package com.evolveum.midpoint.certification.impl;

import com.evolveum.midpoint.model.api.expr.OrgStructFunctions;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismReferenceValue;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.repo.common.expression.ExpressionEnvironmentThreadLocalHolder;
import com.evolveum.midpoint.schema.RelationRegistry;
import com.evolveum.midpoint.schema.SearchResultList;
import com.evolveum.midpoint.schema.constants.ExpressionConstants;
import com.evolveum.midpoint.schema.expression.VariablesMap;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.CertCampaignTypeUtil;
import com.evolveum.midpoint.schema.util.ObjectQueryUtil;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.schema.util.ResourceTypeUtil;
import com.evolveum.midpoint.task.api.ExpressionEnvironment;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.QNameUtil;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractRoleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationReviewerSpecificationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ExpressionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ManagerSearchType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.RelationKindType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ServiceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import javax.xml.namespace.QName;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/certification-impl-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/certification/impl/AccCertReviewersHelper.class */
public class AccCertReviewersHelper {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) AccCertReviewersHelper.class);

    @Autowired
    @Qualifier("cacheRepositoryService")
    private RepositoryService repositoryService;

    @Autowired
    private OrgStructFunctions orgStructFunctions;

    @Autowired
    private PrismContext prismContext;

    @Autowired
    private AccCertExpressionHelper expressionHelper;

    @Autowired
    private RelationRegistry relationRegistry;

    public AccessCertificationReviewerSpecificationType findReviewersSpecification(AccessCertificationCampaignType accessCertificationCampaignType, int i) {
        return CertCampaignTypeUtil.findStageDefinition(accessCertificationCampaignType, i).getReviewerSpecification();
    }

    public List<ObjectReferenceType> getReviewersForCase(AccessCertificationCaseType accessCertificationCaseType, AccessCertificationCampaignType accessCertificationCampaignType, AccessCertificationReviewerSpecificationType accessCertificationReviewerSpecificationType, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException {
        if (accessCertificationReviewerSpecificationType == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        if (Boolean.TRUE.equals(accessCertificationReviewerSpecificationType.isUseTargetOwner())) {
            cloneAndMerge(arrayList, getTargetObjectOwners(accessCertificationCaseType, operationResult));
        }
        if (Boolean.TRUE.equals(accessCertificationReviewerSpecificationType.isUseTargetApprover())) {
            cloneAndMerge(arrayList, getTargetObjectApprovers(accessCertificationCaseType, operationResult));
        }
        if (Boolean.TRUE.equals(accessCertificationReviewerSpecificationType.isUseObjectOwner())) {
            cloneAndMerge(arrayList, getObjectOwners(accessCertificationCaseType, operationResult));
        }
        if (Boolean.TRUE.equals(accessCertificationReviewerSpecificationType.isUseObjectApprover())) {
            cloneAndMerge(arrayList, getObjectApprovers(accessCertificationCaseType, operationResult));
        }
        if (accessCertificationReviewerSpecificationType.getUseObjectManager() != null) {
            cloneAndMerge(arrayList, getObjectManagers(accessCertificationCaseType, accessCertificationReviewerSpecificationType.getUseObjectManager(), task, operationResult));
        }
        for (ExpressionType expressionType : accessCertificationReviewerSpecificationType.getReviewerExpression()) {
            VariablesMap variablesMap = new VariablesMap();
            variablesMap.put(ExpressionConstants.VAR_CERTIFICATION_CASE, accessCertificationCaseType, AccessCertificationCaseType.class);
            variablesMap.putObject(ExpressionConstants.VAR_CAMPAIGN, (String) accessCertificationCampaignType, (Class<String>) AccessCertificationCampaignType.class);
            variablesMap.put("reviewerSpecification", accessCertificationReviewerSpecificationType, AccessCertificationReviewerSpecificationType.class);
            cloneAndMerge(arrayList, this.expressionHelper.evaluateRefExpressionChecked(expressionType, variablesMap, "reviewer expression", task, operationResult));
        }
        resolveRoleReviewers(arrayList, operationResult);
        if (arrayList.isEmpty()) {
            cloneAndMerge(arrayList, accessCertificationReviewerSpecificationType.getDefaultReviewerRef());
        }
        cloneAndMerge(arrayList, accessCertificationReviewerSpecificationType.getAdditionalReviewerRef());
        resolveRoleReviewers(arrayList, operationResult);
        return arrayList;
    }

    private void resolveRoleReviewers(List<ObjectReferenceType> list, OperationResult operationResult) throws SchemaException {
        ArrayList<ObjectReferenceType> arrayList = new ArrayList();
        Iterator<ObjectReferenceType> it = list.iterator();
        while (it.hasNext()) {
            ObjectReferenceType next = it.next();
            if (QNameUtil.match(next.getType(), RoleType.COMPLEX_TYPE) || QNameUtil.match(next.getType(), OrgType.COMPLEX_TYPE) || QNameUtil.match(next.getType(), ServiceType.COMPLEX_TYPE)) {
                it.remove();
                arrayList.addAll(getMembers(next, operationResult));
            }
        }
        for (ObjectReferenceType objectReferenceType : arrayList) {
            if (!containsOid(list, objectReferenceType.getOid())) {
                list.add(objectReferenceType);
            }
        }
    }

    private List<ObjectReferenceType> getMembers(ObjectReferenceType objectReferenceType, OperationResult operationResult) throws SchemaException {
        List<PrismReferenceValue> createReferences = ObjectQueryUtil.createReferences(objectReferenceType.getOid(), RelationKindType.MEMBER, this.relationRegistry);
        return (List) this.repositoryService.searchObjects(UserType.class, createReferences.isEmpty() ? this.prismContext.queryFor(UserType.class).none().build() : this.prismContext.queryFor(UserType.class).item(UserType.F_ROLE_MEMBERSHIP_REF).ref(createReferences).build(), null, operationResult).stream().map(prismObject -> {
            return ObjectTypeUtil.createObjectRef((PrismObject<?>) prismObject);
        }).collect(Collectors.toList());
    }

    private void cloneAndMerge(List<ObjectReferenceType> list, Collection<ObjectReferenceType> collection) {
        if (collection == null) {
            return;
        }
        for (ObjectReferenceType objectReferenceType : collection) {
            if (!containsOid(list, objectReferenceType.getOid())) {
                list.add(objectReferenceType.m1600clone());
            }
        }
    }

    private boolean containsOid(List<ObjectReferenceType> list, String str) {
        Iterator<ObjectReferenceType> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().getOid().equals(str)) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Collection<ObjectReferenceType> getObjectManagers(AccessCertificationCaseType accessCertificationCaseType, ManagerSearchType managerSearchType, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException {
        ExpressionEnvironmentThreadLocalHolder.pushExpressionEnvironment(new ExpressionEnvironment(task, operationResult));
        try {
            try {
                ObjectType resolveReference = resolveReference(accessCertificationCaseType.getObjectRef(), ObjectType.class, operationResult);
                Collection managers = resolveReference instanceof UserType ? this.orgStructFunctions.getManagers((UserType) resolveReference, managerSearchType.getOrgType(), Boolean.TRUE.equals(managerSearchType.isAllowSelf()), true) : resolveReference instanceof OrgType ? this.orgStructFunctions.getManagersOfOrg(resolveReference.getOid(), true) : ((resolveReference instanceof RoleType) || (resolveReference instanceof ServiceType)) ? new HashSet() : new HashSet();
                ArrayList arrayList = new ArrayList(managers.size());
                Iterator it = managers.iterator();
                while (it.hasNext()) {
                    arrayList.add(ObjectTypeUtil.createObjectRef((UserType) it.next()));
                }
                ExpressionEnvironmentThreadLocalHolder.popExpressionEnvironment();
                return arrayList;
            } catch (SecurityViolationException e) {
                throw new IllegalStateException("Impossible has happened: " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            ExpressionEnvironmentThreadLocalHolder.popExpressionEnvironment();
            throw th;
        }
    }

    private List<ObjectReferenceType> getTargetObjectOwners(AccessCertificationCaseType accessCertificationCaseType, OperationResult operationResult) throws SchemaException, ObjectNotFoundException {
        if (accessCertificationCaseType.getTargetRef() == null) {
            return null;
        }
        ObjectType resolveReference = resolveReference(accessCertificationCaseType.getTargetRef(), ObjectType.class, operationResult);
        if (resolveReference instanceof AbstractRoleType) {
            return getReviewers((AbstractRoleType) resolveReference, RelationKindType.OWNER, operationResult);
        }
        if (resolveReference instanceof ResourceType) {
            return ResourceTypeUtil.getOwnerRef((ResourceType) resolveReference);
        }
        return null;
    }

    private List<ObjectReferenceType> getReviewers(AbstractRoleType abstractRoleType, RelationKindType relationKindType, OperationResult operationResult) throws SchemaException {
        ArrayList arrayList = new ArrayList();
        if (relationKindType != RelationKindType.OWNER && relationKindType != RelationKindType.APPROVER) {
            throw new AssertionError(relationKindType);
        }
        ArrayList arrayList2 = new ArrayList();
        for (QName qName : this.relationRegistry.getAllRelationsFor(relationKindType)) {
            PrismReferenceValue createReferenceValue = this.prismContext.itemFactory().createReferenceValue(abstractRoleType.getOid());
            createReferenceValue.setRelation(qName);
            arrayList2.add(createReferenceValue);
        }
        ObjectQuery build = this.prismContext.queryFor(FocusType.class).item(FocusType.F_ROLE_MEMBERSHIP_REF).ref(arrayList2).build();
        SearchResultList searchObjects = this.repositoryService.searchObjects(FocusType.class, build, null, operationResult);
        LOGGER.trace("Looking for '{}' of {} using {}: found: {}", relationKindType, abstractRoleType, build, searchObjects);
        searchObjects.forEach(prismObject -> {
            arrayList.add(ObjectTypeUtil.createObjectRef((PrismObject<?>) prismObject));
        });
        return arrayList;
    }

    private List<ObjectReferenceType> getObjectOwners(AccessCertificationCaseType accessCertificationCaseType, OperationResult operationResult) throws SchemaException, ObjectNotFoundException {
        if (accessCertificationCaseType.getObjectRef() == null) {
            return null;
        }
        ObjectType resolveReference = resolveReference(accessCertificationCaseType.getObjectRef(), ObjectType.class, operationResult);
        if (resolveReference instanceof AbstractRoleType) {
            return getReviewers((AbstractRoleType) resolveReference, RelationKindType.OWNER, operationResult);
        }
        return null;
    }

    private Collection<ObjectReferenceType> getTargetObjectApprovers(AccessCertificationCaseType accessCertificationCaseType, OperationResult operationResult) throws SchemaException, ObjectNotFoundException {
        if (accessCertificationCaseType.getTargetRef() == null) {
            return null;
        }
        ObjectType resolveReference = resolveReference(accessCertificationCaseType.getTargetRef(), ObjectType.class, operationResult);
        if (resolveReference instanceof AbstractRoleType) {
            return getReviewers((AbstractRoleType) resolveReference, RelationKindType.APPROVER, operationResult);
        }
        if (resolveReference instanceof ResourceType) {
            return ResourceTypeUtil.getApproverRef((ResourceType) resolveReference);
        }
        return null;
    }

    private Collection<ObjectReferenceType> getObjectApprovers(AccessCertificationCaseType accessCertificationCaseType, OperationResult operationResult) throws SchemaException, ObjectNotFoundException {
        if (accessCertificationCaseType.getObjectRef() == null) {
            return null;
        }
        ObjectType resolveReference = resolveReference(accessCertificationCaseType.getObjectRef(), ObjectType.class, operationResult);
        if (resolveReference instanceof AbstractRoleType) {
            return getReviewers((AbstractRoleType) resolveReference, RelationKindType.APPROVER, operationResult);
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private ObjectType resolveReference(ObjectReferenceType objectReferenceType, Class<? extends ObjectType> cls, OperationResult operationResult) throws SchemaException, ObjectNotFoundException {
        return (ObjectType) this.repositoryService.getObject(objectReferenceType.getType() != null ? this.prismContext.getSchemaRegistry().getCompileTimeClassForObjectTypeRequired(objectReferenceType.getType()) : cls, objectReferenceType.getOid(), null, operationResult).asObjectable();
    }
}
