package com.evolveum.midpoint.provisioning.impl.resourceobjects;

import com.evolveum.midpoint.prism.Item;
import com.evolveum.midpoint.prism.ItemDefinition;
import com.evolveum.midpoint.prism.PrismConstants;
import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismObjectDefinition;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.PrismPropertyDefinition;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.PrismValueCollectionsUtil;
import com.evolveum.midpoint.prism.delta.ContainerDelta;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.ItemDeltaCollectionsUtil;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.equivalence.EquivalenceStrategy;
import com.evolveum.midpoint.prism.match.MatchingRule;
import com.evolveum.midpoint.prism.match.MatchingRuleRegistry;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.prism.util.PrismUtil;
import com.evolveum.midpoint.provisioning.api.GenericConnectorException;
import com.evolveum.midpoint.provisioning.api.LiveSyncToken;
import com.evolveum.midpoint.provisioning.impl.CommonBeans;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.provisioning.impl.ResourceObjectDiscriminator;
import com.evolveum.midpoint.provisioning.impl.ResourceObjectOperations;
import com.evolveum.midpoint.provisioning.impl.ShadowCaretaker;
import com.evolveum.midpoint.provisioning.impl.TokenUtil;
import com.evolveum.midpoint.provisioning.ucf.api.AttributesToReturn;
import com.evolveum.midpoint.provisioning.ucf.api.ConnectorInstance;
import com.evolveum.midpoint.provisioning.ucf.api.ConnectorOperationOptions;
import com.evolveum.midpoint.provisioning.ucf.api.ExecuteProvisioningScriptOperation;
import com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException;
import com.evolveum.midpoint.provisioning.ucf.api.Operation;
import com.evolveum.midpoint.provisioning.ucf.api.PropertyModificationOperation;
import com.evolveum.midpoint.provisioning.ucf.api.UcfExecutionContext;
import com.evolveum.midpoint.provisioning.ucf.api.UcfFetchChangesResult;
import com.evolveum.midpoint.provisioning.ucf.api.UcfFetchErrorReportingMethod;
import com.evolveum.midpoint.provisioning.ucf.api.UcfSyncToken;
import com.evolveum.midpoint.provisioning.ucf.api.async.UcfAsyncUpdateChangeListener;
import com.evolveum.midpoint.provisioning.util.ProvisioningUtil;
import com.evolveum.midpoint.repo.common.expression.ExpressionFactory;
import com.evolveum.midpoint.schema.RelationRegistry;
import com.evolveum.midpoint.schema.SearchResultMetadata;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.internals.InternalsConfig;
import com.evolveum.midpoint.schema.processor.ResourceAssociationDefinition;
import com.evolveum.midpoint.schema.processor.ResourceAttribute;
import com.evolveum.midpoint.schema.processor.ResourceAttributeContainer;
import com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition;
import com.evolveum.midpoint.schema.processor.ResourceObjectClassDefinition;
import com.evolveum.midpoint.schema.processor.ResourceObjectDefinition;
import com.evolveum.midpoint.schema.processor.ResourceObjectIdentification;
import com.evolveum.midpoint.schema.result.AsynchronousOperationQueryable;
import com.evolveum.midpoint.schema.result.AsynchronousOperationResult;
import com.evolveum.midpoint.schema.result.AsynchronousOperationReturnValue;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.schema.util.ExceptionUtil;
import com.evolveum.midpoint.schema.util.ResourceTypeUtil;
import com.evolveum.midpoint.schema.util.SchemaDebugUtil;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.task.api.LightweightIdentifierGenerator;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.Holder;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.QNameUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AttributeFetchStrategyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.BeforeAfterType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CriticalityType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FetchErrorReportingMethodType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.LiveSyncWorkDefinitionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationProvisioningScriptType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationProvisioningScriptsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ProvisioningOperationTypeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.AddRemoveAttributeValuesCapabilityType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.AsyncUpdateCapabilityType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.AttributeContentRequirementType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CapabilityType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CreateCapabilityType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.DeleteCapabilityType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.LiveSyncCapabilityType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ReadCapabilityType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ScriptCapabilityType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.UpdateCapabilityType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.TreeMap;
import java.util.concurrent.atomic.AtomicInteger;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.Validate;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/provisioning-impl-4.6-SNAPSHOT.jar:com/evolveum/midpoint/provisioning/impl/resourceobjects/ResourceObjectConverter.class */
public class ResourceObjectConverter {

    @Autowired
    private EntitlementConverter entitlementConverter;

    @Autowired
    private MatchingRuleRegistry matchingRuleRegistry;

    @Autowired
    private ResourceObjectReferenceResolver resourceObjectReferenceResolver;

    @Autowired
    private ShadowCaretaker shadowCaretaker;

    @Autowired
    private PrismContext prismContext;

    @Autowired
    private RelationRegistry relationRegistry;

    @Autowired
    private ExpressionFactory expressionFactory;

    @Autowired
    private CommonBeans commonBeans;

    @Autowired
    private LightweightIdentifierGenerator lightweightIdentifierGenerator;

    @Autowired
    private ResourceObjectsBeans beans;
    private static final String DOT_CLASS = ResourceObjectConverter.class.getName() + ".";
    private static final String OPERATION_MODIFY_ENTITLEMENT = DOT_CLASS + "modifyEntitlement";
    private static final String OPERATION_ADD_RESOURCE_OBJECT = DOT_CLASS + "addResourceObject";
    private static final String OPERATION_MODIFY_RESOURCE_OBJECT = DOT_CLASS + "modifyResourceObject";
    private static final String OPERATION_DELETE_RESOURCE_OBJECT = DOT_CLASS + "deleteResourceObject";
    private static final String OPERATION_REFRESH_OPERATION_STATUS = DOT_CLASS + "refreshOperationStatus";
    private static final String OPERATION_HANDLE_CHANGE = DOT_CLASS + "handleChange";
    static final String OP_SEARCH_RESOURCE_OBJECTS = DOT_CLASS + "searchResourceObjects";
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ResourceObjectConverter.class);
    public static final String FULL_SHADOW_KEY = ResourceObjectConverter.class.getName() + ".fullShadow";

    @NotNull
    public PrismObject<ShadowType> getResourceObject(@NotNull ProvisioningContext provisioningContext, @NotNull Collection<? extends ResourceAttribute<?>> collection, @Nullable PrismObject<ShadowType> prismObject, boolean z, @NotNull OperationResult operationResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, GenericConnectorException, ExpressionEvaluationException {
        LOGGER.trace("Getting resource object {}", collection);
        PrismObject<ShadowType> fetchResourceObject = fetchResourceObject(provisioningContext, collection, provisioningContext.createAttributesToReturn(), prismObject, z, operationResult);
        LOGGER.trace("Got resource object\n{}", fetchResourceObject.debugDumpLazily());
        return fetchResourceObject;
    }

    public PrismObject<ShadowType> locateResourceObject(ProvisioningContext provisioningContext, Collection<? extends ResourceAttribute<?>> collection, OperationResult operationResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, GenericConnectorException, ExpressionEvaluationException {
        LOGGER.trace("Locating resource object {}", collection);
        ConnectorInstance connector = provisioningContext.getConnector(ReadCapabilityType.class, operationResult);
        ResourceObjectDefinition objectDefinitionRequired = provisioningContext.getObjectDefinitionRequired();
        if (hasAllIdentifiers(collection, objectDefinitionRequired)) {
            return fetchResourceObject(provisioningContext, collection, provisioningContext.createAttributesToReturn(), null, true, operationResult);
        }
        ResourceAttributeDefinition<?> secondaryIdentifierDef = getSecondaryIdentifierDef(objectDefinitionRequired);
        ResourceAttribute<?> secondaryIdentifier = getSecondaryIdentifier(collection, secondaryIdentifierDef);
        ObjectQuery build = this.prismContext.queryFor(ShadowType.class).itemWithDef(secondaryIdentifierDef, ShadowType.F_ATTRIBUTES, secondaryIdentifierDef.getItemName()).eq(getSecondaryIdentifierValue(secondaryIdentifier)).build();
        Holder holder = new Holder();
        try {
            connector.search(objectDefinitionRequired, build, (ucfObjectFound, operationResult2) -> {
                if (!holder.isEmpty()) {
                    throw new IllegalStateException("More than one object found for secondary identifier " + secondaryIdentifier);
                }
                holder.setValue(ucfObjectFound.getResourceObject());
                return true;
            }, provisioningContext.createAttributesToReturn(), null, null, UcfFetchErrorReportingMethod.EXCEPTION, provisioningContext.getUcfExecutionContext(), operationResult);
            if (holder.isEmpty()) {
                throw new ObjectNotFoundException("No object found for secondary identifier " + secondaryIdentifier);
            }
            PrismObject<ShadowType> prismObject = (PrismObject) holder.getValue();
            postProcessResourceObjectRead(provisioningContext, prismObject, true, operationResult);
            LOGGER.trace("Located resource object {}", prismObject);
            return prismObject;
        } catch (GenericFrameworkException e) {
            throw new GenericConnectorException(e.getMessage(), e);
        }
    }

    @NotNull
    private ResourceAttributeDefinition<?> getSecondaryIdentifierDef(ResourceObjectDefinition resourceObjectDefinition) throws SchemaException {
        Collection<? extends ResourceAttributeDefinition<?>> secondaryIdentifiers = resourceObjectDefinition.getSecondaryIdentifiers();
        if (secondaryIdentifiers.size() > 1) {
            throw new UnsupportedOperationException("Composite secondary identifier is not supported yet");
        }
        if (secondaryIdentifiers.isEmpty()) {
            throw new SchemaException("No secondary identifier defined, cannot search");
        }
        return secondaryIdentifiers.iterator().next();
    }

    @NotNull
    private ResourceAttribute<?> getSecondaryIdentifier(Collection<? extends ResourceAttribute<?>> collection, ResourceAttributeDefinition<?> resourceAttributeDefinition) throws SchemaException {
        for (ResourceAttribute<?> resourceAttribute : collection) {
            if (resourceAttribute.getElementName().equals(resourceAttributeDefinition.getItemName())) {
                return resourceAttribute;
            }
        }
        throw new SchemaException("No secondary identifier present, cannot search. Identifiers: " + collection);
    }

    @NotNull
    private PrismPropertyValue<?> getSecondaryIdentifierValue(ResourceAttribute<?> resourceAttribute) throws SchemaException {
        List<PrismPropertyValue<T>> values = resourceAttribute.getValues();
        if (values.size() > 1) {
            throw new SchemaException("Secondary identifier has more than one value: " + resourceAttribute.getValues());
        }
        if (values.size() == 1) {
            return ((PrismPropertyValue) values.get(0)).mo1094clone();
        }
        throw new SchemaException("Secondary identifier has no values: " + resourceAttribute);
    }

    private boolean hasAllIdentifiers(Collection<? extends ResourceAttribute<?>> collection, ResourceObjectDefinition resourceObjectDefinition) {
        for (ResourceAttributeDefinition<?> resourceAttributeDefinition : resourceObjectDefinition.getPrimaryIdentifiers()) {
            boolean z = false;
            for (ResourceAttribute<?> resourceAttribute : collection) {
                if (resourceAttribute.getElementName().equals(resourceAttributeDefinition.getItemName()) && !resourceAttribute.isEmpty()) {
                    z = true;
                }
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }

    public AsynchronousOperationReturnValue<PrismObject<ShadowType>> addResourceObject(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, OperationProvisioningScriptsType operationProvisioningScriptsType, ConnectorOperationOptions connectorOperationOptions, boolean z, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ObjectAlreadyExistsException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException {
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_ADD_RESOURCE_OBJECT);
        try {
            try {
                ResourceType resource = provisioningContext.getResource();
                LOGGER.trace("Adding resource object {}", prismObject);
                PrismObject<? extends ShadowType> mo1115clone = prismObject.mo1115clone();
                ShadowType asObjectable = mo1115clone.asObjectable();
                if (ProvisioningUtil.isProtectedShadow(provisioningContext.getProtectedAccountPatterns(this.expressionFactory, createSubresult), mo1115clone, this.matchingRuleRegistry, this.relationRegistry)) {
                    LOGGER.error("Attempt to add protected shadow " + asObjectable + "; ignoring the request");
                    Throwable securityViolationException = new SecurityViolationException("Cannot get protected shadow " + asObjectable);
                    createSubresult.recordFatalError(securityViolationException);
                    throw securityViolationException;
                }
                if (!z) {
                    checkForAddConflicts(provisioningContext, prismObject, createSubresult);
                }
                checkForCapability(provisioningContext, CreateCapabilityType.class, createSubresult);
                executeProvisioningScripts(provisioningContext, ProvisioningOperationTypeType.ADD, BeforeAfterType.BEFORE, operationProvisioningScriptsType, createSubresult);
                this.entitlementConverter.processEntitlementsAdd(mo1115clone, provisioningContext);
                ConnectorInstance connector = provisioningContext.getConnector(CreateCapabilityType.class, createSubresult);
                try {
                    LOGGER.debug("PROVISIONING ADD operation on resource {}\n ADD object:\n{}\n", resource, asObjectable.asPrismObject().debugDumpLazily());
                    new ActivationConverter(provisioningContext, this.commonBeans).transformActivationOnAdd(asObjectable, createSubresult);
                    AsynchronousOperationReturnValue<Collection<ResourceAttribute<?>>> addObject = connector.addObject(mo1115clone, provisioningContext.getUcfExecutionContext(), createSubresult);
                    Collection<ResourceAttribute<?>> returnValue = addObject.getReturnValue();
                    LOGGER.debug("PROVISIONING ADD successful, returned attributes:\n{}", SchemaDebugUtil.prettyPrintLazily(returnValue));
                    applyAfterOperationAttributes(prismObject, returnValue);
                    executeEntitlementChangesAdd(provisioningContext, mo1115clone, operationProvisioningScriptsType, connectorOperationOptions, createSubresult);
                    LOGGER.trace("Added resource object {}", prismObject);
                    executeProvisioningScripts(provisioningContext, ProvisioningOperationTypeType.ADD, BeforeAfterType.AFTER, operationProvisioningScriptsType, createSubresult);
                    computeResultStatus(createSubresult);
                    AsynchronousOperationReturnValue<PrismObject<ShadowType>> wrap = AsynchronousOperationReturnValue.wrap(prismObject, createSubresult);
                    wrap.setOperationType(addObject.getOperationType());
                    createSubresult.computeStatusIfUnknown();
                    return wrap;
                } catch (GenericFrameworkException e) {
                    createSubresult.recordFatalError("Could not create object on the resource. Generic error in connector: " + e.getMessage(), e);
                    throw new GenericConnectorException("Generic error in connector: " + e.getMessage(), e);
                } catch (CommunicationException e2) {
                    createSubresult.recordFatalError("Could not create object on the resource. Error communicating with the connector " + connector + ": " + e2.getMessage(), e2);
                    throw new CommunicationException("Error communicating with the connector " + connector + ": " + e2.getMessage(), e2);
                } catch (ObjectAlreadyExistsException e3) {
                    createSubresult.recordFatalError("Could not create object on the resource. Object already exists on the resource: " + e3.getMessage(), e3);
                    throw new ObjectAlreadyExistsException("Object already exists on the resource: " + e3.getMessage(), e3);
                }
            } catch (Throwable th) {
                if (0 == 0) {
                    createSubresult.recordFatalError(th);
                }
                throw th;
            }
        } catch (Throwable th2) {
            createSubresult.computeStatusIfUnknown();
            throw th2;
        }
    }

    private void checkForAddConflicts(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, OperationResult operationResult) throws ObjectAlreadyExistsException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Checking for add conflicts for {}", ShadowUtil.shortDumpShadow(prismObject));
        }
        ConnectorInstance connectorInstance = null;
        try {
            ConnectorInstance connector = provisioningContext.getConnector(CreateCapabilityType.class, operationResult);
            connectorInstance = provisioningContext.getConnector(ReadCapabilityType.class, operationResult);
            if (connectorInstance == connector) {
                return;
            }
            PrismObject<ShadowType> fetchObject = connectorInstance.fetchObject(ResourceObjectIdentification.createFromShadow(provisioningContext.getObjectDefinitionRequired(), prismObject.asObjectable()), null, provisioningContext.getUcfExecutionContext(), operationResult);
            if (fetchObject == null) {
                LOGGER.trace("No add conflicts for {}", prismObject);
                return;
            }
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Detected add conflict for {}, conflicting shadow: {}", ShadowUtil.shortDumpShadow(prismObject), ShadowUtil.shortDumpShadow(fetchObject));
            }
            LOGGER.trace("Conflicting shadow:\n{}", fetchObject.debugDumpLazily(1));
            Throwable objectAlreadyExistsException = new ObjectAlreadyExistsException("Object " + ShadowUtil.shortDumpShadow(prismObject) + " already exists in the snapshot of " + provisioningContext.getResource() + " as " + ShadowUtil.shortDumpShadow(fetchObject));
            operationResult.recordFatalError(objectAlreadyExistsException);
            throw objectAlreadyExistsException;
        } catch (GenericFrameworkException e) {
            operationResult.recordFatalError("Could not create object on the resource. Generic error in connector: " + e.getMessage(), e);
            throw new GenericConnectorException("Generic error in connector: " + e.getMessage(), e);
        } catch (CommunicationException e2) {
            operationResult.recordFatalError("Could not create object on the resource. Error communicating with the connector " + connectorInstance + ": " + e2.getMessage(), e2);
            throw new CommunicationException("Error communicating with the connector " + connectorInstance + ": " + e2.getMessage(), e2);
        } catch (ObjectNotFoundException e3) {
            operationResult.muteLastSubresultError();
        } catch (Throwable th) {
            operationResult.recordFatalError(th);
            throw th;
        }
    }

    public AsynchronousOperationResult deleteResourceObject(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, OperationProvisioningScriptsType operationProvisioningScriptsType, ConnectorOperationOptions connectorOperationOptions, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException {
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_DELETE_RESOURCE_OBJECT);
        try {
            try {
                LOGGER.trace("Deleting resource object {}", prismObject);
                checkForCapability(provisioningContext, DeleteCapabilityType.class, createSubresult);
                Collection<? extends ResourceAttribute<?>> identifiers = getIdentifiers(provisioningContext, prismObject);
                checkIfProtected(provisioningContext, prismObject, identifiers, createSubresult);
                executeProvisioningScripts(provisioningContext, ProvisioningOperationTypeType.DELETE, BeforeAfterType.BEFORE, operationProvisioningScriptsType, createSubresult);
                executeEntitlementChangesDelete(provisioningContext, prismObject, operationProvisioningScriptsType, connectorOperationOptions, createSubresult);
                ConnectorInstance connector = provisioningContext.getConnector(DeleteCapabilityType.class, createSubresult);
                try {
                    if (LOGGER.isDebugEnabled()) {
                        LOGGER.debug("PROVISIONING DELETE operation on {}\n DELETE object, object class {}, identified by:\n{}", provisioningContext.getResource(), prismObject.asObjectable().getObjectClass(), SchemaDebugUtil.debugDump(identifiers));
                    }
                    if (!ResourceTypeUtil.isDeleteCapabilityEnabled(provisioningContext.getResource())) {
                        throw new UnsupportedOperationException("Resource does not support 'delete' operation");
                    }
                    AsynchronousOperationResult deleteObject = connector.deleteObject(provisioningContext.getObjectDefinitionRequired(), prismObject, identifiers, provisioningContext.getUcfExecutionContext(), createSubresult);
                    LOGGER.trace("Deleted resource object {}", prismObject);
                    executeProvisioningScripts(provisioningContext, ProvisioningOperationTypeType.DELETE, BeforeAfterType.AFTER, operationProvisioningScriptsType, createSubresult);
                    computeResultStatus(createSubresult);
                    LOGGER.debug("PROVISIONING DELETE result: {}", createSubresult.getStatus());
                    AsynchronousOperationResult wrap = AsynchronousOperationResult.wrap(createSubresult);
                    updateQuantum(provisioningContext, connector, wrap, createSubresult);
                    if (deleteObject != null) {
                        wrap.setOperationType(deleteObject.getOperationType());
                    }
                    return wrap;
                } catch (GenericFrameworkException e) {
                    throw new GenericConnectorException("Generic error in connector: " + e.getMessage(), e);
                } catch (CommunicationException e2) {
                    throw new CommunicationException("Error communicating with the connector " + connector + ": " + e2.getMessage(), e2);
                } catch (ConfigurationException e3) {
                    throw new ConfigurationException("Configuration error in connector " + connector + ": " + e3.getMessage(), e3);
                } catch (ObjectNotFoundException e4) {
                    throw new ObjectNotFoundException("An error occurred while deleting resource object " + prismObject + " with identifiers " + identifiers + ": " + e4.getMessage(), e4);
                }
            } catch (Throwable th) {
                createSubresult.recordFatalErrorIfNeeded(th);
                throw th;
            }
        } finally {
            createSubresult.computeStatusIfUnknown();
        }
    }

    private void checkIfProtected(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, Collection<? extends ResourceAttribute<?>> collection, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException, SecurityViolationException {
        if (ProvisioningUtil.isProtectedShadow(provisioningContext.getProtectedAccountPatterns(this.expressionFactory, operationResult), prismObject, this.matchingRuleRegistry, this.relationRegistry)) {
            LOGGER.error("Attempt to delete protected resource object " + provisioningContext.getObjectClassDefinition() + ": " + collection + "; ignoring the request");
            throw new SecurityViolationException("Cannot delete protected resource object " + provisioningContext.getObjectClassDefinition() + ": " + collection);
        }
    }

    @Nullable
    private Collection<? extends ResourceAttribute<?>> getIdentifiers(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException {
        if (ShadowUtil.isAttributesContainerRaw(prismObject)) {
            this.shadowCaretaker.applyAttributesDefinition(provisioningContext, prismObject);
        }
        return ShadowUtil.getAllIdentifiers(prismObject);
    }

    private void updateQuantum(ProvisioningContext provisioningContext, ConnectorInstance connectorInstance, AsynchronousOperationResult asynchronousOperationResult, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        if (provisioningContext.getConnector(ReadCapabilityType.class, operationResult) != connectorInstance) {
            asynchronousOperationResult.setQuantumOperation(true);
        }
    }

    public AsynchronousOperationReturnValue<Collection<PropertyDelta<PrismPropertyValue>>> modifyResourceObject(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, OperationProvisioningScriptsType operationProvisioningScriptsType, ConnectorOperationOptions connectorOperationOptions, Collection<? extends ItemDelta<?, ?>> collection, XMLGregorianCalendar xMLGregorianCalendar, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException {
        AsynchronousOperationReturnValue<Collection<PropertyModificationOperation>> asynchronousOperationReturnValue;
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_MODIFY_RESOURCE_OBJECT);
        try {
            try {
                LOGGER.trace("Modifying resource object {}, deltas:\n{}", prismObject, DebugUtil.debugDumpLazily(collection, 1));
                ResourceObjectClassDefinition objectClassDefinition = provisioningContext.getObjectClassDefinition();
                ArrayList arrayList = new ArrayList();
                Collection<ResourceAttribute<?>> allIdentifiers = ShadowUtil.getAllIdentifiers(prismObject);
                if (ProvisioningUtil.isProtectedShadow(provisioningContext.getProtectedAccountPatterns(this.expressionFactory, createSubresult), prismObject, this.matchingRuleRegistry, this.relationRegistry)) {
                    if (hasChangesOnResource(collection)) {
                        LOGGER.error("Attempt to modify protected resource object {}: {}", objectClassDefinition, allIdentifiers);
                        SecurityViolationException securityViolationException = new SecurityViolationException("Cannot modify protected resource object " + objectClassDefinition + ": " + allIdentifiers);
                        createSubresult.recordFatalError(securityViolationException);
                        throw securityViolationException;
                    }
                    LOGGER.trace("No resource modifications for protected resource object {}: {}; skipping", objectClassDefinition, allIdentifiers);
                    createSubresult.recordNotApplicableIfUnknown();
                    AsynchronousOperationReturnValue<Collection<PropertyDelta<PrismPropertyValue>>> wrap = AsynchronousOperationReturnValue.wrap(null, createSubresult);
                    createSubresult.recordEnd();
                    return wrap;
                }
                boolean z = false;
                boolean z2 = false;
                Iterator<? extends ItemDelta<?, ?>> it = collection.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    ItemPath path = it.next().getPath();
                    ItemName firstName = path.firstName();
                    if (ProvisioningUtil.isAttributeModification(firstName)) {
                        z2 = true;
                        ItemName firstNameOrFail = path.rest().firstNameOrFail();
                        if (provisioningContext.getObjectDefinitionRequired().findAttributeDefinitionRequired(firstNameOrFail).isVolatilityTrigger()) {
                            LOGGER.trace("Will pre-read and re-read object because volatility trigger attribute {} has changed", firstNameOrFail);
                            z = true;
                            break;
                        }
                    } else if (ProvisioningUtil.isNonAttributeResourceModification(firstName)) {
                        z2 = true;
                    }
                }
                if (!z2) {
                    LOGGER.trace("No resource modification found for {}, skipping", allIdentifiers);
                    createSubresult.recordNotApplicableIfUnknown();
                    AsynchronousOperationReturnValue<Collection<PropertyDelta<PrismPropertyValue>>> wrap2 = AsynchronousOperationReturnValue.wrap(null, createSubresult);
                    createSubresult.recordEnd();
                    return wrap2;
                }
                collectAttributeAndEntitlementChanges(provisioningContext, collection, arrayList, prismObject, createSubresult);
                PrismObject<ShadowType> prismObject2 = null;
                if (z || ResourceTypeUtil.isAvoidDuplicateValues(provisioningContext.getResource()) || isRename(provisioningContext, arrayList)) {
                    LOGGER.trace("Pre-reading resource shadow");
                    PrismObject<ShadowType> preReadShadow = preReadShadow(provisioningContext, allIdentifiers, arrayList, true, prismObject, createSubresult);
                    LOGGER.trace("Pre-read object (straight from the resource):\n{}", DebugUtil.debugDumpLazily(preReadShadow, 1));
                    prismObject2 = this.shadowCaretaker.applyPendingOperations(provisioningContext, prismObject, preReadShadow, true, xMLGregorianCalendar);
                    LOGGER.trace("Pre-read object (applied pending operations):\n{}", DebugUtil.debugDumpLazily(prismObject2, 1));
                }
                if (arrayList.isEmpty()) {
                    LOGGER.trace("No modifications for connector object specified. Skipping processing of subject executeModify.");
                    asynchronousOperationReturnValue = null;
                } else {
                    assertNoDuplicates(arrayList);
                    asynchronousOperationReturnValue = executeModify(provisioningContext, prismObject2 == null ? prismObject.mo1115clone() : prismObject2, allIdentifiers, arrayList, operationProvisioningScriptsType, createSubresult, connectorOperationOptions);
                }
                Collection<PropertyDelta<PrismPropertyValue>> convertToPropertyDeltas = asynchronousOperationReturnValue != null ? convertToPropertyDeltas(asynchronousOperationReturnValue.getReturnValue()) : Collections.emptyList();
                PrismObject<ShadowType> mo1115clone = prismObject2 == null ? prismObject.mo1115clone() : prismObject2.mo1115clone();
                Iterator<? extends ItemDelta<?, ?>> it2 = collection.iterator();
                while (it2.hasNext()) {
                    it2.next().applyTo(mo1115clone);
                }
                PrismObject<ShadowType> prismObject3 = null;
                if (z) {
                    LOGGER.trace("Post-reading resource shadow");
                    prismObject3 = preReadShadow(provisioningContext, allIdentifiers, arrayList, true, prismObject, createSubresult);
                    LOGGER.trace("Post-read object:\n{}", DebugUtil.debugDumpLazily(prismObject3));
                    ObjectDelta<ShadowType> diff = prismObject2.diff(prismObject3);
                    LOGGER.trace("Determined side-effect changes by old-new diff:\n{}", diff.debugDumpLazily());
                    for (ItemDelta<?, ?> itemDelta : diff.getModifications()) {
                        if (itemDelta.getParentPath().startsWithName(ShadowType.F_ATTRIBUTES) && !ItemDeltaCollectionsUtil.hasEquivalent(collection, itemDelta)) {
                            ItemDeltaCollectionsUtil.merge(convertToPropertyDeltas, itemDelta);
                        }
                    }
                    LOGGER.trace("Side-effect changes after merging with old-new diff:\n{}", DebugUtil.debugDumpLazily(convertToPropertyDeltas));
                }
                ArrayList arrayList2 = new ArrayList(collection);
                ItemDeltaCollectionsUtil.addNotEquivalent(arrayList2, convertToPropertyDeltas);
                executeEntitlementChangesModify(provisioningContext, prismObject2 == null ? prismObject : prismObject2, prismObject3 == null ? mo1115clone : prismObject3, operationProvisioningScriptsType, connectorOperationOptions, arrayList2, createSubresult);
                if (!convertToPropertyDeltas.isEmpty()) {
                    if (prismObject2 != null) {
                        PrismUtil.setDeltaOldValue(prismObject2, convertToPropertyDeltas);
                    } else {
                        PrismUtil.setDeltaOldValue(prismObject, convertToPropertyDeltas);
                    }
                }
                LOGGER.trace("Modification side-effect changes:\n{}", DebugUtil.debugDumpLazily(convertToPropertyDeltas));
                LOGGER.trace("Modified resource object {}", prismObject);
                computeResultStatus(createSubresult);
                AsynchronousOperationReturnValue<Collection<PropertyDelta<PrismPropertyValue>>> wrap3 = AsynchronousOperationReturnValue.wrap(convertToPropertyDeltas, createSubresult);
                if (asynchronousOperationReturnValue != null) {
                    wrap3.setOperationType(asynchronousOperationReturnValue.getOperationType());
                }
                return wrap3;
            } catch (Throwable th) {
                createSubresult.recordFatalError(th);
                throw th;
            }
        } finally {
            createSubresult.recordEnd();
        }
    }

    private void assertNoDuplicates(Collection<Operation> collection) throws SchemaException {
        if (InternalsConfig.isSanityChecks() && MiscUtil.hasDuplicates(collection)) {
            throw new SchemaException("Duplicated changes: " + collection);
        }
    }

    private Collection<PropertyDelta<PrismPropertyValue>> convertToPropertyDeltas(@NotNull Collection<PropertyModificationOperation> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<PropertyModificationOperation> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getPropertyDelta());
        }
        return arrayList;
    }

    private AsynchronousOperationReturnValue<Collection<PropertyModificationOperation>> executeModify(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, Collection<? extends ResourceAttribute<?>> collection, @NotNull Collection<Operation> collection2, OperationProvisioningScriptsType operationProvisioningScriptsType, OperationResult operationResult, ConnectorOperationOptions connectorOperationOptions) throws ObjectNotFoundException, CommunicationException, SchemaException, SecurityViolationException, PolicyViolationException, ConfigurationException, ObjectAlreadyExistsException, ExpressionEvaluationException {
        HashSet hashSet = new HashSet();
        ResourceObjectDefinition objectDefinitionRequired = provisioningContext.getObjectDefinitionRequired();
        if (collection2.isEmpty()) {
            LOGGER.trace("No modifications for resource object. Skipping modification.");
            return null;
        }
        LOGGER.trace("Resource object modification operations: {}", collection2);
        checkForCapability(provisioningContext, UpdateCapabilityType.class, operationResult);
        if (!ShadowUtil.hasPrimaryIdentifier(collection, objectDefinitionRequired)) {
            Collection<? extends ResourceAttribute<?>> resolvePrimaryIdentifier = this.resourceObjectReferenceResolver.resolvePrimaryIdentifier(provisioningContext, collection, "modification of resource object " + collection, operationResult);
            if (resolvePrimaryIdentifier == null || resolvePrimaryIdentifier.isEmpty()) {
                throw new ObjectNotFoundException("Cannot find repository shadow for identifiers " + collection);
            }
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(collection);
            arrayList.addAll(resolvePrimaryIdentifier);
            collection = arrayList;
        }
        executeProvisioningScripts(provisioningContext, ProvisioningOperationTypeType.MODIFY, BeforeAfterType.BEFORE, operationProvisioningScriptsType, operationResult);
        ConnectorInstance connector = provisioningContext.getConnector(UpdateCapabilityType.class, operationResult);
        AsynchronousOperationReturnValue<Collection<PropertyModificationOperation>> asynchronousOperationReturnValue = null;
        try {
            try {
                if (ResourceTypeUtil.isAvoidDuplicateValues(provisioningContext.getResource())) {
                    if (prismObject == null) {
                        LOGGER.trace("Fetching shadow for duplicate filtering");
                        prismObject = preReadShadow(provisioningContext, collection, collection2, false, prismObject, operationResult);
                    }
                    if (prismObject == null) {
                        LOGGER.debug("We do not have pre-read shadow, skipping duplicate filtering");
                    } else {
                        LOGGER.trace("Filtering out duplicate values");
                        ArrayList arrayList2 = new ArrayList(collection2.size());
                        for (Operation operation : collection2) {
                            if (operation instanceof PropertyModificationOperation) {
                                PropertyModificationOperation propertyModificationOperation = (PropertyModificationOperation) operation;
                                PropertyDelta propertyDelta = propertyModificationOperation.getPropertyDelta();
                                PropertyDelta narrowPropertyDelta = ProvisioningUtil.narrowPropertyDelta(propertyDelta, prismObject, propertyModificationOperation.getMatchingRuleQName(), this.matchingRuleRegistry);
                                if (narrowPropertyDelta == null || narrowPropertyDelta.isEmpty()) {
                                    LOGGER.trace("Filtering out modification {} because it has empty delta after narrow", propertyDelta);
                                } else if (propertyDelta == narrowPropertyDelta) {
                                    arrayList2.add(operation);
                                } else {
                                    PropertyModificationOperation propertyModificationOperation2 = new PropertyModificationOperation(narrowPropertyDelta);
                                    propertyModificationOperation2.setMatchingRuleQName(propertyModificationOperation.getMatchingRuleQName());
                                    arrayList2.add(propertyModificationOperation2);
                                }
                            }
                        }
                        if (arrayList2.isEmpty()) {
                            LOGGER.debug("No modifications for connector object specified (after filtering). Skipping processing.");
                            operationResult.recordSuccess();
                            return null;
                        }
                        collection2 = arrayList2;
                    }
                }
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("PROVISIONING MODIFY operation on {}\n MODIFY object, object class {}, identified by:\n{}\n changes:\n{}", provisioningContext.getResource(), objectDefinitionRequired.getHumanReadableName(), SchemaDebugUtil.debugDump(collection, 1), SchemaDebugUtil.debugDump(collection2, 1));
                }
                if (!ResourceTypeUtil.isUpdateCapabilityEnabled(provisioningContext.getResource())) {
                    if (collection2.isEmpty()) {
                        LOGGER.debug("No modifications for connector object specified (after filtering). Skipping processing.");
                        operationResult.recordSuccess();
                        return null;
                    }
                    Throwable unsupportedOperationException = new UnsupportedOperationException("Resource does not support 'update' operation");
                    operationResult.recordFatalError(unsupportedOperationException);
                    throw unsupportedOperationException;
                }
                Collection<ResourceAttribute<?>> cloneIdentifiers = cloneIdentifiers(collection);
                List<Collection<Operation>> sortOperationsIntoWaves = sortOperationsIntoWaves(collection2, objectDefinitionRequired);
                LOGGER.trace("Operation waves: {}", Integer.valueOf(sortOperationsIntoWaves.size()));
                boolean z = false;
                String str = null;
                Iterator<Collection<Operation>> it = sortOperationsIntoWaves.iterator();
                while (it.hasNext()) {
                    Collection<Operation> convertToReplaceAsNeeded = convertToReplaceAsNeeded(provisioningContext, prismObject, it.next(), cloneIdentifiers, objectDefinitionRequired, operationResult);
                    if (!convertToReplaceAsNeeded.isEmpty()) {
                        asynchronousOperationReturnValue = connector.modifyObject(ResourceObjectIdentification.create(objectDefinitionRequired, cloneIdentifiers), prismObject, convertToReplaceAsNeeded, connectorOperationOptions, provisioningContext.getUcfExecutionContext(), operationResult);
                        Collection<PropertyModificationOperation> returnValue = asynchronousOperationReturnValue.getReturnValue();
                        if (returnValue != null) {
                            hashSet.addAll(returnValue);
                        }
                        if (asynchronousOperationReturnValue.isInProgress()) {
                            z = true;
                            str = asynchronousOperationReturnValue.getOperationResult().getAsynchronousOperationReference();
                        }
                    }
                }
                LOGGER.debug("PROVISIONING MODIFY successful, inProgress={}, known executed changes (potentially including side-effects):\n{}", Boolean.valueOf(z), DebugUtil.debugDumpLazily(hashSet));
                if (z) {
                    operationResult.setInProgress();
                    operationResult.setAsynchronousOperationReference(str);
                }
                executeProvisioningScripts(provisioningContext, ProvisioningOperationTypeType.MODIFY, BeforeAfterType.AFTER, operationProvisioningScriptsType, operationResult);
                AsynchronousOperationReturnValue<Collection<PropertyModificationOperation>> wrap = AsynchronousOperationReturnValue.wrap(hashSet, operationResult);
                if (asynchronousOperationReturnValue != null) {
                    wrap.setOperationType(asynchronousOperationReturnValue.getOperationType());
                }
                return wrap;
            } catch (ConfigurationException | ExpressionEvaluationException | PolicyViolationException | SchemaException | SecurityViolationException | Error | RuntimeException e) {
                operationResult.recordFatalErrorNotFinish(e.getMessage(), e);
                throw e;
            }
        } catch (GenericFrameworkException e2) {
            operationResult.recordFatalErrorNotFinish("Generic error in the connector " + connector + ": " + e2.getMessage(), e2);
            throw new GenericConnectorException("Generic error in connector connector " + connector + ": " + e2.getMessage(), e2);
        } catch (CommunicationException e3) {
            operationResult.recordFatalErrorNotFinish("Error communicating with the connector " + connector + ": " + e3.getMessage(), e3);
            throw new CommunicationException("Error communicating with connector " + connector + ": " + e3.getMessage(), e3);
        } catch (ObjectAlreadyExistsException e4) {
            operationResult.recordFatalErrorNotFinish("Conflict during modify: " + e4.getMessage(), e4);
            throw new ObjectAlreadyExistsException("Conflict during modify: " + e4.getMessage(), e4);
        } catch (ObjectNotFoundException e5) {
            operationResult.recordFatalErrorNotFinish("Object to modify not found: " + e5.getMessage(), e5);
            throw new ObjectNotFoundException("Object to modify not found: " + e5.getMessage(), e5);
        }
    }

    private Collection<Operation> convertToReplaceAsNeeded(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, Collection<Operation> collection, Collection<ResourceAttribute<?>> collection2, ResourceObjectDefinition resourceObjectDefinition, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException, SecurityViolationException {
        Collection<ResourceAttributeDefinition<?>> determineReadReplace = determineReadReplace(provisioningContext, collection, resourceObjectDefinition);
        LOGGER.trace("Read+Replace attributes: {}", determineReadReplace);
        if (!determineReadReplace.isEmpty()) {
            AttributesToReturn attributesToReturn = new AttributesToReturn();
            attributesToReturn.setReturnDefaultAttributes(false);
            attributesToReturn.setAttributesToReturn(determineReadReplace);
            LOGGER.trace("Fetching object because of READ+REPLACE mode");
            collection = convertToReplace(provisioningContext, collection, fetchResourceObject(provisioningContext, collection2, attributesToReturn, prismObject, false, operationResult), false);
        }
        UpdateCapabilityType updateCapabilityType = (UpdateCapabilityType) provisioningContext.getCapability(UpdateCapabilityType.class);
        if (updateCapabilityType != null) {
            AttributeContentRequirementType attributeContentRequirement = updateCapabilityType.getAttributeContentRequirement();
            if (AttributeContentRequirementType.ALL.equals(attributeContentRequirement)) {
                LOGGER.trace("AttributeContentRequirement: {} for {}", attributeContentRequirement, provisioningContext.getResource());
                PrismObject<ShadowType> fetchResourceObject = fetchResourceObject(provisioningContext, collection2, null, prismObject, false, operationResult);
                if (fetchResourceObject == null) {
                    throw new SystemException("Attribute content requirement set for resource " + provisioningContext.toHumanReadableDescription() + ", but read of shadow returned null, identifiers: " + collection2);
                }
                collection = convertToReplace(provisioningContext, collection, fetchResourceObject, true);
            }
        }
        return collection;
    }

    private PrismObject<ShadowType> preReadShadow(ProvisioningContext provisioningContext, Collection<? extends ResourceAttribute<?>> collection, Collection<Operation> collection2, boolean z, PrismObject<ShadowType> prismObject, OperationResult operationResult) throws ObjectNotFoundException, CommunicationException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
        ArrayList arrayList = new ArrayList();
        Iterator<Operation> it = collection2.iterator();
        while (it.hasNext()) {
            ResourceAttributeDefinition<?> attributeDefinitionIfApplicable = getAttributeDefinitionIfApplicable(it.next(), provisioningContext.getObjectDefinition());
            if (attributeDefinitionIfApplicable != null && (!attributeDefinitionIfApplicable.isReturnedByDefault() || attributeDefinitionIfApplicable.getFetchStrategy() == AttributeFetchStrategyType.EXPLICIT)) {
                arrayList.add(attributeDefinitionIfApplicable);
            }
        }
        AttributesToReturn attributesToReturn = new AttributesToReturn();
        attributesToReturn.setAttributesToReturn(arrayList);
        try {
            PrismObject<ShadowType> fetchResourceObject = fetchResourceObject(provisioningContext, collection, attributesToReturn, prismObject, z, operationResult);
            if (prismObject != null) {
                fetchResourceObject.setOid(prismObject.getOid());
            }
            fetchResourceObject.asObjectable().setName(new PolyStringType(ShadowUtil.determineShadowNameRequired(fetchResourceObject)));
            return fetchResourceObject;
        } catch (ObjectNotFoundException e) {
            LOGGER.warn("Cannot pre-read shadow {}, it is probably not present in the {}. Skipping pre-read.", collection, provisioningContext.getResource());
            return null;
        }
    }

    private Collection<ResourceAttributeDefinition<?>> determineReadReplace(ProvisioningContext provisioningContext, Collection<Operation> collection, ResourceObjectDefinition resourceObjectDefinition) {
        ArrayList arrayList = new ArrayList();
        for (Operation operation : collection) {
            ResourceAttributeDefinition<?> attributeDefinitionIfApplicable = getAttributeDefinitionIfApplicable(operation, resourceObjectDefinition);
            if (attributeDefinitionIfApplicable != null && isReadReplaceMode(provisioningContext, attributeDefinitionIfApplicable, resourceObjectDefinition) && (operation instanceof PropertyModificationOperation)) {
                PropertyDelta propertyDelta = ((PropertyModificationOperation) operation).getPropertyDelta();
                if (propertyDelta.isAdd() || propertyDelta.isDelete()) {
                    arrayList.add(attributeDefinitionIfApplicable);
                }
            }
        }
        return arrayList;
    }

    private boolean isReadReplaceMode(ProvisioningContext provisioningContext, ResourceAttributeDefinition<?> resourceAttributeDefinition, ResourceObjectDefinition resourceObjectDefinition) {
        boolean z;
        if (resourceAttributeDefinition.getReadReplaceMode() != null) {
            return resourceAttributeDefinition.getReadReplaceMode().booleanValue();
        }
        UpdateCapabilityType updateCapabilityType = (UpdateCapabilityType) resourceObjectDefinition.getEnabledCapability(UpdateCapabilityType.class, provisioningContext.getResource());
        if (updateCapabilityType == null || BooleanUtils.isTrue(updateCapabilityType.isDelta())) {
            return false;
        }
        if (updateCapabilityType.isAddRemoveAttributeValues() == null) {
            z = resourceObjectDefinition.getEnabledCapability(AddRemoveAttributeValuesCapabilityType.class, provisioningContext.getResource()) == null;
        } else {
            z = !updateCapabilityType.isAddRemoveAttributeValues().booleanValue();
        }
        if (z) {
            LOGGER.trace("Read+replace mode is forced because {} does not support addRemoveAttributeValues", provisioningContext.getResource());
        }
        return z;
    }

    private ResourceAttributeDefinition<?> getAttributeDefinitionIfApplicable(Operation operation, ResourceObjectDefinition resourceObjectDefinition) {
        if (!(operation instanceof PropertyModificationOperation)) {
            return null;
        }
        PropertyDelta propertyDelta = ((PropertyModificationOperation) operation).getPropertyDelta();
        if (isAttributeDelta(propertyDelta)) {
            return resourceObjectDefinition.findAttributeDefinition(propertyDelta.getElementName());
        }
        return null;
    }

    private Collection<Operation> convertToReplace(ProvisioningContext provisioningContext, Collection<Operation> collection, PrismObject<ShadowType> prismObject, boolean z) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException {
        ArrayList arrayList = new ArrayList(collection.size());
        for (Operation operation : collection) {
            if (operation instanceof PropertyModificationOperation) {
                PropertyDelta<?> propertyDelta = ((PropertyModificationOperation) operation).getPropertyDelta();
                if (isAttributeDelta(propertyDelta)) {
                    ResourceAttributeDefinition<?> findAttributeDefinitionRequired = provisioningContext.getObjectDefinitionRequired().findAttributeDefinitionRequired(propertyDelta.getElementName());
                    if ((z || isReadReplaceMode(provisioningContext, findAttributeDefinitionRequired, provisioningContext.getObjectDefinition())) && (propertyDelta.isAdd() || propertyDelta.isDelete())) {
                        PropertyModificationOperation convertToReplace = convertToReplace(propertyDelta, prismObject, findAttributeDefinitionRequired.getMatchingRuleQName());
                        convertToReplace.setMatchingRuleQName(((PropertyModificationOperation) operation).getMatchingRuleQName());
                        arrayList.add(convertToReplace);
                    }
                }
            }
            arrayList.add(operation);
        }
        if (z) {
            for (ResourceAttribute<?> resourceAttribute : ShadowUtil.getAttributes(prismObject)) {
                if (!containsDelta(collection, resourceAttribute.getElementName()) && provisioningContext.findAttributeDefinitionRequired(resourceAttribute.getElementName()).canModify()) {
                    PropertyDelta create = this.prismContext.deltaFactory().property().create(resourceAttribute.getPath(), resourceAttribute.getDefinition());
                    create.setValuesToReplace((Collection) resourceAttribute.getClonedValues());
                    arrayList.add(new PropertyModificationOperation(create));
                }
            }
        }
        return arrayList;
    }

    private boolean containsDelta(Collection<Operation> collection, ItemName itemName) {
        for (Operation operation : collection) {
            if (operation instanceof PropertyModificationOperation) {
                PropertyDelta propertyDelta = ((PropertyModificationOperation) operation).getPropertyDelta();
                if (isAttributeDelta(propertyDelta) && QNameUtil.match(itemName, propertyDelta.getElementName())) {
                    return true;
                }
            }
        }
        return false;
    }

    private PropertyModificationOperation convertToReplace(PropertyDelta<?> propertyDelta, PrismObject<ShadowType> prismObject, QName qName) throws SchemaException {
        MatchingRule matchingRule;
        Item findProperty;
        if (propertyDelta.isReplace()) {
            throw new IllegalStateException("PropertyDelta is both ADD/DELETE and REPLACE");
        }
        ArrayList arrayList = new ArrayList();
        if (prismObject != null && (findProperty = prismObject.findProperty(propertyDelta.getPath())) != null) {
            Iterator it = findProperty.getValues().iterator();
            while (it.hasNext()) {
                arrayList.add(((PrismPropertyValue) it.next()).mo1094clone());
            }
        }
        if (qName != null) {
            ItemDefinition definition = propertyDelta.getDefinition();
            matchingRule = this.matchingRuleRegistry.getMatchingRule(qName, definition != null ? definition.getTypeName() : null);
        } else {
            matchingRule = null;
        }
        MatchingRule matchingRule2 = matchingRule;
        Comparator comparator = (prismPropertyValue, prismPropertyValue2) -> {
            return prismPropertyValue.equals(prismPropertyValue2, EquivalenceStrategy.REAL_VALUE, matchingRule2) ? 0 : 1;
        };
        if (propertyDelta.isAdd()) {
            Iterator it2 = propertyDelta.getValuesToAdd().iterator();
            while (it2.hasNext()) {
                PrismPropertyValue prismPropertyValue3 = (PrismPropertyValue) it2.next();
                if (PrismValueCollectionsUtil.containsValue(arrayList, prismPropertyValue3, comparator)) {
                    LOGGER.warn("Attempting to add a value of {} that is already present in {}: {}", prismPropertyValue3, propertyDelta.getElementName(), arrayList);
                } else {
                    arrayList.add(prismPropertyValue3.mo1094clone());
                }
            }
        }
        if (propertyDelta.isDelete()) {
            Iterator it3 = propertyDelta.getValuesToDelete().iterator();
            while (it3.hasNext()) {
                PrismPropertyValue prismPropertyValue4 = (PrismPropertyValue) it3.next();
                Iterator it4 = arrayList.iterator();
                boolean z = false;
                while (it4.hasNext()) {
                    PrismPropertyValue prismPropertyValue5 = (PrismPropertyValue) it4.next();
                    LOGGER.trace("Comparing existing {} to about-to-be-deleted {}, matching rule: {}", prismPropertyValue5, prismPropertyValue4, matchingRule);
                    if (comparator.compare(prismPropertyValue5, prismPropertyValue4) == 0) {
                        LOGGER.trace("MATCH! compared existing {} to about-to-be-deleted {}", prismPropertyValue5, prismPropertyValue4);
                        it4.remove();
                        z = true;
                    }
                }
                if (!z) {
                    LOGGER.warn("Attempting to remove a value of {} that is not in {}: {}", prismPropertyValue4, propertyDelta.getElementName(), arrayList);
                }
            }
        }
        PropertyDelta create = this.prismContext.deltaFactory().property().create(propertyDelta.getPath(), propertyDelta.getPropertyDefinition());
        create.setValuesToReplace(arrayList);
        return new PropertyModificationOperation(create);
    }

    private List<Collection<Operation>> sortOperationsIntoWaves(Collection<Operation> collection, ResourceObjectDefinition resourceObjectDefinition) {
        TreeMap treeMap = new TreeMap();
        ArrayList arrayList = new ArrayList();
        for (Operation operation : collection) {
            ResourceAttributeDefinition<?> attributeDefinitionIfApplicable = getAttributeDefinitionIfApplicable(operation, resourceObjectDefinition);
            if (attributeDefinitionIfApplicable == null || attributeDefinitionIfApplicable.getModificationPriority() == null) {
                arrayList.add(operation);
            } else {
                putIntoWaves(treeMap, attributeDefinitionIfApplicable.getModificationPriority(), operation);
            }
        }
        ArrayList arrayList2 = new ArrayList(treeMap.size() + 1);
        Map.Entry firstEntry = treeMap.firstEntry();
        while (true) {
            Map.Entry entry = firstEntry;
            if (entry == null) {
                arrayList2.add(arrayList);
                return arrayList2;
            }
            arrayList2.add((Collection) entry.getValue());
            firstEntry = treeMap.higherEntry((Integer) entry.getKey());
        }
    }

    private void putIntoWaves(Map<Integer, Collection<Operation>> map, Integer num, Operation operation) {
        Collection<Operation> collection = map.get(num);
        if (collection == null) {
            collection = new ArrayList();
            map.put(num, collection);
        }
        collection.add(operation);
    }

    private Collection<ResourceAttribute<?>> cloneIdentifiers(Collection<? extends ResourceAttribute<?>> collection) {
        HashSet hashSet = new HashSet(collection.size());
        Iterator<? extends ResourceAttribute<?>> it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().mo1115clone());
        }
        return hashSet;
    }

    private boolean isRename(ProvisioningContext provisioningContext, Collection<Operation> collection) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException {
        for (Operation operation : collection) {
            if ((operation instanceof PropertyModificationOperation) && isIdentifierDelta(provisioningContext, ((PropertyModificationOperation) operation).getPropertyDelta())) {
                return true;
            }
        }
        return false;
    }

    private <T> boolean isIdentifierDelta(ProvisioningContext provisioningContext, PropertyDelta<T> propertyDelta) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException {
        return provisioningContext.getObjectDefinitionRequired().isPrimaryIdentifier(propertyDelta.getElementName()) || provisioningContext.getObjectDefinitionRequired().isSecondaryIdentifier(propertyDelta.getElementName());
    }

    private PrismObject<ShadowType> executeEntitlementChangesAdd(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, OperationProvisioningScriptsType operationProvisioningScriptsType, ConnectorOperationOptions connectorOperationOptions, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, SecurityViolationException, ConfigurationException, ObjectAlreadyExistsException, ExpressionEvaluationException {
        HashMap hashMap = new HashMap();
        PrismObject<ShadowType> collectEntitlementsAsObjectOperationInShadowAdd = this.entitlementConverter.collectEntitlementsAsObjectOperationInShadowAdd(hashMap, prismObject, provisioningContext, operationResult);
        executeEntitlements(provisioningContext, hashMap, connectorOperationOptions, operationResult);
        return collectEntitlementsAsObjectOperationInShadowAdd;
    }

    private PrismObject<ShadowType> executeEntitlementChangesModify(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, PrismObject<ShadowType> prismObject2, OperationProvisioningScriptsType operationProvisioningScriptsType, ConnectorOperationOptions connectorOperationOptions, Collection<? extends ItemDelta> collection, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, SecurityViolationException, ConfigurationException, ObjectAlreadyExistsException, ExpressionEvaluationException {
        HashMap hashMap = new HashMap();
        LOGGER.trace("executeEntitlementChangesModify, old shadow:\n{}", prismObject.debugDumpLazily(1));
        for (ItemDelta itemDelta : collection) {
            ItemPath path = itemDelta.getPath();
            if (ShadowType.F_ASSOCIATION.equivalent(path)) {
                prismObject2 = this.entitlementConverter.collectEntitlementsAsObjectOperation(hashMap, (ContainerDelta) itemDelta, prismObject, prismObject2, provisioningContext, operationResult);
            } else {
                ContainerDelta<ShadowAssociationType> createDelta = this.prismContext.deltaFactory().container().createDelta((ItemPath) ShadowType.F_ASSOCIATION, (PrismObjectDefinition) prismObject.getDefinition());
                Item findContainer = prismObject.findContainer(ShadowType.F_ASSOCIATION);
                if (findContainer == null || findContainer.isEmpty()) {
                    LOGGER.trace("No shadow association container in old shadow. Skipping processing entitlements change for {}.", path);
                } else {
                    LOGGER.trace("Processing association container in old shadow for {}:\n{}", path, findContainer.debugDumpLazily(1));
                    for (PrismContainerValue prismContainerValue : findContainer.getValues()) {
                        QName name = ((ShadowAssociationType) prismContainerValue.asContainerable()).getName();
                        if (name == null) {
                            throw new IllegalStateException("No association name in " + prismContainerValue);
                        }
                        ResourceAssociationDefinition findAssociationDefinition = provisioningContext.getObjectDefinitionRequired().findAssociationDefinition(name);
                        if (findAssociationDefinition == null) {
                            throw new IllegalStateException("No association definition for " + prismContainerValue);
                        }
                        if (findAssociationDefinition.requiresExplicitReferentialIntegrity() && ShadowUtil.matchesAttribute(path, findAssociationDefinition.getDefinitionBean().getValueAttribute())) {
                            if (isRenameReal(prismObject, prismObject2, path)) {
                                LOGGER.trace("Processing association {} on rename", name);
                                createDelta.addValuesToDelete(prismContainerValue.mo1094clone());
                                createDelta.addValuesToAdd(prismContainerValue.mo1094clone());
                            } else {
                                LOGGER.trace("NOT processing association {} because the rename is phantom", name);
                            }
                        }
                    }
                    LOGGER.trace("Resulting association delta for {}:\n{}", path, createDelta.debugDumpLazily(1));
                    if (!createDelta.isEmpty()) {
                        this.entitlementConverter.collectEntitlementsAsObjectOperation(hashMap, createDelta, prismObject, prismObject2, provisioningContext, operationResult);
                    }
                }
            }
        }
        executeEntitlements(provisioningContext, hashMap, connectorOperationOptions, operationResult);
        return prismObject2;
    }

    private <T> boolean isRenameReal(PrismObject<ShadowType> prismObject, PrismObject<ShadowType> prismObject2, ItemPath itemPath) throws SchemaException {
        PrismProperty<T> findProperty = prismObject.findProperty(itemPath);
        PrismProperty<T> findProperty2 = prismObject2.findProperty(itemPath);
        boolean z = findProperty == null || findProperty.isEmpty();
        boolean z2 = findProperty2 == null || findProperty2.isEmpty();
        if (z) {
            return !z2;
        }
        if (z2) {
            return true;
        }
        MatchingRule<T> matchingRule = getMatchingRule(findProperty2.getDefinition());
        return !MiscUtil.unorderedCollectionEquals(findProperty.getValues(), findProperty2.getValues(), (prismPropertyValue, prismPropertyValue2) -> {
            try {
                return matchingRule.match(PrismPropertyValue.getRealValue(prismPropertyValue), PrismPropertyValue.getRealValue(prismPropertyValue2));
            } catch (SchemaException e) {
                throw new IllegalStateException(e);
            }
        });
    }

    private <T> MatchingRule<T> getMatchingRule(PrismPropertyDefinition<T> prismPropertyDefinition) throws SchemaException {
        return this.matchingRuleRegistry.getMatchingRule((QName) ObjectUtils.defaultIfNull(prismPropertyDefinition != null ? prismPropertyDefinition.getMatchingRuleQName() : null, PrismConstants.DEFAULT_MATCHING_RULE_NAME), null);
    }

    private void executeEntitlementChangesDelete(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, OperationProvisioningScriptsType operationProvisioningScriptsType, ConnectorOperationOptions connectorOperationOptions, OperationResult operationResult) throws SchemaException {
        try {
            HashMap hashMap = new HashMap();
            this.entitlementConverter.collectEntitlementsAsObjectOperationDelete(hashMap, prismObject, provisioningContext, operationResult);
            executeEntitlements(provisioningContext, hashMap, connectorOperationOptions, operationResult);
        } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException | ObjectAlreadyExistsException | ObjectNotFoundException | SecurityViolationException | RuntimeException e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
        } catch (SchemaException | Error e2) {
            throw e2;
        }
    }

    private void executeEntitlements(ProvisioningContext provisioningContext, Map<ResourceObjectDiscriminator, ResourceObjectOperations> map, ConnectorOperationOptions connectorOperationOptions, OperationResult operationResult) throws ObjectNotFoundException, CommunicationException, SchemaException, SecurityViolationException, ConfigurationException, ObjectAlreadyExistsException {
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Excuting entitlement chanes, roMap:\n{}", DebugUtil.debugDump((Map<?, ?>) map, 1));
        }
        for (Map.Entry<ResourceObjectDiscriminator, ResourceObjectOperations> entry : map.entrySet()) {
            ResourceObjectDiscriminator key = entry.getKey();
            ProvisioningContext resourceObjectContext = entry.getValue().getResourceObjectContext();
            Collection<? extends ResourceAttribute<?>> primaryIdentifiers = key.getPrimaryIdentifiers();
            ResourceObjectOperations value = entry.getValue();
            Collection<? extends ResourceAttribute<?>> allIdentifiers = value.getAllIdentifiers();
            if (allIdentifiers == null || allIdentifiers.isEmpty()) {
                allIdentifiers = primaryIdentifiers;
            }
            Collection<Operation> operations = value.getOperations();
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("Excuting entitlement change identifiers={}:\n{}", allIdentifiers, DebugUtil.debugDump((Collection<?>) operations, 1));
            }
            OperationResult createMinorSubresult = operationResult.createMinorSubresult(OPERATION_MODIFY_ENTITLEMENT);
            try {
                try {
                    try {
                        executeModify(resourceObjectContext, entry.getValue().getCurrentShadow(), allIdentifiers, operations, null, createMinorSubresult, connectorOperationOptions);
                        createMinorSubresult.recordSuccess();
                        createMinorSubresult.computeStatusIfUnknown();
                    } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException | ObjectAlreadyExistsException | ObjectNotFoundException | PolicyViolationException | SchemaException | SecurityViolationException e) {
                        LOGGER.error("Error while modifying entitlement {} of {}: {}", resourceObjectContext, provisioningContext, e.getMessage(), e);
                        createMinorSubresult.recordFatalError(e);
                        createMinorSubresult.computeStatusIfUnknown();
                    }
                } catch (Error | RuntimeException e2) {
                    LOGGER.error("Error while modifying entitlement {} of {}: {}", resourceObjectContext, provisioningContext, e2.getMessage(), e2);
                    createMinorSubresult.recordFatalError(e2);
                    throw e2;
                }
            } catch (Throwable th) {
                createMinorSubresult.computeStatusIfUnknown();
                throw th;
            }
        }
    }

    public SearchResultMetadata searchResourceObjects(@NotNull ProvisioningContext provisioningContext, @NotNull ResourceObjectHandler resourceObjectHandler, @Nullable ObjectQuery objectQuery, boolean z, @Nullable FetchErrorReportingMethodType fetchErrorReportingMethodType, @NotNull OperationResult operationResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        return new ResourceObjectSearchOperation(provisioningContext, resourceObjectHandler, objectQuery, z, fetchErrorReportingMethodType, this.beans).execute(operationResult);
    }

    public LiveSyncToken fetchCurrentToken(ProvisioningContext provisioningContext, OperationResult operationResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, ExpressionEvaluationException {
        Validate.notNull(operationResult, "Operation result must not be null.", new Object[0]);
        LOGGER.trace("Fetching current sync token for {}", provisioningContext);
        ConnectorInstance connector = provisioningContext.getConnector(LiveSyncCapabilityType.class, operationResult);
        try {
            UcfSyncToken fetchCurrentToken = connector.fetchCurrentToken(provisioningContext.getObjectDefinition(), provisioningContext.getUcfExecutionContext(), operationResult);
            LOGGER.trace("Got last token: {}", SchemaDebugUtil.prettyPrint(fetchCurrentToken));
            computeResultStatus(operationResult);
            return TokenUtil.fromUcf(fetchCurrentToken);
        } catch (GenericFrameworkException e) {
            operationResult.recordFatalError("Generic error in the connector: " + e.getMessage(), e);
            throw new CommunicationException("Generic error in the connector: " + e.getMessage(), e);
        } catch (CommunicationException e2) {
            operationResult.recordFatalError("Error communicating with the connector " + connector + ": " + e2.getMessage(), e2);
            throw new CommunicationException("Error communicating with the connector " + connector + ": " + e2.getMessage(), e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrismObject<ShadowType> fetchResourceObject(ProvisioningContext provisioningContext, @NotNull Collection<? extends ResourceAttribute<?>> collection, AttributesToReturn attributesToReturn, @Nullable PrismObject<ShadowType> prismObject, boolean z, OperationResult operationResult) throws ObjectNotFoundException, CommunicationException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
        PrismObject<ShadowType> fetchResourceObject = this.resourceObjectReferenceResolver.fetchResourceObject(provisioningContext, collection, attributesToReturn, prismObject, operationResult);
        postProcessResourceObjectRead(provisioningContext, fetchResourceObject, z, operationResult);
        return fetchResourceObject;
    }

    private void applyAfterOperationAttributes(PrismObject<ShadowType> prismObject, Collection<ResourceAttribute<?>> collection) throws SchemaException {
        if (collection == null) {
            return;
        }
        ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(prismObject);
        for (ResourceAttribute<?> resourceAttribute : collection) {
            ResourceAttribute findAttribute = attributesContainer.findAttribute(resourceAttribute.getElementName());
            if (findAttribute != null) {
                attributesContainer.remove(findAttribute);
            }
            if (!attributesContainer.contains(resourceAttribute)) {
                attributesContainer.add(resourceAttribute.mo1115clone());
            }
        }
    }

    private boolean hasChangesOnResource(Collection<? extends ItemDelta> collection) {
        for (ItemDelta itemDelta : collection) {
            if (isAttributeDelta(itemDelta) || SchemaConstants.PATH_PASSWORD.equivalent(itemDelta.getParentPath()) || SchemaConstants.PATH_ACTIVATION.equivalent(itemDelta.getParentPath()) || ShadowType.F_ASSOCIATION.equivalent(itemDelta.getPath())) {
                return true;
            }
        }
        return false;
    }

    private void collectAttributeAndEntitlementChanges(ProvisioningContext provisioningContext, Collection<? extends ItemDelta<?, ?>> collection, Collection<Operation> collection2, PrismObject<ShadowType> prismObject, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        if (collection2 == null) {
            collection2 = new ArrayList();
        }
        boolean z = false;
        ResourceObjectDefinition objectDefinitionRequired = provisioningContext.getObjectDefinitionRequired();
        for (ItemDelta<?, ?> itemDelta : collection) {
            if (isAttributeDelta(itemDelta) || SchemaConstants.PATH_PASSWORD.equivalent(itemDelta.getParentPath())) {
                if (itemDelta instanceof PropertyDelta) {
                    PropertyModificationOperation propertyModificationOperation = new PropertyModificationOperation((PropertyDelta) itemDelta);
                    ResourceAttributeDefinition<?> findAttributeDefinition = objectDefinitionRequired.findAttributeDefinition(itemDelta.getElementName());
                    if (findAttributeDefinition != null) {
                        propertyModificationOperation.setMatchingRuleQName(findAttributeDefinition.getMatchingRuleQName());
                        if (itemDelta.getDefinition() == null) {
                            itemDelta.setDefinition(findAttributeDefinition);
                        }
                    }
                    collection2.add(propertyModificationOperation);
                } else if (!(itemDelta instanceof ContainerDelta)) {
                    throw new UnsupportedOperationException("Not supported delta: " + itemDelta);
                }
            } else if (SchemaConstants.PATH_ACTIVATION.equivalent(itemDelta.getParentPath())) {
                if (!z) {
                    collection2.addAll(new ActivationConverter(provisioningContext, this.commonBeans).createActivationChangeOperations(prismObject.asObjectable(), collection, operationResult));
                    z = true;
                }
            } else if (ShadowType.F_ASSOCIATION.equivalent(itemDelta.getPath())) {
                if (!(itemDelta instanceof ContainerDelta)) {
                    throw new UnsupportedOperationException("Not supported delta: " + itemDelta);
                }
                this.entitlementConverter.collectEntitlementChange(collection2, (ContainerDelta) itemDelta, provisioningContext);
            } else if (!ShadowType.F_AUXILIARY_OBJECT_CLASS.equivalent(itemDelta.getPath())) {
                LOGGER.trace("Skip converting item delta: {}. It's not resource object change, but it is shadow change.", itemDelta);
            } else {
                if (!(itemDelta instanceof PropertyDelta)) {
                    throw new UnsupportedOperationException("Not supported delta: " + itemDelta);
                }
                collection2.add(new PropertyModificationOperation((PropertyDelta) itemDelta));
            }
        }
    }

    private boolean isAttributeDelta(ItemDelta itemDelta) {
        return ShadowType.F_ATTRIBUTES.equivalent(itemDelta.getParentPath());
    }

    public UcfFetchChangesResult fetchChanges(ProvisioningContext provisioningContext, @NotNull LiveSyncToken liveSyncToken, @Nullable Integer num, ResourceObjectLiveSyncChangeListener resourceObjectLiveSyncChangeListener, OperationResult operationResult) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, GenericFrameworkException, ObjectNotFoundException, ExpressionEvaluationException {
        LOGGER.trace("START fetch changes from {}, objectClass: {}", liveSyncToken, provisioningContext.getObjectClassDefinition());
        AttributesToReturn createAttributesToReturn = provisioningContext.isWildcard() ? null : provisioningContext.createAttributesToReturn();
        ConnectorInstance connector = provisioningContext.getConnector(LiveSyncCapabilityType.class, operationResult);
        Integer maxChanges = getMaxChanges(num, provisioningContext);
        AtomicInteger atomicInteger = new AtomicInteger(0);
        AttributesToReturn attributesToReturn = createAttributesToReturn;
        UcfFetchChangesResult fetchChanges = connector.fetchChanges(provisioningContext.getObjectDefinition(), TokenUtil.toUcf(liveSyncToken), createAttributesToReturn, maxChanges, provisioningContext.getUcfExecutionContext(), (ucfLiveSyncChange, operationResult2) -> {
            int andIncrement = atomicInteger.getAndIncrement();
            Task task = provisioningContext.getTask();
            OperationResult build = operationResult2.subresult(OPERATION_HANDLE_CHANGE).setMinor().addParam("number", andIncrement).addParam("localSequenceNumber", ucfLiveSyncChange.getLocalSequenceNumber()).addArbitraryObjectAsParam("primaryIdentifier", ucfLiveSyncChange.getPrimaryIdentifierRealValue()).addArbitraryObjectAsParam("token", ucfLiveSyncChange.getToken()).build();
            try {
                try {
                    ResourceObjectLiveSyncChange resourceObjectLiveSyncChange = new ResourceObjectLiveSyncChange(ucfLiveSyncChange, null, this, provisioningContext, attributesToReturn);
                    resourceObjectLiveSyncChange.initialize(task, build);
                    boolean onChange = resourceObjectLiveSyncChangeListener.onChange(resourceObjectLiveSyncChange, build);
                    build.computeStatusIfUnknown();
                    return onChange;
                } finally {
                }
            } catch (Throwable th) {
                build.computeStatusIfUnknown();
                throw th;
            }
        }, operationResult);
        computeResultStatus(operationResult);
        Trace trace = LOGGER;
        Object[] objArr = new Object[4];
        objArr[0] = Integer.valueOf(atomicInteger.get());
        objArr[1] = Boolean.valueOf(!provisioningContext.canRun());
        objArr[2] = Boolean.valueOf(fetchChanges.isAllChangesFetched());
        objArr[3] = fetchChanges.getFinalToken();
        trace.trace("END fetch changes ({} changes); interrupted = {}; all fetched = {}, final token = {}", objArr);
        return fetchChanges;
    }

    @Nullable
    private Integer getMaxChanges(@Nullable Integer num, ProvisioningContext provisioningContext) {
        LiveSyncCapabilityType liveSyncCapabilityType = (LiveSyncCapabilityType) provisioningContext.getCapability(LiveSyncCapabilityType.class);
        if (liveSyncCapabilityType == null) {
            checkMaxChanges(num, "LiveSync capability is not found or disabled");
            return null;
        }
        if (Boolean.TRUE.equals(liveSyncCapabilityType.isPreciseTokenValue())) {
            return num;
        }
        checkMaxChanges(num, "LiveSync capability has preciseTokenValue not set to 'true'");
        return null;
    }

    private void checkMaxChanges(Integer num, String str) {
        if (num != null && num.intValue() > 0) {
            throw new IllegalArgumentException("Cannot apply " + LiveSyncWorkDefinitionType.F_BATCH_SIZE.getLocalPart() + " because " + str);
        }
    }

    public void listenForAsynchronousUpdates(@NotNull ProvisioningContext provisioningContext, @NotNull ResourceObjectAsyncChangeListener resourceObjectAsyncChangeListener, @NotNull OperationResult operationResult) throws SchemaException, CommunicationException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException {
        LOGGER.trace("Listening for async updates in {}", provisioningContext);
        ConnectorInstance connector = provisioningContext.getConnector(AsyncUpdateCapabilityType.class, operationResult);
        UcfAsyncUpdateChangeListener ucfAsyncUpdateChangeListener = (ucfAsyncUpdateChange, task, operationResult2) -> {
            ResourceObjectAsyncChange resourceObjectAsyncChange = new ResourceObjectAsyncChange(ucfAsyncUpdateChange, this, provisioningContext);
            resourceObjectAsyncChange.initialize(task, operationResult2);
            resourceObjectAsyncChangeListener.onChange(resourceObjectAsyncChange, task, operationResult2);
        };
        Objects.requireNonNull(provisioningContext);
        connector.listenForChanges(ucfAsyncUpdateChangeListener, provisioningContext::canRun, operationResult);
        LOGGER.trace("Finished listening for async updates");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void postProcessResourceObjectRead(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, boolean z, OperationResult operationResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        if (prismObject == null) {
            return;
        }
        ShadowType asObjectable = prismObject.asObjectable();
        ProvisioningUtil.setProtectedFlag(provisioningContext, prismObject, this.matchingRuleRegistry, this.relationRegistry, this.expressionFactory, operationResult);
        if (asObjectable.isExists() == null) {
            asObjectable.setExists(true);
        }
        new ActivationConverter(provisioningContext, this.commonBeans).completeActivation(prismObject, operationResult);
        if (z) {
            this.entitlementConverter.postProcessEntitlementsRead(prismObject, provisioningContext, operationResult);
        }
    }

    private void executeProvisioningScripts(ProvisioningContext provisioningContext, ProvisioningOperationTypeType provisioningOperationTypeType, BeforeAfterType beforeAfterType, OperationProvisioningScriptsType operationProvisioningScriptsType, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException, GenericConnectorException {
        Collection<ExecuteProvisioningScriptOperation> determineExecuteScriptOperations = determineExecuteScriptOperations(provisioningOperationTypeType, beforeAfterType, operationProvisioningScriptsType, provisioningContext.getResource(), operationResult);
        if (determineExecuteScriptOperations == null || determineExecuteScriptOperations.isEmpty()) {
            return;
        }
        ConnectorInstance connector = provisioningContext.getConnector(ScriptCapabilityType.class, operationResult);
        for (ExecuteProvisioningScriptOperation executeProvisioningScriptOperation : determineExecuteScriptOperations) {
            UcfExecutionContext ucfExecutionContext = new UcfExecutionContext(this.lightweightIdentifierGenerator, provisioningContext.getResource(), provisioningContext.getTask());
            try {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("PROVISIONING SCRIPT EXECUTION {} {} operation on resource {}", beforeAfterType.value(), provisioningOperationTypeType.value(), provisioningContext.getResource());
                }
                Object executeScript = connector.executeScript(executeProvisioningScriptOperation, ucfExecutionContext, operationResult);
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("PROVISIONING SCRIPT EXECUTION {} {} successful, returned value: {}", beforeAfterType.value(), provisioningOperationTypeType.value(), executeScript);
                }
            } catch (GenericFrameworkException e) {
                String str = "Could not execute provisioning script. Generic error in connector: " + e.getMessage();
                if (ExceptionUtil.isFatalCriticality(executeProvisioningScriptOperation.getCriticality(), CriticalityType.FATAL)) {
                    operationResult.recordFatalError(str, e);
                    throw new GenericConnectorException(str, e);
                }
                LOGGER.warn("{}", str);
            } catch (CommunicationException e2) {
                String str2 = "Could not execute provisioning script. Error communicating with the connector " + connector + ": " + e2.getMessage();
                if (ExceptionUtil.isFatalCriticality(executeProvisioningScriptOperation.getCriticality(), CriticalityType.FATAL)) {
                    operationResult.recordFatalError(str2, e2);
                    throw new CommunicationException(str2, e2);
                }
                LOGGER.warn("{}", str2);
            } catch (Throwable th) {
                String str3 = "Could not execute provisioning script. Unexpected error in connector: " + th.getClass().getSimpleName() + ": " + th.getMessage();
                if (ExceptionUtil.isFatalCriticality(executeProvisioningScriptOperation.getCriticality(), CriticalityType.FATAL)) {
                    operationResult.recordFatalError(str3, th);
                    throw th;
                }
                LOGGER.warn("{}", str3);
            }
        }
    }

    private Collection<ExecuteProvisioningScriptOperation> determineExecuteScriptOperations(ProvisioningOperationTypeType provisioningOperationTypeType, BeforeAfterType beforeAfterType, OperationProvisioningScriptsType operationProvisioningScriptsType, ResourceType resourceType, OperationResult operationResult) throws SchemaException {
        if (operationProvisioningScriptsType == null) {
            LOGGER.trace("Skipping creating script operation to execute. No scripts were defined.");
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (OperationProvisioningScriptType operationProvisioningScriptType : operationProvisioningScriptsType.getScript()) {
            for (ProvisioningOperationTypeType provisioningOperationTypeType2 : operationProvisioningScriptType.getOperation()) {
                if (provisioningOperationTypeType.equals(provisioningOperationTypeType2) && beforeAfterType.equals(operationProvisioningScriptType.getOrder())) {
                    ExecuteProvisioningScriptOperation convertToScriptOperation = ProvisioningUtil.convertToScriptOperation(operationProvisioningScriptType, "script value for " + provisioningOperationTypeType2 + " in " + resourceType, this.prismContext);
                    LOGGER.trace("Created script operation: {}", SchemaDebugUtil.prettyPrint(convertToScriptOperation));
                    arrayList.add(convertToScriptOperation);
                }
            }
        }
        return arrayList;
    }

    public AsynchronousOperationResult refreshOperationStatus(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, String str, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_REFRESH_OPERATION_STATUS);
        try {
            ResourceType resource = provisioningContext.getResource();
            ConnectorInstance connector = provisioningContext.getConnector(UpdateCapabilityType.class, createSubresult);
            OperationResultStatus operationResultStatus = null;
            if (connector instanceof AsynchronousOperationQueryable) {
                LOGGER.trace("PROVISIONING REFRESH operation ref={} on {}, object: {}", str, resource, prismObject);
                try {
                    operationResultStatus = ((AsynchronousOperationQueryable) connector).queryOperationStatus(str, createSubresult);
                    createSubresult.recordSuccess();
                    LOGGER.debug("PROVISIONING REFRESH ref={} successful on {} {}, returned status: {}", str, resource, prismObject, operationResultStatus);
                } catch (CommunicationException | ConfigurationException | ObjectNotFoundException | SchemaException e) {
                    createSubresult.recordFatalError(e);
                    throw e;
                }
            } else {
                LOGGER.trace("Ignoring refresh of shadow {}, because the connector is not async operation queryable", prismObject.getOid());
                createSubresult.recordNotApplicableIfUnknown();
            }
            OperationResult operationResult2 = new OperationResult(OPERATION_REFRESH_OPERATION_STATUS);
            operationResult2.setStatus(operationResultStatus);
            AsynchronousOperationResult wrap = AsynchronousOperationResult.wrap(operationResult2);
            updateQuantum(provisioningContext, connector, wrap, operationResult);
            return wrap;
        } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException | ObjectNotFoundException | SchemaException | Error | RuntimeException e2) {
            createSubresult.recordFatalError(e2);
            throw e2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void computeResultStatus(OperationResult operationResult) {
        if (operationResult.isInProgress()) {
            return;
        }
        OperationResultStatus operationResultStatus = OperationResultStatus.SUCCESS;
        String str = null;
        for (OperationResult operationResult2 : operationResult.getSubresults()) {
            if (OPERATION_MODIFY_ENTITLEMENT.equals(operationResult2.getOperation()) && operationResult2.isError()) {
                operationResultStatus = OperationResultStatus.PARTIAL_ERROR;
            } else if (operationResult2.isError()) {
                operationResultStatus = OperationResultStatus.FATAL_ERROR;
            } else if (operationResult2.isInProgress()) {
                operationResultStatus = OperationResultStatus.IN_PROGRESS;
                str = operationResult2.getAsynchronousOperationReference();
            }
        }
        operationResult.setStatus(operationResultStatus);
        operationResult.setAsynchronousOperationReference(str);
    }

    private <C extends CapabilityType> void checkForCapability(ProvisioningContext provisioningContext, Class<C> cls, OperationResult operationResult) {
        CapabilityType capability = provisioningContext.getCapability(cls);
        if (capability == null || BooleanUtils.isFalse(capability.isEnabled())) {
            UnsupportedOperationException unsupportedOperationException = new UnsupportedOperationException("Operation not supported " + provisioningContext.getDesc() + " as " + cls.getSimpleName() + " is missing");
            if (operationResult != null) {
                operationResult.recordFatalError(unsupportedOperationException);
            }
            throw unsupportedOperationException;
        }
    }

    public ShadowCaretaker getShadowCaretaker() {
        return this.shadowCaretaker;
    }

    public ResourceObjectsBeans getBeans() {
        return this.beans;
    }
}
