package com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators;

import com.evolveum.midpoint.model.api.context.EvaluatedModificationTrigger;
import com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext;
import com.evolveum.midpoint.model.impl.lens.projector.policy.PolicyRuleEvaluationContext;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.impl.binding.AbstractMutableContainerable;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.util.LocalizableMessage;
import com.evolveum.midpoint.util.LocalizableMessageBuilder;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.SingleLocalizableMessage;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentHolderType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentModificationPolicyConstraintType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyConstraintKindType;
import com.evolveum.prism.xml.ns._public.types_3.ChangeTypeType;
import com.evolveum.prism.xml.ns._public.types_3.ItemPathType;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.jetbrains.annotations.NotNull;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/model-impl-4.7.5-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/AssignmentModificationConstraintEvaluator.class */
public class AssignmentModificationConstraintEvaluator extends ModificationConstraintEvaluator<AssignmentModificationPolicyConstraintType, EvaluatedModificationTrigger.EvaluatedAssignmentModificationTrigger> {
    private static final String CONSTRAINT_KEY_PREFIX = "assignmentModification.";
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) AssignmentModificationConstraintEvaluator.class);
    private static final String OP_EVALUATE = AssignmentModificationConstraintEvaluator.class.getName() + ".evaluate";

    @Override // com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators.PolicyConstraintEvaluator
    @NotNull
    public <O extends ObjectType> Collection<EvaluatedModificationTrigger.EvaluatedAssignmentModificationTrigger> evaluate(@NotNull JAXBElement<AssignmentModificationPolicyConstraintType> jAXBElement, @NotNull PolicyRuleEvaluationContext<O> policyRuleEvaluationContext, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
        OperationResult build = operationResult.subresult(OP_EVALUATE).setMinor().build();
        try {
            try {
                if (!(policyRuleEvaluationContext instanceof AssignmentPolicyRuleEvaluationContext)) {
                    LOGGER.trace("Not an AssignmentPolicyRuleEvaluationContext: {}", policyRuleEvaluationContext.getClass());
                    List of = List.of();
                    build.computeStatusIfUnknown();
                    return of;
                }
                AssignmentPolicyRuleEvaluationContext assignmentPolicyRuleEvaluationContext = (AssignmentPolicyRuleEvaluationContext) policyRuleEvaluationContext;
                if (!assignmentPolicyRuleEvaluationContext.isDirect()) {
                    LOGGER.trace("Assignment is indirect => not triggering");
                    List of2 = List.of();
                    build.computeStatusIfUnknown();
                    return of2;
                }
                AssignmentModificationPolicyConstraintType value = jAXBElement.getValue();
                if (!operationMatches(value, assignmentPolicyRuleEvaluationContext.isAdded, assignmentPolicyRuleEvaluationContext.isKept, assignmentPolicyRuleEvaluationContext.isDeleted) || !relationMatches(value, assignmentPolicyRuleEvaluationContext) || !pathsMatch(value, assignmentPolicyRuleEvaluationContext) || !expressionPasses(jAXBElement, assignmentPolicyRuleEvaluationContext, build)) {
                    List of3 = List.of();
                    build.computeStatusIfUnknown();
                    return of3;
                }
                EvaluatedModificationTrigger.EvaluatedAssignmentModificationTrigger evaluatedAssignmentModificationTrigger = new EvaluatedModificationTrigger.EvaluatedAssignmentModificationTrigger(PolicyConstraintKindType.ASSIGNMENT_MODIFICATION, value, assignmentPolicyRuleEvaluationContext.evaluatedAssignment.getTarget(), createMessage(jAXBElement, assignmentPolicyRuleEvaluationContext, build), createShortMessage(jAXBElement, assignmentPolicyRuleEvaluationContext, build));
                build.addReturn("trigger", evaluatedAssignmentModificationTrigger.toDiagShortcut());
                List of4 = List.of(evaluatedAssignmentModificationTrigger);
                build.computeStatusIfUnknown();
                return of4;
            } catch (Throwable th) {
                build.recordFatalError(th.getMessage(), th);
                throw th;
            }
        } catch (Throwable th2) {
            build.computeStatusIfUnknown();
            throw th2;
        }
    }

    private <AH extends AssignmentHolderType> LocalizableMessage createMessage(JAXBElement<AssignmentModificationPolicyConstraintType> jAXBElement, AssignmentPolicyRuleEvaluationContext<AH> assignmentPolicyRuleEvaluationContext, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
        String str = createStateKey(assignmentPolicyRuleEvaluationContext) + createOperationKey(assignmentPolicyRuleEvaluationContext);
        QName normalizedRelation = assignmentPolicyRuleEvaluationContext.evaluatedAssignment.getNormalizedRelation();
        return this.evaluatorHelper.createLocalizableMessage(jAXBElement, assignmentPolicyRuleEvaluationContext, new LocalizableMessageBuilder().key("DefaultPolicyConstraint.assignmentModification." + str).arg(ObjectTypeUtil.createDisplayInformation(assignmentPolicyRuleEvaluationContext.evaluatedAssignment.getTarget(), false)).arg(normalizedRelation != null ? new LocalizableMessageBuilder().key("relation." + normalizedRelation.getLocalPart()).build() : null).build(), operationResult);
    }

    @NotNull
    private <AH extends AssignmentHolderType> String createOperationKey(AssignmentPolicyRuleEvaluationContext<AH> assignmentPolicyRuleEvaluationContext) {
        return assignmentPolicyRuleEvaluationContext.isAdded ? "Added" : assignmentPolicyRuleEvaluationContext.isDeleted ? "Deleted" : "Modified";
    }

    private <AH extends AssignmentHolderType> LocalizableMessage createShortMessage(JAXBElement<AssignmentModificationPolicyConstraintType> jAXBElement, AssignmentPolicyRuleEvaluationContext<AH> assignmentPolicyRuleEvaluationContext, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
        SingleLocalizableMessage build;
        String str = createStateKey(assignmentPolicyRuleEvaluationContext) + createOperationKey(assignmentPolicyRuleEvaluationContext);
        QName normalizedRelation = assignmentPolicyRuleEvaluationContext.evaluatedAssignment.getNormalizedRelation();
        if (this.prismContext.isDefaultRelation(normalizedRelation)) {
            build = new LocalizableMessageBuilder().key("DefaultPolicyConstraint.Short.assignmentModification." + str).arg(ObjectTypeUtil.createDisplayInformation(assignmentPolicyRuleEvaluationContext.evaluatedAssignment.getTarget(), false)).arg(ObjectTypeUtil.createDisplayInformation(assignmentPolicyRuleEvaluationContext.getObject(), false)).build();
        } else {
            build = new LocalizableMessageBuilder().key("DefaultPolicyConstraint.ShortWithRelation.assignmentModification." + str).arg(ObjectTypeUtil.createDisplayInformation(assignmentPolicyRuleEvaluationContext.evaluatedAssignment.getTarget(), false)).arg(ObjectTypeUtil.createDisplayInformation(assignmentPolicyRuleEvaluationContext.getObject(), false)).arg(new LocalizableMessageBuilder().key("relation." + normalizedRelation.getLocalPart()).build()).build();
        }
        return this.evaluatorHelper.createLocalizableShortMessage(jAXBElement, assignmentPolicyRuleEvaluationContext, build, operationResult);
    }

    private <AH extends AssignmentHolderType> boolean relationMatches(AssignmentModificationPolicyConstraintType assignmentModificationPolicyConstraintType, AssignmentPolicyRuleEvaluationContext<AH> assignmentPolicyRuleEvaluationContext) {
        QName normalizedRelation = assignmentPolicyRuleEvaluationContext.evaluatedAssignment.getNormalizedRelation();
        List<QName> singletonList = assignmentModificationPolicyConstraintType.getRelation().isEmpty() ? Collections.singletonList(null) : assignmentModificationPolicyConstraintType.getRelation();
        Iterator<QName> it = singletonList.iterator();
        while (it.hasNext()) {
            if (this.prismContext.relationMatches(it.next(), normalizedRelation)) {
                return true;
            }
        }
        LOGGER.trace("Relation does not match. Relations to check: {}, real (normalized) relation: {}", singletonList, normalizedRelation);
        return false;
    }

    private boolean operationMatches(AssignmentModificationPolicyConstraintType assignmentModificationPolicyConstraintType, boolean z, boolean z2, boolean z3) {
        List<ChangeTypeType> operation = assignmentModificationPolicyConstraintType.getOperation();
        if (operation.isEmpty()) {
            return true;
        }
        if (z && operation.contains(ChangeTypeType.ADD)) {
            return true;
        }
        if (z2 && operation.contains(ChangeTypeType.MODIFY)) {
            return true;
        }
        if (z3 && operation.contains(ChangeTypeType.DELETE)) {
            return true;
        }
        LOGGER.trace("Operation does not match. Configured operations: {}, real inPlus={}, inMinus={}, inZero={}.", operation, Boolean.valueOf(z), Boolean.valueOf(z3), Boolean.valueOf(z2));
        return false;
    }

    private <AH extends AssignmentHolderType> boolean pathsMatch(AssignmentModificationPolicyConstraintType assignmentModificationPolicyConstraintType, AssignmentPolicyRuleEvaluationContext<AH> assignmentPolicyRuleEvaluationContext) throws SchemaException {
        boolean isTrue = BooleanUtils.isTrue(assignmentModificationPolicyConstraintType.isExactPathMatch());
        if (assignmentModificationPolicyConstraintType.getItem().isEmpty()) {
            if (assignmentPolicyRuleEvaluationContext.isAdded || assignmentPolicyRuleEvaluationContext.isDeleted) {
                LOGGER.trace("pathsMatch: returns true because no items are configured and isAdded||isDeleted");
                return true;
            }
            Collection<? extends ItemDelta<?, ?>> subItemDeltas = assignmentPolicyRuleEvaluationContext.evaluatedAssignment.getAssignmentIdi().getSubItemDeltas();
            boolean z = (subItemDeltas == null || subItemDeltas.isEmpty()) ? false : true;
            LOGGER.trace("pathsMatch: returns subItemsDeltasPresent ({}) because not in plus nor minus", Boolean.valueOf(z));
            return z;
        }
        Iterator<ItemPathType> it = assignmentModificationPolicyConstraintType.getItem().iterator();
        while (it.hasNext()) {
            ItemPath path = this.prismContext.toPath(it.next());
            if (assignmentPolicyRuleEvaluationContext.isAdded && pathDoesNotMatch(assignmentPolicyRuleEvaluationContext.evaluatedAssignment.getAssignment(false), path)) {
                LOGGER.trace("pathsMatch: returns 'false' because isAdded and path {} does not match new assignment", path);
                return false;
            }
            if (assignmentPolicyRuleEvaluationContext.isDeleted && pathDoesNotMatch(assignmentPolicyRuleEvaluationContext.evaluatedAssignment.getAssignment(true), path)) {
                LOGGER.trace("pathsMatch: returns 'false' because isDeleted and path {} does not match old assignment", path);
                return false;
            }
            if (assignmentPolicyRuleEvaluationContext.isKept) {
                if (isTrue) {
                    Collection<? extends ItemDelta<?, ?>> subItemDeltas2 = assignmentPolicyRuleEvaluationContext.evaluatedAssignment.getAssignmentIdi().getSubItemDeltas();
                    if (!pathMatchesExactly(CollectionUtils.emptyIfNull(subItemDeltas2), path, 2)) {
                        LOGGER.trace("pathsMatch: returns false because isKept and path {} does not match new assignment; exact=true; sub item deltas={}", path, subItemDeltas2);
                        return false;
                    }
                } else {
                    AbstractMutableContainerable assignment = assignmentPolicyRuleEvaluationContext.evaluatedAssignment.getAssignment(true);
                    AbstractMutableContainerable assignment2 = assignmentPolicyRuleEvaluationContext.evaluatedAssignment.getAssignment(false);
                    MiscUtil.stateCheck(assignment != null, "No 'old' assignment value in %s", assignmentPolicyRuleEvaluationContext);
                    MiscUtil.stateCheck(assignment2 != null, "No 'new' assignment value in %s", assignmentPolicyRuleEvaluationContext);
                    ItemPath namedSegmentsOnly = path.namedSegmentsOnly();
                    if (!valuesChanged(assignment.asPrismContainerValue(), assignment2.asPrismContainerValue(), namedSegmentsOnly)) {
                        LOGGER.trace("pathsMatch: returns 'false' because isKept and value(s) for path {} have not been changed", namedSegmentsOnly);
                        return false;
                    }
                }
            }
        }
        LOGGER.trace("pathsMatch: returns 'true' because all paths ({}) match", assignmentModificationPolicyConstraintType.getItem());
        return true;
    }

    private boolean pathDoesNotMatch(AssignmentType assignmentType, ItemPath itemPath) throws SchemaException {
        return !assignmentType.asPrismContainerValue().containsItem(itemPath, false);
    }
}
