package com.evolveum.midpoint.model.impl.lens.projector.focus;

import com.evolveum.midpoint.common.ActivationComputer;
import com.evolveum.midpoint.model.impl.lens.LensContext;
import com.evolveum.midpoint.model.impl.lens.LensFocusContext;
import com.evolveum.midpoint.model.impl.lens.LensUtil;
import com.evolveum.midpoint.model.impl.lens.assignments.EvaluatedAssignmentImpl;
import com.evolveum.midpoint.model.impl.lens.projector.ProjectorProcessor;
import com.evolveum.midpoint.model.impl.lens.projector.util.ProcessorExecution;
import com.evolveum.midpoint.model.impl.lens.projector.util.ProcessorMethod;
import com.evolveum.midpoint.prism.Item;
import com.evolveum.midpoint.prism.OriginType;
import com.evolveum.midpoint.prism.PrismContainerDefinition;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismPropertyDefinition;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.delta.DeltaSetTriple;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentHolderType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationBehavioralDataType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.BehaviorType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.LifecycleStateModelType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TimeIntervalStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.util.Collection;
import java.util.Iterator;
import javax.xml.datatype.XMLGregorianCalendar;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@ProcessorExecution(focusRequired = true, focusType = FocusType.class, skipWhenFocusDeleted = true)
@Component
/* loaded from: input_file:WEB-INF/lib/model-impl-4.6-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/lens/projector/focus/FocusActivationProcessor.class */
public class FocusActivationProcessor implements ProjectorProcessor {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) FocusActivationProcessor.class);
    private PrismContainerDefinition<ActivationType> activationDefinition;
    private PrismPropertyDefinition<Integer> failedLoginsDefinition;

    @Autowired
    private PrismContext prismContext;

    @Autowired
    private ActivationComputer activationComputer;

    /* JADX INFO: Access modifiers changed from: package-private */
    @ProcessorMethod
    public <F extends FocusType> void processActivationBeforeObjectTemplate(LensContext<F> lensContext, XMLGregorianCalendar xMLGregorianCalendar, Task task, OperationResult operationResult) throws SchemaException {
        processActivationBasic(lensContext, xMLGregorianCalendar);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @ProcessorMethod
    public <F extends FocusType> void processActivationAfterObjectTemplate(LensContext<F> lensContext, XMLGregorianCalendar xMLGregorianCalendar, Task task, OperationResult operationResult) throws SchemaException {
        processActivationBasic(lensContext, xMLGregorianCalendar);
        processAssignmentActivation(lensContext);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @ProcessorMethod
    public <F extends FocusType> void processActivationAfterAssignments(LensContext<F> lensContext, XMLGregorianCalendar xMLGregorianCalendar, Task task, OperationResult operationResult) throws SchemaException {
        processActivationBasic(lensContext, xMLGregorianCalendar);
        processAssignmentActivation(lensContext);
    }

    private <F extends FocusType> void processActivationBasic(LensContext<F> lensContext, XMLGregorianCalendar xMLGregorianCalendar) throws SchemaException {
        LensFocusContext<F> focusContext = lensContext.getFocusContext();
        processActivationAdministrativeAndValidity(focusContext, xMLGregorianCalendar);
        processActivationLockout(focusContext);
    }

    private <F extends AssignmentHolderType> void processAssignmentActivation(LensContext<F> lensContext) throws SchemaException {
        DeltaSetTriple<EvaluatedAssignmentImpl<?>> evaluatedAssignmentTriple = lensContext.getEvaluatedAssignmentTriple();
        if (evaluatedAssignmentTriple == null) {
            return;
        }
        Collection<EvaluatedAssignmentImpl<?>> zeroSet = evaluatedAssignmentTriple.getZeroSet();
        LensFocusContext<F> focusContext = lensContext.getFocusContext();
        for (EvaluatedAssignmentImpl<?> evaluatedAssignmentImpl : zeroSet) {
            if (!evaluatedAssignmentImpl.isVirtual()) {
                AssignmentType assignment = evaluatedAssignmentImpl.getAssignment();
                ActivationType activation = assignment.getActivation();
                ActivationStatusType effectiveStatus = activation != null ? activation.getEffectiveStatus() : null;
                ActivationStatusType effectiveStatus2 = this.activationComputer.getEffectiveStatus(assignment.getLifecycleState(), activation, null);
                if (effectiveStatus != effectiveStatus2) {
                    PropertyDelta createEmptyDelta = focusContext.getObjectDefinition().findPropertyDefinition(SchemaConstants.PATH_ASSIGNMENT_ACTIVATION_EFFECTIVE_STATUS).createEmptyDelta(ItemPath.create(FocusType.F_ASSIGNMENT, assignment.getId(), AssignmentType.F_ACTIVATION, ActivationType.F_EFFECTIVE_STATUS));
                    createEmptyDelta.setRealValuesToReplace(effectiveStatus2);
                    focusContext.swallowToSecondaryDelta(createEmptyDelta);
                }
            }
        }
    }

    private <F extends FocusType> void processActivationAdministrativeAndValidity(LensFocusContext<F> lensFocusContext, XMLGregorianCalendar xMLGregorianCalendar) throws SchemaException {
        TimeIntervalStatusType timeIntervalStatusType = null;
        TimeIntervalStatusType timeIntervalStatusType2 = null;
        XMLGregorianCalendar xMLGregorianCalendar2 = null;
        String str = null;
        String str2 = null;
        ActivationType activationType = null;
        ActivationType activationType2 = null;
        PrismObject<F> objectNew = lensFocusContext.getObjectNew();
        if (objectNew != null) {
            F asObjectable = objectNew.asObjectable();
            activationType = asObjectable.getActivation();
            if (activationType != null) {
                timeIntervalStatusType = this.activationComputer.getValidityStatus(activationType, xMLGregorianCalendar);
                xMLGregorianCalendar2 = activationType.getValidityChangeTimestamp();
            }
            str = asObjectable.getLifecycleState();
        }
        PrismObject<F> objectCurrent = lensFocusContext.getObjectCurrent();
        if (objectCurrent != null) {
            F asObjectable2 = objectCurrent.asObjectable();
            activationType2 = asObjectable2.getActivation();
            if (activationType2 != null) {
                timeIntervalStatusType2 = this.activationComputer.getValidityStatus(activationType2, xMLGregorianCalendar2);
            }
            str2 = asObjectable2.getLifecycleState();
        }
        if (timeIntervalStatusType2 != timeIntervalStatusType) {
            LOGGER.trace("Validity change {} -> {}", timeIntervalStatusType2, timeIntervalStatusType);
            recordValidityDelta(lensFocusContext, timeIntervalStatusType, xMLGregorianCalendar);
        } else if (timeIntervalStatusType == null || activationType.getValidityStatus() != null) {
            LOGGER.trace("Skipping validity processing because there was no change ({} -> {})", timeIntervalStatusType2, timeIntervalStatusType);
        } else {
            recordValidityDelta(lensFocusContext, timeIntervalStatusType, xMLGregorianCalendar);
        }
        LifecycleStateModelType lifecycleModel = lensFocusContext.getLifecycleModel();
        ActivationStatusType effectiveStatus = this.activationComputer.getEffectiveStatus(str, activationType, timeIntervalStatusType, lifecycleModel);
        ActivationStatusType effectiveStatus2 = this.activationComputer.getEffectiveStatus(str2, activationType2, timeIntervalStatusType2, lifecycleModel);
        if (effectiveStatus2 != effectiveStatus) {
            LOGGER.trace("Effective status change {} -> {}", effectiveStatus2, effectiveStatus);
            recordEffectiveStatusDelta(lensFocusContext, effectiveStatus, xMLGregorianCalendar);
            return;
        }
        if (effectiveStatus != null && (activationType == null || activationType.getEffectiveStatus() == null)) {
            recordEffectiveStatusDelta(lensFocusContext, effectiveStatus, xMLGregorianCalendar);
            return;
        }
        if (lensFocusContext.getPrimaryDelta() != null && lensFocusContext.getPrimaryDelta().hasItemDelta(SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS)) {
            LOGGER.trace("Forcing effective status delta even though there was no change ({} -> {}) because there is explicit administrativeStatus delta", effectiveStatus2, effectiveStatus);
            recordEffectiveStatusDelta(lensFocusContext, effectiveStatus, xMLGregorianCalendar);
            return;
        }
        if (activationType2 != null && activationType2.getEffectiveStatus() != null && activationType2.getEffectiveStatus() != effectiveStatus) {
            recordEffectiveStatusDelta(lensFocusContext, effectiveStatus, xMLGregorianCalendar);
        }
        LOGGER.trace("Skipping effective status processing because there was no change ({} -> {})", effectiveStatus2, effectiveStatus);
    }

    private <F extends FocusType> void processActivationLockout(LensFocusContext<F> lensFocusContext) throws SchemaException {
        ActivationType activation;
        ItemDelta findPropertyDelta;
        if (lensFocusContext.getPrimaryDelta() != null && (findPropertyDelta = lensFocusContext.getPrimaryDelta().findPropertyDelta(SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS)) != null) {
            if (findPropertyDelta.isAdd()) {
                Iterator it = findPropertyDelta.getValuesToAdd().iterator();
                while (it.hasNext()) {
                    if (((PrismPropertyValue) it.next()).getValue() == LockoutStatusType.LOCKED) {
                        throw new SchemaException("Lockout status cannot be changed to LOCKED value");
                    }
                }
            } else if (findPropertyDelta.isReplace()) {
                Iterator it2 = findPropertyDelta.getValuesToReplace().iterator();
                while (it2.hasNext()) {
                    if (((PrismPropertyValue) it2.next()).getValue() == LockoutStatusType.LOCKED) {
                        throw new SchemaException("Lockout status cannot be changed to LOCKED value");
                    }
                }
            }
        }
        ActivationType activationType = null;
        LockoutStatusType lockoutStatusType = null;
        LockoutStatusType lockoutStatusType2 = null;
        PrismObject<F> objectNew = lensFocusContext.getObjectNew();
        if (objectNew != null) {
            activationType = objectNew.asObjectable().getActivation();
            if (activationType != null) {
                lockoutStatusType = activationType.getLockoutStatus();
            }
        }
        PrismObject<F> objectCurrent = lensFocusContext.getObjectCurrent();
        if (objectCurrent != null && (activation = objectCurrent.asObjectable().getActivation()) != null) {
            lockoutStatusType2 = activation.getLockoutStatus();
        }
        if (lockoutStatusType == lockoutStatusType2) {
            LOGGER.trace("Skipping lockout processing because there was no change ({} -> {})", lockoutStatusType2, lockoutStatusType);
            return;
        }
        LOGGER.trace("Lockout change {} -> {}", lockoutStatusType2, lockoutStatusType);
        if (lockoutStatusType == LockoutStatusType.NORMAL) {
            CredentialsType credentials = objectNew.asObjectable().getCredentials();
            if (credentials != null) {
                resetFailedLogins(lensFocusContext, credentials.getPassword(), SchemaConstants.PATH_CREDENTIALS_PASSWORD_FAILED_LOGINS);
                resetFailedLogins(lensFocusContext, credentials.getNonce(), SchemaConstants.PATH_CREDENTIALS_NONCE_FAILED_LOGINS);
                resetFailedLogins(lensFocusContext, credentials.getSecurityQuestions(), SchemaConstants.PATH_CREDENTIALS_SECURITY_QUESTIONS_FAILED_LOGINS);
            }
            BehaviorType behavior = objectNew.asObjectable().getBehavior();
            if (behavior != null) {
                resetFailedLogins(lensFocusContext, behavior.getAuthentication(), SchemaConstants.PATH_AUTHENTICATION_BEHAVIOR_FAILED_LOGINS);
            }
            if (activationType.getLockoutExpirationTimestamp() != null) {
                PropertyDelta createEmptyDelta = getActivationDefinition().findPropertyDefinition(ActivationType.F_LOCKOUT_EXPIRATION_TIMESTAMP).createEmptyDelta(ItemPath.create(UserType.F_ACTIVATION, ActivationType.F_LOCKOUT_EXPIRATION_TIMESTAMP));
                createEmptyDelta.setValueToReplace();
                lensFocusContext.swallowToSecondaryDelta(createEmptyDelta);
            }
        }
    }

    private <F extends FocusType> void resetFailedLogins(LensFocusContext<F> lensFocusContext, AuthenticationBehavioralDataType authenticationBehavioralDataType, ItemPath itemPath) throws SchemaException {
        Integer failedLogins;
        if (authenticationBehavioralDataType == null || (failedLogins = authenticationBehavioralDataType.getFailedLogins()) == null || failedLogins.intValue() == 0) {
            return;
        }
        PropertyDelta<Integer> createEmptyDelta = getFailedLoginsDefinition().createEmptyDelta(itemPath);
        createEmptyDelta.setValueToReplace(this.prismContext.itemFactory().createPropertyValue(0, OriginType.USER_POLICY, null));
        lensFocusContext.swallowToSecondaryDelta(createEmptyDelta);
    }

    private <F extends ObjectType> void recordValidityDelta(LensFocusContext<F> lensFocusContext, TimeIntervalStatusType timeIntervalStatusType, XMLGregorianCalendar xMLGregorianCalendar) throws SchemaException {
        PrismContainerDefinition<ActivationType> activationDefinition = getActivationDefinition();
        PropertyDelta createEmptyDelta = activationDefinition.findPropertyDefinition(ActivationType.F_VALIDITY_STATUS).createEmptyDelta(ItemPath.create(UserType.F_ACTIVATION, ActivationType.F_VALIDITY_STATUS));
        if (timeIntervalStatusType == null) {
            createEmptyDelta.setValueToReplace();
        } else {
            createEmptyDelta.setValueToReplace(this.prismContext.itemFactory().createPropertyValue(timeIntervalStatusType, OriginType.USER_POLICY, null));
        }
        lensFocusContext.swallowToSecondaryDelta(createEmptyDelta);
        PropertyDelta createEmptyDelta2 = activationDefinition.findPropertyDefinition(ActivationType.F_VALIDITY_CHANGE_TIMESTAMP).createEmptyDelta(ItemPath.create(UserType.F_ACTIVATION, ActivationType.F_VALIDITY_CHANGE_TIMESTAMP));
        createEmptyDelta2.setValueToReplace(this.prismContext.itemFactory().createPropertyValue(xMLGregorianCalendar, OriginType.USER_POLICY, null));
        lensFocusContext.swallowToSecondaryDelta(createEmptyDelta2);
    }

    private <F extends ObjectType> void recordEffectiveStatusDelta(LensFocusContext<F> lensFocusContext, ActivationStatusType activationStatusType, XMLGregorianCalendar xMLGregorianCalendar) throws SchemaException {
        Item findProperty;
        PrismContainerDefinition<ActivationType> activationDefinition = getActivationDefinition();
        PropertyDelta createEmptyDelta = activationDefinition.findPropertyDefinition(ActivationType.F_EFFECTIVE_STATUS).createEmptyDelta(SchemaConstants.PATH_ACTIVATION_EFFECTIVE_STATUS);
        createEmptyDelta.setValueToReplace(this.prismContext.itemFactory().createPropertyValue(activationStatusType, OriginType.USER_POLICY, null));
        lensFocusContext.swallowToSecondaryDelta(createEmptyDelta);
        PrismObject<F> objectCurrent = lensFocusContext.getObjectCurrent();
        if (objectCurrent == null || (findProperty = objectCurrent.findProperty(SchemaConstants.PATH_ACTIVATION_EFFECTIVE_STATUS)) == null || !activationStatusType.equals(findProperty.getRealValue())) {
            lensFocusContext.swallowToSecondaryDelta(LensUtil.createActivationTimestampDelta(activationStatusType, xMLGregorianCalendar, activationDefinition, OriginType.USER_POLICY, this.prismContext));
        } else {
            LOGGER.trace("Skipping setting disableTimestamp because there was no change");
        }
    }

    private PrismContainerDefinition<ActivationType> getActivationDefinition() {
        if (this.activationDefinition == null) {
            this.activationDefinition = this.prismContext.getSchemaRegistry().findComplexTypeDefinitionByType(FocusType.COMPLEX_TYPE).findContainerDefinition(FocusType.F_ACTIVATION);
        }
        return this.activationDefinition;
    }

    private PrismPropertyDefinition<Integer> getFailedLoginsDefinition() {
        if (this.failedLoginsDefinition == null) {
            this.failedLoginsDefinition = this.prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(UserType.class).findPropertyDefinition(SchemaConstants.PATH_CREDENTIALS_PASSWORD_FAILED_LOGINS);
        }
        return this.failedLoginsDefinition;
    }
}
