package com.evolveum.midpoint.model.impl.sync;

import com.evolveum.midpoint.model.common.expression.ModelExpressionThreadLocalHolder;
import com.evolveum.midpoint.model.impl.util.ModelImplUtils;
import com.evolveum.midpoint.prism.PrimitiveType;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.match.MatchingRuleRegistry;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.repo.common.expression.ExpressionEvaluationContext;
import com.evolveum.midpoint.repo.common.expression.ExpressionFactory;
import com.evolveum.midpoint.repo.common.expression.ExpressionUtil;
import com.evolveum.midpoint.repo.common.expression.ExpressionVariables;
import com.evolveum.midpoint.schema.RelationRegistry;
import com.evolveum.midpoint.schema.constants.ExpressionConstants;
import com.evolveum.midpoint.schema.expression.ExpressionProfile;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.MiscSchemaUtil;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.schema.util.SchemaDebugUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.DOMUtil;
import com.evolveum.midpoint.util.PrettyPrinter;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ConditionalSearchFilterType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ExpressionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectMultiplicityType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowTagSpecificationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.Validate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/evolveum/midpoint/model/impl/sync/SynchronizationExpressionsEvaluator.class */
public class SynchronizationExpressionsEvaluator {
    private static final Trace LOGGER = TraceManager.getTrace(SynchronizationExpressionsEvaluator.class);

    @Autowired
    @Qualifier("cacheRepositoryService")
    private RepositoryService repositoryService;

    @Autowired
    private PrismContext prismContext;

    @Autowired
    private RelationRegistry relationRegistry;

    @Autowired
    private ExpressionFactory expressionFactory;

    @Autowired
    private MatchingRuleRegistry matchingRuleRegistry;

    public <F extends FocusType> List<PrismObject<F>> findFocusesByCorrelationRule(Class<F> cls, ShadowType shadowType, List<ConditionalSearchFilterType> list, ResourceType resourceType, SystemConfigurationType systemConfigurationType, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        if (list == null || list.isEmpty()) {
            LOGGER.warn("Correlation rule for resource '{}' doesn't contain query, returning empty list of users.", resourceType);
            return null;
        }
        ExpressionProfile expressionProfile = MiscSchemaUtil.getExpressionProfile();
        List<PrismObject<F>> list2 = null;
        for (ConditionalSearchFilterType conditionalSearchFilterType : list) {
            if (satisfyCondition(shadowType, conditionalSearchFilterType, expressionProfile, resourceType, systemConfigurationType, "Condition expression", task, operationResult)) {
                LOGGER.trace("Condition {} in correlation expression evaluated to true", conditionalSearchFilterType.getCondition());
                List<PrismObject<F>> findFocusesByCorrelationRule = findFocusesByCorrelationRule(cls, shadowType, conditionalSearchFilterType, expressionProfile, resourceType, systemConfigurationType, task, operationResult);
                if (findFocusesByCorrelationRule != null || list2 != null) {
                    if (findFocusesByCorrelationRule != null && findFocusesByCorrelationRule.isEmpty() && list2 == null) {
                        list2 = new ArrayList();
                    }
                    if (list2 == null && findFocusesByCorrelationRule != null) {
                        list2 = findFocusesByCorrelationRule;
                    }
                    if (list2 != null && !list2.isEmpty() && findFocusesByCorrelationRule != null && !findFocusesByCorrelationRule.isEmpty()) {
                        for (PrismObject<F> prismObject : findFocusesByCorrelationRule) {
                            if (!contains(list2, prismObject)) {
                                list2.add(prismObject);
                            }
                        }
                    }
                }
            }
        }
        if (list2 != null) {
            LOGGER.debug("SYNCHRONIZATION: CORRELATION: expression for {} returned {} users: {}", new Object[]{shadowType, Integer.valueOf(list2.size()), PrettyPrinter.prettyPrint(list2, 3)});
            if (list2.size() > 1) {
                HashSet hashSet = new HashSet();
                hashSet.addAll(list2);
                list2.clear();
                list2.addAll(hashSet);
                LOGGER.debug("SYNCHRONIZATION: CORRELATION: found {} users without duplicates", Integer.valueOf(list2.size()));
            }
        }
        return list2;
    }

    private boolean satisfyCondition(ShadowType shadowType, ConditionalSearchFilterType conditionalSearchFilterType, ExpressionProfile expressionProfile, ResourceType resourceType, SystemConfigurationType systemConfigurationType, String str, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        if (conditionalSearchFilterType.getCondition() == null) {
            return true;
        }
        PrismPropertyValue evaluateExpression = ExpressionUtil.evaluateExpression(ModelImplUtils.getDefaultExpressionVariables(null, shadowType, resourceType, systemConfigurationType, this.prismContext), this.prismContext.definitionFactory().createPropertyDefinition(ExpressionConstants.OUTPUT_ELEMENT_NAME, PrimitiveType.BOOLEAN.getQname()), conditionalSearchFilterType.getCondition(), expressionProfile, this.expressionFactory, str, task, operationResult);
        if (evaluateExpression.getValue() == null) {
            return false;
        }
        return ((Boolean) evaluateExpression.getValue()).booleanValue();
    }

    private <F extends FocusType> boolean contains(List<PrismObject<F>> list, PrismObject<F> prismObject) {
        Iterator<PrismObject<F>> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().getOid().equals(prismObject.getOid())) {
                return true;
            }
        }
        return false;
    }

    private <F extends FocusType> List<PrismObject<F>> findFocusesByCorrelationRule(Class<F> cls, ShadowType shadowType, ConditionalSearchFilterType conditionalSearchFilterType, ExpressionProfile expressionProfile, ResourceType resourceType, SystemConfigurationType systemConfigurationType, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        if (!conditionalSearchFilterType.containsFilterClause()) {
            LOGGER.warn("Correlation rule for resource '{}' doesn't contain filter clause, returning empty list of users.", resourceType);
            return null;
        }
        try {
            ObjectQuery updateFilterWithAccountValues = updateFilterWithAccountValues(shadowType, resourceType, systemConfigurationType, this.prismContext.getQueryConverter().createObjectQuery(cls, conditionalSearchFilterType), expressionProfile, "Correlation expression", task, operationResult);
            if (updateFilterWithAccountValues == null) {
                return null;
            }
            try {
                LOGGER.trace("SYNCHRONIZATION: CORRELATION: expression for results in filter\n{}", updateFilterWithAccountValues.debugDumpLazily());
                return this.repositoryService.searchObjects(cls, updateFilterWithAccountValues, (Collection) null, operationResult);
            } catch (RuntimeException e) {
                LoggingUtils.logException(LOGGER, "Couldn't search users in repository, based on filter (simplified)\n{}.", e, new Object[]{updateFilterWithAccountValues.debugDump()});
                throw new SystemException("Couldn't search users in repository, based on filter (See logs).", e);
            }
        } catch (ExpressionEvaluationException e2) {
            LoggingUtils.logException(LOGGER, "Couldn't convert query (simplified)\n{}.", e2, new Object[]{SchemaDebugUtil.prettyPrint(conditionalSearchFilterType)});
            throw new ExpressionEvaluationException("Couldn't convert query.", e2);
        } catch (CommunicationException e3) {
            LoggingUtils.logException(LOGGER, "Couldn't convert query (simplified)\n{}.", e3, new Object[]{SchemaDebugUtil.prettyPrint(conditionalSearchFilterType)});
            throw new CommunicationException("Couldn't convert query.", e3);
        } catch (ConfigurationException e4) {
            LoggingUtils.logException(LOGGER, "Couldn't convert query (simplified)\n{}.", e4, new Object[]{SchemaDebugUtil.prettyPrint(conditionalSearchFilterType)});
            throw new ConfigurationException("Couldn't convert query.", e4);
        } catch (SecurityViolationException e5) {
            LoggingUtils.logException(LOGGER, "Couldn't convert query (simplified)\n{}.", e5, new Object[]{SchemaDebugUtil.prettyPrint(conditionalSearchFilterType)});
            throw new SecurityViolationException("Couldn't convert query.", e5);
        } catch (SchemaException e6) {
            LoggingUtils.logException(LOGGER, "Couldn't convert query (simplified)\n{}.", e6, new Object[]{SchemaDebugUtil.prettyPrint(conditionalSearchFilterType)});
            throw new SchemaException("Couldn't convert query.", e6);
        } catch (ObjectNotFoundException e7) {
            LoggingUtils.logException(LOGGER, "Couldn't convert query (simplified)\n{}.", e7, new Object[]{SchemaDebugUtil.prettyPrint(conditionalSearchFilterType)});
            throw new ObjectNotFoundException("Couldn't convert query.", e7);
        }
    }

    private <F extends FocusType> boolean matchUserCorrelationRule(Class<F> cls, PrismObject<ShadowType> prismObject, ExpressionProfile expressionProfile, PrismObject<F> prismObject2, ResourceType resourceType, SystemConfigurationType systemConfigurationType, ConditionalSearchFilterType conditionalSearchFilterType, Task task, OperationResult operationResult) throws SchemaException {
        if (conditionalSearchFilterType == null) {
            LOGGER.warn("Correlation rule for resource '{}' doesn't contain query, returning empty list of users.", resourceType);
            return false;
        }
        if (!conditionalSearchFilterType.containsFilterClause()) {
            LOGGER.warn("Correlation rule for resource '{}' doesn't contain a filter, returning empty list of users.", resourceType);
            return false;
        }
        try {
            if (!satisfyCondition((ShadowType) prismObject.asObjectable(), conditionalSearchFilterType, expressionProfile, resourceType, systemConfigurationType, "", task, operationResult)) {
                LOGGER.trace("Skipping evaluating correlation rule. Condition in {} not satisfied.", conditionalSearchFilterType);
                return false;
            }
            ObjectQuery updateFilterWithAccountValues = updateFilterWithAccountValues((ShadowType) prismObject.asObjectable(), resourceType, systemConfigurationType, this.prismContext.getQueryConverter().createObjectQuery(cls, conditionalSearchFilterType), expressionProfile, "Correlation expression", task, operationResult);
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Start matching user {} with correlation expression {}", prismObject2, updateFilterWithAccountValues != null ? updateFilterWithAccountValues.debugDump() : "(null)");
            }
            if (updateFilterWithAccountValues == null) {
                return false;
            }
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("SYNCHRONIZATION: CORRELATION: expression for {} results in filter\n{}", prismObject, updateFilterWithAccountValues);
            }
            ObjectTypeUtil.normalizeFilter(updateFilterWithAccountValues.getFilter(), this.relationRegistry);
            return ObjectQuery.match(prismObject2, updateFilterWithAccountValues.getFilter(), this.matchingRuleRegistry);
        } catch (Exception e) {
            LoggingUtils.logException(LOGGER, "Couldn't convert query (simplified)\n{}.", e, new Object[]{SchemaDebugUtil.prettyPrint(conditionalSearchFilterType)});
            throw new SystemException("Couldn't convert query.", e);
        }
    }

    public <F extends FocusType> boolean matchFocusByCorrelationRule(SynchronizationContext<F> synchronizationContext, PrismObject<F> prismObject, OperationResult operationResult) {
        if (!synchronizationContext.hasApplicablePolicy()) {
            LOGGER.warn("Resource does not support synchronization. Skipping evaluation correlation/confirmation for {} and {}", prismObject, synchronizationContext.getApplicableShadow());
            return false;
        }
        try {
            Iterator<ConditionalSearchFilterType> it = synchronizationContext.getCorrelation().iterator();
            while (it.hasNext()) {
                if (matchUserCorrelationRule(synchronizationContext.getFocusClass(), synchronizationContext.getApplicableShadow(), synchronizationContext.getExpressionProfile(), prismObject, (ResourceType) synchronizationContext.getResource().asObjectable(), (SystemConfigurationType) synchronizationContext.getSystemConfiguration().asObjectable(), it.next(), synchronizationContext.getTask(), operationResult)) {
                    LOGGER.debug("SYNCHRONIZATION: CORRELATION: expression for {} match user: {}", synchronizationContext.getApplicableShadow(), prismObject);
                    return true;
                }
            }
            LOGGER.debug("SYNCHRONIZATION: CORRELATION: expression for {} does not match user: {}", synchronizationContext.getApplicableShadow(), prismObject);
            return false;
        } catch (SchemaException e) {
            throw new SystemException("Failed to match user using correlation rule. " + e.getMessage(), e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <F extends FocusType> List<PrismObject<F>> findUserByConfirmationRule(Class<F> cls, List<PrismObject<F>> list, ShadowType shadowType, ResourceType resourceType, SystemConfigurationType systemConfigurationType, ExpressionType expressionType, Task task, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
        ArrayList arrayList = new ArrayList();
        for (PrismObject<F> prismObject : list) {
            try {
                if (evaluateConfirmationExpression(cls, prismObject.asObjectable(), shadowType, resourceType, systemConfigurationType, expressionType, task, operationResult)) {
                    arrayList.add(prismObject);
                }
            } catch (ExpressionEvaluationException e) {
                LoggingUtils.logException(LOGGER, "Couldn't confirm user {}", e, new Object[]{prismObject.getElementName()});
                throw new ExpressionEvaluationException("Couldn't confirm user " + prismObject.getElementName(), e);
            } catch (SchemaException e2) {
                LoggingUtils.logException(LOGGER, "Couldn't confirm user {}", e2, new Object[]{prismObject.getElementName()});
                throw new SchemaException("Couldn't confirm user " + prismObject.getElementName(), e2);
            } catch (ObjectNotFoundException e3) {
                LoggingUtils.logException(LOGGER, "Couldn't confirm user {}", e3, new Object[]{prismObject.getElementName()});
                throw new ObjectNotFoundException("Couldn't confirm user " + prismObject.getElementName(), e3);
            } catch (CommunicationException e4) {
                LoggingUtils.logException(LOGGER, "Couldn't confirm user {}", e4, new Object[]{prismObject.getElementName()});
                throw new CommunicationException("Couldn't confirm user " + prismObject.getElementName(), e4);
            } catch (SecurityViolationException e5) {
                LoggingUtils.logException(LOGGER, "Couldn't confirm user {}", e5, new Object[]{prismObject.getElementName()});
                throw new SecurityViolationException("Couldn't confirm user " + prismObject.getElementName(), e5);
            } catch (RuntimeException e6) {
                LoggingUtils.logException(LOGGER, "Couldn't confirm user {}", e6, new Object[]{prismObject.getElementName()});
                throw new SystemException("Couldn't confirm user " + prismObject.getElementName(), e6);
            } catch (ConfigurationException e7) {
                LoggingUtils.logException(LOGGER, "Couldn't confirm user {}", e7, new Object[]{prismObject.getElementName()});
                throw new ConfigurationException("Couldn't confirm user " + prismObject.getElementName(), e7);
            }
        }
        LOGGER.debug("SYNCHRONIZATION: CONFIRMATION: expression for {} matched {} users.", new Object[]{shadowType, Integer.valueOf(arrayList.size())});
        return arrayList;
    }

    private ObjectQuery updateFilterWithAccountValues(ShadowType shadowType, ResourceType resourceType, SystemConfigurationType systemConfigurationType, ObjectQuery objectQuery, ExpressionProfile expressionProfile, String str, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        if (objectQuery.getFilter() != null) {
            return evaluateQueryExpressions(objectQuery, expressionProfile, shadowType, resourceType, systemConfigurationType, str, task, operationResult);
        }
        LOGGER.trace("No filter provided, skipping updating filter");
        return objectQuery;
    }

    private ObjectQuery evaluateQueryExpressions(ObjectQuery objectQuery, ExpressionProfile expressionProfile, ShadowType shadowType, ResourceType resourceType, SystemConfigurationType systemConfigurationType, String str, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        return ExpressionUtil.evaluateQueryExpressions(objectQuery, ModelImplUtils.getDefaultExpressionVariables(null, shadowType, resourceType, systemConfigurationType, this.prismContext), expressionProfile, this.expressionFactory, this.prismContext, str, task, operationResult);
    }

    public <F extends FocusType> boolean evaluateConfirmationExpression(Class<F> cls, F f, ShadowType shadowType, ResourceType resourceType, SystemConfigurationType systemConfigurationType, ExpressionType expressionType, Task task, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
        Validate.notNull(f, "User must not be null.");
        Validate.notNull(shadowType, "Resource object shadow must not be null.");
        Validate.notNull(expressionType, "Expression must not be null.");
        Validate.notNull(operationResult, "Operation result must not be null.");
        ExpressionVariables defaultExpressionVariables = ModelImplUtils.getDefaultExpressionVariables(f, shadowType, resourceType, systemConfigurationType, this.prismContext);
        String str = "confirmation expression for " + resourceType.asPrismObject();
        Collection nonNegativeValues = ModelExpressionThreadLocalHolder.evaluateExpressionInContext(this.expressionFactory.makeExpression(expressionType, this.prismContext.definitionFactory().createPropertyDefinition(ExpressionConstants.OUTPUT_ELEMENT_NAME, DOMUtil.XSD_BOOLEAN), MiscSchemaUtil.getExpressionProfile(), str, task, operationResult), new ExpressionEvaluationContext((Collection) null, defaultExpressionVariables, str, task), task, operationResult).getNonNegativeValues();
        if (nonNegativeValues == null || nonNegativeValues.isEmpty()) {
            throw new ExpressionEvaluationException("Expression returned no value (" + nonNegativeValues.size() + ") in " + str);
        }
        if (nonNegativeValues.size() > 1) {
            throw new ExpressionEvaluationException("Expression returned more than one value (" + nonNegativeValues.size() + ") in " + str);
        }
        PrismPropertyValue prismPropertyValue = (PrismPropertyValue) nonNegativeValues.iterator().next();
        if (prismPropertyValue == null) {
            throw new ExpressionEvaluationException("Expression returned no value (" + nonNegativeValues.size() + ") in " + str);
        }
        Boolean bool = (Boolean) prismPropertyValue.getValue();
        if (bool == null) {
            throw new ExpressionEvaluationException("Expression returned no value (" + nonNegativeValues.size() + ") in " + str);
        }
        return bool.booleanValue();
    }

    public String generateTag(ResourceObjectMultiplicityType resourceObjectMultiplicityType, PrismObject<ShadowType> prismObject, PrismObject<ResourceType> prismObject2, PrismObject<SystemConfigurationType> prismObject3, String str, Task task, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        ExpressionType expression;
        if (resourceObjectMultiplicityType == null) {
            return null;
        }
        ShadowTagSpecificationType tag = resourceObjectMultiplicityType.getTag();
        if (tag != null && (expression = tag.getExpression()) != null) {
            PrismPropertyValue evaluateExpression = ExpressionUtil.evaluateExpression(ModelImplUtils.getDefaultExpressionVariables(null, prismObject, null, prismObject2, prismObject3, null, this.prismContext), this.prismContext.definitionFactory().createPropertyDefinition(ExpressionConstants.OUTPUT_ELEMENT_NAME, PrimitiveType.STRING.getQname()), expression, MiscSchemaUtil.getExpressionProfile(), this.expressionFactory, str, task, operationResult);
            if (evaluateExpression == null) {
                return null;
            }
            return (String) evaluateExpression.getRealValue();
        }
        return prismObject.getOid();
    }
}
