package com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators;

import com.evolveum.midpoint.model.api.context.EvaluatedAssignment;
import com.evolveum.midpoint.model.api.context.EvaluatedMultiplicityTrigger;
import com.evolveum.midpoint.model.impl.lens.projector.policy.AssignmentPolicyRuleEvaluationContext;
import com.evolveum.midpoint.model.impl.lens.projector.policy.ObjectPolicyRuleEvaluationContext;
import com.evolveum.midpoint.model.impl.lens.projector.policy.PolicyRuleEvaluationContext;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.delta.PlusMinusZero;
import com.evolveum.midpoint.prism.query.builder.S_FilterExit;
import com.evolveum.midpoint.prism.xml.XsdTypeMapper;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.util.LocalizableMessage;
import com.evolveum.midpoint.util.LocalizableMessageBuilder;
import com.evolveum.midpoint.util.QNameUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractRoleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentHolderType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MultiplicityPolicyConstraintType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyConstraintKindType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyConstraintsType;
import jakarta.xml.bind.JAXBElement;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import javax.xml.namespace.QName;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/model-impl-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/MultiplicityConstraintEvaluator.class */
public class MultiplicityConstraintEvaluator implements PolicyConstraintEvaluator<MultiplicityPolicyConstraintType, EvaluatedMultiplicityTrigger> {
    private static final String OP_EVALUATE = MultiplicityConstraintEvaluator.class.getName() + ".evaluate";
    private static final String CONSTRAINT_KEY_PREFIX = "multiplicityConstraint.";
    private static final String KEY_MIN = "min.";
    private static final String KEY_MAX = "max.";
    private static final String KEY_OBJECT = "object";
    private static final String KEY_TARGET = "target";

    @Autowired
    private ConstraintEvaluatorHelper evaluatorHelper;

    @Autowired
    private PrismContext prismContext;

    @Autowired
    @Qualifier("cacheRepositoryService")
    private RepositoryService repositoryService;

    @Override // com.evolveum.midpoint.model.impl.lens.projector.policy.evaluators.PolicyConstraintEvaluator
    @NotNull
    public <O extends ObjectType> Collection<EvaluatedMultiplicityTrigger> evaluate(@NotNull JAXBElement<MultiplicityPolicyConstraintType> jAXBElement, @NotNull PolicyRuleEvaluationContext<O> policyRuleEvaluationContext, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        OperationResult build = operationResult.subresult(OP_EVALUATE).setMinor().build();
        try {
            try {
                if (policyRuleEvaluationContext instanceof ObjectPolicyRuleEvaluationContext) {
                    Collection<EvaluatedMultiplicityTrigger> evaluateForObject = evaluateForObject(jAXBElement, (ObjectPolicyRuleEvaluationContext) policyRuleEvaluationContext, build);
                    build.computeStatusIfUnknown();
                    return evaluateForObject;
                }
                if (policyRuleEvaluationContext instanceof AssignmentPolicyRuleEvaluationContext) {
                    Collection<EvaluatedMultiplicityTrigger> evaluateForAssignment = evaluateForAssignment(jAXBElement, (AssignmentPolicyRuleEvaluationContext) policyRuleEvaluationContext, build);
                    build.computeStatusIfUnknown();
                    return evaluateForAssignment;
                }
                List of = List.of();
                build.computeStatusIfUnknown();
                return of;
            } catch (Throwable th) {
                build.recordFatalError(th.getMessage(), th);
                throw th;
            }
        } catch (Throwable th2) {
            build.computeStatusIfUnknown();
            throw th2;
        }
    }

    @NotNull
    private Collection<EvaluatedMultiplicityTrigger> evaluateForObject(JAXBElement<MultiplicityPolicyConstraintType> jAXBElement, ObjectPolicyRuleEvaluationContext<?> objectPolicyRuleEvaluationContext, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        PrismObject<?> objectAny = objectPolicyRuleEvaluationContext.elementContext.getObjectAny();
        if (objectAny == null || !(objectAny.asObjectable() instanceof AbstractRoleType)) {
            return List.of();
        }
        List<QName> singletonList = jAXBElement.getValue().getRelation().isEmpty() ? Collections.singletonList(this.prismContext.getDefaultRelation()) : jAXBElement.getValue().getRelation();
        AbstractRoleType abstractRoleType = (AbstractRoleType) objectAny.asObjectable();
        boolean z = QNameUtil.match(jAXBElement.getName(), PolicyConstraintsType.F_MIN_ASSIGNEES) || QNameUtil.match(jAXBElement.getName(), PolicyConstraintsType.F_OBJECT_MIN_ASSIGNEES_VIOLATION);
        boolean z2 = QNameUtil.match(jAXBElement.getName(), PolicyConstraintsType.F_MAX_ASSIGNEES) || QNameUtil.match(jAXBElement.getName(), PolicyConstraintsType.F_OBJECT_MAX_ASSIGNEES_VIOLATION);
        if (!z && !z2) {
            throw new AssertionError("!isMin and !isMax");
        }
        Integer multiplicityToInteger = XsdTypeMapper.multiplicityToInteger(jAXBElement.getValue().getMultiplicity());
        if (multiplicityToInteger == null) {
            return List.of();
        }
        if (z) {
            if (multiplicityToInteger.intValue() <= 0) {
                return List.of();
            }
            ArrayList arrayList = new ArrayList();
            for (QName qName : singletonList) {
                if (getNumberOfAssigneesExceptMyself(abstractRoleType, null, qName, operationResult) < multiplicityToInteger.intValue()) {
                    arrayList.add(new EvaluatedMultiplicityTrigger(PolicyConstraintKindType.MIN_ASSIGNEES_VIOLATION, jAXBElement.getValue(), getMessage(jAXBElement, objectPolicyRuleEvaluationContext, operationResult, KEY_MIN, "object", objectAny, multiplicityToInteger, qName.getLocalPart()), getShortMessage(jAXBElement, objectPolicyRuleEvaluationContext, operationResult, KEY_MIN, "object", objectAny, multiplicityToInteger, qName.getLocalPart())));
                }
            }
            return arrayList;
        }
        if (multiplicityToInteger.intValue() < 0) {
            return List.of();
        }
        ArrayList arrayList2 = new ArrayList();
        for (QName qName2 : singletonList) {
            if (getNumberOfAssigneesExceptMyself(abstractRoleType, null, qName2, operationResult) > multiplicityToInteger.intValue()) {
                arrayList2.add(new EvaluatedMultiplicityTrigger(PolicyConstraintKindType.MAX_ASSIGNEES_VIOLATION, jAXBElement.getValue(), getMessage(jAXBElement, objectPolicyRuleEvaluationContext, operationResult, KEY_MAX, "object", objectAny, multiplicityToInteger, qName2.getLocalPart()), getShortMessage(jAXBElement, objectPolicyRuleEvaluationContext, operationResult, KEY_MAX, "object", objectAny, multiplicityToInteger, qName2.getLocalPart())));
            }
        }
        return arrayList2;
    }

    @NotNull
    private <AH extends AssignmentHolderType> Collection<EvaluatedMultiplicityTrigger> evaluateForAssignment(JAXBElement<MultiplicityPolicyConstraintType> jAXBElement, AssignmentPolicyRuleEvaluationContext<AH> assignmentPolicyRuleEvaluationContext, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        if (!assignmentPolicyRuleEvaluationContext.isDirect()) {
            return List.of();
        }
        if (assignmentPolicyRuleEvaluationContext.isAdded) {
            if (!assignmentPolicyRuleEvaluationContext.evaluatedAssignment.isPresentInCurrentObject()) {
                return checkAssigneeConstraints(jAXBElement, assignmentPolicyRuleEvaluationContext.evaluatedAssignment, PlusMinusZero.PLUS, assignmentPolicyRuleEvaluationContext, operationResult);
            }
        } else if (assignmentPolicyRuleEvaluationContext.isDeleted && assignmentPolicyRuleEvaluationContext.evaluatedAssignment.isPresentInCurrentObject()) {
            return checkAssigneeConstraints(jAXBElement, assignmentPolicyRuleEvaluationContext.evaluatedAssignment, PlusMinusZero.MINUS, assignmentPolicyRuleEvaluationContext, operationResult);
        }
        return List.of();
    }

    @NotNull
    private <AH extends AssignmentHolderType> Collection<EvaluatedMultiplicityTrigger> checkAssigneeConstraints(JAXBElement<MultiplicityPolicyConstraintType> jAXBElement, EvaluatedAssignment evaluatedAssignment, PlusMinusZero plusMinusZero, AssignmentPolicyRuleEvaluationContext<AH> assignmentPolicyRuleEvaluationContext, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        PrismObject<?> target = evaluatedAssignment.getTarget();
        if (target == null || !(target.asObjectable() instanceof AbstractRoleType)) {
            return List.of();
        }
        AbstractRoleType abstractRoleType = (AbstractRoleType) target.asObjectable();
        QName normalizedRelation = evaluatedAssignment.getNormalizedRelation();
        if (normalizedRelation == null || !containsRelation(jAXBElement.getValue(), normalizedRelation)) {
            return List.of();
        }
        String oid = assignmentPolicyRuleEvaluationContext.getFocusContext().getOid();
        boolean match = QNameUtil.match(jAXBElement.getName(), PolicyConstraintsType.F_MIN_ASSIGNEES);
        boolean match2 = QNameUtil.match(jAXBElement.getName(), PolicyConstraintsType.F_MAX_ASSIGNEES);
        if (!match && !match2) {
            throw new AssertionError("!isMin and !isMax");
        }
        Integer multiplicityToInteger = XsdTypeMapper.multiplicityToInteger(jAXBElement.getValue().getMultiplicity());
        if (match) {
            if (multiplicityToInteger.intValue() <= 0) {
                return List.of();
            }
            int numberOfAssigneesExceptMyself = getNumberOfAssigneesExceptMyself(abstractRoleType, oid, normalizedRelation, operationResult);
            return (numberOfAssigneesExceptMyself >= multiplicityToInteger.intValue() || plusMinusZero != PlusMinusZero.MINUS) ? List.of() : List.of(new EvaluatedMultiplicityTrigger(PolicyConstraintKindType.MIN_ASSIGNEES_VIOLATION, jAXBElement.getValue(), getMessage(jAXBElement, assignmentPolicyRuleEvaluationContext, operationResult, KEY_MIN, "target", abstractRoleType.asPrismObject(), multiplicityToInteger, normalizedRelation.getLocalPart(), Integer.valueOf(numberOfAssigneesExceptMyself)), getShortMessage(jAXBElement, assignmentPolicyRuleEvaluationContext, operationResult, KEY_MIN, "target", abstractRoleType.asPrismObject(), multiplicityToInteger, normalizedRelation.getLocalPart(), Integer.valueOf(numberOfAssigneesExceptMyself))));
        }
        if (multiplicityToInteger.intValue() < 0) {
            return List.of();
        }
        int numberOfAssigneesExceptMyself2 = getNumberOfAssigneesExceptMyself(abstractRoleType, oid, normalizedRelation, operationResult);
        return (numberOfAssigneesExceptMyself2 < multiplicityToInteger.intValue() || plusMinusZero != PlusMinusZero.PLUS) ? List.of() : List.of(new EvaluatedMultiplicityTrigger(PolicyConstraintKindType.MAX_ASSIGNEES_VIOLATION, jAXBElement.getValue(), getMessage(jAXBElement, assignmentPolicyRuleEvaluationContext, operationResult, KEY_MAX, "target", abstractRoleType.asPrismObject(), multiplicityToInteger, normalizedRelation.getLocalPart(), Integer.valueOf(numberOfAssigneesExceptMyself2 + 1)), getShortMessage(jAXBElement, assignmentPolicyRuleEvaluationContext, operationResult, KEY_MAX, "target", abstractRoleType.asPrismObject(), multiplicityToInteger, normalizedRelation.getLocalPart(), Integer.valueOf(numberOfAssigneesExceptMyself2 + 1))));
    }

    private boolean containsRelation(MultiplicityPolicyConstraintType multiplicityPolicyConstraintType, QName qName) {
        return getConstraintRelations(multiplicityPolicyConstraintType).stream().anyMatch(qName2 -> {
            return this.prismContext.relationMatches(qName2, qName);
        });
    }

    private List<QName> getConstraintRelations(MultiplicityPolicyConstraintType multiplicityPolicyConstraintType) {
        return !multiplicityPolicyConstraintType.getRelation().isEmpty() ? multiplicityPolicyConstraintType.getRelation() : Collections.singletonList(this.prismContext.getDefaultRelation());
    }

    private int getNumberOfAssigneesExceptMyself(AbstractRoleType abstractRoleType, String str, QName qName, OperationResult operationResult) throws SchemaException {
        if (abstractRoleType.getOid() == null) {
            return 0;
        }
        S_FilterExit ref = this.prismContext.queryFor(FocusType.class).item(FocusType.F_ASSIGNMENT, AssignmentType.F_TARGET_REF).ref(this.prismContext.itemFactory().createReferenceValue(abstractRoleType.getOid()).relation(qName));
        if (str != null) {
            ref = ref.and().not().id(str);
        }
        return this.repositoryService.countObjects(FocusType.class, ref.build(), null, operationResult);
    }

    private LocalizableMessage getMessage(JAXBElement<MultiplicityPolicyConstraintType> jAXBElement, PolicyRuleEvaluationContext<?> policyRuleEvaluationContext, OperationResult operationResult, String str, String str2, PrismObject<?> prismObject, Object... objArr) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
        return this.evaluatorHelper.createLocalizableMessage(jAXBElement, policyRuleEvaluationContext, new LocalizableMessageBuilder().key("DefaultPolicyConstraint.multiplicityConstraint." + str + str2).arg(ObjectTypeUtil.createDisplayInformation(prismObject, true)).args(objArr).build(), operationResult);
    }

    private LocalizableMessage getShortMessage(JAXBElement<MultiplicityPolicyConstraintType> jAXBElement, PolicyRuleEvaluationContext<?> policyRuleEvaluationContext, OperationResult operationResult, String str, String str2, PrismObject<?> prismObject, Object... objArr) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
        return this.evaluatorHelper.createLocalizableShortMessage(jAXBElement, policyRuleEvaluationContext, new LocalizableMessageBuilder().key("DefaultPolicyConstraint.Short.multiplicityConstraint." + str + str2).arg(ObjectTypeUtil.createDisplayInformation(prismObject, false)).args(objArr).build(), operationResult);
    }
}
