package com.evolveum.midpoint.ninja.action.mining;

import com.evolveum.midpoint.common.RoleMiningExportUtils;
import com.evolveum.midpoint.ninja.action.worker.AbstractWriterConsumerWorker;
import com.evolveum.midpoint.ninja.impl.NinjaContext;
import com.evolveum.midpoint.ninja.util.FileReference;
import com.evolveum.midpoint.ninja.util.NinjaUtils;
import com.evolveum.midpoint.ninja.util.OperationStatus;
import com.evolveum.midpoint.prism.Item;
import com.evolveum.midpoint.prism.ItemDefinition;
import com.evolveum.midpoint.prism.PrismContainer;
import com.evolveum.midpoint.prism.PrismContainerDefinition;
import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.PrismPropertyDefinition;
import com.evolveum.midpoint.prism.PrismReferenceDefinition;
import com.evolveum.midpoint.prism.PrismSerializer;
import com.evolveum.midpoint.prism.SerializationOptions;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.prism.query.ObjectFilter;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.security.api.MidPointPrincipalManager;
import com.evolveum.midpoint.util.DOMUtil;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ArchetypeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ExtensionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
import com.evolveum.prism.xml.ns._public.types_3.RawType;
import java.io.IOException;
import java.io.Writer;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.BlockingQueue;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.xml.namespace.QName;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:BOOT-INF/classes/com/evolveum/midpoint/ninja/action/mining/ExportMiningConsumerWorker.class */
public class ExportMiningConsumerWorker extends AbstractWriterConsumerWorker<ExportMiningOptions, FocusType> {
    OperationResult operationResult;
    private PrismSerializer<String> serializer;
    private int processedRoleIterator;
    private int processedUserIterator;
    private int processedOrgIterator;
    private final RoleMiningExportUtils.SequentialAnonymizer defaultAttributeNameAnonymizer;
    private final RoleMiningExportUtils.SequentialAnonymizer extensionAttributeNameAnonymizer;
    private RoleMiningExportUtils.AttributeValueAnonymizer attributeValuesAnonymizer;
    private boolean orgAllowed;
    private boolean attributesAllowed;
    private boolean firstObject;
    private boolean jsonFormat;
    private RoleMiningExportUtils.SecurityMode securityMode;
    private RoleMiningExportUtils.NameMode nameMode;
    private String encryptKey;
    private ObjectFilter filterRole;
    private ObjectFilter filterOrg;
    private static String applicationArchetypeOid;
    private static String businessArchetypeOid;
    private List<String> applicationRolePrefix;
    private List<String> applicationRoleSuffix;
    private List<String> businessRolePrefix;
    private List<String> businessRoleSuffix;
    private Set<ItemName> attrPathsUser;
    private Set<ItemName> attrPathsRole;
    private Set<ItemName> attrPathsOrg;
    private static final String ARCHETYPE_REF_ATTRIBUTE_NAME = "archetypeRef";
    private static final List<String> DEFAULT_EXCLUDED_ATTRIBUTES = List.of((Object[]) new String[]{"description", "documentation", "emailAddress", "telephoneNumber", "name", "fullName", "givenName", "familyName", "additionalName", "nickName", "personalNumber", "identifier", "jpegPhoto"});

    public ExportMiningConsumerWorker(NinjaContext ninjaContext, ExportMiningOptions exportMiningOptions, BlockingQueue<FocusType> blockingQueue, OperationStatus operationStatus) {
        super(ninjaContext, exportMiningOptions, blockingQueue, operationStatus);
        this.operationResult = new OperationResult(MidPointPrincipalManager.DOT_CLASS + "searchObjectByCondition");
        this.processedRoleIterator = 0;
        this.processedUserIterator = 0;
        this.processedOrgIterator = 0;
        this.defaultAttributeNameAnonymizer = new RoleMiningExportUtils.SequentialAnonymizer("default_attr");
        this.extensionAttributeNameAnonymizer = new RoleMiningExportUtils.SequentialAnonymizer("extension_attr");
        this.firstObject = true;
        this.jsonFormat = false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.evolveum.midpoint.ninja.action.worker.AbstractWriterConsumerWorker
    protected void init() {
        loadFilters(((ExportMiningOptions) this.options).getRoleFilter(), ((ExportMiningOptions) this.options).getOrgFilter());
        loadRoleCategoryIdentifiers();
        this.securityMode = ((ExportMiningOptions) this.options).getSecurityLevel();
        this.encryptKey = RoleMiningExportUtils.updateEncryptKey(this.securityMode);
        this.orgAllowed = ((ExportMiningOptions) this.options).isIncludeOrg();
        this.attributesAllowed = ((ExportMiningOptions) this.options).isIncludeAttributes();
        this.nameMode = ((ExportMiningOptions) this.options).getNameMode();
        this.attrPathsUser = extractDefaultAttributePaths(UserType.COMPLEX_TYPE, ((ExportMiningOptions) this.options).getExcludedAttributesUser());
        this.attrPathsRole = extractDefaultAttributePaths(RoleType.COMPLEX_TYPE, ((ExportMiningOptions) this.options).getExcludedAttributesRole());
        this.attrPathsOrg = extractDefaultAttributePaths(OrgType.COMPLEX_TYPE, ((ExportMiningOptions) this.options).getExcludedAttributesOrg());
        this.attributeValuesAnonymizer = new RoleMiningExportUtils.AttributeValueAnonymizer(this.nameMode, this.encryptKey);
        SerializationOptions skipContainerIds = SerializationOptions.createSerializeForExport().serializeReferenceNames(true).serializeForExport(true).skipContainerIds(true);
        this.jsonFormat = ((ExportMiningOptions) this.options).getOutput().getName().endsWith(".json");
        if (this.jsonFormat) {
            this.serializer = this.context.getPrismContext().jsonSerializer().options(skipContainerIds);
        } else {
            this.serializer = this.context.getPrismContext().xmlSerializer().options(skipContainerIds);
        }
    }

    @Override // com.evolveum.midpoint.ninja.action.worker.AbstractWriterConsumerWorker
    protected String getProlog() {
        return this.jsonFormat ? NinjaUtils.JSON_OBJECTS_PREFIX : NinjaUtils.XML_OBJECTS_PREFIX;
    }

    @Override // com.evolveum.midpoint.ninja.action.worker.AbstractWriterConsumerWorker
    protected String getEpilog() {
        return this.jsonFormat ? NinjaUtils.JSON_OBJECTS_SUFFIX : NinjaUtils.XML_OBJECTS_SUFFIX;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.ninja.action.worker.AbstractWriterConsumerWorker
    public void write(Writer writer, @NotNull FocusType focusType) throws SchemaException, IOException {
        if (focusType.asPrismObject().isOfType(RoleType.class)) {
            write(writer, (PrismContainerValue<?>) getPreparedRoleObject(focusType).asPrismContainerValue());
            return;
        }
        if (!focusType.asPrismObject().isOfType(UserType.class)) {
            if (focusType.asPrismObject().isOfType(OrgType.class)) {
                write(writer, (PrismContainerValue<?>) getPreparedOrgObject(focusType).asPrismContainerValue());
            }
        } else {
            UserType preparedUserObject = getPreparedUserObject(focusType);
            if (preparedUserObject.getAssignment() == null || preparedUserObject.getAssignment().isEmpty()) {
                return;
            }
            write(writer, (PrismContainerValue<?>) preparedUserObject.asPrismContainerValue());
        }
    }

    private void write(Writer writer, PrismContainerValue<?> prismContainerValue) throws SchemaException, IOException {
        String serialize = this.serializer.serialize(prismContainerValue);
        if (!this.jsonFormat || this.firstObject) {
            writer.write(serialize);
        } else {
            writer.write(",\n" + serialize);
        }
        this.firstObject = false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @NotNull
    private OrgType getPreparedOrgObject(@NotNull FocusType focusType) {
        OrgType orgType = new OrgType();
        fillAttributes(focusType, orgType, this.attrPathsOrg, ((ExportMiningOptions) this.options).getExcludedAttributesOrg());
        fillActivation(focusType, orgType);
        String polyStringType = focusType.getName().toString();
        int i = this.processedOrgIterator;
        this.processedOrgIterator = i + 1;
        orgType.setName(RoleMiningExportUtils.encryptOrgName(polyStringType, i, this.nameMode, this.encryptKey));
        orgType.setOid(RoleMiningExportUtils.encryptedUUID(focusType.getOid(), this.securityMode, this.encryptKey));
        for (AssignmentType assignmentType : focusType.getAssignment()) {
            ObjectReferenceType targetRef = assignmentType.getTargetRef();
            if (targetRef != null) {
                String objectType = getObjectType(targetRef);
                String oid = targetRef.getOid();
                if (objectType != null && oid != null && objectType.equals(OrgType.class.getSimpleName()) && filterAllowedOrg(oid)) {
                    orgType.getAssignment().add(RoleMiningExportUtils.encryptObjectReference(assignmentType, this.securityMode, this.encryptKey));
                }
            }
        }
        return orgType;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @NotNull
    private UserType getPreparedUserObject(@NotNull FocusType focusType) {
        UserType userType = new UserType();
        fillAttributes(focusType, userType, this.attrPathsUser, ((ExportMiningOptions) this.options).getExcludedAttributesUser());
        fillActivation(focusType, userType);
        List<AssignmentType> assignment = focusType.getAssignment();
        if (assignment == null || assignment.isEmpty()) {
            return new UserType();
        }
        for (AssignmentType assignmentType : assignment) {
            ObjectReferenceType targetRef = assignmentType.getTargetRef();
            if (targetRef != null) {
                String objectType = getObjectType(targetRef);
                String oid = targetRef.getOid();
                if (objectType != null && oid != null) {
                    if (objectType.equals(RoleType.class.getSimpleName()) && filterAllowedRole(oid)) {
                        userType.getAssignment().add(RoleMiningExportUtils.encryptObjectReference(assignmentType, this.securityMode, this.encryptKey));
                    }
                    if (this.orgAllowed && objectType.equals(OrgType.class.getSimpleName()) && filterAllowedOrg(oid)) {
                        userType.getAssignment().add(RoleMiningExportUtils.encryptObjectReference(assignmentType, this.securityMode, this.encryptKey));
                    }
                }
            }
        }
        String polyStringType = focusType.getName().toString();
        int i = this.processedUserIterator;
        this.processedUserIterator = i + 1;
        userType.setName(RoleMiningExportUtils.encryptUserName(polyStringType, i, this.nameMode, this.encryptKey));
        userType.setOid(RoleMiningExportUtils.encryptedUUID(focusType.getOid(), this.securityMode, this.encryptKey));
        return userType;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @NotNull
    private RoleType getPreparedRoleObject(@NotNull FocusType focusType) {
        RoleType roleType = new RoleType();
        fillAttributes(focusType, roleType, this.attrPathsRole, ((ExportMiningOptions) this.options).getExcludedAttributesRole());
        fillActivation(focusType, roleType);
        String polyStringType = focusType.getName().toString();
        int i = this.processedRoleIterator;
        this.processedRoleIterator = i + 1;
        roleType.setName(RoleMiningExportUtils.encryptRoleName(polyStringType, i, this.nameMode, this.encryptKey));
        roleType.setOid(RoleMiningExportUtils.encryptedUUID(focusType.getOid(), this.securityMode, this.encryptKey));
        String str = "";
        for (AssignmentType assignmentType : ((RoleType) focusType).getInducement()) {
            ObjectReferenceType targetRef = assignmentType.getTargetRef();
            if (targetRef != null) {
                String objectType = getObjectType(targetRef);
                String oid = targetRef.getOid();
                if (objectType != null && oid != null && objectType.equals(RoleType.class.getSimpleName()) && filterAllowedRole(oid)) {
                    roleType.getInducement().add(RoleMiningExportUtils.encryptObjectReference(assignmentType, this.securityMode, this.encryptKey));
                }
            }
        }
        Iterator<AssignmentType> it = focusType.getAssignment().iterator();
        while (it.hasNext()) {
            ObjectReferenceType targetRef2 = it.next().getTargetRef();
            if (targetRef2 != null) {
                String objectType2 = getObjectType(targetRef2);
                String oid2 = targetRef2.getOid();
                if (objectType2 != null && oid2 != null && objectType2.equals(ArchetypeType.class.getSimpleName())) {
                    AssignmentType assignmentType2 = new AssignmentType();
                    if (oid2.equals(applicationArchetypeOid)) {
                        str = RoleMiningExportUtils.APPLICATION_ROLE_IDENTIFIER;
                        assignmentType2.targetRef(targetRef2);
                        roleType.getAssignment().add(assignmentType2);
                    } else if (oid2.equals(businessArchetypeOid)) {
                        str = RoleMiningExportUtils.BUSINESS_ROLE_IDENTIFIER;
                        assignmentType2.targetRef(targetRef2);
                        roleType.getAssignment().add(assignmentType2);
                    }
                }
            }
        }
        if (str.isEmpty()) {
            String determineRoleCategory = RoleMiningExportUtils.determineRoleCategory(polyStringType, this.applicationRolePrefix, this.businessRolePrefix, this.applicationRoleSuffix, this.businessRoleSuffix);
            if (determineRoleCategory != null) {
                roleType.setIdentifier(determineRoleCategory);
            }
        } else {
            roleType.setIdentifier(str);
        }
        return roleType;
    }

    private boolean filterAllowedOrg(String str) {
        if (this.filterOrg == null) {
            return true;
        }
        ObjectQuery createQuery = this.context.getPrismContext().queryFactory().createQuery(this.filterOrg);
        createQuery.addFilter(this.context.getPrismContext().queryFor(OrgType.class).id(str).buildFilter());
        try {
            return !this.context.getRepository().searchObjects(OrgType.class, createQuery, null, this.operationResult).isEmpty();
        } catch (SchemaException e) {
            this.context.getLog().error("Failed to search organization object. ", e, new Object[0]);
            return false;
        }
    }

    private boolean filterAllowedRole(String str) {
        if (this.filterRole == null) {
            return true;
        }
        ObjectQuery createQuery = this.context.getPrismContext().queryFactory().createQuery(this.filterRole);
        createQuery.addFilter(this.context.getPrismContext().queryFor(RoleType.class).id(str).buildFilter());
        try {
            return !this.context.getRepository().searchObjects(RoleType.class, createQuery, null, this.operationResult).isEmpty();
        } catch (SchemaException e) {
            this.context.getLog().error("Failed to search role object. ", e, new Object[0]);
            return false;
        }
    }

    private void loadFilters(FileReference fileReference, FileReference fileReference2) {
        try {
            this.filterRole = NinjaUtils.createObjectFilter(fileReference, this.context, RoleType.class);
            this.filterOrg = NinjaUtils.createObjectFilter(fileReference2, this.context, OrgType.class);
        } catch (SchemaException | IOException e) {
            this.context.getLog().error("Failed to crate object filter. ", e, new Object[0]);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void loadRoleCategoryIdentifiers() {
        applicationArchetypeOid = ((ExportMiningOptions) this.options).getApplicationRoleArchetypeOid();
        businessArchetypeOid = ((ExportMiningOptions) this.options).getBusinessRoleArchetypeOid();
        this.applicationRolePrefix = ((ExportMiningOptions) this.options).getApplicationRolePrefix();
        this.applicationRoleSuffix = ((ExportMiningOptions) this.options).getApplicationRoleSuffix();
        this.businessRolePrefix = ((ExportMiningOptions) this.options).getBusinessRolePrefix();
        this.businessRoleSuffix = ((ExportMiningOptions) this.options).getBusinessRoleSuffix();
    }

    @Nullable
    private String getObjectType(@NotNull ObjectReferenceType objectReferenceType) {
        QName type = objectReferenceType.getType();
        if (type != null) {
            return type.getLocalPart();
        }
        return null;
    }

    public static boolean isSupportedPropertyType(@NotNull Class<?> cls) {
        return cls.equals(Integer.class) || cls.equals(Integer.TYPE) || cls.equals(Long.class) || cls.equals(Long.TYPE) || cls.equals(Boolean.class) || cls.equals(Boolean.TYPE) || cls.equals(Double.class) || cls.equals(Double.TYPE) || cls.equals(String.class) || cls.equals(PolyString.class);
    }

    private boolean filterSupportedAttribute(ItemDefinition<?> itemDefinition, ItemName itemName, List<String> list) {
        String itemName2 = itemName.toString();
        if (list.contains(itemName2)) {
            return false;
        }
        if (itemDefinition == null) {
            return true;
        }
        if (itemDefinition.getTypeClass() == null) {
            return false;
        }
        if (!itemName2.equals(ARCHETYPE_REF_ATTRIBUTE_NAME) && (itemDefinition.isOperational() || !itemDefinition.isSingleValue())) {
            return false;
        }
        if (itemDefinition instanceof PrismReferenceDefinition) {
            return true;
        }
        return (itemDefinition instanceof PrismPropertyDefinition) && isSupportedPropertyType(((PrismPropertyDefinition) itemDefinition).getTypeClass());
    }

    private Set<ItemName> extractDefaultAttributePaths(QName qName, List<String> list) {
        PrismContainerDefinition findContainerDefinitionByType = PrismContext.get().getSchemaRegistry().findContainerDefinitionByType(qName);
        List list2 = Stream.concat(list.stream(), DEFAULT_EXCLUDED_ATTRIBUTES.stream()).toList();
        return (Set) findContainerDefinitionByType.getDefinitions().stream().filter(itemDefinition -> {
            return filterSupportedAttribute(itemDefinition, itemDefinition.getItemName(), list2);
        }).map((v0) -> {
            return v0.getItemName();
        }).collect(Collectors.toUnmodifiableSet());
    }

    private Set<ItemName> extractExtensionAttributePaths(PrismContainerValue<?> prismContainerValue, List<String> list) {
        return (Set) prismContainerValue.getItems().stream().filter(item -> {
            return filterSupportedAttribute(item.getDefinition(), item.getElementName(), list);
        }).map((v0) -> {
            return v0.getElementName();
        }).collect(Collectors.toUnmodifiableSet());
    }

    private Object tryParseUnknownValue(RawType rawType, Class<?> cls) {
        try {
            return ((RawType) Objects.requireNonNull(rawType)).getParsedRealValue(cls);
        } catch (SchemaException e) {
            return null;
        }
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [com.evolveum.midpoint.prism.PrismValue] */
    private Object parseRealValue(Item<?, ?> item) {
        if (item.hasCompleteDefinition()) {
            return Objects.requireNonNull(item.getRealValue());
        }
        RawType rawType = (RawType) item.getAnyValue().getRealValue();
        Iterator it = List.of(String.class, PolyStringType.class, ObjectReferenceType.class).iterator();
        while (it.hasNext()) {
            Object tryParseUnknownValue = tryParseUnknownValue(rawType, (Class) it.next());
            if (tryParseUnknownValue != null) {
                return tryParseUnknownValue;
            }
        }
        throw new RuntimeException("Cannot parse attribute value: " + item.getElementName());
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Object anonymizeAttributeValue(Item<?, ?> item, ItemName itemName) {
        Object parseRealValue = parseRealValue(item);
        Class<?> cls = parseRealValue.getClass();
        String itemName2 = itemName.toString();
        if (ObjectReferenceType.class.equals(cls)) {
            return RoleMiningExportUtils.encryptObjectReference((ObjectReferenceType) parseRealValue, this.securityMode, this.encryptKey);
        }
        return (((ExportMiningOptions) this.options).isAnonymizeOrdinalAttributeValues().booleanValue() || !List.of(Integer.class, Long.class, Double.class).contains(cls)) ? this.attributeValuesAnonymizer.anonymize(itemName2, parseRealValue.toString()) : parseRealValue;
    }

    public String anonymizeAttributeName(Item<?, ?> item, RoleMiningExportUtils.SequentialAnonymizer sequentialAnonymizer) {
        String itemName = item.getElementName().toString();
        return this.nameMode.equals(RoleMiningExportUtils.NameMode.ORIGINAL) ? itemName : sequentialAnonymizer.anonymize(itemName);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void anonymizeAttribute(FocusType focusType, PrismContainer<?> prismContainer, ItemName itemName, RoleMiningExportUtils.SequentialAnonymizer sequentialAnonymizer) {
        Item<?, ?> findItem = prismContainer.findItem(itemName);
        if (findItem != null) {
            try {
                if (findItem.hasNoValues()) {
                    return;
                }
                String anonymizeAttributeName = ((ExportMiningOptions) this.options).isAnonymizeAttributeNames().booleanValue() ? anonymizeAttributeName(findItem, sequentialAnonymizer) : findItem.getElementName().toString();
                Object anonymizeAttributeValue = anonymizeAttributeValue(findItem, itemName);
                PrismProperty<T> instantiate = this.context.getPrismContext().definitionFactory().createPropertyDefinition(new QName(itemName.getNamespaceURI(), anonymizeAttributeName), DOMUtil.XSD_STRING).instantiate();
                instantiate.setRealValue(anonymizeAttributeValue);
                focusType.asPrismObject().addExtensionItem(instantiate);
            } catch (Exception e) {
                this.context.getLog().warn("Failed to anonymize attribute: \n{}\n{}\n{}", e, itemName, findItem);
            }
        }
    }

    private void fillAttributes(@NotNull FocusType focusType, @NotNull FocusType focusType2, @NotNull Set<ItemName> set, @NotNull List<String> list) {
        if (this.attributesAllowed) {
            PrismObject<? extends FocusType> asPrismObject = focusType.asPrismObject();
            focusType2.extension(new ExtensionType());
            Iterator<ItemName> it = set.iterator();
            while (it.hasNext()) {
                anonymizeAttribute(focusType2, asPrismObject, it.next(), this.defaultAttributeNameAnonymizer);
            }
            if (asPrismObject.getExtension() != null) {
                Iterator<ItemName> it2 = extractExtensionAttributePaths(asPrismObject.getExtensionContainerValue(), list).iterator();
                while (it2.hasNext()) {
                    anonymizeAttribute(focusType2, asPrismObject.getExtension(), it2.next(), this.extensionAttributeNameAnonymizer);
                }
            }
        }
    }

    private void fillActivation(@NotNull FocusType focusType, @NotNull FocusType focusType2) {
        if (focusType.getActivation() == null) {
            return;
        }
        focusType2.setActivation(new ActivationType().effectiveStatus(focusType.getActivation().getEffectiveStatus()));
    }
}
