package com.evolveum.midpoint.model.impl.controller;

import com.evolveum.midpoint.audit.api.AuditEventRecord;
import com.evolveum.midpoint.audit.api.AuditEventStage;
import com.evolveum.midpoint.audit.api.AuditEventType;
import com.evolveum.midpoint.model.api.ModelAuthorizationAction;
import com.evolveum.midpoint.model.api.ModelExecuteOptions;
import com.evolveum.midpoint.model.api.ModelService;
import com.evolveum.midpoint.model.common.expression.ModelExpressionEnvironment;
import com.evolveum.midpoint.model.impl.ModelBeans;
import com.evolveum.midpoint.model.impl.util.ModelImplUtils;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismReferenceValue;
import com.evolveum.midpoint.prism.delta.ChangeType;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.provisioning.api.ProvisioningOperationContext;
import com.evolveum.midpoint.provisioning.api.ProvisioningOperationOptions;
import com.evolveum.midpoint.provisioning.api.ProvisioningService;
import com.evolveum.midpoint.repo.api.RepoAddOptions;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.repo.common.AuditHelper;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.GetOperationOptionsBuilder;
import com.evolveum.midpoint.schema.ObjectDeltaOperation;
import com.evolveum.midpoint.schema.constants.ObjectTypes;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.security.enforcer.api.AuthorizationParameters;
import com.evolveum.midpoint.security.enforcer.api.SecurityEnforcer;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.QNameUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ExpressionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationAuditEventRecordingType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationAuditType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TaskType;
import com.evolveum.prism.xml.ns._public.types_3.EvaluationTimeType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:BOOT-INF/lib/model-impl-4.8.9-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/controller/RawChangesExecutor.class */
class RawChangesExecutor {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) RawChangesExecutor.class);
    private static final String OP_EXECUTE = RawChangesExecutor.class.getName() + ".execute";

    @NotNull
    private final Collection<ObjectDelta<? extends ObjectType>> requestDeltas;

    @Nullable
    private final ModelExecuteOptions options;

    @NotNull
    private final Task task;

    @Nullable
    private final SystemConfigurationType systemConfiguration;

    @Nullable
    private final PrismReferenceValue auditTargetRef;
    private final AuditHelper auditHelper = ModelBeans.get().auditHelper;
    private final ProvisioningService provisioningService = ModelBeans.get().provisioningService;
    private final SecurityEnforcer securityEnforcer = ModelBeans.get().securityEnforcer;
    private final TaskManager taskManager = ModelBeans.get().taskManager;
    private final RepositoryService cacheRepositoryService = ModelBeans.get().cacheRepositoryService;

    @NotNull
    private final Collection<ObjectDeltaOperation<? extends ObjectType>> executedDeltas = new ArrayList();

    @NotNull
    private final String requestIdentifier = ModelImplUtils.generateRequestIdentifier();

    /* JADX INFO: Access modifiers changed from: package-private */
    public RawChangesExecutor(@NotNull Collection<ObjectDelta<? extends ObjectType>> collection, @Nullable ModelExecuteOptions modelExecuteOptions, @NotNull Task task, @NotNull OperationResult operationResult) throws SchemaException {
        this.requestDeltas = collection;
        this.options = modelExecuteOptions;
        this.task = task;
        this.systemConfiguration = ModelBeans.get().systemObjectCache.getSystemConfigurationBean(operationResult);
        this.auditTargetRef = ModelImplUtils.determineAuditTarget(collection);
    }

    public Collection<ObjectDeltaOperation<? extends ObjectType>> execute(OperationResult operationResult) throws ExpressionEvaluationException, PolicyViolationException, SecurityViolationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ObjectAlreadyExistsException {
        this.task.assertPersistentExecution("Raw operation execution is not supported in non-persistent execution mode");
        auditRequest(operationResult);
        OperationResult createSubresult = operationResult.createSubresult(OP_EXECUTE);
        try {
            try {
                Iterator<ObjectDelta<? extends ObjectType>> it = this.requestDeltas.iterator();
                while (it.hasNext()) {
                    executeChangeRaw(it.next(), createSubresult);
                }
                Collection<ObjectDeltaOperation<? extends ObjectType>> collection = this.executedDeltas;
                createSubresult.close();
                createSubresult.cleanup();
                auditExecution(createSubresult.getStatus(), operationResult);
                return collection;
            } catch (Throwable th) {
                createSubresult.recordException(th);
                throw th;
            }
        } catch (Throwable th2) {
            createSubresult.close();
            createSubresult.cleanup();
            auditExecution(createSubresult.getStatus(), operationResult);
            throw th2;
        }
    }

    private void auditRequest(OperationResult operationResult) {
        processAndAuditTheRecord(createAuditEventRecordRaw(AuditEventStage.REQUEST, ObjectDeltaOperation.cloneDeltaCollection(this.requestDeltas)), operationResult);
    }

    private void auditExecution(OperationResultStatus operationResultStatus, OperationResult operationResult) {
        AuditEventRecord createAuditEventRecordRaw = createAuditEventRecordRaw(AuditEventStage.EXECUTION, this.executedDeltas);
        createAuditEventRecordRaw.setTimestamp(Long.valueOf(System.currentTimeMillis()));
        createAuditEventRecordRaw.setOutcome(operationResultStatus);
        processAndAuditTheRecord(createAuditEventRecordRaw, operationResult);
    }

    private void processAndAuditTheRecord(AuditEventRecord auditEventRecord, OperationResult operationResult) {
        ExpressionType auditEventRecordingExpression = getAuditEventRecordingExpression();
        AuditEventRecord evaluateRecordingExpression = auditEventRecordingExpression != null ? this.auditHelper.evaluateRecordingExpression(auditEventRecordingExpression, auditEventRecord, null, null, (task, operationResult2) -> {
            return new ModelExpressionEnvironment(null, null, task, operationResult2);
        }, this.task, operationResult) : auditEventRecord;
        if (evaluateRecordingExpression != null) {
            this.auditHelper.audit(evaluateRecordingExpression, null, this.task, operationResult);
        }
    }

    private ExpressionType getAuditEventRecordingExpression() {
        SystemConfigurationAuditType audit;
        SystemConfigurationAuditEventRecordingType eventRecording;
        if (this.systemConfiguration == null || (audit = this.systemConfiguration.getAudit()) == null || (eventRecording = audit.getEventRecording()) == null) {
            return null;
        }
        return eventRecording.getExpression();
    }

    private AuditEventRecord createAuditEventRecordRaw(AuditEventStage auditEventStage, Collection<ObjectDeltaOperation<? extends ObjectType>> collection) {
        AuditEventRecord auditEventRecord = new AuditEventRecord(AuditEventType.EXECUTE_CHANGES_RAW, auditEventStage);
        auditEventRecord.setRequestIdentifier(this.requestIdentifier);
        auditEventRecord.setTargetRef(this.auditTargetRef);
        auditEventRecord.addDeltas(collection);
        return auditEventRecord;
    }

    private void executeChangeRaw(ObjectDelta<? extends ObjectType> objectDelta, OperationResult operationResult) throws CommunicationException, ObjectNotFoundException, ObjectAlreadyExistsException, PolicyViolationException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
        OperationResult createSubresult = operationResult.createSubresult(ModelService.EXECUTE_CHANGE);
        ObjectType objectType = null;
        try {
            try {
                applyDefinitionsIfNeeded(objectDelta, createSubresult);
                objectType = executeChangeRawInternal(objectDelta, this.options, this.task, createSubresult);
                createSubresult.close();
                this.executedDeltas.add(prepareObjectDeltaOperation(objectDelta, objectType, operationResult, createSubresult));
            } finally {
            }
        } catch (Throwable th) {
            createSubresult.close();
            this.executedDeltas.add(prepareObjectDeltaOperation(objectDelta, objectType, operationResult, createSubresult));
            throw th;
        }
    }

    private ObjectDeltaOperation<? extends ObjectType> prepareObjectDeltaOperation(ObjectDelta<? extends ObjectType> objectDelta, ObjectType objectType, OperationResult operationResult, OperationResult operationResult2) {
        ObjectDeltaOperation<? extends ObjectType> objectDeltaOperation = new ObjectDeltaOperation<>(objectDelta, operationResult2);
        if (objectType != null) {
            objectDeltaOperation.setObjectName(PolyString.toPolyString(objectType.getName()));
            if (objectType instanceof ShadowType) {
                ShadowType shadowType = (ShadowType) objectType;
                objectDeltaOperation.setResourceOid(ShadowUtil.getResourceOid(shadowType));
                objectDeltaOperation.setResourceName(getResourceName(shadowType, operationResult));
                objectDeltaOperation.setShadowKind(ShadowUtil.getKind(shadowType));
                objectDeltaOperation.setShadowIntent(ShadowUtil.getIntent(shadowType));
            }
        }
        return objectDeltaOperation;
    }

    private PolyString getResourceName(ShadowType shadowType, OperationResult operationResult) {
        ObjectReferenceType resourceRef = shadowType.getResourceRef();
        if (resourceRef == null) {
            return null;
        }
        PolyString targetName = resourceRef.asReferenceValue().getTargetName();
        if (targetName == null && resourceRef.getOid() != null) {
            try {
                targetName = this.cacheRepositoryService.getObject(ResourceType.class, resourceRef.getOid(), GetOperationOptionsBuilder.create().readOnly().allowNotFound().build(), operationResult).getName();
            } catch (ObjectNotFoundException | SchemaException e) {
                LOGGER.debug("Problem reading resource {} while getting name for audit record", resourceRef.getOid(), e);
            }
        }
        return targetName;
    }

    private ObjectType executeChangeRawInternal(ObjectDelta<? extends ObjectType> objectDelta, ModelExecuteOptions modelExecuteOptions, Task task, OperationResult operationResult) throws CommunicationException, ObjectNotFoundException, ObjectAlreadyExistsException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException, PolicyViolationException {
        boolean isPreAuthorized = ModelExecuteOptions.isPreAuthorized(modelExecuteOptions);
        if (objectDelta.isAdd()) {
            return executeAddDeltaRaw(objectDelta, isPreAuthorized, modelExecuteOptions, task, operationResult);
        }
        if (objectDelta.isDelete()) {
            return executeDeleteDeltaRaw(objectDelta, isPreAuthorized, task, operationResult);
        }
        if (objectDelta.isModify()) {
            return executeModifyDeltaRaw(objectDelta, isPreAuthorized, modelExecuteOptions, task, operationResult);
        }
        throw new IllegalArgumentException("Wrong delta type " + objectDelta.getChangeType() + " in " + objectDelta);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private ObjectType executeAddDeltaRaw(ObjectDelta<? extends ObjectType> objectDelta, boolean z, ModelExecuteOptions modelExecuteOptions, Task task, OperationResult operationResult) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException, ObjectAlreadyExistsException {
        RepoAddOptions repoAddOptions = new RepoAddOptions();
        if (ModelExecuteOptions.isNoCrypt(modelExecuteOptions)) {
            repoAddOptions.setAllowUnencryptedValues(true);
        }
        if (ModelExecuteOptions.isOverwrite(modelExecuteOptions)) {
            repoAddOptions.setOverwrite(true);
        }
        PrismObject<? extends ObjectType> objectToAdd = objectDelta.getObjectToAdd();
        if (!z) {
            this.securityEnforcer.authorize(ModelAuthorizationAction.RAW_OPERATION.getUrl(), null, AuthorizationParameters.Builder.buildObjectAdd(objectToAdd), task, operationResult);
            this.securityEnforcer.authorize(ModelAuthorizationAction.ADD.getUrl(), null, AuthorizationParameters.Builder.buildObjectAdd(objectToAdd), task, operationResult);
        }
        try {
            String addTask = objectToAdd.canRepresent(TaskType.class) ? this.taskManager.addTask(objectToAdd, operationResult) : this.cacheRepositoryService.addObject(objectToAdd, repoAddOptions, operationResult);
            task.recordObjectActionExecuted(objectToAdd, null, addTask, ChangeType.ADD, task.getChannel(), null);
            objectDelta.setOid(addTask);
            return objectToAdd.asObjectable();
        } catch (Throwable th) {
            task.recordObjectActionExecuted(objectToAdd, null, null, ChangeType.ADD, task.getChannel(), th);
            throw th;
        }
    }

    private <T extends ObjectType> T executeDeleteDeltaRaw(ObjectDelta<T> objectDelta, boolean z, Task task, OperationResult operationResult) throws PolicyViolationException, CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
        ObjectType objectType;
        QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(true);
        Class<T> objectTypeClass = objectDelta.getObjectTypeClass();
        String oid = objectDelta.getOid();
        ObjectType objectType2 = null;
        try {
            try {
                objectType = (ObjectType) this.cacheRepositoryService.getObject(objectTypeClass, oid, GetOperationOptions.createReadOnlyCollection(), operationResult).asObjectable();
                objectType2 = objectType;
            } catch (Throwable th) {
                if (!this.securityEnforcer.isAuthorizedAll(task, operationResult)) {
                    throw th;
                }
                objectType = (ObjectType) PrismContext.get().createObjectable(objectTypeClass);
                objectType.setOid(oid);
                objectType.setName(PolyStringType.fromOrig("Unreadable object"));
            }
            ModelController.checkIndestructible(objectType);
            if (!z) {
                this.securityEnforcer.authorize(ModelAuthorizationAction.RAW_OPERATION.getUrl(), null, AuthorizationParameters.Builder.buildObjectDelete(ObjectTypeUtil.asPrismObject(objectType)), task, operationResult);
                this.securityEnforcer.authorize(ModelAuthorizationAction.DELETE.getUrl(), null, AuthorizationParameters.Builder.buildObjectDelete(ObjectTypeUtil.asPrismObject(objectType)), task, operationResult);
            }
            try {
                if (ObjectTypes.isClassManagedByProvisioning(objectTypeClass)) {
                    ModelImplUtils.clearRequestee(task);
                    this.provisioningService.deleteObject(objectTypeClass, oid, ProvisioningOperationOptions.createRaw(), null, new ProvisioningOperationContext().requestIdentifier(this.requestIdentifier).expressionEnvironmentSupplier((task2, operationResult2) -> {
                        return new ModelExpressionEnvironment(null, null, task2, operationResult2);
                    }), task, operationResult);
                } else if (TaskType.class.isAssignableFrom(objectTypeClass)) {
                    this.taskManager.deleteTask(oid, operationResult);
                } else {
                    this.cacheRepositoryService.deleteObject(objectTypeClass, oid, operationResult);
                }
                task.recordObjectActionExecuted(ObjectTypeUtil.asPrismObject(objectType2), objectTypeClass, oid, ChangeType.DELETE, task.getChannel(), null);
                return (T) objectType2;
            } catch (Throwable th2) {
                task.recordObjectActionExecuted(ObjectTypeUtil.asPrismObject(objectType2), objectTypeClass, oid, ChangeType.DELETE, task.getChannel(), th2);
                throw th2;
            }
        } finally {
            QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(Boolean.valueOf(false));
        }
    }

    private <T extends ObjectType> T executeModifyDeltaRaw(ObjectDelta<T> objectDelta, boolean z, ModelExecuteOptions modelExecuteOptions, Task task, OperationResult operationResult) throws ObjectAlreadyExistsException, ObjectNotFoundException, SchemaException, ConfigurationException, CommunicationException, SecurityViolationException, ExpressionEvaluationException {
        QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(true);
        Class<T> objectTypeClass = objectDelta.getObjectTypeClass();
        String oid = objectDelta.getOid();
        try {
            T t = (T) this.cacheRepositoryService.getObject(objectTypeClass, oid, GetOperationOptions.createReadOnlyCollection(), operationResult).asObjectable();
            if (!z) {
                AuthorizationParameters buildObjectDelta = AuthorizationParameters.Builder.buildObjectDelta(t.asPrismObject(), objectDelta, true);
                this.securityEnforcer.authorize(ModelAuthorizationAction.RAW_OPERATION.getUrl(), null, buildObjectDelta, task, operationResult);
                this.securityEnforcer.authorize(ModelAuthorizationAction.MODIFY.getUrl(), null, buildObjectDelta, task, operationResult);
            }
            try {
                if (TaskType.class.isAssignableFrom(objectTypeClass)) {
                    this.taskManager.modifyTask(oid, objectDelta.getModifications(), operationResult);
                } else {
                    this.cacheRepositoryService.modifyObject(objectTypeClass, oid, objectDelta.getModifications(), operationResult);
                }
                task.recordObjectActionExecuted(ObjectTypeUtil.asPrismObject(t), ChangeType.MODIFY, null);
                if (ModelExecuteOptions.isReevaluateSearchFilters(modelExecuteOptions)) {
                    reevaluateSearchFilters(objectTypeClass, oid, task, operationResult);
                }
                return t;
            } finally {
            }
        } finally {
            QNameUtil.setTemporarilyTolerateUndeclaredPrefixes(Boolean.valueOf(false));
        }
    }

    private <T extends ObjectType> void reevaluateSearchFilters(Class<T> cls, String str, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ObjectAlreadyExistsException {
        OperationResult createSubresult = operationResult.createSubresult(ModelController.OP_REEVALUATE_SEARCH_FILTERS);
        try {
            try {
                PrismObject object = this.cacheRepositoryService.getObject(cls, str, GetOperationOptions.createReadOnlyCollection(), createSubresult);
                PrismObject<? extends ObjectType> mo1377clone = object.mo1377clone();
                ModelImplUtils.resolveReferences((PrismObject) mo1377clone, this.cacheRepositoryService, false, true, EvaluationTimeType.IMPORT, true, createSubresult);
                ObjectDelta diff = object.diff((PrismObject) mo1377clone);
                LOGGER.trace("reevaluateSearchFilters found delta: {}", diff.debugDumpLazily());
                if (!diff.isEmpty()) {
                    try {
                        this.cacheRepositoryService.modifyObject(cls, str, diff.getModifications(), createSubresult);
                        task.recordObjectActionExecuted(mo1377clone, ChangeType.MODIFY, null);
                    } catch (Throwable th) {
                        task.recordObjectActionExecuted(mo1377clone, ChangeType.MODIFY, th);
                        throw th;
                    }
                }
                createSubresult.recordSuccess();
                createSubresult.close();
            } catch (ObjectAlreadyExistsException | ObjectNotFoundException | SchemaException | RuntimeException e) {
                createSubresult.recordFatalError("Couldn't reevaluate search filters: " + e.getMessage(), e);
                throw e;
            }
        } catch (Throwable th2) {
            createSubresult.close();
            throw th2;
        }
    }

    private void applyDefinitionsIfNeeded(ObjectDelta<? extends ObjectType> objectDelta, OperationResult operationResult) {
        Class<? extends ObjectType> objectTypeClass = objectDelta.getObjectTypeClass();
        if (objectTypeClass == ShadowType.class || objectTypeClass == ResourceType.class) {
            try {
                this.provisioningService.applyDefinition(objectDelta, this.task, operationResult);
            } catch (Exception e) {
                LoggingUtils.logExceptionAsWarning(LOGGER, "Couldn't apply definition on shadow/resource raw-mode delta {} -- continuing the operation.", e, objectDelta);
                operationResult.muteLastSubresultError();
            }
        }
    }
}
