package com.evolveum.midpoint.repo.common.security;

import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.Referencable;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.repo.common.SystemObjectCache;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.SelectorOptions;
import com.evolveum.midpoint.schema.merger.securitypolicy.SecurityPolicyCustomMerger;
import com.evolveum.midpoint.schema.processor.ResourceObjectDefinition;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
import java.util.Collection;
import java.util.Iterator;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/repo-common-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/repo/common/security/SecurityPolicyFinder.class */
public class SecurityPolicyFinder {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) SecurityPolicyFinder.class);

    @Autowired
    @Qualifier("cacheRepositoryService")
    private RepositoryService repositoryService;

    @Autowired
    private SystemObjectCache systemObjectCache;

    @Nullable
    public SecurityPolicyType locateGlobalSecurityPolicy(@Nullable PrismObject<SystemConfigurationType> prismObject, boolean z, OperationResult operationResult) {
        SecurityPolicyType locateGlobalSecurityPolicy = locateGlobalSecurityPolicy((SystemConfigurationType) ObjectTypeUtil.asObjectable(prismObject), operationResult);
        if (z) {
            resolveValuePolicyRefs(locateGlobalSecurityPolicy, operationResult);
        }
        return locateGlobalSecurityPolicy;
    }

    private SecurityPolicyType locateGlobalSecurityPolicy(SystemConfigurationType systemConfigurationType, OperationResult operationResult) {
        ObjectReferenceType globalSecurityPolicyRef = systemConfigurationType != null ? systemConfigurationType.getGlobalSecurityPolicyRef() : null;
        if (globalSecurityPolicyRef == null) {
            return null;
        }
        try {
            SecurityPolicyType securityPolicyType = (SecurityPolicyType) resolve(globalSecurityPolicyRef, SecurityPolicyType.class, null, operationResult);
            LOGGER.trace("Using global security policy: {}", securityPolicyType);
            return securityPolicyType;
        } catch (SystemException e) {
            LoggingUtils.logException(LOGGER, "Couldn't resolve global security policy", e, new Object[0]);
            return null;
        }
    }

    @Nullable
    private SecurityPolicyType locateResourceObjectSecurityPolicy(@NotNull ResourceObjectDefinition resourceObjectDefinition, @NotNull OperationResult operationResult) {
        return SecurityPolicyCustomMerger.mergeSecurityPolicies(locateResourceObjectSecurityPolicyInternal(resourceObjectDefinition, operationResult), locateGlobalSecurityPolicy(getSystemConfigurationBean(operationResult), operationResult));
    }

    @Nullable
    public SecurityPolicyType locateResourceObjectSecurityPolicyLegacy(@NotNull ResourceObjectDefinition resourceObjectDefinition, @NotNull OperationResult operationResult) {
        SecurityPolicyType locateResourceObjectSecurityPolicyInternal = locateResourceObjectSecurityPolicyInternal(resourceObjectDefinition, operationResult);
        resolveValuePolicyRefs(locateResourceObjectSecurityPolicyInternal, operationResult);
        return locateResourceObjectSecurityPolicyInternal;
    }

    @Nullable
    private SecurityPolicyType locateResourceObjectSecurityPolicyInternal(@NotNull ResourceObjectDefinition resourceObjectDefinition, @NotNull OperationResult operationResult) {
        ObjectReferenceType securityPolicyRef = resourceObjectDefinition.getSecurityPolicyRef();
        if (securityPolicyRef == null) {
            LOGGER.trace("Security policy not defined for {}", resourceObjectDefinition);
            return null;
        }
        LOGGER.trace("Loading security policy {} for {}", securityPolicyRef, resourceObjectDefinition);
        return (SecurityPolicyType) resolve(securityPolicyRef, SecurityPolicyType.class, null, operationResult);
    }

    public void resolveValuePolicyRefs(SecurityPolicyType securityPolicyType, OperationResult operationResult) {
        CredentialsPolicyType credentials;
        if (securityPolicyType == null || (credentials = securityPolicyType.getCredentials()) == null) {
            return;
        }
        resolveValuePolicyRef(securityPolicyType, credentials.getPassword(), "password policy", operationResult);
        Iterator<NonceCredentialsPolicyType> it = credentials.getNonce().iterator();
        while (it.hasNext()) {
            resolveValuePolicyRef(securityPolicyType, it.next(), "nonce credential policy", operationResult);
        }
        resolveValuePolicyRef(securityPolicyType, credentials.getSecurityQuestions(), "security questions policy", operationResult);
    }

    private void resolveValuePolicyRef(SecurityPolicyType securityPolicyType, CredentialPolicyType credentialPolicyType, String str, OperationResult operationResult) {
        ObjectReferenceType valuePolicyRef;
        if (credentialPolicyType == null || (valuePolicyRef = credentialPolicyType.getValuePolicyRef()) == null) {
            return;
        }
        try {
            valuePolicyRef.asReferenceValue().setObject(((ValuePolicyType) resolve(valuePolicyRef, ValuePolicyType.class, null, operationResult)).asPrismObject());
        } catch (SystemException e) {
            LoggingUtils.logException(LOGGER, "Couldn't resolve {} {} referenced from {}", e, str, valuePolicyRef.getOid(), securityPolicyType);
        }
    }

    @NotNull
    private <O extends ObjectType> O resolve(@NotNull Referencable referencable, @NotNull Class<O> cls, @Nullable Collection<SelectorOptions<GetOperationOptions>> collection, @NotNull OperationResult operationResult) {
        try {
            return this.repositoryService.getObject(ObjectTypeUtil.getTypeClass(referencable, cls), (String) MiscUtil.requireNonNull(referencable.getOid(), "No-OID references are not supported while resolving %s", referencable), collection, operationResult).asObjectable();
        } catch (CommonException e) {
            throw new SystemException("Couldn't resolve " + referencable + ": " + e.getMessage(), e);
        }
    }

    @Nullable
    private SystemConfigurationType getSystemConfigurationBean(@NotNull OperationResult operationResult) {
        try {
            return this.systemObjectCache.getSystemConfigurationBean(operationResult);
        } catch (SchemaException e) {
            throw new SystemException("Couldn't get the system configuration: " + e.getMessage(), e);
        }
    }

    public CredentialsPolicyType locateResourceObjectCredentialsPolicy(@NotNull ResourceObjectDefinition resourceObjectDefinition, OperationResult operationResult) {
        SecurityPolicyType locateResourceObjectSecurityPolicy = locateResourceObjectSecurityPolicy(resourceObjectDefinition, operationResult);
        if (locateResourceObjectSecurityPolicy != null) {
            return locateResourceObjectSecurityPolicy.getCredentials();
        }
        return null;
    }
}
