package com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators;

import com.evolveum.midpoint.common.LocalizationService;
import com.evolveum.midpoint.model.api.context.AssignmentPath;
import com.evolveum.midpoint.model.api.context.EvaluatedExclusionTrigger;
import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule;
import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRuleTrigger;
import com.evolveum.midpoint.model.impl.lens.AssignmentPathImpl;
import com.evolveum.midpoint.model.impl.lens.EvaluatedAssignmentImpl;
import com.evolveum.midpoint.model.impl.lens.EvaluatedAssignmentTargetImpl;
import com.evolveum.midpoint.model.impl.lens.LensContext;
import com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext;
import com.evolveum.midpoint.model.impl.lens.projector.policy.PolicyRuleEvaluationContext;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.marshaller.QueryConvertor;
import com.evolveum.midpoint.prism.match.MatchingRuleRegistry;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.schema.RelationRegistry;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.util.LocalizableMessage;
import com.evolveum.midpoint.util.LocalizableMessageBuilder;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ExclusionPolicyConstraintType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OrderConstraintsType;
import com.evolveum.prism.xml.ns._public.query_3.SearchFilterType;
import com.evolveum.prism.xml.ns._public.types_3.EvaluationTimeType;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import javax.xml.bind.JAXBElement;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/ExclusionConstraintEvaluator.class */
public class ExclusionConstraintEvaluator implements PolicyConstraintEvaluator<ExclusionPolicyConstraintType> {
    private static final String CONSTRAINT_KEY = "exclusion";

    @Autowired
    private ConstraintEvaluatorHelper evaluatorHelper;

    @Autowired
    private PrismContext prismContext;

    @Autowired
    private MatchingRuleRegistry matchingRuleRegistry;

    @Autowired
    private RelationRegistry relationRegistry;

    @Autowired
    private LocalizationService localizationService;

    @Override // com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators.PolicyConstraintEvaluator
    public <F extends FocusType> EvaluatedPolicyRuleTrigger evaluate(JAXBElement<ExclusionPolicyConstraintType> jAXBElement, PolicyRuleEvaluationContext<F> policyRuleEvaluationContext, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        if (!(policyRuleEvaluationContext instanceof AssignmentPolicyRuleEvaluationContext)) {
            return null;
        }
        AssignmentPolicyRuleEvaluationContext<F> assignmentPolicyRuleEvaluationContext = (AssignmentPolicyRuleEvaluationContext) policyRuleEvaluationContext;
        if (!assignmentPolicyRuleEvaluationContext.inPlus && !assignmentPolicyRuleEvaluationContext.inZero) {
            return null;
        }
        List<OrderConstraintsType> defaultIfEmpty = defaultIfEmpty(((ExclusionPolicyConstraintType) jAXBElement.getValue()).getOrderConstraint());
        List<OrderConstraintsType> defaultIfEmpty2 = defaultIfEmpty(((ExclusionPolicyConstraintType) jAXBElement.getValue()).getTargetOrderConstraint());
        if (assignmentPolicyRuleEvaluationContext.policyRule.isGlobal()) {
            if (!pathMatches(assignmentPolicyRuleEvaluationContext.policyRule.getAssignmentPath(), defaultIfEmpty)) {
                System.out.println("[global] Source assignment path does not match: " + assignmentPolicyRuleEvaluationContext.policyRule.getAssignmentPath());
                return null;
            }
        } else if (!assignmentPolicyRuleEvaluationContext.policyRule.getAssignmentPath().getSegments().stream().anyMatch(assignmentPathSegment -> {
            return assignmentPathSegment.matches(defaultIfEmpty);
        })) {
            return null;
        }
        List<EvaluatedAssignmentTargetImpl> nonNegativeTargets = assignmentPolicyRuleEvaluationContext.evaluatedAssignment.getNonNegativeTargets();
        for (EvaluatedAssignmentImpl<F> evaluatedAssignmentImpl : assignmentPolicyRuleEvaluationContext.evaluatedAssignmentTriple.getNonNegativeValues()) {
            if (!evaluatedAssignmentImpl.equals(assignmentPolicyRuleEvaluationContext.evaluatedAssignment)) {
                for (EvaluatedAssignmentTargetImpl evaluatedAssignmentTargetImpl : evaluatedAssignmentImpl.getNonNegativeTargets()) {
                    if (pathMatches(evaluatedAssignmentTargetImpl.m66getAssignmentPath(), defaultIfEmpty2) && oidMatches(((ExclusionPolicyConstraintType) jAXBElement.getValue()).getTargetRef(), evaluatedAssignmentTargetImpl, this.prismContext, this.matchingRuleRegistry, "exclusion constraint")) {
                        for (EvaluatedAssignmentTargetImpl evaluatedAssignmentTargetImpl2 : nonNegativeTargets) {
                            if (!evaluatedAssignmentTargetImpl2.appliesToFocusWithAnyRelation(this.relationRegistry) || evaluatedAssignmentTargetImpl2.getOid() == null || !evaluatedAssignmentTargetImpl2.getOid().equals(evaluatedAssignmentTargetImpl.getOid()) || !evaluatedAssignmentTargetImpl2.m66getAssignmentPath().equivalent(evaluatedAssignmentTargetImpl.m66getAssignmentPath())) {
                            }
                        }
                        return createTrigger(assignmentPolicyRuleEvaluationContext.evaluatedAssignment, evaluatedAssignmentImpl, evaluatedAssignmentTargetImpl, jAXBElement, assignmentPolicyRuleEvaluationContext.policyRule, assignmentPolicyRuleEvaluationContext, operationResult);
                    }
                }
            }
        }
        return null;
    }

    private boolean pathMatches(AssignmentPath assignmentPath, List<OrderConstraintsType> list) {
        if (assignmentPath == null) {
            throw new IllegalStateException("Check this. Assignment path is null.");
        }
        if (assignmentPath.isEmpty()) {
            throw new IllegalStateException("Check this. Assignment path is empty.");
        }
        return assignmentPath.matches(list);
    }

    @NotNull
    private List<OrderConstraintsType> defaultIfEmpty(List<OrderConstraintsType> list) {
        return !list.isEmpty() ? list : defaultOrderConstraints();
    }

    private List<OrderConstraintsType> defaultOrderConstraints() {
        return Collections.singletonList(new OrderConstraintsType(this.prismContext).order(1));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean oidMatches(ObjectReferenceType objectReferenceType, EvaluatedAssignmentTargetImpl evaluatedAssignmentTargetImpl, PrismContext prismContext, MatchingRuleRegistry matchingRuleRegistry, String str) throws SchemaException {
        if (objectReferenceType == null) {
            return true;
        }
        if (evaluatedAssignmentTargetImpl.getOid() == null) {
            return false;
        }
        if (objectReferenceType.getOid() != null) {
            return evaluatedAssignmentTargetImpl.getOid().equals(objectReferenceType.getOid());
        }
        if (objectReferenceType.getResolutionTime() != EvaluationTimeType.RUN) {
            throw new SchemaException("No OID in " + str);
        }
        SearchFilterType filter = objectReferenceType.getFilter();
        if (filter == null) {
            throw new SchemaException("No filter in " + str);
        }
        return QueryConvertor.parseFilter(filter, prismContext.getSchemaRegistry().findObjectDefinitionByType(objectReferenceType.getType())).match(evaluatedAssignmentTargetImpl.getTarget().getValue(), matchingRuleRegistry);
    }

    private <F extends FocusType> EvaluatedExclusionTrigger createTrigger(EvaluatedAssignmentImpl<F> evaluatedAssignmentImpl, @NotNull EvaluatedAssignmentImpl<F> evaluatedAssignmentImpl2, EvaluatedAssignmentTargetImpl evaluatedAssignmentTargetImpl, JAXBElement<ExclusionPolicyConstraintType> jAXBElement, EvaluatedPolicyRule evaluatedPolicyRule, AssignmentPolicyRuleEvaluationContext<F> assignmentPolicyRuleEvaluationContext, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
        AssignmentPath assignmentPath = evaluatedPolicyRule.getAssignmentPath();
        AssignmentPathImpl m66getAssignmentPath = evaluatedAssignmentTargetImpl.m66getAssignmentPath();
        LocalizableMessage createObjectInfo = createObjectInfo(assignmentPath, evaluatedAssignmentImpl.getTarget(), true);
        LocalizableMessage createObjectInfo2 = createObjectInfo(m66getAssignmentPath, evaluatedAssignmentTargetImpl.getTarget(), false);
        ObjectType conflictingObject = getConflictingObject(assignmentPath, evaluatedAssignmentImpl.getTarget());
        ObjectType conflictingObject2 = getConflictingObject(m66getAssignmentPath, evaluatedAssignmentTargetImpl.getTarget());
        return new EvaluatedExclusionTrigger((ExclusionPolicyConstraintType) jAXBElement.getValue(), createMessage(createObjectInfo, createObjectInfo2, jAXBElement, assignmentPolicyRuleEvaluationContext, operationResult), createShortMessage(createObjectInfo, createObjectInfo2, jAXBElement, assignmentPolicyRuleEvaluationContext, operationResult), evaluatedAssignmentImpl2, conflictingObject, conflictingObject2, assignmentPath, m66getAssignmentPath);
    }

    @NotNull
    private <F extends FocusType> LocalizableMessage createMessage(LocalizableMessage localizableMessage, LocalizableMessage localizableMessage2, JAXBElement<ExclusionPolicyConstraintType> jAXBElement, PolicyRuleEvaluationContext<F> policyRuleEvaluationContext, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
        return this.evaluatorHelper.createLocalizableMessage(jAXBElement, policyRuleEvaluationContext, new LocalizableMessageBuilder().key("DefaultPolicyConstraint.exclusion").args(new Object[]{localizableMessage, localizableMessage2}).build(), operationResult);
    }

    @NotNull
    private <F extends FocusType> LocalizableMessage createShortMessage(LocalizableMessage localizableMessage, LocalizableMessage localizableMessage2, JAXBElement<ExclusionPolicyConstraintType> jAXBElement, PolicyRuleEvaluationContext<F> policyRuleEvaluationContext, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
        return this.evaluatorHelper.createLocalizableShortMessage(jAXBElement, policyRuleEvaluationContext, new LocalizableMessageBuilder().key("DefaultPolicyConstraint.Short.exclusion").args(new Object[]{localizableMessage, localizableMessage2}).build(), operationResult);
    }

    private ObjectType getConflictingObject(AssignmentPath assignmentPath, PrismObject<?> prismObject) {
        if (assignmentPath == null) {
            return ObjectTypeUtil.toObjectable(prismObject);
        }
        List firstOrderChain = assignmentPath.getFirstOrderChain();
        return firstOrderChain.isEmpty() ? ObjectTypeUtil.toObjectable(prismObject) : (ObjectType) firstOrderChain.get(firstOrderChain.size() - 1);
    }

    private LocalizableMessage createObjectInfo(AssignmentPath assignmentPath, PrismObject<?> prismObject, boolean z) {
        if (assignmentPath == null) {
            return ObjectTypeUtil.createDisplayInformation(prismObject, z);
        }
        List firstOrderChain = assignmentPath.getFirstOrderChain();
        if (firstOrderChain.isEmpty()) {
            return ObjectTypeUtil.createDisplayInformation(prismObject, z);
        }
        PrismObject asPrismObject = ((ObjectType) firstOrderChain.get(firstOrderChain.size() - 1)).asPrismObject();
        return firstOrderChain.size() == 1 ? ObjectTypeUtil.createDisplayInformation(asPrismObject, z) : ObjectTypeUtil.createDisplayInformationWithPath(asPrismObject, z, (String) firstOrderChain.stream().map(objectType -> {
            return PolyString.getOrig(objectType.getName());
        }).collect(Collectors.joining(" -> ")));
    }

    public <F extends FocusType> void checkExclusionsLegacy(LensContext<F> lensContext, Collection<EvaluatedAssignmentImpl<F>> collection, Collection<EvaluatedAssignmentImpl<F>> collection2) throws PolicyViolationException {
        for (EvaluatedAssignmentImpl<F> evaluatedAssignmentImpl : collection) {
            for (EvaluatedAssignmentImpl<F> evaluatedAssignmentImpl2 : collection2) {
                if (evaluatedAssignmentImpl != evaluatedAssignmentImpl2) {
                    for (EvaluatedAssignmentTargetImpl evaluatedAssignmentTargetImpl : evaluatedAssignmentImpl.getRoles().getAllValues()) {
                        if (evaluatedAssignmentTargetImpl.appliesToFocus()) {
                            for (EvaluatedAssignmentTargetImpl evaluatedAssignmentTargetImpl2 : evaluatedAssignmentImpl2.getRoles().getAllValues()) {
                                if (evaluatedAssignmentTargetImpl2.appliesToFocus()) {
                                    checkExclusionLegacy(evaluatedAssignmentImpl, evaluatedAssignmentImpl2, evaluatedAssignmentTargetImpl, evaluatedAssignmentTargetImpl2);
                                }
                            }
                        }
                    }
                }
            }
        }
    }

    private <F extends FocusType> void checkExclusionLegacy(EvaluatedAssignmentImpl<F> evaluatedAssignmentImpl, EvaluatedAssignmentImpl<F> evaluatedAssignmentImpl2, EvaluatedAssignmentTargetImpl evaluatedAssignmentTargetImpl, EvaluatedAssignmentTargetImpl evaluatedAssignmentTargetImpl2) throws PolicyViolationException {
        checkExclusionOneWayLegacy(evaluatedAssignmentImpl, evaluatedAssignmentImpl2, evaluatedAssignmentTargetImpl, evaluatedAssignmentTargetImpl2);
        checkExclusionOneWayLegacy(evaluatedAssignmentImpl2, evaluatedAssignmentImpl, evaluatedAssignmentTargetImpl2, evaluatedAssignmentTargetImpl);
    }

    private <F extends FocusType> void checkExclusionOneWayLegacy(EvaluatedAssignmentImpl<F> evaluatedAssignmentImpl, EvaluatedAssignmentImpl<F> evaluatedAssignmentImpl2, EvaluatedAssignmentTargetImpl evaluatedAssignmentTargetImpl, EvaluatedAssignmentTargetImpl evaluatedAssignmentTargetImpl2) throws PolicyViolationException {
        Iterator<ExclusionPolicyConstraintType> it = evaluatedAssignmentTargetImpl.getExclusions().iterator();
        while (it.hasNext()) {
            checkAndTriggerExclusionConstraintViolationLegacy(evaluatedAssignmentImpl, evaluatedAssignmentImpl2, evaluatedAssignmentTargetImpl, evaluatedAssignmentTargetImpl2, it.next());
        }
    }

    private <F extends FocusType> void checkAndTriggerExclusionConstraintViolationLegacy(EvaluatedAssignmentImpl<F> evaluatedAssignmentImpl, @NotNull EvaluatedAssignmentImpl<F> evaluatedAssignmentImpl2, EvaluatedAssignmentTargetImpl evaluatedAssignmentTargetImpl, EvaluatedAssignmentTargetImpl evaluatedAssignmentTargetImpl2, ExclusionPolicyConstraintType exclusionPolicyConstraintType) throws PolicyViolationException {
        if (evaluatedAssignmentTargetImpl2.getOid().equals(exclusionPolicyConstraintType.getTargetRef().getOid())) {
            evaluatedAssignmentImpl.triggerConstraintLegacy(new EvaluatedExclusionTrigger(exclusionPolicyConstraintType, LocalizableMessageBuilder.buildFallbackMessage("Violation of SoD policy: " + evaluatedAssignmentTargetImpl.getTarget() + " excludes " + evaluatedAssignmentTargetImpl2.getTarget() + ", they cannot be assigned at the same time"), LocalizableMessageBuilder.buildFallbackMessage(evaluatedAssignmentTargetImpl.getTarget().getName() + " excludes " + evaluatedAssignmentTargetImpl2.getTarget().getName()), evaluatedAssignmentImpl2, evaluatedAssignmentTargetImpl.getTarget() != null ? (ObjectType) evaluatedAssignmentTargetImpl.getTarget().asObjectable() : null, evaluatedAssignmentTargetImpl2.getTarget() != null ? (ObjectType) evaluatedAssignmentTargetImpl2.getTarget().asObjectable() : null, evaluatedAssignmentTargetImpl.m66getAssignmentPath(), evaluatedAssignmentTargetImpl2.m66getAssignmentPath()), this.localizationService);
        }
    }
}
