package com.evolveum.midpoint.security.enforcer.impl;

import com.evolveum.midpoint.prism.path.PathSet;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.selector.spec.ValueSelector;
import com.evolveum.midpoint.security.api.Authorization;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.Iterator;
import java.util.List;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:BOOT-INF/lib/security-enforcer-impl-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/security/enforcer/impl/AuthorizationSearchItemsEvaluation.class */
class AuthorizationSearchItemsEvaluation<O extends ObjectType> extends AuthorizationEvaluation {

    @NotNull
    private final Class<O> objectType;

    @NotNull
    private final List<ValueSelector> objectSelectors;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/security-enforcer-impl-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/security/enforcer/impl/AuthorizationSearchItemsEvaluation$AuthorizedSearchItems.class */
    public static final class AuthorizedSearchItems extends Record {

        @NotNull
        private final PathSet positives;

        @NotNull
        private final PathSet negatives;

        AuthorizedSearchItems(@NotNull PathSet pathSet, @NotNull PathSet pathSet2) {
            this.positives = pathSet;
            this.negatives = pathSet2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, AuthorizedSearchItems.class), AuthorizedSearchItems.class, "positives;negatives", "FIELD:Lcom/evolveum/midpoint/security/enforcer/impl/AuthorizationSearchItemsEvaluation$AuthorizedSearchItems;->positives:Lcom/evolveum/midpoint/prism/path/PathSet;", "FIELD:Lcom/evolveum/midpoint/security/enforcer/impl/AuthorizationSearchItemsEvaluation$AuthorizedSearchItems;->negatives:Lcom/evolveum/midpoint/prism/path/PathSet;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, AuthorizedSearchItems.class), AuthorizedSearchItems.class, "positives;negatives", "FIELD:Lcom/evolveum/midpoint/security/enforcer/impl/AuthorizationSearchItemsEvaluation$AuthorizedSearchItems;->positives:Lcom/evolveum/midpoint/prism/path/PathSet;", "FIELD:Lcom/evolveum/midpoint/security/enforcer/impl/AuthorizationSearchItemsEvaluation$AuthorizedSearchItems;->negatives:Lcom/evolveum/midpoint/prism/path/PathSet;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, AuthorizedSearchItems.class, Object.class), AuthorizedSearchItems.class, "positives;negatives", "FIELD:Lcom/evolveum/midpoint/security/enforcer/impl/AuthorizationSearchItemsEvaluation$AuthorizedSearchItems;->positives:Lcom/evolveum/midpoint/prism/path/PathSet;", "FIELD:Lcom/evolveum/midpoint/security/enforcer/impl/AuthorizationSearchItemsEvaluation$AuthorizedSearchItems;->negatives:Lcom/evolveum/midpoint/prism/path/PathSet;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        @NotNull
        public PathSet positives() {
            return this.positives;
        }

        @NotNull
        public PathSet negatives() {
            return this.negatives;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizationSearchItemsEvaluation(int i, @NotNull Class<O> cls, @NotNull Authorization authorization, @NotNull EnforcerOperation enforcerOperation, @NotNull OperationResult operationResult) throws ConfigurationException {
        super(i, authorization, enforcerOperation, operationResult);
        this.objectType = cls;
        this.objectSelectors = authorization.getParsedObjectSelectors();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nullable
    public AuthorizedSearchItems getAuthorizedSearchItems() throws ConfigurationException {
        if (this.objectSelectors.isEmpty()) {
            traceEndApplied("applied (no object selectors)", new Object[0]);
            return new AuthorizedSearchItems(this.authorization.getItems(), this.authorization.getExceptItems());
        }
        Iterator<ValueSelector> it = this.objectSelectors.iterator();
        while (it.hasNext()) {
            AuthorizedSearchItems processAuthorizedSearchItemsSelector = processAuthorizedSearchItemsSelector(it.next());
            if (processAuthorizedSearchItemsSelector != null) {
                return processAuthorizedSearchItemsSelector;
            }
        }
        traceEndNotApplicable("not applicable (no selector applies)", new Object[0]);
        return null;
    }

    private AuthorizedSearchItems processAuthorizedSearchItemsSelector(ValueSelector valueSelector) throws ConfigurationException {
        String humanReadableDesc = TracingUtil.getHumanReadableDesc(valueSelector);
        TieredSelectorWithItems asTieredSelectors = SelectorWithItems.of(valueSelector, this.authorization.getItems(), this.authorization.getExceptItems(), humanReadableDesc, this.authorization.isExceptMetadata()).asTieredSelectors(this.objectType);
        if (asTieredSelectors == null || !asTieredSelectors.hasOverlapWith(this.objectType)) {
            traceAutzProcessingNote("selector %s cannot be matched to %s", humanReadableDesc, this.objectType.getSimpleName());
            return null;
        }
        traceEndApplied("applied; selector %s matches %s", humanReadableDesc, this.objectType.getSimpleName());
        return new AuthorizedSearchItems(asTieredSelectors.getPositives(), asTieredSelectors.getNegatives());
    }
}
