package com.evolveum.midpoint.model.intest.password;

import com.evolveum.icf.dummy.resource.ConflictException;
import com.evolveum.icf.dummy.resource.SchemaViolationException;
import com.evolveum.midpoint.model.api.ModelExecuteOptions;
import com.evolveum.midpoint.model.intest.AbstractConfiguredModelIntegrationTest;
import com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismReferenceValue;
import com.evolveum.midpoint.prism.PrismValue;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.delta.builder.DeltaBuilder;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.util.PrismAsserts;
import com.evolveum.midpoint.prism.util.PrismTestUtil;
import com.evolveum.midpoint.prism.xml.XmlTypeConverter;
import com.evolveum.midpoint.provisioning.api.ItemComparisonResult;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.SelectorOptions;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.internals.InternalsConfig;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.MiscSchemaUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.test.IntegrationTestTools;
import com.evolveum.midpoint.test.util.MidPointTestConstants;
import com.evolveum.midpoint.test.util.TestUtil;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccountActivationNotifierType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentPolicyEnforcementType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsStorageTypeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.EventHandlerType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MetadataType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemObjectsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.io.File;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.xml.datatype.Duration;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@ContextConfiguration(locations = {"classpath:ctx-model-intest-test-main.xml"})
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
/* loaded from: input_file:com/evolveum/midpoint/model/intest/password/AbstractPasswordTest.class */
public abstract class AbstractPasswordTest extends AbstractInitializedModelIntegrationTest {
    protected static final String USER_PASSWORD_1_CLEAR = "d3adM3nT3llN0Tal3s";
    protected static final String USER_PASSWORD_2_CLEAR = "bl4ckP3arl";
    protected static final String USER_PASSWORD_3_CLEAR = "wh3r3sTheRum?";
    protected static final String USER_PASSWORD_4_CLEAR = "sh1v3rM3T1mb3rs";
    protected static final String USER_PASSWORD_5_CLEAR = "s3tSa1al";
    protected static final String USER_PASSWORD_AA_CLEAR = "AA";
    protected static final String USER_PASSWORD_A_CLEAR = "A";
    protected static final String USER_PASSWORD_JACK_CLEAR = "12jAcK34";
    protected static final String USER_PASSWORD_SPARROW_CLEAR = "spaRRow123";
    protected static final String USER_PASSWORD_VALID_1 = "abcd123";
    protected static final String USER_PASSWORD_VALID_2 = "abcd223";
    protected static final String USER_PASSWORD_VALID_3 = "abcd323";
    protected static final String USER_PASSWORD_VALID_4 = "abcd423";
    protected static final String PASSWORD_ALLIGATOR = "all1g4t0r";
    protected static final String PASSWORD_CROCODILE = "cr0c0d1l3";
    protected static final String PASSWORD_GIANT_LIZARD = "G14NTl1z4rd";
    protected static final String RESOURCE_DUMMY_UGLY_OID = "10000000-0000-0000-0000-000000344104";
    protected static final String RESOURCE_DUMMY_UGLY_NAME = "ugly";
    protected static final String RESOURCE_DUMMY_LIFECYCLE_OID = "519f131a-147b-11e7-a270-c38e2b225751";
    protected static final String RESOURCE_DUMMY_LIFECYCLE_NAME = "lifecycle";
    protected static final String RESOURCE_DUMMY_SOUVENIR_OID = "f4fd7e90-ff6a-11e7-a504-4b84f92fec0e";
    protected static final String RESOURCE_DUMMY_SOUVENIR_NAME = "souvenir";
    protected static final String RESOURCE_DUMMY_MAVERICK_OID = "72a928b6-ff7b-11e7-9643-7366d7749c31";
    protected static final String RESOURCE_DUMMY_MAVERICK_NAME = "maverick";
    protected static final String PASSWORD_POLICY_UGLY_OID = "cfb3fa9e-027a-11e7-8e2c-dbebaacaf4ee";
    protected static final String PASSWORD_POLICY_MAVERICK_OID = "b26d2bd4-ff83-11e7-94b3-8fa7a87aac6c";
    protected static final String SECURITY_POLICY_DEFAULT_STORAGE_HASHING_OID = "0ea3b93c-0425-11e7-bbc1-73566dc53d59";
    protected static final String SECURITY_POLICY_PASSWORD_STORAGE_NONE_OID = "2997a20a-0423-11e7-af65-a7ab7d19442c";
    protected static final String USER_JACK_EMPLOYEE_NUMBER_NEW_BAD = "No1";
    protected static final String USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD = "pir321";
    protected static final String USER_RAPP_EMAIL = "rapp.scallion@evolveum.com";
    public static final String PASSWORD_HELLO_WORLD = "H3ll0w0rld";
    protected String accountJackOid;
    protected String accountJackRedOid;
    protected String accountJackBlueOid;
    protected String accountJackUglyOid;
    protected String accountJackBlackOid;
    protected String accountJackYellowOid;
    protected String accountJackSouvenirOid;
    protected String accountJackMaverickOid;
    protected XMLGregorianCalendar lastPasswordChangeStart;
    protected XMLGregorianCalendar lastPasswordChangeEnd;
    public static final File TEST_DIR = new File(MidPointTestConstants.TEST_RESOURCES_DIR, "password");
    protected static final File RESOURCE_DUMMY_UGLY_FILE = new File(TEST_DIR, "resource-dummy-ugly.xml");
    protected static final File RESOURCE_DUMMY_LIFECYCLE_FILE = new File(TEST_DIR, "resource-dummy-lifecycle.xml");
    protected static final File RESOURCE_DUMMY_SOUVENIR_FILE = new File(TEST_DIR, "resource-dummy-souvenir.xml");
    protected static final File RESOURCE_DUMMY_MAVERICK_FILE = new File(TEST_DIR, "resource-dummy-maverick.xml");
    protected static final File PASSWORD_POLICY_UGLY_FILE = new File(TEST_DIR, "password-policy-ugly.xml");
    protected static final File PASSWORD_POLICY_MAVERICK_FILE = new File(TEST_DIR, "password-policy-maverick.xml");
    protected static final File SECURITY_POLICY_DEFAULT_STORAGE_HASHING_FILE = new File(TEST_DIR, "security-policy-default-storage-hashing.xml");
    protected static final File SECURITY_POLICY_PASSWORD_STORAGE_NONE_FILE = new File(TEST_DIR, "security-policy-password-storage-none.xml");

    @Override // com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest, com.evolveum.midpoint.model.intest.AbstractConfiguredModelIntegrationTest
    public void initSystem(Task task, OperationResult operationResult) throws Exception {
        InternalsConfig.setAvoidLoggingChange(true);
        super.initSystem(task, operationResult);
        importObjectFromFile(PASSWORD_POLICY_UGLY_FILE);
        importObjectFromFile(SECURITY_POLICY_DEFAULT_STORAGE_HASHING_FILE);
        importObjectFromFile(SECURITY_POLICY_PASSWORD_STORAGE_NONE_FILE);
        setGlobalSecurityPolicy(getSecurityPolicyOid(), operationResult);
        initDummyResourcePirate(RESOURCE_DUMMY_UGLY_NAME, RESOURCE_DUMMY_UGLY_FILE, RESOURCE_DUMMY_UGLY_OID, task, operationResult);
        initDummyResourcePirate(RESOURCE_DUMMY_LIFECYCLE_NAME, RESOURCE_DUMMY_LIFECYCLE_FILE, RESOURCE_DUMMY_LIFECYCLE_OID, task, operationResult);
        initDummyResourcePirate(RESOURCE_DUMMY_SOUVENIR_NAME, RESOURCE_DUMMY_SOUVENIR_FILE, RESOURCE_DUMMY_SOUVENIR_OID, task, operationResult);
        importObjectFromFile(PASSWORD_POLICY_MAVERICK_FILE);
        initDummyResourcePirate(RESOURCE_DUMMY_MAVERICK_NAME, RESOURCE_DUMMY_MAVERICK_FILE, RESOURCE_DUMMY_MAVERICK_OID, task, operationResult);
        login("administrator");
    }

    protected abstract String getSecurityPolicyOid();

    @Test
    public void test000Sanity() throws Exception {
        displayTestTitle("test000Sanity");
        AccountActivationNotifierType accountActivationNotifierType = null;
        SystemConfigurationType asObjectable = getObject(SystemConfigurationType.class, SystemObjectsType.SYSTEM_CONFIGURATION.value()).asObjectable();
        IntegrationTestTools.displayXml("system config", asObjectable.asPrismObject());
        for (EventHandlerType eventHandlerType : asObjectable.getNotificationConfiguration().getHandler()) {
            display("Handler: ", eventHandlerType);
            List accountActivationNotifier = eventHandlerType.getAccountActivationNotifier();
            if (!accountActivationNotifier.isEmpty()) {
                accountActivationNotifierType = (AccountActivationNotifierType) accountActivationNotifier.get(0);
            }
        }
        display("Account activation notifier", accountActivationNotifierType);
        AssertJUnit.assertNotNull("No accountActivationNotifier", accountActivationNotifierType);
    }

    @Test
    public void test010AddPasswordPolicy() throws Exception {
        displayTestTitle("test010AddPasswordPolicy");
        Task createTask = createTask("test010AddPasswordPolicy");
        OperationResult result = createTask.getResult();
        assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
        PrismObject addObject = addObject(PASSWORD_POLICY_GLOBAL_FILE, createTask, result);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        AssertJUnit.assertEquals("Wrong OID after add", "12344321-0000-0000-0000-000000000003", addObject.getOid());
        this.repositoryService.getObject(ValuePolicyType.class, "12344321-0000-0000-0000-000000000003", (Collection) null, result);
    }

    @Test
    public void test050CheckJackPassword() throws Exception {
        displayTestTitle("test050CheckJackPassword");
        createTask("test050CheckJackPassword").getResult();
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertUserJack(user, "Jack Sparrow");
        assertUserPassword(user, AbstractConfiguredModelIntegrationTest.USER_JACK_PASSWORD, CredentialsStorageTypeType.ENCRYPTION);
    }

    @Test
    public void test051ModifyUserJackPassword() throws Exception {
        displayTestTitle("test051ModifyUserJackPassword");
        Task createTask = createTask("test051ModifyUserJackPassword");
        OperationResult result = createTask.getResult();
        prepareTest();
        XMLGregorianCalendar currentTimeXMLGregorianCalendar = this.clock.currentTimeXMLGregorianCalendar();
        displayWhen("test051ModifyUserJackPassword");
        modifyUserChangePassword(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, USER_PASSWORD_1_CLEAR, createTask, result);
        displayThen("test051ModifyUserJackPassword");
        assertSuccess(result);
        XMLGregorianCalendar currentTimeXMLGregorianCalendar2 = this.clock.currentTimeXMLGregorianCalendar();
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertUserJack(user, "Jack Sparrow");
        assertUserPassword(user, USER_PASSWORD_1_CLEAR);
        assertPasswordMetadata(user, false, currentTimeXMLGregorianCalendar, currentTimeXMLGregorianCalendar2);
        assertPasswordHistoryEntries(user, new String[0]);
        assertSingleUserPasswordNotification("jack", USER_PASSWORD_1_CLEAR);
    }

    @Test
    public void test060CheckJackPasswordModelInteraction() throws Exception {
        displayTestTitle("test060CheckJackPasswordModelInteraction");
        if (getPasswordStorageType() == CredentialsStorageTypeType.NONE) {
            return;
        }
        Task createTask = createTask(AbstractPasswordTest.class.getName() + ".test060CheckJackPasswordModelInteraction");
        OperationResult result = createTask.getResult();
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue(USER_PASSWORD_1_CLEAR);
        AssertJUnit.assertTrue("Good password check failed", this.modelInteractionService.checkPassword(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, protectedStringType, createTask, result));
        ProtectedStringType protectedStringType2 = new ProtectedStringType();
        protectedStringType2.setClearValue("this is not a password");
        AssertJUnit.assertFalse("Bad password check failed", this.modelInteractionService.checkPassword(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, protectedStringType2, createTask, result));
        AssertJUnit.assertFalse("Empty password check failed", this.modelInteractionService.checkPassword(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, new ProtectedStringType(), createTask, result));
        AssertJUnit.assertFalse("Null password check failed", this.modelInteractionService.checkPassword(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, (ProtectedStringType) null, createTask, result));
    }

    @Test
    public void test070AddUserHerman() throws Exception {
        displayTestTitle("test070AddUserHerman");
        Task createTask = createTask("test070AddUserHerman");
        OperationResult result = createTask.getResult();
        prepareTest();
        XMLGregorianCalendar currentTimeXMLGregorianCalendar = this.clock.currentTimeXMLGregorianCalendar();
        TestUtil.displayWhen("test070AddUserHerman");
        addObject(USER_HERMAN_FILE, createTask, result);
        TestUtil.displayThen("test070AddUserHerman");
        result.computeStatus();
        TestUtil.assertSuccess("executeChanges result", result);
        XMLGregorianCalendar currentTimeXMLGregorianCalendar2 = this.clock.currentTimeXMLGregorianCalendar();
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111122");
        display("User after", user);
        assertUser(user, "c0c010c0-d34d-b33f-f00d-111111111122", "herman", "Herman Toothrot", "Herman", "Toothrot");
        assertUserPassword(user, "m0nk3y");
        assertPasswordMetadata(user, true, currentTimeXMLGregorianCalendar, currentTimeXMLGregorianCalendar2);
        assertPasswordHistoryEntries(user, new String[0]);
        assertSingleUserPasswordNotification("herman", "m0nk3y");
    }

    @Test
    public void test100JackAssignAccountDummy() throws Exception {
        displayTestTitle("test100JackAssignAccountDummy");
        Task createTask = createTask("test100JackAssignAccountDummy");
        OperationResult result = createTask.getResult();
        prepareTest();
        XMLGregorianCalendar currentTimeXMLGregorianCalendar = this.clock.currentTimeXMLGregorianCalendar();
        assignAccount(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "10000000-0000-0000-0000-000000000004", null, createTask, result);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        XMLGregorianCalendar currentTimeXMLGregorianCalendar2 = this.clock.currentTimeXMLGregorianCalendar();
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertUserJack(user);
        this.accountJackOid = getSingleLinkOid(user);
        PrismObject<ShadowType> object = this.repositoryService.getObject(ShadowType.class, this.accountJackOid, (Collection) null, result);
        display("Repo shadow", object);
        assertDummyAccountShadowRepo(object, this.accountJackOid, "jack");
        assertShadowPasswordMetadata(object, currentTimeXMLGregorianCalendar, currentTimeXMLGregorianCalendar2, false, true);
        assertShadowLifecycle(object, false);
        PrismObject<ShadowType> object2 = this.modelService.getObject(ShadowType.class, this.accountJackOid, (Collection) null, createTask, result);
        display("Model shadow", object2);
        assertDummyAccountShadowModel(object2, this.accountJackOid, "jack", "Jack Sparrow");
        assertShadowPasswordMetadata(object2, currentTimeXMLGregorianCalendar, currentTimeXMLGregorianCalendar2, false, true);
        assertShadowLifecycle(object2, false);
        assertDefaultDummyAccount("jack", "Jack Sparrow", true);
        assertDummyPasswordConditional("jack", USER_PASSWORD_1_CLEAR);
        assertSingleAccountPasswordNotificationConditional(null, "jack", USER_PASSWORD_1_CLEAR);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test110ModifyUserJackPassword() throws Exception {
        displayTestTitle("test110ModifyUserJackPassword");
        Task createTask = createTask("test110ModifyUserJackPassword");
        OperationResult result = createTask.getResult();
        prepareTest();
        this.lastPasswordChangeStart = this.clock.currentTimeXMLGregorianCalendar();
        modifyUserChangePassword(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, USER_PASSWORD_2_CLEAR, createTask, result);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        this.lastPasswordChangeEnd = this.clock.currentTimeXMLGregorianCalendar();
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertUserJack(user, "Jack Sparrow");
        assertUserPassword(user, USER_PASSWORD_2_CLEAR);
        assertDummyPassword("jack", USER_PASSWORD_2_CLEAR);
        assertPasswordMetadata(user, false, this.lastPasswordChangeStart, this.lastPasswordChangeEnd);
        PrismObject<ShadowType> object = this.repositoryService.getObject(ShadowType.class, this.accountJackOid, (Collection) null, result);
        display("Repo shadow", object);
        assertDummyAccountShadowRepo(object, this.accountJackOid, "jack");
        assertShadowPasswordMetadata(object, this.lastPasswordChangeStart, this.lastPasswordChangeEnd, true, false);
        assertShadowLifecycle(object, false);
        PrismObject<ShadowType> object2 = this.modelService.getObject(ShadowType.class, this.accountJackOid, (Collection) null, createTask, result);
        display("Model shadow", object2);
        assertDummyAccountShadowModel(object2, this.accountJackOid, "jack", "Jack Sparrow");
        assertShadowPasswordMetadata(object2, this.lastPasswordChangeStart, this.lastPasswordChangeEnd, true, false);
        assertShadowLifecycle(object2, false);
        assertSingleAccountPasswordNotification(null, "jack", USER_PASSWORD_2_CLEAR);
        assertSingleUserPasswordNotification("jack", USER_PASSWORD_2_CLEAR);
    }

    @Test
    public void test111ModifyAccountJackPassword() throws Exception {
        displayTestTitle("test111ModifyAccountJackPassword");
        Task createTask = createTask("test111ModifyAccountJackPassword");
        OperationResult result = createTask.getResult();
        prepareTest();
        modifyAccountChangePassword(this.accountJackOid, USER_PASSWORD_3_CLEAR, createTask, result);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertUserJack(user, "Jack Sparrow");
        assertUserPassword(user, USER_PASSWORD_2_CLEAR);
        assertDummyPassword("jack", USER_PASSWORD_3_CLEAR);
        assertPasswordMetadata(user, false, this.lastPasswordChangeStart, this.lastPasswordChangeEnd);
        assertSingleAccountPasswordNotification(null, "jack", USER_PASSWORD_3_CLEAR);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test112ModifyJackPasswordUserAndAccount() throws Exception {
        displayTestTitle("test112ModifyJackPasswordUserAndAccount");
        Task createTask = createTask("test112ModifyJackPasswordUserAndAccount");
        OperationResult result = createTask.getResult();
        prepareTest();
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue(USER_PASSWORD_4_CLEAR);
        ObjectDelta createModifyUserReplaceDelta = createModifyUserReplaceDelta(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, PASSWORD_VALUE_PATH, new Object[]{protectedStringType});
        ProtectedStringType protectedStringType2 = new ProtectedStringType();
        protectedStringType2.setClearValue(USER_PASSWORD_5_CLEAR);
        Collection createCollection = MiscSchemaUtil.createCollection(new ObjectDelta[]{createModifyAccountShadowReplaceDelta(this.accountJackOid, getDummyResourceObject(), PASSWORD_VALUE_PATH, new Object[]{protectedStringType2}), createModifyUserReplaceDelta});
        this.lastPasswordChangeStart = this.clock.currentTimeXMLGregorianCalendar();
        this.modelService.executeChanges(createCollection, (ModelExecuteOptions) null, createTask, result);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        this.lastPasswordChangeEnd = this.clock.currentTimeXMLGregorianCalendar();
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertUserJack(user, "Jack Sparrow");
        assertUserPassword(user, USER_PASSWORD_4_CLEAR);
        assertDummyPassword("jack", USER_PASSWORD_5_CLEAR);
        assertPasswordMetadata(user, false, this.lastPasswordChangeStart, this.lastPasswordChangeEnd);
        assertSingleAccountPasswordNotification(null, "jack", USER_PASSWORD_5_CLEAR);
        assertSingleUserPasswordNotification("jack", USER_PASSWORD_4_CLEAR);
    }

    @Test
    public void test120JackAssignAccountDummyRedAndUgly() throws Exception {
        displayTestTitle("test120JackAssignAccountDummyRedAndUgly");
        Task createTask = createTask("test120JackAssignAccountDummyRedAndUgly");
        OperationResult result = createTask.getResult();
        prepareTest();
        assignAccount(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "10000000-0000-0000-0000-000000000104", null, createTask, result);
        assignAccount(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, RESOURCE_DUMMY_UGLY_OID, null, createTask, result);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertUserJack(user);
        assertLinks(user, 3);
        this.accountJackRedOid = getLinkRefOid(user, "10000000-0000-0000-0000-000000000104");
        this.accountJackUglyOid = getLinkRefOid(user, RESOURCE_DUMMY_UGLY_OID);
        assertDummyAccount("red", "jack", "Jack Sparrow", true);
        assertDummyPasswordConditional("red", "jack", USER_PASSWORD_4_CLEAR);
        assertDummyAccount(RESOURCE_DUMMY_UGLY_NAME, "jack", null, true);
        assertDummyPasswordConditional(RESOURCE_DUMMY_UGLY_NAME, "jack", AbstractConfiguredModelIntegrationTest.USER_JACK_EMPLOYEE_NUMBER);
        assertUserPassword(user, USER_PASSWORD_4_CLEAR);
        assertDummyPassword("jack", USER_PASSWORD_5_CLEAR);
        assertPasswordMetadata(user, false, this.lastPasswordChangeStart, this.lastPasswordChangeEnd);
        if (isPasswordEncryption()) {
            assertAccountPasswordNotifications(2);
            assertHasAccountPasswordNotification("red", "jack", USER_PASSWORD_4_CLEAR);
            assertHasAccountPasswordNotification(RESOURCE_DUMMY_UGLY_NAME, "jack", AbstractConfiguredModelIntegrationTest.USER_JACK_EMPLOYEE_NUMBER);
        } else {
            assertSingleAccountPasswordNotification(RESOURCE_DUMMY_UGLY_NAME, "jack", AbstractConfiguredModelIntegrationTest.USER_JACK_EMPLOYEE_NUMBER);
        }
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test121ModifyJackPasswordUserAndAccountRed() throws Exception {
        displayTestTitle("test121ModifyJackPasswordUserAndAccountRed");
        Task createTask = createTask("test121ModifyJackPasswordUserAndAccountRed");
        OperationResult result = createTask.getResult();
        prepareTest();
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue(USER_PASSWORD_1_CLEAR);
        ObjectDelta createModifyUserReplaceDelta = createModifyUserReplaceDelta(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, PASSWORD_VALUE_PATH, new Object[]{protectedStringType});
        ProtectedStringType protectedStringType2 = new ProtectedStringType();
        protectedStringType2.setClearValue(USER_PASSWORD_2_CLEAR);
        Collection createCollection = MiscSchemaUtil.createCollection(new ObjectDelta[]{createModifyUserReplaceDelta, createModifyAccountShadowReplaceDelta(this.accountJackRedOid, getDummyResourceObject(), PASSWORD_VALUE_PATH, new Object[]{protectedStringType2})});
        this.lastPasswordChangeStart = this.clock.currentTimeXMLGregorianCalendar();
        this.modelService.executeChanges(createCollection, (ModelExecuteOptions) null, createTask, result);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        this.lastPasswordChangeEnd = this.clock.currentTimeXMLGregorianCalendar();
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertUserJack(user, "Jack Sparrow");
        assertUserPassword(user, USER_PASSWORD_1_CLEAR);
        assertDummyPassword("red", "jack", USER_PASSWORD_1_CLEAR);
        assertDummyPassword("jack", USER_PASSWORD_1_CLEAR);
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", AbstractConfiguredModelIntegrationTest.USER_JACK_EMPLOYEE_NUMBER);
        assertLinks(user, 3);
        assertPasswordMetadata(user, false, this.lastPasswordChangeStart, this.lastPasswordChangeEnd);
        displayAccountPasswordNotifications();
        assertAccountPasswordNotifications(2);
        assertHasAccountPasswordNotification(null, "jack", USER_PASSWORD_1_CLEAR);
        assertHasAccountPasswordNotification("red", "jack", USER_PASSWORD_1_CLEAR);
        assertSingleUserPasswordNotification("jack", USER_PASSWORD_1_CLEAR);
    }

    @Test
    public void test122ModifyAccountUglyJackPasswordBad() throws Exception {
        displayTestTitle("test122ModifyAccountUglyJackPasswordBad");
        prepareTest();
        Task createTask = createTask(AbstractPasswordTest.class.getName() + ".test122ModifyAccountUglyJackPasswordBad");
        OperationResult result = createTask.getResult();
        try {
            displayWhen("test122ModifyAccountUglyJackPasswordBad");
            modifyAccountChangePassword(this.accountJackUglyOid, "#badPassword!", createTask, result);
            fail("Expected policy violation because password doesn't satisfy password policy but didn't get one.");
        } catch (PolicyViolationException e) {
            displayThen("test122ModifyAccountUglyJackPasswordBad");
            assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", AbstractConfiguredModelIntegrationTest.USER_JACK_EMPLOYEE_NUMBER);
        }
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test125ModifyJackEmployeeNumberBad() throws Exception {
        displayTestTitle("test125ModifyJackEmployeeNumberBad");
        Task createTask = createTask("test125ModifyJackEmployeeNumberBad");
        OperationResult result = createTask.getResult();
        prepareTest();
        try {
            modifyUserReplace(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_EMPLOYEE_NUMBER, createTask, result, new Object[]{USER_JACK_EMPLOYEE_NUMBER_NEW_BAD});
            assertNotReached();
        } catch (PolicyViolationException e) {
            display("Expected exception", e);
        }
        result.computeStatus();
        TestUtil.assertFailure(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user);
        assertUserPassword(user, USER_PASSWORD_1_CLEAR);
        assertDummyPassword("red", "jack", USER_PASSWORD_1_CLEAR);
        assertDummyPassword("jack", USER_PASSWORD_1_CLEAR);
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", AbstractConfiguredModelIntegrationTest.USER_JACK_EMPLOYEE_NUMBER);
        assertLinks(user, 3);
        assertPasswordMetadata(user, false, this.lastPasswordChangeStart, this.lastPasswordChangeEnd);
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test128ModifyJackEmployeeNumberGood() throws Exception {
        displayTestTitle("test128ModifyJackEmployeeNumberGood");
        Task createTask = createTask("test128ModifyJackEmployeeNumberGood");
        OperationResult result = createTask.getResult();
        prepareTest();
        modifyUserReplace(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_EMPLOYEE_NUMBER, createTask, result, new Object[]{USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD});
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user);
        assertUserPassword(user, USER_PASSWORD_1_CLEAR);
        assertDummyPassword("red", "jack", USER_PASSWORD_1_CLEAR);
        assertDummyPassword("jack", USER_PASSWORD_1_CLEAR);
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
        assertLinks(user, 3);
        assertPasswordMetadata(user, false, this.lastPasswordChangeStart, this.lastPasswordChangeEnd);
        assertSingleAccountPasswordNotification(RESOURCE_DUMMY_UGLY_NAME, "jack", USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test130JackAssignAccountDummyBlack() throws Exception {
        displayTestTitle("test130JackAssignAccountDummyBlack");
        Task createTask = createTask("test130JackAssignAccountDummyBlack");
        OperationResult result = createTask.getResult();
        prepareTest();
        assignAccount(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "10000000-0000-0000-0000-000000000305", null, createTask, result);
        assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertLinks(user, 4);
        this.accountJackBlackOid = getLinkRefOid(user, "10000000-0000-0000-0000-000000000305");
        assertDummyAccount("black", "jack", "Jack Sparrow", true);
        assertDummyPasswordConditional("black", "jack", USER_PASSWORD_1_CLEAR);
        assertUserPassword(user, USER_PASSWORD_1_CLEAR);
        assertDummyAccount("red", "jack", "Jack Sparrow", true);
        assertDummyPassword("red", "jack", USER_PASSWORD_1_CLEAR);
        assertDummyPassword("jack", USER_PASSWORD_1_CLEAR);
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
        assertPasswordMetadata(user, false, this.lastPasswordChangeStart, this.lastPasswordChangeEnd);
        assertPasswordHistoryEntries(user, new String[0]);
        assertSingleAccountPasswordNotificationConditional("black", "jack", USER_PASSWORD_1_CLEAR);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test132ModifyAccountBlackJackPasswordBad() throws Exception {
        displayTestTitle("test132ModifyAccountBlackJackPasswordBad");
        Task createTask = createTask(AbstractPasswordTest.class.getName() + ".test132ModifyAccountBlackJackPasswordBad");
        OperationResult result = createTask.getResult();
        prepareTest();
        try {
            displayWhen("test132ModifyAccountBlackJackPasswordBad");
            modifyAccountChangePassword(this.accountJackBlackOid, USER_PASSWORD_A_CLEAR, createTask, result);
            fail("Expected policy violation because password doesn't satisfy password policy but didn't get one.");
        } catch (PolicyViolationException e) {
            displayThen("test132ModifyAccountBlackJackPasswordBad");
            assertDummyPasswordConditional("black", "jack", USER_PASSWORD_1_CLEAR);
        }
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test139JackUnassignAccountDummyBlack() throws Exception {
        displayTestTitle("test139JackUnassignAccountDummyBlack");
        Task createTask = createTask("test139JackUnassignAccountDummyBlack");
        OperationResult result = createTask.getResult();
        prepareTest();
        unassignAccount(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "10000000-0000-0000-0000-000000000305", null, createTask, result);
        assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertLinks(user, 3);
        assertNotLinked(user, this.accountJackBlackOid);
        assertNoDummyAccount("black", "jack");
        assertUserPassword(user, USER_PASSWORD_1_CLEAR);
        assertDummyAccount("red", "jack", "Jack Sparrow", true);
        assertDummyPassword("red", "jack", USER_PASSWORD_1_CLEAR);
        assertDummyPassword("jack", USER_PASSWORD_1_CLEAR);
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
        assertPasswordMetadata(user, false, this.lastPasswordChangeStart, this.lastPasswordChangeEnd);
        assertPasswordHistoryEntries(user, new String[0]);
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test140JackAssignAccountDummyYellow() throws Exception {
        displayTestTitle("test140JackAssignAccountDummyYellow");
        Task createTask = createTask("test140JackAssignAccountDummyYellow");
        OperationResult result = createTask.getResult();
        prepareTest();
        displayWhen("test140JackAssignAccountDummyYellow");
        assignAccount(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "10000000-0000-0000-0000-000000000704", null, createTask, result);
        displayThen("test140JackAssignAccountDummyYellow");
        assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertLinks(user, 4);
        this.accountJackYellowOid = getLinkRefOid(user, "10000000-0000-0000-0000-000000000704");
        display("Yellow dummy account", assertDummyAccount("yellow", "jack", "Jack Sparrow", true));
        assertDummyPasswordConditionalGenerated("yellow", "jack", USER_PASSWORD_1_CLEAR);
        assertUserPassword(user, USER_PASSWORD_1_CLEAR);
        assertDummyAccount("red", "jack", "Jack Sparrow", true);
        assertDummyPassword("red", "jack", USER_PASSWORD_1_CLEAR);
        assertDummyPassword("jack", USER_PASSWORD_1_CLEAR);
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
        assertPasswordMetadata(user, false, this.lastPasswordChangeStart, this.lastPasswordChangeEnd);
        assertPasswordHistoryEntries(user, new String[0]);
        displayAccountPasswordNotifications();
        assertSingleAccountPasswordNotificationConditionalGenerated("yellow", "jack", USER_PASSWORD_1_CLEAR);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test142ModifyUserJackPasswordAA() throws Exception {
        displayTestTitle("test142ModifyUserJackPasswordAA");
        Task createTask = createTask("test142ModifyUserJackPasswordAA");
        OperationResult result = createTask.getResult();
        prepareTest();
        this.lastPasswordChangeStart = this.clock.currentTimeXMLGregorianCalendar();
        displayWhen("test142ModifyUserJackPasswordAA");
        modifyUserChangePassword(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, USER_PASSWORD_AA_CLEAR, createTask, result);
        displayThen("test142ModifyUserJackPasswordAA");
        result.computeStatus();
        TestUtil.assertPartialError(result);
        this.lastPasswordChangeEnd = this.clock.currentTimeXMLGregorianCalendar();
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertLinks(user, 4);
        assertDummyAccount("yellow", "jack", "Jack Sparrow", true);
        assertDummyPasswordConditional("yellow", "jack", USER_PASSWORD_1_CLEAR);
        assertDummyAccount("red", "jack", "Jack Sparrow", true);
        assertDummyPassword("red", "jack", USER_PASSWORD_AA_CLEAR);
        assertUserPassword(user, USER_PASSWORD_AA_CLEAR);
        assertDummyPassword("jack", USER_PASSWORD_AA_CLEAR);
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
        assertPasswordHistoryEntries(user, new String[0]);
        displayAccountPasswordNotifications();
        displayUserPasswordNotifications();
        assertAccountPasswordNotifications(2);
        assertHasAccountPasswordNotification(null, "jack", USER_PASSWORD_AA_CLEAR);
        assertHasAccountPasswordNotification("red", "jack", USER_PASSWORD_AA_CLEAR);
        assertSingleUserPasswordNotification("jack", USER_PASSWORD_AA_CLEAR);
    }

    @Test
    public void test200ApplyPasswordPolicyHistoryLength() throws Exception {
        displayTestTitle("test200ApplyPasswordPolicyHistoryLength");
        Task createTask = createTask("test200ApplyPasswordPolicyHistoryLength");
        OperationResult result = createTask.getResult();
        prepareTest();
        displayWhen("test200ApplyPasswordPolicyHistoryLength");
        applyPasswordPolicy("12344321-0000-0000-0000-000000000003", getSecurityPolicyOid(), createTask, result);
        modifyObjectReplaceProperty(SecurityPolicyType.class, getSecurityPolicyOid(), new ItemPath(new QName[]{SecurityPolicyType.F_CREDENTIALS, CredentialsPolicyType.F_PASSWORD, PasswordCredentialsPolicyType.F_HISTORY_LENGTH}), createTask, result, new Object[]{3});
        displayThen("test200ApplyPasswordPolicyHistoryLength");
        assertSuccess(result);
    }

    @Test
    public void test204UnassignAccountRed() throws Exception {
        displayTestTitle("test204UnassignAccountRed");
        Task createTask = createTask("test204UnassignAccountRed");
        OperationResult result = createTask.getResult();
        prepareTest();
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User before", user);
        assertLinks(user, 4);
        ObjectDelta createAccountAssignmentUserDelta = createAccountAssignmentUserDelta(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "10000000-0000-0000-0000-000000000104", null, false);
        ObjectDelta createDeleteDelta = ObjectDelta.createDeleteDelta(ShadowType.class, this.accountJackRedOid, this.prismContext);
        displayWhen("test204UnassignAccountRed");
        this.modelService.executeChanges(MiscSchemaUtil.createCollection(new ObjectDelta[]{createAccountAssignmentUserDelta, createDeleteDelta}), (ModelExecuteOptions) null, createTask, result);
        displayThen("test204UnassignAccountRed");
        assertSuccess(result);
        PrismObject user2 = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user2);
        assertLinks(user2, 3);
        assertNotLinked(user2, this.accountJackRedOid);
        assertNoDummyAccount("red", "jack");
        assertDummyAccount("yellow", "jack", "Jack Sparrow", true);
        assertDummyPasswordConditional("yellow", "jack", USER_PASSWORD_1_CLEAR);
        assertUserPassword(user2, USER_PASSWORD_AA_CLEAR);
        assertDummyPassword("jack", USER_PASSWORD_AA_CLEAR);
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
        assertPasswordHistoryEntries(user2, new String[0]);
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test206ReconcileUserJack() throws Exception {
        displayTestTitle("test206ReconcileUserJack");
        Task createTask = createTask("test206ReconcileUserJack");
        OperationResult result = createTask.getResult();
        prepareTest();
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User before", user);
        assertLinks(user, 3);
        reconcileUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user2 = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user2);
        assertLinks(user2, 3);
        assertDummyAccount("yellow", "jack", "Jack Sparrow", true);
        assertDummyPasswordConditional("yellow", "jack", USER_PASSWORD_1_CLEAR);
        assertUserPassword(user2, USER_PASSWORD_AA_CLEAR);
        assertDummyPassword("jack", USER_PASSWORD_AA_CLEAR);
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
        assertPasswordHistoryEntries(user2, new String[0]);
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test210ModifyUserJackPasswordGood() throws Exception {
        doTestModifyUserJackPasswordSuccessWithHistory("test210ModifyUserJackPasswordGood", USER_PASSWORD_VALID_1, USER_PASSWORD_AA_CLEAR);
    }

    @Test
    public void test212ReconcileUserJack() throws Exception {
        displayTestTitle("test212ReconcileUserJack");
        Task createTask = createTask("test212ReconcileUserJack");
        OperationResult result = createTask.getResult();
        prepareTest();
        reconcileUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        assertJackPasswordsWithHistory(USER_PASSWORD_VALID_1, USER_PASSWORD_AA_CLEAR);
    }

    @Test
    public void test214RecomputeUserJack() throws Exception {
        displayTestTitle("test214RecomputeUserJack");
        Task createTask = createTask("test214RecomputeUserJack");
        OperationResult result = createTask.getResult();
        prepareTest();
        recomputeUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        assertJackPasswordsWithHistory(USER_PASSWORD_VALID_1, USER_PASSWORD_AA_CLEAR);
    }

    @Test
    public void test220ModifyUserJackPasswordBadA() throws Exception {
        doTestModifyUserJackPasswordFailureWithHistory("test220ModifyUserJackPasswordBadA", USER_PASSWORD_1_CLEAR, USER_PASSWORD_VALID_1, USER_PASSWORD_AA_CLEAR);
    }

    @Test
    public void test222ModifyUserJackPasswordBadContainer() throws Exception {
        displayTestTitle("test222ModifyUserJackPasswordBadContainer");
        Task createTask = createTask("test222ModifyUserJackPasswordBadContainer");
        OperationResult result = createTask.getResult();
        prepareTest();
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue(USER_PASSWORD_1_CLEAR);
        PasswordType passwordType = new PasswordType();
        passwordType.setValue(protectedStringType);
        try {
            this.modelService.executeChanges(MiscSchemaUtil.createCollection(new ObjectDelta[]{ObjectDelta.createModificationReplaceContainer(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID, new ItemPath(new QName[]{UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD}), this.prismContext, new PasswordType[]{passwordType})}), (ModelExecuteOptions) null, createTask, result);
            AssertJUnit.fail("Unexpected success");
        } catch (PolicyViolationException e) {
            display("Expected exception", e);
        }
        result.computeStatus();
        TestUtil.assertFailure(result);
        assertJackPasswordsWithHistory(USER_PASSWORD_VALID_1, USER_PASSWORD_AA_CLEAR);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test224ModifyUserJackPasswordBadJack() throws Exception {
        doTestModifyUserJackPasswordFailureWithHistory("test224ModifyUserJackPasswordBadJack", USER_PASSWORD_JACK_CLEAR, USER_PASSWORD_VALID_1, USER_PASSWORD_AA_CLEAR);
    }

    @Test
    public void test226ModifyUserJackPasswordBadSparrow() throws Exception {
        doTestModifyUserJackPasswordFailureWithHistory("test226ModifyUserJackPasswordBadSparrow", USER_PASSWORD_SPARROW_CLEAR, USER_PASSWORD_VALID_1, USER_PASSWORD_AA_CLEAR);
    }

    @Test
    public void test230ModifyUserJackPasswordGoodAgain() throws Exception {
        doTestModifyUserJackPasswordSuccessWithHistory("test230ModifyUserJackPasswordGoodAgain", USER_PASSWORD_VALID_2, USER_PASSWORD_AA_CLEAR, USER_PASSWORD_VALID_1);
    }

    @Test
    public void test235ModifyUserJackPasswordGoodSameAsCurrent() throws Exception {
        doTestModifyUserJackPasswordFailureWithHistory("test235ModifyUserJackPasswordGoodSameAsCurrent", USER_PASSWORD_VALID_2, USER_PASSWORD_VALID_2, USER_PASSWORD_AA_CLEAR, USER_PASSWORD_VALID_1);
    }

    @Test
    public void test236ModifyUserJackPasswordGoodInHistory() throws Exception {
        doTestModifyUserJackPasswordFailureWithHistory("test236ModifyUserJackPasswordGoodInHistory", USER_PASSWORD_VALID_1, USER_PASSWORD_VALID_2, USER_PASSWORD_AA_CLEAR, USER_PASSWORD_VALID_1);
    }

    @Test
    public void test237ModifyUserJackPasswordBadInHistory() throws Exception {
        doTestModifyUserJackPasswordFailureWithHistory("test237ModifyUserJackPasswordBadInHistory", USER_PASSWORD_AA_CLEAR, USER_PASSWORD_VALID_2, USER_PASSWORD_AA_CLEAR, USER_PASSWORD_VALID_1);
    }

    @Test
    public void test240ModifyUserJackPasswordGoodAgainOverHistory() throws Exception {
        doTestModifyUserJackPasswordSuccessWithHistory("test240ModifyUserJackPasswordGoodAgainOverHistory", USER_PASSWORD_VALID_3, USER_PASSWORD_VALID_1, USER_PASSWORD_VALID_2);
    }

    @Test
    public void test241ModifyUserJackPasswordGoodAgainOverHistoryAgain() throws Exception {
        doTestModifyUserJackPasswordSuccessWithHistory("test241ModifyUserJackPasswordGoodAgainOverHistoryAgain", USER_PASSWORD_VALID_4, USER_PASSWORD_VALID_2, USER_PASSWORD_VALID_3);
    }

    @Test
    public void test248ModifyUserJackPasswordGoodReuse() throws Exception {
        doTestModifyUserJackPasswordSuccessWithHistory("test248ModifyUserJackPasswordGoodReuse", USER_PASSWORD_VALID_1, USER_PASSWORD_VALID_3, USER_PASSWORD_VALID_4);
    }

    private void doTestModifyUserJackPasswordSuccessWithHistory(String str, String str2, String... strArr) throws Exception {
        displayTestTitle(str);
        Task createTask = createTask(str);
        OperationResult result = createTask.getResult();
        prepareTest();
        this.lastPasswordChangeStart = this.clock.currentTimeXMLGregorianCalendar();
        modifyUserChangePassword(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, str2, createTask, result);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        this.lastPasswordChangeEnd = this.clock.currentTimeXMLGregorianCalendar();
        assertJackPasswordsWithHistory(str2, strArr);
        displayAccountPasswordNotifications();
        assertAccountPasswordNotifications(2);
        assertHasAccountPasswordNotification(null, "jack", str2);
        assertHasAccountPasswordNotification("yellow", "jack", str2);
        assertSingleUserPasswordNotification("jack", str2);
    }

    private void doTestModifyUserJackPasswordFailureWithHistory(String str, String str2, String str3, String... strArr) throws Exception {
        displayTestTitle(str);
        Task createTask = createTask(str);
        OperationResult result = createTask.getResult();
        prepareTest();
        try {
            modifyUserChangePassword(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, str2, createTask, result);
            AssertJUnit.fail("Unexpected success");
        } catch (PolicyViolationException e) {
            display("Exected exception", e);
        }
        result.computeStatus();
        TestUtil.assertFailure(result);
        assertJackPasswordsWithHistory(str3, strArr);
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    private void assertJackPasswordsWithHistory(String str, String... strArr) throws Exception {
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertLinks(user, 3);
        this.accountJackYellowOid = getLinkRefOid(user, "10000000-0000-0000-0000-000000000704");
        assertUserPassword(user, str);
        assertPasswordMetadata(user, false, this.lastPasswordChangeStart, this.lastPasswordChangeEnd);
        assertDummyPassword("jack", str);
        assertDummyAccount("yellow", "jack", "Jack Sparrow", true);
        assertDummyPassword("yellow", "jack", str);
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
        assertPasswordHistoryEntries(user, strArr);
    }

    @Test
    public void test300TwoParentOrgRefs() throws Exception {
        displayTestTitle("test300TwoParentOrgRefs");
        Task createTask = createTask("test300TwoParentOrgRefs");
        OperationResult result = createTask.getResult();
        prepareTest();
        assignOrg(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "00000000-8888-6666-0000-100000000001", null);
        assignOrg(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "00000000-8888-6666-0000-100000000001", SchemaConstants.ORG_MANAGER);
        UserType asObjectable = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID).asObjectable();
        display("jack", asObjectable);
        AssertJUnit.assertEquals("Wrong # of parentOrgRefs", 2, asObjectable.getParentOrgRef().size());
        executeChanges(DeltaBuilder.deltaFor(OrgType.class, this.prismContext).item(new QName[]{OrgType.F_PASSWORD_POLICY_REF}).replace(new PrismValue[]{new PrismReferenceValue("12344321-0000-0000-0000-000000000003")}).asObjectDelta("00000000-8888-6666-0000-100000000001"), null, createTask, result);
        OrgType asObjectable2 = getObject(OrgType.class, "00000000-8888-6666-0000-100000000001").asObjectable();
        display("governor's office", asObjectable2);
        AssertJUnit.assertEquals("Wrong OID of password policy ref", "12344321-0000-0000-0000-000000000003", asObjectable2.getPasswordPolicyRef().getOid());
        try {
            modifyUserChangePassword(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, USER_PASSWORD_1_CLEAR, createTask, result);
            AssertJUnit.fail("Unexpected success");
        } catch (PolicyViolationException e) {
            display("Expected exception", e);
        }
        result.computeStatus();
        TestUtil.assertFailure(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertLinks(user, 3);
        assertUserPassword(user, USER_PASSWORD_VALID_1);
        assertPasswordMetadata(user, false, this.lastPasswordChangeStart, this.lastPasswordChangeEnd);
        assertDummyPassword("jack", USER_PASSWORD_VALID_1);
        assertDummyAccount("yellow", "jack", "Jack Sparrow", true);
        assertDummyPassword("yellow", "jack", USER_PASSWORD_VALID_1);
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test310PreparePasswordStrengthTests() throws Exception {
        displayTestTitle("test310PreparePasswordStrengthTests");
        Task createTask = createTask("test310PreparePasswordStrengthTests");
        OperationResult result = createTask.getResult();
        prepareTest();
        unassignAccount(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "10000000-0000-0000-0000-000000000704", null, createTask, result);
        unassignOrg(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "00000000-8888-6666-0000-100000000001", null, createTask, result);
        unassignOrg(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "00000000-8888-6666-0000-100000000001", SchemaConstants.ORG_MANAGER, createTask, result);
        modifyObjectReplaceReference(SystemConfigurationType.class, SystemObjectsType.SYSTEM_CONFIGURATION.value(), SystemConfigurationType.F_GLOBAL_PASSWORD_POLICY_REF, createTask, result, new PrismReferenceValue[0]);
        displayWhen("test310PreparePasswordStrengthTests");
        assignAccount(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "10000000-0000-0000-0000-000000000104", null, createTask, result);
        assignAccount(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "10000000-0000-0000-0000-000000000204", null, createTask, result);
        displayThen("test310PreparePasswordStrengthTests");
        assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertUserPassword(user, USER_PASSWORD_VALID_1);
        assertLinks(user, 4);
        assertDummyPassword("jack", USER_PASSWORD_VALID_1);
        assertDummyAccount("red", "jack", "Jack Sparrow", true);
        assertDummyPasswordConditional("red", "jack", USER_PASSWORD_VALID_1);
        assertDummyAccount("blue", "jack", "Jack Sparrow", true);
        assert31xBluePasswordAfterAssignment(user);
        assertNoDummyAccount("yellow", "jack");
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
        if (isPasswordEncryption()) {
            assertAccountPasswordNotifications(2);
            assertHasAccountPasswordNotification("red", "jack", USER_PASSWORD_VALID_1);
            assertHasAccountPasswordNotification("blue", "jack", USER_PASSWORD_VALID_1);
        } else {
            assertNoAccountPasswordNotifications();
        }
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test312ChangeUserPassword() throws Exception {
        displayTestTitle("test312ChangeUserPassword");
        Task createTask = createTask("test312ChangeUserPassword");
        OperationResult result = createTask.getResult();
        prepareTest();
        TestUtil.displayWhen("test312ChangeUserPassword");
        modifyUserChangePassword(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, USER_PASSWORD_VALID_2, createTask, result);
        TestUtil.displayThen("test312ChangeUserPassword");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertUserPassword(user, USER_PASSWORD_VALID_2);
        assertLinks(user, 4);
        assertDummyPassword("jack", USER_PASSWORD_VALID_2);
        assertDummyAccount("red", "jack", "Jack Sparrow", true);
        assertDummyPasswordConditional("red", "jack", USER_PASSWORD_VALID_2);
        assertDummyAccount("blue", "jack", "Jack Sparrow", true);
        assert31xBluePasswordAfterPasswordChange(user);
        assertNoDummyAccount("yellow", "jack");
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
        displayAccountPasswordNotifications();
        if (isPasswordEncryption()) {
            assertAccountPasswordNotifications(2);
            assertHasAccountPasswordNotification(null, "jack", USER_PASSWORD_VALID_2);
            assertHasAccountPasswordNotification("red", "jack", USER_PASSWORD_VALID_2);
        } else {
            assertAccountPasswordNotifications(3);
            assertHasAccountPasswordNotification(null, "jack", USER_PASSWORD_VALID_2);
            assertHasAccountPasswordNotification("red", "jack", USER_PASSWORD_VALID_2);
            assertHasAccountPasswordNotification("blue", "jack", USER_PASSWORD_VALID_2);
        }
        assertSingleUserPasswordNotification("jack", USER_PASSWORD_VALID_2);
    }

    protected abstract void assert31xBluePasswordAfterAssignment(PrismObject<UserType> prismObject) throws Exception;

    protected abstract void assert31xBluePasswordAfterPasswordChange(PrismObject<UserType> prismObject) throws Exception;

    @Test
    public void test314RemovePasswordFail() throws Exception {
        displayTestTitle("test314RemovePasswordFail");
        Task createTask = createTask("test314RemovePasswordFail");
        OperationResult result = createTask.getResult();
        prepareTest();
        setPasswordMinOccurs(1, createTask, result);
        try {
            TestUtil.displayWhen("test314RemovePasswordFail");
            try {
                modifyUserReplace(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, PASSWORD_VALUE_PATH, createTask, result, new Object[0]);
                fail("unexpected success");
            } catch (PolicyViolationException e) {
                assertMessage(e, "Provided password does not satisfy the policies: The value must be present.");
            }
            assertNoUserPasswordNotifications();
        } finally {
            setPasswordMinOccurs(null, createTask, result);
        }
    }

    private void setPasswordMinOccurs(Integer num, Task task, OperationResult operationResult) throws CommonException {
        executeChanges(DeltaBuilder.deltaFor(SecurityPolicyType.class, this.prismContext).item(new QName[]{SecurityPolicyType.F_CREDENTIALS, CredentialsPolicyType.F_PASSWORD, PasswordCredentialsPolicyType.F_MIN_OCCURS}).replace(new Object[]{num}).asObjectDeltaCast(getSecurityPolicyOid()), null, task, operationResult);
    }

    @Test
    public void test315RemovePassword() throws Exception {
        displayTestTitle("test315RemovePassword");
        Task createTask = createTask("test315RemovePassword");
        OperationResult result = createTask.getResult();
        prepareTest();
        TestUtil.displayWhen("test315RemovePassword");
        modifyUserReplace(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, PASSWORD_VALUE_PATH, createTask, result, new Object[0]);
        TestUtil.displayThen("test315RemovePassword");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        AssertJUnit.assertNull("User password is not null", user.asObjectable().getCredentials().getPassword().getValue());
        assertLinks(user, 4);
        assertDummyPassword("jack", null);
        assertDummyAccount("red", "jack", "Jack Sparrow", true);
        assertDummyPasswordConditional("red", "jack", null);
        assertDummyAccount("blue", "jack", "Jack Sparrow", true);
        assert31xBluePasswordAfterPasswordChange(user);
        assertNoDummyAccount("yellow", "jack");
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
        displayAllNotifications();
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test316UserRecompute() throws Exception {
        displayTestTitle("test316UserRecompute");
        Task createTask = createTask("test316UserRecompute");
        OperationResult result = createTask.getResult();
        prepareTest();
        TestUtil.displayWhen("test316UserRecompute");
        recomputeUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
        TestUtil.displayThen("test316UserRecompute");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        AssertJUnit.assertNotNull("User password is still null", user.asObjectable().getCredentials().getPassword().getValue());
        assertLinks(user, 4);
        assertDummyPassword("jack", null);
        assertDummyAccount("red", "jack", "Jack Sparrow", true);
        assertDummyPassword("red", "jack", null);
        assertDummyAccount("blue", "jack", "Jack Sparrow", true);
        assert31xBluePasswordAfterPasswordChange(user);
        assertNoDummyAccount("yellow", "jack");
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
        displayAccountPasswordNotifications();
        assertNoAccountPasswordNotifications();
        assertUserPasswordNotifications(1);
    }

    @Test
    public void test318ChangeUserPassword() throws Exception {
        displayTestTitle("test318ChangeUserPassword");
        Task createTask = createTask("test318ChangeUserPassword");
        OperationResult result = createTask.getResult();
        prepareTest();
        TestUtil.displayWhen("test318ChangeUserPassword");
        modifyUserChangePassword(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, USER_PASSWORD_VALID_3, createTask, result);
        TestUtil.displayThen("test318ChangeUserPassword");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertUserPassword(user, USER_PASSWORD_VALID_3);
        assertLinks(user, 4);
        assertDummyPassword("jack", USER_PASSWORD_VALID_3);
        assertDummyAccount("red", "jack", "Jack Sparrow", true);
        assertDummyPassword("red", "jack", USER_PASSWORD_VALID_3);
        assertDummyAccount("blue", "jack", "Jack Sparrow", true);
        assert31xBluePasswordAfterPasswordChange(user);
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
        displayAccountPasswordNotifications();
        assertAccountPasswordNotifications(2);
        assertHasAccountPasswordNotification(null, "jack", USER_PASSWORD_VALID_3);
        assertHasAccountPasswordNotification("red", "jack", USER_PASSWORD_VALID_3);
        assertSingleUserPasswordNotification("jack", USER_PASSWORD_VALID_3);
    }

    @Test
    public void test320ChangeEmployeeNumber() throws Exception {
        displayTestTitle("test320ChangeEmployeeNumber");
        Task createTask = createTask("test320ChangeEmployeeNumber");
        OperationResult result = createTask.getResult();
        prepareTest();
        TestUtil.displayWhen("test320ChangeEmployeeNumber");
        modifyUserReplace(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_EMPLOYEE_NUMBER, createTask, result, new Object[]{"emp0000"});
        TestUtil.displayThen("test320ChangeEmployeeNumber");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertUserPassword(user, USER_PASSWORD_VALID_3);
        assertDummyPassword("jack", USER_PASSWORD_VALID_3);
        assert31xBluePasswordAfterPasswordChange(user);
        assertDummyPassword("red", "jack", USER_PASSWORD_VALID_3);
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", "emp0000");
        assertSingleAccountPasswordNotification(RESOURCE_DUMMY_UGLY_NAME, "jack", "emp0000");
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test330RemoveEmployeeNumber() throws Exception {
        displayTestTitle("test330RemoveEmployeeNumber");
        Task createTask = createTask("test330RemoveEmployeeNumber");
        OperationResult result = createTask.getResult();
        prepareTest();
        TestUtil.displayWhen("test330RemoveEmployeeNumber");
        modifyUserReplace(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_EMPLOYEE_NUMBER, createTask, result, new Object[0]);
        TestUtil.displayThen("test330RemoveEmployeeNumber");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after change execution", user);
        assertUserPassword(user, USER_PASSWORD_VALID_3);
        assertDummyPassword("jack", USER_PASSWORD_VALID_3);
        assert31xBluePasswordAfterPasswordChange(user);
        assertDummyPassword("red", "jack", USER_PASSWORD_VALID_3);
        assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, "jack", null);
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test400AddUserRappWithAssignment() throws Exception {
        displayTestTitle("test400AddUserRappWithAssignment");
        Task createTask = createTask("test400AddUserRappWithAssignment");
        OperationResult result = createTask.getResult();
        PrismObject parseObject = PrismTestUtil.parseObject(USER_RAPP_FILE);
        AssignmentType createConstructionAssignment = createConstructionAssignment("10000000-0000-0000-0000-000000000004", null, null);
        UserType asObjectable = parseObject.asObjectable();
        asObjectable.fullName(createPolyStringType("Rapp Scallion")).emailAddress(USER_RAPP_EMAIL);
        asObjectable.getAssignment().add(createConstructionAssignment);
        setPassword(parseObject, USER_PASSWORD_VALID_1);
        display("User before", parseObject);
        TestUtil.displayWhen("test400AddUserRappWithAssignment");
        addObject(parseObject, createTask, result);
        TestUtil.displayThen("test400AddUserRappWithAssignment");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-11111111c008");
        display("User after", user);
        String singleLinkOid = getSingleLinkOid(user);
        PrismObject<ShadowType> object = this.repositoryService.getObject(ShadowType.class, singleLinkOid, (Collection) null, result);
        assertDummyAccountShadowRepo(object, singleLinkOid, "rapp");
        assertShadowLifecycle(object, true);
        PrismObject<ShadowType> object2 = this.modelService.getObject(ShadowType.class, singleLinkOid, (Collection) null, createTask, result);
        assertDummyAccountShadowModel(object2, singleLinkOid, "rapp", "Rapp Scallion");
        assertShadowLifecycle(object2, true);
        assertDefaultDummyAccount("rapp", "Rapp Scallion", true);
        assertDummyPassword(null, "rapp", USER_PASSWORD_VALID_1);
        assertSingleAccountPasswordNotification(null, "rapp", USER_PASSWORD_VALID_1);
        assertSingleUserPasswordNotification("rapp", USER_PASSWORD_VALID_1);
    }

    @Test
    public void test401UserRappRecompute() throws Exception {
        displayTestTitle("test401UserRappRecompute");
        Task createTask = createTask("test401UserRappRecompute");
        OperationResult result = createTask.getResult();
        prepareTest();
        displayWhen("test401UserRappRecompute");
        recomputeUser("c0c010c0-d34d-b33f-f00d-11111111c008", createTask, result);
        displayThen("test401UserRappRecompute");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-11111111c008");
        display("User after", user);
        String singleLinkOid = getSingleLinkOid(user);
        PrismObject<ShadowType> object = this.repositoryService.getObject(ShadowType.class, singleLinkOid, (Collection) null, result);
        assertDummyAccountShadowRepo(object, singleLinkOid, "rapp");
        assertShadowLifecycle(object, true);
        PrismObject<ShadowType> object2 = this.modelService.getObject(ShadowType.class, singleLinkOid, (Collection) null, createTask, result);
        assertDummyAccountShadowModel(object2, singleLinkOid, "rapp", "Rapp Scallion");
        assertShadowLifecycle(object2, true);
        assertDefaultDummyAccount("rapp", "Rapp Scallion", true);
        assertDummyPassword(null, "rapp", USER_PASSWORD_VALID_1);
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test402AssignRappDummyRed() throws Exception {
        displayTestTitle("test402AssignRappDummyRed");
        Task createTask = createTask("test402AssignRappDummyRed");
        OperationResult result = createTask.getResult();
        prepareTest();
        display("User before", getUser("c0c010c0-d34d-b33f-f00d-11111111c008"));
        displayWhen("test402AssignRappDummyRed");
        assignAccount("c0c010c0-d34d-b33f-f00d-11111111c008", "10000000-0000-0000-0000-000000000104", null, createTask, result);
        displayThen("test402AssignRappDummyRed");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-11111111c008");
        display("User after", user);
        assertLinks(user, 2);
        String linkRefOid = getLinkRefOid(user, "10000000-0000-0000-0000-000000000004");
        String linkRefOid2 = getLinkRefOid(user, "10000000-0000-0000-0000-000000000104");
        assertDummyAccount("red", "rapp", "Rapp Scallion", true);
        assertDummyPasswordConditional("red", "rapp", USER_PASSWORD_VALID_1);
        PrismObject object = this.repositoryService.getObject(ShadowType.class, linkRefOid2, (Collection) null, result);
        display("Repo shadow RED", object);
        assertAccountShadowRepo(object, linkRefOid2, "rapp", getDummyResourceType("red"));
        assertShadowLifecycle((PrismObject<ShadowType>) object, false);
        PrismObject object2 = this.modelService.getObject(ShadowType.class, linkRefOid2, (Collection) null, createTask, result);
        display("Model shadow RED", object2);
        assertAccountShadowModel(object2, linkRefOid2, "rapp", getDummyResourceType("red"));
        assertShadowLifecycle((PrismObject<ShadowType>) object2, false);
        PrismObject<ShadowType> object3 = this.repositoryService.getObject(ShadowType.class, linkRefOid, (Collection) null, result);
        assertDummyAccountShadowRepo(object3, linkRefOid, "rapp");
        assertShadowLifecycle(object3, (String) null);
        PrismObject<ShadowType> object4 = this.modelService.getObject(ShadowType.class, linkRefOid, (Collection) null, createTask, result);
        assertDummyAccountShadowModel(object4, linkRefOid, "rapp", "Rapp Scallion");
        assertShadowLifecycle(object4, (String) null);
        assertUserPassword(user, USER_PASSWORD_VALID_1);
        assertDefaultDummyAccount("rapp", "Rapp Scallion", true);
        assertDummyPassword(null, "rapp", USER_PASSWORD_VALID_1);
        displayAllNotifications();
        assertSingleAccountPasswordNotificationConditional("red", "rapp", USER_PASSWORD_VALID_1);
        assertAccountActivationNotification("red", "rapp");
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test403UserRappRecompute() throws Exception {
        displayTestTitle("test403UserRappRecompute");
        Task createTask = createTask("test403UserRappRecompute");
        OperationResult result = createTask.getResult();
        prepareTest();
        display("User before", getUser("c0c010c0-d34d-b33f-f00d-11111111c008"));
        displayWhen("test403UserRappRecompute");
        recomputeUser("c0c010c0-d34d-b33f-f00d-11111111c008", createTask, result);
        displayThen("test403UserRappRecompute");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-11111111c008");
        display("User after", user);
        assertLinks(user, 2);
        String linkRefOid = getLinkRefOid(user, "10000000-0000-0000-0000-000000000004");
        String linkRefOid2 = getLinkRefOid(user, "10000000-0000-0000-0000-000000000104");
        assertDummyAccount("red", "rapp", "Rapp Scallion", true);
        assertDummyPasswordConditional("red", "rapp", USER_PASSWORD_VALID_1);
        PrismObject object = this.repositoryService.getObject(ShadowType.class, linkRefOid2, (Collection) null, result);
        display("Repo shadow RED", object);
        assertAccountShadowRepo(object, linkRefOid2, "rapp", getDummyResourceType("red"));
        assertShadowLifecycle((PrismObject<ShadowType>) object, false);
        PrismObject object2 = this.modelService.getObject(ShadowType.class, linkRefOid2, (Collection) null, createTask, result);
        display("Model shadow RED", object2);
        assertAccountShadowModel(object2, linkRefOid2, "rapp", getDummyResourceType("red"));
        assertShadowLifecycle((PrismObject<ShadowType>) object2, false);
        PrismObject<ShadowType> object3 = this.repositoryService.getObject(ShadowType.class, linkRefOid, (Collection) null, result);
        assertDummyAccountShadowRepo(object3, linkRefOid, "rapp");
        assertShadowLifecycle(object3, (String) null);
        PrismObject<ShadowType> object4 = this.modelService.getObject(ShadowType.class, linkRefOid, (Collection) null, createTask, result);
        assertDummyAccountShadowModel(object4, linkRefOid, "rapp", "Rapp Scallion");
        assertShadowLifecycle(object4, (String) null);
        assertUserPassword(user, USER_PASSWORD_VALID_1);
        assertDefaultDummyAccount("rapp", "Rapp Scallion", true);
        assertDummyPassword(null, "rapp", USER_PASSWORD_VALID_1);
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test404InitializeRappDummyRed() throws Exception {
        displayTestTitle("test404InitializeRappDummyRed");
        Task createTask = createTask("test404InitializeRappDummyRed");
        OperationResult result = createTask.getResult();
        prepareTest();
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-11111111c008");
        display("User before", user);
        String linkRefOid = getLinkRefOid(user, "10000000-0000-0000-0000-000000000104");
        ObjectDelta<ShadowType> createAccountInitializationDelta = createAccountInitializationDelta(linkRefOid, USER_PASSWORD_VALID_1);
        displayWhen("test404InitializeRappDummyRed");
        executeChanges(createAccountInitializationDelta, null, createTask, result);
        displayThen("test404InitializeRappDummyRed");
        assertSuccess(result);
        PrismObject user2 = getUser("c0c010c0-d34d-b33f-f00d-11111111c008");
        display("User after", user2);
        assertLinks(user2, 2);
        String linkRefOid2 = getLinkRefOid(user2, "10000000-0000-0000-0000-000000000004");
        getLinkRefOid(user2, "10000000-0000-0000-0000-000000000104");
        assertDummyAccount("red", "rapp", "Rapp Scallion", true);
        assertDummyPassword("red", "rapp", USER_PASSWORD_VALID_1);
        PrismObject object = this.repositoryService.getObject(ShadowType.class, linkRefOid, (Collection) null, result);
        display("Repo shadow RED", object);
        assertAccountShadowRepo(object, linkRefOid, "rapp", getDummyResourceType("red"));
        assertShadowLifecycle((PrismObject<ShadowType>) object, "active");
        PrismObject object2 = this.modelService.getObject(ShadowType.class, linkRefOid, (Collection) null, createTask, result);
        display("Model shadow RED", object2);
        assertAccountShadowModel(object2, linkRefOid, "rapp", getDummyResourceType("red"));
        assertShadowLifecycle((PrismObject<ShadowType>) object2, "active");
        PrismObject<ShadowType> object3 = this.repositoryService.getObject(ShadowType.class, linkRefOid2, (Collection) null, result);
        assertDummyAccountShadowRepo(object3, linkRefOid2, "rapp");
        assertShadowLifecycle(object3, (String) null);
        PrismObject<ShadowType> object4 = this.modelService.getObject(ShadowType.class, linkRefOid2, (Collection) null, createTask, result);
        assertDummyAccountShadowModel(object4, linkRefOid2, "rapp", "Rapp Scallion");
        assertShadowLifecycle(object4, (String) null);
        assertUserPassword(user2, USER_PASSWORD_VALID_1);
        assertDefaultDummyAccount("rapp", "Rapp Scallion", true);
        assertDummyPassword(null, "rapp", USER_PASSWORD_VALID_1);
        assertSingleAccountInitializationPasswordNotification("red", "rapp", USER_PASSWORD_VALID_1);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test405UserRappRecompute() throws Exception {
        displayTestTitle("test405UserRappRecompute");
        Task createTask = createTask("test405UserRappRecompute");
        OperationResult result = createTask.getResult();
        prepareTest();
        display("User before", getUser("c0c010c0-d34d-b33f-f00d-11111111c008"));
        TestUtil.displayWhen("test405UserRappRecompute");
        recomputeUser("c0c010c0-d34d-b33f-f00d-11111111c008", createTask, result);
        TestUtil.displayThen("test405UserRappRecompute");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-11111111c008");
        display("User after", user);
        assertLinks(user, 2);
        String linkRefOid = getLinkRefOid(user, "10000000-0000-0000-0000-000000000004");
        String linkRefOid2 = getLinkRefOid(user, "10000000-0000-0000-0000-000000000104");
        assertDummyAccount("red", "rapp", "Rapp Scallion", true);
        assertDummyPassword("red", "rapp", USER_PASSWORD_VALID_1);
        PrismObject object = this.repositoryService.getObject(ShadowType.class, linkRefOid2, (Collection) null, result);
        display("Repo shadow RED", object);
        assertAccountShadowRepo(object, linkRefOid2, "rapp", getDummyResourceType("red"));
        assertShadowLifecycle((PrismObject<ShadowType>) object, "active");
        PrismObject object2 = this.modelService.getObject(ShadowType.class, linkRefOid2, (Collection) null, createTask, result);
        display("Model shadow RED", object2);
        assertAccountShadowModel(object2, linkRefOid2, "rapp", getDummyResourceType("red"));
        assertShadowLifecycle((PrismObject<ShadowType>) object2, "active");
        PrismObject<ShadowType> object3 = this.repositoryService.getObject(ShadowType.class, linkRefOid, (Collection) null, result);
        assertDummyAccountShadowRepo(object3, linkRefOid, "rapp");
        assertShadowLifecycle(object3, (String) null);
        PrismObject<ShadowType> object4 = this.modelService.getObject(ShadowType.class, linkRefOid, (Collection) null, createTask, result);
        assertDummyAccountShadowModel(object4, linkRefOid, "rapp", "Rapp Scallion");
        assertShadowLifecycle(object4, (String) null);
        assertUserPassword(user, USER_PASSWORD_VALID_1);
        assertDefaultDummyAccount("rapp", "Rapp Scallion", true);
        assertDummyPassword(null, "rapp", USER_PASSWORD_VALID_1);
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test410AssignRappDummyLifecycle() throws Exception {
        displayTestTitle("test410AssignRappDummyLifecycle");
        Task createTask = createTask("test410AssignRappDummyLifecycle");
        OperationResult result = createTask.getResult();
        prepareTest();
        display("User before", getUser("c0c010c0-d34d-b33f-f00d-11111111c008"));
        TestUtil.displayWhen("test410AssignRappDummyLifecycle");
        assignAccount("c0c010c0-d34d-b33f-f00d-11111111c008", RESOURCE_DUMMY_LIFECYCLE_OID, null, createTask, result);
        TestUtil.displayThen("test410AssignRappDummyLifecycle");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-11111111c008");
        display("User after", user);
        assertLinks(user, 3);
        String linkRefOid = getLinkRefOid(user, RESOURCE_DUMMY_LIFECYCLE_OID);
        assertDummyAccount(RESOURCE_DUMMY_LIFECYCLE_NAME, "rapp", "Rapp Scallion", true);
        assertDummyPasswordConditional(RESOURCE_DUMMY_LIFECYCLE_NAME, "rapp", USER_PASSWORD_VALID_1);
        PrismObject object = this.repositoryService.getObject(ShadowType.class, linkRefOid, (Collection) null, result);
        display("Repo shadow LIFECYCLE", object);
        assertAccountShadowRepo(object, linkRefOid, "rapp", getDummyResourceType(RESOURCE_DUMMY_LIFECYCLE_NAME));
        assertShadowLifecycle((PrismObject<ShadowType>) object, false);
        assertDummyAccount("red", "rapp", "Rapp Scallion", true);
        assertDummyPassword("red", "rapp", USER_PASSWORD_VALID_1);
        assertUserPassword(user, USER_PASSWORD_VALID_1);
        assertDefaultDummyAccount("rapp", "Rapp Scallion", true);
        assertDummyPassword(null, "rapp", USER_PASSWORD_VALID_1);
        assertSingleAccountPasswordNotificationConditional(RESOURCE_DUMMY_LIFECYCLE_NAME, "rapp", USER_PASSWORD_VALID_1);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test412InitializeRappDummyLifecycle() throws Exception {
        displayTestTitle("test412InitializeRappDummyLifecycle");
        Task createTask = createTask("test412InitializeRappDummyLifecycle");
        OperationResult result = createTask.getResult();
        prepareTest();
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-11111111c008");
        display("User before", user);
        ObjectDelta createEmptyModifyDelta = ObjectDelta.createEmptyModifyDelta(ShadowType.class, getLinkRefOid(user, RESOURCE_DUMMY_LIFECYCLE_OID), this.prismContext);
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue(USER_PASSWORD_VALID_1);
        createEmptyModifyDelta.addModificationReplaceProperty(SchemaConstants.PATH_PASSWORD_VALUE, new ProtectedStringType[]{protectedStringType});
        createEmptyModifyDelta.addModificationReplaceProperty(ObjectType.F_LIFECYCLE_STATE, new String[]{"active"});
        TestUtil.displayWhen("test412InitializeRappDummyLifecycle");
        executeChanges(createEmptyModifyDelta, null, createTask, result);
        TestUtil.displayThen("test412InitializeRappDummyLifecycle");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user2 = getUser("c0c010c0-d34d-b33f-f00d-11111111c008");
        display("User after", user2);
        assertLinks(user2, 3);
        String linkRefOid = getLinkRefOid(user2, RESOURCE_DUMMY_LIFECYCLE_OID);
        assertDummyAccount(RESOURCE_DUMMY_LIFECYCLE_NAME, "rapp", "Rapp Scallion", true);
        assertDummyPassword(RESOURCE_DUMMY_LIFECYCLE_NAME, "rapp", USER_PASSWORD_VALID_1);
        PrismObject object = this.repositoryService.getObject(ShadowType.class, linkRefOid, (Collection) null, result);
        display("Repo shadow LIFECYCLE", object);
        assertAccountShadowRepo(object, linkRefOid, "rapp", getDummyResourceType(RESOURCE_DUMMY_LIFECYCLE_NAME));
        assertShadowLifecycle((PrismObject<ShadowType>) object, "active");
        assertDummyAccount("red", "rapp", "Rapp Scallion", true);
        assertDummyPassword("red", "rapp", USER_PASSWORD_VALID_1);
        assertUserPassword(user2, USER_PASSWORD_VALID_1);
        assertDefaultDummyAccount("rapp", "Rapp Scallion", true);
        assertDummyPassword(null, "rapp", USER_PASSWORD_VALID_1);
        String linkRefOid2 = getLinkRefOid(user2, "10000000-0000-0000-0000-000000000104");
        PrismObject object2 = this.repositoryService.getObject(ShadowType.class, linkRefOid2, (Collection) null, result);
        display("Repo shadow RED", object2);
        assertAccountShadowRepo(object2, linkRefOid2, "rapp", getDummyResourceType("red"));
        assertShadowLifecycle((PrismObject<ShadowType>) object2, "active");
        PrismObject object3 = this.modelService.getObject(ShadowType.class, linkRefOid2, (Collection) null, createTask, result);
        display("Model shadow RED", object3);
        assertAccountShadowModel(object3, linkRefOid2, "rapp", getDummyResourceType("red"));
        assertShadowLifecycle((PrismObject<ShadowType>) object3, "active");
        String linkRefOid3 = getLinkRefOid(user2, "10000000-0000-0000-0000-000000000004");
        PrismObject<ShadowType> object4 = this.modelService.getObject(ShadowType.class, linkRefOid3, (Collection) null, createTask, result);
        assertDummyAccountShadowModel(object4, linkRefOid3, "rapp", "Rapp Scallion");
        assertShadowLifecycle(object4, (String) null);
        PrismObject<ShadowType> object5 = this.repositoryService.getObject(ShadowType.class, linkRefOid3, (Collection) null, result);
        assertDummyAccountShadowRepo(object5, linkRefOid3, "rapp");
        assertShadowLifecycle(object5, (String) null);
        assertSingleAccountInitializationPasswordNotification(RESOURCE_DUMMY_LIFECYCLE_NAME, "rapp", USER_PASSWORD_VALID_1);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test414UserRappRecompute() throws Exception {
        displayTestTitle("test414UserRappRecompute");
        Task createTask = createTask("test414UserRappRecompute");
        OperationResult result = createTask.getResult();
        prepareTest();
        display("User before", getUser("c0c010c0-d34d-b33f-f00d-11111111c008"));
        displayWhen("test414UserRappRecompute");
        recomputeUser("c0c010c0-d34d-b33f-f00d-11111111c008", createTask, result);
        displayThen("test414UserRappRecompute");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-11111111c008");
        display("User after", user);
        assertLinks(user, 3);
        assertDummyAccount(RESOURCE_DUMMY_LIFECYCLE_NAME, "rapp", "Rapp Scallion", true);
        assertDummyPassword(RESOURCE_DUMMY_LIFECYCLE_NAME, "rapp", USER_PASSWORD_VALID_1);
        assertDummyAccount("red", "rapp", "Rapp Scallion", true);
        assertDummyPassword("red", "rapp", USER_PASSWORD_VALID_1);
        assertUserPassword(user, USER_PASSWORD_VALID_1);
        assertDefaultDummyAccount("rapp", "Rapp Scallion", true);
        assertDummyPassword(null, "rapp", USER_PASSWORD_VALID_1);
        String linkRefOid = getLinkRefOid(user, RESOURCE_DUMMY_LIFECYCLE_OID);
        PrismObject object = this.repositoryService.getObject(ShadowType.class, linkRefOid, (Collection) null, result);
        display("Repo shadow LIFECYCLE", object);
        assertAccountShadowRepo(object, linkRefOid, "rapp", getDummyResourceType(RESOURCE_DUMMY_LIFECYCLE_NAME));
        assertShadowLifecycle((PrismObject<ShadowType>) object, "active");
        String linkRefOid2 = getLinkRefOid(user, "10000000-0000-0000-0000-000000000104");
        PrismObject object2 = this.repositoryService.getObject(ShadowType.class, linkRefOid2, (Collection) null, result);
        display("Repo shadow RED", object2);
        assertAccountShadowRepo(object2, linkRefOid2, "rapp", getDummyResourceType("red"));
        assertShadowLifecycle((PrismObject<ShadowType>) object2, "active");
        PrismObject object3 = this.modelService.getObject(ShadowType.class, linkRefOid2, (Collection) null, createTask, result);
        display("Model shadow RED", object3);
        assertAccountShadowModel(object3, linkRefOid2, "rapp", getDummyResourceType("red"));
        assertShadowLifecycle((PrismObject<ShadowType>) object3, "active");
        String linkRefOid3 = getLinkRefOid(user, "10000000-0000-0000-0000-000000000004");
        PrismObject<ShadowType> object4 = this.modelService.getObject(ShadowType.class, linkRefOid3, (Collection) null, createTask, result);
        assertDummyAccountShadowModel(object4, linkRefOid3, "rapp", "Rapp Scallion");
        assertShadowLifecycle(object4, (String) null);
        PrismObject<ShadowType> object5 = this.repositoryService.getObject(ShadowType.class, linkRefOid3, (Collection) null, result);
        assertDummyAccountShadowRepo(object5, linkRefOid3, "rapp");
        assertShadowLifecycle(object5, (String) null);
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test416UserRappEmployeeTypeWreck() throws Exception {
        displayTestTitle("test416UserRappEmployeeTypeWreck");
        Task createTask = createTask("test416UserRappEmployeeTypeWreck");
        OperationResult result = createTask.getResult();
        prepareTest();
        display("User before", getUser("c0c010c0-d34d-b33f-f00d-11111111c008"));
        displayWhen("test416UserRappEmployeeTypeWreck");
        modifyUserReplace("c0c010c0-d34d-b33f-f00d-11111111c008", UserType.F_EMPLOYEE_TYPE, createTask, result, new Object[]{"WRECK"});
        displayThen("test416UserRappEmployeeTypeWreck");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-11111111c008");
        display("User after", user);
        assertLinks(user, 3);
        assertDummyAccount(RESOURCE_DUMMY_LIFECYCLE_NAME, "rapp", "Rapp Scallion", true);
        assertDummyPassword(RESOURCE_DUMMY_LIFECYCLE_NAME, "rapp", USER_PASSWORD_VALID_1);
        assertDummyAccount("red", "rapp", "Rapp Scallion", true);
        assertDummyPassword("red", "rapp", USER_PASSWORD_VALID_1);
        assertUserPassword(user, USER_PASSWORD_VALID_1);
        assertDefaultDummyAccount("rapp", "Rapp Scallion", true);
        assertDummyPassword(null, "rapp", USER_PASSWORD_VALID_1);
        String linkRefOid = getLinkRefOid(user, RESOURCE_DUMMY_LIFECYCLE_OID);
        PrismObject object = this.repositoryService.getObject(ShadowType.class, linkRefOid, (Collection) null, result);
        display("Repo shadow LIFECYCLE", object);
        assertAccountShadowRepo(object, linkRefOid, "rapp", getDummyResourceType(RESOURCE_DUMMY_LIFECYCLE_NAME));
        assertShadowLifecycle((PrismObject<ShadowType>) object, "archived");
        String linkRefOid2 = getLinkRefOid(user, "10000000-0000-0000-0000-000000000104");
        PrismObject object2 = this.repositoryService.getObject(ShadowType.class, linkRefOid2, (Collection) null, result);
        display("Repo shadow RED", object2);
        assertAccountShadowRepo(object2, linkRefOid2, "rapp", getDummyResourceType("red"));
        assertShadowLifecycle((PrismObject<ShadowType>) object2, "active");
        PrismObject object3 = this.modelService.getObject(ShadowType.class, linkRefOid2, (Collection) null, createTask, result);
        display("Model shadow RED", object3);
        assertAccountShadowModel(object3, linkRefOid2, "rapp", getDummyResourceType("red"));
        assertShadowLifecycle((PrismObject<ShadowType>) object3, "active");
        String linkRefOid3 = getLinkRefOid(user, "10000000-0000-0000-0000-000000000004");
        PrismObject<ShadowType> object4 = this.modelService.getObject(ShadowType.class, linkRefOid3, (Collection) null, createTask, result);
        assertDummyAccountShadowModel(object4, linkRefOid3, "rapp", "Rapp Scallion");
        assertShadowLifecycle(object4, (String) null);
        PrismObject<ShadowType> object5 = this.repositoryService.getObject(ShadowType.class, linkRefOid3, (Collection) null, result);
        assertDummyAccountShadowRepo(object5, linkRefOid3, "rapp");
        assertShadowLifecycle(object5, (String) null);
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test500JackAssignResourceSouvenir() throws Exception {
        displayTestTitle("test500JackAssignResourceSouvenir");
        Task createTask = createTask("test500JackAssignResourceSouvenir");
        OperationResult result = createTask.getResult();
        prepareTest();
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User before", user);
        assertAssignedAccount(user, "10000000-0000-0000-0000-000000000004");
        assertAssignedAccount(user, "10000000-0000-0000-0000-000000000104");
        assertAssignedAccount(user, "10000000-0000-0000-0000-000000000204");
        assertAssignedAccount(user, RESOURCE_DUMMY_UGLY_OID);
        assertAssignments(user, 4);
        assertAccount(user, "10000000-0000-0000-0000-000000000004");
        assertAccount(user, "10000000-0000-0000-0000-000000000104");
        this.accountJackBlueOid = assertAccount(user, "10000000-0000-0000-0000-000000000204");
        assertAccount(user, RESOURCE_DUMMY_UGLY_OID);
        assertLinks(user, 4);
        assertUserPassword(user, USER_PASSWORD_VALID_3);
        displayWhen("test500JackAssignResourceSouvenir");
        assignAccount(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, RESOURCE_DUMMY_SOUVENIR_OID, null, createTask, result);
        displayThen("test500JackAssignResourceSouvenir");
        assertSuccess(result);
        PrismObject user2 = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user2);
        assertAssignments(user2, 5);
        assertAssignedAccount(user2, "10000000-0000-0000-0000-000000000004");
        assertAssignedAccount(user2, "10000000-0000-0000-0000-000000000104");
        assertAssignedAccount(user2, "10000000-0000-0000-0000-000000000204");
        assertAssignedAccount(user2, RESOURCE_DUMMY_UGLY_OID);
        assertAssignedAccount(user2, RESOURCE_DUMMY_SOUVENIR_OID);
        assertLinks(user2, 5);
        assertAccount(user2, "10000000-0000-0000-0000-000000000004");
        assertAccount(user2, "10000000-0000-0000-0000-000000000104");
        assertAccount(user2, "10000000-0000-0000-0000-000000000204");
        assertAccount(user2, RESOURCE_DUMMY_UGLY_OID);
        this.accountJackSouvenirOid = assertAccount(user2, RESOURCE_DUMMY_SOUVENIR_OID);
        assertUserPassword(user2, USER_PASSWORD_VALID_3);
        assertShadowLifecycle((PrismObject<ShadowType>) getShadowModel(this.accountJackSouvenirOid), false);
        assertDummyPasswordConditional(RESOURCE_DUMMY_SOUVENIR_NAME, "jack", USER_PASSWORD_VALID_3);
        displayAllNotifications();
        assertSingleAccountPasswordNotificationConditional(RESOURCE_DUMMY_SOUVENIR_NAME, "jack", USER_PASSWORD_VALID_3);
        assertAccountActivationNotification(RESOURCE_DUMMY_SOUVENIR_NAME, "jack");
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test502JackInitializeAccountSouvenir() throws Exception {
        displayTestTitle("test502JackInitializeAccountSouvenir");
        Task createTask = createTask("test502JackInitializeAccountSouvenir");
        OperationResult result = createTask.getResult();
        prepareTest();
        ObjectDelta<ShadowType> createAccountInitializationDelta = createAccountInitializationDelta(this.accountJackSouvenirOid, PASSWORD_ALLIGATOR);
        displayWhen("test502JackInitializeAccountSouvenir");
        executeChanges(createAccountInitializationDelta, null, createTask, result);
        displayThen("test502JackInitializeAccountSouvenir");
        assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user);
        assertAssignments(user, 5);
        assertLinks(user, 5);
        assertUserPassword(user, USER_PASSWORD_VALID_3);
        PrismObject shadowRepo = getShadowRepo(this.accountJackSouvenirOid);
        display("Shadow repo", shadowRepo);
        assertShadowLifecycle((PrismObject<ShadowType>) shadowRepo, "active");
        assertCachedResourcePassword(shadowRepo, PASSWORD_ALLIGATOR);
        assertDummyPassword(RESOURCE_DUMMY_SOUVENIR_NAME, "jack", PASSWORD_ALLIGATOR);
        AssertJUnit.assertEquals("Wrong comparison result", ItemComparisonResult.MATCH, this.provisioningService.compare(ShadowType.class, this.accountJackSouvenirOid, SchemaConstants.PATH_PASSWORD_VALUE, PASSWORD_ALLIGATOR, createTask, result));
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test510JackAssignResourceMaverick() throws Exception {
        displayTestTitle("test510JackAssignResourceMaverick");
        Task createTask = createTask("test510JackAssignResourceMaverick");
        OperationResult result = createTask.getResult();
        prepareTest();
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User before", user);
        assertAssignments(user, 5);
        assertLinks(user, 5);
        assertUserPassword(user, USER_PASSWORD_VALID_3);
        displayWhen("test510JackAssignResourceMaverick");
        assignAccount(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, RESOURCE_DUMMY_MAVERICK_OID, null, createTask, result);
        displayThen("test510JackAssignResourceMaverick");
        assertSuccess(result);
        PrismObject user2 = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user2);
        assertAssignments(user2, 6);
        assertLinks(user2, 6);
        this.accountJackMaverickOid = assertAccount(user2, RESOURCE_DUMMY_MAVERICK_OID);
        assertUserPassword(user2, USER_PASSWORD_VALID_3);
        assertDummyPasswordConditional(RESOURCE_DUMMY_MAVERICK_NAME, "jack", USER_PASSWORD_VALID_3);
        displayAllNotifications();
        assertSingleAccountPasswordNotificationConditional(RESOURCE_DUMMY_MAVERICK_NAME, "jack", USER_PASSWORD_VALID_3);
        assertAccountActivationNotification(RESOURCE_DUMMY_MAVERICK_NAME, "jack");
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test512JackInitializeAccountMaverickAlligator() throws Exception {
        displayTestTitle("test512JackInitializeAccountMaverick");
        Task createTask = createTask("test512JackInitializeAccountMaverick");
        OperationResult result = createTask.getResult();
        prepareTest();
        ObjectDelta<ShadowType> createAccountInitializationDelta = createAccountInitializationDelta(this.accountJackMaverickOid, PASSWORD_ALLIGATOR);
        try {
            displayWhen("test512JackInitializeAccountMaverick");
            executeChanges(createAccountInitializationDelta, null, createTask, result);
            assertNotReached();
        } catch (PolicyViolationException e) {
            display("Expected exception", e);
        }
        displayThen("test512JackInitializeAccountMaverick");
        assertFailure(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user);
        assertAssignments(user, 6);
        assertLinks(user, 6);
        assertUserPassword(user, USER_PASSWORD_VALID_3);
        assertDummyPasswordConditional(RESOURCE_DUMMY_MAVERICK_NAME, "jack", USER_PASSWORD_VALID_3);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test514JackInitializeAccountMaverickCrododile() throws Exception {
        displayTestTitle("test514JackInitializeAccountMaverickCrododile");
        Task createTask = createTask("test514JackInitializeAccountMaverickCrododile");
        OperationResult result = createTask.getResult();
        prepareTest();
        ObjectDelta<ShadowType> createAccountInitializationDelta = createAccountInitializationDelta(this.accountJackMaverickOid, PASSWORD_CROCODILE);
        displayWhen("test514JackInitializeAccountMaverickCrododile");
        executeChanges(createAccountInitializationDelta, null, createTask, result);
        displayThen("test514JackInitializeAccountMaverickCrododile");
        assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user);
        assertAssignments(user, 6);
        assertLinks(user, 6);
        assertUserPassword(user, USER_PASSWORD_VALID_3);
        PrismObject shadowRepo = getShadowRepo(this.accountJackMaverickOid);
        display("Shadow repo", shadowRepo);
        assertShadowLifecycle((PrismObject<ShadowType>) shadowRepo, "active");
        assertDummyPassword(RESOURCE_DUMMY_MAVERICK_NAME, "jack", PASSWORD_CROCODILE);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test516JackChangePasswordResourceMaverickAlligator() throws Exception {
        displayTestTitle("test516JackChangePasswordResourceMaverickAlligator");
        Task createTask = createTask("test516JackChangePasswordResourceMaverickAlligator");
        OperationResult result = createTask.getResult();
        prepareTest();
        try {
            displayWhen("test516JackChangePasswordResourceMaverickAlligator");
            modifyAccountChangePassword(this.accountJackMaverickOid, PASSWORD_ALLIGATOR, createTask, result);
            assertNotReached();
        } catch (PolicyViolationException e) {
            display("Expected exception", e);
        }
        displayThen("test516JackChangePasswordResourceMaverickAlligator");
        assertFailure(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user);
        assertAssignments(user, 6);
        assertLinks(user, 6);
        assertDummyPassword(RESOURCE_DUMMY_MAVERICK_NAME, "jack", PASSWORD_CROCODILE);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test518JackChangePasswordResourceMaverickGiantLizard() throws Exception {
        displayTestTitle("test518JackChangePasswordResourceMaverickGiantLizard");
        Task createTask = createTask("test518JackChangePasswordResourceMaverickGiantLizard");
        OperationResult result = createTask.getResult();
        prepareTest();
        displayWhen("test518JackChangePasswordResourceMaverickGiantLizard");
        modifyAccountChangePassword(this.accountJackMaverickOid, PASSWORD_GIANT_LIZARD, createTask, result);
        displayThen("test518JackChangePasswordResourceMaverickGiantLizard");
        assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user);
        assertAssignments(user, 6);
        assertLinks(user, 6);
        assertDummyPassword(RESOURCE_DUMMY_MAVERICK_NAME, "jack", PASSWORD_GIANT_LIZARD);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test530JackUnassignResourceSouvenir() throws Exception {
        displayTestTitle("test530JackUnassignResourceSouvenir");
        Task createTask = createTask("test530JackUnassignResourceSouvenir");
        OperationResult result = createTask.getResult();
        prepareTest();
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User before", user);
        assertAssignments(user, 6);
        assertLinks(user, 6);
        displayWhen("test530JackUnassignResourceSouvenir");
        unassignAccount(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, RESOURCE_DUMMY_SOUVENIR_OID, null, createTask, result);
        displayThen("test530JackUnassignResourceSouvenir");
        assertSuccess(result);
        PrismObject user2 = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user2);
        assertAssignments(user2, 5);
        assertAssignedNoAccount(user2, RESOURCE_DUMMY_SOUVENIR_OID);
        assertLinks(user2, 5);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test532JackChangePasswordResourceBlueAlligator() throws Exception {
        displayTestTitle("test532JackChangePasswordResourceBlueAlligator");
        Task createTask = createTask("test532JackChangePasswordResourceBlueAlligator");
        OperationResult result = createTask.getResult();
        prepareTest();
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User before", user);
        assertAssignments(user, 5);
        assertLinks(user, 5);
        this.accountJackBlueOid = assertAccount(user, "10000000-0000-0000-0000-000000000204");
        displayWhen("test532JackChangePasswordResourceBlueAlligator");
        modifyAccountChangePassword(this.accountJackBlueOid, PASSWORD_ALLIGATOR, createTask, result);
        displayThen("test532JackChangePasswordResourceBlueAlligator");
        assertSuccess(result);
        PrismObject user2 = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user2);
        assertAssignments(user2, 5);
        assertAssignedNoAccount(user2, RESOURCE_DUMMY_SOUVENIR_OID);
        assertLinks(user2, 5);
        assertDummyPassword("blue", "jack", PASSWORD_ALLIGATOR);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test535ModifyUserJackPasswordAlligator() throws Exception {
        displayTestTitle("test535ModifyUserJackPasswordAlligator");
        Task createTask = createTask("test535ModifyUserJackPasswordAlligator");
        OperationResult result = createTask.getResult();
        prepareTest();
        displayWhen("test535ModifyUserJackPasswordAlligator");
        modifyUserChangePassword(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, PASSWORD_ALLIGATOR, createTask, result);
        displayThen("test535ModifyUserJackPasswordAlligator");
        assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user);
        assertAssignments(user, 5);
        assertLinks(user, 5);
        assertUserPassword(user, PASSWORD_ALLIGATOR);
        assertDummyPassword(RESOURCE_DUMMY_MAVERICK_NAME, "jack", PASSWORD_ALLIGATOR);
        assertSingleUserPasswordNotification("jack", PASSWORD_ALLIGATOR);
    }

    @Test
    public void test539JackUnassignResourceMaverick() throws Exception {
        displayTestTitle("test539JackUnassignResourceMaverick");
        Task createTask = createTask("test539JackUnassignResourceMaverick");
        OperationResult result = createTask.getResult();
        prepareTest();
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User before", user);
        assertAssignments(user, 5);
        assertLinks(user, 5);
        displayWhen("test539JackUnassignResourceMaverick");
        unassignAccount(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, RESOURCE_DUMMY_MAVERICK_OID, null, createTask, result);
        displayThen("test539JackUnassignResourceMaverick");
        assertSuccess(result);
        PrismObject user2 = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user2);
        assertAssignments(user2, 4);
        assertAssignedNoAccount(user2, RESOURCE_DUMMY_MAVERICK_OID);
        assertAssignedNoAccount(user2, RESOURCE_DUMMY_SOUVENIR_OID);
        assertLinks(user2, 4);
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test550JackManyPasswordChangesClear() throws Exception {
        testJackManyPasswordChanges("test550JackManyPasswordChangesClear", "TesT550x", null);
    }

    @Test
    public void test552JackManyPasswordChangesEncrypted() throws Exception {
        testJackManyPasswordChanges("test552JackManyPasswordChangesEncrypted", "TesT552x", CredentialsStorageTypeType.ENCRYPTION);
    }

    public void testJackManyPasswordChanges(String str, String str2, CredentialsStorageTypeType credentialsStorageTypeType) throws Exception {
        displayTestTitle(str);
        prepareTest();
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User before", user);
        assertAssignments(user, 4);
        assertLinks(user, 4);
        for (int i = 1; i < 10; i++) {
            testJackManyPasswordChangesAttempt(str, str2, credentialsStorageTypeType, i);
        }
    }

    private void testJackManyPasswordChangesAttempt(String str, String str2, CredentialsStorageTypeType credentialsStorageTypeType, int i) throws Exception {
        Task createTask = createTask(str + "-" + i);
        OperationResult result = createTask.getResult();
        String str3 = str2 + i;
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue(str3);
        if (credentialsStorageTypeType == CredentialsStorageTypeType.ENCRYPTION) {
            this.protector.encrypt(protectedStringType);
        }
        displayWhen(str + "-" + i);
        modifyUserReplace(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, PASSWORD_VALUE_PATH, createTask, result, new Object[]{protectedStringType});
        displayThen(str + "-" + i);
        assertSuccess(result);
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User after", user);
        assertUserPassword(user, str3);
        assertAssignments(user, 4);
        assertLinks(user, 4);
        assertDummyPassword("jack", str3);
        assertDummyPassword("red", "jack", str3);
    }

    protected ObjectDelta<ShadowType> createAccountInitializationDelta(String str, String str2) {
        ObjectDelta<ShadowType> createEmptyModifyDelta = ObjectDelta.createEmptyModifyDelta(ShadowType.class, str, this.prismContext);
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue(str2);
        createEmptyModifyDelta.addModificationReplaceProperty(SchemaConstants.PATH_PASSWORD_VALUE, new ProtectedStringType[]{protectedStringType});
        createEmptyModifyDelta.addModificationReplaceProperty(ObjectType.F_LIFECYCLE_STATE, new String[]{"active"});
        return createEmptyModifyDelta;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertDummyPassword(String str, String str2) throws SchemaViolationException, ConflictException {
        assertDummyPassword(null, str, str2);
    }

    protected void assertDummyPasswordConditional(String str, String str2) throws SchemaViolationException, ConflictException {
        if (isPasswordEncryption()) {
            assertDummyPassword(null, str, str2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertDummyPasswordConditional(String str, String str2, String str3) throws SchemaViolationException, ConflictException {
        if (isPasswordEncryption()) {
            super.assertDummyPassword(str, str2, str3);
        }
    }

    protected void assertDummyPasswordConditionalGenerated(String str, String str2, String str3) throws SchemaViolationException, ConflictException {
        if (isPasswordEncryption()) {
            super.assertDummyPassword(str, str2, str3);
        } else {
            assertDummyPasswordNotEmpty(str, str2);
        }
    }

    protected void assertSingleAccountPasswordNotificationConditional(String str, String str2, String str3) {
        if (isPasswordEncryption()) {
            assertSingleAccountPasswordNotification(str, str2, str3);
        }
    }

    protected void assertSingleAccountPasswordNotificationConditionalGenerated(String str, String str2, String str3) {
        if (isPasswordEncryption()) {
            assertSingleAccountPasswordNotification(str, str2, str3);
        } else {
            assertSingleAccountPasswordNotificationGenerated(str, str2);
        }
    }

    private void assertSingleAccountInitializationPasswordNotification(String str, String str2, String str3) {
        assertSingleAccountPasswordNotification(str, str2, str3);
    }

    protected abstract void assertAccountActivationNotification(String str, String str2);

    protected abstract void assertShadowLifecycle(PrismObject<ShadowType> prismObject, boolean z);

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertShadowLifecycle(PrismObject<ShadowType> prismObject, String str) {
        if (str != null) {
            PrismAsserts.assertPropertyValue(prismObject, ObjectType.F_LIFECYCLE_STATE, new String[]{str});
            return;
        }
        String lifecycleState = prismObject.asObjectable().getLifecycleState();
        if (lifecycleState == null || "active".equals(lifecycleState)) {
            return;
        }
        fail("Expected default lifecycle for " + prismObject + ", but was " + lifecycleState);
    }

    private void assertShadowPasswordMetadata(PrismObject<ShadowType> prismObject, XMLGregorianCalendar xMLGregorianCalendar, XMLGregorianCalendar xMLGregorianCalendar2, boolean z, boolean z2) {
        if (z || getPasswordStorageType() != CredentialsStorageTypeType.HASHING) {
            assertShadowPasswordMetadata(prismObject, z2, xMLGregorianCalendar, xMLGregorianCalendar2, "00000000-0000-0000-0000-000000000002", SchemaConstants.CHANNEL_GUI_USER_URI);
        }
    }

    @Test
    public void test900ModifyUserElainePassword() throws Exception {
        displayTestTitle("test900ModifyUserElainePassword");
        Task createTask = createTask("test900ModifyUserElainePassword");
        OperationResult result = createTask.getResult();
        prepareTest();
        display("User before", getUser("c0c010c0-d34d-b33f-f00d-11111111111e"));
        this.lastPasswordChangeStart = this.clock.currentTimeXMLGregorianCalendar();
        modifyUserChangePassword("c0c010c0-d34d-b33f-f00d-11111111111e", USER_PASSWORD_VALID_1, createTask, result);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        this.lastPasswordChangeEnd = this.clock.currentTimeXMLGregorianCalendar();
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-11111111111e");
        display("User after", user);
        assertUserPassword(user, USER_PASSWORD_VALID_1);
        displayAccountPasswordNotifications();
        assertAccountPasswordNotifications(3);
        assertHasAccountPasswordNotification(null, "elaine", USER_PASSWORD_VALID_1);
        assertHasAccountPasswordNotification("red", "elaine", USER_PASSWORD_VALID_1);
        assertHasAccountPasswordNotification("blue", "elaine", USER_PASSWORD_VALID_1);
    }

    @Test
    public void test902SetPasswordMinAge() throws Exception {
        displayTestTitle("test900SetPasswordMinAge");
        Task createTask = createTask("test900SetPasswordMinAge");
        OperationResult result = createTask.getResult();
        prepareTest();
        modifyObjectReplaceProperty(SecurityPolicyType.class, getSecurityPolicyOid(), new ItemPath(new QName[]{SecurityPolicyType.F_CREDENTIALS, CredentialsPolicyType.F_PASSWORD, PasswordCredentialsPolicyType.F_MIN_AGE}), createTask, result, new Object[]{XmlTypeConverter.createDuration("PT10M")});
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject object = getObject(SecurityPolicyType.class, getSecurityPolicyOid());
        display("Security policy after", object);
        PrismAsserts.assertPropertyValue(object, new ItemPath(new QName[]{SecurityPolicyType.F_CREDENTIALS, CredentialsPolicyType.F_PASSWORD, PasswordCredentialsPolicyType.F_MIN_AGE}), new Duration[]{XmlTypeConverter.createDuration("PT10M")});
        assertNoAccountPasswordNotifications();
    }

    @Test
    public void test904ModifyUserElainePasswordAgain() throws Exception {
        displayTestTitle("test904ModifyUserElainePasswordAgain");
        Task createTask = createTask("test904ModifyUserElainePasswordAgain");
        OperationResult result = createTask.getResult();
        prepareTest();
        try {
            modifyUserChangePassword("c0c010c0-d34d-b33f-f00d-11111111111e", USER_PASSWORD_VALID_2, createTask, result);
            assertNotReached();
        } catch (PolicyViolationException e) {
        }
        result.computeStatus();
        TestUtil.assertFailure(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-11111111111e");
        display("User after", user);
        assertUserPassword(user, USER_PASSWORD_VALID_1);
        assertNoAccountPasswordNotifications();
        assertNoUserPasswordNotifications();
    }

    @Test
    public void test906ModifyUserElainePasswordLater() throws Exception {
        displayTestTitle("test906ModifyUserElainePasswordLater");
        Task createTask = createTask("test906ModifyUserElainePasswordLater");
        OperationResult result = createTask.getResult();
        prepareTest();
        this.clock.overrideDuration("PT15M");
        this.lastPasswordChangeStart = this.clock.currentTimeXMLGregorianCalendar();
        modifyUserChangePassword("c0c010c0-d34d-b33f-f00d-11111111111e", USER_PASSWORD_VALID_3, createTask, result);
        assertSuccess(result);
        this.lastPasswordChangeEnd = this.clock.currentTimeXMLGregorianCalendar();
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-11111111111e");
        display("User after", user);
        assertUserPassword(user, USER_PASSWORD_VALID_3);
        displayAccountPasswordNotifications();
        assertAccountPasswordNotifications(2);
        assertHasAccountPasswordNotification(null, "elaine", USER_PASSWORD_VALID_3);
        assertHasAccountPasswordNotification("red", "elaine", USER_PASSWORD_VALID_3);
        assertSingleUserPasswordNotification("elaine", USER_PASSWORD_VALID_3);
    }

    @Test
    public void test910AddUserWithNoPasswordFail() throws Exception {
        displayTestTitle("test910AddUserWithNoPasswordFail");
        Task createTask = createTask("test910AddUserWithNoPasswordFail");
        OperationResult result = createTask.getResult();
        prepareTest();
        setPasswordMinOccurs(1, createTask, result);
        try {
            TestUtil.displayWhen("test910AddUserWithNoPasswordFail");
            try {
                addObject(new UserType(this.prismContext).name("passwordless").asPrismObject(), createTask, result);
                fail("unexpected success");
            } catch (PolicyViolationException e) {
                assertMessage(e, "Provided password does not satisfy the policies: The value must be present.");
            }
            assertNoUserPasswordNotifications();
        } finally {
            setPasswordMinOccurs(null, createTask, result);
        }
    }

    @Test
    public void test920AddCredentials() throws Exception {
        displayTestTitle("test920AddCredentials");
        Task createTask = createTask("test920AddCredentials");
        OperationResult result = createTask.getResult();
        prepareTest();
        setPasswordMinOccurs(0, createTask, result);
        UserType name = new UserType(this.prismContext).name("alice");
        addObject(name.asPrismObject(), createTask, result);
        AssertJUnit.assertNull("alice has credentials", getUser(name.getOid()).asObjectable().getCredentials());
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue(PASSWORD_HELLO_WORLD);
        executeChanges(DeltaBuilder.deltaFor(UserType.class, this.prismContext).item(new QName[]{UserType.F_CREDENTIALS}).add(new Object[]{(CredentialsType) new CredentialsType(this.prismContext).beginPassword().value(protectedStringType).end()}).asObjectDeltaCast(name.getOid()), null, createTask, result);
        PrismObject user = getUser(name.getOid());
        display("alice after credentials add", user);
        assertUserPassword(user, PASSWORD_HELLO_WORLD);
        assertPasswordCreateMetadata(user);
    }

    @Test
    public void test922ReplaceCredentials() throws Exception {
        displayTestTitle("test922ReplaceCredentials");
        Task createTask = createTask("test922ReplaceCredentials");
        OperationResult result = createTask.getResult();
        prepareTest();
        setPasswordMinOccurs(0, createTask, result);
        UserType name = new UserType(this.prismContext).name("bob");
        addObject(name.asPrismObject(), createTask, result);
        AssertJUnit.assertNull("user has credentials", getUser(name.getOid()).asObjectable().getCredentials());
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue(PASSWORD_HELLO_WORLD);
        executeChanges(DeltaBuilder.deltaFor(UserType.class, this.prismContext).item(new QName[]{UserType.F_CREDENTIALS}).replace(new Object[]{(CredentialsType) new CredentialsType(this.prismContext).beginPassword().value(protectedStringType).end()}).asObjectDeltaCast(name.getOid()), null, createTask, result);
        PrismObject user = getUser(name.getOid());
        display("user after operation", user);
        assertUserPassword(user, PASSWORD_HELLO_WORLD);
        assertPasswordCreateMetadata(user);
    }

    @Test
    public void test924AddPassword() throws Exception {
        displayTestTitle("test924AddPassword");
        Task createTask = createTask("test924AddPassword");
        OperationResult result = createTask.getResult();
        prepareTest();
        setPasswordMinOccurs(0, createTask, result);
        UserType name = new UserType(this.prismContext).name("charlie");
        addObject(name.asPrismObject(), createTask, result);
        AssertJUnit.assertNull("user has credentials", getUser(name.getOid()).asObjectable().getCredentials());
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue(PASSWORD_HELLO_WORLD);
        executeChanges(DeltaBuilder.deltaFor(UserType.class, this.prismContext).item(new QName[]{UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD}).add(new Object[]{new PasswordType(this.prismContext).value(protectedStringType)}).asObjectDeltaCast(name.getOid()), null, createTask, result);
        PrismObject user = getUser(name.getOid());
        display("user after operation", user);
        assertUserPassword(user, PASSWORD_HELLO_WORLD);
        assertPasswordCreateMetadata(user);
    }

    @Test
    public void test926ReplacePassword() throws Exception {
        displayTestTitle("test926ReplacePassword");
        Task createTask = createTask("test926ReplacePassword");
        OperationResult result = createTask.getResult();
        prepareTest();
        setPasswordMinOccurs(0, createTask, result);
        UserType name = new UserType(this.prismContext).name("david");
        addObject(name.asPrismObject(), createTask, result);
        AssertJUnit.assertNull("user has credentials", getUser(name.getOid()).asObjectable().getCredentials());
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue(PASSWORD_HELLO_WORLD);
        executeChanges(DeltaBuilder.deltaFor(UserType.class, this.prismContext).item(new QName[]{UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD}).replace(new Object[]{new PasswordType(this.prismContext).value(protectedStringType)}).asObjectDeltaCast(name.getOid()), null, createTask, result);
        PrismObject user = getUser(name.getOid());
        display("user after operation", user);
        assertUserPassword(user, PASSWORD_HELLO_WORLD);
        assertPasswordCreateMetadata(user);
    }

    @Test
    public void test928AddPasswordValue() throws Exception {
        displayTestTitle("test928AddPasswordValue");
        Task createTask = createTask("test928AddPasswordValue");
        OperationResult result = createTask.getResult();
        prepareTest();
        setPasswordMinOccurs(0, createTask, result);
        UserType name = new UserType(this.prismContext).name("eve");
        addObject(name.asPrismObject(), createTask, result);
        AssertJUnit.assertNull("user has credentials", getUser(name.getOid()).asObjectable().getCredentials());
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue(PASSWORD_HELLO_WORLD);
        executeChanges(DeltaBuilder.deltaFor(UserType.class, this.prismContext).item(new QName[]{UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE}).add(new Object[]{protectedStringType}).asObjectDeltaCast(name.getOid()), null, createTask, result);
        PrismObject user = getUser(name.getOid());
        display("user after operation", user);
        assertUserPassword(user, PASSWORD_HELLO_WORLD);
        assertPasswordModifyMetadata(user);
    }

    @Test
    public void test929ReplacePasswordValue() throws Exception {
        displayTestTitle("test929ReplacePasswordValue");
        Task createTask = createTask("test929ReplacePasswordValue");
        OperationResult result = createTask.getResult();
        prepareTest();
        setPasswordMinOccurs(0, createTask, result);
        UserType name = new UserType(this.prismContext).name("frank");
        addObject(name.asPrismObject(), createTask, result);
        AssertJUnit.assertNull("user has credentials", getUser(name.getOid()).asObjectable().getCredentials());
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue(PASSWORD_HELLO_WORLD);
        executeChanges(DeltaBuilder.deltaFor(UserType.class, this.prismContext).item(new QName[]{UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE}).replace(new Object[]{protectedStringType}).asObjectDeltaCast(name.getOid()), null, createTask, result);
        PrismObject user = getUser(name.getOid());
        display("user after operation", user);
        assertUserPassword(user, PASSWORD_HELLO_WORLD);
        assertPasswordModifyMetadata(user);
    }

    protected void prepareTest() throws ObjectNotFoundException, SchemaException, ObjectAlreadyExistsException {
        assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL);
        prepareNotifications();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PrismObject<ShadowType> getBlueShadow(PrismObject<UserType> prismObject) throws ObjectNotFoundException, SchemaException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        String linkRefOid = getLinkRefOid(prismObject, "10000000-0000-0000-0000-000000000204");
        Task createTaskInstance = this.taskManager.createTaskInstance(AbstractPasswordTest.class.getName() + ".getBlueShadow");
        OperationResult result = createTaskInstance.getResult();
        ArrayList arrayList = new ArrayList();
        arrayList.add(SelectorOptions.create(SchemaConstants.PATH_PASSWORD_VALUE, GetOperationOptions.createRetrieve()));
        PrismObject<ShadowType> object = this.modelService.getObject(ShadowType.class, linkRefOid, arrayList, createTaskInstance, result);
        result.computeStatus();
        TestUtil.assertSuccess("getObject(Account) result not success", result);
        display("Blue shadow", object);
        return object;
    }

    protected boolean isPasswordEncryption() {
        return getPasswordStorageType() == CredentialsStorageTypeType.ENCRYPTION;
    }

    protected void assertCachedResourcePassword(PrismObject<ShadowType> prismObject, String str) throws Exception {
        CredentialsType credentials = prismObject.asObjectable().getCredentials();
        if (str == null && credentials == null) {
            return;
        }
        AssertJUnit.assertNotNull("Missing credentendials in repo shadow " + prismObject, credentials);
        PasswordType password = credentials.getPassword();
        if (str == null && password == null) {
            return;
        }
        AssertJUnit.assertNotNull("Missing password credential in repo shadow " + prismObject, password);
        ProtectedStringType value = password.getValue();
        AssertJUnit.assertNotNull("No password value in repo shadow " + prismObject, value);
        assertProtectedString("Wrong password value in repo shadow " + prismObject, str, value, CredentialsStorageTypeType.HASHING);
    }

    private void assertPasswordCreateMetadata(PrismObject<UserType> prismObject) {
        CredentialsType credentials = prismObject.asObjectable().getCredentials();
        AssertJUnit.assertNotNull("No credentials", credentials);
        PasswordType password = credentials.getPassword();
        AssertJUnit.assertNotNull("No credentials/password", password);
        MetadataType metadata = password.getMetadata();
        AssertJUnit.assertNotNull("No credentials/password/metadata", metadata);
        AssertJUnit.assertNotNull("No credentials/password/metadata/createTimestamp", metadata.getCreateTimestamp());
        AssertJUnit.assertNotNull("No credentials/password/metadata/creatorRef", metadata.getCreatorRef());
        AssertJUnit.assertEquals("Wrong createChannel", SchemaConstants.CHANNEL_GUI_USER_URI, metadata.getCreateChannel());
    }

    private void assertPasswordModifyMetadata(PrismObject<UserType> prismObject) {
        CredentialsType credentials = prismObject.asObjectable().getCredentials();
        AssertJUnit.assertNotNull("No credentials", credentials);
        PasswordType password = credentials.getPassword();
        AssertJUnit.assertNotNull("No credentials/password", password);
        MetadataType metadata = password.getMetadata();
        AssertJUnit.assertNotNull("No credentials/password/metadata", metadata);
        AssertJUnit.assertNotNull("No credentials/password/metadata/modifyTimestamp", metadata.getModifyTimestamp());
        AssertJUnit.assertNotNull("No credentials/password/metadata/modifierRef", metadata.getModifierRef());
        AssertJUnit.assertEquals("Wrong modifyChannel", SchemaConstants.CHANNEL_GUI_USER_URI, metadata.getModifyChannel());
    }
}
