package com.evolveum.midpoint.security.enforcer.impl;

import com.evolveum.midpoint.schema.RelationRegistry;
import com.evolveum.midpoint.schema.SchemaService;
import com.evolveum.midpoint.schema.selector.eval.OwnerResolver;
import com.evolveum.midpoint.schema.selector.eval.SubjectedEvaluationContext;
import com.evolveum.midpoint.schema.traces.details.AbstractTraceEvent;
import com.evolveum.midpoint.schema.traces.details.ProcessingTracer;
import com.evolveum.midpoint.security.api.Authorization;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.OtherPrivilegesLimitations;
import com.evolveum.midpoint.security.enforcer.api.SecurityEnforcer;
import com.evolveum.midpoint.security.enforcer.api.SecurityEnforcerUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import java.util.Collection;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import org.apache.commons.collections4.CollectionUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/security-enforcer-impl-4.8.9-SNAPSHOT.jar:com/evolveum/midpoint/security/enforcer/impl/EnforcerOperation.class */
public class EnforcerOperation {

    @Nullable
    private final MidPointPrincipal principal;

    @Nullable
    final String username;

    @Nullable
    final OwnerResolver ownerResolver;

    @NotNull
    final SecurityEnforcer.Options options;

    @NotNull
    final ProcessingTracer<AbstractTraceEvent> tracer;

    @NotNull
    final Beans b;

    @NotNull
    final Task task;

    /* JADX INFO: Access modifiers changed from: package-private */
    public EnforcerOperation(@Nullable MidPointPrincipal midPointPrincipal, @NotNull SecurityEnforcer.Options options, @NotNull Beans beans, @NotNull Task task) {
        this.principal = midPointPrincipal;
        this.username = midPointPrincipal != null ? midPointPrincipal.getUsername() : null;
        this.tracer = createTracer(options);
        OwnerResolver customOwnerResolver = options.customOwnerResolver();
        this.ownerResolver = customOwnerResolver != null ? customOwnerResolver : beans.securityContextManager.getUserProfileService();
        this.options = options;
        this.b = beans;
        this.task = task;
    }

    private ProcessingTracer<AbstractTraceEvent> createTracer(SecurityEnforcer.Options options) {
        return new LogBasedEnforcerAndSelectorTracer(options.logCollector());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<Authorization> getAuthorizations() {
        return SecurityEnforcerUtil.getAuthorizations(this.principal);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getPrincipalOid() {
        if (this.principal != null) {
            return this.principal.getOid();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public FocusType getPrincipalFocus() {
        if (this.principal != null) {
            return this.principal.getFocus();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<String> getAllSelfOids(@NotNull SubjectedEvaluationContext.DelegatorSelection delegatorSelection) {
        HashSet hashSet = new HashSet();
        CollectionUtils.addIgnoreNull(hashSet, getPrincipalOid());
        if (delegatorSelection != SubjectedEvaluationContext.DelegatorSelection.NO_DELEGATOR) {
            hashSet.addAll(getDelegators(getLimitationType(delegatorSelection)));
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<String> getAllSelfPlusRolesOids(@NotNull SubjectedEvaluationContext.DelegatorSelection delegatorSelection) {
        RelationRegistry relationRegistry = SchemaService.get().relationRegistry();
        HashSet hashSet = new HashSet();
        FocusType principalFocus = getPrincipalFocus();
        if (principalFocus != null) {
            principalFocus.getRoleMembershipRef().stream().filter(objectReferenceType -> {
                return relationRegistry.isMember(objectReferenceType.getRelation());
            }).forEach(objectReferenceType2 -> {
                hashSet.add((String) Objects.requireNonNull(objectReferenceType2.getOid()));
            });
        }
        if (delegatorSelection != SubjectedEvaluationContext.DelegatorSelection.NO_DELEGATOR) {
            hashSet.addAll(getDelegatedMembership(getLimitationType(delegatorSelection)));
        }
        return hashSet;
    }

    @NotNull
    private static OtherPrivilegesLimitations.Type getLimitationType(@NotNull SubjectedEvaluationContext.DelegatorSelection delegatorSelection) {
        switch (delegatorSelection) {
            case CASE_MANAGEMENT:
                return OtherPrivilegesLimitations.Type.CASES;
            case ACCESS_CERTIFICATION:
                return OtherPrivilegesLimitations.Type.ACCESS_CERTIFICATION;
            default:
                throw new AssertionError(delegatorSelection);
        }
    }

    private Set<String> getDelegators(@Nullable OtherPrivilegesLimitations.Type type) {
        return this.principal != null ? this.principal.getDelegatorsFor(type) : Set.of();
    }

    private Set<String> getDelegatedMembership(@Nullable OtherPrivilegesLimitations.Type type) {
        return this.principal != null ? this.principal.getDelegatedMembershipFor(type) : Set.of();
    }

    public boolean isFullInformationAvailable() {
        return true;
    }
}
