package com.evolveum.midpoint.model.impl.scripting.actions;

import com.evolveum.midpoint.model.api.BulkAction;
import com.evolveum.midpoint.model.api.ModelExecuteOptions;
import com.evolveum.midpoint.model.api.ModelService;
import com.evolveum.midpoint.model.api.PipelineItem;
import com.evolveum.midpoint.model.api.TaskService;
import com.evolveum.midpoint.model.api.expr.MidpointFunctions;
import com.evolveum.midpoint.model.impl.scripting.ActionExecutor;
import com.evolveum.midpoint.model.impl.scripting.BulkActionExecutorRegistry;
import com.evolveum.midpoint.model.impl.scripting.BulkActionsExecutor;
import com.evolveum.midpoint.model.impl.scripting.ExecutionContext;
import com.evolveum.midpoint.model.impl.scripting.PipelineData;
import com.evolveum.midpoint.model.impl.scripting.VariablesUtil;
import com.evolveum.midpoint.model.impl.scripting.helpers.ExpressionHelper;
import com.evolveum.midpoint.model.impl.scripting.helpers.OperationsHelper;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObjectValue;
import com.evolveum.midpoint.prism.PrismValue;
import com.evolveum.midpoint.prism.match.MatchingRuleRegistry;
import com.evolveum.midpoint.provisioning.api.ProvisioningService;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.repo.common.expression.ExpressionFactory;
import com.evolveum.midpoint.repo.common.expression.ExpressionUtil;
import com.evolveum.midpoint.schema.AccessDecision;
import com.evolveum.midpoint.schema.RelationRegistry;
import com.evolveum.midpoint.schema.SchemaService;
import com.evolveum.midpoint.schema.constants.ExpressionConstants;
import com.evolveum.midpoint.schema.expression.BulkActionsProfile;
import com.evolveum.midpoint.schema.expression.ExpressionProfile;
import com.evolveum.midpoint.schema.expression.VariablesMap;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.statistics.Operation;
import com.evolveum.midpoint.security.api.SecurityContextManager;
import com.evolveum.midpoint.security.enforcer.api.SecurityEnforcer;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.NotHereAssertionError;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;

/* loaded from: input_file:BOOT-INF/lib/model-impl-4.8.7-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/scripting/actions/BaseActionExecutor.class */
public abstract class BaseActionExecutor implements ActionExecutor {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) BaseActionExecutor.class);

    @Autowired
    protected BulkActionsExecutor bulkActionsExecutor;

    @Autowired
    protected PrismContext prismContext;

    @Autowired
    protected OperationsHelper operationsHelper;

    @Autowired
    protected ExpressionFactory expressionFactory;

    @Autowired
    protected ExpressionHelper expressionHelper;

    @Autowired
    protected ProvisioningService provisioningService;

    @Autowired
    protected ModelService modelService;

    @Autowired
    protected SecurityEnforcer securityEnforcer;

    @Autowired
    protected SecurityContextManager securityContextManager;

    @Autowired
    protected TaskService taskService;

    @Autowired
    @Qualifier("cacheRepositoryService")
    protected RepositoryService cacheRepositoryService;

    @Autowired
    protected BulkActionExecutorRegistry actionExecutorRegistry;

    @Autowired
    protected MidpointFunctions midpointFunctions;

    @Autowired
    protected RelationRegistry relationRegistry;

    @Autowired
    protected MatchingRuleRegistry matchingRuleRegistry;

    @Autowired
    protected SchemaService schemaService;

    @FunctionalInterface
    /* loaded from: input_file:BOOT-INF/lib/model-impl-4.8.7-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/scripting/actions/BaseActionExecutor$ConsoleFailureMessageWriter.class */
    public interface ConsoleFailureMessageWriter {
        void write(PrismValue prismValue, @NotNull Throwable th);
    }

    @FunctionalInterface
    /* loaded from: input_file:BOOT-INF/lib/model-impl-4.8.7-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/scripting/actions/BaseActionExecutor$ItemProcessor.class */
    public interface ItemProcessor {
        void process(PrismValue prismValue, PipelineItem pipelineItem, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ObjectAlreadyExistsException, SecurityViolationException, PolicyViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public String getName() {
        return getActionType().getName();
    }

    private String optionsSuffix(ModelExecuteOptions modelExecuteOptions) {
        return modelExecuteOptions.notEmpty() ? " " + modelExecuteOptions : "";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String drySuffix(boolean z) {
        return z ? " (dry run)" : "";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String optionsSuffix(ModelExecuteOptions modelExecuteOptions, boolean z) {
        return optionsSuffix(modelExecuteOptions) + drySuffix(z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String exceptionSuffix(Throwable th) {
        return th != null ? " (error: " + th.getClass().getSimpleName() + ": " + th.getMessage() + ")" : "";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Throwable logOrRethrowActionException(Throwable th, PrismValue prismValue, ExecutionContext executionContext) throws SchemaException, ObjectNotFoundException, ObjectAlreadyExistsException, SecurityViolationException, PolicyViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        if (executionContext.isContinueOnAnyError()) {
            LoggingUtils.logUnexpectedException(LOGGER, "Couldn't execute action '{}' on {}: {}", th, getName(), prismValue, th.getMessage());
            return th;
        }
        if ((th instanceof SchemaException) || (th instanceof ObjectNotFoundException) || (th instanceof ObjectAlreadyExistsException) || (th instanceof SecurityViolationException) || (th instanceof PolicyViolationException) || (th instanceof CommunicationException) || (th instanceof ConfigurationException) || (th instanceof ExpressionEvaluationException) || (th instanceof UnsupportedOperationException)) {
            MiscUtil.throwAsSame(th, getExceptionMessage(th, prismValue));
            throw new NotHereAssertionError();
        }
        if (th instanceof RuntimeException) {
            throw ((RuntimeException) th);
        }
        if (th instanceof Error) {
            throw ((Error) th);
        }
        throw new SystemException(getExceptionMessage(th, prismValue), th);
    }

    @NotNull
    private String getExceptionMessage(Throwable th, PrismValue prismValue) {
        return "Couldn't execute action '" + getName() + "' on " + prismValue + ": " + th.getMessage();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void iterateOverItems(PipelineData pipelineData, ExecutionContext executionContext, OperationResult operationResult, ItemProcessor itemProcessor, ConsoleFailureMessageWriter consoleFailureMessageWriter) throws SchemaException, ObjectNotFoundException, ObjectAlreadyExistsException, SecurityViolationException, PolicyViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        for (PipelineItem pipelineItem : pipelineData.getData()) {
            PrismValue value = pipelineItem.getValue();
            executionContext.checkTaskStop();
            Operation recordStart = value instanceof PrismObjectValue ? this.operationsHelper.recordStart(executionContext, asObjectType(value)) : null;
            OperationResult createActionResult = this.operationsHelper.createActionResult(pipelineItem, this, operationResult);
            try {
                try {
                    itemProcessor.process(value, pipelineItem, createActionResult);
                    this.operationsHelper.recordEnd(executionContext, recordStart, null, createActionResult);
                    createActionResult.close();
                } catch (Throwable th) {
                    createActionResult.recordFatalError(th);
                    this.operationsHelper.recordEnd(executionContext, recordStart, th, createActionResult);
                    consoleFailureMessageWriter.write(value, logOrRethrowActionException(th, value, executionContext));
                    createActionResult.close();
                }
                this.operationsHelper.trimAndCloneResult(createActionResult, pipelineItem.getResult());
            } catch (Throwable th2) {
                createActionResult.close();
                throw th2;
            }
        }
    }

    private ObjectType asObjectType(PrismValue prismValue) {
        return (ObjectType) ((PrismObjectValue) prismValue).asObjectable();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getDescription(PrismValue prismValue) {
        return prismValue instanceof PrismObjectValue ? asObjectType(prismValue).asPrismObject().toString() : prismValue.toHumanReadableString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public VariablesMap createVariables(VariablesMap variablesMap) {
        VariablesMap variablesMap2 = new VariablesMap();
        variablesMap2.put(ExpressionConstants.VAR_PRISM_CONTEXT, this.prismContext, PrismContext.class);
        ExpressionUtil.addActorVariableIfNeeded(variablesMap2, this.securityContextManager);
        variablesMap.forEach((str, typedValue) -> {
            variablesMap2.put(str, VariablesUtil.cloneIfNecessary(str, typedValue));
        });
        variablesMap2.registerAliasesFrom(variablesMap);
        return variablesMap2;
    }

    @Override // com.evolveum.midpoint.model.impl.scripting.ActionExecutor
    public void checkExecutionAllowed(ExecutionContext executionContext, OperationResult operationResult) throws SecurityViolationException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, ObjectNotFoundException {
        ExpressionProfile expressionProfile = executionContext.getExpressionProfile();
        BulkActionsProfile scriptingProfile = expressionProfile.getScriptingProfile();
        BulkAction actionType = getActionType();
        String name = actionType.getName();
        String beanLocalName = actionType.getBeanLocalName();
        AccessDecision decideActionAccess = scriptingProfile.decideActionAccess(name, beanLocalName);
        String formatted = (beanLocalName == null || name.equals(beanLocalName)) ? "'%s'".formatted(name) : "'%s' ('%s')".formatted(name, beanLocalName);
        if (decideActionAccess == AccessDecision.ALLOW) {
            this.bulkActionsExecutor.authorizeBulkActionExecution(actionType, executionContext.getExecutionPhase(), executionContext.getTask(), operationResult);
            return;
        }
        Object[] objArr = new Object[4];
        objArr[0] = formatted;
        objArr[1] = decideActionAccess == AccessDecision.DENY ? "denied" : "not allowed";
        objArr[2] = expressionProfile.getIdentifier();
        objArr[3] = scriptingProfile.getIdentifier();
        throw new SecurityViolationException("Access to action %s %s (applied expression profile '%s', actions profile '%s')".formatted(objArr));
    }
}
