package com.evolveum.midpoint.certification.test.complex;

import com.evolveum.midpoint.certification.test.AbstractUninitializedCertificationTest;
import com.evolveum.midpoint.model.api.ModelExecuteOptions;
import com.evolveum.midpoint.model.api.WorkflowService;
import com.evolveum.midpoint.model.impl.lens.LensContext;
import com.evolveum.midpoint.model.impl.util.RecordingProgressListener;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.delta.builder.DeltaBuilder;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.WfContextUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.test.util.TestUtil;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.Holder;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationDefinitionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ItemApprovalProcessStateType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PartialProcessingOptionsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PartialProcessingTypeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SchemaAttachedPolicyRuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TaskType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.WfContextType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.WorkItemType;
import java.io.File;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import javax.xml.namespace.QName;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@ContextConfiguration(locations = {"classpath:ctx-certification-test-main.xml"})
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
/* loaded from: input_file:com/evolveum/midpoint/certification/test/complex/TestPolicyDrivenRoleLifecycle.class */
public class TestPolicyDrivenRoleLifecycle extends AbstractUninitializedCertificationTest {
    protected static final String SITUATION_INCOMPLETE_ROLE = "http://sample.org/situations#incomplete-role-c1-to-c4";
    protected static final String SITUATION_ACTIVE_ROLE_WITH_NO_IDENTIFIER = "http://sample.org/situations#active-role-with-no-identifier";
    protected static String roleEmptyOid;
    protected static String roleHighRiskEmptyOid;
    protected static String roleCorrectOid;
    protected static String roleCorrectHighRiskOid;
    protected static String userJackOid;
    protected static final String ASSIGNMENT_CERT_DEF_OID = "540940e9-4ac5-4340-ba85-fd7e8b5e6686";
    protected static final String MODIFICATION_CERT_DEF_OID = "83a16584-bb2a-448c-aee1-82fc6d577bcb";
    protected static final String ORG_LABORATORY_OID = "027faec7-7763-4b26-ab92-c5c0acbb1173";
    protected static final String USER_INDIGO_OID = "11b35bd2-9b2f-4a00-94fa-7ed0079a7500";
    protected AccessCertificationDefinitionType assignmentCertificationDefinition;
    protected AccessCertificationDefinitionType modificationCertificationDefinition;

    @Autowired
    private WorkflowService workflowService;
    protected static final File TEST_DIR = new File("src/test/resources/complex");
    public static final File SYSTEM_CONFIGURATION_FILE = new File(TEST_DIR, "system-configuration.xml");
    protected static final File ROLE_EMPTY_FILE = new File(TEST_DIR, "role-empty.xml");
    protected static final File ROLE_HIGH_RISK_EMPTY_FILE = new File(TEST_DIR, "role-high-risk-empty.xml");
    protected static final File ROLE_CORRECT_FILE = new File(TEST_DIR, "role-correct.xml");
    protected static final File ROLE_CORRECT_HIGH_RISK_FILE = new File(TEST_DIR, "role-correct-high-risk.xml");
    protected static final File USER_JACK_FILE = new File(COMMON_DIR, "user-jack.xml");
    protected static final File ASSIGNMENT_CERT_DEF_FILE = new File(TEST_DIR, "adhoc-certification-assignment.xml");
    protected static final File MODIFICATION_CERT_DEF_FILE = new File(TEST_DIR, "adhoc-certification-modification.xml");
    protected static final File ORG_LABORATORY_FILE = new File(TEST_DIR, "org-laboratory.xml");
    protected static final File USER_INDIGO_FILE = new File(TEST_DIR, "user-indigo.xml");

    @Override // com.evolveum.midpoint.certification.test.AbstractUninitializedCertificationTest
    public void initSystem(Task task, OperationResult operationResult) throws Exception {
        super.initSystem(task, operationResult);
        DebugUtil.setPrettyPrintBeansAs("yaml");
        userJackOid = addAndRecompute(USER_JACK_FILE, task, operationResult);
        roleEmptyOid = addAndRecompute(ROLE_EMPTY_FILE, task, operationResult);
        roleHighRiskEmptyOid = addAndRecompute(ROLE_HIGH_RISK_EMPTY_FILE, task, operationResult);
        roleCorrectOid = addAndRecompute(ROLE_CORRECT_FILE, task, operationResult);
        roleCorrectHighRiskOid = addAndRecompute(ROLE_CORRECT_HIGH_RISK_FILE, task, operationResult);
    }

    @Override // com.evolveum.midpoint.certification.test.AbstractUninitializedCertificationTest
    @NotNull
    protected File getSystemConfigurationFile() {
        return SYSTEM_CONFIGURATION_FILE;
    }

    @Test
    public void test010AttemptToActivateIncompleteRoleC1345() throws Exception {
        TestUtil.displayTestTitle(this, "test010AttemptToActivateIncompleteRoleC1345");
        Task createTaskInstance = this.taskManager.createTaskInstance(TestPolicyDrivenRoleLifecycle.class.getName() + ".test010AttemptToActivateIncompleteRoleC1345");
        createTaskInstance.setOwner(this.userAdministrator.asPrismObject());
        OperationResult result = createTaskInstance.getResult();
        TestUtil.displayWhen("test010AttemptToActivateIncompleteRoleC1345");
        TestUtil.displayThen("test010AttemptToActivateIncompleteRoleC1345");
        Holder<LensContext<?>> holder = new Holder<>();
        activateRoleAssertFailure(roleEmptyOid, holder, result, createTaskInstance);
        PrismObject role = getRole(roleEmptyOid);
        display("role after", role);
        dumpRules(holder);
        AssertJUnit.assertEquals("Wrong policy situation", Collections.singletonList(SITUATION_INCOMPLETE_ROLE), role.asObjectable().getPolicySituation());
    }

    private void activateRoleAssertFailure(String str, Holder<LensContext<?>> holder, OperationResult operationResult, Task task) throws SchemaException, CommunicationException, ObjectAlreadyExistsException, ExpressionEvaluationException, SecurityViolationException, ConfigurationException, ObjectNotFoundException {
        try {
            activateRole(str, holder, task, operationResult);
            fail("unexpected success");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception:");
            e.printStackTrace(System.out);
        }
    }

    @Test
    public void test020AttemptToActivateIncompleteRoleC234() throws Exception {
        TestUtil.displayTestTitle(this, "test020AttemptToActivateIncompleteRoleC234");
        Task createTaskInstance = this.taskManager.createTaskInstance(TestPolicyDrivenRoleLifecycle.class.getName() + ".test020AttemptToActivateIncompleteRoleC234");
        createTaskInstance.setOwner(this.userAdministrator.asPrismObject());
        OperationResult result = createTaskInstance.getResult();
        TestUtil.displayWhen("test020AttemptToActivateIncompleteRoleC234");
        TestUtil.displayThen("test020AttemptToActivateIncompleteRoleC234");
        Holder<LensContext<?>> holder = new Holder<>();
        activateRoleAssertFailure(roleHighRiskEmptyOid, holder, result, createTaskInstance);
        PrismObject role = getRole(roleHighRiskEmptyOid);
        display("role after", role);
        dumpRules(holder);
        AssertJUnit.assertEquals("Wrong policy situation", Collections.singletonList(SITUATION_INCOMPLETE_ROLE), role.asObjectable().getPolicySituation());
    }

    @Test
    public void test030AttemptToActivateCorrectRoleC34() throws Exception {
        TestUtil.displayTestTitle(this, "test030AttemptToActivateCorrectRoleC34");
        Task createTaskInstance = this.taskManager.createTaskInstance(TestPolicyDrivenRoleLifecycle.class.getName() + ".test030AttemptToActivateCorrectRoleC34");
        createTaskInstance.setOwner(this.userAdministrator.asPrismObject());
        OperationResult result = createTaskInstance.getResult();
        TestUtil.displayWhen("test030AttemptToActivateCorrectRoleC34");
        TestUtil.displayThen("test030AttemptToActivateCorrectRoleC34");
        Holder<LensContext<?>> holder = new Holder<>();
        activateRoleAssertFailure(roleCorrectOid, holder, result, createTaskInstance);
        PrismObject role = getRole(roleCorrectOid);
        display("role after", role);
        dumpRules(holder);
        AssertJUnit.assertEquals("Wrong policy situation", Collections.singletonList(SITUATION_INCOMPLETE_ROLE), role.asObjectable().getPolicySituation());
    }

    private void dumpRules(Holder<LensContext<?>> holder) {
        System.out.println(((LensContext) holder.getValue()).dumpFocusPolicyRules(0, true));
    }

    @Test
    public void test040AssignOwnerAndApproverToCorrectRole() throws Exception {
        TestUtil.displayTestTitle(this, "test040AssignOwnerAndApproverToCorrectRole");
        Task createTaskInstance = this.taskManager.createTaskInstance(TestPolicyDrivenRoleLifecycle.class.getName() + ".test040AssignOwnerAndApproverToCorrectRole");
        createTaskInstance.setOwner(this.userAdministrator.asPrismObject());
        OperationResult result = createTaskInstance.getResult();
        TestUtil.displayWhen("test040AssignOwnerAndApproverToCorrectRole");
        TestUtil.displayThen("test040AssignOwnerAndApproverToCorrectRole");
        ModelExecuteOptions createPartialProcessing = ModelExecuteOptions.createPartialProcessing(new PartialProcessingOptionsType().approvals(PartialProcessingTypeType.SKIP));
        assignRole("00000000-0000-0000-0000-000000000002", roleCorrectOid, SchemaConstants.ORG_APPROVER, createPartialProcessing, createTaskInstance, result);
        assignRole("00000000-0000-0000-0000-000000000002", roleCorrectOid, SchemaConstants.ORG_OWNER, createPartialProcessing, createTaskInstance, result);
        recomputeFocus(RoleType.class, roleCorrectOid, createTaskInstance, result);
    }

    @Test
    public void test050ActivateCorrectRole() throws Exception {
        TestUtil.displayTestTitle(this, "test050ActivateCorrectRole");
        Task createTaskInstance = this.taskManager.createTaskInstance(TestPolicyDrivenRoleLifecycle.class.getName() + ".test050ActivateCorrectRole");
        createTaskInstance.setOwner(this.userAdministrator.asPrismObject());
        OperationResult result = createTaskInstance.getResult();
        TestUtil.displayWhen("test050ActivateCorrectRole");
        Holder<LensContext<?>> holder = new Holder<>();
        activateRole(roleCorrectOid, holder, createTaskInstance, result);
        TestUtil.displayThen("test050ActivateCorrectRole");
        PrismObject role = getRole(roleCorrectOid);
        display("role after", role);
        AssertJUnit.assertEquals("Wrong (changed) lifecycle state", "draft", role.asObjectable().getLifecycleState());
        dumpRules(holder);
        AssertJUnit.assertEquals("Wrong policy situation", Collections.emptyList(), role.asObjectable().getPolicySituation());
        AssertJUnit.assertEquals("Wrong triggered policy rules", Collections.emptyList(), role.asObjectable().getTriggeredPolicyRule());
        List tasksForObject = getTasksForObject(roleCorrectOid, RoleType.COMPLEX_TYPE, GetOperationOptions.retrieveItemsNamed(new Object[]{TaskType.F_WORKFLOW_CONTEXT, WfContextType.F_WORK_ITEM}), createTaskInstance, result);
        display("tasks for role", tasksForObject);
        AssertJUnit.assertEquals("Wrong # of approval tasks for role", 2, tasksForObject.size());
        TaskType approvalTask = getApprovalTask(tasksForObject);
        TaskType rootTask = getRootTask(tasksForObject);
        WfContextType workflowContext = approvalTask.getWorkflowContext();
        AssertJUnit.assertEquals("wrong # of work items", 1, workflowContext.getWorkItem().size());
        WorkItemType workItemType = (WorkItemType) workflowContext.getWorkItem().get(0);
        ItemApprovalProcessStateType itemApprovalProcessInfo = WfContextUtil.getItemApprovalProcessInfo(workflowContext);
        AssertJUnit.assertEquals("wrong # of approval stages", 1, itemApprovalProcessInfo.getApprovalSchema().getStage().size());
        AssertJUnit.assertEquals("wrong # of attached policy rules", 1, itemApprovalProcessInfo.getPolicyRules().getEntry().size());
        ((SchemaAttachedPolicyRuleType) itemApprovalProcessInfo.getPolicyRules().getEntry().get(0)).getRule().getTrigger();
        this.workflowService.completeWorkItem(workItemType.getExternalId(), true, (String) null, (ObjectDelta) null, result);
        waitForTaskFinish(rootTask.getOid(), false);
        PrismObject role2 = getRole(roleCorrectOid);
        display("role after approval", role2);
        AssertJUnit.assertEquals("Wrong (unchanged) lifecycle state", "active", role2.asObjectable().getLifecycleState());
        AssertJUnit.assertEquals("Wrong policy situation", Collections.emptyList(), role.asObjectable().getPolicySituation());
        AssertJUnit.assertEquals("Wrong triggered policy rules", Collections.emptyList(), role.asObjectable().getTriggeredPolicyRule());
    }

    @Test
    public void test060AssignOwnerAndApproverToCorrectHighRiskRole() throws Exception {
        TestUtil.displayTestTitle(this, "test060AssignOwnerAndApproverToCorrectHighRiskRole");
        Task createTaskInstance = this.taskManager.createTaskInstance(TestPolicyDrivenRoleLifecycle.class.getName() + ".test060AssignOwnerAndApproverToCorrectHighRiskRole");
        createTaskInstance.setOwner(this.userAdministrator.asPrismObject());
        OperationResult result = createTaskInstance.getResult();
        TestUtil.displayWhen("test060AssignOwnerAndApproverToCorrectHighRiskRole");
        TestUtil.displayThen("test060AssignOwnerAndApproverToCorrectHighRiskRole");
        ModelExecuteOptions createPartialProcessing = ModelExecuteOptions.createPartialProcessing(new PartialProcessingOptionsType().approvals(PartialProcessingTypeType.SKIP));
        assignRole("00000000-0000-0000-0000-000000000002", roleCorrectHighRiskOid, SchemaConstants.ORG_APPROVER, createPartialProcessing, createTaskInstance, result);
        assignRole(userJackOid, roleCorrectHighRiskOid, SchemaConstants.ORG_APPROVER, createPartialProcessing, createTaskInstance, result);
        assignRole("00000000-0000-0000-0000-000000000002", roleCorrectHighRiskOid, SchemaConstants.ORG_OWNER, createPartialProcessing, createTaskInstance, result);
        recomputeFocus(RoleType.class, roleCorrectHighRiskOid, createTaskInstance, result);
    }

    @Test
    public void test070ActivateCorrectHighRiskRole() throws Exception {
        TestUtil.displayTestTitle(this, "test070ActivateCorrectHighRiskRole");
        Task createTaskInstance = this.taskManager.createTaskInstance(TestPolicyDrivenRoleLifecycle.class.getName() + ".test070ActivateCorrectHighRiskRole");
        createTaskInstance.setOwner(this.userAdministrator.asPrismObject());
        OperationResult result = createTaskInstance.getResult();
        TestUtil.displayWhen("test070ActivateCorrectHighRiskRole");
        Holder<LensContext<?>> holder = new Holder<>();
        activateRole(roleCorrectHighRiskOid, holder, createTaskInstance, result);
        TestUtil.displayThen("test070ActivateCorrectHighRiskRole");
        PrismObject role = getRole(roleCorrectHighRiskOid);
        display("role after", role);
        AssertJUnit.assertEquals("Wrong (changed) lifecycle state", "draft", role.asObjectable().getLifecycleState());
        dumpRules(holder);
        AssertJUnit.assertEquals("Wrong policy situation", Collections.emptyList(), role.asObjectable().getPolicySituation());
        AssertJUnit.assertEquals("Wrong triggered policy rules", Collections.emptyList(), role.asObjectable().getTriggeredPolicyRule());
        Collection retrieveItemsNamed = GetOperationOptions.retrieveItemsNamed(new Object[]{TaskType.F_WORKFLOW_CONTEXT, WfContextType.F_WORK_ITEM});
        List tasksForObject = getTasksForObject(roleCorrectHighRiskOid, RoleType.COMPLEX_TYPE, retrieveItemsNamed, createTaskInstance, result);
        display("tasks for role", tasksForObject);
        AssertJUnit.assertEquals("Wrong # of approval tasks for role", 2, tasksForObject.size());
        TaskType approvalTask = getApprovalTask(tasksForObject);
        WfContextType workflowContext = approvalTask.getWorkflowContext();
        AssertJUnit.assertEquals("wrong # of work items", 1, workflowContext.getWorkItem().size());
        WorkItemType workItemType = (WorkItemType) workflowContext.getWorkItem().get(0);
        ItemApprovalProcessStateType itemApprovalProcessInfo = WfContextUtil.getItemApprovalProcessInfo(workflowContext);
        AssertJUnit.assertEquals("wrong # of approval stages", 2, itemApprovalProcessInfo.getApprovalSchema().getStage().size());
        AssertJUnit.assertEquals("wrong # of attached policy rules", 2, itemApprovalProcessInfo.getPolicyRules().getEntry().size());
        this.workflowService.completeWorkItem(workItemType.getExternalId(), true, (String) null, (ObjectDelta) null, result);
        WfContextType workflowContext2 = this.modelService.getObject(TaskType.class, approvalTask.getOid(), retrieveItemsNamed, createTaskInstance, result).asObjectable().getWorkflowContext();
        AssertJUnit.assertEquals("wrong # of work items", 1, workflowContext2.getWorkItem().size());
        this.workflowService.completeWorkItem(((WorkItemType) workflowContext2.getWorkItem().get(0)).getExternalId(), true, (String) null, (ObjectDelta) null, result);
        waitForTaskFinish(getRootTask(tasksForObject).getOid(), false);
        PrismObject role2 = getRole(roleCorrectHighRiskOid);
        display("role after approval", role2);
        AssertJUnit.assertEquals("Wrong (unchanged) lifecycle state", "active", role2.asObjectable().getLifecycleState());
        AssertJUnit.assertEquals("Wrong policy situation", Collections.singletonList(SITUATION_ACTIVE_ROLE_WITH_NO_IDENTIFIER), role2.asObjectable().getPolicySituation());
        AssertJUnit.assertEquals("Wrong triggered policy rules", Collections.emptyList(), role2.asObjectable().getTriggeredPolicyRule());
    }

    private void activateRole(String str, Holder<LensContext<?>> holder, Task task, OperationResult operationResult) throws SchemaException, CommunicationException, ObjectAlreadyExistsException, ExpressionEvaluationException, PolicyViolationException, SecurityViolationException, ConfigurationException, ObjectNotFoundException {
        ObjectDelta asObjectDeltaCast = DeltaBuilder.deltaFor(RoleType.class, this.prismContext).item(new QName[]{RoleType.F_LIFECYCLE_STATE}).replace(new Object[]{"active"}).asObjectDeltaCast(str);
        RecordingProgressListener recordingProgressListener = new RecordingProgressListener();
        try {
            this.modelService.executeChanges(Collections.singleton(asObjectDeltaCast), (ModelExecuteOptions) null, task, Collections.singleton(recordingProgressListener), operationResult);
            if (holder != null) {
                holder.setValue(recordingProgressListener.getModelContext());
            }
        } catch (Throwable th) {
            if (holder != null) {
                holder.setValue(recordingProgressListener.getModelContext());
            }
            throw th;
        }
    }
}
