package com.evolveum.midpoint.security.enforcer.impl;

import com.evolveum.midpoint.prism.query.FilterCreationUtil;
import com.evolveum.midpoint.prism.query.ObjectFilter;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.selector.spec.ValueSelector;
import com.evolveum.midpoint.schema.util.ObjectQueryUtil;
import com.evolveum.midpoint.security.api.Authorization;
import com.evolveum.midpoint.security.enforcer.impl.SecurityTraceEvent;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import java.util.Iterator;
import java.util.List;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:BOOT-INF/lib/security-enforcer-impl-4.10-SNAPSHOT.jar:com/evolveum/midpoint/security/enforcer/impl/AuthorizationFilterEvaluation.class */
class AuthorizationFilterEvaluation<T> extends AuthorizationEvaluation {

    @NotNull
    private final Class<T> filterType;

    @Nullable
    private final ObjectFilter originalFilter;

    @NotNull
    private final List<ValueSelector> objectSelectors;

    @NotNull
    private final String selectorLabel;
    private ObjectFilter autzFilter;
    private boolean applicable;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizationFilterEvaluation(int i, @NotNull Class<T> cls, @Nullable ObjectFilter objectFilter, @NotNull Authorization authorization, @NotNull List<ValueSelector> list, @NotNull String str, @NotNull EnforcerOperation enforcerOperation, @NotNull OperationResult operationResult) {
        super(i, authorization, enforcerOperation, operationResult);
        this.autzFilter = null;
        this.filterType = cls;
        this.originalFilter = objectFilter;
        this.objectSelectors = list;
        this.selectorLabel = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean computeFilter() throws SchemaException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ConfigurationException, ObjectNotFoundException {
        if (this.objectSelectors.isEmpty()) {
            this.autzFilter = FilterCreationUtil.createAll();
            this.applicable = true;
            traceAutzProcessingEnd("no %s specification (authorization is universally applicable)", this.selectorLabel);
        } else {
            int i = 0;
            Iterator<ValueSelector> it = this.objectSelectors.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                processSelector(i2, it.next());
            }
            traceAutzProcessingEnd("%d selector(s) processed", Integer.valueOf(i));
        }
        return this.applicable;
    }

    private void processSelector(int i, ValueSelector valueSelector) throws SchemaException, ConfigurationException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ObjectNotFoundException {
        String humanReadableDesc = TracingUtil.getHumanReadableDesc(valueSelector);
        SelectorWithItems adjustToSubObjectFilter = SelectorWithItems.of(valueSelector, this.authorization.getItems(), this.authorization.getExceptItems(), humanReadableDesc, this.authorization.isExceptMetadata()).adjustToSubObjectFilter(this.filterType);
        if (adjustToSubObjectFilter == null) {
            traceAutzProcessingNote("No adjustment for selector exists (to %s): %s", this.filterType.getSimpleName(), humanReadableDesc);
            return;
        }
        SelectorFilterEvaluation selectorFilterEvaluation = new SelectorFilterEvaluation(selectorId(i), adjustToSubObjectFilter, this.filterType, this.originalFilter, adjustToSubObjectFilter.getDescription(), this.selectorLabel, this, this.result);
        if (selectorFilterEvaluation.processFilter()) {
            this.autzFilter = ObjectQueryUtil.filterOr(this.autzFilter, selectorFilterEvaluation.getSecurityFilter());
            this.applicable = true;
        }
    }

    public boolean isApplicable() {
        return this.applicable;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ObjectFilter getAutzFilter() {
        return this.autzFilter;
    }

    private void traceAutzProcessingEnd(String str, Object... objArr) {
        if (this.op.tracer.isEnabled()) {
            this.op.tracer.trace(new SecurityTraceEvent.AuthorizationFilterProcessingFinished(this, str, objArr));
        }
    }
}
