package com.evolveum.midpoint.provisioning.impl.shadows;

import com.evolveum.midpoint.prism.PrismContainer;
import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.provisioning.api.GenericConnectorException;
import com.evolveum.midpoint.provisioning.impl.CommonBeans;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.provisioning.impl.resourceobjects.ResourceObjectConverter;
import com.evolveum.midpoint.provisioning.util.ProvisioningUtil;
import com.evolveum.midpoint.schema.processor.ResourceAssociationDefinition;
import com.evolveum.midpoint.schema.processor.ResourceAttribute;
import com.evolveum.midpoint.schema.processor.ResourceAttributeContainer;
import com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition;
import com.evolveum.midpoint.schema.processor.ResourceObjectDefinition;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MetadataType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAssociationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.Contract;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.8.7-SNAPSHOT.jar:com/evolveum/midpoint/provisioning/impl/shadows/ShadowedObjectConstruction.class */
public class ShadowedObjectConstruction {
    private static final Trace LOGGER;

    @NotNull
    private final ShadowType repoShadow;

    @NotNull
    private final ShadowType resourceObject;
    private final ResourceAttributeContainer resourceObjectAttributes;
    private final PrismContainer<ShadowAssociationType> resourceObjectAssociations;

    @NotNull
    private final ProvisioningContext ctx;

    @NotNull
    private final ShadowType resultingShadowedObject;

    @NotNull
    private final CommonBeans beans;

    @NotNull
    private final ShadowsLocalBeans localBeans;
    static final /* synthetic */ boolean $assertionsDisabled;

    private ShadowedObjectConstruction(@NotNull ProvisioningContext provisioningContext, @NotNull ShadowType shadowType, @NotNull ShadowType shadowType2, @NotNull CommonBeans commonBeans) {
        this.ctx = provisioningContext;
        this.resourceObject = shadowType2;
        this.resourceObjectAttributes = ShadowUtil.getAttributesContainer(shadowType2);
        this.resourceObjectAssociations = shadowType2.asPrismObject().findContainer(ShadowType.F_ASSOCIATION);
        this.repoShadow = shadowType;
        this.resultingShadowedObject = shadowType.clone();
        this.beans = commonBeans;
        this.localBeans = commonBeans.shadowsFacade.getLocalBeans();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ShadowedObjectConstruction create(ProvisioningContext provisioningContext, ShadowType shadowType, ShadowType shadowType2, CommonBeans commonBeans) {
        return new ShadowedObjectConstruction(provisioningContext, shadowType, shadowType2, commonBeans);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public ShadowType construct(OperationResult operationResult) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, SecurityViolationException, GenericConnectorException, ExpressionEvaluationException, EncryptionException {
        applyDefinition();
        setName();
        copyObjectClassIfMissing();
        copyAuxiliaryObjectClasses();
        copyAttributes(operationResult);
        copyIgnored();
        mergeCredentials();
        setEffectiveProvisioningPolicy(operationResult);
        mergeActivation();
        copyAndAdoptAssociations(operationResult);
        copyCachingMetadata();
        checkConsistence();
        return this.resultingShadowedObject;
    }

    private void checkConsistence() {
        PolyStringType name = this.resultingShadowedObject.getName();
        if (!$assertionsDisabled && name == null) {
            throw new AssertionError("No name generated in " + this.resultingShadowedObject);
        }
        if (!$assertionsDisabled && StringUtils.isEmpty(name.getOrig())) {
            throw new AssertionError("No name (orig) in " + this.resultingShadowedObject);
        }
        if (!$assertionsDisabled && StringUtils.isEmpty(name.getNorm())) {
            throw new AssertionError("No name (norm) in " + this.resultingShadowedObject);
        }
    }

    private void copyCachingMetadata() {
        this.resultingShadowedObject.setCachingMetadata(this.resourceObject.getCachingMetadata());
    }

    private void copyAndAdoptAssociations(OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException, SecurityViolationException, EncryptionException {
        if (this.resourceObjectAssociations == null) {
            return;
        }
        LOGGER.trace("Start adopting associations: {} value(s)", Integer.valueOf(this.resourceObjectAssociations.size()));
        PrismContainer<ShadowAssociationType> mo1376clone = this.resourceObjectAssociations.mo1376clone();
        this.resultingShadowedObject.asPrismObject().addReplaceExisting(mo1376clone);
        Iterator<PrismContainerValue<ShadowAssociationType>> it = mo1376clone.getValues().iterator();
        while (it.hasNext()) {
            if (!adoptAssociationValue(it.next(), operationResult)) {
                it.remove();
            }
        }
    }

    private void setEffectiveProvisioningPolicy(OperationResult operationResult) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException, SecurityViolationException {
        ProvisioningUtil.setEffectiveProvisioningPolicy(this.ctx, this.resultingShadowedObject, this.beans.expressionFactory, operationResult);
    }

    private void mergeActivation() {
        this.resultingShadowedObject.setActivation(this.resourceObject.getActivation());
        transplantActivationMetadata();
    }

    private void transplantActivationMetadata() {
        ActivationType activation = this.repoShadow.getActivation();
        if (activation == null) {
            return;
        }
        ActivationType activation2 = this.resultingShadowedObject.getActivation();
        if (activation2 == null) {
            activation2 = new ActivationType();
            this.resultingShadowedObject.setActivation(activation2);
        }
        activation2.setId(activation.getId());
        activation2.setDisableReason(activation.getDisableReason());
        activation2.setEnableTimestamp(activation.getEnableTimestamp());
        activation2.setDisableTimestamp(activation.getDisableTimestamp());
        activation2.setArchiveTimestamp(activation.getArchiveTimestamp());
        activation2.setValidityChangeTimestamp(activation.getValidityChangeTimestamp());
    }

    private void copyIgnored() {
        this.resultingShadowedObject.setIgnored(this.resourceObject.isIgnored());
    }

    private void mergeCredentials() {
        this.resultingShadowedObject.setCredentials(this.resourceObject.getCredentials());
        transplantRepoPasswordMetadataIfMissing();
    }

    private void transplantRepoPasswordMetadataIfMissing() {
        MetadataType repoPasswordMetadata = getRepoPasswordMetadata();
        if (repoPasswordMetadata == null) {
            return;
        }
        PasswordType orCreateShadowPassword = ShadowUtil.getOrCreateShadowPassword(this.resultingShadowedObject);
        if (orCreateShadowPassword.getMetadata() == null) {
            orCreateShadowPassword.setMetadata(repoPasswordMetadata.mo1362clone());
        }
    }

    @Nullable
    private MetadataType getRepoPasswordMetadata() {
        PasswordType password;
        CredentialsType credentials = this.repoShadow.getCredentials();
        if (credentials == null || (password = credentials.getPassword()) == null) {
            return null;
        }
        return password.getMetadata();
    }

    private void copyObjectClassIfMissing() {
        if (this.resultingShadowedObject.getObjectClass() == null) {
            this.resultingShadowedObject.setObjectClass(this.resourceObjectAttributes.getDefinition().getTypeName());
        }
    }

    private void copyAuxiliaryObjectClasses() {
        List<QName> auxiliaryObjectClass = this.resultingShadowedObject.getAuxiliaryObjectClass();
        auxiliaryObjectClass.clear();
        auxiliaryObjectClass.addAll(this.resourceObject.getAuxiliaryObjectClass());
    }

    private void setName() throws SchemaException {
        PolyString determineShadowName = ShadowUtil.determineShadowName(this.resourceObject);
        if (determineShadowName == null) {
            throw new SchemaException("Name could not be determined for " + this.resourceObject);
        }
        this.resultingShadowedObject.setName(PolyString.toPolyStringType(determineShadowName));
    }

    private void applyDefinition() throws SchemaException {
        this.resultingShadowedObject.asPrismObject().applyDefinition(this.ctx.getObjectDefinitionRequired().getPrismObjectDefinition(), true);
    }

    private void copyAttributes(OperationResult operationResult) throws SchemaException, ConfigurationException {
        this.resultingShadowedObject.asPrismObject().removeContainer(ShadowType.F_ATTRIBUTES);
        ResourceAttributeContainer mo1376clone = this.resourceObjectAttributes.mo1376clone();
        this.localBeans.accessChecker.filterGetAttributes(mo1376clone, computeCompositeObjectClassDefinition(), operationResult);
        this.resultingShadowedObject.asPrismObject().add(mo1376clone);
    }

    private ResourceObjectDefinition computeCompositeObjectClassDefinition() throws SchemaException, ConfigurationException {
        return this.ctx.computeCompositeObjectDefinition(this.resourceObject.getAuxiliaryObjectClass());
    }

    private boolean adoptAssociationValue(PrismContainerValue<ShadowAssociationType> prismContainerValue, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException, SecurityViolationException, EncryptionException {
        LOGGER.trace("Determining shadowRef for {}", prismContainerValue);
        ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(prismContainerValue, ShadowAssociationType.F_IDENTIFIERS);
        ShadowAssociationType asContainerable = prismContainerValue.asContainerable();
        QName name = asContainerable.getName();
        ResourceAssociationDefinition findAssociationDefinition = this.ctx.getObjectDefinitionRequired().findAssociationDefinition(name);
        if (findAssociationDefinition == null) {
            LOGGER.trace("Entitlement association with name {} does not exist in {}", name, this.ctx);
            return false;
        }
        ShadowKindType kind = findAssociationDefinition.getKind();
        for (String str : findAssociationDefinition.getIntents()) {
            LOGGER.trace("Processing kind={}, intent={} (from the definition)", kind, str);
            ProvisioningContext spawnForKindIntent = this.ctx.spawnForKindIntent(kind, str);
            ShadowType acquireEntitlementRepoShadow = acquireEntitlementRepoShadow(prismContainerValue, attributesContainer, spawnForKindIntent, operationResult);
            if (acquireEntitlementRepoShadow != null) {
                if (!doesAssociationMatch(findAssociationDefinition, acquireEntitlementRepoShadow)) {
                    LOGGER.trace("Association value does not match. Repo shadow is: {}", acquireEntitlementRepoShadow);
                    return false;
                }
                LOGGER.trace("Association value matches. Repo shadow is: {}", acquireEntitlementRepoShadow);
                asContainerable.setShadowRef(ObjectTypeUtil.createObjectRef(acquireEntitlementRepoShadow, this.beans.prismContext));
                if (ShadowUtil.isClassified(acquireEntitlementRepoShadow)) {
                    addMissingIdentifiers(attributesContainer, spawnForKindIntent, acquireEntitlementRepoShadow);
                }
            }
        }
        return true;
    }

    private void addMissingIdentifiers(ResourceAttributeContainer resourceAttributeContainer, ProvisioningContext provisioningContext, ShadowType shadowType) throws SchemaException {
        PrismProperty<?> findProperty;
        Iterator<? extends ResourceAttributeDefinition<?>> it = provisioningContext.getObjectDefinitionRequired().getAllIdentifiers().iterator();
        while (it.hasNext()) {
            ItemName itemName = it.next().getItemName();
            if (!resourceAttributeContainer.containsAttribute(itemName) && (findProperty = shadowType.asPrismObject().findProperty(ShadowType.F_ATTRIBUTES.append(itemName))) != null) {
                resourceAttributeContainer.addAdoptedIfNeeded(findProperty);
            }
        }
    }

    @Nullable
    private ShadowType acquireEntitlementRepoShadow(PrismContainerValue<ShadowAssociationType> prismContainerValue, ResourceAttributeContainer resourceAttributeContainer, ProvisioningContext provisioningContext, OperationResult operationResult) throws ConfigurationException, CommunicationException, ExpressionEvaluationException, SecurityViolationException, EncryptionException, SchemaException, ObjectNotFoundException {
        Collection<ResourceAttribute<?>> entitlementIdentifiers = getEntitlementIdentifiers(prismContainerValue, resourceAttributeContainer);
        PrismObject prismObject = (PrismObject) resourceAttributeContainer.getUserData(ResourceObjectConverter.FULL_SHADOW_KEY);
        if (prismObject != null) {
            return this.localBeans.shadowAcquisitionHelper.acquireRepoShadow(provisioningContext, (ShadowType) prismObject.asObjectable(), false, operationResult);
        }
        try {
            ShadowType lookupLiveShadowByAllIds = this.localBeans.shadowFinder.lookupLiveShadowByAllIds(provisioningContext, resourceAttributeContainer, operationResult);
            return lookupLiveShadowByAllIds != null ? lookupLiveShadowByAllIds : this.localBeans.shadowAcquisitionHelper.acquireRepoShadow(provisioningContext, (ShadowType) ObjectTypeUtil.asObjectable(this.beans.resourceObjectConverter.locateResourceObject(provisioningContext, entitlementIdentifiers, operationResult)), false, operationResult);
        } catch (ObjectNotFoundException e) {
            operationResult.muteLastSubresultError();
            LOGGER.warn("The entitlement identified by {} referenced from {} does not exist. Skipping.", prismContainerValue, this.resourceObject);
            return null;
        } catch (SchemaException e2) {
            operationResult.muteLastSubresultError();
            LOGGER.warn("The entitlement identified by {} referenced from {} violates the schema. Skipping. Original error: {}", prismContainerValue, this.resourceObject, e2.getMessage(), e2);
            return null;
        }
    }

    @Contract("_, null -> fail")
    @NotNull
    private Collection<ResourceAttribute<?>> getEntitlementIdentifiers(PrismContainerValue<ShadowAssociationType> prismContainerValue, ResourceAttributeContainer resourceAttributeContainer) {
        Collection<ResourceAttribute<?>> attributes = resourceAttributeContainer != null ? resourceAttributeContainer.getAttributes() : null;
        if (attributes == null || attributes.isEmpty()) {
            throw new IllegalStateException("No entitlement identifiers present for association " + prismContainerValue + " " + this.ctx.getDesc());
        }
        return attributes;
    }

    private boolean doesAssociationMatch(ResourceAssociationDefinition resourceAssociationDefinition, @NotNull ShadowType shadowType) {
        ShadowKindType kind = ShadowUtil.getKind(shadowType);
        String intent = ShadowUtil.getIntent(shadowType);
        if (ShadowUtil.isNotKnown(kind) || ShadowUtil.isNotKnown(intent)) {
            return true;
        }
        return resourceAssociationDefinition.getKind() == kind && resourceAssociationDefinition.getIntents().contains(intent);
    }

    static {
        $assertionsDisabled = !ShadowedObjectConstruction.class.desiredAssertionStatus();
        LOGGER = TraceManager.getTrace((Class<?>) ShadowedObjectConstruction.class);
    }
}
