package com.evolveum.midpoint.provisioning.impl.shadows.manager;

import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.prism.delta.ContainerDelta;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.provisioning.impl.shadows.ShadowsNormalizationUtil;
import com.evolveum.midpoint.provisioning.util.ProvisioningUtil;
import com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.processor.ResourceObjectDefinition;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.QNameUtil;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CachingStrategyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import javax.xml.namespace.QName;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.8.7-SNAPSHOT.jar:com/evolveum/midpoint/provisioning/impl/shadows/manager/ShadowDeltaComputerRelative.class */
public class ShadowDeltaComputerRelative {
    private final ProvisioningContext ctx;
    private final Collection<? extends ItemDelta<?, ?>> allModifications;
    private final Protector protector;
    private ShadowType repoShadow;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ShadowDeltaComputerRelative(ProvisioningContext provisioningContext, ShadowType shadowType, Collection<? extends ItemDelta<?, ?>> collection, Protector protector) {
        this.ctx = provisioningContext;
        this.allModifications = collection;
        this.protector = protector;
        this.repoShadow = shadowType;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<ItemDelta<?, ?>> computeShadowModifications() throws SchemaException, ConfigurationException {
        ResourceObjectDefinition objectDefinitionRequired = this.ctx.getObjectDefinitionRequired();
        CachingStrategyType cachingStrategy = this.ctx.getCachingStrategy();
        ItemDelta<?, ?> itemDelta = null;
        ItemDelta<?, ?> itemDelta2 = null;
        ArrayList arrayList = new ArrayList();
        for (ItemDelta<?, ?> itemDelta3 : this.allModifications) {
            if (ShadowType.F_ATTRIBUTES.equivalent(itemDelta3.getParentPath())) {
                ItemName elementName = itemDelta3.getElementName();
                ItemDelta<?, ?> normalizeAttributeDelta = ShadowsNormalizationUtil.normalizeAttributeDelta(itemDelta3, objectDefinitionRequired);
                if (isNamingAttribute(elementName, objectDefinitionRequired)) {
                    itemDelta2 = PrismContext.get().deltaFor(ShadowType.class).item(ShadowType.F_NAME).replace(new PolyString(getNewStringValue(itemDelta3))).asItemDelta();
                }
                if (objectDefinitionRequired.isPrimaryIdentifier(elementName)) {
                    arrayList.add(PrismContext.get().deltaFor(ShadowType.class).item(ShadowType.F_PRIMARY_IDENTIFIER_VALUE).replace(getNewStringValue(normalizeAttributeDelta)).asItemDelta());
                }
                if (ProvisioningUtil.shouldStoreAttributeInShadow(objectDefinitionRequired, elementName, cachingStrategy)) {
                    arrayList.add(normalizeAttributeDelta);
                }
            } else if (ShadowType.F_ACTIVATION.equivalent(itemDelta3.getParentPath())) {
                if (ProvisioningUtil.shouldStoreActivationItemInShadow(itemDelta3.getElementName(), cachingStrategy)) {
                    arrayList.add(itemDelta3);
                }
            } else if (ShadowType.F_ACTIVATION.equivalent(itemDelta3.getPath())) {
                ContainerDelta containerDelta = (ContainerDelta) itemDelta3;
                Iterator it = MiscUtil.emptyIfNull(containerDelta.getValuesToAdd()).iterator();
                while (it.hasNext()) {
                    ProvisioningUtil.cleanupShadowActivation((ActivationType) ((PrismContainerValue) it.next()).asContainerable());
                }
                Iterator it2 = MiscUtil.emptyIfNull(containerDelta.getValuesToReplace()).iterator();
                while (it2.hasNext()) {
                    ProvisioningUtil.cleanupShadowActivation((ActivationType) ((PrismContainerValue) it2.next()).asContainerable());
                }
                arrayList.add(containerDelta);
            } else if (SchemaConstants.PATH_PASSWORD.equivalent(itemDelta3.getParentPath())) {
                addPasswordDelta(arrayList, itemDelta3, objectDefinitionRequired);
            } else if (ShadowType.F_NAME.equivalent(itemDelta3.getPath())) {
                itemDelta = itemDelta3;
            } else if (ShadowType.F_POLICY_STATEMENT.equivalent(itemDelta3.getPath())) {
                arrayList.add(itemDelta3);
                ItemDelta<?, ?> computeEffectiveMarkDelta = computeEffectiveMarkDelta(itemDelta3);
                if (computeEffectiveMarkDelta != null) {
                    arrayList.add(computeEffectiveMarkDelta);
                }
            } else {
                arrayList.add(itemDelta3);
            }
        }
        if (itemDelta != null) {
            arrayList.add(itemDelta);
        } else if (itemDelta2 != null) {
            arrayList.add(itemDelta2);
        }
        return arrayList;
    }

    private ItemDelta<?, ?> computeEffectiveMarkDelta(ItemDelta<?, ?> itemDelta) throws SchemaException {
        return ObjectOperationPolicyHelper.get().computeEffectiveMarkDelta(this.repoShadow, itemDelta);
    }

    private String getNewStringValue(ItemDelta<?, ?> itemDelta) {
        Collection<?> valuesToReplace = itemDelta.getValuesToReplace();
        if (valuesToReplace != null && !valuesToReplace.isEmpty()) {
            return ((PrismPropertyValue) valuesToReplace.iterator().next()).getValue().toString();
        }
        Collection<?> valuesToAdd = itemDelta.getValuesToAdd();
        if (valuesToAdd == null || valuesToAdd.isEmpty()) {
            return null;
        }
        return ((PrismPropertyValue) valuesToAdd.iterator().next()).getValue().toString();
    }

    private static boolean isNamingAttribute(QName qName, ResourceObjectDefinition resourceObjectDefinition) {
        QName namingAttributeName = resourceObjectDefinition.getNamingAttributeName();
        return namingAttributeName != null ? QNameUtil.match(namingAttributeName, qName) : resourceObjectDefinition.isSecondaryIdentifier(qName) || (resourceObjectDefinition.getAllIdentifiers().size() == 1 && resourceObjectDefinition.isPrimaryIdentifier(qName));
    }

    private void addPasswordDelta(Collection<ItemDelta<?, ?>> collection, ItemDelta<?, ?> itemDelta, ResourceObjectDefinition resourceObjectDefinition) throws SchemaException {
        CachingStrategyType passwordCachingStrategy;
        if (!itemDelta.getPath().equivalent(SchemaConstants.PATH_PASSWORD_VALUE) || (passwordCachingStrategy = ProvisioningUtil.getPasswordCachingStrategy(resourceObjectDefinition)) == null || passwordCachingStrategy == CachingStrategyType.NONE) {
            return;
        }
        PropertyDelta propertyDelta = (PropertyDelta) itemDelta;
        hashValues(propertyDelta.getValuesToAdd());
        hashValues(propertyDelta.getValuesToReplace());
        collection.add(itemDelta);
    }

    private void hashValues(Collection<PrismPropertyValue<ProtectedStringType>> collection) throws SchemaException {
        ProtectedStringType value;
        if (collection == null) {
            return;
        }
        Iterator<PrismPropertyValue<ProtectedStringType>> it = collection.iterator();
        while (it.hasNext() && (value = it.next().getValue()) != null && !value.isHashed()) {
            try {
                this.protector.hash(value);
            } catch (EncryptionException e) {
                throw new SchemaException("Cannot hash value", e);
            }
        }
    }
}
