package com.evolveum.midpoint.provisioning.impl.shadows.manager;

import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.prism.delta.ContainerDelta;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.provisioning.impl.shadows.ShadowsNormalizationUtil;
import com.evolveum.midpoint.provisioning.util.ProvisioningUtil;
import com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.processor.ResourceObjectDefinition;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.QNameUtil;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CachingStrategyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import javax.xml.namespace.QName;

/* loaded from: input_file:com/evolveum/midpoint/provisioning/impl/shadows/manager/ShadowDeltaComputerRelative.class */
class ShadowDeltaComputerRelative {
    private final ProvisioningContext ctx;
    private final Collection<? extends ItemDelta<?, ?>> allModifications;
    private final Protector protector;
    private ShadowType repoShadow;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ShadowDeltaComputerRelative(ProvisioningContext provisioningContext, ShadowType shadowType, Collection<? extends ItemDelta<?, ?>> collection, Protector protector) {
        this.ctx = provisioningContext;
        this.allModifications = collection;
        this.protector = protector;
        this.repoShadow = shadowType;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<ItemDelta<?, ?>> computeShadowModifications() throws SchemaException, ConfigurationException {
        ResourceObjectDefinition objectDefinitionRequired = this.ctx.getObjectDefinitionRequired();
        CachingStrategyType cachingStrategy = this.ctx.getCachingStrategy();
        ContainerDelta containerDelta = null;
        ItemDelta<?, ?> itemDelta = null;
        ArrayList arrayList = new ArrayList();
        Iterator<? extends ItemDelta<?, ?>> it = this.allModifications.iterator();
        while (it.hasNext()) {
            ContainerDelta containerDelta2 = (ItemDelta) it.next();
            if (ShadowType.F_ATTRIBUTES.equivalent(containerDelta2.getParentPath())) {
                ItemName elementName = containerDelta2.getElementName();
                ItemDelta<?, ?> normalizeAttributeDelta = ShadowsNormalizationUtil.normalizeAttributeDelta((ItemDelta<?, ?>) containerDelta2, objectDefinitionRequired);
                if (isNamingAttribute(elementName, objectDefinitionRequired)) {
                    itemDelta = PrismContext.get().deltaFor(ShadowType.class).item(ShadowType.F_NAME).replace(new Object[]{new PolyString(getNewStringValue(containerDelta2))}).asItemDelta();
                }
                if (objectDefinitionRequired.isPrimaryIdentifier(elementName)) {
                    arrayList.add(PrismContext.get().deltaFor(ShadowType.class).item(ShadowType.F_PRIMARY_IDENTIFIER_VALUE).replace(new Object[]{getNewStringValue(normalizeAttributeDelta)}).asItemDelta());
                }
                if (ProvisioningUtil.shouldStoreAttributeInShadow(objectDefinitionRequired, elementName, cachingStrategy)) {
                    arrayList.add(normalizeAttributeDelta);
                }
            } else if (ShadowType.F_ACTIVATION.equivalent(containerDelta2.getParentPath())) {
                if (ProvisioningUtil.shouldStoreActivationItemInShadow(containerDelta2.getElementName(), cachingStrategy)) {
                    arrayList.add(containerDelta2);
                }
            } else if (ShadowType.F_ACTIVATION.equivalent(containerDelta2.getPath())) {
                ContainerDelta containerDelta3 = containerDelta2;
                Iterator it2 = MiscUtil.emptyIfNull(containerDelta3.getValuesToAdd()).iterator();
                while (it2.hasNext()) {
                    ProvisioningUtil.cleanupShadowActivation(((PrismContainerValue) it2.next()).asContainerable());
                }
                Iterator it3 = MiscUtil.emptyIfNull(containerDelta3.getValuesToReplace()).iterator();
                while (it3.hasNext()) {
                    ProvisioningUtil.cleanupShadowActivation(((PrismContainerValue) it3.next()).asContainerable());
                }
                arrayList.add(containerDelta3);
            } else if (SchemaConstants.PATH_PASSWORD.equivalent(containerDelta2.getParentPath())) {
                addPasswordDelta(arrayList, containerDelta2, objectDefinitionRequired);
            } else if (ShadowType.F_NAME.equivalent(containerDelta2.getPath())) {
                containerDelta = containerDelta2;
            } else if (ShadowType.F_POLICY_STATEMENT.equivalent(containerDelta2.getPath())) {
                arrayList.add(containerDelta2);
                ItemDelta<?, ?> computeEffectiveMarkDelta = computeEffectiveMarkDelta(containerDelta2);
                if (computeEffectiveMarkDelta != null) {
                    arrayList.add(computeEffectiveMarkDelta);
                }
            } else {
                arrayList.add(containerDelta2);
            }
        }
        if (containerDelta != null) {
            arrayList.add(containerDelta);
        } else if (itemDelta != null) {
            arrayList.add(itemDelta);
        }
        return arrayList;
    }

    private ItemDelta<?, ?> computeEffectiveMarkDelta(ItemDelta<?, ?> itemDelta) throws SchemaException {
        return ObjectOperationPolicyHelper.get().computeEffectiveMarkDelta(this.repoShadow, itemDelta);
    }

    private String getNewStringValue(ItemDelta<?, ?> itemDelta) {
        Collection valuesToReplace = itemDelta.getValuesToReplace();
        if (valuesToReplace != null && !valuesToReplace.isEmpty()) {
            return ((PrismPropertyValue) valuesToReplace.iterator().next()).getValue().toString();
        }
        Collection valuesToAdd = itemDelta.getValuesToAdd();
        if (valuesToAdd == null || valuesToAdd.isEmpty()) {
            return null;
        }
        return ((PrismPropertyValue) valuesToAdd.iterator().next()).getValue().toString();
    }

    private static boolean isNamingAttribute(QName qName, ResourceObjectDefinition resourceObjectDefinition) {
        QName namingAttributeName = resourceObjectDefinition.getNamingAttributeName();
        return namingAttributeName != null ? QNameUtil.match(namingAttributeName, qName) : resourceObjectDefinition.isSecondaryIdentifier(qName) || (resourceObjectDefinition.getAllIdentifiers().size() == 1 && resourceObjectDefinition.isPrimaryIdentifier(qName));
    }

    private void addPasswordDelta(Collection<ItemDelta<?, ?>> collection, ItemDelta<?, ?> itemDelta, ResourceObjectDefinition resourceObjectDefinition) throws SchemaException {
        CachingStrategyType passwordCachingStrategy;
        if (!itemDelta.getPath().equivalent(SchemaConstants.PATH_PASSWORD_VALUE) || (passwordCachingStrategy = ProvisioningUtil.getPasswordCachingStrategy(resourceObjectDefinition)) == null || passwordCachingStrategy == CachingStrategyType.NONE) {
            return;
        }
        PropertyDelta propertyDelta = (PropertyDelta) itemDelta;
        hashValues(propertyDelta.getValuesToAdd());
        hashValues(propertyDelta.getValuesToReplace());
        collection.add(itemDelta);
    }

    private void hashValues(Collection<PrismPropertyValue<ProtectedStringType>> collection) throws SchemaException {
        ProtectedStringType protectedStringType;
        if (collection == null) {
            return;
        }
        Iterator<PrismPropertyValue<ProtectedStringType>> it = collection.iterator();
        while (it.hasNext() && (protectedStringType = (ProtectedStringType) it.next().getValue()) != null && !protectedStringType.isHashed()) {
            try {
                this.protector.hash(protectedStringType);
            } catch (EncryptionException e) {
                throw new SchemaException("Cannot hash value", e);
            }
        }
    }
}
