package com.evolveum.midpoint.provisioning.impl.shadows.manager;

import com.evolveum.midpoint.common.Clock;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.provisioning.impl.shadows.ConstraintsChecker;
import com.evolveum.midpoint.provisioning.impl.shadows.ProvisioningOperationState;
import com.evolveum.midpoint.provisioning.impl.shadows.ShadowsNormalizationUtil;
import com.evolveum.midpoint.provisioning.util.ProvisioningUtil;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.processor.ResourceAssociationDefinition;
import com.evolveum.midpoint.schema.processor.ResourceAttribute;
import com.evolveum.midpoint.schema.processor.ResourceAttributeContainer;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CachingMetadataType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CachingStrategyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PendingOperationExecutionStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PendingOperationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectAssociationDirectionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.util.Iterator;
import javax.xml.namespace.QName;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.7.5-SNAPSHOT.jar:com/evolveum/midpoint/provisioning/impl/shadows/manager/ShadowCreator.class */
public class ShadowCreator {
    private static final Trace LOGGER;

    @Autowired
    @Qualifier("cacheRepositoryService")
    private RepositoryService repositoryService;

    @Autowired
    private Clock clock;

    @Autowired
    private Protector protector;

    @Autowired
    private PendingOperationsHelper pendingOperationsHelper;
    static final /* synthetic */ boolean $assertionsDisabled;

    @NotNull
    public ShadowType addDiscoveredRepositoryShadow(ProvisioningContext provisioningContext, ShadowType shadowType, OperationResult operationResult) throws SchemaException, ConfigurationException, ObjectAlreadyExistsException, EncryptionException {
        LOGGER.trace("Adding new shadow from resource object:\n{}", shadowType.debugDumpLazily(1));
        ShadowType createShadowForRepoStorage = createShadowForRepoStorage(provisioningContext, shadowType);
        ConstraintsChecker.onShadowAddOperation(createShadowForRepoStorage);
        createShadowForRepoStorage.setOid(this.repositoryService.addObject(createShadowForRepoStorage.asPrismObject(), null, operationResult));
        LOGGER.debug("Added new shadow (from resource object): {}", createShadowForRepoStorage);
        LOGGER.trace("Added new shadow (from resource object):\n{}", createShadowForRepoStorage.debugDumpLazily(1));
        return createShadowForRepoStorage;
    }

    public void addNewProposedShadow(ProvisioningContext provisioningContext, ShadowType shadowType, ProvisioningOperationState.AddOperationState addOperationState, OperationResult operationResult) throws SchemaException, ConfigurationException, ObjectAlreadyExistsException, EncryptionException {
        PendingOperationType findPendingAddOperation;
        if (provisioningContext.shouldUseProposedShadows()) {
            ShadowType repoShadow = addOperationState.getRepoShadow();
            if (repoShadow != null) {
                if (provisioningContext.isPropagation() || (findPendingAddOperation = PendingOperationsHelper.findPendingAddOperation(repoShadow)) == null) {
                    return;
                }
                addOperationState.setCurrentPendingOperation(findPendingAddOperation);
                return;
            }
            ShadowType createShadowForRepoStorage = createShadowForRepoStorage(provisioningContext, shadowType);
            if (!$assertionsDisabled && !createShadowForRepoStorage.getPendingOperation().isEmpty()) {
                throw new AssertionError();
            }
            addOperationState.setExecutionStatus(PendingOperationExecutionStatusType.REQUESTED);
            this.pendingOperationsHelper.addPendingOperationIntoNewShadow(createShadowForRepoStorage, shadowType, addOperationState, provisioningContext.getTask().getTaskIdentifier());
            ConstraintsChecker.onShadowAddOperation(createShadowForRepoStorage);
            try {
                ShadowType shadowType2 = (ShadowType) this.repositoryService.getObject(ShadowType.class, this.repositoryService.addObject(createShadowForRepoStorage.asPrismObject(), null, operationResult), null, operationResult).asObjectable();
                provisioningContext.applyAttributesDefinition(shadowType2);
                addOperationState.setRepoShadow(shadowType2);
                LOGGER.trace("Proposed shadow added to the repository (and read back): {}", shadowType2);
                addOperationState.setCurrentPendingOperation((PendingOperationType) MiscUtil.extractSingletonRequired(shadowType2.getPendingOperation(), () -> {
                    return new IllegalStateException("multiple pending operations");
                }, () -> {
                    return new IllegalStateException("no pending operations");
                }));
            } catch (ObjectNotFoundException e) {
                throw SystemException.unexpected(e, "when reading newly-created shadow back");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public ShadowType createShadowForRepoStorage(ProvisioningContext provisioningContext, ShadowType shadowType) throws SchemaException, ConfigurationException, EncryptionException {
        PasswordType password;
        ResourceAttribute findAttribute;
        ShadowType clone = shadowType.clone();
        clone.setPrimaryIdentifierValue((String) ShadowManagerMiscUtil.determinePrimaryIdentifierValue(provisioningContext, shadowType));
        ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(shadowType);
        CachingStrategyType cachingStrategy = provisioningContext.getCachingStrategy();
        if (cachingStrategy == CachingStrategyType.NONE) {
            ResourceAttributeContainer attributesContainer2 = ShadowUtil.getAttributesContainer(clone);
            attributesContainer2.clear();
            Iterator<ResourceAttribute<?>> it = attributesContainer.getAllIdentifiers().iterator();
            while (it.hasNext()) {
                attributesContainer2.add(it.next().mo1258clone());
            }
            for (ResourceAssociationDefinition resourceAssociationDefinition : provisioningContext.getObjectDefinitionRequired().getAssociationDefinitions()) {
                if (resourceAssociationDefinition.getDirection() == ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT) {
                    QName valueAttribute = resourceAssociationDefinition.getDefinitionBean().getValueAttribute();
                    if (attributesContainer2.findAttribute(valueAttribute) == null && (findAttribute = attributesContainer.findAttribute(valueAttribute)) != null) {
                        attributesContainer2.add(findAttribute.mo1258clone());
                    }
                }
            }
            clone.setCachingMetadata(null);
            ProvisioningUtil.cleanupShadowActivation(clone);
        } else {
            if (cachingStrategy != CachingStrategyType.PASSIVE) {
                throw new ConfigurationException("Unknown caching strategy " + cachingStrategy);
            }
            CachingMetadataType cachingMetadataType = new CachingMetadataType();
            cachingMetadataType.setRetrievalTimestamp(this.clock.currentTimeXMLGregorianCalendar());
            clone.setCachingMetadata(cachingMetadataType);
        }
        CredentialsType credentials = clone.getCredentials();
        if (credentials != null && (password = credentials.getPassword()) != null) {
            preparePasswordForStorage(password, provisioningContext);
            ProvisioningUtil.addPasswordMetadata(password, this.clock.currentTimeXMLGregorianCalendar(), provisioningContext.getTask().getOwnerRef());
        }
        if (clone.getResourceRef() == null) {
            clone.setResourceRef(provisioningContext.getResourceRef());
        }
        if (clone.getName() == null) {
            clone.setName(ShadowUtil.determineShadowNameRequired(shadowType));
        }
        if (clone.getObjectClass() == null) {
            clone.setObjectClass(attributesContainer.getDefinition().getTypeName());
        }
        if (clone.isProtectedObject() != null) {
            clone.setProtectedObject(null);
        }
        if (clone.getEffectiveOperationPolicy() != null) {
            clone.setEffectiveOperationPolicy(null);
        }
        ShadowsNormalizationUtil.normalizeAttributes(clone, provisioningContext.getObjectDefinitionRequired());
        return clone;
    }

    private void preparePasswordForStorage(PasswordType passwordType, ProvisioningContext provisioningContext) throws SchemaException, EncryptionException {
        ProtectedStringType value = passwordType.getValue();
        if (value == null) {
            return;
        }
        CachingStrategyType passwordCachingStrategy = provisioningContext.getPasswordCachingStrategy();
        if (passwordCachingStrategy == null || passwordCachingStrategy == CachingStrategyType.NONE) {
            ProvisioningUtil.cleanupShadowPassword(passwordType);
        } else {
            if (value.isHashed()) {
                return;
            }
            this.protector.hash(value);
        }
    }

    static {
        $assertionsDisabled = !ShadowCreator.class.desiredAssertionStatus();
        LOGGER = TraceManager.getTrace((Class<?>) ShadowCreator.class);
    }
}
