package com.evolveum.midpoint.provisioning.impl;

import com.evolveum.midpoint.common.refinery.RefinedAssociationDefinition;
import com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition;
import com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition;
import com.evolveum.midpoint.common.refinery.RefinedResourceSchema;
import com.evolveum.midpoint.prism.ModificationType;
import com.evolveum.midpoint.prism.PrismContainer;
import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.delta.ContainerDelta;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.match.MatchingRule;
import com.evolveum.midpoint.prism.match.MatchingRuleRegistry;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.query.EqualFilter;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.prism.util.PrismUtil;
import com.evolveum.midpoint.provisioning.api.GenericConnectorException;
import com.evolveum.midpoint.provisioning.ucf.api.AttributesToReturn;
import com.evolveum.midpoint.provisioning.ucf.api.ConnectorInstance;
import com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException;
import com.evolveum.midpoint.provisioning.ucf.api.Operation;
import com.evolveum.midpoint.provisioning.ucf.api.PropertyModificationOperation;
import com.evolveum.midpoint.provisioning.ucf.api.ResultHandler;
import com.evolveum.midpoint.provisioning.util.ProvisioningUtil;
import com.evolveum.midpoint.schema.processor.ResourceAttribute;
import com.evolveum.midpoint.schema.processor.ResourceAttributeContainer;
import com.evolveum.midpoint.schema.processor.SearchHierarchyConstraints;
import com.evolveum.midpoint.schema.processor.SearchHierarchyScope;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ResourceTypeUtil;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.TunnelException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectAssociationDirectionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.xml.namespace.QName;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

/* JADX INFO: Access modifiers changed from: package-private */
@Component
/* loaded from: input_file:com/evolveum/midpoint/provisioning/impl/EntitlementConverter.class */
public class EntitlementConverter {
    private static final Trace LOGGER = TraceManager.getTrace(EntitlementConverter.class);

    @Autowired(required = true)
    private ResourceObjectReferenceResolver resourceObjectReferenceResolver;

    @Autowired(required = true)
    private PrismContext prismContext;

    @Autowired(required = true)
    private MatchingRuleRegistry matchingRuleRegistry;

    EntitlementConverter() {
    }

    public void postProcessEntitlementsRead(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject, OperationResult operationResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException {
        ResourceType resource = provisioningContext.getResource();
        RefinedObjectClassDefinition objectClassDefinition = provisioningContext.getObjectClassDefinition();
        Collection<RefinedAssociationDefinition> entitlementAssociations = objectClassDefinition.getEntitlementAssociations();
        if (entitlementAssociations != null) {
            ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(prismObject);
            RefinedResourceSchema.getRefinedSchema(resource);
            PrismContainer<ShadowAssociationType> instantiate = prismObject.getDefinition().findContainerDefinition(ShadowType.F_ASSOCIATION).instantiate();
            for (RefinedAssociationDefinition refinedAssociationDefinition : entitlementAssociations) {
                Iterator it = refinedAssociationDefinition.getIntents().iterator();
                while (it.hasNext()) {
                    ProvisioningContext spawn = provisioningContext.spawn(ShadowKindType.ENTITLEMENT, (String) it.next());
                    RefinedObjectClassDefinition objectClassDefinition2 = spawn.getObjectClassDefinition();
                    if (objectClassDefinition2 == null) {
                        throw new SchemaException("No definition for entitlement intent(s) '" + refinedAssociationDefinition.getIntents() + "' in " + resource);
                    }
                    ResourceObjectAssociationDirectionType direction = refinedAssociationDefinition.getResourceObjectAssociationType().getDirection();
                    if (direction == ResourceObjectAssociationDirectionType.SUBJECT_TO_OBJECT) {
                        postProcessEntitlementSubjectToEntitlement(resource, prismObject, objectClassDefinition, refinedAssociationDefinition, objectClassDefinition2, attributesContainer, instantiate, operationResult);
                    } else {
                        if (direction != ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT) {
                            throw new IllegalArgumentException("Unknown entitlement direction " + direction + " in association " + refinedAssociationDefinition + " in " + resource);
                        }
                        if (refinedAssociationDefinition.getResourceObjectAssociationType().getShortcutAssociationAttribute() != null) {
                            postProcessEntitlementSubjectToEntitlement(resource, prismObject, objectClassDefinition, refinedAssociationDefinition, objectClassDefinition2, attributesContainer, instantiate, refinedAssociationDefinition.getResourceObjectAssociationType().getShortcutAssociationAttribute(), refinedAssociationDefinition.getResourceObjectAssociationType().getShortcutValueAttribute(), operationResult);
                        } else {
                            postProcessEntitlementEntitlementToSubject(provisioningContext, prismObject, refinedAssociationDefinition, spawn, attributesContainer, instantiate, operationResult);
                        }
                    }
                }
            }
            if (instantiate.isEmpty()) {
                return;
            }
            prismObject.add(instantiate);
        }
    }

    private <S extends ShadowType, T> void postProcessEntitlementSubjectToEntitlement(ResourceType resourceType, PrismObject<S> prismObject, RefinedObjectClassDefinition refinedObjectClassDefinition, RefinedAssociationDefinition refinedAssociationDefinition, RefinedObjectClassDefinition refinedObjectClassDefinition2, ResourceAttributeContainer resourceAttributeContainer, PrismContainer<ShadowAssociationType> prismContainer, OperationResult operationResult) throws SchemaException {
        postProcessEntitlementSubjectToEntitlement(resourceType, prismObject, refinedObjectClassDefinition, refinedAssociationDefinition, refinedObjectClassDefinition2, resourceAttributeContainer, prismContainer, refinedAssociationDefinition.getResourceObjectAssociationType().getAssociationAttribute(), refinedAssociationDefinition.getResourceObjectAssociationType().getValueAttribute(), operationResult);
    }

    private <S extends ShadowType, T> void postProcessEntitlementSubjectToEntitlement(ResourceType resourceType, PrismObject<S> prismObject, RefinedObjectClassDefinition refinedObjectClassDefinition, RefinedAssociationDefinition refinedAssociationDefinition, RefinedObjectClassDefinition refinedObjectClassDefinition2, ResourceAttributeContainer resourceAttributeContainer, PrismContainer<ShadowAssociationType> prismContainer, QName qName, QName qName2, OperationResult operationResult) throws SchemaException {
        QName name = refinedAssociationDefinition.getName();
        if (name == null) {
            throw new SchemaException("No name in entitlement association " + refinedAssociationDefinition + " in " + resourceType);
        }
        if (qName == null) {
            throw new SchemaException("No association attribute defined in entitlement association '" + name + "' in " + resourceType);
        }
        if (refinedObjectClassDefinition.findAttributeDefinition(qName) == null) {
            throw new SchemaException("Association attribute '" + qName + "'defined in entitlement association '" + name + "' was not found in schema for " + resourceType);
        }
        ResourceAttribute findAttribute = resourceAttributeContainer.findAttribute(qName);
        if (findAttribute == null || findAttribute.isEmpty()) {
            return;
        }
        if (qName2 == null) {
            throw new SchemaException("No value attribute defined in entitlement association '" + name + "' in " + resourceType);
        }
        RefinedAttributeDefinition findAttributeDefinition = refinedObjectClassDefinition2.findAttributeDefinition(qName2);
        for (PrismPropertyValue prismPropertyValue : findAttribute.getValues()) {
            ResourceAttribute instantiate = findAttributeDefinition.instantiate();
            instantiate.add(prismPropertyValue.clone());
            PrismContainerValue createNewValue = prismContainer.createNewValue();
            createNewValue.asContainerable().setName(name);
            ResourceAttributeContainer resourceAttributeContainer2 = new ResourceAttributeContainer(ShadowAssociationType.F_IDENTIFIERS, refinedObjectClassDefinition2.toResourceAttributeContainerDefinition(), this.prismContext);
            createNewValue.add(resourceAttributeContainer2);
            resourceAttributeContainer2.add(instantiate);
        }
    }

    private <S extends ShadowType, T> void postProcessEntitlementEntitlementToSubject(ProvisioningContext provisioningContext, final PrismObject<S> prismObject, RefinedAssociationDefinition refinedAssociationDefinition, ProvisioningContext provisioningContext2, ResourceAttributeContainer resourceAttributeContainer, final PrismContainer<ShadowAssociationType> prismContainer, OperationResult operationResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException {
        ResourceType resource = provisioningContext.getResource();
        final QName name = refinedAssociationDefinition.getName();
        final RefinedObjectClassDefinition objectClassDefinition = provisioningContext2.getObjectClassDefinition();
        if (name == null) {
            throw new SchemaException("No name in entitlement association " + refinedAssociationDefinition + " in " + resource);
        }
        QName auxiliaryObjectClass = refinedAssociationDefinition.getAuxiliaryObjectClass();
        if (auxiliaryObjectClass != null && auxiliaryObjectClass.getNamespaceURI() != null && !auxiliaryObjectClass.getNamespaceURI().equals(ResourceTypeUtil.getResourceNamespace(resource))) {
            LOGGER.warn("Auxiliary object class {} in association {} does not have namespace that matches {}", new Object[]{auxiliaryObjectClass, refinedAssociationDefinition.getName(), resource});
        }
        if (auxiliaryObjectClass != null && !provisioningContext.getObjectClassDefinition().hasAuxiliaryObjectClass(auxiliaryObjectClass)) {
            LOGGER.trace("Ignoring association {} because subject does not have auxiliary object class {}, it has {}", new Object[]{name, auxiliaryObjectClass, provisioningContext.getObjectClassDefinition().getAuxiliaryObjectClassDefinitions()});
            return;
        }
        QName associationAttribute = refinedAssociationDefinition.getResourceObjectAssociationType().getAssociationAttribute();
        if (associationAttribute == null) {
            throw new SchemaException("No association attribute defined in entitlement association '" + name + "' in " + resource);
        }
        RefinedAttributeDefinition findAttributeDefinition = objectClassDefinition.findAttributeDefinition(associationAttribute);
        if (findAttributeDefinition == null) {
            throw new SchemaException("Association attribute '" + associationAttribute + "'defined in entitlement association '" + name + "' was not found in schema for " + resource);
        }
        QName valueAttribute = refinedAssociationDefinition.getResourceObjectAssociationType().getValueAttribute();
        if (valueAttribute == null) {
            throw new SchemaException("No value attribute defined in entitlement association '" + name + "' in " + resource);
        }
        ResourceAttribute findAttribute = resourceAttributeContainer.findAttribute(valueAttribute);
        if (findAttribute == null || findAttribute.isEmpty()) {
            LOGGER.trace("Ignoring association {} because subject does not have any value in attribute {}", name, valueAttribute);
            return;
        }
        if (findAttribute.size() > 1) {
            throw new SchemaException("Value attribute " + valueAttribute + " has no more than one value; attribute defined in entitlement association '" + name + "' in " + resource);
        }
        ObjectQuery createQuery = createQuery(refinedAssociationDefinition, findAttributeDefinition, findAttribute);
        AttributesToReturn createAttributesToReturn = ProvisioningUtil.createAttributesToReturn(provisioningContext2);
        SearchHierarchyConstraints searchHierarchyConstraints = null;
        ResourceObjectReferenceType baseContext = objectClassDefinition.getBaseContext();
        if (baseContext != null) {
            PrismObject<ShadowType> resolve = this.resourceObjectReferenceResolver.resolve(provisioningContext, baseContext, null, "base context specification in " + objectClassDefinition, operationResult);
            searchHierarchyConstraints = new SearchHierarchyConstraints(ShadowUtil.getResourceObjectIdentification(resolve, provisioningContext.getRefinedSchema().determineCompositeObjectClassDefinition(resolve)), (SearchHierarchyScope) null);
        }
        ResultHandler<ShadowType> resultHandler = new ResultHandler<ShadowType>() { // from class: com.evolveum.midpoint.provisioning.impl.EntitlementConverter.1
            @Override // com.evolveum.midpoint.provisioning.ucf.api.ResultHandler
            public boolean handle(PrismObject<ShadowType> prismObject2) {
                PrismContainerValue createNewValue = prismContainer.createNewValue();
                createNewValue.asContainerable().setName(name);
                Collection identifiers = ShadowUtil.getIdentifiers(prismObject2);
                try {
                    ResourceAttributeContainer resourceAttributeContainer2 = new ResourceAttributeContainer(ShadowAssociationType.F_IDENTIFIERS, objectClassDefinition.toResourceAttributeContainerDefinition(), EntitlementConverter.this.prismContext);
                    createNewValue.add(resourceAttributeContainer2);
                    resourceAttributeContainer2.getValue().addAll(ResourceAttribute.cloneCollection(identifiers));
                    resourceAttributeContainer2.setUserData(ResourceObjectConverter.FULL_SHADOW_KEY, prismObject2);
                    if (!EntitlementConverter.LOGGER.isTraceEnabled()) {
                        return true;
                    }
                    EntitlementConverter.LOGGER.trace("Processed entitlement-to-subject association for account {} and entitlement {}", ShadowUtil.getHumanReadableName(prismObject), ShadowUtil.getHumanReadableName(prismObject2));
                    return true;
                } catch (SchemaException e) {
                    throw new TunnelException(e);
                }
            }
        };
        ConnectorInstance connector = provisioningContext.getConnector(operationResult);
        try {
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("Processed entitlement-to-subject association for account {}: query {}", ShadowUtil.getHumanReadableName(prismObject), createQuery);
            }
            try {
                connector.search(objectClassDefinition, createQuery, resultHandler, createAttributesToReturn, null, searchHierarchyConstraints, provisioningContext, operationResult);
            } catch (GenericFrameworkException e) {
                throw new GenericConnectorException("Generic error in the connector " + connector + ". Reason: " + e.getMessage(), e);
            }
        } catch (TunnelException e2) {
            throw e2.getCause();
        }
    }

    private <TV, TA> ObjectQuery createQuery(RefinedAssociationDefinition refinedAssociationDefinition, RefinedAttributeDefinition<TA> refinedAttributeDefinition, ResourceAttribute<TV> resourceAttribute) throws SchemaException {
        MatchingRule matchingRule = this.matchingRuleRegistry.getMatchingRule(refinedAssociationDefinition.getResourceObjectAssociationType().getMatchingRule(), refinedAttributeDefinition.getTypeName());
        PrismPropertyValue convertPropertyValue = PrismUtil.convertPropertyValue(resourceAttribute.getValue(0), resourceAttribute.getDefinition(), refinedAttributeDefinition);
        PrismPropertyValue prismPropertyValue = convertPropertyValue;
        if (matchingRule != null) {
            prismPropertyValue = new PrismPropertyValue(matchingRule.normalize(convertPropertyValue.getValue()));
        }
        LOGGER.trace("Converted entitlement filter: {} ({}) def={}", new Object[]{prismPropertyValue, prismPropertyValue.getValue().getClass(), refinedAttributeDefinition});
        ObjectQuery createObjectQuery = ObjectQuery.createObjectQuery(EqualFilter.createEqual(new ItemPath(new QName[]{ShadowType.F_ATTRIBUTES, refinedAttributeDefinition.getName()}), refinedAttributeDefinition, prismPropertyValue));
        createObjectQuery.setAllowPartialResults(true);
        return createObjectQuery;
    }

    public void processEntitlementsAdd(ProvisioningContext provisioningContext, PrismObject<ShadowType> prismObject) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException {
        PrismContainer findContainer = prismObject.findContainer(ShadowType.F_ASSOCIATION);
        if (findContainer == null || findContainer.isEmpty()) {
            return;
        }
        HashMap hashMap = new HashMap();
        collectEntitlementToAttrsDelta(provisioningContext, hashMap, findContainer.getValues(), ModificationType.ADD);
        Iterator<PropertyModificationOperation> it = hashMap.values().iterator();
        while (it.hasNext()) {
            it.next().getPropertyDelta().applyTo(prismObject);
        }
    }

    public <T> PrismObject<ShadowType> collectEntitlementsAsObjectOperationInShadowAdd(ProvisioningContext provisioningContext, Map<ResourceObjectDiscriminator, ResourceObjectOperations> map, PrismObject<ShadowType> prismObject, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, SecurityViolationException, ConfigurationException {
        PrismContainer findContainer = prismObject.findContainer(ShadowType.F_ASSOCIATION);
        return (findContainer == null || findContainer.isEmpty()) ? prismObject : collectEntitlementsAsObjectOperation(provisioningContext, map, findContainer.getValues(), null, prismObject, ModificationType.ADD, operationResult);
    }

    public void collectEntitlementChange(ProvisioningContext provisioningContext, ContainerDelta<ShadowAssociationType> containerDelta, Collection<Operation> collection) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException {
        HashMap hashMap = new HashMap();
        collectEntitlementToAttrsDelta(provisioningContext, hashMap, containerDelta.getValuesToAdd(), ModificationType.ADD);
        collectEntitlementToAttrsDelta(provisioningContext, hashMap, containerDelta.getValuesToDelete(), ModificationType.DELETE);
        collectEntitlementToAttrsDelta(provisioningContext, hashMap, containerDelta.getValuesToReplace(), ModificationType.REPLACE);
        collection.addAll(hashMap.values());
    }

    public <T> PrismObject<ShadowType> collectEntitlementsAsObjectOperation(ProvisioningContext provisioningContext, Map<ResourceObjectDiscriminator, ResourceObjectOperations> map, ContainerDelta<ShadowAssociationType> containerDelta, PrismObject<ShadowType> prismObject, PrismObject<ShadowType> prismObject2, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, SecurityViolationException, ConfigurationException {
        return collectEntitlementsAsObjectOperation(provisioningContext, map, containerDelta.getValuesToReplace(), prismObject, collectEntitlementsAsObjectOperation(provisioningContext, map, containerDelta.getValuesToDelete(), prismObject, collectEntitlementsAsObjectOperation(provisioningContext, map, containerDelta.getValuesToAdd(), prismObject, prismObject2, ModificationType.ADD, operationResult), ModificationType.DELETE, operationResult), ModificationType.REPLACE, operationResult);
    }

    public <T> void collectEntitlementsAsObjectOperationDelete(ProvisioningContext provisioningContext, final Map<ResourceObjectDiscriminator, ResourceObjectOperations> map, PrismObject<ShadowType> prismObject, OperationResult operationResult) throws SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException {
        Collection entitlementAssociations = provisioningContext.getObjectClassDefinition().getEntitlementAssociations();
        if (entitlementAssociations == null || entitlementAssociations.isEmpty()) {
            LOGGER.trace("No associations in deleted shadow");
            return;
        }
        ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(prismObject);
        for (final RefinedAssociationDefinition refinedAssociationDefinition : provisioningContext.getObjectClassDefinition().getEntitlementAssociations()) {
            if (refinedAssociationDefinition.getResourceObjectAssociationType().getDirection() != ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT) {
                LOGGER.trace("Ignoring subject-to-object association in deleted shadow");
            } else if (!refinedAssociationDefinition.requiresExplicitReferentialIntegrity()) {
                LOGGER.trace("Ignoring association in deleted shadow because it does not require explicit referential integrity assurance");
            } else if (refinedAssociationDefinition.getAuxiliaryObjectClass() == null || provisioningContext.getObjectClassDefinition().hasAuxiliaryObjectClass(refinedAssociationDefinition.getAuxiliaryObjectClass())) {
                QName name = refinedAssociationDefinition.getName();
                if (name == null) {
                    throw new SchemaException("No name in entitlement association " + refinedAssociationDefinition + " in " + provisioningContext.getResource());
                }
                Iterator it = refinedAssociationDefinition.getIntents().iterator();
                while (it.hasNext()) {
                    final ProvisioningContext spawn = provisioningContext.spawn(ShadowKindType.ENTITLEMENT, (String) it.next());
                    final RefinedObjectClassDefinition objectClassDefinition = spawn.getObjectClassDefinition();
                    if (objectClassDefinition == null) {
                        throw new SchemaException("No definition for entitlement intent(s) '" + refinedAssociationDefinition.getIntents() + "' defined in entitlement association " + name + " in " + provisioningContext.getResource());
                    }
                    final QName associationAttribute = refinedAssociationDefinition.getResourceObjectAssociationType().getAssociationAttribute();
                    if (associationAttribute == null) {
                        throw new SchemaException("No association attribute defined in entitlement association '" + name + "' in " + provisioningContext.getResource());
                    }
                    final RefinedAttributeDefinition findAttributeDefinition = objectClassDefinition.findAttributeDefinition(associationAttribute);
                    if (findAttributeDefinition == null) {
                        throw new SchemaException("Association attribute '" + associationAttribute + "'defined in entitlement association '" + name + "' was not found in schema for " + provisioningContext.getResource());
                    }
                    QName valueAttribute = refinedAssociationDefinition.getResourceObjectAssociationType().getValueAttribute();
                    if (valueAttribute == null) {
                        throw new SchemaException("No value attribute defined in entitlement association '" + name + "' in " + provisioningContext.getResource());
                    }
                    final ResourceAttribute findAttribute = attributesContainer.findAttribute(valueAttribute);
                    if (findAttribute == null || findAttribute.isEmpty()) {
                        throw new SchemaException("Value attribute " + valueAttribute + " has no value; attribute defined in entitlement association '" + name + "' in " + provisioningContext.getResource());
                    }
                    if (findAttribute.size() > 1) {
                        throw new SchemaException("Value attribute " + valueAttribute + " has no more than one value; attribute defined in entitlement association '" + name + "' in " + provisioningContext.getResource());
                    }
                    ObjectQuery createQuery = createQuery(refinedAssociationDefinition, findAttributeDefinition, findAttribute);
                    AttributesToReturn createAttributesToReturn = ProvisioningUtil.createAttributesToReturn(spawn);
                    SearchHierarchyConstraints searchHierarchyConstraints = null;
                    ResourceObjectReferenceType baseContext = objectClassDefinition.getBaseContext();
                    if (baseContext != null) {
                        PrismObject<ShadowType> resolve = this.resourceObjectReferenceResolver.resolve(provisioningContext, baseContext, null, "base context specification in " + objectClassDefinition, operationResult);
                        searchHierarchyConstraints = new SearchHierarchyConstraints(ShadowUtil.getResourceObjectIdentification(resolve, provisioningContext.getRefinedSchema().determineCompositeObjectClassDefinition(resolve)), (SearchHierarchyScope) null);
                    }
                    ResultHandler<ShadowType> resultHandler = new ResultHandler<ShadowType>() { // from class: com.evolveum.midpoint.provisioning.impl.EntitlementConverter.2
                        @Override // com.evolveum.midpoint.provisioning.ucf.api.ResultHandler
                        public boolean handle(PrismObject<ShadowType> prismObject2) {
                            ResourceObjectDiscriminator resourceObjectDiscriminator = new ResourceObjectDiscriminator(objectClassDefinition.getTypeName(), ShadowUtil.getIdentifiers(prismObject2));
                            ResourceObjectOperations resourceObjectOperations = (ResourceObjectOperations) map.get(resourceObjectDiscriminator);
                            if (resourceObjectOperations == null) {
                                resourceObjectOperations = new ResourceObjectOperations();
                                map.put(resourceObjectDiscriminator, resourceObjectOperations);
                                resourceObjectOperations.setResourceObjectContext(spawn);
                            }
                            PropertyDelta propertyDelta = null;
                            for (Operation operation : resourceObjectOperations.getOperations()) {
                                if (operation instanceof PropertyModificationOperation) {
                                    PropertyModificationOperation propertyModificationOperation = (PropertyModificationOperation) operation;
                                    if (propertyModificationOperation.getPropertyDelta().getElementName().equals(associationAttribute)) {
                                        propertyDelta = propertyModificationOperation.getPropertyDelta();
                                    }
                                }
                            }
                            if (propertyDelta == null) {
                                propertyDelta = findAttributeDefinition.createEmptyDelta(new ItemPath(new QName[]{ShadowType.F_ATTRIBUTES, associationAttribute}));
                                PropertyModificationOperation propertyModificationOperation2 = new PropertyModificationOperation(propertyDelta);
                                propertyModificationOperation2.setMatchingRuleQName(refinedAssociationDefinition.getMatchingRule());
                                resourceObjectOperations.getOperations().add(propertyModificationOperation2);
                            }
                            propertyDelta.addValuesToDelete(findAttribute.getClonedValues());
                            EntitlementConverter.LOGGER.trace("Association in deleted shadow delta: {}", propertyDelta);
                            return true;
                        }
                    };
                    try {
                        LOGGER.trace("Searching for associations in deleted shadow, query: {}", createQuery);
                        provisioningContext.getConnector(operationResult).search(objectClassDefinition, createQuery, resultHandler, createAttributesToReturn, null, searchHierarchyConstraints, provisioningContext, operationResult);
                    } catch (TunnelException e) {
                        throw e.getCause();
                    } catch (GenericFrameworkException e2) {
                        throw new GenericConnectorException(e2.getMessage(), e2);
                    }
                }
            } else {
                LOGGER.trace("Ignoring association in deleted shadow because subject does not have {} auxiliary object class", refinedAssociationDefinition.getAuxiliaryObjectClass());
            }
        }
    }

    private <T> void collectEntitlementToAttrsDelta(ProvisioningContext provisioningContext, Map<QName, PropertyModificationOperation> map, Collection<PrismContainerValue<ShadowAssociationType>> collection, ModificationType modificationType) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException {
        if (collection == null) {
            return;
        }
        Iterator<PrismContainerValue<ShadowAssociationType>> it = collection.iterator();
        while (it.hasNext()) {
            collectEntitlementToAttrDelta(provisioningContext, map, it.next(), modificationType);
        }
    }

    private <T> void collectEntitlementToAttrDelta(ProvisioningContext provisioningContext, Map<QName, PropertyModificationOperation> map, PrismContainerValue<ShadowAssociationType> prismContainerValue, ModificationType modificationType) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException {
        RefinedObjectClassDefinition objectClassDefinition = provisioningContext.getObjectClassDefinition();
        QName name = prismContainerValue.asContainerable().getName();
        if (name == null) {
            throw new SchemaException("No name in entitlement association " + prismContainerValue);
        }
        RefinedAssociationDefinition findEntitlementAssociation = objectClassDefinition.findEntitlementAssociation(name);
        if (findEntitlementAssociation == null) {
            throw new SchemaException("No entitlement association with name " + name + " in schema of " + provisioningContext.getResource());
        }
        if (findEntitlementAssociation.getResourceObjectAssociationType().getDirection() != ResourceObjectAssociationDirectionType.SUBJECT_TO_OBJECT) {
            return;
        }
        QName associationAttribute = findEntitlementAssociation.getResourceObjectAssociationType().getAssociationAttribute();
        if (associationAttribute == null) {
            throw new SchemaException("No association attribute definied in entitlement association '" + name + "' in " + provisioningContext.getResource());
        }
        RefinedAttributeDefinition findAttributeDefinition = objectClassDefinition.findAttributeDefinition(associationAttribute);
        if (findAttributeDefinition == null) {
            throw new SchemaException("Association attribute '" + associationAttribute + "'definied in entitlement association '" + name + "' was not found in schema for " + provisioningContext.getResource());
        }
        PropertyModificationOperation propertyModificationOperation = map.get(associationAttribute);
        if (propertyModificationOperation == null) {
            propertyModificationOperation = new PropertyModificationOperation(findAttributeDefinition.createEmptyDelta(new ItemPath(new QName[]{ShadowType.F_ATTRIBUTES, associationAttribute})));
            propertyModificationOperation.setMatchingRuleQName(findEntitlementAssociation.getMatchingRule());
            map.put(associationAttribute, propertyModificationOperation);
        }
        QName valueAttribute = findEntitlementAssociation.getResourceObjectAssociationType().getValueAttribute();
        if (valueAttribute == null) {
            throw new SchemaException("No value attribute defined in entitlement association '" + name + "' in " + provisioningContext.getResource());
        }
        PrismProperty findProperty = ShadowUtil.getAttributesContainer(prismContainerValue, ShadowAssociationType.F_IDENTIFIERS).findProperty(valueAttribute);
        if (findProperty == null) {
            throw new SchemaException("No value attribute " + valueAttribute + " present in entitlement association '" + name + "' in shadow for " + provisioningContext.getResource());
        }
        if (modificationType == ModificationType.ADD) {
            propertyModificationOperation.getPropertyDelta().addValuesToAdd(findProperty.getClonedValues());
        } else if (modificationType == ModificationType.DELETE) {
            propertyModificationOperation.getPropertyDelta().addValuesToDelete(findProperty.getClonedValues());
        } else if (modificationType == ModificationType.REPLACE) {
            propertyModificationOperation.getPropertyDelta().setValuesToReplace(findProperty.getClonedValues());
        }
    }

    private <T> PrismObject<ShadowType> collectEntitlementsAsObjectOperation(ProvisioningContext provisioningContext, Map<ResourceObjectDiscriminator, ResourceObjectOperations> map, Collection<PrismContainerValue<ShadowAssociationType>> collection, PrismObject<ShadowType> prismObject, PrismObject<ShadowType> prismObject2, ModificationType modificationType, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, SecurityViolationException, ConfigurationException {
        if (collection == null) {
            return prismObject2;
        }
        Iterator<PrismContainerValue<ShadowAssociationType>> it = collection.iterator();
        while (it.hasNext()) {
            prismObject2 = collectEntitlementAsObjectOperation(provisioningContext, map, it.next(), prismObject, prismObject2, modificationType, operationResult);
        }
        return prismObject2;
    }

    private <TV, TA> PrismObject<ShadowType> collectEntitlementAsObjectOperation(ProvisioningContext provisioningContext, Map<ResourceObjectDiscriminator, ResourceObjectOperations> map, PrismContainerValue<ShadowAssociationType> prismContainerValue, PrismObject<ShadowType> prismObject, PrismObject<ShadowType> prismObject2, ModificationType modificationType, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, SecurityViolationException, ConfigurationException {
        ResourceType resource = provisioningContext.getResource();
        QName name = prismContainerValue.asContainerable().getName();
        if (name == null) {
            throw new SchemaException("No name in entitlement association " + prismContainerValue);
        }
        RefinedAssociationDefinition findEntitlementAssociation = provisioningContext.getObjectClassDefinition().findEntitlementAssociation(name);
        if (findEntitlementAssociation == null) {
            throw new SchemaException("No entitlement association with name " + findEntitlementAssociation + " in schema of " + resource);
        }
        if (findEntitlementAssociation.getResourceObjectAssociationType().getDirection() != ResourceObjectAssociationDirectionType.OBJECT_TO_SUBJECT) {
            return prismObject2;
        }
        Collection<String> intents = findEntitlementAssociation.getIntents();
        if (intents == null || intents.isEmpty()) {
            throw new SchemaException("No entitlement intent specified in association " + prismContainerValue + " in " + resource);
        }
        for (String str : intents) {
            ProvisioningContext spawn = provisioningContext.spawn(ShadowKindType.ENTITLEMENT, str);
            RefinedObjectClassDefinition objectClassDefinition = spawn.getObjectClassDefinition();
            if (objectClassDefinition == null) {
                throw new SchemaException("No definition of entitlement intent(s) '" + intents + "' specified in association " + prismContainerValue + " in " + resource);
            }
            QName associationAttribute = findEntitlementAssociation.getResourceObjectAssociationType().getAssociationAttribute();
            if (associationAttribute == null) {
                throw new SchemaException("No association attribute defined in entitlement association in " + resource);
            }
            RefinedAttributeDefinition findAttributeDefinition = objectClassDefinition.findAttributeDefinition(associationAttribute);
            if (findAttributeDefinition == null) {
                throw new SchemaException("Association attribute '" + associationAttribute + "'defined in entitlement association was not found in entitlement intent(s) '" + intents + "' in schema for " + resource);
            }
            Collection<? extends ResourceAttribute<?>> attributes = ShadowUtil.getAttributesContainer(prismContainerValue, ShadowAssociationType.F_IDENTIFIERS).getAttributes();
            ResourceObjectDiscriminator resourceObjectDiscriminator = new ResourceObjectDiscriminator(objectClassDefinition.getTypeName(), attributes);
            ResourceObjectOperations resourceObjectOperations = map.get(resourceObjectDiscriminator);
            if (resourceObjectOperations == null) {
                resourceObjectOperations = new ResourceObjectOperations();
                resourceObjectOperations.setResourceObjectContext(spawn);
                map.put(resourceObjectDiscriminator, resourceObjectOperations);
            }
            QName valueAttribute = findEntitlementAssociation.getResourceObjectAssociationType().getValueAttribute();
            if (valueAttribute == null) {
                throw new SchemaException("No value attribute defined in entitlement association in " + resource);
            }
            PrismObject<ShadowType> prismObject3 = modificationType != ModificationType.DELETE ? prismObject2 : findEntitlementAssociation.requiresExplicitReferentialIntegrity() ? prismObject : prismObject2;
            ResourceAttribute attribute = ShadowUtil.getAttribute(prismObject3, valueAttribute);
            if (attribute == null) {
                if (!ShadowUtil.isFullShadow(prismObject3)) {
                    Collection<? extends ResourceAttribute<?>> identifiers = ShadowUtil.getIdentifiers(prismObject3);
                    LOGGER.trace("Fetching {} ({})", prismObject3, identifiers);
                    prismObject3 = this.resourceObjectReferenceResolver.fetchResourceObject(provisioningContext, identifiers, null, operationResult);
                    prismObject2 = prismObject3;
                    attribute = ShadowUtil.getAttribute(prismObject3, valueAttribute);
                }
                if (attribute == null) {
                    LOGGER.error("No value attribute {} in shadow\n{}", valueAttribute, prismObject3.debugDump());
                    throw new SchemaException("No value attribute " + valueAttribute + " in " + prismObject3);
                }
            }
            PropertyDelta propertyDelta = null;
            for (Operation operation : resourceObjectOperations.getOperations()) {
                if (operation instanceof PropertyModificationOperation) {
                    PropertyModificationOperation propertyModificationOperation = (PropertyModificationOperation) operation;
                    if (propertyModificationOperation.getPropertyDelta().getElementName().equals(associationAttribute)) {
                        propertyDelta = propertyModificationOperation.getPropertyDelta();
                    }
                }
            }
            if (propertyDelta == null) {
                propertyDelta = findAttributeDefinition.createEmptyDelta(new ItemPath(new QName[]{ShadowType.F_ATTRIBUTES, associationAttribute}));
            }
            PrismProperty convertProperty = PrismUtil.convertProperty(attribute, findAttributeDefinition);
            if (modificationType == ModificationType.ADD) {
                propertyDelta.addValuesToAdd(convertProperty.getClonedValues());
            } else if (modificationType == ModificationType.DELETE) {
                propertyDelta.addValuesToDelete(convertProperty.getClonedValues());
            } else if (modificationType == ModificationType.REPLACE) {
                propertyDelta.setValuesToReplace(convertProperty.getClonedValues());
            }
            if (ResourceTypeUtil.isAvoidDuplicateValues(resource)) {
                PrismObject<ShadowType> currentShadow = resourceObjectOperations.getCurrentShadow();
                if (currentShadow == null) {
                    LOGGER.trace("Fetching entitlement shadow {} to avoid value duplication (intent={})", attributes, str);
                    currentShadow = this.resourceObjectReferenceResolver.fetchResourceObject(spawn, attributes, null, operationResult);
                    resourceObjectOperations.setCurrentShadow(currentShadow);
                }
                PropertyDelta narrowPropertyDelta = ProvisioningUtil.narrowPropertyDelta(propertyDelta, currentShadow, findEntitlementAssociation.getMatchingRule(), this.matchingRuleRegistry);
                if (LOGGER.isTraceEnabled() && (narrowPropertyDelta == null || narrowPropertyDelta.isEmpty())) {
                    LOGGER.trace("Not collecting entitlement object operations ({}) association {}: attribute delta is empty after narrow, orig delta: {}", new Object[]{modificationType, name.getLocalPart(), propertyDelta});
                }
                propertyDelta = narrowPropertyDelta;
            }
            if (propertyDelta != null && !propertyDelta.isEmpty()) {
                PropertyModificationOperation propertyModificationOperation2 = new PropertyModificationOperation(propertyDelta);
                propertyModificationOperation2.setMatchingRuleQName(findEntitlementAssociation.getMatchingRule());
                LOGGER.trace("Collecting entitlement object operations ({}) association {}: {}", new Object[]{modificationType, name.getLocalPart(), propertyModificationOperation2});
                resourceObjectOperations.getOperations().add(propertyModificationOperation2);
            }
        }
        return prismObject2;
    }
}
