package com.evolveum.midpoint.security.api;

import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.util.FocusTypeUtil;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.security.api.OtherPrivilegesLimitations;
import com.evolveum.midpoint.util.DebugDumpable;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.ShortDumpable;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.xml.ns._public.common.audit_3.EffectivePrivilegesModificationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentHolderType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import org.apache.commons.configuration2.tree.DefaultExpressionEngineSymbols;
import org.apache.commons.lang3.LocaleUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.PropertyAccessor;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:BOOT-INF/lib/security-api-4.8.9-SNAPSHOT.jar:com/evolveum/midpoint/security/api/MidPointPrincipal.class */
public class MidPointPrincipal implements UserDetails, DebugDumpable, ShortDumpable {
    private static final long serialVersionUID = 8299738301872077768L;

    @NotNull
    private FocusType focus;

    @NotNull
    private final String focusOid;
    private ActivationStatusType effectiveActivationStatus;
    private Locale preferredLocale;

    @Nullable
    private EffectivePrivilegesModificationType effectivePrivilegesModification;
    private SecurityPolicyType applicableSecurityPolicy;
    private FocusType attorney;
    private MidPointPrincipal previousPrincipal;
    static final /* synthetic */ boolean $assertionsDisabled;

    @NotNull
    private final List<Authorization> authorizations = new ArrayList();

    @NotNull
    private final OtherPrivilegesLimitations otherPrivilegesLimitations = new OtherPrivilegesLimitations();

    protected MidPointPrincipal(@NotNull FocusType focusType) {
        this.focusOid = (String) MiscUtil.argNonNull(focusType.getOid(), "No OID in principal focus object: %s", focusType);
        setOrReplaceFocus(focusType);
    }

    @NotNull
    public static MidPointPrincipal privileged(@NotNull FocusType focusType) {
        MidPointPrincipal midPointPrincipal = new MidPointPrincipal(focusType);
        midPointPrincipal.addExtraAuthorizationIfMissing(SecurityUtil.createPrivilegedAuthorization(), true);
        return midPointPrincipal;
    }

    public static MidPointPrincipal create(@NotNull FocusType focusType) {
        return new MidPointPrincipal(focusType);
    }

    @Override // org.springframework.security.core.userdetails.UserDetails
    @NotNull
    public Collection<Authorization> getAuthorities() {
        return Collections.unmodifiableList(this.authorizations);
    }

    public void addAuthorization(@NotNull Authorization authorization) {
        this.authorizations.add(authorization);
    }

    public void addExtraAuthorizationIfMissing(@NotNull Authorization authorization, boolean z) {
        if (this.authorizations.contains(authorization)) {
            return;
        }
        this.authorizations.add(authorization);
        if (z) {
            this.effectivePrivilegesModification = EffectivePrivilegesModificationType.FULL_ELEVATION;
        } else if (this.effectivePrivilegesModification != EffectivePrivilegesModificationType.REDUCTION) {
            this.effectivePrivilegesModification = EffectivePrivilegesModificationType.ELEVATION;
        } else {
            this.effectivePrivilegesModification = EffectivePrivilegesModificationType.OTHER;
        }
    }

    public void clearAuthorizations() {
        this.authorizations.clear();
    }

    @Override // org.springframework.security.core.userdetails.UserDetails
    public String getPassword() {
        return null;
    }

    @Override // org.springframework.security.core.userdetails.UserDetails
    public String getUsername() {
        return getFocus().getName().getOrig();
    }

    @Override // org.springframework.security.core.userdetails.UserDetails
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override // org.springframework.security.core.userdetails.UserDetails
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override // org.springframework.security.core.userdetails.UserDetails
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override // org.springframework.security.core.userdetails.UserDetails
    public boolean isEnabled() {
        if (this.effectiveActivationStatus == null) {
            ActivationType activation = this.focus.getActivation();
            if (activation == null) {
                this.effectiveActivationStatus = ActivationStatusType.ENABLED;
            } else {
                this.effectiveActivationStatus = activation.getEffectiveStatus();
                if (this.effectiveActivationStatus == null) {
                    throw new IllegalArgumentException("Null effective activation status in " + this.focus);
                }
            }
        }
        return this.effectiveActivationStatus == ActivationStatusType.ENABLED;
    }

    @NotNull
    public FocusType getFocus() {
        return this.focus;
    }

    public PrismObject<? extends FocusType> getFocusPrismObject() {
        return this.focus.asPrismObject();
    }

    public void setOrReplaceFocus(@NotNull FocusType focusType) {
        String oid = focusType.getOid();
        MiscUtil.argCheck(this.focusOid.equals(oid), "An attempt to change focus OID from %s to %s", this.focusOid, oid);
        this.focus = focusType;
        this.effectiveActivationStatus = null;
    }

    public PolyStringType getName() {
        return getFocus().getName();
    }

    public String getOid() {
        return getFocus().getOid();
    }

    @Nullable
    public EffectivePrivilegesModificationType getEffectivePrivilegesModification() {
        return this.effectivePrivilegesModification;
    }

    public void clearEffectivePrivilegesModification() {
        this.effectivePrivilegesModification = null;
    }

    @Nullable
    public FocusType getAttorney() {
        return this.attorney;
    }

    @Nullable
    public PrismObject<? extends FocusType> getAttorneyPrismObject() {
        return ObjectTypeUtil.asPrismObject(this.attorney);
    }

    public void setAttorney(FocusType focusType) {
        this.attorney = focusType;
    }

    public MidPointPrincipal getPreviousPrincipal() {
        return this.previousPrincipal;
    }

    public void setPreviousPrincipal(MidPointPrincipal midPointPrincipal) {
        this.previousPrincipal = midPointPrincipal;
    }

    public SecurityPolicyType getApplicableSecurityPolicy() {
        return this.applicableSecurityPolicy;
    }

    public void setApplicableSecurityPolicy(SecurityPolicyType securityPolicyType) {
        this.applicableSecurityPolicy = securityPolicyType;
    }

    /* renamed from: clone, reason: merged with bridge method [inline-methods] */
    public MidPointPrincipal m819clone() {
        MidPointPrincipal midPointPrincipal = new MidPointPrincipal(this.focus);
        copyValues(midPointPrincipal);
        return midPointPrincipal;
    }

    public MidPointPrincipal cloneWithAdditionalAuthorizations(@NotNull List<Authorization> list, boolean z) {
        MidPointPrincipal m819clone = m819clone();
        list.forEach(authorization -> {
            m819clone.addExtraAuthorizationIfMissing(authorization, z);
        });
        return m819clone;
    }

    protected void copyValues(MidPointPrincipal midPointPrincipal) {
        midPointPrincipal.effectivePrivilegesModification = this.effectivePrivilegesModification;
        midPointPrincipal.applicableSecurityPolicy = this.applicableSecurityPolicy;
        midPointPrincipal.authorizations.addAll(this.authorizations);
        midPointPrincipal.effectiveActivationStatus = this.effectiveActivationStatus;
        midPointPrincipal.otherPrivilegesLimitations.copyValuesFrom(this.otherPrivilegesLimitations);
    }

    @Override // com.evolveum.midpoint.util.DebugDumpable
    public String debugDump(int i) {
        StringBuilder sb = new StringBuilder();
        DebugUtil.debugDumpLabelLn(sb, getClass().getSimpleName(), i);
        debugDumpInternal(sb, i);
        return sb.toString();
    }

    protected void debugDumpInternal(StringBuilder sb, int i) {
        DebugUtil.debugDumpWithLabelLn(sb, "Focus", this.focus.asPrismObject(), i + 1);
        DebugUtil.debugDumpWithLabelLn(sb, "Authorizations", this.authorizations, i + 1);
        DebugUtil.debugDumpWithLabelLn(sb, "Other privilege limitations", this.otherPrivilegesLimitations, i + 1);
        DebugUtil.debugDumpWithLabel(sb, "Attorney", this.attorney == null ? null : this.attorney.asPrismObject(), i + 1);
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append(getClass().getSimpleName()).append(DefaultExpressionEngineSymbols.DEFAULT_INDEX_START);
        sb.append(this.focus);
        if (this.attorney != null) {
            sb.append(" [").append(this.attorney).append("]");
        }
        sb.append(", autz=").append(this.authorizations);
        sb.append(")");
        return sb.toString();
    }

    @NotNull
    public ObjectReferenceType toObjectReference() {
        if ($assertionsDisabled || this.focus.getOid() != null) {
            return ObjectTypeUtil.createObjectRef(this.focus, SchemaConstants.ORG_DEFAULT);
        }
        throw new AssertionError();
    }

    @Override // com.evolveum.midpoint.util.ShortDumpable
    public void shortDump(StringBuilder sb) {
        sb.append(this.focus);
        if (this.attorney != null) {
            sb.append(PropertyAccessor.PROPERTY_KEY_PREFIX).append(this.attorney).append("]");
        }
    }

    @Nullable
    public Locale getLocale() {
        Locale preferredLocale = getPreferredLocale();
        if (preferredLocale != null) {
            return preferredLocale;
        }
        Locale locale = LocaleUtils.toLocale(this.focus.getPreferredLanguage());
        if (locale != null) {
            return locale;
        }
        Locale locale2 = LocaleUtils.toLocale(this.focus.getLocale());
        if (locale2 != null) {
            return locale2;
        }
        return null;
    }

    public Locale getPreferredLocale() {
        return this.preferredLocale;
    }

    public void setPreferredLocale(Locale locale) {
        this.preferredLocale = locale;
    }

    @NotNull
    public OtherPrivilegesLimitations getOtherPrivilegesLimitations() {
        return this.otherPrivilegesLimitations;
    }

    public void addDelegationTarget(@NotNull PrismObject<? extends AssignmentHolderType> prismObject, @NotNull OtherPrivilegesLimitations.Limitation limitation) {
        this.otherPrivilegesLimitations.addDelegationTarget(prismObject, limitation);
    }

    public Set<String> getDelegatorsFor(@Nullable OtherPrivilegesLimitations.Type type) {
        return this.otherPrivilegesLimitations.getDelegatorsFor(type);
    }

    public Set<String> getDelegatedMembershipFor(@Nullable OtherPrivilegesLimitations.Type type) {
        return this.otherPrivilegesLimitations.getDelegatedMembershipFor(type);
    }

    public void checkEnabled() throws SecurityViolationException {
        ActivationStatusType effectiveStatus = FocusTypeUtil.getEffectiveStatus(this.focus);
        if (effectiveStatus == ActivationStatusType.DISABLED || effectiveStatus == ActivationStatusType.ARCHIVED) {
            throw new SecurityViolationException("The principal is disabled");
        }
    }

    static {
        $assertionsDisabled = !MidPointPrincipal.class.desiredAssertionStatus();
    }
}
