package com.evolveum.midpoint.model.impl.integrity;

import com.evolveum.midpoint.common.refinery.LayerRefinedResourceSchema;
import com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition;
import com.evolveum.midpoint.common.refinery.RefinedResourceSchemaImpl;
import com.evolveum.midpoint.model.common.SystemObjectCache;
import com.evolveum.midpoint.model.impl.sync.SynchronizationContext;
import com.evolveum.midpoint.model.impl.sync.SynchronizationService;
import com.evolveum.midpoint.prism.Item;
import com.evolveum.midpoint.prism.PrismContainer;
import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.delta.ChangeType;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.equivalence.EquivalenceStrategy;
import com.evolveum.midpoint.prism.match.MatchingRuleRegistry;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.provisioning.api.ProvisioningService;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.repo.common.task.AbstractSearchIterativeResultHandler;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.SearchResultList;
import com.evolveum.midpoint.schema.SelectorOptions;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.task.api.RunningTask;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.task.api.TaskUtil;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.LayerType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SynchronizationSituationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;

/* loaded from: input_file:com/evolveum/midpoint/model/impl/integrity/ShadowIntegrityCheckResultHandler.class */
public class ShadowIntegrityCheckResultHandler extends AbstractSearchIterativeResultHandler<ShadowType> {
    private PrismContext prismContext;
    private ProvisioningService provisioningService;
    private MatchingRuleRegistry matchingRuleRegistry;
    private RepositoryService repositoryService;
    private SynchronizationService synchronizationService;
    private SystemObjectCache systemObjectCache;
    private boolean checkIntents;
    private boolean checkUniqueness;
    private boolean checkNormalization;
    private boolean checkFetch;
    private boolean checkOwners;
    private boolean checkExtraData;
    private boolean fixIntents;
    private boolean fixUniqueness;
    private boolean fixNormalization;
    private boolean fixExtraData;
    private boolean fixResourceRef;
    private boolean checkDuplicatesOnPrimaryIdentifiersOnly;
    private boolean dryRun;
    private Map<ContextMapKey, ObjectTypeContext> contextMap;
    private Map<String, PrismObject<ResourceType>> resources;
    private PrismObject<SystemConfigurationType> configuration;
    private ShadowStatistics statistics;
    private DuplicateShadowsResolver duplicateShadowsResolver;
    private Set<String> duplicateShadowsDetected;
    private Set<String> duplicateShadowsDeleted;
    private static final Trace LOGGER = TraceManager.getTrace(ShadowIntegrityCheckResultHandler.class);
    private static final String CLASS_DOT = ShadowIntegrityCheckResultHandler.class.getName() + ".";
    private static final String DEFAULT_DUPLICATE_SHADOWS_RESOLVER_CLASS_NAME = DefaultDuplicateShadowsResolver.class.getName();
    public static final String KEY_EXISTS_ON_RESOURCE = CLASS_DOT + "existsOnResource";
    public static final String OWNERS = "owners";
    public static final String KEY_OWNERS = CLASS_DOT + OWNERS;
    public static final String INTENTS = "intents";
    public static final String UNIQUENESS = "uniqueness";
    public static final String NORMALIZATION = "normalization";
    public static final String FETCH = "fetch";
    public static final String EXTRA_DATA = "extraData";
    public static final String RESOURCE_REF = "resourceRef";
    public static final List<String> KNOWN_KEYS = Arrays.asList(INTENTS, UNIQUENESS, NORMALIZATION, OWNERS, FETCH, EXTRA_DATA, RESOURCE_REF);

    public ShadowIntegrityCheckResultHandler(RunningTask runningTask, String str, String str2, String str3, TaskManager taskManager, PrismContext prismContext, ProvisioningService provisioningService, MatchingRuleRegistry matchingRuleRegistry, RepositoryService repositoryService, SynchronizationService synchronizationService, SystemObjectCache systemObjectCache, OperationResult operationResult) {
        super(runningTask, str, str2, str3, taskManager);
        this.checkDuplicatesOnPrimaryIdentifiersOnly = false;
        this.contextMap = new HashMap();
        this.resources = new HashMap();
        this.statistics = new ShadowStatistics();
        this.duplicateShadowsDetected = new HashSet();
        this.duplicateShadowsDeleted = new HashSet();
        this.prismContext = prismContext;
        this.provisioningService = provisioningService;
        this.matchingRuleRegistry = matchingRuleRegistry;
        this.repositoryService = repositoryService;
        this.synchronizationService = synchronizationService;
        this.systemObjectCache = systemObjectCache;
        setStopOnError(false);
        setLogErrors(false);
        Integer workerThreadsCount = getWorkerThreadsCount(runningTask);
        if (workerThreadsCount != null && workerThreadsCount.intValue() != 0) {
            throw new UnsupportedOperationException("Unsupported number of worker threads: " + workerThreadsCount + ". This task cannot be run with worker threads. Please remove workerThreads extension property or set its value to 0.");
        }
        PrismProperty<String> extensionPropertyOrClone = runningTask.getExtensionPropertyOrClone(SchemaConstants.MODEL_EXTENSION_DIAGNOSE);
        if (extensionPropertyOrClone == null || extensionPropertyOrClone.isEmpty()) {
            this.checkIntents = true;
            this.checkUniqueness = true;
            this.checkNormalization = true;
            this.checkOwners = true;
            this.checkFetch = false;
            this.checkExtraData = true;
        } else {
            this.checkIntents = contains(extensionPropertyOrClone, INTENTS);
            this.checkUniqueness = contains(extensionPropertyOrClone, UNIQUENESS);
            this.checkNormalization = contains(extensionPropertyOrClone, NORMALIZATION);
            this.checkOwners = contains(extensionPropertyOrClone, OWNERS);
            this.checkFetch = contains(extensionPropertyOrClone, FETCH);
            this.checkExtraData = contains(extensionPropertyOrClone, EXTRA_DATA);
            checkProperty(extensionPropertyOrClone);
        }
        PrismProperty<String> extensionPropertyOrClone2 = runningTask.getExtensionPropertyOrClone(SchemaConstants.MODEL_EXTENSION_FIX);
        if (extensionPropertyOrClone2 == null || extensionPropertyOrClone2.isEmpty()) {
            this.fixIntents = false;
            this.fixUniqueness = false;
            this.fixNormalization = false;
            this.fixExtraData = false;
            this.fixResourceRef = false;
        } else {
            this.fixIntents = contains(extensionPropertyOrClone2, INTENTS);
            this.fixUniqueness = contains(extensionPropertyOrClone2, UNIQUENESS);
            this.fixNormalization = contains(extensionPropertyOrClone2, NORMALIZATION);
            this.fixExtraData = contains(extensionPropertyOrClone2, EXTRA_DATA);
            this.fixResourceRef = contains(extensionPropertyOrClone2, RESOURCE_REF);
            checkProperty(extensionPropertyOrClone2);
        }
        if (this.fixIntents) {
            this.checkIntents = true;
        }
        if (this.fixUniqueness) {
            this.checkUniqueness = true;
        }
        if (this.fixNormalization) {
            this.checkNormalization = true;
        }
        if (this.fixExtraData) {
            this.checkExtraData = true;
        }
        if (this.fixUniqueness) {
            PrismProperty extensionPropertyOrClone3 = runningTask.getExtensionPropertyOrClone(SchemaConstants.MODEL_EXTENSION_DUPLICATE_SHADOWS_RESOLVER);
            String str4 = extensionPropertyOrClone3 != null ? (String) extensionPropertyOrClone3.getRealValue() : DEFAULT_DUPLICATE_SHADOWS_RESOLVER_CLASS_NAME;
            try {
                this.duplicateShadowsResolver = (DuplicateShadowsResolver) Class.forName(str4).newInstance();
            } catch (ClassCastException | ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                throw new SystemException("Couldn't instantiate duplicate shadows resolver " + str4);
            }
        }
        PrismProperty extensionPropertyOrClone4 = runningTask.getExtensionPropertyOrClone(SchemaConstants.MODEL_EXTENSION_CHECK_DUPLICATES_ON_PRIMARY_IDENTIFIERS_ONLY);
        if (extensionPropertyOrClone4 != null && extensionPropertyOrClone4.getRealValue() != null) {
            this.checkDuplicatesOnPrimaryIdentifiersOnly = ((Boolean) extensionPropertyOrClone4.getRealValue()).booleanValue();
        }
        try {
            this.configuration = systemObjectCache.getSystemConfiguration(operationResult);
            try {
                this.dryRun = TaskUtil.isDryRun(runningTask);
                logConfiguration("Shadow integrity check is starting with the configuration:");
            } catch (SchemaException e2) {
                throw new SystemException("Couldn't get dryRun flag from task " + runningTask);
            }
        } catch (SchemaException e3) {
            throw new SystemException("Couldn't get system configuration", e3);
        }
    }

    private void logConfiguration(String str) {
        LOGGER.info("{}\n- normalization  diagnose={},\tfix={}\n- uniqueness     diagnose={},\tfix={} (primary identifiers only = {})\n- intents        diagnose={},\tfix={}\n- extraData      diagnose={},\tfix={}\n- owners         diagnose={}\n- fetch          diagnose={}\n- resourceRef    fix={}\n\ndryRun = {}\n", new Object[]{str, Boolean.valueOf(this.checkNormalization), Boolean.valueOf(this.fixNormalization), Boolean.valueOf(this.checkUniqueness), Boolean.valueOf(this.fixUniqueness), Boolean.valueOf(this.checkDuplicatesOnPrimaryIdentifiersOnly), Boolean.valueOf(this.checkIntents), Boolean.valueOf(this.fixIntents), Boolean.valueOf(this.checkExtraData), Boolean.valueOf(this.fixExtraData), Boolean.valueOf(this.checkOwners), Boolean.valueOf(this.checkFetch), Boolean.valueOf(this.fixResourceRef), Boolean.valueOf(this.dryRun)});
    }

    private void checkProperty(PrismProperty<String> prismProperty) {
        for (PrismPropertyValue prismPropertyValue : prismProperty.getValues()) {
            if (!KNOWN_KEYS.contains(prismPropertyValue.getValue())) {
                throw new IllegalArgumentException("Unknown diagnose/fix keyword: " + ((String) prismPropertyValue.getValue()) + ". Known keys are: " + KNOWN_KEYS);
            }
        }
    }

    private boolean contains(PrismProperty<String> prismProperty, String str) {
        return prismProperty.contains(this.prismContext.itemFactory().createPropertyValue(str), EquivalenceStrategy.REAL_VALUE);
    }

    protected boolean handleObject(PrismObject<ShadowType> prismObject, RunningTask runningTask, OperationResult operationResult) throws CommonException {
        OperationResult createMinorSubresult = operationResult.createMinorSubresult(CLASS_DOT + "handleObject");
        ShadowCheckResult shadowCheckResult = new ShadowCheckResult(prismObject);
        try {
            try {
                checkShadow(shadowCheckResult, prismObject, runningTask, createMinorSubresult);
                for (Exception exc : shadowCheckResult.getErrors()) {
                    createMinorSubresult.createSubresult(CLASS_DOT + "handleObject.result").recordPartialError(exc.getMessage(), exc);
                }
                Iterator<String> it = shadowCheckResult.getWarnings().iterator();
                while (it.hasNext()) {
                    createMinorSubresult.createSubresult(CLASS_DOT + "handleObject.result").recordWarning(it.next());
                }
                if (!shadowCheckResult.getErrors().isEmpty()) {
                    this.statistics.incrementShadowsWithErrors();
                } else if (!shadowCheckResult.getWarnings().isEmpty()) {
                    this.statistics.incrementShadowsWithWarnings();
                }
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Checking shadow {} (resource {}) finished - errors: {}, warnings: {}", new Object[]{ObjectTypeUtil.toShortString(shadowCheckResult.getShadow()), ObjectTypeUtil.toShortString(shadowCheckResult.getResource()), Integer.valueOf(shadowCheckResult.getErrors().size()), Integer.valueOf(shadowCheckResult.getWarnings().size())});
                }
            } catch (RuntimeException e) {
                LoggingUtils.logUnexpectedException(LOGGER, "Unexpected error while checking shadow {} integrity", e, new Object[]{ObjectTypeUtil.toShortString(prismObject)});
                createMinorSubresult.recordPartialError("Unexpected error while checking shadow integrity", e);
                this.statistics.incrementShadowsWithErrors();
                runningTask.markObjectActionExecutedBoundary();
            }
            this.statistics.registerProblemCodeOccurrences(shadowCheckResult.getProblemCodes());
            if (shadowCheckResult.isFixApplied()) {
                this.statistics.registerProblemsFixes(shadowCheckResult.getFixForProblems());
            }
            createMinorSubresult.computeStatusIfUnknown();
            return true;
        } finally {
            runningTask.markObjectActionExecutedBoundary();
        }
    }

    private void checkShadow(ShadowCheckResult shadowCheckResult, PrismObject<ShadowType> prismObject, Task task, OperationResult operationResult) throws SchemaException {
        ShadowType asObjectable = prismObject.asObjectable();
        ObjectReferenceType resourceRef = asObjectable.getResourceRef();
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Checking shadow {} (resource {})", ObjectTypeUtil.toShortString(asObjectable), resourceRef != null ? resourceRef.getOid() : "(null)");
        }
        this.statistics.incrementShadows();
        if (resourceRef == null) {
            shadowCheckResult.recordError(ShadowStatistics.NO_RESOURCE_OID, new SchemaException("No resourceRef"));
            fixNoResourceIfRequested(shadowCheckResult, ShadowStatistics.NO_RESOURCE_OID);
            applyFixes(shadowCheckResult, prismObject, task, operationResult);
            return;
        }
        String oid = resourceRef.getOid();
        if (oid == null) {
            shadowCheckResult.recordError(ShadowStatistics.NO_RESOURCE_OID, new SchemaException("Null resource OID"));
            fixNoResourceIfRequested(shadowCheckResult, ShadowStatistics.NO_RESOURCE_OID);
            applyFixes(shadowCheckResult, prismObject, task, operationResult);
            return;
        }
        PrismObject<ResourceType> prismObject2 = this.resources.get(oid);
        if (prismObject2 == null) {
            this.statistics.incrementResources();
            try {
                prismObject2 = this.provisioningService.getObject(ResourceType.class, oid, (Collection) null, task, operationResult);
                this.resources.put(oid, prismObject2);
            } catch (CommonException | RuntimeException e) {
                shadowCheckResult.recordError(ShadowStatistics.CANNOT_GET_RESOURCE, new SystemException("Resource object cannot be fetched for some reason: " + e.getMessage(), e));
                return;
            } catch (ObjectNotFoundException e2) {
                shadowCheckResult.recordError(ShadowStatistics.NO_RESOURCE, new ObjectNotFoundException("Resource object does not exist: " + e2.getMessage(), e2));
                fixNoResourceIfRequested(shadowCheckResult, ShadowStatistics.NO_RESOURCE);
                applyFixes(shadowCheckResult, prismObject, task, operationResult);
                return;
            } catch (SchemaException e3) {
                shadowCheckResult.recordError(ShadowStatistics.CANNOT_GET_RESOURCE, new SchemaException("Resource object has schema problems: " + e3.getMessage(), e3));
                return;
            }
        }
        shadowCheckResult.setResource(prismObject2);
        ShadowKindType kind = asObjectable.getKind();
        if (kind == null) {
            shadowCheckResult.recordError(ShadowStatistics.NO_KIND_SPECIFIED, new SchemaException(ShadowStatistics.NO_KIND_SPECIFIED));
            return;
        }
        if (this.checkExtraData) {
            checkOrFixShadowActivationConsistency(shadowCheckResult, prismObject, this.fixExtraData);
        }
        PrismObject<ShadowType> prismObject3 = null;
        if (this.checkFetch) {
            prismObject3 = fetchShadow(shadowCheckResult, prismObject, task, operationResult);
            if (prismObject3 != null) {
                prismObject.setUserData(KEY_EXISTS_ON_RESOURCE, "true");
            }
        }
        if (this.checkOwners) {
            List<PrismObject<FocusType>> searchOwners = searchOwners(prismObject, operationResult);
            if (searchOwners != null) {
                prismObject.setUserData(KEY_OWNERS, searchOwners);
                if (searchOwners.size() > 1) {
                    shadowCheckResult.recordError(ShadowStatistics.MULTIPLE_OWNERS, new SchemaException("Multiple owners: " + searchOwners));
                }
            }
            if (asObjectable.getSynchronizationSituation() == SynchronizationSituationType.LINKED && (searchOwners == null || searchOwners.isEmpty())) {
                shadowCheckResult.recordError(ShadowStatistics.LINKED_WITH_NO_OWNER, new SchemaException(ShadowStatistics.LINKED_WITH_NO_OWNER));
            }
            if (asObjectable.getSynchronizationSituation() != SynchronizationSituationType.LINKED && searchOwners != null && !searchOwners.isEmpty()) {
                shadowCheckResult.recordError(ShadowStatistics.NOT_LINKED_WITH_OWNER, new SchemaException("Shadow with an owner but not marked as linked (marked as " + asObjectable.getSynchronizationSituation() + ")"));
            }
        }
        String intent = asObjectable.getIntent();
        if (this.checkIntents && (intent == null || intent.isEmpty())) {
            shadowCheckResult.recordWarning(ShadowStatistics.NO_INTENT_SPECIFIED, "None or empty intent");
        }
        if (this.fixIntents && (intent == null || intent.isEmpty())) {
            doFixIntent(shadowCheckResult, prismObject3, prismObject, prismObject2, task, operationResult);
        }
        QName objectClass = asObjectable.getObjectClass();
        if (objectClass == null) {
            shadowCheckResult.recordError(ShadowStatistics.NO_OBJECT_CLASS_SPECIFIED, new SchemaException(ShadowStatistics.NO_OBJECT_CLASS_SPECIFIED));
            return;
        }
        ContextMapKey contextMapKey = new ContextMapKey(oid, objectClass);
        ObjectTypeContext objectTypeContext = this.contextMap.get(contextMapKey);
        if (objectTypeContext == null) {
            objectTypeContext = new ObjectTypeContext();
            objectTypeContext.setResource(prismObject2);
            try {
                LayerRefinedResourceSchema refinedSchema = RefinedResourceSchemaImpl.getRefinedSchema(objectTypeContext.getResource(), LayerType.MODEL, this.prismContext);
                if (refinedSchema == null) {
                    shadowCheckResult.recordError(ShadowStatistics.NO_RESOURCE_REFINED_SCHEMA, new SchemaException("No resource schema"));
                    return;
                }
                objectTypeContext.setObjectClassDefinition(refinedSchema.getRefinedDefinition(kind, asObjectable));
                if (objectTypeContext.getObjectClassDefinition() == null) {
                    shadowCheckResult.recordError(ShadowStatistics.NO_OBJECT_CLASS_REFINED_SCHEMA, new SchemaException("No refined object class definition for kind=" + kind + ", intent=" + intent));
                    return;
                }
                this.contextMap.put(contextMapKey, objectTypeContext);
            } catch (SchemaException e4) {
                shadowCheckResult.recordError(ShadowStatistics.CANNOT_GET_REFINED_SCHEMA, new SchemaException("Couldn't derive resource schema: " + e4.getMessage(), e4));
                return;
            }
        }
        try {
            this.provisioningService.applyDefinition(prismObject, task, operationResult);
            HashSet<RefinedAttributeDefinition<?>> hashSet = new HashSet();
            Collection primaryIdentifiers = objectTypeContext.getObjectClassDefinition().getPrimaryIdentifiers();
            hashSet.addAll(primaryIdentifiers);
            hashSet.addAll(objectTypeContext.getObjectClassDefinition().getSecondaryIdentifiers());
            PrismContainer findContainer = prismObject.findContainer(ShadowType.F_ATTRIBUTES);
            if (findContainer == null) {
                shadowCheckResult.recordError(ShadowStatistics.OTHER_FAILURE, new SchemaException("No attributes container"));
                return;
            }
            for (RefinedAttributeDefinition<?> refinedAttributeDefinition : hashSet) {
                PrismProperty findProperty = findContainer.getValue().findProperty(refinedAttributeDefinition.getItemName());
                if (findProperty == null || findProperty.size() == 0) {
                    shadowCheckResult.recordWarning(ShadowStatistics.OTHER_FAILURE, "No value for identifier " + refinedAttributeDefinition.getItemName());
                } else if (findProperty.size() > 1) {
                    shadowCheckResult.recordError(ShadowStatistics.OTHER_FAILURE, new SchemaException("Multi-valued identifier " + refinedAttributeDefinition.getItemName() + " with values " + findProperty.getValues()));
                } else {
                    String str = (String) findProperty.getValue().getValue();
                    if (str == null) {
                        shadowCheckResult.recordWarning(ShadowStatistics.OTHER_FAILURE, "Null value for identifier " + refinedAttributeDefinition.getItemName());
                    } else {
                        if (this.checkUniqueness && (!this.checkDuplicatesOnPrimaryIdentifiersOnly || primaryIdentifiers.contains(refinedAttributeDefinition))) {
                            addIdentifierValue(shadowCheckResult, objectTypeContext, refinedAttributeDefinition.getItemName(), str, prismObject);
                        }
                        if (this.checkNormalization) {
                            doCheckNormalization(shadowCheckResult, refinedAttributeDefinition, str, objectTypeContext);
                        }
                    }
                }
            }
            applyFixes(shadowCheckResult, prismObject, task, operationResult);
        } catch (SchemaException | ObjectNotFoundException | CommunicationException | ConfigurationException | ExpressionEvaluationException e5) {
            shadowCheckResult.recordError(ShadowStatistics.OTHER_FAILURE, new SystemException("Couldn't apply definition to shadow from repo", e5));
        }
    }

    private void applyFixes(ShadowCheckResult shadowCheckResult, PrismObject<ShadowType> prismObject, Task task, OperationResult operationResult) {
        if (shadowCheckResult.isFixByRemovingShadow() || shadowCheckResult.getFixDeltas().size() > 0) {
            try {
                applyFix(shadowCheckResult, prismObject, task, operationResult);
                shadowCheckResult.setFixApplied(true);
            } catch (CommonException e) {
                shadowCheckResult.recordError(ShadowStatistics.CANNOT_APPLY_FIX, new SystemException("Couldn't apply the shadow fix", e));
            }
        }
    }

    private void fixNoResourceIfRequested(ShadowCheckResult shadowCheckResult, String str) {
        if (this.fixResourceRef) {
            shadowCheckResult.setFixByRemovingShadow(str);
        }
    }

    private List<PrismObject<FocusType>> searchOwners(PrismObject<ShadowType> prismObject, OperationResult operationResult) {
        try {
            SearchResultList searchObjects = this.repositoryService.searchObjects(FocusType.class, this.prismContext.queryFor(FocusType.class).item(FocusType.F_LINK_REF).ref(new String[]{prismObject.getOid()}).build(), (Collection) null, operationResult);
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("Owners for {}: {}", ObjectTypeUtil.toShortString(prismObject), searchObjects);
            }
            return searchObjects;
        } catch (SchemaException | RuntimeException e) {
            LoggingUtils.logUnexpectedException(LOGGER, "Couldn't create/execute owners query for shadow {}", e, new Object[]{ObjectTypeUtil.toShortString(prismObject)});
            return null;
        }
    }

    private PrismObject<ShadowType> fetchShadow(ShadowCheckResult shadowCheckResult, PrismObject<ShadowType> prismObject, Task task, OperationResult operationResult) {
        try {
            return this.provisioningService.getObject(ShadowType.class, prismObject.getOid(), SelectorOptions.createCollection(GetOperationOptions.createDoNotDiscovery()), task, operationResult);
        } catch (ObjectNotFoundException | CommunicationException | SchemaException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException | Error | RuntimeException e) {
            shadowCheckResult.recordError(ShadowStatistics.CANNOT_FETCH_RESOURCE_OBJECT, new SystemException("The resource object couldn't be fetched", e));
            return null;
        }
    }

    private void doFixIntent(ShadowCheckResult shadowCheckResult, PrismObject<ShadowType> prismObject, PrismObject<ShadowType> prismObject2, PrismObject<ResourceType> prismObject3, Task task, OperationResult operationResult) throws SchemaException {
        PrismObject<ShadowType> fetchShadow = !this.checkFetch ? fetchShadow(shadowCheckResult, prismObject2, task, operationResult) : prismObject;
        if (fetchShadow == null) {
            shadowCheckResult.recordError(ShadowStatistics.CANNOT_APPLY_FIX, new SystemException("Cannot fix missing intent, because the resource object couldn't be fetched"));
            return;
        }
        try {
            SynchronizationContext loadSynchronizationContext = this.synchronizationService.loadSynchronizationContext(fetchShadow, fetchShadow, prismObject3, task.getChannel(), this.systemObjectCache.getSystemConfiguration(operationResult), task, operationResult);
            if (!loadSynchronizationContext.hasApplicablePolicy()) {
                LOGGER.info("Intent couldn't be fixed, because no synchronization policy was found");
                return;
            }
            if (loadSynchronizationContext.getIntent() == null) {
                LOGGER.info("Synchronization policy does not contain intent: {}", loadSynchronizationContext.toString());
                return;
            }
            PropertyDelta createReplaceDelta = this.prismContext.deltaFactory().property().createReplaceDelta(fetchShadow.getDefinition(), ShadowType.F_INTENT, new String[]{loadSynchronizationContext.getIntent()});
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("Intent fix delta (not executed now) = \n{}", createReplaceDelta.debugDump());
            }
            shadowCheckResult.addFixDelta(createReplaceDelta, ShadowStatistics.NO_INTENT_SPECIFIED);
        } catch (SchemaException | ObjectNotFoundException | ExpressionEvaluationException | RuntimeException | CommunicationException | ConfigurationException | SecurityViolationException e) {
            shadowCheckResult.recordError(ShadowStatistics.CANNOT_APPLY_FIX, new SystemException("Couldn't prepare fix for missing intent, because the synchronization policy couldn't be determined", e));
        }
    }

    private void applyFix(ShadowCheckResult shadowCheckResult, PrismObject<ShadowType> prismObject, Task task, OperationResult operationResult) throws CommonException {
        LOGGER.info("Applying shadow fix{}:\n{}", skippedForDryRun(), shadowCheckResult.isFixByRemovingShadow() ? "DELETE " + ObjectTypeUtil.toShortString(prismObject) : DebugUtil.debugDump(shadowCheckResult.getFixDeltas()));
        if (this.dryRun) {
            return;
        }
        try {
            if (shadowCheckResult.isFixByRemovingShadow()) {
                this.repositoryService.deleteObject(ShadowType.class, prismObject.getOid(), operationResult);
            } else {
                this.repositoryService.modifyObject(ShadowType.class, prismObject.getOid(), shadowCheckResult.getFixDeltas(), operationResult);
            }
            task.recordObjectActionExecuted(prismObject, ChangeType.MODIFY, (Throwable) null);
        } catch (Throwable th) {
            task.recordObjectActionExecuted(prismObject, ChangeType.MODIFY, th);
            throw th;
        }
    }

    private String skippedForDryRun() {
        return this.dryRun ? " (skipped because of dry run)" : "";
    }

    private void doCheckNormalization(ShadowCheckResult shadowCheckResult, RefinedAttributeDefinition<?> refinedAttributeDefinition, String str, ObjectTypeContext objectTypeContext) throws SchemaException {
        QName matchingRuleQName = refinedAttributeDefinition.getMatchingRuleQName();
        if (matchingRuleQName == null) {
            return;
        }
        try {
            Object normalize = this.matchingRuleRegistry.getMatchingRule(matchingRuleQName, refinedAttributeDefinition.getTypeName()).normalize(str);
            if (!(normalize instanceof String)) {
                shadowCheckResult.recordError(ShadowStatistics.OTHER_FAILURE, new SchemaException("Normalized value is not a string, it's " + normalize.getClass() + " (identifier " + refinedAttributeDefinition.getItemName() + ", value " + str));
                return;
            }
            if (str.equals(normalize)) {
                return;
            }
            String str2 = (String) normalize;
            shadowCheckResult.recordError(ShadowStatistics.NON_NORMALIZED_IDENTIFIER_VALUE, new SchemaException("Non-normalized value of identifier " + refinedAttributeDefinition.getItemName() + ": " + str + " (normalized form: " + normalize + ")"));
            if (this.fixNormalization) {
                PropertyDelta createEmptyDelta = refinedAttributeDefinition.createEmptyDelta(ItemPath.create(new Object[]{ShadowType.F_ATTRIBUTES, refinedAttributeDefinition.getItemName()}));
                createEmptyDelta.setRealValuesToReplace(new Object[]{str2});
                shadowCheckResult.addFixDelta(createEmptyDelta, ShadowStatistics.NON_NORMALIZED_IDENTIFIER_VALUE);
            }
        } catch (SchemaException e) {
            shadowCheckResult.recordError(ShadowStatistics.OTHER_FAILURE, new SchemaException("Couldn't retrieve matching rule for identifier " + refinedAttributeDefinition.getItemName() + " (rule name = " + matchingRuleQName + ")"));
        }
    }

    private void addIdentifierValue(ShadowCheckResult shadowCheckResult, ObjectTypeContext objectTypeContext, QName qName, String str, PrismObject<ShadowType> prismObject) {
        Map<String, Set<String>> computeIfAbsent = objectTypeContext.getIdentifierValueMap().computeIfAbsent(qName, qName2 -> {
            return new HashMap();
        });
        Set<String> set = computeIfAbsent.get(str);
        if (set == null) {
            HashSet hashSet = new HashSet();
            hashSet.add(prismObject.getOid());
            computeIfAbsent.put(str, hashSet);
        } else {
            this.duplicateShadowsDetected.add(prismObject.getOid());
            LOGGER.error("Multiple shadows with the value of identifier attribute {} = {}: existing one(s): {}, duplicate: {}", new Object[]{qName, str, set, ObjectTypeUtil.toShortString(prismObject.asObjectable())});
            set.add(prismObject.getOid());
        }
    }

    public ShadowStatistics getStatistics() {
        return this.statistics;
    }

    private String reportOrFixUniqueness(Task task, OperationResult operationResult) {
        StringBuilder sb = new StringBuilder();
        StringBuilder sb2 = new StringBuilder();
        for (Map.Entry<ContextMapKey, ObjectTypeContext> entry : this.contextMap.entrySet()) {
            String str = entry.getKey().resourceOid;
            QName qName = entry.getKey().objectClassName;
            ObjectTypeContext value = entry.getValue();
            PrismObject<ResourceType> prismObject = this.resources.get(str);
            if (prismObject == null) {
                LOGGER.error("No resource for {}", str);
            } else {
                for (Map.Entry<QName, Map<String, Set<String>>> entry2 : value.getIdentifierValueMap().entrySet()) {
                    QName key = entry2.getKey();
                    boolean z = true;
                    for (Map.Entry<String, Set<String>> entry3 : entry2.getValue().entrySet()) {
                        Set<String> value2 = entry3.getValue();
                        if (value2.size() > 1) {
                            if (z) {
                                sb.append("Duplicates for ").append(ObjectTypeUtil.toShortString(prismObject));
                                sb.append(", object class = ").append(qName);
                                sb.append(", identifier = ").append(key).append(":\n");
                                z = false;
                            }
                            sb.append(" - value: ").append(entry3.getKey()).append(", shadows: ").append(value2.size()).append("\n");
                            ArrayList arrayList = new ArrayList();
                            for (String str2 : value2) {
                                PrismObject prismObject2 = null;
                                try {
                                    prismObject2 = this.repositoryService.getObject(ShadowType.class, str2, (Collection) null, operationResult);
                                } catch (SchemaException e) {
                                    LoggingUtils.logUnexpectedException(LOGGER, "Couldn't fetch shadow with OID {} from the repository", e, new Object[]{str2});
                                } catch (ObjectNotFoundException e2) {
                                    LOGGER.debug("Couldn't fetch shadow with OID {}, it was probably already deleted", str2, e2);
                                }
                                sb.append("   - ").append(prismObject2 != null ? ObjectTypeUtil.toShortString(prismObject2) : str2);
                                if (prismObject2 != null) {
                                    sb.append("; sync situation = ").append(prismObject2.asObjectable().getSynchronizationSituation()).append("\n");
                                    PrismContainer findContainer = prismObject2.findContainer(ShadowType.F_ATTRIBUTES);
                                    if (findContainer != null && !findContainer.isEmpty()) {
                                        for (Item item : findContainer.getValue().getItems()) {
                                            sb.append("     - ").append(item.getElementName().getLocalPart()).append(" = ");
                                            sb.append(item.getRealValues());
                                            sb.append("\n");
                                        }
                                    }
                                }
                                if (this.duplicateShadowsDeleted.contains(str2)) {
                                    sb.append("     (already deleted)\n");
                                } else if (prismObject2 == null) {
                                    sb.append("     (inaccessible)\n");
                                } else {
                                    arrayList.add(prismObject2);
                                }
                            }
                            if (this.fixUniqueness && arrayList.size() > 1) {
                                deleteShadows(this.duplicateShadowsResolver.determineDuplicateShadowsTreatment(arrayList), sb, task, operationResult);
                            }
                        }
                    }
                }
            }
        }
        sb2.append("Duplicate shadows detected: ").append(this.duplicateShadowsDetected.size());
        if (this.fixUniqueness) {
            sb2.append(", deleted: ").append(this.duplicateShadowsDeleted.size());
        }
        operationResult.summarize();
        return sb2.toString() + "\n" + sb.toString();
    }

    private void deleteShadows(DuplicateShadowsTreatmentInstruction duplicateShadowsTreatmentInstruction, StringBuilder sb, Task task, OperationResult operationResult) {
        LOGGER.trace("Going to delete shadows:\n{}", duplicateShadowsTreatmentInstruction);
        if (duplicateShadowsTreatmentInstruction == null || duplicateShadowsTreatmentInstruction.getShadowsToDelete() == null) {
            return;
        }
        Collection<PrismObject<ShadowType>> shadowsToDelete = duplicateShadowsTreatmentInstruction.getShadowsToDelete();
        String shadowOidToReplaceDeletedOnes = duplicateShadowsTreatmentInstruction.getShadowOidToReplaceDeletedOnes();
        for (PrismObject<ShadowType> prismObject : shadowsToDelete) {
            LOGGER.info("Deleting redundant shadow{} {}", skippedForDryRun(), ObjectTypeUtil.toShortString(prismObject));
            sb.append("   --> deleted redundant shadow").append(skippedForDryRun()).append(" ").append(ObjectTypeUtil.toShortString(prismObject)).append("\n");
            String oid = prismObject.getOid();
            List<PrismObject<FocusType>> searchOwners = this.checkOwners ? (List) prismObject.getUserData(KEY_OWNERS) : searchOwners(prismObject, operationResult);
            if (!this.dryRun) {
                try {
                    this.repositoryService.deleteObject(ShadowType.class, oid, operationResult);
                    task.recordObjectActionExecuted(prismObject, ChangeType.DELETE, (Throwable) null);
                    this.duplicateShadowsDeleted.add(oid);
                } catch (RuntimeException e) {
                    task.recordObjectActionExecuted(prismObject, ChangeType.DELETE, e);
                    LoggingUtils.logUnexpectedException(LOGGER, "Shadow {} couldn't be deleted because of an unexpected exception", e, new Object[]{ObjectTypeUtil.toShortString(prismObject)});
                } catch (ObjectNotFoundException e2) {
                    task.recordObjectActionExecuted(prismObject, ChangeType.DELETE, e2);
                    LoggingUtils.logExceptionAsWarning(LOGGER, "Shadow {} couldn't be deleted, because it does not exist anymore", e2, new Object[]{ObjectTypeUtil.toShortString(prismObject)});
                }
            }
            if (searchOwners != null && !searchOwners.isEmpty()) {
                for (PrismObject<FocusType> prismObject2 : searchOwners) {
                    ArrayList arrayList = new ArrayList(2);
                    arrayList.add(this.prismContext.deltaFactory().reference().createModificationDelete(FocusType.F_LINK_REF, prismObject2.getDefinition(), this.prismContext.itemFactory().createReferenceValue(oid, ShadowType.COMPLEX_TYPE)));
                    if (shadowOidToReplaceDeletedOnes != null) {
                        arrayList.add(this.prismContext.deltaFactory().reference().createModificationAdd(FocusType.F_LINK_REF, prismObject2.getDefinition(), this.prismContext.itemFactory().createReferenceValue(shadowOidToReplaceDeletedOnes, ShadowType.COMPLEX_TYPE)));
                    }
                    LOGGER.info("Executing modify delta{} for owner {}:\n{}", new Object[]{skippedForDryRun(), ObjectTypeUtil.toShortString(prismObject2), DebugUtil.debugDump(arrayList)});
                    if (!this.dryRun) {
                        try {
                            this.repositoryService.modifyObject(prismObject2.getClass(), prismObject2.getOid(), arrayList, operationResult);
                            task.recordObjectActionExecuted(prismObject2, ChangeType.MODIFY, (Throwable) null);
                        } catch (ObjectNotFoundException | SchemaException | ObjectAlreadyExistsException | RuntimeException e3) {
                            task.recordObjectActionExecuted(prismObject2, ChangeType.MODIFY, e3);
                            LoggingUtils.logUnexpectedException(LOGGER, "Focal object {} (owner of {}) couldn't be updated", e3, new Object[]{ObjectTypeUtil.toShortString(prismObject2), ObjectTypeUtil.toShortString(prismObject)});
                        }
                    }
                }
            }
        }
    }

    public void completeProcessing(Task task, OperationResult operationResult) {
        super.completeProcessing(task, operationResult);
        String str = null;
        if (this.checkUniqueness) {
            str = reportOrFixUniqueness(task, operationResult);
        }
        logConfiguration("Shadow integrity check finished. It was run with the configuration:");
        LOGGER.info("Results:\n    Shadows processed: {} ({} resources),\n    Shadows with no problems: {}\n    Shadows with warnings: {}\n    Shadows with errors: {}\n    Details:\n{}", new Object[]{Integer.valueOf(this.statistics.getShadows()), Integer.valueOf(this.statistics.getResources()), Integer.valueOf((this.statistics.getShadows() - this.statistics.getShadowsWithErrors()) - this.statistics.getShadowsWithWarnings()), Integer.valueOf(this.statistics.getShadowsWithWarnings()), Integer.valueOf(this.statistics.getShadowsWithErrors()), this.statistics.getDetailsFormatted(this.dryRun)});
        if (str != null) {
            LOGGER.info("Uniqueness report:\n{}", str);
        }
    }

    public void checkOrFixShadowActivationConsistency(ShadowCheckResult shadowCheckResult, PrismObject<ShadowType> prismObject, boolean z) {
        ActivationType activation;
        if (prismObject == null || (activation = prismObject.asObjectable().getActivation()) == null) {
            return;
        }
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_ADMINISTRATIVE_STATUS);
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_EFFECTIVE_STATUS);
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_VALID_FROM);
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_VALID_TO);
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_VALIDITY_STATUS);
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_VALIDITY_CHANGE_TIMESTAMP);
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_LOCKOUT_STATUS);
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_LOCKOUT_EXPIRATION_TIMESTAMP);
    }

    private void checkOrFixActivationItem(ShadowCheckResult shadowCheckResult, PrismObject<ShadowType> prismObject, PrismContainerValue<ActivationType> prismContainerValue, ItemName itemName) {
        PrismProperty findProperty = prismContainerValue.findProperty(itemName);
        if (findProperty == null || findProperty.isEmpty()) {
            return;
        }
        shadowCheckResult.recordWarning(ShadowStatistics.EXTRA_ACTIVATION_DATA, "Unexpected activation item: " + findProperty);
        if (this.fixExtraData) {
            shadowCheckResult.addFixDelta(this.prismContext.deltaFactory().property().createReplaceEmptyDelta(prismObject.getDefinition(), ItemPath.create(new Object[]{ShadowType.F_ACTIVATION, itemName})), ShadowStatistics.EXTRA_ACTIVATION_DATA);
        }
    }
}
