package com.evolveum.midpoint.repo.common;

import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.processor.ResourceObjectPattern;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MarkType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectOperationPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationPolicyConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationPolicyViolationSeverityType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyStatementType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyStatementTypeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SynchronizeOperationPolicyConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemObjectsType;
import com.google.common.base.Objects;
import jakarta.annotation.PostConstruct;
import jakarta.annotation.PreDestroy;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/repo-common-4.8.9-SNAPSHOT.jar:com/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper.class */
public class ObjectOperationPolicyHelper {
    private static final String OP_COMPUTE_EFFECTIVE_POLICY = ObjectOperationPolicyHelper.class.getName() + ".computeEffectivePolicy";
    private static final String MARK_PROTECTED_SHADOW_OID = SystemObjectsType.MARK_PROTECTED.value();
    private static ObjectOperationPolicyHelper instance = null;

    @Autowired
    @Qualifier("cacheRepositoryService")
    private RepositoryService cacheRepositoryService;

    @Autowired
    private PrismContext prismContext;
    private Impl behaviour;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/repo-common-4.8.9-SNAPSHOT.jar:com/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$Impl.class */
    public abstract class Impl {
        private Impl() {
        }

        protected abstract Collection<ObjectReferenceType> getEffectiveMarkRefs(ObjectType objectType, OperationResult operationResult);

        protected abstract boolean isProtectedByResourcePolicy(ShadowType shadowType, Collection<ObjectReferenceType> collection);

        protected abstract boolean policyNotExcluded(ObjectType objectType, String str);

        @NotNull
        protected abstract ObjectOperationPolicyType computeEffectivePolicy(Collection<ObjectReferenceType> collection, ObjectType objectType, OperationResult operationResult);

        protected abstract void setEffectiveMarks(ShadowType shadowType, Collection<ObjectReferenceType> collection);

        protected ItemDelta<?, ?> computeEffectiveMarkDelta(ObjectType objectType, ItemDelta<?, ?> itemDelta) throws SchemaException {
            return null;
        }

        public ItemDelta<?, ?> computeEffectiveMarkDelta(@NotNull ShadowType shadowType, List<ObjectReferenceType> list) throws SchemaException {
            return null;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/repo-common-4.8.9-SNAPSHOT.jar:com/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$Legacy.class */
    private class Legacy extends Impl {
        private Legacy() {
            super();
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        protected Collection<ObjectReferenceType> getEffectiveMarkRefs(ObjectType objectType, OperationResult operationResult) {
            return new ArrayList();
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        protected boolean isProtectedByResourcePolicy(ShadowType shadowType, Collection<ObjectReferenceType> collection) {
            return false;
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        protected boolean policyNotExcluded(ObjectType objectType, String str) {
            return true;
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        @NotNull
        protected ObjectOperationPolicyType computeEffectivePolicy(Collection<ObjectReferenceType> collection, ObjectType objectType, OperationResult operationResult) {
            return ObjectOperationPolicyHelper.containsOid(collection, ObjectOperationPolicyHelper.MARK_PROTECTED_SHADOW_OID) ? new ObjectOperationPolicyType().synchronize(new SynchronizeOperationPolicyConfigurationType().inbound(op(false, OperationPolicyViolationSeverityType.INFO)).outbound(op(false, OperationPolicyViolationSeverityType.INFO))).add(op(false, OperationPolicyViolationSeverityType.ERROR)).modify(op(false, OperationPolicyViolationSeverityType.ERROR)).delete(op(false, OperationPolicyViolationSeverityType.ERROR)) : new ObjectOperationPolicyType().synchronize(new SynchronizeOperationPolicyConfigurationType().inbound(op(true, null)).outbound(op(true, null))).add(op(true, null)).modify(op(true, null)).delete(op(true, null));
        }

        private OperationPolicyConfigurationType op(boolean z, OperationPolicyViolationSeverityType operationPolicyViolationSeverityType) {
            OperationPolicyConfigurationType operationPolicyConfigurationType = new OperationPolicyConfigurationType();
            operationPolicyConfigurationType.setEnabled(Boolean.valueOf(z));
            if (!z) {
                operationPolicyConfigurationType.setSeverity(operationPolicyViolationSeverityType);
            }
            return operationPolicyConfigurationType;
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        protected void setEffectiveMarks(ShadowType shadowType, Collection<ObjectReferenceType> collection) {
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/repo-common-4.8.9-SNAPSHOT.jar:com/evolveum/midpoint/repo/common/ObjectOperationPolicyHelper$MarkSupport.class */
    private class MarkSupport extends Impl {
        private MarkSupport() {
            super();
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        protected void setEffectiveMarks(ShadowType shadowType, Collection<ObjectReferenceType> collection) {
            shadowType.getEffectiveMarkRef().clear();
            shadowType.getEffectiveMarkRef().addAll(collection);
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        protected Collection<ObjectReferenceType> getEffectiveMarkRefs(ObjectType objectType, OperationResult operationResult) {
            return computeEffectiveMarkRefs(objectType.getEffectiveMarkRef(), objectType);
        }

        private Collection<ObjectReferenceType> computeEffectiveMarkRefs(List<ObjectReferenceType> list, ObjectType objectType) {
            ArrayList arrayList = new ArrayList();
            for (ObjectReferenceType objectReferenceType : list) {
                if (objectReferenceType.getOid() != null && policyNotExcluded(objectType, objectReferenceType.getOid())) {
                    arrayList.add(objectReferenceType);
                }
            }
            for (PolicyStatementType policyStatementType : objectType.getPolicyStatement()) {
                if (PolicyStatementTypeType.APPLY.equals(policyStatementType.getType()) && policyStatementType.getMarkRef() != null && policyStatementType.getMarkRef().getOid() != null) {
                    arrayList.add(policyStatementType.getMarkRef().m1349clone());
                }
            }
            return arrayList;
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        protected boolean isProtectedByResourcePolicy(ShadowType shadowType, Collection<ObjectReferenceType> collection) {
            if (containsPolicyStatement(shadowType, ObjectOperationPolicyHelper.MARK_PROTECTED_SHADOW_OID, PolicyStatementTypeType.APPLY)) {
                return false;
            }
            return ObjectOperationPolicyHelper.containsOid(collection, ObjectOperationPolicyHelper.MARK_PROTECTED_SHADOW_OID);
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        protected boolean policyNotExcluded(ObjectType objectType, String str) {
            return !containsPolicyStatement(objectType, str, PolicyStatementTypeType.EXCLUDE);
        }

        protected boolean containsPolicyStatement(@NotNull ObjectType objectType, @NotNull String str, @NotNull PolicyStatementTypeType policyStatementTypeType) {
            ObjectReferenceType markRef;
            for (PolicyStatementType policyStatementType : objectType.getPolicyStatement()) {
                if (policyStatementTypeType.equals(policyStatementType.getType()) && (markRef = policyStatementType.getMarkRef()) != null && str.equals(markRef.getOid())) {
                    return true;
                }
            }
            return false;
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        @NotNull
        protected ObjectOperationPolicyType computeEffectivePolicy(Collection<ObjectReferenceType> collection, ObjectType objectType, OperationResult operationResult) {
            ObjectOperationPolicyType objectOperationPolicyType = new ObjectOperationPolicyType();
            Collection<MarkType> shadowMarks = ObjectOperationPolicyHelper.this.getShadowMarks(collection, operationResult);
            objectOperationPolicyType.setSynchronize(new SynchronizeOperationPolicyConfigurationType().inbound(ObjectOperationPolicyHelper.firstNonDefaultValue(shadowMarks, objectOperationPolicyType2 -> {
                if (objectOperationPolicyType2.getSynchronize() != null) {
                    return objectOperationPolicyType2.getSynchronize().getInbound();
                }
                return null;
            }, true)).outbound(ObjectOperationPolicyHelper.firstNonDefaultValue(shadowMarks, objectOperationPolicyType3 -> {
                if (objectOperationPolicyType3.getSynchronize() != null) {
                    return objectOperationPolicyType3.getSynchronize().getOutbound();
                }
                return null;
            }, true)));
            objectOperationPolicyType.setAdd(ObjectOperationPolicyHelper.firstNonDefaultValue(shadowMarks, (v0) -> {
                return v0.getAdd();
            }, true));
            objectOperationPolicyType.setModify(ObjectOperationPolicyHelper.firstNonDefaultValue(shadowMarks, (v0) -> {
                return v0.getModify();
            }, true));
            objectOperationPolicyType.setDelete(ObjectOperationPolicyHelper.firstNonDefaultValue(shadowMarks, (v0) -> {
                return v0.getDelete();
            }, true));
            return objectOperationPolicyType;
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        protected ItemDelta<?, ?> computeEffectiveMarkDelta(ObjectType objectType, ItemDelta<?, ?> itemDelta) throws SchemaException {
            ObjectReferenceType findEffectiveImpliedByStatement;
            PrismObject<? extends ObjectType> asPrismObject = objectType.clone().asPrismObject();
            ArrayList<ObjectReferenceType> arrayList = new ArrayList<>(objectType.getEffectiveMarkRef());
            ArrayList arrayList2 = new ArrayList();
            ArrayList arrayList3 = new ArrayList();
            Collection<?> realValuesToDelete = itemDelta.getRealValuesToDelete();
            if (realValuesToDelete != null) {
                Iterator<?> it = realValuesToDelete.iterator();
                while (it.hasNext()) {
                    PolicyStatementType policyStatementType = (PolicyStatementType) it.next();
                    if (PolicyStatementTypeType.APPLY.equals(policyStatementType.getType()) && (findEffectiveImpliedByStatement = findEffectiveImpliedByStatement(arrayList, policyStatementType.getMarkRef().getOid())) != null) {
                        arrayList2.add(findEffectiveImpliedByStatement.m1349clone());
                    }
                }
            }
            itemDelta.applyTo(asPrismObject);
            for (ObjectReferenceType objectReferenceType : computeEffectiveMarkRefs(arrayList, asPrismObject.asObjectable())) {
                if (!containsRef(objectType.getEffectiveMarkRef(), objectReferenceType)) {
                    arrayList3.add(objectReferenceType.m1349clone());
                }
            }
            if (arrayList2.isEmpty() && arrayList3.isEmpty()) {
                return null;
            }
            return PrismContext.get().deltaFor(ObjectType.class).item(ObjectType.F_EFFECTIVE_MARK_REF).deleteRealValues(arrayList2).addRealValues(arrayList3).asItemDelta();
        }

        @Override // com.evolveum.midpoint.repo.common.ObjectOperationPolicyHelper.Impl
        public ItemDelta<?, ?> computeEffectiveMarkDelta(@NotNull ShadowType shadowType, List<ObjectReferenceType> list) throws SchemaException {
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            for (ObjectReferenceType objectReferenceType : list) {
                if (policyNotExcluded(shadowType, objectReferenceType.getOid()) && !containsRef(shadowType.getEffectiveMarkRef(), objectReferenceType)) {
                    arrayList2.add(objectReferenceType.m1349clone());
                }
            }
            if (!ObjectOperationPolicyHelper.containsOid(list, ObjectOperationPolicyHelper.MARK_PROTECTED_SHADOW_OID) && isProtectedByResourcePolicy(shadowType, shadowType.getEffectiveMarkRef())) {
                arrayList.add(new ObjectReferenceType().oid(ObjectOperationPolicyHelper.MARK_PROTECTED_SHADOW_OID).type(MarkType.COMPLEX_TYPE));
            }
            if (arrayList.isEmpty() && arrayList2.isEmpty()) {
                return null;
            }
            return PrismContext.get().deltaFor(ObjectType.class).item(ObjectType.F_EFFECTIVE_MARK_REF).deleteRealValues(arrayList).addRealValues(arrayList2).asItemDelta();
        }

        private ObjectReferenceType findEffectiveImpliedByStatement(ArrayList<ObjectReferenceType> arrayList, String str) {
            Iterator<ObjectReferenceType> it = arrayList.iterator();
            while (it.hasNext()) {
                ObjectReferenceType next = it.next();
                if (str.equals(next.getOid()) && isImpliedByStatement(next)) {
                    return next;
                }
            }
            return null;
        }

        private boolean isImpliedByStatement(ObjectReferenceType objectReferenceType) {
            return true;
        }

        private boolean containsRef(List<ObjectReferenceType> list, ObjectReferenceType objectReferenceType) {
            return ObjectOperationPolicyHelper.containsOid(list, objectReferenceType.getOid());
        }
    }

    @PostConstruct
    public void init() {
        this.behaviour = this.cacheRepositoryService.supportsMarks() ? new MarkSupport() : new Legacy();
        instance = this;
    }

    @PreDestroy
    public void destroy() {
        instance = null;
    }

    public Collection<MarkType> getShadowMarks(Collection<ObjectReferenceType> collection, @NotNull OperationResult operationResult) {
        if (!this.cacheRepositoryService.supportsMarks() || collection.isEmpty()) {
            return List.of();
        }
        try {
            return ObjectTypeUtil.asObjectables(this.cacheRepositoryService.searchObjects(MarkType.class, this.prismContext.queryFor(MarkType.class).item(MarkType.F_ASSIGNMENT, AssignmentType.F_TARGET_REF).ref(SystemObjectsType.ARCHETYPE_OBJECT_MARK.value()).and().id((String[]) ((List) collection.stream().map(objectReferenceType -> {
                return objectReferenceType.getOid();
            }).collect(Collectors.toList())).toArray(new String[0])).build(), null, operationResult));
        } catch (SchemaException e) {
            throw new SystemException(e);
        }
    }

    public static ObjectOperationPolicyHelper get() {
        return instance;
    }

    @NotNull
    public ObjectOperationPolicyType getEffectivePolicy(ObjectType objectType, OperationResult operationResult) {
        ObjectOperationPolicyType effectiveOperationPolicy = objectType.getEffectiveOperationPolicy();
        return effectiveOperationPolicy != null ? effectiveOperationPolicy : computeEffectivePolicy(objectType, operationResult);
    }

    @NotNull
    public ObjectOperationPolicyType computeEffectivePolicy(ObjectType objectType, OperationResult operationResult) {
        OperationResult createMinorSubresult = operationResult.createMinorSubresult(OP_COMPUTE_EFFECTIVE_POLICY);
        try {
            try {
                ObjectOperationPolicyType computeEffectivePolicy = this.behaviour.computeEffectivePolicy(this.behaviour.getEffectiveMarkRefs(objectType, createMinorSubresult), objectType, createMinorSubresult);
                createMinorSubresult.close();
                return computeEffectivePolicy;
            } catch (Throwable th) {
                createMinorSubresult.recordException(th);
                throw th;
            }
        } catch (Throwable th2) {
            createMinorSubresult.close();
            throw th2;
        }
    }

    public void updateEffectiveMarksAndPolicies(Collection<ResourceObjectPattern> collection, ShadowType shadowType, OperationResult operationResult) throws SchemaException {
        Collection<ObjectReferenceType> effectiveMarkRefs = this.behaviour.getEffectiveMarkRefs(shadowType, operationResult);
        if (this.behaviour.isProtectedByResourcePolicy(shadowType, effectiveMarkRefs)) {
            removeRefByOid(effectiveMarkRefs, MARK_PROTECTED_SHADOW_OID);
        }
        if (needsToEvaluateResourcePolicy(shadowType, effectiveMarkRefs) && ResourceObjectPattern.matches(shadowType, collection)) {
            effectiveMarkRefs.add(resourceProtectedShadowMark());
        }
        updateShadowObject(shadowType, effectiveMarkRefs, this.behaviour.computeEffectivePolicy(effectiveMarkRefs, shadowType, operationResult));
    }

    private ObjectReferenceType resourceProtectedShadowMark() {
        ObjectReferenceType objectReferenceType = new ObjectReferenceType();
        objectReferenceType.setOid(MARK_PROTECTED_SHADOW_OID);
        objectReferenceType.setType(MarkType.COMPLEX_TYPE);
        return objectReferenceType;
    }

    private static void removeRefByOid(Collection<ObjectReferenceType> collection, String str) {
        Iterator<ObjectReferenceType> it = collection.iterator();
        while (it.hasNext()) {
            if (str.equals(it.next().getOid())) {
                it.remove();
            }
        }
    }

    private boolean needsToEvaluateResourcePolicy(ShadowType shadowType, Collection<ObjectReferenceType> collection) {
        if (containsOid(collection, MARK_PROTECTED_SHADOW_OID)) {
            return false;
        }
        return this.behaviour.policyNotExcluded(shadowType, MARK_PROTECTED_SHADOW_OID);
    }

    private static boolean containsOid(Collection<ObjectReferenceType> collection, @NotNull String str) {
        Iterator<ObjectReferenceType> it = collection.iterator();
        while (it.hasNext()) {
            if (str.equals(it.next().getOid())) {
                return true;
            }
        }
        return false;
    }

    private void updateShadowObject(ShadowType shadowType, Collection<ObjectReferenceType> collection, ObjectOperationPolicyType objectOperationPolicyType) {
        this.behaviour.setEffectiveMarks(shadowType, collection);
        shadowType.setEffectiveOperationPolicy(objectOperationPolicyType);
        if (objectOperationPolicyType.getAdd().isEnabled().booleanValue() || objectOperationPolicyType.getModify().isEnabled().booleanValue() || objectOperationPolicyType.getDelete().isEnabled().booleanValue() || objectOperationPolicyType.getSynchronize().getInbound().isEnabled().booleanValue() || objectOperationPolicyType.getSynchronize().getOutbound().isEnabled().booleanValue()) {
            return;
        }
        shadowType.setProtectedObject(true);
    }

    public static OperationPolicyConfigurationType firstNonDefaultValue(Collection<MarkType> collection, Function<ObjectOperationPolicyType, OperationPolicyConfigurationType> function, boolean z) {
        OperationPolicyConfigurationType apply;
        Boolean isEnabled;
        for (MarkType markType : collection) {
            if (markType.getObjectOperationPolicy() != null && (apply = function.apply(markType.getObjectOperationPolicy())) != null && (isEnabled = apply.isEnabled()) != null && !Objects.equal(Boolean.valueOf(z), isEnabled)) {
                return apply.mo1364clone();
            }
        }
        return new OperationPolicyConfigurationType().enabled(Boolean.valueOf(z));
    }

    public ItemDelta<?, ?> computeEffectiveMarkDelta(ObjectType objectType, ItemDelta<?, ?> itemDelta) throws SchemaException {
        return this.behaviour.computeEffectiveMarkDelta(objectType, itemDelta);
    }

    public ItemDelta<?, ?> computeEffectiveMarkDelta(@NotNull ShadowType shadowType, List<ObjectReferenceType> list) throws SchemaException {
        return this.behaviour.computeEffectiveMarkDelta(shadowType, list);
    }
}
