package com.evolveum.midpoint.model.impl.scripting.actions;

import com.evolveum.midpoint.model.api.ModelExecuteOptions;
import com.evolveum.midpoint.model.api.ModelService;
import com.evolveum.midpoint.model.api.ScriptExecutionException;
import com.evolveum.midpoint.model.api.TaskService;
import com.evolveum.midpoint.model.impl.scripting.ActionExecutor;
import com.evolveum.midpoint.model.impl.scripting.ExecutionContext;
import com.evolveum.midpoint.model.impl.scripting.PipelineData;
import com.evolveum.midpoint.model.impl.scripting.ScriptingExpressionEvaluator;
import com.evolveum.midpoint.model.impl.scripting.helpers.ExpressionHelper;
import com.evolveum.midpoint.model.impl.scripting.helpers.OperationsHelper;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismValue;
import com.evolveum.midpoint.provisioning.api.ProvisioningService;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.security.api.AuthorizationConstants;
import com.evolveum.midpoint.security.api.OwnerResolver;
import com.evolveum.midpoint.security.api.SecurityContextManager;
import com.evolveum.midpoint.security.enforcer.api.AuthorizationParameters;
import com.evolveum.midpoint.security.enforcer.api.SecurityEnforcer;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ModelExecuteOptionsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PartialProcessingOptionsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PartialProcessingTypeType;
import com.evolveum.midpoint.xml.ns._public.model.scripting_3.ActionExpressionType;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/evolveum/midpoint/model/impl/scripting/actions/BaseActionExecutor.class */
public abstract class BaseActionExecutor implements ActionExecutor {
    private static final Trace LOGGER = TraceManager.getTrace(BaseActionExecutor.class);
    private static final String PARAM_RAW = "raw";
    private static final String PARAM_DRY_RUN = "dryRun";
    private static final String PARAM_SKIP_APPROVALS = "skipApprovals";
    private static final String PARAM_OPTIONS = "options";

    @Autowired
    protected ScriptingExpressionEvaluator scriptingExpressionEvaluator;

    @Autowired
    protected PrismContext prismContext;

    @Autowired
    protected OperationsHelper operationsHelper;

    @Autowired
    protected ExpressionHelper expressionHelper;

    @Autowired
    protected ProvisioningService provisioningService;

    @Autowired
    protected ModelService modelService;

    @Autowired
    protected SecurityEnforcer securityEnforcer;

    @Autowired
    protected SecurityContextManager securityContextManager;

    @Autowired
    protected TaskService taskService;

    /* JADX INFO: Access modifiers changed from: protected */
    public ModelExecuteOptions getOptions(ActionExpressionType actionExpressionType, PipelineData pipelineData, ExecutionContext executionContext, OperationResult operationResult) throws ScriptExecutionException {
        boolean booleanValue = this.expressionHelper.getArgumentAsBoolean(actionExpressionType.getParameter(), PARAM_RAW, pipelineData, executionContext, false, PARAM_RAW, operationResult).booleanValue();
        boolean booleanValue2 = this.expressionHelper.getArgumentAsBoolean(actionExpressionType.getParameter(), PARAM_SKIP_APPROVALS, pipelineData, executionContext, false, PARAM_RAW, operationResult).booleanValue();
        ModelExecuteOptionsType modelExecuteOptionsType = (ModelExecuteOptionsType) this.expressionHelper.getSingleArgumentValue(actionExpressionType.getParameter(), PARAM_OPTIONS, false, false, PARAM_OPTIONS, pipelineData, executionContext, ModelExecuteOptionsType.class, operationResult);
        ModelExecuteOptions fromModelExecutionOptionsType = modelExecuteOptionsType != null ? ModelExecuteOptions.fromModelExecutionOptionsType(modelExecuteOptionsType) : new ModelExecuteOptions();
        if (booleanValue) {
            fromModelExecutionOptionsType.setRaw(true);
        }
        if (booleanValue2) {
            if (fromModelExecutionOptionsType.getPartialProcessing() != null) {
                fromModelExecutionOptionsType.getPartialProcessing().setApprovals(PartialProcessingTypeType.SKIP);
            } else {
                fromModelExecutionOptionsType.setPartialProcessing(new PartialProcessingOptionsType().approvals(PartialProcessingTypeType.SKIP));
            }
        }
        return fromModelExecutionOptionsType;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getParamDryRun(ActionExpressionType actionExpressionType, PipelineData pipelineData, ExecutionContext executionContext, OperationResult operationResult) throws ScriptExecutionException {
        return this.expressionHelper.getArgumentAsBoolean(actionExpressionType.getParameter(), PARAM_DRY_RUN, pipelineData, executionContext, false, PARAM_DRY_RUN, operationResult).booleanValue();
    }

    private String optionsSuffix(ModelExecuteOptions modelExecuteOptions) {
        return modelExecuteOptions.notEmpty() ? " " + modelExecuteOptions : "";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String drySuffix(boolean z) {
        return z ? " (dry run)" : "";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String optionsSuffix(ModelExecuteOptions modelExecuteOptions, boolean z) {
        return optionsSuffix(modelExecuteOptions) + drySuffix(z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String exceptionSuffix(Throwable th) {
        return th != null ? " (error: " + th.getClass().getSimpleName() + ": " + th.getMessage() + ")" : "";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Throwable processActionException(Throwable th, String str, PrismValue prismValue, ExecutionContext executionContext) throws ScriptExecutionException {
        if (!executionContext.isContinueOnAnyError()) {
            throw new ScriptExecutionException("Couldn't execute action '" + str + "' on " + prismValue + ": " + th.getMessage(), th);
        }
        LoggingUtils.logUnexpectedException(LOGGER, "Couldn't execute action '{}' on {}: {}", th, new Object[]{str, prismValue, th.getMessage()});
        return th;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkRootAuthorization(ExecutionContext executionContext, OperationResult operationResult, String str) throws ScriptExecutionException {
        if (executionContext.isPrivileged()) {
            return;
        }
        try {
            this.securityEnforcer.authorize(AuthorizationConstants.AUTZ_ALL_URL, (AuthorizationPhaseType) null, AuthorizationParameters.EMPTY, (OwnerResolver) null, executionContext.getTask(), operationResult);
        } catch (SecurityViolationException | SchemaException | ExpressionEvaluationException | ObjectNotFoundException | CommunicationException | ConfigurationException e) {
            throw new ScriptExecutionException("You are not authorized to execute '" + str + "' action.");
        }
    }
}
