package com.evolveum.midpoint.provisioning.impl;

import com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition;
import com.evolveum.midpoint.prism.PrismContainer;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.query.AndFilter;
import com.evolveum.midpoint.prism.query.EqualFilter;
import com.evolveum.midpoint.prism.query.ObjectFilter;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.prism.query.OrFilter;
import com.evolveum.midpoint.prism.query.RefFilter;
import com.evolveum.midpoint.provisioning.api.ConstraintViolationConfirmer;
import com.evolveum.midpoint.provisioning.api.ConstraintsCheckingResult;
import com.evolveum.midpoint.provisioning.api.ProvisioningService;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.ResourceShadowDiscriminator;
import com.evolveum.midpoint.schema.SearchResultList;
import com.evolveum.midpoint.schema.SelectorOptions;
import com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.caching.AbstractCache;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.xml.namespace.QName;

/* loaded from: input_file:com/evolveum/midpoint/provisioning/impl/ConstraintsChecker.class */
public class ConstraintsChecker {
    private static final Trace LOGGER = TraceManager.getTrace(ConstraintsChecker.class);
    private static final Trace PERFORMANCE_ADVISOR = TraceManager.getPerformanceAdvisorTrace();
    private static ThreadLocal<Cache> cacheThreadLocal = new ThreadLocal<>();
    private PrismContext prismContext;
    private RepositoryService cacheRepositoryService;
    private ProvisioningService provisioningService;
    private StringBuilder messageBuilder = new StringBuilder();
    private RefinedObjectClassDefinition shadowDefinition;
    private PrismObject<ShadowType> shadowObject;
    private ResourceType resourceType;
    private String shadowOid;
    private ResourceShadowDiscriminator resourceShadowDiscriminator;
    private ConstraintViolationConfirmer constraintViolationConfirmer;
    private ConstraintsCheckingResult constraintsCheckingResult;

    /* loaded from: input_file:com/evolveum/midpoint/provisioning/impl/ConstraintsChecker$Cache.class */
    public static class Cache extends AbstractCache {
        private Set<Situation> conflictFreeSituations = new HashSet();

        /* JADX INFO: Access modifiers changed from: private */
        public static boolean isOk(String str, String str2, QName qName, QName qName2, List list) {
            return isOk(new Situation(str, str2, qName, qName2, getRealValuesSet(list)));
        }

        public static boolean isOk(Situation situation) {
            if (situation.attributeValues == null) {
                return false;
            }
            Cache cache = getCache();
            if (cache == null) {
                ConstraintsChecker.log("Cache NULL for {}", situation);
                return false;
            }
            if (cache.conflictFreeSituations.contains(situation)) {
                ConstraintsChecker.log("Cache HIT for {}", situation);
                return true;
            }
            ConstraintsChecker.log("Cache MISS for {}", situation);
            return false;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void setOk(String str, String str2, QName qName, QName qName2, List list) {
            setOk(new Situation(str, str2, qName, qName2, getRealValuesSet(list)));
        }

        private static Set getRealValuesSet(List list) {
            HashSet hashSet = new HashSet();
            for (Object obj : list) {
                if (obj != null) {
                    if (!(obj instanceof PrismPropertyValue)) {
                        ConstraintsChecker.LOGGER.warn("Unsupported attribute value: {}", obj);
                        return null;
                    }
                    hashSet.add(((PrismPropertyValue) obj).getValue());
                }
            }
            return hashSet;
        }

        public static void setOk(Situation situation) {
            Cache cache = getCache();
            if (cache != null) {
                cache.conflictFreeSituations.add(situation);
            }
        }

        private static Cache getCache() {
            return (Cache) ConstraintsChecker.cacheThreadLocal.get();
        }

        public static void remove(PolyStringType polyStringType) {
            Cache cache = getCache();
            if (polyStringType == null || cache == null) {
                return;
            }
            ConstraintsChecker.log("Cache REMOVE for {}", polyStringType);
            cache.conflictFreeSituations.remove(polyStringType.getOrig());
        }

        public String description() {
            return "conflict-free situations: " + this.conflictFreeSituations;
        }

        static /* synthetic */ Cache access$200() {
            return getCache();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/evolveum/midpoint/provisioning/impl/ConstraintsChecker$Situation.class */
    public static class Situation {
        String resourceOid;
        String knownShadowOid;
        QName objectClassName;
        QName attributeName;
        Set attributeValues;

        public Situation(String str, String str2, QName qName, QName qName2, Set set) {
            this.resourceOid = str;
            this.knownShadowOid = str2;
            this.objectClassName = qName;
            this.attributeName = qName2;
            this.attributeValues = set;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            Situation situation = (Situation) obj;
            if (!this.attributeName.equals(situation.attributeName)) {
                return false;
            }
            if (this.attributeValues != null) {
                if (!this.attributeValues.equals(situation.attributeValues)) {
                    return false;
                }
            } else if (situation.attributeValues != null) {
                return false;
            }
            if (this.knownShadowOid != null) {
                if (!this.knownShadowOid.equals(situation.knownShadowOid)) {
                    return false;
                }
            } else if (situation.knownShadowOid != null) {
                return false;
            }
            if (this.objectClassName != null) {
                if (!this.objectClassName.equals(situation.objectClassName)) {
                    return false;
                }
            } else if (situation.objectClassName != null) {
                return false;
            }
            return this.resourceOid.equals(situation.resourceOid);
        }

        public int hashCode() {
            return (31 * ((31 * ((31 * ((31 * this.resourceOid.hashCode()) + (this.knownShadowOid != null ? this.knownShadowOid.hashCode() : 0))) + (this.objectClassName != null ? this.objectClassName.hashCode() : 0))) + this.attributeName.hashCode())) + (this.attributeValues != null ? this.attributeValues.hashCode() : 0);
        }

        public String toString() {
            return "Situation{resourceOid='" + this.resourceOid + "', knownShadowOid='" + this.knownShadowOid + "', objectClassName=" + this.objectClassName + ", attributeName=" + this.attributeName + ", attributeValues=" + this.attributeValues + '}';
        }
    }

    public PrismContext getPrismContext() {
        return this.prismContext;
    }

    public void setPrismContext(PrismContext prismContext) {
        this.prismContext = prismContext;
    }

    public void setCacheRepositoryService(RepositoryService repositoryService) {
        this.cacheRepositoryService = repositoryService;
    }

    public void setProvisioningService(ProvisioningService provisioningService) {
        this.provisioningService = provisioningService;
    }

    public void setShadowDefinition(RefinedObjectClassDefinition refinedObjectClassDefinition) {
        this.shadowDefinition = refinedObjectClassDefinition;
    }

    public void setShadowObject(PrismObject<ShadowType> prismObject) {
        this.shadowObject = prismObject;
    }

    public void setResourceType(ResourceType resourceType) {
        this.resourceType = resourceType;
    }

    public void setShadowOid(String str) {
        this.shadowOid = str;
    }

    public void setResourceShadowDiscriminator(ResourceShadowDiscriminator resourceShadowDiscriminator) {
        this.resourceShadowDiscriminator = resourceShadowDiscriminator;
    }

    public void setConstraintViolationConfirmer(ConstraintViolationConfirmer constraintViolationConfirmer) {
        this.constraintViolationConfirmer = constraintViolationConfirmer;
    }

    public ConstraintsCheckingResult check(Task task, OperationResult operationResult) throws SchemaException, ObjectAlreadyExistsException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        this.constraintsCheckingResult = new ConstraintsCheckingResult();
        this.constraintsCheckingResult.setSatisfiesConstraints(true);
        PrismContainer findContainer = this.shadowObject.findContainer(ShadowType.F_ATTRIBUTES);
        if (findContainer == null) {
            LOGGER.trace("Current shadow does not contain attributes, skipping checking uniqueness.");
            return this.constraintsCheckingResult;
        }
        Collection<ResourceAttributeDefinition> unionExtends = MiscUtil.unionExtends(new Collection[]{this.shadowDefinition.getPrimaryIdentifiers(), this.shadowDefinition.getSecondaryIdentifiers()});
        LOGGER.trace("Secondary IDs {}", this.shadowDefinition.getSecondaryIdentifiers());
        for (ResourceAttributeDefinition resourceAttributeDefinition : unionExtends) {
            PrismProperty findProperty = findContainer.findProperty(resourceAttributeDefinition.getName());
            LOGGER.trace("Attempt to check uniqueness of {} (def {})", findProperty, resourceAttributeDefinition);
            if (findProperty != null) {
                this.constraintsCheckingResult.getCheckedAttributes().add(findProperty.getElementName());
                if (!checkAttributeUniqueness(findProperty, this.shadowDefinition, this.resourceType, this.shadowOid, task, operationResult)) {
                    LOGGER.debug("Attribute {} conflicts with existing object (in {})", findProperty, this.resourceShadowDiscriminator);
                    this.constraintsCheckingResult.getConflictingAttributes().add(findProperty.getElementName());
                    this.constraintsCheckingResult.setSatisfiesConstraints(false);
                }
            }
        }
        this.constraintsCheckingResult.setMessages(this.messageBuilder.toString());
        return this.constraintsCheckingResult;
    }

    private boolean checkAttributeUniqueness(PrismProperty prismProperty, RefinedObjectClassDefinition refinedObjectClassDefinition, ResourceType resourceType, String str, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        List values = prismProperty.getValues();
        if (values.isEmpty()) {
            throw new SchemaException("Empty identifier " + prismProperty + " while checking uniqueness of " + str + " (" + resourceType + ")");
        }
        return checkUniqueness(str, prismProperty, ObjectQuery.createObjectQuery(AndFilter.createAnd(new ObjectFilter[]{RefFilter.createReferenceEqual(ShadowType.F_RESOURCE_REF, ShadowType.class, this.prismContext, new String[]{resourceType.getOid()}), EqualFilter.createEqual(ShadowType.F_OBJECT_CLASS, ShadowType.class, this.prismContext, refinedObjectClassDefinition.getTypeName()), EqualFilter.createEqual(new ItemPath(new QName[]{ShadowType.F_ATTRIBUTES, prismProperty.getDefinition().getName()}), prismProperty.getDefinition(), PrismPropertyValue.cloneCollection(values)), OrFilter.createOr(new ObjectFilter[]{EqualFilter.createEqual(ShadowType.F_DEAD, ShadowType.class, this.prismContext, false), EqualFilter.createEqual(ShadowType.F_DEAD, ShadowType.class, this.prismContext, (Object) null)})})), task, operationResult);
    }

    private boolean checkUniqueness(String str, PrismProperty prismProperty, ObjectQuery objectQuery, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException {
        if (Cache.isOk(this.resourceType.getOid(), str, this.shadowDefinition.getTypeName(), prismProperty.getDefinition().getName(), prismProperty.getValues())) {
            return true;
        }
        SearchResultList searchObjects = this.provisioningService.searchObjects(ShadowType.class, objectQuery, SelectorOptions.createCollection(GetOperationOptions.createNoFetch()), task, operationResult);
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Uniqueness check of {} resulted in {} results, using query:\n{}", new Object[]{prismProperty, Integer.valueOf(searchObjects.size()), objectQuery.debugDump()});
        }
        if (searchObjects.isEmpty()) {
            Cache.setOk(this.resourceType.getOid(), str, this.shadowDefinition.getTypeName(), prismProperty.getDefinition().getName(), prismProperty.getValues());
            return true;
        }
        if (searchObjects.size() > 1) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Found {} objects with attribute {}", Integer.valueOf(searchObjects.size()), prismProperty.toHumanReadableString());
                Iterator it = searchObjects.iterator();
                while (it.hasNext()) {
                    LOGGER.debug("Conflicting object:\n{}", ((PrismObject) it.next()).debugDump());
                }
            }
            message("Found more than one object with attribute " + prismProperty.toHumanReadableString());
            return false;
        }
        LOGGER.trace("Comparing {} and {}", ((PrismObject) searchObjects.get(0)).getOid(), str);
        if (((PrismObject) searchObjects.get(0)).getOid().equals(str)) {
            Cache.setOk(this.resourceType.getOid(), str, this.shadowDefinition.getTypeName(), prismProperty.getDefinition().getName(), prismProperty.getValues());
            return true;
        }
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Found conflicting existing object with attribute " + prismProperty.toHumanReadableString() + ":\n" + ((PrismObject) searchObjects.get(0)).debugDump());
        }
        message("Found conflicting existing object with attribute " + prismProperty.toHumanReadableString() + ": " + searchObjects.get(0));
        boolean z = !this.constraintViolationConfirmer.confirmViolation(((PrismObject) searchObjects.get(0)).getOid());
        this.constraintsCheckingResult.setConflictingShadow((PrismObject) searchObjects.get(0));
        return z;
    }

    private void message(String str) {
        if (this.messageBuilder.length() != 0) {
            this.messageBuilder.append(", ");
        }
        this.messageBuilder.append(str);
    }

    public static void enterCache() {
        Cache.enter(cacheThreadLocal, Cache.class, LOGGER);
    }

    public static void exitCache() {
        Cache.exit(cacheThreadLocal, LOGGER);
    }

    public static <T extends ShadowType> void onShadowAddOperation(T t) {
        Cache access$200 = Cache.access$200();
        if (access$200 != null) {
            log("Clearing cache on shadow add operation", new Object[0]);
            access$200.conflictFreeSituations.clear();
        }
    }

    public static void onShadowModifyOperation(Collection<? extends ItemDelta> collection) {
        Cache access$200 = Cache.access$200();
        if (access$200 == null) {
            return;
        }
        ItemPath itemPath = new ItemPath(new QName[]{ShadowType.F_ATTRIBUTES});
        Iterator<? extends ItemDelta> it = collection.iterator();
        while (it.hasNext()) {
            if (itemPath.isSubPathOrEquivalent(it.next().getParentPath())) {
                log("Clearing cache on shadow attribute modify operation", new Object[0]);
                access$200.conflictFreeSituations.clear();
                return;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void log(String str, Object... objArr) {
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace(str, objArr);
        }
        if (PERFORMANCE_ADVISOR.isTraceEnabled()) {
            PERFORMANCE_ADVISOR.trace(str, objArr);
        }
    }
}
