package com.evolveum.midpoint.provisioning.impl.shadows;

import com.evolveum.midpoint.prism.PrismContainer;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.PrismValueCollectionsUtil;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.provisioning.api.ConstraintViolationConfirmer;
import com.evolveum.midpoint.provisioning.api.ConstraintsCheckingResult;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.SearchResultList;
import com.evolveum.midpoint.schema.cache.CacheConfigurationManager;
import com.evolveum.midpoint.schema.cache.CacheType;
import com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition;
import com.evolveum.midpoint.schema.processor.ResourceObjectDefinition;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.caching.AbstractThreadLocalCache;
import com.evolveum.midpoint.util.caching.CacheConfiguration;
import com.evolveum.midpoint.util.caching.CachePerformanceCollector;
import com.evolveum.midpoint.util.caching.CacheUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ConstraintsCheckingStrategyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.xml.namespace.QName;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.6.2-SNAPSHOT.jar:com/evolveum/midpoint/provisioning/impl/shadows/ConstraintsChecker.class */
public class ConstraintsChecker {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ConstraintsChecker.class);
    private static final Trace PERFORMANCE_ADVISOR = TraceManager.getPerformanceAdvisorTrace();
    private static final ConcurrentHashMap<Thread, Cache> CACHE_INSTANCES = new ConcurrentHashMap<>();
    private ProvisioningContext provisioningContext;
    private CacheConfigurationManager cacheConfigurationManager;
    private ShadowsFacade shadowsFacade;
    private PrismObject<ShadowType> shadowObject;
    private PrismObject<ShadowType> shadowObjectOld;
    private String shadowOid;
    private ConstraintViolationConfirmer constraintViolationConfirmer;
    private ConstraintsCheckingStrategyType strategy;
    private ConstraintsCheckingResult constraintsCheckingResult;
    private final StringBuilder messageBuilder = new StringBuilder();
    private boolean useCache = true;

    /* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.6.2-SNAPSHOT.jar:com/evolveum/midpoint/provisioning/impl/shadows/ConstraintsChecker$Cache.class */
    public static class Cache extends AbstractThreadLocalCache {
        private static final Trace LOGGER_CONTENT = TraceManager.getTrace(Cache.class.getName() + ".content");
        private final Set<Situation> conflictFreeSituations = ConcurrentHashMap.newKeySet();

        private static boolean isOk(String str, String str2, QName qName, QName qName2, List<?> list, CacheConfigurationManager cacheConfigurationManager) {
            return isOk(new Situation(str, str2, qName, qName2, getRealValuesSet(list)), cacheConfigurationManager);
        }

        private static boolean isOk(Situation situation, CacheConfigurationManager cacheConfigurationManager) {
            if (situation.attributeValues == null) {
                return false;
            }
            CachePerformanceCollector cachePerformanceCollector = CachePerformanceCollector.INSTANCE;
            Cache cache = getCache();
            CacheConfiguration configuration = cache != null ? cache.getConfiguration() : cacheConfigurationManager.getConfiguration(CacheType.LOCAL_SHADOW_CONSTRAINT_CHECKER_CACHE);
            CacheConfiguration.CacheObjectTypeConfiguration forObjectType = configuration != null ? configuration.getForObjectType(ShadowType.class) : null;
            CacheConfiguration.StatisticsLevel statisticsLevel = CacheConfiguration.getStatisticsLevel(forObjectType, configuration);
            boolean traceMiss = CacheConfiguration.getTraceMiss(forObjectType, configuration);
            if (cache == null) {
                ConstraintsChecker.log("Cache NULL for {}", false, situation);
                cachePerformanceCollector.registerNotAvailable(Cache.class, ShadowType.class, statisticsLevel);
                return false;
            }
            if (cache.conflictFreeSituations.contains(situation)) {
                ConstraintsChecker.log("Cache HIT for {}", false, situation);
                cache.registerHit();
                cachePerformanceCollector.registerHit(Cache.class, ShadowType.class, statisticsLevel);
                return true;
            }
            ConstraintsChecker.log("Cache MISS for {}", traceMiss, situation);
            cache.registerMiss();
            cachePerformanceCollector.registerMiss(Cache.class, ShadowType.class, statisticsLevel);
            return false;
        }

        private static void setOk(String str, String str2, QName qName, QName qName2, List<?> list) {
            setOk(new Situation(str, str2, qName, qName2, getRealValuesSet(list)));
        }

        private static Set<Object> getRealValuesSet(List<?> list) {
            HashSet hashSet = new HashSet();
            for (Object obj : list) {
                if (obj != null) {
                    if (!(obj instanceof PrismPropertyValue)) {
                        ConstraintsChecker.LOGGER.warn("Unsupported attribute value: {}", obj);
                        return null;
                    }
                    hashSet.add(((PrismPropertyValue) obj).getValue());
                }
            }
            return hashSet;
        }

        public static void setOk(Situation situation) {
            Cache cache = getCache();
            if (cache != null) {
                cache.conflictFreeSituations.add(situation);
            }
        }

        private static Cache getCache() {
            return ConstraintsChecker.CACHE_INSTANCES.get(Thread.currentThread());
        }

        @Override // com.evolveum.midpoint.util.caching.AbstractThreadLocalCache
        public String description() {
            return "conflict-free situations: " + this.conflictFreeSituations;
        }

        @Override // com.evolveum.midpoint.util.caching.AbstractThreadLocalCache
        protected int getSize() {
            return this.conflictFreeSituations.size();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.evolveum.midpoint.util.caching.AbstractThreadLocalCache
        public void dumpContent(String str) {
            if (LOGGER_CONTENT.isInfoEnabled()) {
                this.conflictFreeSituations.forEach(situation -> {
                    LOGGER_CONTENT.info("Cached conflict-free situation [{}]: {}", str, situation);
                });
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.6.2-SNAPSHOT.jar:com/evolveum/midpoint/provisioning/impl/shadows/ConstraintsChecker$Situation.class */
    public static class Situation {
        String resourceOid;
        String knownShadowOid;
        QName objectClassName;
        QName attributeName;
        Set<?> attributeValues;

        Situation(String str, String str2, QName qName, QName qName2, Set<?> set) {
            this.resourceOid = str;
            this.knownShadowOid = str2;
            this.objectClassName = qName;
            this.attributeName = qName2;
            this.attributeValues = set;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            Situation situation = (Situation) obj;
            return Objects.equals(this.resourceOid, situation.resourceOid) && Objects.equals(this.knownShadowOid, situation.knownShadowOid) && Objects.equals(this.objectClassName, situation.objectClassName) && Objects.equals(this.attributeName, situation.attributeName) && Objects.equals(this.attributeValues, situation.attributeValues);
        }

        public int hashCode() {
            return Objects.hash(this.resourceOid, this.knownShadowOid, this.objectClassName, this.attributeName, this.attributeValues);
        }

        public String toString() {
            return "Situation{resourceOid='" + this.resourceOid + "', knownShadowOid='" + this.knownShadowOid + "', objectClassName=" + this.objectClassName + ", attributeName=" + this.attributeName + ", attributeValues=" + this.attributeValues + "}";
        }
    }

    public void setProvisioningContext(ProvisioningContext provisioningContext) {
        this.provisioningContext = provisioningContext;
    }

    public void setCacheConfigurationManager(CacheConfigurationManager cacheConfigurationManager) {
        this.cacheConfigurationManager = cacheConfigurationManager;
    }

    public void setShadowsFacade(ShadowsFacade shadowsFacade) {
        this.shadowsFacade = shadowsFacade;
    }

    public void setShadowObject(PrismObject<ShadowType> prismObject) {
        this.shadowObject = prismObject;
    }

    public void setShadowObjectOld(PrismObject<ShadowType> prismObject) {
        this.shadowObjectOld = prismObject;
    }

    public void setShadowOid(String str) {
        this.shadowOid = str;
    }

    public void setConstraintViolationConfirmer(ConstraintViolationConfirmer constraintViolationConfirmer) {
        this.constraintViolationConfirmer = constraintViolationConfirmer;
    }

    public void setUseCache(boolean z) {
        this.useCache = z;
    }

    public void setStrategy(ConstraintsCheckingStrategyType constraintsCheckingStrategyType) {
        this.strategy = constraintsCheckingStrategyType;
    }

    public ConstraintsCheckingResult check(OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        OperationResult build = operationResult.subresult(ConstraintsChecker.class.getName() + ".check").setMinor().build();
        try {
            try {
                this.constraintsCheckingResult = new ConstraintsCheckingResult();
                this.constraintsCheckingResult.setSatisfiesConstraints(true);
                PrismContainer<T> findContainer = this.shadowObject.findContainer(ShadowType.F_ATTRIBUTES);
                if (findContainer == 0) {
                    LOGGER.trace("Current shadow does not contain attributes, skipping checking uniqueness.");
                    ConstraintsCheckingResult constraintsCheckingResult = this.constraintsCheckingResult;
                    build.computeStatusIfUnknown();
                    return constraintsCheckingResult;
                }
                Collection<? extends ResourceAttributeDefinition<?>> uniqueAttributesDefinitions = getUniqueAttributesDefinitions();
                LOGGER.trace("Checking uniqueness of attributes: {}", uniqueAttributesDefinitions);
                for (ResourceAttributeDefinition<?> resourceAttributeDefinition : uniqueAttributesDefinitions) {
                    PrismProperty<?> findProperty = findContainer.findProperty(resourceAttributeDefinition.getItemName());
                    LOGGER.trace("Attempt to check uniqueness of {} (def {})", findProperty, resourceAttributeDefinition);
                    if (findProperty != null) {
                        this.constraintsCheckingResult.getCheckedAttributes().add(findProperty.getElementName());
                        if (!checkAttributeUniqueness(findProperty, build)) {
                            LOGGER.debug("Attribute {} conflicts with existing object (in {})", findProperty, this.provisioningContext);
                            this.constraintsCheckingResult.getConflictingAttributes().add(findProperty.getElementName());
                            this.constraintsCheckingResult.setSatisfiesConstraints(false);
                        }
                    }
                }
                this.constraintsCheckingResult.setMessages(this.messageBuilder.toString());
                ConstraintsCheckingResult constraintsCheckingResult2 = this.constraintsCheckingResult;
                build.computeStatusIfUnknown();
                return constraintsCheckingResult2;
            } catch (Throwable th) {
                build.recordFatalError(th);
                throw th;
            }
        } catch (Throwable th2) {
            build.computeStatusIfUnknown();
            throw th2;
        }
    }

    @NotNull
    private Collection<? extends ResourceAttributeDefinition<?>> getUniqueAttributesDefinitions() {
        return this.provisioningContext.getObjectDefinitionRequired().getAllIdentifiers();
    }

    private boolean checkAttributeUniqueness(PrismProperty<?> prismProperty, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        ResourceType resource = this.provisioningContext.getResource();
        ResourceObjectDefinition objectDefinitionRequired = this.provisioningContext.getObjectDefinitionRequired();
        List<PrismPropertyValue<T>> values = prismProperty.getValues();
        MiscUtil.schemaCheck(!values.isEmpty(), "Empty identifier %s while checking uniqueness of %s (%s)", prismProperty, this.shadowOid, resource);
        return checkUniquenessByQuery(prismProperty, PrismContext.get().queryFor(ShadowType.class).itemWithDef(prismProperty.getDefinition(), ShadowType.F_ATTRIBUTES, prismProperty.getDefinition().getItemName()).eq(PrismValueCollectionsUtil.cloneCollection(values)).and().item(ShadowType.F_OBJECT_CLASS).eq(objectDefinitionRequired.getObjectClassName()).and().item(ShadowType.F_RESOURCE_REF).ref(resource.getOid()).and().block().item(ShadowType.F_DEAD).eq(false).or().item(ShadowType.F_DEAD).isNull().endBlock().build(), operationResult);
    }

    private boolean checkUniquenessByQuery(PrismProperty<?> prismProperty, ObjectQuery objectQuery, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        ResourceObjectDefinition objectDefinitionRequired = this.provisioningContext.getObjectDefinitionRequired();
        ResourceType resource = this.provisioningContext.getResource();
        if (this.useCache && Cache.isOk(resource.getOid(), this.shadowOid, objectDefinitionRequired.getTypeName(), prismProperty.getDefinition().getItemName(), prismProperty.getValues(), this.cacheConfigurationManager)) {
            return true;
        }
        SearchResultList<PrismObject<ShadowType>> searchObjects = this.shadowsFacade.searchObjects(objectQuery, GetOperationOptions.createNoFetchCollection(), this.provisioningContext.getTask(), operationResult);
        LOGGER.trace("Uniqueness check of {} resulted in {} results:\n{}\nquery:\n{}", prismProperty, Integer.valueOf(searchObjects.size()), searchObjects, objectQuery.debugDumpLazily(1));
        if (searchObjects.isEmpty()) {
            if (!this.useCache) {
                return true;
            }
            Cache.setOk(resource.getOid(), this.shadowOid, objectDefinitionRequired.getTypeName(), prismProperty.getDefinition().getItemName(), prismProperty.getValues());
            return true;
        }
        if (searchObjects.size() > 1) {
            LOGGER.error("Found {} objects with attribute {}:\n{}", Integer.valueOf(searchObjects.size()), prismProperty.toHumanReadableString(), searchObjects);
            if (LOGGER.isDebugEnabled()) {
                Iterator<PrismObject<ShadowType>> it = searchObjects.iterator();
                while (it.hasNext()) {
                    LOGGER.debug("Conflicting object:\n{}", it.next().debugDump());
                }
            }
            message("Found more than one object with attribute " + prismProperty.toHumanReadableString());
            return false;
        }
        LOGGER.trace("Comparing {} and {}", searchObjects.get(0).getOid(), this.shadowOid);
        if (searchObjects.get(0).getOid().equals(this.shadowOid)) {
            if (!this.useCache) {
                return true;
            }
            Cache.setOk(resource.getOid(), this.shadowOid, objectDefinitionRequired.getTypeName(), prismProperty.getDefinition().getItemName(), prismProperty.getValues());
            return true;
        }
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Found conflicting existing object with attribute " + prismProperty.toHumanReadableString() + ":\n" + searchObjects.get(0).debugDump());
        }
        message("Found conflicting existing object with attribute " + prismProperty.toHumanReadableString() + ": " + searchObjects.get(0));
        boolean z = !this.constraintViolationConfirmer.confirmViolation(searchObjects.get(0));
        this.constraintsCheckingResult.setConflictingShadow(searchObjects.get(0));
        return z;
    }

    private void message(String str) {
        if (this.messageBuilder.length() != 0) {
            this.messageBuilder.append(", ");
        }
        this.messageBuilder.append(str);
    }

    public static void enterCache(CacheConfiguration cacheConfiguration) {
        Cache.enter(CACHE_INSTANCES, Cache.class, cacheConfiguration, LOGGER);
    }

    public static void exitCache() {
        Cache.exit(CACHE_INSTANCES, LOGGER);
    }

    public static <T extends ShadowType> void onShadowAddOperation(T t) {
        Cache cache = Cache.getCache();
        if (cache != null) {
            log("Clearing cache on shadow add operation", false, new Object[0]);
            cache.conflictFreeSituations.clear();
        }
    }

    public static void onShadowModifyOperation(Collection<? extends ItemDelta<?, ?>> collection) {
        Cache cache = Cache.getCache();
        if (cache == null) {
            return;
        }
        ItemName itemName = ShadowType.F_ATTRIBUTES;
        Iterator<? extends ItemDelta<?, ?>> it = collection.iterator();
        while (it.hasNext()) {
            if (itemName.isSubPathOrEquivalent(it.next().getParentPath())) {
                log("Clearing cache on shadow attribute modify operation", false, new Object[0]);
                cache.conflictFreeSituations.clear();
                return;
            }
        }
    }

    public boolean canSkipChecking() {
        if (this.shadowObjectOld == null) {
            return false;
        }
        if (this.shadowObject == null) {
            LOGGER.trace("Skipping uniqueness checking because objectNew is null");
            return true;
        }
        if (this.strategy == null || !Boolean.TRUE.equals(this.strategy.isSkipWhenNoChange())) {
            LOGGER.trace("Uniqueness checking will not be skipped because 'skipWhenNoChange' is not set");
            return false;
        }
        for (ResourceAttributeDefinition<?> resourceAttributeDefinition : getUniqueAttributesDefinitions()) {
            Object find = this.shadowObjectOld.find(ItemPath.create(ShadowType.F_ATTRIBUTES, resourceAttributeDefinition.getItemName()));
            Object find2 = this.shadowObject.find(ItemPath.create(ShadowType.F_ATTRIBUTES, resourceAttributeDefinition.getItemName()));
            if (!Objects.equals(find, find2)) {
                LOGGER.trace("Uniqueness check will not be skipped because identifier {} values do not match: old={}, new={}", resourceAttributeDefinition.getItemName(), find, find2);
                return false;
            }
        }
        LOGGER.trace("Skipping uniqueness checking because old and new values for identifiers match");
        return true;
    }

    private static void log(String str, boolean z, Object... objArr) {
        CacheUtil.log(LOGGER, PERFORMANCE_ADVISOR, str, z, objArr);
    }
}
