package com.evolveum.midpoint.model.impl.lens;

import com.evolveum.midpoint.model.impl.AbstractInternalModelIntegrationTest;
import com.evolveum.midpoint.schema.constants.ObjectTypes;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.internals.InternalMonitor;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentPolicyEnforcementType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.EvaluatedPolicyRuleTriggerType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.EvaluatedPolicyRuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyConstraintKindType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.io.File;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@ContextConfiguration(locations = {"classpath:ctx-model-test-main.xml"})
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
/* loaded from: input_file:com/evolveum/midpoint/model/impl/lens/TestPolicyStateRecording.class */
public class TestPolicyStateRecording extends AbstractLensTest {
    private static final String WRONG_URI = "http://test.org/wrong";
    private static String userBobOid;
    private static String userEveOid;
    private static String roleATest2aOid;
    private static String roleATest2bOid;
    private static String roleATest2cOid;
    private static String roleATest3aOid;
    private static String roleATest3bOid;
    private static String roleATest3xOid;
    private static String roleATest3yOid;
    private static String roleATestWrongOid;
    private static String metaroleCommonRulesOid;
    protected static final File TEST_DIR = new File(AbstractLensTest.TEST_DIR, "policy/state");
    private static final File USER_BOB_FILE = new File(TEST_DIR, "user-bob.xml");
    private static final File USER_EVE_FILE = new File(TEST_DIR, "user-eve.xml");
    private static final File ROLE_A_TEST_2A_FILE = new File(TEST_DIR, "a-test-2a.xml");
    private static final File ROLE_A_TEST_2B_FILE = new File(TEST_DIR, "a-test-2b.xml");
    private static final File ROLE_A_TEST_2C_FILE = new File(TEST_DIR, "a-test-2c.xml");
    private static final File ROLE_A_TEST_3A_FILE = new File(TEST_DIR, "a-test-3a.xml");
    private static final File ROLE_A_TEST_3B_FILE = new File(TEST_DIR, "a-test-3b.xml");
    private static final File ROLE_A_TEST_3X_FILE = new File(TEST_DIR, "a-test-3x.xml");
    private static final File ROLE_A_TEST_3Y_FILE = new File(TEST_DIR, "a-test-3y.xml");
    private static final File ROLE_A_TEST_WRONG_FILE = new File(TEST_DIR, "a-test-wrong.xml");
    private static final File METAROLE_COMMON_RULES_FILE = new File(TEST_DIR, "metarole-common-rules.xml");

    @Override // com.evolveum.midpoint.model.impl.lens.AbstractLensTest, com.evolveum.midpoint.model.impl.AbstractInternalModelIntegrationTest, com.evolveum.midpoint.model.impl.AbstractModelImplementationIntegrationTest
    public void initSystem(Task task, OperationResult operationResult) throws Exception {
        super.initSystem(task, operationResult);
        setDefaultUserTemplate(AbstractInternalModelIntegrationTest.USER_TEMPLATE_OID);
        addObject(ROLE_PIRATE_RECORD_ONLY_FILE);
        addObject(ROLE_JUDGE_RECORD_ONLY_FILE);
        assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL);
        metaroleCommonRulesOid = addAndRecompute(METAROLE_COMMON_RULES_FILE, task, operationResult);
        roleATest2aOid = addAndRecompute(ROLE_A_TEST_2A_FILE, task, operationResult);
        roleATest2bOid = addAndRecompute(ROLE_A_TEST_2B_FILE, task, operationResult);
        roleATest2cOid = addAndRecompute(ROLE_A_TEST_2C_FILE, task, operationResult);
        roleATest3xOid = addAndRecompute(ROLE_A_TEST_3X_FILE, task, operationResult);
        roleATest3yOid = addAndRecompute(ROLE_A_TEST_3Y_FILE, task, operationResult);
        roleATest3aOid = addAndRecompute(ROLE_A_TEST_3A_FILE, task, operationResult);
        roleATest3bOid = addAndRecompute(ROLE_A_TEST_3B_FILE, task, operationResult);
        roleATestWrongOid = addAndRecompute(ROLE_A_TEST_WRONG_FILE, task, operationResult);
        userBobOid = addAndRecompute(USER_BOB_FILE, task, operationResult);
        userEveOid = addAndRecompute(USER_EVE_FILE, task, operationResult);
        InternalMonitor.reset();
        DebugUtil.setPrettyPrintBeansAs("yaml");
    }

    @Test
    public void test100JackAssignRoleJudge() throws Exception {
        Task createPlainTask = createPlainTask();
        when();
        assignRole("c0c010c0-d34d-b33f-f00d-111111111111", "12345111-1111-2222-1111-121212111111", createPlainTask, createPlainTask.getResult());
        then();
        UserType asObjectable = getUser("c0c010c0-d34d-b33f-f00d-111111111111").asObjectable();
        display(AbstractInternalModelIntegrationTest.ACCOUNT_JACK_DUMMY_USERNAME, asObjectable);
        assertSuccess(createPlainTask.getResult());
        assertAssignedRole(asObjectable.asPrismObject(), "12345111-1111-2222-1111-121212111111");
        AssertJUnit.assertEquals("Wrong # of assignments", 1, asObjectable.getAssignment().size());
        AssertJUnit.assertEquals("Wrong policy situations", Collections.emptyList(), ((AssignmentType) asObjectable.getAssignment().get(0)).getPolicySituation());
        displayDumpable("Audit", this.dummyAuditService);
        this.dummyAuditService.assertExecutionRecords(1);
    }

    @Test
    public void test110JackAssignRolePirate() throws Exception {
        when();
        assignRole("c0c010c0-d34d-b33f-f00d-111111111111", "12345678-d34d-b33f-f00d-555555556666", getTestTask(), getTestOperationResult());
        then();
        UserType asObjectable = getUser("c0c010c0-d34d-b33f-f00d-111111111111").asObjectable();
        display(AbstractInternalModelIntegrationTest.ACCOUNT_JACK_DUMMY_USERNAME, asObjectable);
        assertSuccess(getTestOperationResult());
        assertAssignedRole(asObjectable.asPrismObject(), "12345678-d34d-b33f-f00d-555555556666");
        AssertJUnit.assertEquals("Wrong # of assignments", 2, asObjectable.getAssignment().size());
        Iterator it = asObjectable.getAssignment().iterator();
        while (it.hasNext()) {
            assertExclusionViolationState((AssignmentType) it.next());
        }
        displayDumpable("Audit", this.dummyAuditService);
        this.dummyAuditService.assertExecutionRecords(2);
    }

    @Test
    public void test120RecomputeJack() throws Exception {
        this.dummyAuditService.clear();
        when();
        executeChanges(this.prismContext.deltaFactory().object().createEmptyModifyDelta(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111111"), executeOptions().reconcile(), getTestTask(), getTestOperationResult());
        then();
        UserType asObjectable = getUser("c0c010c0-d34d-b33f-f00d-111111111111").asObjectable();
        display(AbstractInternalModelIntegrationTest.ACCOUNT_JACK_DUMMY_USERNAME, asObjectable);
        assertSuccess(getTestOperationResult());
        AssertJUnit.assertEquals("Wrong # of assignments", 2, asObjectable.getAssignment().size());
        Iterator it = asObjectable.getAssignment().iterator();
        while (it.hasNext()) {
            AssertJUnit.assertEquals("Wrong policy situations", Collections.singletonList(SchemaConstants.MODEL_POLICY_SITUATION_EXCLUSION_VIOLATION), ((AssignmentType) it.next()).getPolicySituation());
        }
        displayDumpable("Audit", this.dummyAuditService);
        this.dummyAuditService.assertExecutionRecords(1);
        this.dummyAuditService.assertExecutionDeltas(0);
    }

    @Test
    public void test130JackUnassignRolePirate() throws Exception {
        AssignmentType findAssignmentByTargetRequired = findAssignmentByTargetRequired(getUser("c0c010c0-d34d-b33f-f00d-111111111111").asObjectable().asPrismObject(), "12345678-d34d-b33f-f00d-555555556666");
        when();
        executeChangesAssertSuccess(this.prismContext.deltaFor(UserType.class).item(UserType.F_ASSIGNMENT).delete(new Object[]{findAssignmentByTargetRequired.clone()}).asObjectDeltaCast("c0c010c0-d34d-b33f-f00d-111111111111"), null, getTestTask(), getTestOperationResult());
        then();
        UserType asObjectable = getUser("c0c010c0-d34d-b33f-f00d-111111111111").asObjectable();
        display(AbstractInternalModelIntegrationTest.ACCOUNT_JACK_DUMMY_USERNAME, asObjectable);
        assertSuccess(getTestOperationResult());
        assertNotAssignedRole(asObjectable.asPrismObject(), "12345678-d34d-b33f-f00d-555555556666");
        AssertJUnit.assertEquals("Wrong # of assignments", 1, asObjectable.getAssignment().size());
        AssertJUnit.assertEquals("Wrong policy situations", Collections.emptyList(), ((AssignmentType) asObjectable.getAssignment().get(0)).getPolicySituation());
        displayDumpable("Audit", this.dummyAuditService);
        this.dummyAuditService.assertExecutionRecords(1);
    }

    @Test
    public void test200BobAssign2a3a() throws Exception {
        when();
        executeChangesAssertSuccess(this.prismContext.deltaFor(UserType.class).item(UserType.F_ASSIGNMENT).add(new Object[]{ObjectTypeUtil.createAssignmentTo(roleATest2aOid, ObjectTypes.ROLE, this.prismContext), ObjectTypeUtil.createAssignmentTo(roleATest3aOid, ObjectTypes.ROLE, this.prismContext)}).asObjectDeltaCast(userBobOid), null, getTestTask(), getTestOperationResult());
        then();
        UserType asObjectable = getUser(userBobOid).asObjectable();
        display("bob", asObjectable);
        assertSuccess(getTestOperationResult());
        assertAssignedRole(asObjectable.asPrismObject(), roleATest2aOid);
        assertAssignedRole(asObjectable.asPrismObject(), roleATest3aOid);
        AssertJUnit.assertEquals("Wrong # of assignments", 2, asObjectable.getAssignment().size());
        AssertJUnit.assertEquals("Wrong policy situations for assignment 1", Collections.emptyList(), ((AssignmentType) asObjectable.getAssignment().get(0)).getPolicySituation());
        AssertJUnit.assertEquals("Wrong policy situations for assignment 2", Collections.emptyList(), ((AssignmentType) asObjectable.getAssignment().get(1)).getPolicySituation());
        displayDumpable("Audit", this.dummyAuditService);
        this.dummyAuditService.assertExecutionRecords(1);
    }

    @Test
    public void test210BobAssign2b3b() throws Exception {
        when();
        executeChangesAssertSuccess(this.prismContext.deltaFor(UserType.class).item(UserType.F_ASSIGNMENT).add(new Object[]{ObjectTypeUtil.createAssignmentTo(roleATest2bOid, ObjectTypes.ROLE, this.prismContext), ObjectTypeUtil.createAssignmentTo(roleATest3bOid, ObjectTypes.ROLE, this.prismContext)}).asObjectDeltaCast(userBobOid), null, getTestTask(), getTestOperationResult());
        then();
        UserType asObjectable = getUser(userBobOid).asObjectable();
        display("bob", asObjectable);
        assertSuccess(getTestOperationResult());
        assertAssignedRole(asObjectable.asPrismObject(), roleATest2aOid);
        assertAssignedRole(asObjectable.asPrismObject(), roleATest2bOid);
        assertAssignedRole(asObjectable.asPrismObject(), roleATest3aOid);
        assertAssignedRole(asObjectable.asPrismObject(), roleATest3bOid);
        AssertJUnit.assertEquals("Wrong # of assignments", 4, asObjectable.getAssignment().size());
        displayDumpable("Audit", this.dummyAuditService);
        this.dummyAuditService.assertExecutionRecords(2);
        Iterator it = asObjectable.getAssignment().iterator();
        while (it.hasNext()) {
            assertExclusionViolationState((AssignmentType) it.next());
        }
    }

    private void assertExclusionViolationState(AssignmentType assignmentType) {
        AssertJUnit.assertEquals("Wrong policy situations", Collections.singletonList(SchemaConstants.MODEL_POLICY_SITUATION_EXCLUSION_VIOLATION), assignmentType.getPolicySituation());
        AssertJUnit.assertEquals("Wrong # of triggered policy rules in assignment " + assignmentType, 1, assignmentType.getTriggeredPolicyRule().size());
        List trigger = ((EvaluatedPolicyRuleType) assignmentType.getTriggeredPolicyRule().get(0)).getTrigger();
        AssertJUnit.assertEquals("Wrong # of triggers in triggered policy rule in assignment " + assignmentType, 1, trigger.size());
        AssertJUnit.assertEquals("Wrong type of trigger in " + assignmentType, PolicyConstraintKindType.EXCLUSION, ((EvaluatedPolicyRuleTriggerType) trigger.get(0)).getConstraintKind());
    }

    @Test
    public void test220AliceAssign2a2b() throws Exception {
        UserType assignment = this.prismContext.createObjectable(UserType.class).name("alice").assignment(ObjectTypeUtil.createAssignmentTo(roleATest2aOid, ObjectTypes.ROLE, this.prismContext)).assignment(ObjectTypeUtil.createAssignmentTo(roleATest2bOid, ObjectTypes.ROLE, this.prismContext));
        when();
        addObject(assignment.asPrismObject(), getTestTask(), getTestOperationResult());
        then();
        UserType asObjectable = getUser(assignment.getOid()).asObjectable();
        display("alice", asObjectable);
        assertSuccess(getTestOperationResult());
        assertAssignedRole(asObjectable.asPrismObject(), roleATest2aOid);
        assertAssignedRole(asObjectable.asPrismObject(), roleATest2bOid);
        AssertJUnit.assertEquals("Wrong # of assignments", 2, asObjectable.getAssignment().size());
        displayDumpable("Audit", this.dummyAuditService);
        this.dummyAuditService.assertExecutionRecords(2);
        Iterator it = asObjectable.getAssignment().iterator();
        while (it.hasNext()) {
            assertExclusionViolationState((AssignmentType) it.next());
        }
    }

    @Test
    public void test230ChuckAssign2a2b() throws Exception {
        AssignmentType createAssignmentTo = ObjectTypeUtil.createAssignmentTo(roleATest2aOid, ObjectTypes.ROLE, this.prismContext);
        createAssignmentTo.setId(100L);
        AssignmentType createAssignmentTo2 = ObjectTypeUtil.createAssignmentTo(roleATest2bOid, ObjectTypes.ROLE, this.prismContext);
        createAssignmentTo2.setId(101L);
        UserType assignment = this.prismContext.createObjectable(UserType.class).name("chuck").assignment(createAssignmentTo).assignment(createAssignmentTo2);
        when();
        addObject(assignment.asPrismObject(), getTestTask(), getTestOperationResult());
        then();
        UserType asObjectable = getUser(assignment.getOid()).asObjectable();
        display("chuck", asObjectable);
        assertSuccess(getTestOperationResult());
        assertAssignedRole(asObjectable.asPrismObject(), roleATest2aOid);
        assertAssignedRole(asObjectable.asPrismObject(), roleATest2bOid);
        AssertJUnit.assertEquals("Wrong # of assignments", 2, asObjectable.getAssignment().size());
        displayDumpable("Audit", this.dummyAuditService);
        this.dummyAuditService.assertExecutionRecords(2);
        Iterator it = asObjectable.getAssignment().iterator();
        while (it.hasNext()) {
            assertExclusionViolationState((AssignmentType) it.next());
        }
    }

    @Test
    public void test240DanAssign2a2b() throws Exception {
        AssignmentType createAssignmentTo = ObjectTypeUtil.createAssignmentTo(roleATest2aOid, ObjectTypes.ROLE, this.prismContext);
        createAssignmentTo.setId(100L);
        AssignmentType createAssignmentTo2 = ObjectTypeUtil.createAssignmentTo(roleATest2bOid, ObjectTypes.ROLE, this.prismContext);
        createAssignmentTo2.setId(101L);
        UserType assignment = this.prismContext.createObjectable(UserType.class).oid("207752fa-9559-496c-b04d-42b5e9af2779").name("dan").assignment(createAssignmentTo).assignment(createAssignmentTo2);
        when();
        addObject(assignment.asPrismObject(), getTestTask(), getTestOperationResult());
        then();
        UserType asObjectable = getUser(assignment.getOid()).asObjectable();
        display("dan", asObjectable);
        assertSuccess(getTestOperationResult());
        assertAssignedRole(asObjectable.asPrismObject(), roleATest2aOid);
        assertAssignedRole(asObjectable.asPrismObject(), roleATest2bOid);
        AssertJUnit.assertEquals("Wrong # of assignments", 2, asObjectable.getAssignment().size());
        displayDumpable("Audit", this.dummyAuditService);
        this.dummyAuditService.assertExecutionRecords(1);
        Iterator it = asObjectable.getAssignment().iterator();
        while (it.hasNext()) {
            assertExclusionViolationState((AssignmentType) it.next());
        }
    }

    @Test
    public void test250EveAssign2b() throws Exception {
        when();
        AssignmentType createAssignmentTo = ObjectTypeUtil.createAssignmentTo(roleATest2bOid, ObjectTypes.ROLE, this.prismContext);
        createAssignmentTo.setId(200L);
        executeChangesAssertSuccess(this.prismContext.deltaFor(UserType.class).item(UserType.F_ASSIGNMENT).add(new Object[]{createAssignmentTo}).asObjectDeltaCast(userEveOid), null, getTestTask(), getTestOperationResult());
        then();
        UserType asObjectable = getUser(userEveOid).asObjectable();
        display("eve after", asObjectable);
        assertSuccess(getTestOperationResult());
        assertAssignedRole(asObjectable.asPrismObject(), roleATest2aOid);
        assertAssignedRole(asObjectable.asPrismObject(), roleATest2bOid);
        AssertJUnit.assertEquals("Wrong # of assignments", 2, asObjectable.getAssignment().size());
        displayDumpable("Audit", this.dummyAuditService);
        this.dummyAuditService.assertExecutionRecords(1);
        Iterator it = asObjectable.getAssignment().iterator();
        while (it.hasNext()) {
            assertExclusionViolationState((AssignmentType) it.next());
        }
    }

    @Test
    public void test300MakeRoleWrong() throws Exception {
        when();
        executeChangesAssertSuccess(this.prismContext.deltaFor(RoleType.class).item(RoleType.F_DESCRIPTION).replace(new Object[]{"wrong"}).asObjectDeltaCast(roleATestWrongOid), null, getTestTask(), getTestOperationResult());
        then();
        RoleType asObjectable = getRole(roleATestWrongOid).asObjectable();
        display("role 'wrong'", asObjectable);
        assertSuccess(getTestOperationResult());
        AssertJUnit.assertEquals("Wrong policy situations for role", Collections.singletonList(WRONG_URI), asObjectable.getPolicySituation());
        displayDumpable("Audit", this.dummyAuditService);
        this.dummyAuditService.assertExecutionRecords(1);
    }

    @Test
    public void test310CreateWrongRole() throws Exception {
        RoleType assignment = this.prismContext.createObjectable(RoleType.class).name("wrong-2").description("wrong").assignment(ObjectTypeUtil.createAssignmentTo(metaroleCommonRulesOid, ObjectTypes.ROLE, this.prismContext));
        when();
        addObject(assignment.asPrismObject(), getTestTask(), getTestOperationResult());
        then();
        RoleType asObjectable = getRole(assignment.getOid()).asObjectable();
        display("role 'wrong-2'", asObjectable);
        assertSuccess(getTestOperationResult());
        AssertJUnit.assertEquals("Wrong policy situations for role", Collections.singletonList(WRONG_URI), asObjectable.getPolicySituation());
        displayDumpable("Audit", this.dummyAuditService);
        this.dummyAuditService.assertExecutionRecords(2);
    }

    @Test
    public void test320CreateWrongRoleKnownOid() throws Exception {
        AssignmentType createAssignmentTo = ObjectTypeUtil.createAssignmentTo(metaroleCommonRulesOid, ObjectTypes.ROLE, this.prismContext);
        createAssignmentTo.setId(300L);
        RoleType assignment = this.prismContext.createObjectable(RoleType.class).name("wrong-3").oid("df6c6bdc-f938-4afc-98f3-10d18ceda274").description("wrong").assignment(createAssignmentTo);
        when();
        addObject(assignment.asPrismObject(), getTestTask(), getTestOperationResult());
        then();
        RoleType asObjectable = getRole(assignment.getOid()).asObjectable();
        display("role 'wrong-3'", asObjectable);
        assertSuccess(getTestOperationResult());
        AssertJUnit.assertEquals("Wrong policy situations for role", Collections.singletonList(WRONG_URI), asObjectable.getPolicySituation());
        displayDumpable("Audit", this.dummyAuditService);
        this.dummyAuditService.assertExecutionRecords(1);
    }
}
