package com.evolveum.midpoint.provisioning.impl.shadows;

import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.provisioning.api.ItemComparisonResult;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContextFactory;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.processor.ResourceObjectDefinition;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.annotation.Experimental;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordCompareStrategyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourcePasswordDefinitionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

/* JADX INFO: Access modifiers changed from: package-private */
@Experimental
@Component
/* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.7.5-SNAPSHOT.jar:com/evolveum/midpoint/provisioning/impl/shadows/ShadowCompareHelper.class */
public class ShadowCompareHelper {

    @Autowired
    private ProvisioningContextFactory ctxFactory;

    @Autowired
    private Protector protector;

    ShadowCompareHelper() {
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <T> ItemComparisonResult compare(@NotNull ShadowType shadowType, ItemPath itemPath, T t, Task task, OperationResult operationResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, EncryptionException {
        ProtectedStringType protectedStringType;
        if (!itemPath.equivalent(SchemaConstants.PATH_PASSWORD_VALUE)) {
            throw new UnsupportedOperationException("Only password comparison is supported");
        }
        ProvisioningContext createForShadow = this.ctxFactory.createForShadow(shadowType, task, operationResult);
        createForShadow.applyAttributesDefinition(shadowType);
        ResourceType resource = createForShadow.getResource();
        PasswordCompareStrategyType passwordCompareStrategy = getPasswordCompareStrategy(createForShadow.getObjectDefinitionRequired());
        if (passwordCompareStrategy == PasswordCompareStrategyType.ERROR) {
            throw new UnsupportedOperationException("Password comparison is not supported on " + resource);
        }
        PrismProperty<T> findProperty = shadowType.asPrismObject().findProperty(itemPath);
        if (findProperty == null) {
            return passwordCompareStrategy == PasswordCompareStrategyType.CACHED ? t == 0 ? ItemComparisonResult.MATCH : ItemComparisonResult.MISMATCH : ItemComparisonResult.NOT_APPLICABLE;
        }
        ProtectedStringType protectedStringType2 = (ProtectedStringType) findProperty.getRealValue();
        if (t instanceof ProtectedStringType) {
            protectedStringType = (ProtectedStringType) t;
        } else {
            protectedStringType = new ProtectedStringType();
            protectedStringType.setClearValue((String) t);
        }
        return this.protector.compareCleartext(protectedStringType2, protectedStringType) ? ItemComparisonResult.MATCH : ItemComparisonResult.MISMATCH;
    }

    private PasswordCompareStrategyType getPasswordCompareStrategy(ResourceObjectDefinition resourceObjectDefinition) {
        ResourcePasswordDefinitionType passwordDefinition = resourceObjectDefinition.getPasswordDefinition();
        if (passwordDefinition != null) {
            return passwordDefinition.getCompareStrategy();
        }
        return null;
    }
}
