package com.evolveum.midpoint.security.enforcer.impl;

import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismValue;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.selector.eval.ClauseProcessingContextDescription;
import com.evolveum.midpoint.schema.selector.eval.MatchingContext;
import com.evolveum.midpoint.schema.selector.eval.ObjectFilterExpressionEvaluator;
import com.evolveum.midpoint.schema.selector.eval.OwnerResolver;
import com.evolveum.midpoint.schema.selector.eval.SubjectedEvaluationContext;
import com.evolveum.midpoint.schema.selector.spec.ValueSelector;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.util.Set;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/security-enforcer-impl-4.9.2-SNAPSHOT.jar:com/evolveum/midpoint/security/enforcer/impl/SelectorEvaluation.class */
public class SelectorEvaluation implements SubjectedEvaluationContext {
    private static final Trace LOGGER;

    @NotNull
    final String id;

    @NotNull
    final ValueSelector selector;

    @Nullable
    private final PrismValue value;

    @NotNull
    final String desc;

    @NotNull
    final AuthorizationEvaluation authorizationEvaluation;

    @NotNull
    private final EnforcerOperation enforcerOp;

    @NotNull
    final Beans b;

    @NotNull
    private final OperationResult result;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SelectorEvaluation(@NotNull String str, @NotNull ValueSelector valueSelector, @Nullable PrismValue prismValue, @NotNull String str2, @NotNull AuthorizationEvaluation authorizationEvaluation, @NotNull OperationResult operationResult) {
        this.id = str;
        this.selector = valueSelector;
        this.value = prismValue;
        this.desc = str2;
        this.authorizationEvaluation = authorizationEvaluation;
        this.enforcerOp = authorizationEvaluation.op;
        this.b = this.enforcerOp.b;
        this.result = operationResult;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSelectorApplicable() throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        MatchingContext matchingContext = new MatchingContext(createFilterEvaluator(), this.enforcerOp.tracer, this.b.repositoryService, this, this.enforcerOp.ownerResolver, this::resolveReference, ClauseProcessingContextDescription.defaultOne(this.id, this.desc), SubjectedEvaluationContext.DelegatorSelection.NO_DELEGATOR, this.enforcerOp.isFullInformationAvailable());
        if ($assertionsDisabled || this.value != null) {
            return this.selector.matches(this.value, matchingContext);
        }
        throw new AssertionError();
    }

    ObjectFilterExpressionEvaluator createFilterEvaluator() {
        return this.authorizationEvaluation.createFilterEvaluator(this.desc);
    }

    @Override // com.evolveum.midpoint.schema.selector.eval.SubjectedEvaluationContext
    public String getPrincipalOid() {
        return this.enforcerOp.getPrincipalOid();
    }

    @Override // com.evolveum.midpoint.schema.selector.eval.SubjectedEvaluationContext
    public FocusType getPrincipalFocus() {
        return this.enforcerOp.getPrincipalFocus();
    }

    @NotNull
    public String getDesc() {
        return this.desc;
    }

    @Override // com.evolveum.midpoint.schema.selector.eval.SubjectedEvaluationContext
    @NotNull
    public Set<String> getSelfOids(@NotNull SubjectedEvaluationContext.DelegatorSelection delegatorSelection) {
        return this.enforcerOp.getAllSelfOids(delegatorSelection);
    }

    @Override // com.evolveum.midpoint.schema.selector.eval.SubjectedEvaluationContext
    @NotNull
    public Set<String> getSelfPlusRolesOids(@NotNull SubjectedEvaluationContext.DelegatorSelection delegatorSelection) {
        return this.enforcerOp.getAllSelfPlusRolesOids(delegatorSelection);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nullable
    public OwnerResolver getOwnerResolver() {
        return this.enforcerOp.ownerResolver;
    }

    @NotNull
    public RepositoryService getRepositoryService() {
        return this.b.repositoryService;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrismObject<? extends ObjectType> resolveReference(ObjectReferenceType objectReferenceType, Object obj, String str) {
        if (objectReferenceType == null || objectReferenceType.getOid() == null) {
            return null;
        }
        try {
            return this.b.repositoryService.getObject(objectReferenceType.getType() != null ? this.b.prismContext.getSchemaRegistry().getCompileTimeClass(objectReferenceType.getType()) : UserType.class, objectReferenceType.getOid(), GetOperationOptions.createAllowNotFoundCollection(), this.result);
        } catch (ObjectNotFoundException | SchemaException e) {
            LoggingUtils.logExceptionAsWarning(LOGGER, "Couldn't resolve {} of {}", e, str, MiscUtil.getDiagInfo(obj));
            return null;
        }
    }

    static {
        $assertionsDisabled = !SelectorEvaluation.class.desiredAssertionStatus();
        LOGGER = TraceManager.getTrace((Class<?>) SecurityEnforcerImpl.class);
    }
}
