package com.evolveum.midpoint.model.impl.lens.projector.policy;

import com.evolveum.midpoint.model.api.context.EvaluatedAssignment;
import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule;
import com.evolveum.midpoint.model.common.GlobalRuleWithId;
import com.evolveum.midpoint.model.common.ModelCommonBeans;
import com.evolveum.midpoint.model.common.mapping.MappingBuilder;
import com.evolveum.midpoint.model.common.mapping.MappingImpl;
import com.evolveum.midpoint.model.impl.ModelBeans;
import com.evolveum.midpoint.model.impl.lens.EvaluatedPolicyRuleImpl;
import com.evolveum.midpoint.model.impl.lens.LensContext;
import com.evolveum.midpoint.model.impl.lens.LensFocusContext;
import com.evolveum.midpoint.model.impl.lens.LensUtil;
import com.evolveum.midpoint.model.impl.lens.assignments.EvaluatedAssignmentImpl;
import com.evolveum.midpoint.model.impl.lens.assignments.EvaluatedAssignmentTargetImpl;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismObjectDefinition;
import com.evolveum.midpoint.prism.delta.DeltaSetTriple;
import com.evolveum.midpoint.prism.util.ObjectDeltaObject;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.repo.common.expression.ExpressionUtil;
import com.evolveum.midpoint.schema.constants.ExpressionConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.PolicyRuleTypeUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.GlobalPolicyRuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MappingKindType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectSelectorType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyRuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/model-impl-4.7.5-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/lens/projector/policy/PolicyRulesCollector.class */
public class PolicyRulesCollector<O extends ObjectType> {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) PolicyRulesCollector.class);

    @NotNull
    private final LensContext<O> context;

    @NotNull
    private final Task task;

    @NotNull
    private final RepositoryService repositoryService = ModelBeans.get().cacheRepositoryService;
    private List<GlobalRuleWithId> rulesWithIds;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PolicyRulesCollector(@NotNull LensContext<O> lensContext, @NotNull Task task) {
        this.context = lensContext;
        this.task = task;
    }

    public void initialize(OperationResult operationResult) {
        this.rulesWithIds = getAllGlobalPolicyRules(operationResult);
    }

    private void checkInitialized() {
        MiscUtil.stateCheck(this.rulesWithIds != null, "Not initialized", new Object[0]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public List<EvaluatedPolicyRuleImpl> collectObjectRules(OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, SecurityViolationException, ConfigurationException, CommunicationException {
        ArrayList arrayList = new ArrayList();
        collectObjectRulesFromAssignments(arrayList);
        collectGlobalObjectRules(arrayList, operationResult);
        resolveConstraintReferences(arrayList);
        return arrayList;
    }

    private void collectObjectRulesFromAssignments(List<EvaluatedPolicyRuleImpl> list) {
        Iterator<EvaluatedAssignmentImpl<?>> it = this.context.getAllEvaluatedAssignments().iterator();
        while (it.hasNext()) {
            list.addAll(it.next().getObjectPolicyRules());
        }
    }

    private void collectGlobalObjectRules(List<EvaluatedPolicyRuleImpl> list, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, SecurityViolationException, ConfigurationException, CommunicationException {
        PrismObject<O> focusForSelection = getFocusForSelection();
        int i = 0;
        for (GlobalRuleWithId globalRuleWithId : getGlobalRulesMatchingFocus(focusForSelection)) {
            GlobalPolicyRuleType ruleBean = globalRuleWithId.getRuleBean();
            if (isRuleConditionTrue(ruleBean, focusForSelection, null, operationResult)) {
                LOGGER.trace("Collecting global policy rule '{}' ({})", ruleBean.getName(), globalRuleWithId.getRuleId());
                list.add(new EvaluatedPolicyRuleImpl(ruleBean.mo1244clone(), globalRuleWithId.getRuleId(), null, EvaluatedPolicyRule.TargetType.OBJECT));
                i++;
            } else {
                LOGGER.trace("Skipping global policy rule {} ({}) because the condition evaluated to false: {}", ruleBean.getName(), globalRuleWithId.getRuleId(), ruleBean);
            }
        }
        LOGGER.trace("Selected {} global policy rules for further evaluation", Integer.valueOf(i));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void collectGlobalAssignmentRules(DeltaSetTriple<? extends EvaluatedAssignmentImpl<?>> deltaSetTriple, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, SecurityViolationException, ConfigurationException, CommunicationException {
        PrismObject<O> focusForSelection = getFocusForSelection();
        int i = 0;
        for (GlobalRuleWithId globalRuleWithId : getGlobalRulesMatchingFocus(focusForSelection)) {
            GlobalPolicyRuleType ruleBean = globalRuleWithId.getRuleBean();
            String name = ruleBean.getName();
            for (EvaluatedAssignmentImpl<?> evaluatedAssignmentImpl : deltaSetTriple.getAllValues()) {
                for (EvaluatedAssignmentTargetImpl evaluatedAssignmentTargetImpl : evaluatedAssignmentImpl.getRoles().getNonNegativeValues()) {
                    boolean isDirectlyAssigned = evaluatedAssignmentTargetImpl.isDirectlyAssigned();
                    if (isDirectlyAssigned || evaluatedAssignmentTargetImpl.getAssignmentPath().last().isMatchingOrder()) {
                        if (!this.repositoryService.selectorMatches(ruleBean.getTargetSelector(), evaluatedAssignmentTargetImpl.getTarget(), null, LOGGER, "Global policy rule " + name + " target selector: ")) {
                            LOGGER.trace("Skipping global policy rule {} because target selector did not match: {}", name, globalRuleWithId);
                        } else if (isRuleConditionTrue(ruleBean, focusForSelection, evaluatedAssignmentImpl, operationResult)) {
                            LOGGER.trace("Collecting global policy rule '{}' in {}, considering target {} (applies directly: {})", ruleBean.getName(), evaluatedAssignmentImpl, evaluatedAssignmentTargetImpl, Boolean.valueOf(isDirectlyAssigned));
                            evaluatedAssignmentImpl.addTargetPolicyRule(new EvaluatedPolicyRuleImpl(ruleBean.mo1244clone(), globalRuleWithId.getRuleId(), evaluatedAssignmentTargetImpl.getAssignmentPath().m913clone(), evaluatedAssignmentImpl, isDirectlyAssigned ? EvaluatedPolicyRule.TargetType.DIRECT_ASSIGNMENT_TARGET : EvaluatedPolicyRule.TargetType.INDIRECT_ASSIGNMENT_TARGET));
                            i++;
                        } else {
                            LOGGER.trace("Skipping global policy rule {} because the condition evaluated to false: {}", name, globalRuleWithId);
                        }
                    }
                }
            }
        }
        LOGGER.trace("Global policy rules instantiated {} times for further evaluation", Integer.valueOf(i));
    }

    private List<GlobalRuleWithId> getGlobalRulesMatchingFocus(@Nullable PrismObject<O> prismObject) throws SchemaException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ConfigurationException, ObjectNotFoundException {
        checkInitialized();
        ArrayList arrayList = new ArrayList();
        LOGGER.trace("Checking {} global policy rules for use with the object or assignments", Integer.valueOf(this.rulesWithIds.size()));
        for (GlobalRuleWithId globalRuleWithId : this.rulesWithIds) {
            GlobalPolicyRuleType ruleBean = globalRuleWithId.getRuleBean();
            ObjectSelectorType focusSelector = ruleBean.getFocusSelector();
            if (focusSelector == null || this.repositoryService.selectorMatches(focusSelector, prismObject, null, LOGGER, "Global policy rule " + ruleBean.getName() + ": ")) {
                arrayList.add(globalRuleWithId);
            }
        }
        return arrayList;
    }

    @Nullable
    private PrismObject<O> getFocusForSelection() {
        LensFocusContext<O> focusContext = this.context.getFocusContext();
        if (focusContext == null) {
            return null;
        }
        PrismObject<O> objectCurrent = focusContext.getObjectCurrent();
        if (objectCurrent != null) {
            return objectCurrent;
        }
        PrismObject<O> objectNew = focusContext.getObjectNew();
        if (objectNew != null) {
            return objectNew;
        }
        if (focusContext.isDeleted()) {
            return focusContext.getObjectOld();
        }
        return null;
    }

    @NotNull
    private List<GlobalRuleWithId> getAllGlobalPolicyRules(@NotNull OperationResult operationResult) {
        SystemConfigurationType systemConfigurationBean = this.context.getSystemConfigurationBean();
        ArrayList arrayList = new ArrayList();
        if (systemConfigurationBean != null) {
            Iterator<GlobalPolicyRuleType> it = systemConfigurationBean.getGlobalPolicyRule().iterator();
            while (it.hasNext()) {
                arrayList.add(GlobalRuleWithId.of(it.next(), systemConfigurationBean.getOid()));
            }
        }
        arrayList.addAll(ModelCommonBeans.get().markManager.getAllEnabledMarkPolicyRules(this.task, operationResult));
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void resolveConstraintReferences(Collection<? extends EvaluatedPolicyRule> collection) {
        List list = (List) collection.stream().map((v0) -> {
            return v0.getPolicyRule();
        }).collect(Collectors.toList());
        checkInitialized();
        PolicyRuleTypeUtil.resolveConstraintReferences((List<PolicyRuleType>) list, (Collection<? extends PolicyRuleType>) this.rulesWithIds.stream().map((v0) -> {
            return v0.getRuleBean();
        }).collect(Collectors.toList()));
    }

    private boolean isRuleConditionTrue(@NotNull GlobalPolicyRuleType globalPolicyRuleType, @Nullable PrismObject<O> prismObject, @Nullable EvaluatedAssignmentImpl<?> evaluatedAssignmentImpl, @NotNull OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, CommunicationException {
        MappingType condition = globalPolicyRuleType.getCondition();
        if (condition == null) {
            return true;
        }
        if (!this.task.canSee(condition)) {
            LOGGER.trace("Condition is not visible for the current task");
            return true;
        }
        MappingBuilder createMappingBuilder = ModelBeans.get().mappingFactory.createMappingBuilder();
        ObjectDeltaObject<?> objectDeltaObject = prismObject != null ? new ObjectDeltaObject<>(prismObject, null, prismObject, prismObject.getDefinition()) : null;
        PrismObject<?> target = evaluatedAssignmentImpl != null ? evaluatedAssignmentImpl.getTarget() : null;
        MappingImpl build = createMappingBuilder.mappingBean(condition).mappingKind(MappingKindType.POLICY_RULE_CONDITION).contextDescription("condition in global policy rule " + globalPolicyRuleType.getName()).sourceContext(objectDeltaObject).defaultTargetDefinition(LensUtil.createConditionDefinition(PrismContext.get())).addVariableDefinition("user", objectDeltaObject).addVariableDefinition("focus", objectDeltaObject).addAliasRegistration("user", null).addAliasRegistration("focus", null).addVariableDefinition("target", target, target != null ? target.getDefinition() : getObjectDefinition()).addVariableDefinition(ExpressionConstants.VAR_EVALUATED_ASSIGNMENT, evaluatedAssignmentImpl, EvaluatedAssignment.class).addVariableDefinition(ExpressionConstants.VAR_ASSIGNMENT, evaluatedAssignmentImpl != null ? evaluatedAssignmentImpl.getAssignment() : null, AssignmentType.class).rootNode(objectDeltaObject).build();
        ModelBeans.get().mappingEvaluator.evaluateMapping(build, this.context, this.task, operationResult);
        DeltaSetTriple outputTriple = build.getOutputTriple();
        return outputTriple != null && ExpressionUtil.computeConditionResult(outputTriple.getNonNegativeValues());
    }

    private PrismObjectDefinition<?> getObjectDefinition() {
        return PrismContext.get().getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ObjectType.class);
    }
}
