package com.evolveum.midpoint.model.intest.security;

import com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition;
import com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition;
import com.evolveum.midpoint.common.refinery.RefinedResourceSchema;
import com.evolveum.midpoint.model.api.ModelAuthorizationAction;
import com.evolveum.midpoint.model.api.ModelExecuteOptions;
import com.evolveum.midpoint.model.intest.AbstractConfiguredModelIntegrationTest;
import com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest;
import com.evolveum.midpoint.prism.Containerable;
import com.evolveum.midpoint.prism.ItemDefinition;
import com.evolveum.midpoint.prism.PrismContainer;
import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismObjectDefinition;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.prism.util.PrismAsserts;
import com.evolveum.midpoint.prism.util.PrismTestUtil;
import com.evolveum.midpoint.prism.xml.XmlTypeConverter;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.SearchResultList;
import com.evolveum.midpoint.schema.SelectorOptions;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.internals.InternalsConfig;
import com.evolveum.midpoint.schema.processor.ObjectClassComplexTypeDefinition;
import com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.schema.util.MiscSchemaUtil;
import com.evolveum.midpoint.security.api.Authorization;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.OwnerResolver;
import com.evolveum.midpoint.security.enforcer.api.AuthorizationParameters;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.test.util.TestUtil;
import com.evolveum.midpoint.util.Holder;
import com.evolveum.midpoint.util.QNameUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ImportOptionsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentPolicyEnforcementType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationDecisionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MetadataType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PartialProcessingOptionsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PartialProcessingTypeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SpecialObjectSpecificationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SubjectedObjectSelectorType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TaskType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@ContextConfiguration(locations = {"classpath:ctx-model-intest-test-main.xml"})
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
/* loaded from: input_file:com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.class */
public abstract class AbstractSecurityTest extends AbstractInitializedModelIntegrationTest {
    protected static final String ARCHETYPE_BUSINESS_ROLE_OID = "00000000-0000-0000-0000-000000000321";
    protected static final String ARCHETYPE_APPLICATION_ROLE_OID = "32073084-65d0-11e9-baff-bbb479bb05b7";
    protected static final String USER_LECHUCK_OID = "c0c010c0-d34d-b33f-f00d-1c1c11cc11c2";
    protected static final String USER_LECHUCK_USERNAME = "lechuck";
    protected static final String USER_CHARLES_OID = "65e66ea2-30de-11e7-b852-4b46724fcdaa";
    protected static final String USER_MANCOMB_OID = "00000000-0000-0000-0000-110000000011";
    protected static final String USER_ESTEVAN_OID = "00000000-0000-0000-0000-110000000012";
    protected static final String USER_CAPSIZE_OID = "bab2c6a8-5f2a-11e8-97d2-4fc12ba39043";
    protected static final String USER_DEPUTY_1_NAME = "deputy-1";
    protected static final String USER_DEPUTY_1_OID = "af69e388-88bd-43f9-9259-73676124c196";
    protected static final String USER_DEPUTY_2_NAME = "deputy-2";
    protected static final String USER_DEPUTY_2_OID = "0223b993-b8bd-4599-8873-80d04b88a1ce";
    protected static final String USER_ANGELICA_NAME = "angelika";
    protected static final String USER_RUM_ROGERS_NAME = "rum";
    protected static final String USER_COBB_NAME = "cobb";
    protected static final String USER_JACK_GIVEN_NAME_NEW = "Jackie";
    protected static final String ROLE_READ_JACKS_CAMPAIGNS_OID = "00000000-0000-0000-0000-00000001aa00";
    protected static final String ROLE_READ_SOME_ROLES_OID = "7b4a3880-e167-11e6-b38b-2b6a550a03e7";
    protected static final String ROLE_READ_SOME_ROLES_SUBTYPE_OID = "56f0030c-65d1-11e9-aaba-23d1008d3763";
    protected static final String ROLE_READONLY_OID = "00000000-0000-0000-0000-00000000aa01";
    protected static final String ROLE_READONLY_REQ_OID = "00000000-0000-0000-0000-00000000ab01";
    protected static final String ROLE_READONLY_EXEC_OID = "00000000-0000-0000-0000-00000000ae01";
    protected static final String ROLE_READONLY_REQ_EXEC_OID = "00000000-0000-0000-0000-00000000ab01";
    protected static final String ROLE_READONLY_DEEP_OID = "00000000-0000-0000-0000-00000000aa02";
    protected static final String ROLE_READONLY_DEEP_EXEC_OID = "00000000-0000-0000-0000-00000000ae02";
    protected static final String ROLE_READ_BASIC_ITEMS_OID = "519e8bf4-3af3-11e7-bc89-cbcee62d4088";
    protected static final String ROLE_SELF_OID = "00000000-0000-0000-0000-00000000aa03";
    protected static final String ROLE_SELF_DELEGABLE_OID = "c58f2665-e7c6-47a0-b106-974da5a990b4";
    protected static final String ROLE_CASES_ASSIGNEE_SELF_OID = "541ad3fc-1ae7-4412-a205-47093a78f0cf";
    protected static final String ROLE_CASES_OBJECT_SELF_OID = "96bbb1be-cf8c-4e9c-a994-ec0fbfcadb1d";
    protected static final String ROLE_CASES_REQUESTOR_SELF_OID = "d8a114e1-6f55-4380-876b-87071dbed1b7";
    protected static final String ROLE_OBJECT_FILTER_MODIFY_CARIBBEAN_OID = "00000000-0000-0000-0000-00000000aa04";
    protected static final String ROLE_PROP_READ_ALL_MODIFY_SOME_OID = "00000000-0000-0000-0000-00000000aa05";
    protected static final String ROLE_PROP_READ_ALL_MODIFY_SOME_USER_OID = "00000000-0000-0000-0000-00000000ae05";
    protected static final String ROLE_PROP_READ_ALL_MODIFY_SOME_USER_PARTIAL_OID = "00000000-0000-0000-0000-b0000000ae05";
    protected static final String ROLE_MASTER_MINISTRY_OF_RUM_OID = "00000000-0000-0000-0000-00000000aa06";
    protected static final String ROLE_OBJECT_FILTER_CARIBBEAN_OID = "00000000-0000-0000-0000-00000000aa07";
    protected static final String ROLE_OBJECT_FILTER_CARIBBEAN_RAW_OID = "00000000-0000-0000-0000-a0000000aa07";
    protected static final String ROLE_PROP_READ_SOME_MODIFY_SOME_OID = "00000000-0000-0000-0000-00000000aa08";
    protected static final String ROLE_PROP_READ_SOME_MODIFY_SOME_REQ_EXEC_OID = "00000000-0000-0000-0000-00000000ac08";
    protected static final String ROLE_PROP_READ_SOME_MODIFY_SOME_EXEC_ALL_OID = "00000000-0000-0000-0000-00000000ad08";
    protected static final String ROLE_PROP_READ_SOME_MODIFY_SOME_FULLNAME_OID = "f9e8a432-af7e-11e9-b338-9336f46ab95d";
    protected static final String ROLE_PROP_READ_SOME_MODIFY_SOME_USER_OID = "00000000-0000-0000-0000-00000000ae08";
    protected static final String ROLE_PROP_GET_SEARCH_SOME_MODIFY_SOME_USER_OID = "e0f81542-af58-11e8-8537-87b51775fc04";
    protected static final String ROLE_PROP_DENY_MODIFY_SOME_OID = "d867ca80-b18a-11e6-826e-1b0f95ef9125";
    protected static final String ROLE_SELF_ACCOUNTS_READ_OID = "00000000-0000-0000-0000-00000000aa09";
    protected static final String ROLE_SELF_ACCOUNTS_READ_WRITE_OID = "00000000-0000-0000-0000-00000000aa0a";
    protected static final String ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_OID = "00000000-0000-0000-0000-00000000aa0b";
    protected static final String ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_PASSWORD_OID = "00000000-0000-0000-0000-00000000ab0b";
    protected static final String ROLE_ASSIGN_APPLICATION_ROLES_OID = "00000000-0000-0000-0000-00000000aa0c";
    protected static final String ROLE_ASSIGN_ANY_ROLES_OID = "00000000-0000-0000-0000-00000000ab0c";
    protected static final String ROLE_ASSIGN_NON_APPLICATION_ROLES_OID = "00000000-0000-0000-0000-00000000ac0c";
    protected static final String ROLE_ASSIGN_REQUESTABLE_ROLES_OID = "00000000-0000-0000-0000-00000000ad0c";
    protected static final String ROLE_ASSIGN_ORGRELATION_OID = "5856eb42-319f-11e7-8e26-a7c6d1a855fc";
    protected static final String ROLE_INDUCE_ANY_ROLE_OID = "a1265d34-f4b3-11e8-8bfe-c3482dfbb7fe";
    protected static final String ROLE_DELEGATOR_OID = "00000000-0000-0000-0000-00000000d001";
    protected static final String ROLE_DELEGATOR_PLUS_OID = "00000000-0000-0000-0000-00000000d101";
    protected static final String ROLE_ORG_READ_ORGS_MINISTRY_OF_RUM_OID = "00000000-0000-0000-0000-00000000aa0d";
    protected static final String ROLE_FILTER_OBJECT_USER_LOCATION_SHADOWS_OID = "00000000-0000-0000-0000-00000000aa0e";
    protected static final String ROLE_FILTER_OBJECT_USER_TYPE_SHADOWS_OID = "00000000-0000-0000-0000-00000000aa0h";
    protected static final String ROLE_USER_MODIFY_OID = "710395da-ddd9-11e9-9d81-cf471cec8185";
    protected static final String ROLE_USER_ADD_OID = "aa662e3c-ddd9-11e9-afe9-ab216a2d304b";
    protected static final String ROLE_APPLICATION_1_OID = "00000000-0000-0000-0000-00000000aaa1";
    protected static final String ROLE_APPLICATION_2_OID = "00000000-0000-0000-0000-00000000aaa2";
    protected static final String ROLE_BUSINESS_1_OID = "00000000-0000-0000-0000-00000000aab1";
    protected static final String ROLE_BUSINESS_2_OID = "00000000-0000-0000-0000-00000000aab2";
    protected static final String ROLE_BUSINESS_3_OID = "00000000-0000-0000-0000-00000000aab3";
    protected static final String ROLE_CONDITIONAL_OID = "00000000-0000-0000-0000-00000000aac1";
    protected static final String ROLE_MANAGER_FULL_CONTROL_OID = "e2c88fea-db21-11e5-80ba-d7b2f1155264";
    protected static final String ROLE_MANAGER_USER_ADMIN_OID = "c545323c-5d68-11e7-acba-2b32ef514121";
    protected static final String ROLE_META_NONSENSE_OID = "602f72b8-2a11-11e5-8dd9-001e8c717e5b";
    protected static final String ROLE_BASIC_OID = "00000000-0000-0000-0000-00000000aad1";
    protected static final String ROLE_AUDITOR_OID = "475e37e8-b178-11e6-8339-83e2fa7b9828";
    protected static final String ROLE_LIMITED_USER_ADMIN_OID = "66ee3a78-1b8a-11e7-aac6-5f43a0a86116";
    protected static final String ROLE_END_USER_REQUESTABLE_ABSTRACTROLES_OID = "9434bf5b-c088-456f-9286-84a1e5a0223c";
    protected static final String ROLE_SELF_TASK_OWNER_OID = "455edc40-30c6-11e7-937f-df84f38dd402";
    protected static final String ROLE_PERSONA_MANAGEMENT_OID = "2f0246f8-30df-11e7-b35b-bbb92a001091";
    protected static final String ROLE_ORDINARY_OID = "7a7ad698-3a37-11e7-9af7-6fd138dd9572";
    protected static final String ROLE_UNINTERESTING_OID = "2264afee-3ae4-11e7-a63c-8b53efadd642";
    protected static final String ROLE_READ_SELF_MODIFY_ORGUNIT_OID = "97cc13ac-5660-11e7-8687-d76f3a88c78d";
    protected static final String ROLE_INDIRECT_PIRATE_OID = "67680a40-582c-11e7-b5b1-abcfbb047b34";
    protected static final String ROLE_EXPRESSION_READ_ROLES_OID = "27058fde-b27e-11e7-b557-e7e43b583989";
    protected static final String ROLE_ATTORNEY_CARIBBEAN_UNLIMITED_OID = "b27b9f3c-b962-11e7-9c89-03e5b32f525d";
    protected static final String ROLE_ATTORNEY_MANAGER_WORKITEMS_OID = "5cf5b6c8-b968-11e7-b77d-6b029450f900";
    protected static final String ROLE_APPROVER_OID = "1d8d9bec-ba51-11e7-95dc-f3520461c08d";
    protected static final String ROLE_ASSIGN_SELF_REQUESTABLE_ANY_APPROVER_OID = "d3e83cce-bb25-11e7-ae7c-b73d2208bf2a";
    protected static final String ROLE_UNASSIGN_SELF_REQUESTABLE_OID = "7c903f28-04ed-11e8-bb7a-df31e8679d27";
    protected static final String ROLE_END_USER_WITH_PRIVACY_OID = "2abaef72-af5b-11e8-ae9a-b33bc5b8cb74";
    protected static final String ROLE_APPROVER_UNASSIGN_ROLES_OID = "5d9cead8-3a2e-11e7-8609-f762a755b58e";
    protected static final String ORG_REQUESTABLE_OID = "8f2bd344-a46c-4c0b-aa34-db08b7d7f7f2";
    protected static final String ORG_INDIRECT_PIRATE_OID = "59024142-5830-11e7-80e6-ffbee06efb45";
    protected static final String ORG_CHEATERS_OID = "944cef84-6570-11e7-8262-079921253d05";
    protected static final String TASK_USELESS_ADMINISTRATOR_OID = "daa36dba-30c7-11e7-bd7d-6311953a3ecd";
    protected static final String TASK_USELESS_JACK_OID = "642d8174-30c8-11e7-b338-c3cf3a6c548a";
    protected static final String TASK_USELESS_HANDLER_URI = "http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/useless/handler-3";
    protected static final String USER_TEMPLATE_SECURITY_OID = "b3a8f244-565a-11e7-8802-7b2586c1ce99";
    protected static final String TASK_T1_OID = "a46459b8-30e4-11e7-bd37-7bba86e91983";
    protected static final String TASK_T2_OID = "a4ab296a-30e4-11e7-a3fd-7f34286d17fa";
    protected static final String TASK_T3_OID = "a4cfec28-30e4-11e7-946f-07f8d55b4498";
    protected static final String TASK_T4_OID = "a4ed0312-30e4-11e7-aaff-c3f6264d4bd1";
    protected static final String TASK_T5_OID = "a507e1c8-30e4-11e7-a739-538d921aa79e";
    protected static final String TASK_T6_OID = "a522b610-30e4-11e7-ab1c-6f834b9ae963";
    protected static final String CASE1_OID = "99cf4e9f-fced-4f09-a302-57ad3ad6c0c1";
    protected static final String CASE2_OID = "13326d91-9308-499f-9ea7-a4d6daaad437";
    protected static final String CASE3_OID = "88b9b365-be94-4407-8c1a-6522d6beac7d";
    protected static final String CASE4_OID = "4a1e4047-f574-43e5-a254-d7cd050cf00f";
    protected static final int NUMBER_OF_ALL_USERS = 11;
    protected static final int NUMBER_OF_IMPORTED_ROLES = 74;
    protected static final int NUMBER_OF_ALL_ORGS = 11;
    protected String userRumRogersOid;
    protected String userCobbOid;
    public static final File TEST_DIR = new File("src/test/resources/security");
    protected static final File ARCHETYPE_BUSINESS_ROLE_FILE = new File(TEST_DIR, "archetype-business-role.xml");
    protected static final File ARCHETYPE_APPLICATION_ROLE_FILE = new File(TEST_DIR, "archetype-application-role.xml");
    protected static final File USER_LECHUCK_FILE = new File(TEST_DIR, "user-lechuck.xml");
    protected static final File USER_CHARLES_FILE = new File(TEST_DIR, "user-charles.xml");
    protected static final File USER_MANCOMB_FILE = new File(TEST_DIR, "user-mancomb.xml");
    protected static final File USER_ESTEVAN_FILE = new File(TEST_DIR, "user-estevan.xml");
    protected static final File USER_CAPSIZE_FILE = new File(TEST_DIR, "user-capsize.xml");
    protected static final File USER_DEPUTY_1_FILE = new File(TEST_DIR, "user-deputy-1.xml");
    protected static final File USER_DEPUTY_2_FILE = new File(TEST_DIR, "user-deputy-2.xml");
    protected static final File USER_ANGELICA_FILE = new File(TEST_DIR, "user-angelica.xml");
    protected static final File ROLE_READ_JACKS_CAMPAIGNS_FILE = new File(TEST_DIR, "role-read-jacks-campaigns.xml");
    protected static final File ROLE_READ_SOME_ROLES_FILE = new File(TEST_DIR, "role-read-some-roles.xml");
    protected static final File ROLE_READ_SOME_ROLES_SUBTYPE_FILE = new File(TEST_DIR, "role-read-some-roles-subtype.xml");
    protected static final File ROLE_READONLY_FILE = new File(TEST_DIR, "role-readonly.xml");
    protected static final File ROLE_READONLY_REQ_FILE = new File(TEST_DIR, "role-readonly-req.xml");
    protected static final File ROLE_READONLY_EXEC_FILE = new File(TEST_DIR, "role-readonly-exec.xml");
    protected static final File ROLE_READONLY_REQ_EXEC_FILE = new File(TEST_DIR, "role-readonly-req-exec.xml");
    protected static final File ROLE_READONLY_DEEP_FILE = new File(TEST_DIR, "role-readonly-deep.xml");
    protected static final File ROLE_READONLY_DEEP_EXEC_FILE = new File(TEST_DIR, "role-readonly-deep-exec.xml");
    protected static final File ROLE_READ_BASIC_ITEMS_FILE = new File(TEST_DIR, "role-read-basic-items.xml");
    protected static final File ROLE_SELF_FILE = new File(TEST_DIR, "role-self.xml");
    protected static final File ROLE_SELF_DELEGABLE_FILE = new File(TEST_DIR, "role-self-delegable.xml");
    protected static final File ROLE_CASES_ASSIGNEE_SELF_FILE = new File(TEST_DIR, "role-cases-assignee-self.xml");
    protected static final File ROLE_CASES_OBJECT_SELF_FILE = new File(TEST_DIR, "role-cases-object-self.xml");
    protected static final File ROLE_CASES_REQUESTOR_SELF_FILE = new File(TEST_DIR, "role-cases-requestor-self.xml");
    protected static final File ROLE_OBJECT_FILTER_MODIFY_CARIBBEAN_FILE = new File(TEST_DIR, "role-filter-object-modify-caribbean.xml");
    protected static final File ROLE_PROP_READ_ALL_MODIFY_SOME_FILE = new File(TEST_DIR, "role-prop-read-all-modify-some.xml");
    protected static final File ROLE_PROP_READ_ALL_MODIFY_SOME_USER_FILE = new File(TEST_DIR, "role-prop-read-all-modify-some-user.xml");
    protected static final File ROLE_PROP_READ_ALL_MODIFY_SOME_USER_PARTIAL_FILE = new File(TEST_DIR, "role-prop-read-all-modify-some-user-partial.xml");
    protected static final File ROLE_MASTER_MINISTRY_OF_RUM_FILE = new File(TEST_DIR, "role-org-master-ministry-of-rum.xml");
    protected static final File ROLE_OBJECT_FILTER_CARIBBEAN_FILE = new File(TEST_DIR, "role-filter-object-caribbean.xml");
    protected static final File ROLE_OBJECT_FILTER_CARIBBEAN_RAW_FILE = new File(TEST_DIR, "role-filter-object-caribbean-raw.xml");
    protected static final File ROLE_PROP_READ_SOME_MODIFY_SOME_FILE = new File(TEST_DIR, "role-prop-read-some-modify-some.xml");
    protected static final File ROLE_PROP_READ_SOME_MODIFY_SOME_REQ_EXEC_FILE = new File(TEST_DIR, "role-prop-read-some-modify-some-req-exec.xml");
    protected static final File ROLE_PROP_READ_SOME_MODIFY_SOME_EXEC_ALL_FILE = new File(TEST_DIR, "role-prop-read-some-modify-some-exec-all.xml");
    protected static final File ROLE_PROP_READ_SOME_MODIFY_SOME_FULLNAME_FILE = new File(TEST_DIR, "role-prop-read-some-modify-some-fullname.xml");
    protected static final File ROLE_PROP_READ_SOME_MODIFY_SOME_USER_FILE = new File(TEST_DIR, "role-prop-read-some-modify-some-user.xml");
    protected static final File ROLE_PROP_GET_SEARCH_SOME_MODIFY_SOME_USER_FILE = new File(TEST_DIR, "role-prop-get-search-some-modify-some-user.xml");
    protected static final File ROLE_PROP_DENY_MODIFY_SOME_FILE = new File(TEST_DIR, "role-prop-deny-modify-some.xml");
    protected static final File ROLE_SELF_ACCOUNTS_READ_FILE = new File(TEST_DIR, "role-self-accounts-read.xml");
    protected static final File ROLE_SELF_ACCOUNTS_READ_WRITE_FILE = new File(TEST_DIR, "role-self-accounts-read-write.xml");
    protected static final File ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_FILE = new File(TEST_DIR, "role-self-accounts-partial-control.xml");
    protected static final File ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_PASSWORD_FILE = new File(TEST_DIR, "role-self-accounts-partial-control-password.xml");
    protected static final File ROLE_ASSIGN_APPLICATION_ROLES_FILE = new File(TEST_DIR, "role-assign-application-roles.xml");
    protected static final File ROLE_ASSIGN_ANY_ROLES_FILE = new File(TEST_DIR, "role-assign-any-roles.xml");
    protected static final File ROLE_ASSIGN_NON_APPLICATION_ROLES_FILE = new File(TEST_DIR, "role-assign-non-application-roles.xml");
    protected static final File ROLE_ASSIGN_REQUESTABLE_ROLES_FILE = new File(TEST_DIR, "role-assign-requestable-roles.xml");
    protected static final File ROLE_ASSIGN_ORGRELATION_FILE = new File(TEST_DIR, "role-assign-orgrelation.xml");
    protected static final File ROLE_INDUCE_ANY_ROLE_FILE = new File(TEST_DIR, "role-induce-any-role.xml");
    protected static final File ROLE_DELEGATOR_FILE = new File(TEST_DIR, "role-delegator.xml");
    protected static final File ROLE_DELEGATOR_PLUS_FILE = new File(TEST_DIR, "role-delegator-plus.xml");
    protected static final File ROLE_ORG_READ_ORGS_MINISTRY_OF_RUM_FILE = new File(TEST_DIR, "role-org-read-orgs-ministry-of-rum.xml");
    protected static final File ROLE_FILTER_OBJECT_USER_LOCATION_SHADOWS_FILE = new File(TEST_DIR, "role-filter-object-user-location-shadows.xml");
    protected static final File ROLE_FILTER_OBJECT_USER_TYPE_SHADOWS_FILE = new File(TEST_DIR, "role-filter-object-user-type-shadow.xml");
    protected static final File ROLE_USER_MODIFY_FILE = new File(TEST_DIR, "role-user-modify.xml");
    protected static final File ROLE_USER_ADD_FILE = new File(TEST_DIR, "role-user-add.xml");
    protected static final File ROLE_APPLICATION_1_FILE = new File(TEST_DIR, "role-application-1.xml");
    protected static final File ROLE_APPLICATION_2_FILE = new File(TEST_DIR, "role-application-2.xml");
    protected static final File ROLE_BUSINESS_1_FILE = new File(TEST_DIR, "role-business-1.xml");
    protected static final File ROLE_BUSINESS_2_FILE = new File(TEST_DIR, "role-business-2.xml");
    protected static final File ROLE_BUSINESS_3_FILE = new File(TEST_DIR, "role-business-3.xml");
    protected static final File ROLE_CONDITIONAL_FILE = new File(TEST_DIR, "role-conditional.xml");
    protected static final File ROLE_MANAGER_FULL_CONTROL_FILE = new File(TEST_DIR, "role-manager-full-control.xml");
    protected static final File ROLE_MANAGER_USER_ADMIN_FILE = new File(TEST_DIR, "role-manager-user-admin.xml");
    protected static final File ROLE_META_NONSENSE_FILE = new File(TEST_DIR, "role-meta-nonsense.xml");
    protected static final File ROLE_BASIC_FILE = new File(TEST_DIR, "role-basic.xml");
    protected static final File ROLE_AUDITOR_FILE = new File(TEST_DIR, "role-auditor.xml");
    protected static final File ROLE_LIMITED_USER_ADMIN_FILE = new File(TEST_DIR, "role-limited-user-admin.xml");
    protected static final File ROLE_END_USER_REQUESTABLE_ABSTRACTROLES_FILE = new File(TEST_DIR, "role-end-user-requestable-abstractroles.xml");
    protected static final File ROLE_SELF_TASK_OWNER_FILE = new File(TEST_DIR, "role-self-task-owner.xml");
    protected static final File ROLE_PERSONA_MANAGEMENT_FILE = new File(TEST_DIR, "role-persona-management.xml");
    protected static final File ROLE_ORDINARY_FILE = new File(TEST_DIR, "role-ordinary.xml");
    protected static final File ROLE_UNINTERESTING_FILE = new File(TEST_DIR, "role-uninteresting.xml");
    protected static final File ROLE_READ_SELF_MODIFY_ORGUNIT_FILE = new File(TEST_DIR, "role-read-self-modify-orgunit.xml");
    protected static final File ROLE_INDIRECT_PIRATE_FILE = new File(TEST_DIR, "role-indirect-pirate.xml");
    protected static final File ROLE_EXPRESSION_READ_ROLES_FILE = new File(TEST_DIR, "role-expression-read-roles.xml");
    protected static final File ROLE_ATTORNEY_CARIBBEAN_UNLIMITED_FILE = new File(TEST_DIR, "role-attorney-caribbean-unlimited.xml");
    protected static final File ROLE_ATTORNEY_MANAGER_WORKITEMS_FILE = new File(TEST_DIR, "role-attorney-manager-workitems.xml");
    protected static final File ROLE_APPROVER_FILE = new File(TEST_DIR, "role-approver.xml");
    protected static final File ROLE_ASSIGN_SELF_REQUESTABLE_ANY_APPROVER_FILE = new File(TEST_DIR, "role-assign-self-requestable-any-approver.xml");
    protected static final File ROLE_UNASSIGN_SELF_REQUESTABLE_FILE = new File(TEST_DIR, "role-unassign-self-requestable.xml");
    protected static final File ROLE_END_USER_WITH_PRIVACY_FILE = new File(TEST_DIR, "role-end-user-with-privacy.xml");
    protected static final File ROLE_APPROVER_UNASSIGN_ROLES_FILE = new File(TEST_DIR, "role-approver-unassign-roles.xml");
    protected static final File ORG_REQUESTABLE_FILE = new File(TEST_DIR, "org-requestable.xml");
    protected static final File ORG_INDIRECT_PIRATE_FILE = new File(TEST_DIR, "org-indirect-pirate.xml");
    protected static final File ORG_CHEATERS_FILE = new File(TEST_DIR, "org-cheaters.xml");
    protected static final File TASK_USELESS_ADMINISTRATOR_FILE = new File(TEST_DIR, "task-useless-administrator.xml");
    protected static final File TASK_USELESS_JACK_FILE = new File(TEST_DIR, "task-useless-jack.xml");
    protected static final File USER_TEMPLATE_SECURITY_FILE = new File(TEST_DIR, "user-template-security.xml");
    protected static final File CAMPAIGNS_FILE = new File(TEST_DIR, "campaigns.xml");
    protected static final File CASE1_FILE = new File(TEST_DIR, "case-1.xml");
    protected static final File CASE2_FILE = new File(TEST_DIR, "case-2.xml");
    protected static final File CASE3_FILE = new File(TEST_DIR, "case-3.xml");
    protected static final File CASE4_FILE = new File(TEST_DIR, "case-4.xml");
    protected static final ItemPath PASSWORD_PATH = ItemPath.create(new Object[]{UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE});
    protected static final XMLGregorianCalendar JACK_VALID_FROM_LONG_AGO = XmlTypeConverter.createXMLGregorianCalendar(10000L);
    protected static final XMLGregorianCalendar JACK_VALID_TO_LONG_AHEAD = XmlTypeConverter.createXMLGregorianCalendar(10000000000000L);

    @Override // com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest, com.evolveum.midpoint.model.intest.AbstractConfiguredModelIntegrationTest
    public void initSystem(Task task, OperationResult operationResult) throws Exception {
        super.initSystem(task, operationResult);
        repoAddObjectsFromFile(CAMPAIGNS_FILE, operationResult);
        repoAddObjectsFromFile(CASE1_FILE, operationResult);
        repoAddObjectsFromFile(CASE2_FILE, operationResult);
        repoAddObjectsFromFile(CASE3_FILE, operationResult);
        repoAddObjectsFromFile(CASE4_FILE, operationResult);
        repoAddObjectFromFile(ARCHETYPE_BUSINESS_ROLE_FILE, operationResult);
        repoAddObjectFromFile(ARCHETYPE_APPLICATION_ROLE_FILE, operationResult);
        repoAddObjectFromFile(ROLE_READONLY_FILE, operationResult);
        repoAddObjectFromFile(ROLE_READONLY_REQ_FILE, operationResult);
        repoAddObjectFromFile(ROLE_READONLY_EXEC_FILE, operationResult);
        repoAddObjectFromFile(ROLE_READONLY_REQ_EXEC_FILE, operationResult);
        repoAddObjectFromFile(ROLE_READONLY_DEEP_FILE, operationResult);
        repoAddObjectFromFile(ROLE_READONLY_DEEP_EXEC_FILE, operationResult);
        repoAddObjectFromFile(ROLE_READ_BASIC_ITEMS_FILE, operationResult);
        repoAddObjectFromFile(ROLE_SELF_FILE, operationResult);
        repoAddObjectFromFile(ROLE_SELF_DELEGABLE_FILE, operationResult);
        repoAddObjectFromFile(ROLE_CASES_ASSIGNEE_SELF_FILE, operationResult);
        repoAddObjectFromFile(ROLE_CASES_OBJECT_SELF_FILE, operationResult);
        repoAddObjectFromFile(ROLE_CASES_REQUESTOR_SELF_FILE, operationResult);
        repoAddObjectFromFile(ROLE_OBJECT_FILTER_MODIFY_CARIBBEAN_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PROP_READ_ALL_MODIFY_SOME_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PROP_READ_ALL_MODIFY_SOME_USER_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PROP_READ_ALL_MODIFY_SOME_USER_PARTIAL_FILE, operationResult);
        repoAddObjectFromFile(ROLE_MASTER_MINISTRY_OF_RUM_FILE, operationResult);
        repoAddObjectFromFile(ROLE_OBJECT_FILTER_CARIBBEAN_FILE, operationResult);
        repoAddObjectFromFile(ROLE_OBJECT_FILTER_CARIBBEAN_RAW_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PROP_READ_SOME_MODIFY_SOME_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PROP_READ_SOME_MODIFY_SOME_REQ_EXEC_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PROP_READ_SOME_MODIFY_SOME_EXEC_ALL_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PROP_READ_SOME_MODIFY_SOME_FULLNAME_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PROP_READ_SOME_MODIFY_SOME_USER_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PROP_GET_SEARCH_SOME_MODIFY_SOME_USER_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PROP_DENY_MODIFY_SOME_FILE, operationResult);
        repoAddObjectFromFile(ROLE_READ_JACKS_CAMPAIGNS_FILE, operationResult);
        repoAddObjectFromFile(ROLE_READ_SOME_ROLES_FILE, operationResult);
        repoAddObjectFromFile(ROLE_READ_SOME_ROLES_SUBTYPE_FILE, operationResult);
        repoAddObjectFromFile(ROLE_SELF_ACCOUNTS_READ_FILE, operationResult);
        repoAddObjectFromFile(ROLE_SELF_ACCOUNTS_READ_WRITE_FILE, operationResult);
        repoAddObjectFromFile(ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_FILE, operationResult);
        repoAddObjectFromFile(ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_PASSWORD_FILE, operationResult);
        repoAddObjectFromFile(ROLE_ASSIGN_APPLICATION_ROLES_FILE, operationResult);
        repoAddObjectFromFile(ROLE_ASSIGN_NON_APPLICATION_ROLES_FILE, operationResult);
        repoAddObjectFromFile(ROLE_ASSIGN_ANY_ROLES_FILE, operationResult);
        repoAddObjectFromFile(ROLE_ASSIGN_REQUESTABLE_ROLES_FILE, operationResult);
        repoAddObjectFromFile(ROLE_INDUCE_ANY_ROLE_FILE, operationResult);
        repoAddObjectFromFile(ROLE_ASSIGN_ORGRELATION_FILE, operationResult);
        repoAddObjectFromFile(ROLE_DELEGATOR_FILE, operationResult);
        repoAddObjectFromFile(ROLE_DELEGATOR_PLUS_FILE, operationResult);
        repoAddObjectFromFile(ROLE_ORG_READ_ORGS_MINISTRY_OF_RUM_FILE, operationResult);
        repoAddObjectFromFile(ROLE_FILTER_OBJECT_USER_LOCATION_SHADOWS_FILE, operationResult);
        repoAddObjectFromFile(ROLE_FILTER_OBJECT_USER_TYPE_SHADOWS_FILE, operationResult);
        importObjectsFromFileNotRaw(ROLE_APPLICATION_1_FILE, task, operationResult);
        importObjectsFromFileNotRaw(ROLE_APPLICATION_2_FILE, task, operationResult);
        importObjectsFromFileNotRaw(ROLE_BUSINESS_1_FILE, task, operationResult);
        importObjectsFromFileNotRaw(ROLE_BUSINESS_2_FILE, task, operationResult);
        importObjectsFromFileNotRaw(ROLE_BUSINESS_3_FILE, task, operationResult);
        repoAddObjectFromFile(ROLE_CONDITIONAL_FILE, RoleType.class, operationResult);
        repoAddObjectFromFile(ROLE_META_NONSENSE_FILE, RoleType.class, operationResult);
        repoAddObjectFromFile(ROLE_BASIC_FILE, RoleType.class, operationResult);
        repoAddObjectFromFile(ROLE_AUDITOR_FILE, RoleType.class, operationResult);
        repoAddObjectFromFile(ROLE_LIMITED_USER_ADMIN_FILE, RoleType.class, operationResult);
        repoAddObjectFromFile(ROLE_END_USER_FILE, operationResult);
        repoAddObjectFromFile(ROLE_USER_MODIFY_FILE, operationResult);
        repoAddObjectFromFile(ROLE_USER_ADD_FILE, operationResult);
        repoAddObjectFromFile(ROLE_MANAGER_FULL_CONTROL_FILE, operationResult);
        repoAddObjectFromFile(ROLE_MANAGER_USER_ADMIN_FILE, operationResult);
        repoAddObjectFromFile(ROLE_SELF_TASK_OWNER_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PERSONA_MANAGEMENT_FILE, operationResult);
        repoAddObjectFromFile(ROLE_END_USER_REQUESTABLE_ABSTRACTROLES_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PERSONA_ADMIN_FILE, operationResult);
        repoAddObjectFromFile(ROLE_ORDINARY_FILE, operationResult);
        repoAddObjectFromFile(ROLE_UNINTERESTING_FILE, operationResult);
        repoAddObjectFromFile(ROLE_READ_SELF_MODIFY_ORGUNIT_FILE, operationResult);
        repoAddObjectFromFile(ROLE_INDIRECT_PIRATE_FILE, operationResult);
        repoAddObjectFromFile(ROLE_EXPRESSION_READ_ROLES_FILE, operationResult);
        repoAddObjectFromFile(ROLE_ATTORNEY_CARIBBEAN_UNLIMITED_FILE, operationResult);
        repoAddObjectFromFile(ROLE_ATTORNEY_MANAGER_WORKITEMS_FILE, operationResult);
        repoAddObjectFromFile(ROLE_APPROVER_FILE, operationResult);
        repoAddObjectFromFile(ROLE_ASSIGN_SELF_REQUESTABLE_ANY_APPROVER_FILE, operationResult);
        repoAddObjectFromFile(ROLE_UNASSIGN_SELF_REQUESTABLE_FILE, operationResult);
        repoAddObjectFromFile(ROLE_APPROVER_UNASSIGN_ROLES_FILE, operationResult);
        repoAddObjectFromFile(ORG_REQUESTABLE_FILE, operationResult);
        repoAddObjectFromFile(ORG_INDIRECT_PIRATE_FILE, operationResult);
        repoAddObjectFromFile(TASK_USELESS_ADMINISTRATOR_FILE, operationResult);
        repoAddObjectFromFile(TASK_USELESS_JACK_FILE, operationResult);
        repoAddObjectFromFile(OBJECT_TEMPLATE_PERSONA_ADMIN_FILE, operationResult);
        repoAddObjectFromFile(USER_TEMPLATE_SECURITY_FILE, operationResult);
        assignOrg("c0c010c0-d34d-b33f-f00d-111111111116", "00000000-8888-6666-0000-100000000005", task, operationResult);
        assignOrg(RoleType.class, ROLE_BUSINESS_3_OID, "00000000-8888-6666-0000-100000000004", task, operationResult);
        repoAddObjectFromFile(USER_CHARLES_FILE, operationResult);
        PrismObject createUser = createUser(USER_RUM_ROGERS_NAME, "Rum Rogers");
        addObject(createUser, task, operationResult);
        this.userRumRogersOid = createUser.getOid();
        assignOrg(this.userRumRogersOid, "00000000-8888-6666-0000-100000000004", task, operationResult);
        assignRole(this.userRumRogersOid, ROLE_ORDINARY_OID, task, operationResult);
        assignRole(this.userRumRogersOid, ROLE_UNINTERESTING_OID, task, operationResult);
        PrismObject createUser2 = createUser(USER_COBB_NAME, "Cobb");
        addObject(createUser2, task, operationResult);
        this.userCobbOid = createUser2.getOid();
        assignOrg(this.userCobbOid, "00000000-8888-6666-0000-100000000006", task, operationResult);
        assignRole(this.userCobbOid, ROLE_ORDINARY_OID, task, operationResult);
        assignRole(this.userCobbOid, ROLE_UNINTERESTING_OID, task, operationResult);
        setDefaultObjectTemplate(UserType.COMPLEX_TYPE, USER_TEMPLATE_SECURITY_OID, operationResult);
        InternalsConfig.setDetailedAuhotizationLog(true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest, com.evolveum.midpoint.model.intest.AbstractConfiguredModelIntegrationTest
    public int getNumberOfRoles() {
        return super.getNumberOfRoles() + NUMBER_OF_IMPORTED_ROLES;
    }

    @Test
    public void test010SanitySelf() throws Exception {
        TestUtil.displayTestTitle(this, "test010SanitySelf");
        assertLoggedInUsername("administrator");
        PrismObject role = getRole(ROLE_SELF_OID);
        display("Role self", role);
        List<AuthorizationType> authorization = role.asObjectable().getAuthorization();
        AssertJUnit.assertEquals("Wrong number of authorizations", 2, authorization.size());
        AuthorizationType findAutz = findAutz(authorization, ModelAuthorizationAction.READ.getUrl());
        AssertJUnit.assertEquals("Wrong action in authorization", ModelAuthorizationAction.READ.getUrl(), (String) findAutz.getAction().get(0));
        List object = findAutz.getObject();
        AssertJUnit.assertEquals("Wrong number of object specs in authorization", 1, object.size());
        List special = ((SubjectedObjectSelectorType) object.get(0)).getSpecial();
        AssertJUnit.assertEquals("Wrong number of specials in object specs in authorization", 1, special.size());
        AssertJUnit.assertEquals("Wrong special in object specs in authorization", SpecialObjectSpecificationType.SELF, (SpecialObjectSpecificationType) special.get(0));
    }

    @Test
    public void test020SanityArchetypedRoles() throws Exception {
        TestUtil.displayTestTitle(this, "test020SanityArchetypedRoles");
        assertLoggedInUsername("administrator");
        assertRoleAfter(ROLE_BUSINESS_2_OID).assertArchetypeRef(ARCHETYPE_BUSINESS_ROLE_OID);
        assertRoleAfter(ROLE_APPLICATION_2_OID).assertArchetypeRef(ARCHETYPE_APPLICATION_ROLE_OID);
        assertRoleAfter("00000000-0000-0000-0000-00000000aa0f").assertNoArchetypeRef();
    }

    protected AuthorizationType findAutz(List<AuthorizationType> list, String str) {
        for (AuthorizationType authorizationType : list) {
            if (authorizationType.getAction().contains(str)) {
                return authorizationType;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertSuperuserAccess(int i) throws Exception {
        assertReadAllow(i);
        assertReadAllowRaw(i);
        assertAddAllow();
        assertAddAllowRaw();
        assertModifyAllow();
        assertDeleteAllow();
        assertSearch(AccessCertificationCampaignType.class, null, 2);
        assertReadCertCasesAllow();
        assertReadCasesAllow();
        assertSearch(TaskType.class, null, 2);
        assertAssignableRoleSpecification(getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID)).relationDefault().filter().assertAll();
        assertAuditReadAllow();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertNoAccess(PrismObject<UserType> prismObject) throws Exception {
        assertReadDeny();
        assertReadDenyRaw();
        assertAddDeny();
        assertAddDenyRaw();
        assertModifyDeny();
        assertDeleteDeny();
        assertReadCertCasesDeny();
        assertReadCasesDeny();
        assertAssignableRoleSpecification(prismObject).assertNoAccess();
        assertAuditReadDeny();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <O extends ObjectType> void assertItemFlags(PrismObjectDefinition<O> prismObjectDefinition, ItemPath itemPath, boolean z, boolean z2, boolean z3) {
        ItemDefinition findItemDefinition = prismObjectDefinition.findItemDefinition(itemPath);
        AssertJUnit.assertEquals("Wrong readability flag for " + itemPath, z, findItemDefinition.canRead());
        AssertJUnit.assertEquals("Wrong addition flag for " + itemPath, z2, findItemDefinition.canAdd());
        AssertJUnit.assertEquals("Wrong modification flag for " + itemPath, z3, findItemDefinition.canModify());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertAssignmentsWithTargets(PrismObject<UserType> prismObject, int i) {
        PrismContainer findContainer = prismObject.findContainer(UserType.F_ASSIGNMENT);
        AssertJUnit.assertEquals("Unexpected number of assignments in " + prismObject, i, findContainer.size());
        Iterator it = findContainer.getValues().iterator();
        while (it.hasNext()) {
            AssertJUnit.assertNotNull("No targetRef in assignment in " + prismObject, ((PrismContainerValue) it.next()).asContainerable().getTargetRef());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertAttributeFlags(RefinedObjectClassDefinition refinedObjectClassDefinition, QName qName, boolean z, boolean z2, boolean z3) {
        RefinedAttributeDefinition findAttributeDefinition = refinedObjectClassDefinition.findAttributeDefinition(qName);
        AssertJUnit.assertNotNull(findAttributeDefinition);
        AssertJUnit.assertEquals("Wrong readability flag for " + qName, z, findAttributeDefinition.canRead());
        AssertJUnit.assertEquals("Wrong addition flag for " + qName, z2, findAttributeDefinition.canAdd());
        AssertJUnit.assertEquals("Wrong modification flag for " + qName, z3, findAttributeDefinition.canModify());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertAttributeFlags(ObjectClassComplexTypeDefinition objectClassComplexTypeDefinition, QName qName, boolean z, boolean z2, boolean z3) {
        ResourceAttributeDefinition findAttributeDefinition = objectClassComplexTypeDefinition.findAttributeDefinition(qName);
        AssertJUnit.assertNotNull(findAttributeDefinition);
        AssertJUnit.assertEquals("Wrong readability flag for " + qName, z, findAttributeDefinition.canRead());
        AssertJUnit.assertEquals("Wrong addition flag for " + qName, z2, findAttributeDefinition.canAdd());
        AssertJUnit.assertEquals("Wrong modification flag for " + qName, z3, findAttributeDefinition.canModify());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void cleanupAutzTest(String str) throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, ObjectAlreadyExistsException, PolicyViolationException, SecurityViolationException, IOException {
        cleanupAutzTest(str, 0);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void cleanupAutzTest(String str, int i) throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, ObjectAlreadyExistsException, PolicyViolationException, SecurityViolationException, IOException {
        loginAdministrator();
        if (str != null) {
            unassignAllRoles(str);
        }
        Task createTaskInstance = this.taskManager.createTaskInstance(AbstractSecurityTest.class.getName() + ".cleanupAutzTest");
        OperationResult result = createTaskInstance.getResult();
        assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL);
        cleanupDelete(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111122", createTaskInstance, result);
        cleanupDelete(UserType.class, "c0c010c0-d34d-b33f-f00d-11d1d1d1d1d1", createTaskInstance, result);
        cleanupDelete(UserType.class, "c0c010c0-d34d-b33f-f00d-11111111c008", createTaskInstance, result);
        cleanupDelete(UserType.class, USER_MANCOMB_OID, createTaskInstance, result);
        cleanupDelete(UserType.class, USER_CAPSIZE_OID, createTaskInstance, result);
        cleanupDelete(UserType.class, AbstractConfiguredModelIntegrationTest.USER_WILL_OID, createTaskInstance, result);
        cleanupDeleteUserByUsername("nooid", createTaskInstance, result);
        cleanupAdd(USER_LARGO_FILE, createTaskInstance, result);
        cleanupAdd(USER_LECHUCK_FILE, createTaskInstance, result);
        cleanupAdd(USER_ESTEVAN_FILE, createTaskInstance, result);
        modifyUserReplace(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_HONORIFIC_PREFIX, createTaskInstance, result, new Object[0]);
        modifyUserReplace(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_COST_CENTER, createTaskInstance, result, new Object[0]);
        modifyUserReplace(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_FULL_NAME, createTaskInstance, result, new Object[]{createPolyString("Jack Sparrow")});
        modifyUserReplace(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_ADDITIONAL_NAME, createTaskInstance, result, new Object[]{createPolyString("Jackie")});
        modifyUserReplace(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_SUBTYPE, createTaskInstance, result, new Object[]{AbstractConfiguredModelIntegrationTest.USER_JACK_SUBTYPE});
        modifyUserReplace(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, SchemaConstants.PATH_ACTIVATION_VALID_FROM, createTaskInstance, result, new Object[0]);
        modifyUserReplace(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, SchemaConstants.PATH_ACTIVATION_VALID_TO, createTaskInstance, result, new Object[0]);
        modifyUserReplace(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_GIVEN_NAME, createTaskInstance, result, new Object[]{createPolyString(AbstractConfiguredModelIntegrationTest.USER_JACK_GIVEN_NAME)});
        modifyUserReplace(this.userRumRogersOid, UserType.F_TITLE, createTaskInstance, result, new Object[0]);
        modifyUserReplace("c0c010c0-d34d-b33f-f00d-111111111116", UserType.F_HONORIFIC_PREFIX, createTaskInstance, result, new Object[]{PrismTestUtil.createPolyString("Wannabe")});
        unassignAccountFromUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "10000000-0000-0000-0000-000000000004", null);
        unassignOrg(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "00000000-8888-6666-0000-100000000004", SchemaConstants.ORG_MANAGER, createTaskInstance, result);
        unassignOrg(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "00000000-8888-6666-0000-100000000004", null, createTaskInstance, result);
        unassignOrg(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "00000000-8888-6666-0000-100000000002", SchemaConstants.ORG_MANAGER, createTaskInstance, result);
        unassignOrg(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "00000000-8888-6666-0000-100000000002", null, createTaskInstance, result);
        cleanupDelete(TaskType.class, TASK_T1_OID, createTaskInstance, result);
        cleanupDelete(TaskType.class, TASK_T2_OID, createTaskInstance, result);
        cleanupDelete(TaskType.class, TASK_T3_OID, createTaskInstance, result);
        cleanupDelete(TaskType.class, TASK_T4_OID, createTaskInstance, result);
        cleanupDelete(TaskType.class, TASK_T5_OID, createTaskInstance, result);
        cleanupDelete(TaskType.class, TASK_T6_OID, createTaskInstance, result);
        cleanupDelete(RoleType.class, "12345111-1111-2222-1111-121212111112", createTaskInstance, result);
        cleanupAdd(ROLE_EMPTY_FILE, createTaskInstance, result);
        assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
        if (str != null) {
            PrismObject user = getUser(str);
            assertAssignments(user, i);
            if (i == 0) {
                assertLinks(user, 0);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void cleanupUnassign(String str, String str2) throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, ObjectAlreadyExistsException, PolicyViolationException, SecurityViolationException {
        unassignRole(str, str2);
    }

    protected void cleanupAdd(File file, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, SecurityViolationException, IOException {
        try {
            addObject(file, task, operationResult);
        } catch (ObjectAlreadyExistsException e) {
            operationResult.getLastSubresult().setStatus(OperationResultStatus.HANDLED_ERROR);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <O extends ObjectType> void cleanupDelete(Class<O> cls, String str, Task task, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, SecurityViolationException, ObjectAlreadyExistsException {
        try {
            deleteObject(cls, str, task, operationResult);
        } catch (ObjectNotFoundException e) {
            operationResult.getLastSubresult().setStatus(OperationResultStatus.HANDLED_ERROR);
        }
    }

    private void cleanupDeleteUserByUsername(String str, Task task, OperationResult operationResult) throws CommunicationException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException {
        try {
            PrismObject findUserByUsername = findUserByUsername(str);
            if (findUserByUsername == null) {
                return;
            }
            deleteObject(UserType.class, findUserByUsername.getOid(), task, operationResult);
        } catch (ObjectNotFoundException e) {
            operationResult.getLastSubresult().setStatus(OperationResultStatus.HANDLED_ERROR);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertVisibleUsers(int i) throws Exception {
        assertSearch(UserType.class, null, i);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertReadDeny() throws Exception {
        assertReadDeny(0);
        assertReadDenyRaw();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertReadCertCasesDeny() throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        assertReadCertCases(0);
    }

    protected void assertReadCasesDeny() throws Exception {
        assertReadCases(0);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertReadCertCasesAllow() throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        assertReadCertCases(3);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertReadCasesAllow() throws Exception {
        assertReadCases(4);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertReadCertCases(int i) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        assertContainerSearch(AccessCertificationCaseType.class, null, i);
    }

    protected void assertReadCases(int i) throws Exception {
        assertSearch(CaseType.class, null, i);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertReadCases(String... strArr) throws Exception {
        assertSearch(CaseType.class, null, strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertReadDeny(int i) throws Exception {
        assertGetDeny(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        assertGetDeny(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID, SelectorOptions.createCollection(GetOperationOptions.createRaw()));
        assertGetDeny(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111116");
        assertGetDeny(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111116", SelectorOptions.createCollection(GetOperationOptions.createRaw()));
        assertSearch(UserType.class, null, i);
        assertSearch(UserType.class, createNameQuery("jack"), 0);
        assertSearch(UserType.class, createNameQuery("jack"), SelectorOptions.createCollection(GetOperationOptions.createRaw()), 0);
        assertSearch(UserType.class, createNameQuery("guybrush"), 0);
        assertSearch(UserType.class, createNameQuery("guybrush"), SelectorOptions.createCollection(GetOperationOptions.createRaw()), 0);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertReadDenyRaw() throws Exception {
        assertGetDeny(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID, SelectorOptions.createCollection(GetOperationOptions.createRaw()));
        assertGetDeny(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111116", SelectorOptions.createCollection(GetOperationOptions.createRaw()));
        assertSearchDeny(UserType.class, null, SelectorOptions.createCollection(GetOperationOptions.createRaw()));
        assertSearchDeny(UserType.class, createNameQuery("jack"), SelectorOptions.createCollection(GetOperationOptions.createRaw()));
        assertSearchDeny(UserType.class, createNameQuery("guybrush"), SelectorOptions.createCollection(GetOperationOptions.createRaw()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertReadAllow() throws Exception {
        assertReadAllow(11);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertReadAllow(int i) throws Exception {
        assertGetAllow(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        assertGetAllow(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111116");
        assertSearch(UserType.class, null, i);
        assertSearch(UserType.class, this.prismContext.queryFactory().createQuery(this.prismContext.queryFactory().createAll()), i);
        assertSearch(UserType.class, createNameQuery("jack"), 1);
        assertSearch(UserType.class, createNameQuery("guybrush"), 1);
    }

    protected void assertReadAllowRaw() throws Exception {
        assertReadAllowRaw(11);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertReadAllowRaw(int i) throws Exception {
        assertGetAllow(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID, SelectorOptions.createCollection(GetOperationOptions.createRaw()));
        assertGetAllow(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111116", SelectorOptions.createCollection(GetOperationOptions.createRaw()));
        assertSearch(UserType.class, null, SelectorOptions.createCollection(GetOperationOptions.createRaw()), i);
        assertSearch(UserType.class, createNameQuery("jack"), SelectorOptions.createCollection(GetOperationOptions.createRaw()), 1);
        assertSearch(UserType.class, createNameQuery("guybrush"), SelectorOptions.createCollection(GetOperationOptions.createRaw()), 1);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertAddDeny() throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, IOException {
        assertAddDeny(USER_HERMAN_FILE);
        assertImportStreamDeny(USER_RAPP_FILE);
        assertAddDenyRaw();
    }

    protected void assertAddDenyRaw() throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, IOException {
        assertAddDeny(USER_DRAKE_FILE, ModelExecuteOptions.createRaw());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertAddAllow() throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, SecurityViolationException, IOException {
        assertAddAllow(USER_HERMAN_FILE);
        assertImportStreamAllow(USER_RAPP_FILE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertAddAllowRaw() throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, SecurityViolationException, IOException {
        assertAddAllow(USER_DRAKE_FILE, ModelExecuteOptions.createRaw());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertModifyDeny() throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException {
        assertModifyDeny(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Captain"));
        assertModifyDeny(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111116", UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Pirate"));
        assertModifyDenyRaw();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertModifyDenyRaw() throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException {
        assertModifyDenyOptions(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_HONORIFIC_SUFFIX, ModelExecuteOptions.createRaw(), PrismTestUtil.createPolyString("CSc"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertModifyAllow() throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, SecurityViolationException {
        assertModifyAllow(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Captain"));
        assertModifyAllow(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111116", UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Pirate"));
    }

    protected void assertModifyAllowRaw() throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, SecurityViolationException {
        assertModifyAllowOptions(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_HONORIFIC_SUFFIX, ModelExecuteOptions.createRaw(), PrismTestUtil.createPolyString("CSc"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertDeleteDeny() throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, SecurityViolationException {
        assertDeleteDeny(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111118");
        assertDeleteDeny(UserType.class, USER_LECHUCK_OID, ModelExecuteOptions.createRaw());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertDeleteAllow() throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, SecurityViolationException {
        assertDeleteAllow(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111118");
        assertDeleteAllow(UserType.class, USER_LECHUCK_OID, ModelExecuteOptions.createRaw());
    }

    protected <C extends Containerable> void assertContainerSearch(Class<C> cls, ObjectQuery objectQuery, int i) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        assertContainerSearch(cls, objectQuery, null, i);
    }

    protected <C extends Containerable> void assertContainerSearch(Class<C> cls, ObjectQuery objectQuery, Collection<SelectorOptions<GetOperationOptions>> collection, int i) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        Task createTaskInstance = this.taskManager.createTaskInstance(AbstractSecurityTest.class.getName() + ".assertSearchContainers");
        OperationResult result = createTaskInstance.getResult();
        try {
            logAttempt("searchContainers", cls, objectQuery);
            SearchResultList searchContainers = this.modelService.searchContainers(cls, objectQuery, collection, createTaskInstance, result);
            display("Search returned", searchContainers.toString());
            if (searchContainers.size() > i) {
                failDeny("search", cls, objectQuery, i, searchContainers.size());
            } else if (searchContainers.size() < i) {
                failAllow("search", cls, objectQuery, i, searchContainers.size());
            }
            result.computeStatus();
            TestUtil.assertSuccess(result);
        } catch (SecurityViolationException e) {
            result.computeStatus();
            TestUtil.assertFailure(result);
            failAllow("search", cls, objectQuery, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <O extends ObjectType> void assertModifyMetadataDeny(Class<O> cls, String str) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException {
        assertModifyDenyOptions(cls, str, getMetadataPath(MetadataType.F_MODIFY_TIMESTAMP), null, XmlTypeConverter.addDuration(this.clock.currentTimeXMLGregorianCalendar(), "-PT1H"));
        assertModifyDenyOptions(cls, str, getMetadataPath(MetadataType.F_CREATE_CHANNEL), null, "hackHackHack");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <O extends ObjectType> void assertPasswordChangeDeny(Class<O> cls, String str, String str2) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException {
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue(str2);
        assertModifyDeny(cls, str, PASSWORD_PATH, protectedStringType);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <O extends ObjectType> void assertPasswordChangeAllow(Class<O> cls, String str, String str2) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, SecurityViolationException {
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue(str2);
        assertModifyAllow(cls, str, PASSWORD_PATH, protectedStringType);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <O extends ObjectType> void assertModifyDenyRaw(Class<O> cls, String str, ItemName itemName, Object... objArr) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException {
        assertModifyDenyOptions(cls, str, itemName, ModelExecuteOptions.createRaw(), objArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <O extends ObjectType> void assertModifyDenyPartial(Class<O> cls, String str, ItemName itemName, Object... objArr) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException {
        PartialProcessingOptionsType partialProcessingOptionsType = new PartialProcessingOptionsType();
        partialProcessingOptionsType.setApprovals(PartialProcessingTypeType.SKIP);
        assertModifyDenyOptions(cls, str, itemName, ModelExecuteOptions.createPartialProcessing(partialProcessingOptionsType), objArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <O extends ObjectType> void assertModifyDeny(Class<O> cls, String str, ItemPath itemPath, Object... objArr) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException {
        assertModifyDenyOptions(cls, str, itemPath, null, objArr);
    }

    protected <O extends ObjectType> void assertModifyDenyOptions(Class<O> cls, String str, ItemPath itemPath, ModelExecuteOptions modelExecuteOptions, Object... objArr) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException {
        Task createTaskInstance = this.taskManager.createTaskInstance(AbstractSecurityTest.class.getName() + ".assertModifyDeny");
        OperationResult result = createTaskInstance.getResult();
        Collection createCollection = MiscSchemaUtil.createCollection(new ObjectDelta[]{this.prismContext.deltaFactory().object().createModificationReplaceProperty(cls, str, itemPath, objArr)});
        try {
            logAttempt("modify", cls, str, itemPath);
            this.modelService.executeChanges(createCollection, modelExecuteOptions, createTaskInstance, result);
            failDeny("modify", cls, str, itemPath);
        } catch (SecurityViolationException e) {
            logDeny("modify", cls, str, itemPath);
            result.computeStatus();
            TestUtil.assertFailure(result);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <O extends ObjectType> void assertModifyAllow(Class<O> cls, String str, ItemPath itemPath, Object... objArr) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, SecurityViolationException {
        assertModifyAllowOptions(cls, str, itemPath, null, objArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <O extends ObjectType> void assertModifyAllowPartial(Class<O> cls, String str, ItemName itemName, Object... objArr) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, SecurityViolationException {
        PartialProcessingOptionsType partialProcessingOptionsType = new PartialProcessingOptionsType();
        partialProcessingOptionsType.setApprovals(PartialProcessingTypeType.SKIP);
        assertModifyAllowOptions(cls, str, itemName, ModelExecuteOptions.createPartialProcessing(partialProcessingOptionsType), objArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <O extends ObjectType> void assertModifyAllowOptions(Class<O> cls, String str, ItemPath itemPath, ModelExecuteOptions modelExecuteOptions, Object... objArr) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, PolicyViolationException, SecurityViolationException {
        Task createTaskInstance = this.taskManager.createTaskInstance(AbstractSecurityTest.class.getName() + ".assertModifyAllow");
        OperationResult result = createTaskInstance.getResult();
        Collection createCollection = MiscSchemaUtil.createCollection(new ObjectDelta[]{this.prismContext.deltaFactory().object().createModificationReplaceProperty(cls, str, itemPath, objArr)});
        try {
            logAttempt("modify", cls, str, itemPath);
            this.modelService.executeChanges(createCollection, modelExecuteOptions, createTaskInstance, result);
        } catch (SecurityViolationException e) {
            failAllow("modify", cls, str, itemPath, e);
        }
        result.computeStatus();
        TestUtil.assertSuccess(result);
        logAllow("modify", cls, str, itemPath);
    }

    protected void assertImportDeny(File file) throws FileNotFoundException {
        Task createTaskInstance = this.taskManager.createTaskInstance(AbstractSecurityTest.class.getName() + ".assertImportDeny");
        OperationResult result = createTaskInstance.getResult();
        this.modelService.importObjectsFromFile(file, (ImportOptionsType) null, createTaskInstance, result);
        result.computeStatus();
        TestUtil.assertFailure(result);
    }

    protected void assertImportAllow(File file) throws FileNotFoundException {
        Task createTaskInstance = this.taskManager.createTaskInstance(AbstractSecurityTest.class.getName() + ".assertImportAllow");
        OperationResult result = createTaskInstance.getResult();
        this.modelService.importObjectsFromFile(file, (ImportOptionsType) null, createTaskInstance, result);
        result.computeStatus();
        TestUtil.assertSuccess(result);
    }

    protected void assertImportStreamDeny(File file) throws FileNotFoundException {
        Task createTaskInstance = this.taskManager.createTaskInstance(AbstractSecurityTest.class.getName() + ".assertImportStreamDeny");
        OperationResult result = createTaskInstance.getResult();
        this.modelService.importObjectsFromStream(new FileInputStream(file), "xml", (ImportOptionsType) null, createTaskInstance, result);
        result.computeStatus();
        TestUtil.assertFailure(result);
    }

    protected void assertImportStreamAllow(File file) throws FileNotFoundException {
        Task createTaskInstance = this.taskManager.createTaskInstance(AbstractSecurityTest.class.getName() + ".assertImportStreamAllow");
        OperationResult result = createTaskInstance.getResult();
        this.modelService.importObjectsFromStream(new FileInputStream(file), "xml", (ImportOptionsType) null, createTaskInstance, result);
        result.computeStatus();
        TestUtil.assertSuccess(result);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertJack(MidPointPrincipal midPointPrincipal) {
        display("Principal jack", midPointPrincipal);
        AssertJUnit.assertEquals("wrong username", "jack", midPointPrincipal.getUsername());
        AssertJUnit.assertEquals("wrong oid", AbstractConfiguredModelIntegrationTest.USER_JACK_OID, midPointPrincipal.getOid());
        assertJack(midPointPrincipal.getUser());
    }

    protected void assertJack(UserType userType) {
        display("User in principal jack", userType.asPrismObject());
        assertUserJack(userType.asPrismObject());
        userType.asPrismObject().checkConsistence(true, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertHasAuthorizationAllow(Authorization authorization, String... strArr) {
        AssertJUnit.assertNotNull("Null authorization", authorization);
        AssertJUnit.assertEquals("Wrong decision in " + authorization, AuthorizationDecisionType.ALLOW, authorization.getDecision());
        TestUtil.assertSetEquals("Wrong action in " + authorization, authorization.getAction(), strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <O extends ObjectType, T extends ObjectType> void assertIsAuthorized(String str, AuthorizationPhaseType authorizationPhaseType, AuthorizationParameters<O, T> authorizationParameters, OwnerResolver ownerResolver) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        Task createTaskInstance = this.taskManager.createTaskInstance(AbstractSecurityTest.class.getName() + ".assertIsAuthorized");
        OperationResult result = createTaskInstance.getResult();
        AssertJUnit.assertTrue("Expected isAuthorized for " + QNameUtil.uriToQName(str).getLocalPart() + " with " + authorizationParameters + ", but we are not authorized", this.securityEnforcer.isAuthorized(str, authorizationPhaseType, authorizationParameters, ownerResolver, createTaskInstance, result));
        result.computeStatus();
        TestUtil.assertSuccess(result);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <O extends ObjectType, T extends ObjectType> void assertIsNotAuthorized(String str, AuthorizationPhaseType authorizationPhaseType, AuthorizationParameters<O, T> authorizationParameters, OwnerResolver ownerResolver) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        Task createTaskInstance = this.taskManager.createTaskInstance(AbstractSecurityTest.class.getName() + ".assertIsAuthorized");
        OperationResult result = createTaskInstance.getResult();
        AssertJUnit.assertFalse("Expected not isAuthorized for " + QNameUtil.uriToQName(str).getLocalPart() + " with " + authorizationParameters + ", but we are authorized", this.securityEnforcer.isAuthorized(str, authorizationPhaseType, authorizationParameters, ownerResolver, createTaskInstance, result));
        result.computeStatus();
        TestUtil.assertSuccess(result);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertGlobalStateUntouched() throws SchemaException {
        RefinedObjectClassDefinition defaultRefinedDefinition = RefinedResourceSchema.getRefinedSchema(getDummyResourceObject()).getDefaultRefinedDefinition(ShadowKindType.ACCOUNT);
        assertAttributeFlags(defaultRefinedDefinition, (QName) SchemaConstants.ICFS_UID, true, false, false);
        assertAttributeFlags(defaultRefinedDefinition, (QName) SchemaConstants.ICFS_NAME, true, true, true);
        assertAttributeFlags(defaultRefinedDefinition, new QName("location"), true, true, true);
        assertAttributeFlags(defaultRefinedDefinition, new QName("weapon"), true, true, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertAuditReadDeny() throws Exception {
        assertDeny("auditHistory", (task, operationResult) -> {
            getAllAuditRecords(task, operationResult);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertAuditReadAllow() throws Exception {
        assertAllow("auditHistory", (task, operationResult) -> {
            List auditRecords = getAuditRecords(10, task, operationResult);
            AssertJUnit.assertTrue("No audit records", (auditRecords == null || auditRecords.isEmpty()) ? false : true);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertCanSearchRoleMemberUsers(String str, boolean z) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        assertCanSearch("Search user members of role " + str, UserType.class, null, null, false, createMembersQuery(UserType.class, str), z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertCanSearchRoleMembers(String str, boolean z) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        assertCanSearch("Search all members of role " + str, FocusType.class, null, null, false, createMembersQuery(FocusType.class, str), z);
    }

    protected <T extends ObjectType, O extends ObjectType> void assertCanSearch(String str, Class<T> cls, Class<O> cls2, String str2, boolean z, ObjectQuery objectQuery, boolean z2) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        Task createTask = createTask("assertCanSearch");
        OperationResult result = createTask.getResult();
        String str3 = "canSearch(" + str + ")";
        logAttempt(str3);
        boolean canSearch = this.modelInteractionService.canSearch(cls, cls2, str2, z, objectQuery, createTask, result);
        assertSuccess(result);
        if (z2) {
            if (canSearch) {
                logAllow(str3);
                return;
            } else {
                failAllow(str3, null);
                return;
            }
        }
        if (canSearch) {
            failDeny(str3);
        } else {
            logDeny(str3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <O extends ObjectType> ObjectQuery createMembersQuery(Class<O> cls, String str) {
        return this.prismContext.queryFor(cls).item(UserType.F_ROLE_MEMBERSHIP_REF).ref(new String[]{str}).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MidPointPrincipal assumePowerOfAttorneyAllow(String str) throws Exception {
        Holder holder = new Holder();
        assertAllow("assumePowerOfAttorney", (task, operationResult) -> {
            holder.setValue(this.modelInteractionService.assumePowerOfAttorney(this.repositoryService.getObject(UserType.class, str, (Collection) null, operationResult), task, operationResult));
        });
        return (MidPointPrincipal) holder.getValue();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MidPointPrincipal assumePowerOfAttorneyDeny(String str) throws Exception {
        Holder holder = new Holder();
        assertDeny("assumePowerOfAttorney", (task, operationResult) -> {
            holder.setValue(this.modelInteractionService.assumePowerOfAttorney(this.repositoryService.getObject(UserType.class, str, (Collection) null, operationResult), task, operationResult));
        });
        return (MidPointPrincipal) holder.getValue();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MidPointPrincipal dropPowerOfAttorneyAllow() throws Exception {
        Holder holder = new Holder();
        assertAllow("assumePowerOfAttorney", (task, operationResult) -> {
            holder.setValue(this.modelInteractionService.dropPowerOfAttorney(task, operationResult));
        });
        return (MidPointPrincipal) holder.getValue();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertReadSomeModifySome(int i) throws Exception {
        assertReadAllow();
        assertModifyAllow(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_ADDITIONAL_NAME, PrismTestUtil.createPolyString("Captain"));
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display(AbstractConfiguredModelIntegrationTest.USER_JACK_GIVEN_NAME, user);
        assertUserJackReadSomeModifySome(user, i);
        assertJackEditSchemaReadSomeModifySome(user);
        PrismObject findUserByUsername = findUserByUsername("guybrush");
        display("Guybrush", findUserByUsername);
        PrismAsserts.assertPropertyValue(findUserByUsername, UserType.F_NAME, new PolyString[]{PrismTestUtil.createPolyString("guybrush")});
        PrismAsserts.assertPropertyValue(findUserByUsername, UserType.F_FULL_NAME, new PolyString[]{PrismTestUtil.createPolyString(AbstractConfiguredModelIntegrationTest.ACCOUNT_GUYBRUSH_DUMMY_FULLNAME)});
        PrismAsserts.assertPropertyValue(findUserByUsername, ItemPath.create(new Object[]{UserType.F_ACTIVATION, ActivationType.F_ADMINISTRATIVE_STATUS}), new ActivationStatusType[]{ActivationStatusType.ENABLED});
        PrismAsserts.assertNoItem(findUserByUsername, UserType.F_GIVEN_NAME);
        PrismAsserts.assertNoItem(findUserByUsername, UserType.F_FAMILY_NAME);
        PrismAsserts.assertNoItem(findUserByUsername, UserType.F_ADDITIONAL_NAME);
        PrismAsserts.assertNoItem(findUserByUsername, UserType.F_DESCRIPTION);
        PrismAsserts.assertNoItem(findUserByUsername, ItemPath.create(new Object[]{UserType.F_ACTIVATION, ActivationType.F_EFFECTIVE_STATUS}));
        assertAssignmentsWithTargets(findUserByUsername, 1);
        assertAddDeny();
        assertModifyAllow(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_FULL_NAME, createPolyString("Captain Jack Sparrow"));
        assertModifyAllow(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID, SchemaConstants.PATH_ACTIVATION_VALID_FROM, JACK_VALID_FROM_LONG_AGO);
        assertModifyAllow(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111116", UserType.F_DESCRIPTION, "Pirate wannabe");
        assertModifyDeny(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_HONORIFIC_PREFIX, createPolyString("Captain"));
        assertModifyDeny(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111116", UserType.F_HONORIFIC_PREFIX, createPolyString("Pirate"));
        assertModifyDeny(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111112", UserType.F_HONORIFIC_PREFIX, createPolyString("Mutinier"));
        assertModifyDeny(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_COST_CENTER, "V3RYC0STLY");
        assertModifyDeny(UserType.class, AbstractConfiguredModelIntegrationTest.USER_JACK_OID, UserType.F_ORGANIZATION, createPolyString("Brethren of the Coast"));
        assertDeleteDeny();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertUserJackReadSomeModifySome(PrismObject<UserType> prismObject, int i) {
        PrismAsserts.assertPropertyValue(prismObject, UserType.F_NAME, new PolyString[]{PrismTestUtil.createPolyString("jack")});
        PrismAsserts.assertPropertyValue(prismObject, UserType.F_FULL_NAME, new PolyString[]{PrismTestUtil.createPolyString("Jack Sparrow")});
        PrismAsserts.assertPropertyValue(prismObject, ItemPath.create(new Object[]{UserType.F_ACTIVATION, ActivationType.F_ADMINISTRATIVE_STATUS}), new ActivationStatusType[]{ActivationStatusType.ENABLED});
        PrismAsserts.assertNoItem(prismObject, UserType.F_GIVEN_NAME);
        PrismAsserts.assertNoItem(prismObject, UserType.F_FAMILY_NAME);
        PrismAsserts.assertNoItem(prismObject, UserType.F_ADDITIONAL_NAME);
        PrismAsserts.assertNoItem(prismObject, UserType.F_DESCRIPTION);
        PrismAsserts.assertNoItem(prismObject, ItemPath.create(new Object[]{UserType.F_ACTIVATION, ActivationType.F_EFFECTIVE_STATUS}));
        assertAssignmentsWithTargets(prismObject, i);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertJackEditSchemaReadSomeModifySome(PrismObject<UserType> prismObject) throws SchemaException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, SecurityViolationException {
        PrismObjectDefinition editObjectDefinition = getEditObjectDefinition(prismObject);
        display("Jack's edit schema", editObjectDefinition);
        assertItemFlags(editObjectDefinition, UserType.F_NAME, true, false, false);
        assertItemFlags(editObjectDefinition, UserType.F_FULL_NAME, true, false, true);
        assertItemFlags(editObjectDefinition, UserType.F_DESCRIPTION, false, false, true);
        assertItemFlags(editObjectDefinition, UserType.F_GIVEN_NAME, false, false, false);
        assertItemFlags(editObjectDefinition, UserType.F_FAMILY_NAME, false, false, false);
        assertItemFlags(editObjectDefinition, UserType.F_ADDITIONAL_NAME, false, false, true);
        assertItemFlags(editObjectDefinition, UserType.F_METADATA, false, false, false);
        assertItemFlags(editObjectDefinition, ItemPath.create(new Object[]{UserType.F_METADATA, MetadataType.F_CREATE_TIMESTAMP}), false, false, false);
        assertItemFlags(editObjectDefinition, UserType.F_ASSIGNMENT, true, false, false);
        assertItemFlags(editObjectDefinition, ItemPath.create(new Object[]{UserType.F_ASSIGNMENT, UserType.F_METADATA}), true, false, false);
        assertItemFlags(editObjectDefinition, ItemPath.create(new Object[]{UserType.F_ASSIGNMENT, UserType.F_METADATA, MetadataType.F_CREATE_TIMESTAMP}), true, false, false);
        assertItemFlags(editObjectDefinition, UserType.F_ACTIVATION, true, false, true);
        assertItemFlags(editObjectDefinition, ItemPath.create(new Object[]{UserType.F_ACTIVATION, ActivationType.F_ADMINISTRATIVE_STATUS}), true, false, false);
        assertItemFlags(editObjectDefinition, ItemPath.create(new Object[]{UserType.F_ACTIVATION, ActivationType.F_EFFECTIVE_STATUS}), false, false, false);
    }
}
