package com.evolveum.midpoint.provisioning.impl;

import com.evolveum.midpoint.common.crypto.CryptoUtil;
import com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition;
import com.evolveum.midpoint.prism.Objectable;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismObjectDefinition;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.ItemDeltaCollectionsUtil;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.query.NoneFilter;
import com.evolveum.midpoint.prism.query.ObjectFilter;
import com.evolveum.midpoint.prism.query.ObjectPaging;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.provisioning.api.ConstraintViolationConfirmer;
import com.evolveum.midpoint.provisioning.api.ConstraintsCheckingResult;
import com.evolveum.midpoint.provisioning.api.GenericConnectorException;
import com.evolveum.midpoint.provisioning.api.ItemComparisonResult;
import com.evolveum.midpoint.provisioning.api.ProvisioningOperationOptions;
import com.evolveum.midpoint.provisioning.api.ProvisioningService;
import com.evolveum.midpoint.provisioning.impl.sync.AsyncUpdater;
import com.evolveum.midpoint.provisioning.impl.sync.LiveSynchronizer;
import com.evolveum.midpoint.provisioning.impl.sync.SynchronizationOperationResult;
import com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException;
import com.evolveum.midpoint.provisioning.util.ProvisioningUtil;
import com.evolveum.midpoint.repo.api.RepoAddOptions;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.repo.api.SystemConfigurationChangeDispatcher;
import com.evolveum.midpoint.repo.api.SystemConfigurationChangeListener;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.LabeledString;
import com.evolveum.midpoint.schema.ProvisioningDiag;
import com.evolveum.midpoint.schema.ResourceShadowDiscriminator;
import com.evolveum.midpoint.schema.ResultHandler;
import com.evolveum.midpoint.schema.SearchResultList;
import com.evolveum.midpoint.schema.SearchResultMetadata;
import com.evolveum.midpoint.schema.SelectorOptions;
import com.evolveum.midpoint.schema.cache.CacheConfigurationManager;
import com.evolveum.midpoint.schema.cache.CacheType;
import com.evolveum.midpoint.schema.constants.ConnectorTestOperation;
import com.evolveum.midpoint.schema.internals.InternalsConfig;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.statistics.ConnectorOperationalStatus;
import com.evolveum.midpoint.schema.util.ObjectQueryUtil;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.schema.util.SchemaDebugUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AsyncUpdateListeningActivityInformationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ConnectorHostType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ConnectorType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ConstraintsCheckingStrategyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationProvisioningScriptsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ProvisioningScriptType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TaskPartitionDefinitionType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import javax.xml.namespace.QName;
import org.apache.commons.lang.Validate;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Primary;
import org.springframework.stereotype.Service;

@Service("provisioningService")
@Primary
/* loaded from: input_file:com/evolveum/midpoint/provisioning/impl/ProvisioningServiceImpl.class */
public class ProvisioningServiceImpl implements ProvisioningService, SystemConfigurationChangeListener {

    @Autowired
    ShadowCache shadowCache;

    @Autowired
    ResourceManager resourceManager;

    @Autowired
    ConnectorManager connectorManager;

    @Autowired
    ProvisioningContextFactory ctxFactory;

    @Autowired
    PrismContext prismContext;

    @Autowired
    CacheConfigurationManager cacheConfigurationManager;

    @Autowired
    private SystemConfigurationChangeDispatcher systemConfigurationChangeDispatcher;

    @Autowired
    private LiveSynchronizer liveSynchronizer;

    @Autowired
    private AsyncUpdater asyncUpdater;

    @Autowired
    @Qualifier("cacheRepositoryService")
    private RepositoryService cacheRepositoryService;
    private PrismObjectDefinition<ShadowType> resourceObjectShadowDefinition;
    private SystemConfigurationType systemConfiguration;
    private static final String DETAILS_CONNECTOR_FRAMEWORK_VERSION = "ConnId framework version";
    private static final String OPERATION_REFRESH_SHADOW = ProvisioningServiceImpl.class.getName() + ".refreshShadow";
    private static final Trace LOGGER = TraceManager.getTrace(ProvisioningServiceImpl.class);

    public RepositoryService getCacheRepositoryService() {
        return this.cacheRepositoryService;
    }

    public void setCacheRepositoryService(RepositoryService repositoryService) {
        this.cacheRepositoryService = repositoryService;
    }

    public <T extends ObjectType> PrismObject<T> getObject(Class<T> cls, String str, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        PrismObject<ResourceType> shadow;
        Validate.notNull(str, "Oid of object to get must not be null.");
        Validate.notNull(operationResult, "Operation result must not be null.");
        OperationResult createMinorSubresult = operationResult.createMinorSubresult(ProvisioningService.class.getName() + ".getObject");
        createMinorSubresult.addParam("oid", str);
        createMinorSubresult.addParam("type", cls);
        createMinorSubresult.addArbitraryObjectCollectionAsParam("options", collection);
        createMinorSubresult.addContext("implementationClass", ProvisioningServiceImpl.class);
        GetOperationOptions getOperationOptions = (GetOperationOptions) SelectorOptions.findRootOptions(collection);
        if (!ResourceType.class.isAssignableFrom(cls)) {
            PrismObject<ResourceType> repoObject = getRepoObject(cls, str, collection, createMinorSubresult);
            LOGGER.trace("Retrieved repository object:\n{}", repoObject.debugDumpLazily());
            if (repoObject.canRepresent(ShadowType.class)) {
                try {
                    shadow = this.shadowCache.getShadow(str, repoObject, collection, task, createMinorSubresult);
                } catch (ObjectNotFoundException e) {
                    if (GetOperationOptions.isAllowNotFound(getOperationOptions)) {
                        createMinorSubresult.muteLastSubresultError();
                        createMinorSubresult.computeStatus();
                    } else {
                        ProvisioningUtil.recordFatalError(LOGGER, createMinorSubresult, "Error getting object OID=" + str + ": " + e.getMessage(), e);
                    }
                    throw e;
                } catch (EncryptionException e2) {
                    ProvisioningUtil.recordFatalError(LOGGER, createMinorSubresult, "Error getting object OID=" + str + ": " + e2.getMessage(), e2);
                    throw new SystemException(e2);
                } catch (CommunicationException | SchemaException | ConfigurationException | SecurityViolationException | Error | RuntimeException e3) {
                    ProvisioningUtil.recordFatalError(LOGGER, createMinorSubresult, "Error getting object OID=" + str + ": " + e3.getMessage(), e3);
                    throw e3;
                }
            } else {
                shadow = repoObject;
            }
        } else if (GetOperationOptions.isRaw(getOperationOptions)) {
            try {
                shadow = this.cacheRepositoryService.getObject(ResourceType.class, str, collection, createMinorSubresult);
                try {
                    applyDefinition(shadow, task, createMinorSubresult);
                } catch (ConfigurationException e4) {
                    createMinorSubresult.muteLastSubresultError();
                    ProvisioningUtil.logWarning(LOGGER, createMinorSubresult, "Configuration problem:  " + e4.getMessage(), e4);
                } catch (ObjectNotFoundException e5) {
                    createMinorSubresult.muteLastSubresultError();
                    ProvisioningUtil.logWarning(LOGGER, createMinorSubresult, "Bad connector reference defined for resource:  " + e5.getMessage(), e5);
                } catch (SchemaException e6) {
                    createMinorSubresult.muteLastSubresultError();
                    ProvisioningUtil.logWarning(LOGGER, createMinorSubresult, "Schema violation:  " + e6.getMessage(), e6);
                }
            } catch (ObjectNotFoundException | SchemaException e7) {
                createMinorSubresult.recordFatalError(e7);
                throw e7;
            }
        } else {
            try {
                shadow = this.resourceManager.getResource(str, (GetOperationOptions) SelectorOptions.findRootOptions(collection), task, createMinorSubresult);
            } catch (ConfigurationException e8) {
                ProvisioningUtil.recordFatalError(LOGGER, createMinorSubresult, "Bad resource configuration", e8);
                throw e8;
            } catch (SchemaException e9) {
                ProvisioningUtil.recordFatalError(LOGGER, createMinorSubresult, "Schema violation", e9);
                throw e9;
            } catch (ObjectNotFoundException e10) {
                ProvisioningUtil.recordFatalError(LOGGER, createMinorSubresult, "Resource object not found", e10);
                throw e10;
            } catch (ExpressionEvaluationException e11) {
                ProvisioningUtil.recordFatalError(LOGGER, createMinorSubresult, "Expression error", e11);
                throw e11;
            } catch (CommunicationException e12) {
                ProvisioningUtil.recordFatalError(LOGGER, createMinorSubresult, "Error communicating with resource", e12);
                throw e12;
            }
        }
        createMinorSubresult.computeStatusIfUnknown();
        if (!GetOperationOptions.isRaw(getOperationOptions)) {
            shadow = shadow.cloneIfImmutable();
            shadow.asObjectable().setFetchResult(createMinorSubresult.createOperationResultType());
        }
        createMinorSubresult.cleanupResult();
        return shadow;
    }

    public <T extends ObjectType> String addObject(PrismObject<T> prismObject, OperationProvisioningScriptsType operationProvisioningScriptsType, ProvisioningOperationOptions provisioningOperationOptions, Task task, OperationResult operationResult) throws ObjectAlreadyExistsException, SchemaException, CommunicationException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException {
        String addShadow;
        Validate.notNull(prismObject, "Object to add must not be null.");
        Validate.notNull(operationResult, "Operation result must not be null.");
        if (InternalsConfig.encryptionChecks) {
            CryptoUtil.checkEncrypted(prismObject);
        }
        OperationResult createSubresult = operationResult.createSubresult(ProvisioningService.class.getName() + ".addObject");
        createSubresult.addParam("object", prismObject);
        createSubresult.addArbitraryObjectAsParam("scripts", operationProvisioningScriptsType);
        createSubresult.addContext("implementationClass", ProvisioningServiceImpl.class);
        if (prismObject.canRepresent(ShadowType.class)) {
            try {
                addShadow = this.shadowCache.addShadow(prismObject, operationProvisioningScriptsType, null, provisioningOperationOptions, task, createSubresult);
                LOGGER.trace("Added shadow object {}", addShadow);
                createSubresult.computeStatusIfUnknown();
            } catch (SchemaException | ConfigurationException | SecurityViolationException | PolicyViolationException | ExpressionEvaluationException | Error | RuntimeException e) {
                ProvisioningUtil.recordFatalError(LOGGER, createSubresult, null, e);
                throw e;
            } catch (GenericFrameworkException e2) {
                ProvisioningUtil.recordFatalError(LOGGER, createSubresult, "Couldn't add object " + prismObject + ". Reason: " + e2.getMessage(), e2);
                throw new ConfigurationException(e2.getMessage(), e2);
            } catch (EncryptionException e3) {
                ProvisioningUtil.recordFatalError(LOGGER, createSubresult, null, e3);
                throw new SystemException(e3.getMessage(), e3);
            } catch (ObjectAlreadyExistsException e4) {
                createSubresult.computeStatus();
                if (createSubresult.isSuccess() || createSubresult.isHandledError()) {
                    createSubresult.recordSuccess();
                } else {
                    ProvisioningUtil.recordFatalError(LOGGER, createSubresult, "Couldn't add object. Object already exist: " + e4.getMessage(), e4);
                }
                createSubresult.cleanupResult(e4);
                throw new ObjectAlreadyExistsException("Couldn't add object. Object already exists: " + e4.getMessage(), e4);
            }
        } else {
            RepoAddOptions repoAddOptions = null;
            if (ProvisioningOperationOptions.isOverwrite(provisioningOperationOptions)) {
                repoAddOptions = RepoAddOptions.createOverwrite();
            }
            try {
                try {
                    addShadow = this.cacheRepositoryService.addObject(prismObject, repoAddOptions, createSubresult);
                    createSubresult.computeStatusIfUnknown();
                } finally {
                }
            } catch (Throwable th) {
                createSubresult.computeStatusIfUnknown();
                throw th;
            }
        }
        createSubresult.cleanupResult();
        return addShadow;
    }

    public int synchronize(ResourceShadowDiscriminator resourceShadowDiscriminator, Task task, TaskPartitionDefinitionType taskPartitionDefinitionType, OperationResult operationResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, PolicyViolationException {
        Validate.notNull(resourceShadowDiscriminator, "Coordinates oid must not be null.");
        String resourceOid = resourceShadowDiscriminator.getResourceOid();
        Validate.notNull(resourceOid, "Resource oid must not be null.");
        Validate.notNull(task, "Task must not be null.");
        Validate.notNull(operationResult, "Operation result must not be null.");
        OperationResult createSubresult = operationResult.createSubresult(ProvisioningService.class.getName() + ".synchronize");
        createSubresult.addParam("oid", resourceOid);
        createSubresult.addParam("task", task.toString());
        try {
            PrismObject object = getObject(ResourceType.class, resourceOid, null, task, createSubresult);
            LOGGER.trace("Start synchronization of resource {} ", object.asObjectable());
            SynchronizationOperationResult synchronize = this.liveSynchronizer.synchronize(resourceShadowDiscriminator, task, taskPartitionDefinitionType, createSubresult);
            LOGGER.debug("Synchronization of {} done, result: {}", object, synchronize);
            if (synchronize.isHaltingErrorEncountered()) {
                createSubresult.recordPartialError("Object could not be processed and 'retryLiveSyncErrors' is true");
            } else if (synchronize.getErrors() > 0) {
                createSubresult.recordPartialError("Errors while processing: " + synchronize.getErrors() + " out of " + synchronize.getChangesProcessed());
            } else {
                createSubresult.recordSuccess();
            }
            createSubresult.cleanupResult();
            return synchronize.getChangesProcessed();
        } catch (ObjectAlreadyExistsException e) {
            ProvisioningUtil.recordFatalError(LOGGER, createSubresult, null, e);
            createSubresult.summarize(true);
            throw new SystemException(e);
        } catch (GenericFrameworkException e2) {
            ProvisioningUtil.recordFatalError(LOGGER, createSubresult, "Synchronization error: generic connector framework error: " + e2.getMessage(), e2);
            createSubresult.summarize(true);
            throw new GenericConnectorException(e2.getMessage(), e2);
        } catch (ObjectNotFoundException | CommunicationException | SchemaException | SecurityViolationException | ConfigurationException | ExpressionEvaluationException | Error | RuntimeException e3) {
            ProvisioningUtil.recordFatalError(LOGGER, createSubresult, null, e3);
            createSubresult.summarize(true);
            throw e3;
        }
    }

    public String startListeningForAsyncUpdates(@NotNull ResourceShadowDiscriminator resourceShadowDiscriminator, @NotNull Task task, @NotNull OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        String resourceOid = resourceShadowDiscriminator.getResourceOid();
        Validate.notNull(resourceOid, "Resource oid must not be null.");
        OperationResult createSubresult = operationResult.createSubresult(ProvisioningService.class.getName() + ".startListeningForAsyncUpdates");
        createSubresult.addParam("oid", resourceOid);
        createSubresult.addParam("task", task.toString());
        try {
            LOGGER.trace("Starting listening for async updates for {}", resourceShadowDiscriminator);
            String startListeningForAsyncUpdates = this.asyncUpdater.startListeningForAsyncUpdates(resourceShadowDiscriminator, task, createSubresult);
            createSubresult.addReturn("listeningActivityHandle", startListeningForAsyncUpdates);
            createSubresult.recordSuccess();
            createSubresult.cleanupResult();
            return startListeningForAsyncUpdates;
        } catch (ObjectNotFoundException | CommunicationException | SchemaException | ConfigurationException | ExpressionEvaluationException | Error | RuntimeException e) {
            ProvisioningUtil.recordFatalError(LOGGER, createSubresult, null, e);
            createSubresult.summarize(true);
            throw e;
        }
    }

    public void stopListeningForAsyncUpdates(@NotNull String str, Task task, OperationResult operationResult) {
        OperationResult createSubresult = operationResult.createSubresult(ProvisioningService.class.getName() + ".stopListeningForAsyncUpdates");
        createSubresult.addParam("listeningActivityHandle", str);
        try {
            LOGGER.trace("Stopping listening for async updates for {}", str);
            this.asyncUpdater.stopListeningForAsyncUpdates(str, task, createSubresult);
            createSubresult.recordSuccess();
            createSubresult.cleanupResult();
        } catch (Error | RuntimeException e) {
            ProvisioningUtil.recordFatalError(LOGGER, createSubresult, null, e);
            createSubresult.summarize(true);
            throw e;
        }
    }

    public AsyncUpdateListeningActivityInformationType getAsyncUpdatesListeningActivityInformation(@NotNull String str, Task task, OperationResult operationResult) {
        OperationResult createSubresult = operationResult.createSubresult(ProvisioningService.class.getName() + ".getAsyncUpdatesListeningActivityInformation");
        createSubresult.addParam("listeningActivityHandle", str);
        try {
            AsyncUpdateListeningActivityInformationType asyncUpdatesListeningActivityInformation = this.asyncUpdater.getAsyncUpdatesListeningActivityInformation(str, task, createSubresult);
            createSubresult.recordSuccess();
            createSubresult.cleanupResult();
            return asyncUpdatesListeningActivityInformation;
        } catch (Error | RuntimeException e) {
            ProvisioningUtil.recordFatalError(LOGGER, createSubresult, null, e);
            createSubresult.summarize(true);
            throw e;
        }
    }

    @NotNull
    public <T extends ObjectType> SearchResultList<PrismObject<T>> searchObjects(Class<T> cls, ObjectQuery objectQuery, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        SearchResultList<PrismObject<T>> searchObjects;
        OperationResult createSubresult = operationResult.createSubresult(ProvisioningService.class.getName() + ".searchObjects");
        createSubresult.addParam("objectType", cls);
        createSubresult.addParam("query", objectQuery);
        createSubresult.addContext("implementationClass", ProvisioningServiceImpl.class);
        LOGGER.trace("Start of (non-iterative) search objects. Query:\n{}", objectQuery != null ? objectQuery.debugDumpLazily(1) : "  (null)");
        ObjectQuery simplifyQueryFilter = simplifyQueryFilter(objectQuery);
        ObjectFilter filter = simplifyQueryFilter != null ? simplifyQueryFilter.getFilter() : null;
        if (InternalsConfig.consistencyChecks && filter != null) {
            filter.checkConsistence(false);
        }
        if (filter instanceof NoneFilter) {
            createSubresult.recordSuccessIfUnknown();
            createSubresult.cleanupResult();
            SearchResultMetadata searchResultMetadata = new SearchResultMetadata();
            searchResultMetadata.setApproxNumberOfAllResults(0);
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("Finished searching. Nothing to do. Filter is NONE. Metadata: {}", searchResultMetadata.shortDump());
            }
            SearchResultList<PrismObject<T>> searchResultList = new SearchResultList<>(new ArrayList());
            searchResultList.setMetadata(searchResultMetadata);
            return searchResultList;
        }
        if (ShadowType.class.isAssignableFrom(cls)) {
            try {
                searchObjects = this.shadowCache.searchObjects(simplifyQueryFilter, collection, task, createSubresult);
            } catch (Throwable th) {
                ProvisioningUtil.recordFatalError(LOGGER, createSubresult, "Could not search objects: " + th.getMessage(), th);
                throw th;
            }
        } else {
            searchObjects = searchRepoObjects(cls, simplifyQueryFilter, collection, task, createSubresult);
        }
        createSubresult.computeStatus();
        createSubresult.cleanupResult();
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Finished searching. Metadata: {}", DebugUtil.shortDump(searchObjects.getMetadata()));
        }
        return searchObjects;
    }

    @NotNull
    private <T extends ObjectType> SearchResultList<PrismObject<T>> searchRepoObjects(Class<T> cls, ObjectQuery objectQuery, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws SchemaException {
        SearchResultList<PrismObject<T>> searchObjects = getCacheRepositoryService().searchObjects(cls, objectQuery, GetOperationOptions.isReadOnly((GetOperationOptions) SelectorOptions.findRootOptions(collection)) ? SelectorOptions.createCollection(GetOperationOptions.createReadOnly()) : null, operationResult);
        SearchResultList<PrismObject<T>> searchResultList = new SearchResultList<>(new ArrayList());
        for (PrismObject<T> prismObject : searchObjects) {
            OperationResult operationResult2 = new OperationResult(ProvisioningService.class.getName() + ".searchObjects.object");
            try {
                PrismObject<T> completeObject = completeObject(cls, prismObject, collection, task, operationResult2);
                operationResult2.computeStatusIfUnknown();
                if (!operationResult2.isSuccess()) {
                    completeObject.asObjectable().setFetchResult(operationResult2.createOperationResultType());
                    operationResult.addSubresult(operationResult2);
                }
                searchResultList.add(completeObject);
            } catch (ObjectNotFoundException | SchemaException | CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
                LOGGER.error("Error while completing {}: {}-{}. Using non-complete object.", new Object[]{prismObject, e.getMessage(), e});
                operationResult2.recordFatalError(e);
                prismObject.asObjectable().setFetchResult(operationResult2.createOperationResultType());
                searchResultList.add(prismObject);
                operationResult.addSubresult(operationResult2);
                operationResult.recordPartialError(e);
            } catch (RuntimeException e2) {
                LOGGER.error("System error while completing {}: {}-{}. Using non-complete object.", new Object[]{prismObject, e2.getMessage(), e2});
                operationResult2.recordFatalError(e2);
                prismObject.asObjectable().setFetchResult(operationResult2.createOperationResultType());
                searchResultList.add(prismObject);
                operationResult.addSubresult(operationResult2);
                operationResult.recordPartialError(e2);
            }
        }
        return searchResultList;
    }

    private <T extends ObjectType> PrismObject<T> completeObject(Class<T> cls, PrismObject<T> prismObject, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        if (ResourceType.class.equals(cls)) {
            return this.resourceManager.getResource((PrismObject<ResourceType>) prismObject, (GetOperationOptions) SelectorOptions.findRootOptions(collection), task, operationResult);
        }
        if (ShadowType.class.equals(cls)) {
            throw new IllegalStateException("BOOOM!");
        }
        return prismObject;
    }

    public <T extends ObjectType> Integer countObjects(Class<T> cls, ObjectQuery objectQuery, Collection<SelectorOptions<GetOperationOptions>> collection, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        OperationResult createMinorSubresult = operationResult.createMinorSubresult(ProvisioningService.class.getName() + ".countObjects");
        createMinorSubresult.addParam("objectType", cls);
        createMinorSubresult.addParam("query", objectQuery);
        createMinorSubresult.addContext("implementationClass", ProvisioningServiceImpl.class);
        ObjectQuery simplifyQueryFilter = simplifyQueryFilter(objectQuery);
        ObjectFilter filter = simplifyQueryFilter != null ? simplifyQueryFilter.getFilter() : null;
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Start of counting objects. Query:\n{}", simplifyQueryFilter != null ? simplifyQueryFilter.debugDump(1) : "  (null)");
        }
        if (filter != null && (filter instanceof NoneFilter)) {
            createMinorSubresult.recordSuccessIfUnknown();
            createMinorSubresult.cleanupResult();
            LOGGER.trace("Finished counting. Nothing to do. Filter is NONE");
            return 0;
        }
        GetOperationOptions getOperationOptions = (GetOperationOptions) SelectorOptions.findRootOptions(collection);
        if (ShadowType.class.isAssignableFrom(cls) && !GetOperationOptions.isNoFetch(getOperationOptions)) {
            try {
                if (!GetOperationOptions.isRaw(getOperationOptions)) {
                    try {
                        Integer countObjects = this.shadowCache.countObjects(simplifyQueryFilter, task, createMinorSubresult);
                        createMinorSubresult.computeStatus();
                        createMinorSubresult.cleanupResult();
                        if (LOGGER.isTraceEnabled()) {
                            LOGGER.trace("Finished counting objects: {}", countObjects);
                        }
                        return countObjects;
                    } catch (ConfigurationException | CommunicationException | ObjectNotFoundException | SchemaException | ExpressionEvaluationException | Error | RuntimeException e) {
                        ProvisioningUtil.recordFatalError(LOGGER, createMinorSubresult, null, e);
                        throw e;
                    }
                }
            } catch (Throwable th) {
                createMinorSubresult.cleanupResult();
                throw th;
            }
        }
        int countObjects2 = getCacheRepositoryService().countObjects(cls, simplifyQueryFilter, collection, operationResult);
        createMinorSubresult.computeStatus();
        createMinorSubresult.recordSuccessIfUnknown();
        createMinorSubresult.cleanupResult();
        return Integer.valueOf(countObjects2);
    }

    public <T extends ObjectType> String modifyObject(Class<T> cls, String str, Collection<? extends ItemDelta> collection, OperationProvisioningScriptsType operationProvisioningScriptsType, ProvisioningOperationOptions provisioningOperationOptions, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException {
        Validate.notNull(str, "OID must not be null.");
        Validate.notNull(collection, "Modifications must not be null.");
        Validate.notNull(operationResult, "Operation result must not be null.");
        if (InternalsConfig.encryptionChecks) {
            CryptoUtil.checkEncrypted(collection);
        }
        if (InternalsConfig.consistencyChecks) {
            ItemDeltaCollectionsUtil.checkConsistence(collection);
        }
        OperationResult createSubresult = operationResult.createSubresult(ProvisioningService.class.getName() + ".modifyObject");
        createSubresult.addArbitraryObjectCollectionAsParam("modifications", collection);
        createSubresult.addParam("oid", str);
        createSubresult.addArbitraryObjectAsParam("scripts", operationProvisioningScriptsType);
        createSubresult.addArbitraryObjectAsParam("options", provisioningOperationOptions);
        createSubresult.addContext("implementationClass", ProvisioningServiceImpl.class);
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("modifyObject: object modifications:\n{}", DebugUtil.debugDump(collection));
        }
        PrismObject<ShadowType> repoObject = getRepoObject(cls, str, null, createSubresult);
        LOGGER.trace("modifyObject: object to modify (repository):\n{}.", repoObject.debugDumpLazily());
        try {
            if (ShadowType.class.isAssignableFrom(cls)) {
                str = this.shadowCache.modifyShadow(repoObject, collection, operationProvisioningScriptsType, provisioningOperationOptions, task, createSubresult);
            } else {
                this.cacheRepositoryService.modifyObject(cls, str, collection, createSubresult);
            }
            if (!createSubresult.isInProgress()) {
                createSubresult.computeStatus();
            }
            createSubresult.cleanupResult();
            return str;
        } catch (CommunicationException | SchemaException | ObjectNotFoundException | ConfigurationException | SecurityViolationException | PolicyViolationException | ExpressionEvaluationException | Error | RuntimeException e) {
            ProvisioningUtil.recordFatalError(LOGGER, createSubresult, null, e);
            throw e;
        } catch (GenericFrameworkException e2) {
            ProvisioningUtil.recordFatalError(LOGGER, createSubresult, null, e2);
            throw new CommunicationException(e2.getMessage(), e2);
        } catch (ObjectAlreadyExistsException e3) {
            ProvisioningUtil.recordFatalError(LOGGER, createSubresult, "Couldn't modify object: object after modification would conflict with another existing object: " + e3.getMessage(), e3);
            throw e3;
        } catch (EncryptionException e4) {
            ProvisioningUtil.recordFatalError(LOGGER, createSubresult, null, e4);
            throw new SystemException(e4.getMessage(), e4);
        }
    }

    public <T extends ObjectType> PrismObject<T> deleteObject(Class<T> cls, String str, ProvisioningOperationOptions provisioningOperationOptions, OperationProvisioningScriptsType operationProvisioningScriptsType, Task task, OperationResult operationResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException {
        Validate.notNull(str, "Oid of object to delete must not be null.");
        Validate.notNull(operationResult, "Operation result must not be null.");
        LOGGER.trace("Start to delete object with oid {}", str);
        OperationResult createSubresult = operationResult.createSubresult(ProvisioningService.class.getName() + ".deleteObject");
        createSubresult.addParam("oid", str);
        createSubresult.addArbitraryObjectAsParam("scripts", operationProvisioningScriptsType);
        createSubresult.addContext("implementationClass", ProvisioningServiceImpl.class);
        PrismObject<ShadowType> repoObject = getRepoObject(cls, str, null, createSubresult);
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Object from repository to delete:\n{}", repoObject.debugDump(1));
        }
        PrismObject<ShadowType> prismObject = null;
        if (repoObject.canRepresent(ShadowType.class) && !ProvisioningOperationOptions.isRaw(provisioningOperationOptions)) {
            try {
                prismObject = this.shadowCache.deleteShadow(repoObject, provisioningOperationOptions, operationProvisioningScriptsType, task, createSubresult);
            } catch (ExpressionEvaluationException e) {
                ProvisioningUtil.recordFatalError(LOGGER, createSubresult, "Couldn't delete object: expression errror: " + e.getMessage(), e);
                throw e;
            } catch (SecurityViolationException e2) {
                ProvisioningUtil.recordFatalError(LOGGER, createSubresult, "Couldn't delete object: security violation: " + e2.getMessage(), e2);
                throw e2;
            } catch (SchemaException e3) {
                ProvisioningUtil.recordFatalError(LOGGER, createSubresult, "Couldn't delete object: schema problem: " + e3.getMessage(), e3);
                throw new SchemaException(e3.getMessage(), e3);
            } catch (PolicyViolationException | Error | RuntimeException e4) {
                ProvisioningUtil.recordFatalError(LOGGER, createSubresult, "Couldn't delete object: " + e4.getMessage(), e4);
                throw e4;
            } catch (GenericFrameworkException e5) {
                ProvisioningUtil.recordFatalError(LOGGER, createSubresult, "Couldn't delete object: generic error in the connector: " + e5.getMessage(), e5);
                throw new CommunicationException(e5.getMessage(), e5);
            } catch (CommunicationException e6) {
                ProvisioningUtil.recordFatalError(LOGGER, createSubresult, "Couldn't delete object: communication problem: " + e6.getMessage(), e6);
                throw new CommunicationException(e6.getMessage(), e6);
            } catch (ConfigurationException e7) {
                ProvisioningUtil.recordFatalError(LOGGER, createSubresult, "Couldn't delete object: configuration problem: " + e7.getMessage(), e7);
                throw e7;
            }
        } else if (repoObject.canRepresent(ResourceType.class)) {
            this.resourceManager.deleteResource(str, provisioningOperationOptions, task, createSubresult);
        } else {
            try {
                getCacheRepositoryService().deleteObject(cls, str, createSubresult);
            } catch (ObjectNotFoundException e8) {
                createSubresult.recordFatalError(e8);
                createSubresult.cleanupResult(e8);
                throw e8;
            }
        }
        LOGGER.trace("Finished deleting object.");
        if (!createSubresult.isInProgress()) {
            createSubresult.computeStatus();
        }
        createSubresult.cleanupResult();
        return prismObject;
    }

    public <T extends ObjectType> Object executeScript(String str, ProvisioningScriptType provisioningScriptType, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException {
        Validate.notNull(str, "Oid of object for script execution must not be null.");
        Validate.notNull(operationResult, "Operation result must not be null.");
        OperationResult createSubresult = operationResult.createSubresult(ProvisioningService.class.getName() + ".executeScript");
        createSubresult.addParam("oid", str);
        createSubresult.addArbitraryObjectAsParam("script", provisioningScriptType);
        createSubresult.addContext("implementationClass", ProvisioningServiceImpl.class);
        try {
            Object executeScript = this.resourceManager.executeScript(str, provisioningScriptType, task, createSubresult);
            createSubresult.computeStatus();
            createSubresult.cleanupResult();
            return executeScript;
        } catch (CommunicationException | SchemaException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException | Error | RuntimeException e) {
            ProvisioningUtil.recordFatalError(LOGGER, createSubresult, null, e);
            throw e;
        }
    }

    public OperationResult testResource(String str, Task task) throws ObjectNotFoundException {
        Validate.notNull(str, "Resource OID to test is null.");
        LOGGER.trace("Start testing resource with oid {} ", str);
        OperationResult operationResult = new OperationResult(ConnectorTestOperation.TEST_CONNECTION.getOperation());
        operationResult.addParam("resourceOid", str);
        operationResult.addContext("implementationClass", ProvisioningServiceImpl.class);
        try {
            PrismObject<ResourceType> repoObject = getRepoObject(ResourceType.class, str, null, operationResult);
            this.resourceManager.testConnection(repoObject, task, operationResult);
            operationResult.computeStatus("Test resource has failed");
            LOGGER.debug("Finished testing {}, result: {} ", repoObject, operationResult.getStatus());
            return operationResult;
        } catch (SchemaException e) {
            throw new IllegalArgumentException(e.getMessage(), e);
        }
    }

    @Deprecated
    public List<PrismObject<? extends ShadowType>> listResourceObjects(String str, QName qName, ObjectPaging objectPaging, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        OperationResult createSubresult = operationResult.createSubresult(ProvisioningService.class.getName() + ".listResourceObjects");
        createSubresult.addParam("resourceOid", str);
        createSubresult.addParam("objectClass", qName);
        createSubresult.addArbitraryObjectAsParam("paging", objectPaging);
        createSubresult.addContext("implementationClass", ProvisioningServiceImpl.class);
        if (str == null) {
            throw new IllegalArgumentException("Resource not defined in a search query");
        }
        if (qName == null) {
            throw new IllegalArgumentException("Objectclass not defined in a search query");
        }
        ObjectQuery createResourceAndObjectClassQuery = ObjectQueryUtil.createResourceAndObjectClassQuery(str, qName, this.prismContext);
        ArrayList arrayList = new ArrayList();
        try {
            this.shadowCache.searchObjectsIterative(createResourceAndObjectClassQuery, (Collection<SelectorOptions<GetOperationOptions>>) null, (prismObject, operationResult2) -> {
                LOGGER.trace("listResourceObjects: processing shadow: {}", SchemaDebugUtil.prettyPrintLazily(prismObject));
                arrayList.add(prismObject);
                return true;
            }, false, task, createSubresult);
            createSubresult.cleanupResult();
            return arrayList;
        } catch (SchemaException | ObjectNotFoundException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException | Error | RuntimeException e) {
            createSubresult.recordFatalError(e.getMessage(), e);
            createSubresult.cleanupResult(e);
            throw e;
        }
    }

    public void refreshShadow(PrismObject<ShadowType> prismObject, ProvisioningOperationOptions provisioningOperationOptions, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ObjectAlreadyExistsException, SecurityViolationException, ExpressionEvaluationException {
        Validate.notNull(prismObject, "Shadow for refresh must not be null.");
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_REFRESH_SHADOW);
        LOGGER.debug("Refreshing shadow {}", prismObject);
        try {
            this.shadowCache.refreshShadow(prismObject, provisioningOperationOptions, task, createSubresult);
            createSubresult.computeStatus();
            createSubresult.cleanupResult();
            LOGGER.debug("Finished refreshing shadow {}: {}", prismObject, createSubresult);
        } catch (EncryptionException e) {
            ProvisioningUtil.recordFatalError(LOGGER, createSubresult, null, e);
            throw new SystemException(e.getMessage(), e);
        } catch (CommunicationException | SchemaException | ObjectNotFoundException | ConfigurationException | ExpressionEvaluationException | Error | RuntimeException e2) {
            ProvisioningUtil.recordFatalError(LOGGER, createSubresult, "Couldn't refresh shadow: " + e2.getClass().getSimpleName() + ": " + e2.getMessage(), e2);
            throw e2;
        }
    }

    private <T extends ObjectType> boolean handleRepoObject(Class<T> cls, PrismObject<T> prismObject, Collection<SelectorOptions<GetOperationOptions>> collection, ResultHandler<T> resultHandler, Task task, OperationResult operationResult) {
        PrismObject<T> prismObject2;
        try {
            prismObject2 = completeObject(cls, prismObject, collection, task, operationResult);
        } catch (Throwable th) {
            LOGGER.error("Error while completing {}: {}-{}. Using non-complete object.", new Object[]{prismObject, th.getMessage(), th});
            operationResult.recordFatalError(th);
            prismObject.asObjectable().setFetchResult(operationResult.createOperationResultType());
            prismObject2 = prismObject;
        }
        operationResult.computeStatus();
        operationResult.recordSuccessIfUnknown();
        if (!operationResult.isSuccess()) {
            prismObject2.asObjectable().setFetchResult(operationResult.createOperationResultType());
        }
        return resultHandler.handle(prismObject2, operationResult);
    }

    public <T extends ObjectType> SearchResultMetadata searchObjectsIterative(Class<T> cls, ObjectQuery objectQuery, Collection<SelectorOptions<GetOperationOptions>> collection, ResultHandler<T> resultHandler, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        Validate.notNull(operationResult, "Operation result must not be null.");
        Validate.notNull(resultHandler, "Handler must not be null.");
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Start of (iterative) search objects. Query:\n{}", objectQuery != null ? objectQuery.debugDump(1) : "  (null)");
        }
        OperationResult createSubresult = operationResult.createSubresult(ProvisioningService.class.getName() + ".searchObjectsIterative");
        createSubresult.setSummarizeSuccesses(true);
        createSubresult.setSummarizeErrors(true);
        createSubresult.setSummarizePartialErrors(true);
        createSubresult.addParam("query", objectQuery);
        createSubresult.addContext("implementationClass", ProvisioningServiceImpl.class);
        ObjectQuery simplifyQueryFilter = simplifyQueryFilter(objectQuery);
        ObjectFilter filter = simplifyQueryFilter != null ? simplifyQueryFilter.getFilter() : null;
        if (InternalsConfig.consistencyChecks && filter != null) {
            filter.checkConsistence(false);
        }
        if (filter instanceof NoneFilter) {
            createSubresult.recordSuccessIfUnknown();
            createSubresult.cleanupResult();
            SearchResultMetadata searchResultMetadata = new SearchResultMetadata();
            searchResultMetadata.setApproxNumberOfAllResults(0);
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("Finished searching. Nothing to do. Filter is NONE. Metadata: {}", searchResultMetadata.shortDump());
            }
            return searchResultMetadata;
        }
        GetOperationOptions getOperationOptions = (GetOperationOptions) SelectorOptions.findRootOptions(collection);
        SearchResultMetadata searchResultMetadata2 = null;
        if (ShadowType.class.isAssignableFrom(cls)) {
            try {
                searchResultMetadata2 = this.shadowCache.searchObjectsIterative(simplifyQueryFilter, collection, (ResultHandler<ShadowType>) resultHandler, true, task, createSubresult);
                createSubresult.computeStatus();
                createSubresult.cleanupResult();
            } finally {
                ProvisioningUtil.recordFatalError(LOGGER, createSubresult, null, th);
            }
        } else {
            ResultHandler resultHandler2 = (prismObject, operationResult2) -> {
                return handleRepoObject(cls, prismObject, collection, resultHandler, task, operationResult2);
            };
            Collection collection2 = null;
            if (GetOperationOptions.isReadOnly(getOperationOptions)) {
                collection2 = SelectorOptions.createCollection(GetOperationOptions.createReadOnly());
            }
            try {
                searchResultMetadata2 = getCacheRepositoryService().searchObjectsIterative(cls, simplifyQueryFilter, resultHandler2, collection2, true, createSubresult);
                createSubresult.computeStatus();
                createSubresult.recordSuccessIfUnknown();
                createSubresult.cleanupResult();
            } catch (Throwable th) {
            }
        }
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Finished searching. Metadata: {}", searchResultMetadata2 != null ? searchResultMetadata2.shortDump() : "(null)");
        }
        return searchResultMetadata2;
    }

    private ObjectQuery simplifyQueryFilter(ObjectQuery objectQuery) {
        if (objectQuery == null) {
            return null;
        }
        ObjectFilter simplify = ObjectQueryUtil.simplify(objectQuery.getFilter(), this.prismContext);
        ObjectQuery cloneEmpty = objectQuery.cloneEmpty();
        cloneEmpty.setFilter(simplify);
        return cloneEmpty;
    }

    public Set<ConnectorType> discoverConnectors(ConnectorHostType connectorHostType, OperationResult operationResult) throws CommunicationException {
        OperationResult createSubresult = operationResult.createSubresult(ProvisioningService.class.getName() + ".discoverConnectors");
        createSubresult.addParam("host", connectorHostType);
        createSubresult.addContext("implementationClass", ProvisioningServiceImpl.class);
        try {
            Set<ConnectorType> discoverConnectors = this.connectorManager.discoverConnectors(connectorHostType, createSubresult);
            createSubresult.computeStatus("Connector discovery failed");
            createSubresult.cleanupResult();
            return discoverConnectors;
        } catch (CommunicationException e) {
            ProvisioningUtil.recordFatalError(LOGGER, createSubresult, "Discovery failed: " + e.getMessage(), e);
            throw e;
        }
    }

    public List<ConnectorOperationalStatus> getConnectorOperationalStatus(String str, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        OperationResult createMinorSubresult = operationResult.createMinorSubresult(ProvisioningService.class.getName() + ".getConnectorOperationalStatus");
        createMinorSubresult.addParam("resourceOid", str);
        createMinorSubresult.addContext("implementationClass", ProvisioningServiceImpl.class);
        try {
            try {
                List<ConnectorOperationalStatus> connectorOperationalStatus = this.resourceManager.getConnectorOperationalStatus(this.resourceManager.getResource(str, (GetOperationOptions) null, task, createMinorSubresult), createMinorSubresult);
                createMinorSubresult.computeStatus();
                createMinorSubresult.cleanupResult();
                return connectorOperationalStatus;
            } catch (Throwable th) {
                ProvisioningUtil.recordFatalError(LOGGER, createMinorSubresult, "Getting operations status from connector for resource " + str + " failed: " + th.getMessage(), th);
                throw th;
            }
        } catch (SchemaException | ObjectNotFoundException | ExpressionEvaluationException e) {
            ProvisioningUtil.recordFatalError(LOGGER, createMinorSubresult, e.getMessage(), e);
            throw e;
        }
    }

    public <T extends ObjectType> void applyDefinition(ObjectDelta<T> objectDelta, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        applyDefinition(objectDelta, (Objectable) null, task, operationResult);
    }

    public <T extends ObjectType> void applyDefinition(ObjectDelta<T> objectDelta, Objectable objectable, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        OperationResult createMinorSubresult = operationResult.createMinorSubresult(ProvisioningService.class.getName() + ".applyDefinition");
        createMinorSubresult.addParam("delta", objectDelta);
        createMinorSubresult.addContext("implementationClass", ProvisioningServiceImpl.class);
        try {
            if (ShadowType.class.isAssignableFrom(objectDelta.getObjectTypeClass())) {
                this.shadowCache.applyDefinition(objectDelta, (ShadowType) objectable, createMinorSubresult);
            } else {
                if (!ResourceType.class.isAssignableFrom(objectDelta.getObjectTypeClass())) {
                    throw new IllegalArgumentException("Could not apply definition to deltas for object type: " + objectDelta.getObjectTypeClass());
                }
                this.resourceManager.applyDefinition(objectDelta, (ResourceType) objectable, null, task, createMinorSubresult);
            }
            createMinorSubresult.recordSuccessIfUnknown();
            createMinorSubresult.cleanupResult();
        } catch (Throwable th) {
            ProvisioningUtil.recordFatalError(LOGGER, createMinorSubresult, null, th);
            throw th;
        }
    }

    public <T extends ObjectType> void applyDefinition(PrismObject<T> prismObject, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        OperationResult createMinorSubresult = operationResult.createMinorSubresult(ProvisioningService.class.getName() + ".applyDefinition");
        createMinorSubresult.addParam("object", prismObject);
        createMinorSubresult.addContext("implementationClass", ProvisioningServiceImpl.class);
        try {
            try {
                if (ShadowType.class.isAssignableFrom(prismObject.getCompileTimeClass())) {
                    this.shadowCache.applyDefinition((PrismObject<ShadowType>) prismObject, createMinorSubresult);
                } else {
                    if (!ResourceType.class.isAssignableFrom(prismObject.getCompileTimeClass())) {
                        throw new IllegalArgumentException("Could not apply definition to object type: " + prismObject.getCompileTimeClass());
                    }
                    this.resourceManager.applyDefinition(prismObject, task, createMinorSubresult);
                }
                createMinorSubresult.computeStatus();
                createMinorSubresult.recordSuccessIfUnknown();
                createMinorSubresult.cleanupResult();
            } catch (Throwable th) {
                ProvisioningUtil.recordFatalError(LOGGER, createMinorSubresult, null, th);
                throw th;
            }
        } catch (Throwable th2) {
            createMinorSubresult.cleanupResult();
            throw th2;
        }
    }

    private void setProtectedShadow(PrismObject<ShadowType> prismObject, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        this.shadowCache.setProtectedShadow(prismObject, operationResult);
    }

    public <T extends ObjectType> void applyDefinition(Class<T> cls, ObjectQuery objectQuery, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        OperationResult createMinorSubresult = operationResult.createMinorSubresult(ProvisioningService.class.getName() + ".applyDefinition");
        createMinorSubresult.addParam("type", cls);
        createMinorSubresult.addParam("query", objectQuery);
        createMinorSubresult.addContext("implementationClass", ProvisioningServiceImpl.class);
        try {
            try {
                if (ObjectQueryUtil.hasAllDefinitions(objectQuery)) {
                    createMinorSubresult.recordNotApplicableIfUnknown();
                    createMinorSubresult.cleanupResult();
                    return;
                }
                if (ShadowType.class.isAssignableFrom(cls)) {
                    this.shadowCache.applyDefinition(objectQuery, createMinorSubresult);
                } else {
                    if (!ResourceType.class.isAssignableFrom(cls)) {
                        throw new IllegalArgumentException("Could not apply definition to query for object type: " + cls);
                    }
                    this.resourceManager.applyDefinition(objectQuery, createMinorSubresult);
                }
                createMinorSubresult.computeStatus();
                createMinorSubresult.recordSuccessIfUnknown();
                createMinorSubresult.cleanupResult();
            } catch (Throwable th) {
                ProvisioningUtil.recordFatalError(LOGGER, createMinorSubresult, null, th);
                throw th;
            }
        } catch (Throwable th2) {
            createMinorSubresult.cleanupResult();
            throw th2;
        }
    }

    public void provisioningSelfTest(OperationResult operationResult, Task task) {
        CryptoUtil.securitySelfTest(operationResult);
        this.connectorManager.connectorFrameworkSelfTest(operationResult, task);
    }

    public ProvisioningDiag getProvisioningDiag() {
        ProvisioningDiag provisioningDiag = new ProvisioningDiag();
        String frameworkVersion = this.connectorManager.getFrameworkVersion();
        if (frameworkVersion == null) {
            frameworkVersion = "unknown";
        }
        provisioningDiag.getAdditionalDetails().add(new LabeledString(DETAILS_CONNECTOR_FRAMEWORK_VERSION, frameworkVersion));
        return provisioningDiag;
    }

    public void postInit(OperationResult operationResult) {
        OperationResult createSubresult = operationResult.createSubresult(ProvisioningService.class.getName() + ".initialize");
        createSubresult.addContext("implementationClass", ProvisioningServiceImpl.class);
        Iterator<ConnectorType> it = this.connectorManager.discoverLocalConnectors(createSubresult).iterator();
        while (it.hasNext()) {
            LOGGER.info("Discovered local connector {}", ObjectTypeUtil.toShortString(it.next()));
        }
        createSubresult.computeStatus("Provisioning post-initialization failed");
        createSubresult.cleanupResult();
    }

    @PostConstruct
    public void init() {
        this.systemConfigurationChangeDispatcher.registerListener(this);
    }

    @PreDestroy
    public void shutdown() {
        this.connectorManager.shutdown();
        this.systemConfigurationChangeDispatcher.unregisterListener(this);
    }

    public ConstraintsCheckingResult checkConstraints(RefinedObjectClassDefinition refinedObjectClassDefinition, PrismObject<ShadowType> prismObject, PrismObject<ShadowType> prismObject2, ResourceType resourceType, String str, ResourceShadowDiscriminator resourceShadowDiscriminator, ConstraintViolationConfirmer constraintViolationConfirmer, ConstraintsCheckingStrategyType constraintsCheckingStrategyType, Task task, OperationResult operationResult) throws CommunicationException, SchemaException, SecurityViolationException, ConfigurationException, ObjectNotFoundException, ExpressionEvaluationException {
        OperationResult createSubresult = operationResult.createSubresult(ProvisioningService.class.getName() + ".checkConstraints");
        try {
            try {
                ConstraintsChecker constraintsChecker = new ConstraintsChecker();
                constraintsChecker.setRepositoryService(this.cacheRepositoryService);
                constraintsChecker.setCacheConfigurationManager(this.cacheConfigurationManager);
                constraintsChecker.setShadowCache(this.shadowCache);
                constraintsChecker.setShadowObjectOld(prismObject2);
                constraintsChecker.setPrismContext(this.prismContext);
                ProvisioningContext create = this.ctxFactory.create(prismObject, task, createSubresult);
                create.setObjectClassDefinition(refinedObjectClassDefinition);
                create.setResource(resourceType);
                create.setShadowCoordinates(resourceShadowDiscriminator);
                constraintsChecker.setProvisioningContext(create);
                constraintsChecker.setShadowObject(prismObject);
                constraintsChecker.setShadowOid(str);
                constraintsChecker.setConstraintViolationConfirmer(constraintViolationConfirmer);
                constraintsChecker.setStrategy(constraintsCheckingStrategyType);
                if (constraintsChecker.canSkipChecking()) {
                    ConstraintsCheckingResult createOk = ConstraintsCheckingResult.createOk();
                    createSubresult.computeStatusIfUnknown();
                    return createOk;
                }
                ConstraintsCheckingResult check = constraintsChecker.check(task, createSubresult);
                createSubresult.computeStatusIfUnknown();
                return check;
            } catch (Throwable th) {
                createSubresult.recordFatalError(th);
                throw th;
            }
        } catch (Throwable th2) {
            createSubresult.computeStatusIfUnknown();
            throw th2;
        }
    }

    public void enterConstraintsCheckerCache() {
        ConstraintsChecker.enterCache(this.cacheConfigurationManager.getConfiguration(CacheType.LOCAL_SHADOW_CONSTRAINT_CHECKER_CACHE));
    }

    public void exitConstraintsCheckerCache() {
        ConstraintsChecker.exitCache();
    }

    private PrismObjectDefinition<ShadowType> getResourceObjectShadowDefinition() {
        if (this.resourceObjectShadowDefinition == null) {
            this.resourceObjectShadowDefinition = this.prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ShadowType.class);
        }
        return this.resourceObjectShadowDefinition;
    }

    private <T extends ObjectType> PrismObject<T> getRepoObject(Class<T> cls, String str, Collection<SelectorOptions<GetOperationOptions>> collection, OperationResult operationResult) throws ObjectNotFoundException, SchemaException {
        try {
            return getCacheRepositoryService().getObject(cls, str, collection, operationResult);
        } catch (SchemaException e) {
            ProvisioningUtil.recordFatalError(LOGGER, operationResult, "Can't get object with oid " + str + ". Reason " + e.getMessage(), e);
            throw e;
        } catch (ObjectNotFoundException e2) {
            if (GetOperationOptions.isAllowNotFound((GetOperationOptions) SelectorOptions.findRootOptions(collection))) {
                operationResult.muteLastSubresultError();
                operationResult.computeStatus();
            } else {
                ProvisioningUtil.recordFatalError(LOGGER, operationResult, "Can't get object with oid " + str + ". Reason " + e2.getMessage(), e2);
            }
            throw e2;
        }
    }

    public <O extends ObjectType, T> ItemComparisonResult compare(Class<O> cls, String str, ItemPath itemPath, T t, Task task, OperationResult operationResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, EncryptionException {
        Validate.notNull(str, "Oid of object to get must not be null.");
        Validate.notNull(operationResult, "Operation result must not be null.");
        if (!ShadowType.class.isAssignableFrom(cls)) {
            throw new UnsupportedOperationException("Only shadow compare is supported");
        }
        OperationResult createMinorSubresult = operationResult.createMinorSubresult(ProvisioningService.class.getName() + ".compare");
        createMinorSubresult.addParam("oid", str);
        createMinorSubresult.addParam("type", cls);
        try {
            PrismObject<ShadowType> repoObject = getRepoObject(cls, str, null, createMinorSubresult);
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("Retrieved repository object:\n{}", repoObject.debugDump());
            }
            ItemComparisonResult compare = this.shadowCache.compare(repoObject, itemPath, t, task, createMinorSubresult);
            createMinorSubresult.computeStatus();
            createMinorSubresult.cleanupResult();
            return compare;
        } catch (ObjectNotFoundException | CommunicationException | SchemaException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException | EncryptionException | Error | RuntimeException e) {
            ProvisioningUtil.recordFatalError(LOGGER, createMinorSubresult, null, e);
            throw e;
        }
    }

    public boolean update(@Nullable SystemConfigurationType systemConfigurationType) {
        this.systemConfiguration = systemConfigurationType;
        return true;
    }

    public SystemConfigurationType getSystemConfiguration() {
        return this.systemConfiguration;
    }
}
