package com.evolveum.midpoint.provisioning.impl.shadows.manager;

import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.PrismReferenceValue;
import com.evolveum.midpoint.prism.PrismValue;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.delta.ContainerDelta;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.delta.ReferenceDelta;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.provisioning.impl.RepoShadow;
import com.evolveum.midpoint.provisioning.impl.RepoShadowModifications;
import com.evolveum.midpoint.provisioning.impl.shadows.ShadowsLocalBeans;
import com.evolveum.midpoint.repo.common.ObjectMarkHelper;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.processor.ResourceObjectDefinition;
import com.evolveum.midpoint.schema.processor.ShadowAttributeDefinition;
import com.evolveum.midpoint.schema.processor.ShadowReferenceAttributeDefinition;
import com.evolveum.midpoint.schema.processor.ShadowReferenceAttributeValue;
import com.evolveum.midpoint.schema.processor.ShadowSimpleAttributeDefinition;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.QNameUtil;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.util.Collection;
import java.util.Iterator;
import java.util.Objects;
import javax.xml.namespace.QName;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/provisioning/impl/shadows/manager/ShadowDeltaComputerRelative.class */
public class ShadowDeltaComputerRelative {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ShadowDeltaComputerRelative.class);
    private final ProvisioningContext ctx;
    private final Collection<? extends ItemDelta<?, ?>> allModifications;

    @NotNull
    private final RepoShadow repoShadow;

    @NotNull
    private final ShadowsLocalBeans b = ShadowsLocalBeans.get();

    /* JADX INFO: Access modifiers changed from: package-private */
    public ShadowDeltaComputerRelative(@NotNull ProvisioningContext provisioningContext, @NotNull RepoShadow repoShadow, @NotNull Collection<? extends ItemDelta<?, ?>> collection) {
        this.ctx = provisioningContext;
        this.allModifications = collection;
        this.repoShadow = repoShadow;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RepoShadowModifications computeShadowModifications(OperationResult operationResult) throws SchemaException {
        ResourceObjectDefinition objectDefinitionRequired = this.ctx.getObjectDefinitionRequired();
        ItemDelta<?, ?> itemDelta = null;
        ItemDelta<?, ?> itemDelta2 = null;
        RepoShadowModifications repoShadowModifications = new RepoShadowModifications();
        for (ItemDelta<?, ?> itemDelta3 : this.allModifications) {
            ItemPath path = itemDelta3.getPath();
            ItemPath parentPath = itemDelta3.getParentPath();
            if (parentPath.equivalent(ShadowType.F_ATTRIBUTES)) {
                ItemName elementName = itemDelta3.getElementName();
                if (isNamingAttribute(elementName, objectDefinitionRequired)) {
                    itemDelta2 = nameModFromAttributeMod(itemDelta3, itemDelta2);
                }
                if (objectDefinitionRequired.isPrimaryIdentifier(elementName)) {
                    repoShadowModifications.add(primaryIdentifierValueModFromAttributeMod(itemDelta3));
                }
                ShadowAttributeDefinition<?, ?, ?, ?> findAttributeDefinitionRequired = objectDefinitionRequired.findAttributeDefinitionRequired(elementName);
                if (findAttributeDefinitionRequired instanceof ShadowSimpleAttributeDefinition) {
                    ShadowSimpleAttributeDefinition<?> shadowSimpleAttributeDefinition = (ShadowSimpleAttributeDefinition) findAttributeDefinitionRequired;
                    if (ShadowComputerUtil.shouldStoreSimpleAttributeInShadow(objectDefinitionRequired, shadowSimpleAttributeDefinition)) {
                        repoShadowModifications.add(itemDelta3, shadowSimpleAttributeDefinition);
                    }
                } else if ((findAttributeDefinitionRequired instanceof ShadowReferenceAttributeDefinition) && ShadowComputerUtil.shouldStoreReferenceAttributeInShadow(objectDefinitionRequired, (ShadowReferenceAttributeDefinition) findAttributeDefinitionRequired)) {
                    ItemDelta<?, ?> mo1623clone = itemDelta3.mo1623clone();
                    mo1623clone.setParentPath(ShadowType.F_REFERENCE_ATTRIBUTES);
                    ((ReferenceDelta) mo1623clone).applyTransformer(prismReferenceValue -> {
                        if (prismReferenceValue.getOid() == null) {
                            resolveReferenceOid(prismReferenceValue, operationResult);
                        }
                        ObjectReferenceType repoFormat = ShadowComputerUtil.toRepoFormat(this.ctx, prismReferenceValue);
                        if (repoFormat != null) {
                            return repoFormat.asReferenceValue();
                        }
                        return null;
                    });
                    repoShadowModifications.add(itemDelta3, mo1623clone);
                }
            } else if (parentPath.equivalent(ShadowType.F_ACTIVATION)) {
                if (ShadowComputerUtil.shouldStoreActivationItemInShadow(this.ctx, itemDelta3.getElementName())) {
                    repoShadowModifications.add(itemDelta3);
                }
            } else if (path.equivalent(ShadowType.F_ACTIVATION)) {
                ContainerDelta containerDelta = (ContainerDelta) itemDelta3;
                Iterator it = MiscUtil.emptyIfNull(containerDelta.getValuesToAdd()).iterator();
                while (it.hasNext()) {
                    ShadowComputerUtil.cleanupShadowActivation(this.ctx, (ActivationType) ((PrismContainerValue) it.next()).asContainerable());
                }
                Iterator it2 = MiscUtil.emptyIfNull(containerDelta.getValuesToReplace()).iterator();
                while (it2.hasNext()) {
                    ShadowComputerUtil.cleanupShadowActivation(this.ctx, (ActivationType) ((PrismContainerValue) it2.next()).asContainerable());
                }
                repoShadowModifications.add(containerDelta);
            } else if (path.equivalent(SchemaConstants.PATH_PASSWORD_VALUE)) {
                if (objectDefinitionRequired.areCredentialsCached()) {
                    addPasswordValueDelta(repoShadowModifications, (PropertyDelta) itemDelta3, operationResult);
                }
            } else if (!path.startsWith(SchemaConstants.PATH_PASSWORD) || path.startsWith(SchemaConstants.PATH_PASSWORD_METADATA)) {
                if (path.equivalent(ShadowType.F_NAME)) {
                    itemDelta = itemDelta3;
                } else if (path.equivalent(ShadowType.F_POLICY_STATEMENT)) {
                    repoShadowModifications.add(itemDelta3);
                    repoShadowModifications.add(computeEffectiveMarkDelta(itemDelta3));
                } else if (!path.startsWith(ShadowType.F_ASSOCIATIONS)) {
                    repoShadowModifications.add(itemDelta3);
                }
            }
        }
        if (itemDelta != null) {
            repoShadowModifications.add(itemDelta);
        } else if (itemDelta2 != null) {
            repoShadowModifications.add(itemDelta2);
        }
        return repoShadowModifications;
    }

    private void resolveReferenceOid(PrismReferenceValue prismReferenceValue, OperationResult operationResult) {
        try {
            RepoShadow lookupLiveShadowByAllAttributes = this.b.shadowFinder.lookupLiveShadowByAllAttributes(this.ctx, ((ShadowReferenceAttributeValue) prismReferenceValue).getAttributesContainerRequired().getAllIdentifiers(), operationResult);
            if (lookupLiveShadowByAllAttributes != null) {
                prismReferenceValue.setObject(lookupLiveShadowByAllAttributes.getPrismObject());
            }
        } catch (Exception e) {
            LOGGER.warn("Couldn't resolve reference OID for {} in {}: {}", prismReferenceValue, this.repoShadow, e.getMessage());
        }
    }

    private ItemDelta<?, ?> nameModFromAttributeMod(ItemDelta<?, ?> itemDelta, ItemDelta<?, ?> itemDelta2) throws SchemaException {
        Collection<?> newValues = itemDelta.getNewValues();
        if (newValues.isEmpty()) {
            LOGGER.warn("Naming attribute value removal? Object: {}, modifications:\n{}", this.repoShadow, DebugUtil.debugDump((Collection<?>) this.allModifications, 1));
            return itemDelta2;
        }
        if (newValues.size() > 1) {
            LOGGER.warn("Adding more values for a naming attribute? Using the first one. Object: {}, modifications:\n{}", this.repoShadow, DebugUtil.debugDump((Collection<?>) this.allModifications, 1));
        }
        Object stateNonNull = MiscUtil.stateNonNull(((PrismValue) newValues.iterator().next()).getRealValue(), "No real value in %s", itemDelta);
        return PrismContext.get().deltaFor(ShadowType.class).item(ShadowType.F_NAME).replace(PolyString.fromOrig(stateNonNull instanceof PolyString ? ((PolyString) stateNonNull).getOrig() : stateNonNull.toString())).asItemDelta();
    }

    @NotNull
    private ItemDelta<?, ?> primaryIdentifierValueModFromAttributeMod(ItemDelta<?, ?> itemDelta) throws SchemaException {
        Collection<?> newValues = itemDelta.getNewValues();
        if (newValues.isEmpty()) {
            throw new SchemaException("Primary identifier value removal: %s for %s".formatted(itemDelta, this.repoShadow));
        }
        if (newValues.size() > 1) {
            throw new SchemaException("Adding more values for a primary identifier attribute: %s for %s".formatted(newValues, this.repoShadow));
        }
        Object stateNonNull = MiscUtil.stateNonNull(((PrismValue) newValues.iterator().next()).getRealValue(), "No real value in %s", itemDelta);
        return PrismContext.get().deltaFor(ShadowType.class).item(ShadowType.F_PRIMARY_IDENTIFIER_VALUE).replace(stateNonNull instanceof PolyString ? ((PolyString) stateNonNull).getNorm() : stateNonNull.toString()).asItemDelta();
    }

    @Nullable
    private ItemDelta<?, ?> computeEffectiveMarkDelta(@NotNull ItemDelta<?, ?> itemDelta) throws SchemaException {
        return ObjectMarkHelper.get().computeEffectiveMarkDelta(this.repoShadow.getBean(), itemDelta);
    }

    private static boolean isNamingAttribute(QName qName, ResourceObjectDefinition resourceObjectDefinition) {
        QName namingAttributeName = resourceObjectDefinition.getNamingAttributeName();
        return namingAttributeName != null ? QNameUtil.match(namingAttributeName, qName) : resourceObjectDefinition.isSecondaryIdentifier(qName) || (resourceObjectDefinition.getAllIdentifiers().size() == 1 && resourceObjectDefinition.isPrimaryIdentifier(qName));
    }

    private void addPasswordValueDelta(RepoShadowModifications repoShadowModifications, PropertyDelta<ProtectedStringType> propertyDelta, OperationResult operationResult) throws SchemaException {
        try {
            PrismPropertyValue prismPropertyValue = (PrismPropertyValue) MiscUtil.extractSingleton(propertyDelta.getNewValues(), () -> {
                return new IllegalStateException("Multiple password values in %s".formatted(propertyDelta));
            });
            if (prismPropertyValue == null || !((ProtectedStringType) Objects.requireNonNull((ProtectedStringType) prismPropertyValue.getRealValue())).isHashed()) {
                ResourceObjectDefinition objectDefinitionRequired = this.ctx.getObjectDefinitionRequired();
                repoShadowModifications.add(this.b.credentialsStorageManager.transformShadowPasswordDelta(this.b.securityPolicyFinder.locateResourceObjectCredentialsPolicy(objectDefinitionRequired, operationResult), objectDefinitionRequired.areCredentialsCachedLegacy(), propertyDelta));
            }
        } catch (EncryptionException e) {
            throw new SchemaException("Couldn't hash password value", e);
        }
    }
}
