokeAndRemedied(Integer.valueOf(getCount(str, valueOf, AccessCertificationResponseType.REVOKE, true, task, createSubresult)));
                    accessCertificationCasesStatisticsType.setMarkedAsReduce(Integer.valueOf(getCount(str, valueOf, AccessCertificationResponseType.REDUCE, false, task, createSubresult)));
                    accessCertificationCasesStatisticsType.setMarkedAsReduceAndRemedied(Integer.valueOf(getCount(str, valueOf, AccessCertificationResponseType.REDUCE, true, task, createSubresult)));
                    accessCertificationCasesStatisticsType.setMarkedAsNotDecide(Integer.valueOf(getCount(str, valueOf, AccessCertificationResponseType.NOT_DECIDED, false, task, createSubresult)));
                    accessCertificationCasesStatisticsType.setWithoutResponse(Integer.valueOf(getCount(str, valueOf, AccessCertificationResponseType.NO_RESPONSE, false, task, createSubresult)));
                    createSubresult.computeStatusIfUnknown();
                    return accessCertificationCasesStatisticsType;
                } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
                    throw new SystemException("Unexpected exception while getting campaign object: " + e.getMessage(), e);
                }
            } catch (RuntimeException e2) {
                createSubresult.recordFatalError("Couldn't get campaign statistics: unexpected exception: " + e2.getMessage(), e2);
                throw e2;
            }
        } catch (Throwable th) {
            createSubresult.computeStatusIfUnknown();
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v38, types: [com.evolveum.midpoint.prism.query.builder.S_FilterEntry] */
    private int getCount(String str, Integer num, AccessCertificationResponseType accessCertificationResponseType, boolean z, Task task, OperationResult operationResult) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
        ItemName itemName;
        S_FilterEntryOrEmpty queryFor;
        String uri = OutcomeUtils.toUri(accessCertificationResponseType);
        if (num != null) {
            itemName = AccessCertificationCaseType.F_CURRENT_STAGE_OUTCOME;
            queryFor = this.prismContext.queryFor(AccessCertificationCaseType.class).item(AccessCertificationCaseType.F_STAGE_NUMBER).eq(num).and();
        } else {
            itemName = AccessCertificationCaseType.F_OUTCOME;
            queryFor = this.prismContext.queryFor(AccessCertificationCaseType.class);
        }
        S_MatchingRuleEntry eq = accessCertificationResponseType == AccessCertificationResponseType.NO_RESPONSE ? queryFor.item(itemName).isNull().or().item(itemName).eq(uri) : queryFor.item(itemName).eq(uri);
        if (z) {
            eq = eq.and().not().item(AccessCertificationCaseType.F_REMEDIED_TIMESTAMP).isNull();
        }
        return this.modelService.countContainers(AccessCertificationCaseType.class, eq.and().ownerId(str).build(), null, task, operationResult).intValue();
    }

    @Override // com.evolveum.midpoint.certification.api.CertificationManager
    public void registerCertificationEventListener(AccessCertificationEventListener accessCertificationEventListener) {
        this.eventHelper.registerEventListener(accessCertificationEventListener);
    }

    @Override // com.evolveum.midpoint.certification.api.CertificationManager
    public void cleanupCampaigns(@NotNull CleanupPolicyType cleanupPolicyType, Task task, OperationResult operationResult) {
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_CLEANUP_CAMPAIGNS);
        try {
            try {
                this.closerHelper.cleanupCampaigns(cleanupPolicyType, task, createSubresult);
                createSubresult.computeStatusIfUnknown();
            } catch (RuntimeException e) {
                createSubresult.recordFatalError("Couldn't cleanup campaigns: unexpected exception: " + e.getMessage(), e);
                throw e;
            }
        } catch (Throwable th) {
            createSubresult.computeStatusIfUnknown();
            throw th;
        }
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -749671279:
                if (implMethodName.equals("lambda$startAdHocCertifications$f40c38a$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("com/evolveum/midpoint/util/Producer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/evolveum/midpoint/certification/impl/CertificationManagerImpl") && serializedLambda.getImplMethodSignature().equals("(Ljava/util/Set;Lcom/evolveum/midpoint/prism/PrismObject;Lcom/evolveum/midpoint/task/api/Task;Lcom/evolveum/midpoint/schema/result/OperationResult;Lcom/evolveum/midpoint/schema/result/OperationResult;)Ljava/lang/Object;")) {
                    CertificationManagerImpl certificationManagerImpl = (CertificationManagerImpl) serializedLambda.getCapturedArg(0);
                    Set set = (Set) serializedLambda.getCapturedArg(1);
                    PrismObject prismObject = (PrismObject) serializedLambda.getCapturedArg(2);
                    Task task = (Task) serializedLambda.getCapturedArg(3);
                    OperationResult operationResult = (OperationResult) serializedLambda.getCapturedArg(4);
                    OperationResult operationResult2 = (OperationResult) serializedLambda.getCapturedArg(5);
                    return () -> {
                        Iterator it = set.iterator();
                        while (it.hasNext()) {
                            startAdHocCertification(prismObject, (String) it.next(), task, operationResult);
                        }
                        operationResult2.computeStatus();
                        return null;
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
