package com.evolveum.midpoint.model.impl.scripting.actions;

import com.evolveum.midpoint.common.crypto.CryptoUtil;
import com.evolveum.midpoint.model.api.BulkAction;
import com.evolveum.midpoint.model.api.PipelineItem;
import com.evolveum.midpoint.model.impl.scripting.ExecutionContext;
import com.evolveum.midpoint.model.impl.scripting.PipelineData;
import com.evolveum.midpoint.prism.ItemFactory;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismObjectValue;
import com.evolveum.midpoint.prism.PrismValue;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.statistics.Operation;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.web.component.model.delta.DeltaDto;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.model.scripting_3.ActionExpressionType;
import jakarta.annotation.PostConstruct;
import java.util.Collection;
import org.jetbrains.annotations.NotNull;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/model-impl-4.9.2-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/scripting/actions/ReencryptExecutor.class */
public class ReencryptExecutor extends BaseActionExecutor {
    @PostConstruct
    public void init() {
        this.actionExecutorRegistry.register(this);
    }

    @Override // com.evolveum.midpoint.model.impl.scripting.ActionExecutor
    @NotNull
    public BulkAction getActionType() {
        return BulkAction.REENCRYPT;
    }

    @Override // com.evolveum.midpoint.model.impl.scripting.ActionExecutor
    public PipelineData execute(ActionExpressionType actionExpressionType, PipelineData pipelineData, ExecutionContext executionContext, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ObjectAlreadyExistsException, SecurityViolationException, PolicyViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        Protector defaultProtector = this.prismContext.getDefaultProtector();
        boolean dryRun = this.operationsHelper.getDryRun(actionExpressionType, pipelineData, executionContext, operationResult);
        PipelineData createEmpty = PipelineData.createEmpty();
        for (PipelineItem pipelineItem : pipelineData.getData()) {
            PrismValue value = pipelineItem.getValue();
            executionContext.checkTaskStop();
            OperationResult createActionResult = this.operationsHelper.createActionResult(pipelineItem, this, operationResult);
            try {
                try {
                    if (value instanceof PrismObjectValue) {
                        PrismObject asPrismObject = ((PrismObjectValue) value).asPrismObject();
                        ObjectType objectType = (ObjectType) asPrismObject.asObjectable();
                        Operation recordStart = this.operationsHelper.recordStart(executionContext, objectType);
                        try {
                            Collection<? extends ItemDelta<?, ?>> computeReencryptModifications = CryptoUtil.computeReencryptModifications(defaultProtector, asPrismObject);
                            if (!computeReencryptModifications.isEmpty()) {
                                createActionResult.addArbitraryObjectCollectionAsParam(DeltaDto.F_MODIFICATIONS, (Collection<?>) computeReencryptModifications);
                                if (dryRun) {
                                    executionContext.println("Would reencrypt (this is dry run) %s: %d modification(s)".formatted(asPrismObject.toString(), Integer.valueOf(computeReencryptModifications.size())));
                                } else {
                                    this.cacheRepositoryService.modifyObject(objectType.getClass(), objectType.getOid(), computeReencryptModifications, createActionResult);
                                    executionContext.println("Reencrypted %s: %d modification(s)".formatted(asPrismObject, Integer.valueOf(computeReencryptModifications.size())));
                                }
                            }
                            createActionResult.computeStatus();
                            this.operationsHelper.recordEnd(executionContext, recordStart, null, createActionResult);
                        } catch (Throwable th) {
                            createActionResult.recordFatalError("Couldn't reencrypt object", th);
                            this.operationsHelper.recordEnd(executionContext, recordStart, th, createActionResult);
                            executionContext.println("Couldn't reencrypt " + asPrismObject + drySuffix(dryRun) + exceptionSuffix(logOrRethrowActionException(th, value, executionContext)));
                        }
                        createEmpty.add(new PipelineItem(this.prismContext.itemFactory().createPropertyValue((ItemFactory) objectType.getOid()), pipelineItem.getResult()));
                    } else {
                        logOrRethrowActionException(new UnsupportedOperationException("Item is not a PrismObject"), value, executionContext);
                    }
                    this.operationsHelper.trimAndCloneResult(createActionResult, pipelineItem.getResult());
                } finally {
                    createActionResult.close();
                }
            } finally {
            }
        }
        return createEmpty;
    }
}
