package com.evolveum.midpoint.provisioning.impl.resourceobjects;

import com.evolveum.midpoint.prism.PrismConstants;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.PrismPropertyDefinition;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.PrismReferenceValue;
import com.evolveum.midpoint.prism.delta.ContainerDelta;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.ItemDeltaCollectionsUtil;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.delta.ReferenceDelta;
import com.evolveum.midpoint.prism.match.MatchingRule;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.util.PrismUtil;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.provisioning.impl.RepoShadow;
import com.evolveum.midpoint.provisioning.impl.ResourceObjectFuturizer;
import com.evolveum.midpoint.provisioning.impl.resourceobjects.EntitlementConverter;
import com.evolveum.midpoint.provisioning.ucf.api.ConnectorOperationOptions;
import com.evolveum.midpoint.provisioning.ucf.api.Operation;
import com.evolveum.midpoint.provisioning.ucf.api.PropertyModificationOperation;
import com.evolveum.midpoint.provisioning.ucf.api.UcfModifyReturnValue;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.internals.InternalsConfig;
import com.evolveum.midpoint.schema.processor.ResourceObjectDefinition;
import com.evolveum.midpoint.schema.processor.ResourceObjectIdentification;
import com.evolveum.midpoint.schema.processor.ShadowReferenceAttribute;
import com.evolveum.midpoint.schema.processor.ShadowReferenceAttributeDefinition;
import com.evolveum.midpoint.schema.processor.ShadowSimpleAttributeDefinition;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ShadowReferenceAttributesCollection;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationProvisioningScriptsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import org.apache.commons.lang3.ObjectUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/provisioning/impl/resourceobjects/ResourceObjectModifyOperation.class */
public class ResourceObjectModifyOperation extends ResourceObjectProvisioningOperation {
    private static final Trace LOGGER;

    @NotNull
    private final ProvisioningContext ctx;

    @NotNull
    private final ResourceObjectDefinition objectDefinition;

    @NotNull
    private final ResourceObjectIdentification.WithPrimary identification;

    @NotNull
    private final RepoShadow repoShadow;
    private final Collection<? extends ItemDelta<?, ?>> requestedDeltas;
    private final XMLGregorianCalendar now;
    private final Collection<PropertyDelta<?>> knownExecutedDeltas;
    static final /* synthetic */ boolean $assertionsDisabled;

    private ResourceObjectModifyOperation(@NotNull ProvisioningContext provisioningContext, @NotNull RepoShadow repoShadow, OperationProvisioningScriptsType operationProvisioningScriptsType, ConnectorOperationOptions connectorOperationOptions, Collection<? extends ItemDelta<?, ?>> collection, XMLGregorianCalendar xMLGregorianCalendar) throws SchemaException {
        super(provisioningContext, operationProvisioningScriptsType, connectorOperationOptions);
        this.knownExecutedDeltas = new ArrayList();
        this.ctx = provisioningContext;
        this.objectDefinition = provisioningContext.getObjectDefinitionRequired();
        this.identification = repoShadow.getIdentificationRequired().ensurePrimary();
        this.repoShadow = repoShadow;
        this.requestedDeltas = collection;
        this.now = xMLGregorianCalendar;
    }

    @NotNull
    public static ResourceObjectModifyReturnValue execute(@NotNull ProvisioningContext provisioningContext, @NotNull RepoShadow repoShadow, OperationProvisioningScriptsType operationProvisioningScriptsType, ConnectorOperationOptions connectorOperationOptions, Collection<? extends ItemDelta<?, ?>> collection, XMLGregorianCalendar xMLGregorianCalendar, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException {
        return new ResourceObjectModifyOperation(provisioningContext, repoShadow, operationProvisioningScriptsType, connectorOperationOptions, collection, xMLGregorianCalendar).doExecute(operationResult);
    }

    @NotNull
    private ResourceObjectModifyReturnValue doExecute(OperationResult operationResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException, ObjectAlreadyExistsException, ExpressionEvaluationException {
        UcfModifyReturnValue empty;
        LOGGER.trace("Modifying resource object {}, deltas:\n{}", this.repoShadow, DebugUtil.debugDumpLazily(this.requestedDeltas, 1));
        if (!ShadowUtil.hasResourceModifications(this.requestedDeltas)) {
            LOGGER.trace("No resource modification found for {}, skipping", this.identification);
            operationResult.recordNotApplicableIfUnknown();
            return ResourceObjectModifyReturnValue.fromResult(operationResult);
        }
        this.ctx.checkProtectedObjectModification(this.repoShadow);
        List<Operation> convertToUcfOperations = convertToUcfOperations(operationResult);
        boolean hasVolatilityTriggerModification = hasVolatilityTriggerModification();
        ExistingResourceObjectShadow doPreReadIfNeeded = doPreReadIfNeeded(convertToUcfOperations, hasVolatilityTriggerModification, operationResult);
        if (convertToUcfOperations.isEmpty()) {
            LOGGER.trace("No modifications for connector object specified. Skipping processing of subject executeModify.");
            empty = UcfModifyReturnValue.empty();
        } else {
            assertNoDuplicates(convertToUcfOperations);
            empty = ResourceObjectUcfModifyOperation.execute(this.ctx, this.repoShadow, doPreReadIfNeeded, this.identification, convertToUcfOperations, this.scripts, operationResult, this.connOptions);
        }
        this.knownExecutedDeltas.addAll(empty.getExecutedOperationsAsPropertyDeltas());
        ExistingResourceObjectShadow doPostReadIfNeeded = (!hasVolatilityTriggerModification || doPreReadIfNeeded == null) ? null : doPostReadIfNeeded(convertToUcfOperations, this.knownExecutedDeltas, doPreReadIfNeeded, operationResult);
        ArrayList arrayList = new ArrayList(this.requestedDeltas);
        ItemDeltaCollectionsUtil.mergeAll(arrayList, this.knownExecutedDeltas);
        determineAndExecuteEntitlementObjectsOperations(doPreReadIfNeeded, doPostReadIfNeeded, arrayList, operationResult);
        if (!this.knownExecutedDeltas.isEmpty()) {
            PrismUtil.setDeltaOldValue(doPreReadIfNeeded != null ? doPreReadIfNeeded.getPrismObject() : this.repoShadow.getPrismObject(), this.knownExecutedDeltas);
        }
        LOGGER.trace("Modification side-effect changes:\n{}", DebugUtil.debugDumpLazily(this.knownExecutedDeltas));
        LOGGER.trace("Modified resource object {}", this.repoShadow);
        ResourceObjectConverter.computeResultStatusAndAsyncOpReference(operationResult);
        return ResourceObjectModifyReturnValue.fromResult(this.knownExecutedDeltas, operationResult, empty.getOperationType());
    }

    @Nullable
    private ExistingResourceObjectShadow doPreReadIfNeeded(Collection<Operation> collection, boolean z, OperationResult operationResult) throws ObjectNotFoundException, CommunicationException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
        if (!shouldDoPreRead(collection, z)) {
            return null;
        }
        LOGGER.trace("Pre-reading resource object");
        ExistingResourceObjectShadow preOrPostRead = preOrPostRead(this.ctx, this.identification, collection, true, this.repoShadow, operationResult);
        if (preOrPostRead == null) {
            return null;
        }
        LOGGER.trace("Pre-read object (straight from the resource):\n{}", DebugUtil.debugDumpLazily(preOrPostRead, 1));
        ExistingResourceObjectShadow futurizeResourceObject = ResourceObjectFuturizer.futurizeResourceObject(this.ctx, this.repoShadow, preOrPostRead, true, this.now);
        LOGGER.trace("Pre-read object (applied pending operations):\n{}", DebugUtil.debugDumpLazily(futurizeResourceObject, 1));
        return futurizeResourceObject;
    }

    private boolean shouldDoPreRead(Collection<Operation> collection, boolean z) {
        if (z) {
            LOGGER.trace("-> Doing resource object pre-read because of volatility trigger modification");
            return true;
        }
        if (this.ctx.isAvoidDuplicateValues()) {
            LOGGER.trace("Doing resource object pre-read because 'avoidDuplicateValues' is set");
            return true;
        }
        if (Operation.isRename(collection, this.objectDefinition)) {
            LOGGER.trace("Doing resource object pre-read because of rename operation");
            return true;
        }
        LOGGER.trace("Will not do resource object pre-read because there's no explicit reason to do so");
        return false;
    }

    @Nullable
    private ExistingResourceObjectShadow doPostReadIfNeeded(@NotNull Collection<Operation> collection, @NotNull Collection<PropertyDelta<?>> collection2, ExistingResourceObjectShadow existingResourceObjectShadow, @NotNull OperationResult operationResult) throws ObjectNotFoundException, CommunicationException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
        if (!$assertionsDisabled && existingResourceObjectShadow == null) {
            throw new AssertionError();
        }
        LOGGER.trace("Post-reading resource shadow");
        ExistingResourceObjectShadow preOrPostRead = preOrPostRead(this.ctx, this.identification, collection, true, this.repoShadow, operationResult);
        LOGGER.trace("Post-read object:\n{}", DebugUtil.debugDumpLazily(preOrPostRead));
        if (preOrPostRead == null) {
            return null;
        }
        ObjectDelta<ShadowType> diff = existingResourceObjectShadow.getPrismObject().diff(preOrPostRead.getPrismObject());
        LOGGER.trace("Determined side-effect changes by old-new diff:\n{}", diff.debugDumpLazily());
        for (ItemDelta<?, ?> itemDelta : diff.getModifications()) {
            if (itemDelta.getParentPath().startsWithName(ShadowType.F_ATTRIBUTES) && !ItemDeltaCollectionsUtil.hasEquivalent(this.requestedDeltas, itemDelta) && !isSimulatedReferenceAttributeDelta(itemDelta)) {
                ItemDeltaCollectionsUtil.merge(collection2, itemDelta);
            }
        }
        LOGGER.trace("Side-effect changes after merging with old-new diff:\n{}", DebugUtil.debugDumpLazily(collection2));
        return preOrPostRead;
    }

    private boolean isSimulatedReferenceAttributeDelta(ItemDelta<?, ?> itemDelta) {
        Object mo2415getDefinition = itemDelta.mo2415getDefinition();
        return (mo2415getDefinition instanceof ShadowReferenceAttributeDefinition) && ((ShadowReferenceAttributeDefinition) mo2415getDefinition).isSimulated();
    }

    private boolean hasVolatilityTriggerModification() throws SchemaException {
        if (!this.ctx.getObjectDefinitionRequired().getAttributesVolatileOnModifyOperation().isEmpty()) {
            LOGGER.trace("Any attribute is a volatility trigger");
            return true;
        }
        Iterator<? extends ItemDelta<?, ?>> it = this.requestedDeltas.iterator();
        while (it.hasNext()) {
            ItemPath path = it.next().getPath();
            if (ShadowUtil.isAttributeModification(path.firstName())) {
                ItemName firstNameOrFail = path.rest().firstNameOrFail();
                if (this.ctx.findAttributeDefinitionRequired(firstNameOrFail).isVolatilityTrigger()) {
                    LOGGER.trace("Volatility trigger attribute {} is being changed", firstNameOrFail);
                    return true;
                }
            }
        }
        return false;
    }

    private void determineAndExecuteEntitlementObjectsOperations(@Nullable ExistingResourceObjectShadow existingResourceObjectShadow, @Nullable ExistingResourceObjectShadow existingResourceObjectShadow2, @NotNull Collection<? extends ItemDelta<?, ?>> collection, @NotNull OperationResult operationResult) throws SchemaException, ObjectNotFoundException, CommunicationException, SecurityViolationException, ConfigurationException, ObjectAlreadyExistsException {
        ShadowType bean;
        ShadowType bean2;
        EntitlementConverter.EntitlementObjectsOperations entitlementObjectsOperations = new EntitlementConverter.EntitlementObjectsOperations();
        EntitlementConverter entitlementConverter = new EntitlementConverter(this.ctx);
        if (existingResourceObjectShadow != null) {
            bean = existingResourceObjectShadow.getBean();
            if (existingResourceObjectShadow2 != null) {
                bean2 = existingResourceObjectShadow2.getBean();
            } else {
                ExistingResourceObjectShadow mo1867clone = existingResourceObjectShadow.mo1867clone();
                mo1867clone.updateWith(collection);
                bean2 = mo1867clone.bean;
            }
        } else {
            if (!$assertionsDisabled && existingResourceObjectShadow2 != null) {
                throw new AssertionError();
            }
            bean = this.repoShadow.getBean();
            RepoShadow mo1867clone2 = this.repoShadow.mo1867clone();
            mo1867clone2.updateWith(collection);
            bean2 = mo1867clone2.getBean();
        }
        Collection<ShadowReferenceAttribute> referenceAttributes = ShadowUtil.getReferenceAttributes(bean);
        LOGGER.trace("determineAndExecuteEntitlementObjectsOperations, old subject state:\n{}", bean.debugDumpLazily(1));
        for (ItemDelta<?, ?> itemDelta : collection) {
            ItemPath path = itemDelta.getPath();
            if (itemDelta.mo2415getDefinition() instanceof ShadowReferenceAttributeDefinition) {
                entitlementConverter.transformToObjectOpsOnModify(entitlementObjectsOperations, ShadowReferenceAttributesCollection.ofDelta(itemDelta), bean, bean2, operationResult);
            } else if (itemDelta.mo2415getDefinition() instanceof ShadowSimpleAttributeDefinition) {
                if (referenceAttributes.isEmpty()) {
                    LOGGER.trace("No references in old shadow. Skipping processing entitlements change for {}.", path);
                } else {
                    LOGGER.trace("Processing reference attributes in old shadow for {}:\n{}", path, DebugUtil.debugDumpLazily(referenceAttributes, 1));
                    for (ShadowReferenceAttribute shadowReferenceAttribute : referenceAttributes) {
                        ItemName elementName = shadowReferenceAttribute.getElementName();
                        ShadowReferenceAttributeDefinition findReferenceAttributeDefinitionRequired = this.ctx.getObjectDefinitionRequired().findReferenceAttributeDefinitionRequired(elementName, () -> {
                            return this.ctx.getExceptionDescription();
                        });
                        if (EntitlementUtils.isSimulatedObjectToSubject(findReferenceAttributeDefinitionRequired) && EntitlementUtils.isVisible(findReferenceAttributeDefinitionRequired, this.ctx) && EntitlementUtils.requiresExplicitReferentialIntegrity(findReferenceAttributeDefinitionRequired)) {
                            QName primarySubjectBindingAttributeName = findReferenceAttributeDefinitionRequired.getSimulationDefinitionRequired().getPrimarySubjectBindingAttributeName();
                            if (ShadowUtil.matchesAttribute(path, primarySubjectBindingAttributeName)) {
                                for (PrismReferenceValue prismReferenceValue : shadowReferenceAttribute.getValues()) {
                                    if (isChangeReal(bean, bean2, path)) {
                                        LOGGER.trace("Processing reference attribute {} on reference-binding attribute ({}) change", elementName, primarySubjectBindingAttributeName);
                                        ReferenceDelta createEmptyDelta = findReferenceAttributeDefinitionRequired.createEmptyDelta();
                                        createEmptyDelta.addValuesToDelete(prismReferenceValue.mo1609clone());
                                        createEmptyDelta.addValuesToAdd(prismReferenceValue.mo1609clone());
                                        LOGGER.trace("Add-delete reference delta for {} and {}:\n{}", path, elementName, createEmptyDelta.debugDumpLazily(1));
                                        entitlementConverter.transformToObjectOpsOnModify(entitlementObjectsOperations, ShadowReferenceAttributesCollection.ofDelta(createEmptyDelta), bean, bean2, operationResult);
                                    } else {
                                        LOGGER.trace("NOT processing reference attribute {} because the related attribute ({}) change is phantom", elementName, primarySubjectBindingAttributeName);
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        executeEntitlementObjectsOperations(entitlementObjectsOperations, operationResult);
    }

    private <T> boolean isChangeReal(ShadowType shadowType, ShadowType shadowType2, ItemPath itemPath) throws SchemaException {
        PrismProperty<T> findProperty = shadowType.asPrismObject().findProperty(itemPath);
        PrismProperty<T> findProperty2 = shadowType2.asPrismObject().findProperty(itemPath);
        boolean z = findProperty == null || findProperty.isEmpty();
        boolean z2 = findProperty2 == null || findProperty2.isEmpty();
        if (z) {
            return !z2;
        }
        if (z2) {
            return true;
        }
        MatchingRule<T> matchingRule = getMatchingRule(findProperty2.mo2415getDefinition());
        return !MiscUtil.unorderedCollectionEquals(findProperty.getValues(), findProperty2.getValues(), (prismPropertyValue, prismPropertyValue2) -> {
            try {
                return matchingRule.match(PrismPropertyValue.getRealValue(prismPropertyValue), PrismPropertyValue.getRealValue(prismPropertyValue2));
            } catch (SchemaException e) {
                throw new IllegalStateException(e);
            }
        });
    }

    private <T> MatchingRule<T> getMatchingRule(PrismPropertyDefinition<T> prismPropertyDefinition) throws SchemaException {
        return this.b.matchingRuleRegistry.getMatchingRule((QName) ObjectUtils.defaultIfNull(prismPropertyDefinition != null ? prismPropertyDefinition.getMatchingRuleQName() : null, PrismConstants.DEFAULT_MATCHING_RULE_NAME), null);
    }

    private List<Operation> convertToUcfOperations(OperationResult operationResult) throws SchemaException {
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        for (ItemDelta<?, ?> itemDelta : this.requestedDeltas) {
            if (isAttributeDelta(itemDelta) || SchemaConstants.PATH_PASSWORD.equivalent(itemDelta.getParentPath())) {
                if (itemDelta instanceof PropertyDelta) {
                    PropertyModificationOperation propertyModificationOperation = new PropertyModificationOperation((PropertyDelta) itemDelta);
                    ShadowSimpleAttributeDefinition findSimpleAttributeDefinition = this.objectDefinition.findSimpleAttributeDefinition(itemDelta.getElementName());
                    if (findSimpleAttributeDefinition != null) {
                        propertyModificationOperation.setMatchingRuleQName(findSimpleAttributeDefinition.getMatchingRuleQName());
                        if (itemDelta.mo2415getDefinition() == null) {
                            itemDelta.setDefinition(findSimpleAttributeDefinition);
                        }
                    }
                    arrayList.add(propertyModificationOperation);
                } else if (itemDelta instanceof ContainerDelta) {
                    continue;
                } else {
                    if (!(itemDelta instanceof ReferenceDelta)) {
                        throw unsupported(itemDelta);
                    }
                    arrayList.addAll(new EntitlementConverter(this.ctx).transformToSubjectOpsOnModify(ShadowReferenceAttributesCollection.ofDelta(itemDelta)));
                }
            } else if (SchemaConstants.PATH_ACTIVATION.equivalent(itemDelta.getParentPath())) {
                if (!z) {
                    arrayList.addAll(new ActivationConverter(this.ctx).transformOnModify(this.repoShadow, this.requestedDeltas, operationResult));
                    z = true;
                }
            } else if (!ShadowType.F_AUXILIARY_OBJECT_CLASS.equivalent(itemDelta.getPath())) {
                LOGGER.trace("Skip converting item delta: {}. It's not a resource object change", itemDelta);
            } else {
                if (!(itemDelta instanceof PropertyDelta)) {
                    throw unsupported(itemDelta);
                }
                arrayList.add(new PropertyModificationOperation((PropertyDelta) itemDelta));
            }
        }
        LOGGER.trace("Converted to UCF operations:\n{}", DebugUtil.debugDumpLazily(arrayList, 1));
        return arrayList;
    }

    private static UnsupportedOperationException unsupported(ItemDelta<?, ?> itemDelta) {
        return new UnsupportedOperationException("Unsupported delta: " + itemDelta);
    }

    private void assertNoDuplicates(Collection<Operation> collection) throws SchemaException {
        if (InternalsConfig.isSanityChecks() && MiscUtil.hasDuplicates(collection)) {
            throw new SchemaException("Duplicated changes: " + collection);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isAttributeDelta(ItemDelta<?, ?> itemDelta) {
        return ShadowType.F_ATTRIBUTES.equivalent(itemDelta.getParentPath());
    }

    @Override // com.evolveum.midpoint.provisioning.impl.resourceobjects.ResourceObjectProvisioningOperation
    Trace getLogger() {
        return LOGGER;
    }

    static {
        $assertionsDisabled = !ResourceObjectModifyOperation.class.desiredAssertionStatus();
        LOGGER = TraceManager.getTrace((Class<?>) ResourceObjectModifyOperation.class);
    }
}
