package com.evolveum.midpoint.model.impl.integrity.shadows;

import com.evolveum.midpoint.model.impl.ModelBeans;
import com.evolveum.midpoint.prism.Item;
import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.delta.ChangeType;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.impl.binding.AbstractMutableContainerable;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.provisioning.api.ProvisioningService;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.GetOperationOptions;
import com.evolveum.midpoint.schema.SelectorOptions;
import com.evolveum.midpoint.schema.processor.CompleteResourceSchema;
import com.evolveum.midpoint.schema.processor.ResourceObjectDefinition;
import com.evolveum.midpoint.schema.processor.ResourceObjectTypeDefinition;
import com.evolveum.midpoint.schema.processor.ResourceSchemaFactory;
import com.evolveum.midpoint.schema.processor.ShadowSimpleAttributeDefinition;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.task.api.RunningTask;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.LayerType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SynchronizationSituationType;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;
import org.jetbrains.annotations.NotNull;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/model-impl-4.9.4-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/integrity/shadows/ShadowIntegrityCheckItemProcessor.class */
public class ShadowIntegrityCheckItemProcessor {
    private static final String CLASS_DOT = ShadowIntegrityCheckItemProcessor.class.getName() + ".";
    static final String KEY_EXISTS_ON_RESOURCE = CLASS_DOT + "existsOnResource";
    static final String KEY_OWNERS = CLASS_DOT + "owners";
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ShadowIntegrityCheckItemProcessor.class);

    @NotNull
    private final ShadowIntegrityCheckActivityRun activityRun;

    @NotNull
    private final PrismContext prismContext = PrismContext.get();

    /* JADX INFO: Access modifiers changed from: package-private */
    public ShadowIntegrityCheckItemProcessor(@NotNull ShadowIntegrityCheckActivityRun shadowIntegrityCheckActivityRun) {
        this.activityRun = shadowIntegrityCheckActivityRun;
    }

    public boolean processObject(PrismObject<ShadowType> prismObject, RunningTask runningTask, OperationResult operationResult) throws CommonException {
        OperationResult createMinorSubresult = operationResult.createMinorSubresult(CLASS_DOT + "processObject");
        ShadowCheckResult shadowCheckResult = new ShadowCheckResult(prismObject);
        try {
            checkShadow(shadowCheckResult, prismObject, runningTask, createMinorSubresult);
            for (Exception exc : shadowCheckResult.getErrors()) {
                createMinorSubresult.createSubresult(CLASS_DOT + "handleObject.result").recordPartialError(exc.getMessage(), exc);
            }
            Iterator<String> it = shadowCheckResult.getWarnings().iterator();
            while (it.hasNext()) {
                createMinorSubresult.createSubresult(CLASS_DOT + "handleObject.result").recordWarning(it.next());
            }
            if (!shadowCheckResult.getErrors().isEmpty()) {
                getStats().incrementShadowsWithErrors();
            } else if (!shadowCheckResult.getWarnings().isEmpty()) {
                getStats().incrementShadowsWithWarnings();
            }
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Checking shadow {} (resource {}) finished - errors: {}, warnings: {}", ObjectTypeUtil.toShortString(shadowCheckResult.getShadow()), ObjectTypeUtil.toShortString(shadowCheckResult.getResource()), Integer.valueOf(shadowCheckResult.getErrors().size()), Integer.valueOf(shadowCheckResult.getWarnings().size()));
            }
        } catch (RuntimeException e) {
            LoggingUtils.logUnexpectedException(LOGGER, "Unexpected error while checking shadow {} integrity", e, ObjectTypeUtil.toShortString(prismObject));
            createMinorSubresult.recordPartialError("Unexpected error while checking shadow integrity", e);
            getStats().incrementShadowsWithErrors();
        }
        getStats().registerProblemCodeOccurrences(shadowCheckResult.getProblemCodes());
        if (shadowCheckResult.isFixApplied()) {
            getStats().registerProblemsFixes(shadowCheckResult.getFixForProblems());
        }
        createMinorSubresult.computeStatusIfUnknown();
        return true;
    }

    private void checkShadow(ShadowCheckResult shadowCheckResult, PrismObject<ShadowType> prismObject, Task task, OperationResult operationResult) throws SchemaException {
        ShadowCheckConfiguration configuration = this.activityRun.getConfiguration();
        ShadowType asObjectable = prismObject.asObjectable();
        ObjectReferenceType resourceRef = asObjectable.getResourceRef();
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Checking shadow {} (resource {})", ObjectTypeUtil.toShortString(asObjectable), resourceRef != null ? resourceRef.getOid() : "(null)");
        }
        getStats().incrementShadows();
        if (resourceRef == null) {
            shadowCheckResult.recordError(ShadowStatistics.NO_RESOURCE_OID, new SchemaException("No resourceRef"));
            fixNoResourceIfRequested(shadowCheckResult, ShadowStatistics.NO_RESOURCE_OID);
            applyFixes(shadowCheckResult, prismObject, task, operationResult);
            return;
        }
        String oid = resourceRef.getOid();
        if (oid == null) {
            shadowCheckResult.recordError(ShadowStatistics.NO_RESOURCE_OID, new SchemaException("Null resource OID"));
            fixNoResourceIfRequested(shadowCheckResult, ShadowStatistics.NO_RESOURCE_OID);
            applyFixes(shadowCheckResult, prismObject, task, operationResult);
            return;
        }
        PrismObject<ResourceType> cachedResource = getCachedResource(oid);
        if (cachedResource == null) {
            getStats().incrementResources();
            try {
                cachedResource = getProvisioningService().getObject(ResourceType.class, oid, null, task, operationResult);
                cacheResource(cachedResource);
            } catch (ObjectNotFoundException e) {
                shadowCheckResult.recordError(ShadowStatistics.NO_RESOURCE, e.wrap("Resource definition does not exist"));
                fixNoResourceIfRequested(shadowCheckResult, ShadowStatistics.NO_RESOURCE);
                applyFixes(shadowCheckResult, prismObject, task, operationResult);
                return;
            } catch (SchemaException e2) {
                shadowCheckResult.recordError(ShadowStatistics.CANNOT_GET_RESOURCE, new SchemaException("Resource definition has schema problems: " + e2.getMessage(), e2));
                return;
            } catch (CommonException | RuntimeException e3) {
                shadowCheckResult.recordError(ShadowStatistics.CANNOT_GET_RESOURCE, new SystemException("Resource definition cannot be fetched for some reason: " + e3.getMessage(), e3));
                return;
            }
        }
        shadowCheckResult.setResource(cachedResource);
        ShadowKindType kind = asObjectable.getKind();
        if (kind == null) {
            shadowCheckResult.recordError(ShadowStatistics.NO_KIND_SPECIFIED, new SchemaException(ShadowStatistics.NO_KIND_SPECIFIED));
            return;
        }
        if (configuration.checkExtraData) {
            checkOrFixShadowActivationConsistency(shadowCheckResult, prismObject);
        }
        PrismObject<ShadowType> prismObject2 = null;
        if (configuration.checkFetch) {
            prismObject2 = fetchShadow(shadowCheckResult, prismObject, task, operationResult);
            if (prismObject2 != null) {
                prismObject.setUserData(KEY_EXISTS_ON_RESOURCE, "true");
            }
        }
        if (configuration.checkOwners) {
            List<PrismObject<FocusType>> searchOwners = this.activityRun.searchOwners(prismObject, operationResult);
            if (searchOwners != null) {
                prismObject.setUserData(KEY_OWNERS, searchOwners);
                if (searchOwners.size() > 1) {
                    shadowCheckResult.recordError(ShadowStatistics.MULTIPLE_OWNERS, new SchemaException("Multiple owners: " + searchOwners));
                }
            }
            if (asObjectable.getSynchronizationSituation() == SynchronizationSituationType.LINKED && (searchOwners == null || searchOwners.isEmpty())) {
                shadowCheckResult.recordError(ShadowStatistics.LINKED_WITH_NO_OWNER, new SchemaException(ShadowStatistics.LINKED_WITH_NO_OWNER));
            }
            if (asObjectable.getSynchronizationSituation() != SynchronizationSituationType.LINKED && searchOwners != null && !searchOwners.isEmpty()) {
                shadowCheckResult.recordError(ShadowStatistics.NOT_LINKED_WITH_OWNER, new SchemaException("Shadow with an owner but not marked as linked (marked as " + asObjectable.getSynchronizationSituation() + ")"));
            }
        }
        String intent = asObjectable.getIntent();
        if (configuration.checkIntents && (intent == null || intent.isEmpty())) {
            shadowCheckResult.recordWarning(ShadowStatistics.NO_INTENT_SPECIFIED, "None or empty intent");
        }
        if (configuration.fixIntents && (intent == null || intent.isEmpty())) {
            doFixIntent(shadowCheckResult, prismObject2, prismObject, cachedResource, task, operationResult);
        }
        QName objectClass = asObjectable.getObjectClass();
        if (objectClass == null) {
            shadowCheckResult.recordError(ShadowStatistics.NO_OBJECT_CLASS_SPECIFIED, new SchemaException(ShadowStatistics.NO_OBJECT_CLASS_SPECIFIED));
            return;
        }
        ContextMapKey contextMapKey = new ContextMapKey(oid, objectClass);
        ObjectTypeContext objectTypeContext = this.activityRun.getObjectTypeContext(contextMapKey);
        if (objectTypeContext == null) {
            objectTypeContext = new ObjectTypeContext();
            objectTypeContext.setResource(cachedResource);
            try {
                CompleteResourceSchema completeSchema = ResourceSchemaFactory.getCompleteSchema(objectTypeContext.getResource(), LayerType.MODEL);
                if (completeSchema == null) {
                    shadowCheckResult.recordError(ShadowStatistics.NO_RESOURCE_REFINED_SCHEMA, new SchemaException("No resource schema"));
                    return;
                }
                String intent2 = ShadowUtil.getIntent(prismObject);
                ResourceObjectDefinition findObjectDefinition = ShadowUtil.isKnown(intent2) ? completeSchema.findObjectDefinition(kind, intent2) : completeSchema.findDefaultDefinitionForKind(kind);
                ResourceObjectTypeDefinition typeDefinition = findObjectDefinition != null ? findObjectDefinition.getTypeDefinition() : null;
                if (typeDefinition == null) {
                    shadowCheckResult.recordError(ShadowStatistics.NO_OBJECT_CLASS_REFINED_SCHEMA, new SchemaException("No object type definition for kind=" + kind + ", intent=" + intent));
                    return;
                } else {
                    objectTypeContext.setObjectTypeDefinition(typeDefinition);
                    this.activityRun.putObjectTypeContext(contextMapKey, objectTypeContext);
                }
            } catch (ConfigurationException | SchemaException e4) {
                shadowCheckResult.recordError(ShadowStatistics.CANNOT_GET_REFINED_SCHEMA, new SchemaException("Couldn't derive resource schema: " + e4.getMessage(), e4));
                return;
            }
        }
        try {
            getProvisioningService().applyDefinition(prismObject, task, operationResult);
            HashSet<ShadowSimpleAttributeDefinition<?>> hashSet = new HashSet();
            Collection<? extends ShadowSimpleAttributeDefinition<?>> primaryIdentifiers = objectTypeContext.getObjectTypeDefinition().getPrimaryIdentifiers();
            hashSet.addAll(primaryIdentifiers);
            hashSet.addAll(objectTypeContext.getObjectTypeDefinition().getSecondaryIdentifiers());
            Item findContainer = prismObject.findContainer(ShadowType.F_ATTRIBUTES);
            if (findContainer == null) {
                shadowCheckResult.recordError(ShadowStatistics.OTHER_FAILURE, new SchemaException("No attributes container"));
                return;
            }
            for (ShadowSimpleAttributeDefinition<?> shadowSimpleAttributeDefinition : hashSet) {
                PrismProperty findProperty = findContainer.getValue().findProperty(shadowSimpleAttributeDefinition.getItemName());
                if (findProperty == null || findProperty.size() == 0) {
                    shadowCheckResult.recordWarning(ShadowStatistics.OTHER_FAILURE, "No value for identifier " + shadowSimpleAttributeDefinition.getItemName());
                } else if (findProperty.size() > 1) {
                    shadowCheckResult.recordError(ShadowStatistics.OTHER_FAILURE, new SchemaException("Multi-valued identifier " + shadowSimpleAttributeDefinition.getItemName() + " with values " + findProperty.getValues()));
                } else {
                    String str = (String) findProperty.getValue().getValue();
                    if (str == null) {
                        shadowCheckResult.recordWarning(ShadowStatistics.OTHER_FAILURE, "Null value for identifier " + shadowSimpleAttributeDefinition.getItemName());
                    } else {
                        if (configuration.checkUniqueness && (!configuration.checkDuplicatesOnPrimaryIdentifiersOnly || primaryIdentifiers.contains(shadowSimpleAttributeDefinition))) {
                            addIdentifierValue(objectTypeContext, shadowSimpleAttributeDefinition.getItemName(), str, prismObject);
                        }
                        if (configuration.checkNormalization) {
                            doCheckNormalization(shadowCheckResult, shadowSimpleAttributeDefinition, str);
                        }
                    }
                }
            }
            applyFixes(shadowCheckResult, prismObject, task, operationResult);
        } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException | ObjectNotFoundException | SchemaException e5) {
            shadowCheckResult.recordError(ShadowStatistics.OTHER_FAILURE, new SystemException("Couldn't apply definition to shadow from repo", e5));
        }
    }

    private void cacheResource(PrismObject<ResourceType> prismObject) {
        this.activityRun.cacheResource(prismObject);
    }

    private PrismObject<ResourceType> getCachedResource(String str) {
        return this.activityRun.getCachedResource(str);
    }

    private void applyFixes(ShadowCheckResult shadowCheckResult, PrismObject<ShadowType> prismObject, Task task, OperationResult operationResult) {
        if (shadowCheckResult.isFixByRemovingShadow() || shadowCheckResult.getFixDeltas().size() > 0) {
            try {
                applyFix(shadowCheckResult, prismObject, task, operationResult);
                shadowCheckResult.setFixApplied(true);
            } catch (CommonException e) {
                shadowCheckResult.recordError(ShadowStatistics.CANNOT_APPLY_FIX, new SystemException("Couldn't apply the shadow fix", e));
            }
        }
    }

    private void fixNoResourceIfRequested(ShadowCheckResult shadowCheckResult, String str) {
        if (getConfiguration().fixResourceRef) {
            shadowCheckResult.setFixByRemovingShadow(str);
        }
    }

    private PrismObject<ShadowType> fetchShadow(ShadowCheckResult shadowCheckResult, PrismObject<ShadowType> prismObject, Task task, OperationResult operationResult) {
        try {
            return getProvisioningService().getObject(ShadowType.class, prismObject.getOid(), SelectorOptions.createCollection(GetOperationOptions.createDoNotDiscovery()), task, operationResult);
        } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException | ObjectNotFoundException | SchemaException | SecurityViolationException | Error | RuntimeException e) {
            shadowCheckResult.recordError(ShadowStatistics.CANNOT_FETCH_RESOURCE_OBJECT, new SystemException("The resource object couldn't be fetched", e));
            return null;
        }
    }

    private void doFixIntent(ShadowCheckResult shadowCheckResult, PrismObject<ShadowType> prismObject, PrismObject<ShadowType> prismObject2, PrismObject<ResourceType> prismObject3, Task task, OperationResult operationResult) {
        PrismObject<ShadowType> fetchShadow = !getConfiguration().checkFetch ? fetchShadow(shadowCheckResult, prismObject2, task, operationResult) : prismObject;
        if (fetchShadow == null) {
            shadowCheckResult.recordError(ShadowStatistics.CANNOT_APPLY_FIX, new SystemException("Cannot fix missing intent, because the resource object couldn't be fetched"));
            return;
        }
        try {
            PropertyDelta createReplaceDelta = this.prismContext.deltaFactory().property().createReplaceDelta(fetchShadow.mo2415getDefinition(), ShadowType.F_INTENT, getModelBeans().provisioningService.classifyResourceObject(fetchShadow.asObjectable(), prismObject3.asObjectable(), null, task, operationResult).getIntent());
            LOGGER.trace("Intent fix delta (not executed now) = \n{}", createReplaceDelta.debugDumpLazily());
            shadowCheckResult.addFixDelta(createReplaceDelta, ShadowStatistics.NO_INTENT_SPECIFIED);
        } catch (CommonException e) {
            shadowCheckResult.recordError(ShadowStatistics.CANNOT_APPLY_FIX, new SystemException("Couldn't prepare fix for missing intent, because shadow cannot be classified", e));
        }
    }

    private void applyFix(ShadowCheckResult shadowCheckResult, PrismObject<ShadowType> prismObject, Task task, OperationResult operationResult) throws CommonException {
        LOGGER.info("Applying shadow fix{}:\n{}", this.activityRun.skippedForDryRun(), shadowCheckResult.isFixByRemovingShadow() ? "DELETE " + ObjectTypeUtil.toShortString(prismObject) : DebugUtil.debugDump(shadowCheckResult.getFixDeltas()));
        if (getConfiguration().dryRun) {
            return;
        }
        try {
            if (shadowCheckResult.isFixByRemovingShadow()) {
                getRepositoryService().deleteObject(ShadowType.class, prismObject.getOid(), operationResult);
            } else {
                getRepositoryService().modifyObject(ShadowType.class, prismObject.getOid(), shadowCheckResult.getFixDeltas(), operationResult);
            }
            task.recordObjectActionExecuted(prismObject, ChangeType.MODIFY, null);
        } catch (Throwable th) {
            task.recordObjectActionExecuted(prismObject, ChangeType.MODIFY, th);
            throw th;
        }
    }

    private void doCheckNormalization(ShadowCheckResult shadowCheckResult, ShadowSimpleAttributeDefinition<?> shadowSimpleAttributeDefinition, String str) throws SchemaException {
    }

    private void addIdentifierValue(ObjectTypeContext objectTypeContext, QName qName, String str, PrismObject<ShadowType> prismObject) {
        Map<String, Set<String>> computeIfAbsent = objectTypeContext.getIdentifierValueMap().computeIfAbsent(qName, qName2 -> {
            return new HashMap();
        });
        Set<String> set = computeIfAbsent.get(str);
        if (set == null) {
            HashSet hashSet = new HashSet();
            hashSet.add(prismObject.getOid());
            computeIfAbsent.put(str, hashSet);
        } else {
            this.activityRun.duplicateShadowDetected(prismObject.getOid());
            LOGGER.error("Multiple shadows with the value of identifier attribute {} = {}: existing one(s): {}, duplicate: {}", qName, str, set, ObjectTypeUtil.toShortString(prismObject.asObjectable()));
            set.add(prismObject.getOid());
        }
    }

    private void checkOrFixShadowActivationConsistency(ShadowCheckResult shadowCheckResult, PrismObject<ShadowType> prismObject) {
        AbstractMutableContainerable activation;
        if (prismObject == null || (activation = prismObject.asObjectable().getActivation()) == null) {
            return;
        }
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_ADMINISTRATIVE_STATUS);
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_EFFECTIVE_STATUS);
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_VALID_FROM);
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_VALID_TO);
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_VALIDITY_STATUS);
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_VALIDITY_CHANGE_TIMESTAMP);
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_LOCKOUT_STATUS);
        checkOrFixActivationItem(shadowCheckResult, prismObject, activation.asPrismContainerValue(), ActivationType.F_LOCKOUT_EXPIRATION_TIMESTAMP);
    }

    private void checkOrFixActivationItem(ShadowCheckResult shadowCheckResult, PrismObject<ShadowType> prismObject, PrismContainerValue<?> prismContainerValue, ItemName itemName) {
        Item findProperty = prismContainerValue.findProperty(itemName);
        if (findProperty == null || findProperty.isEmpty()) {
            return;
        }
        shadowCheckResult.recordWarning(ShadowStatistics.EXTRA_ACTIVATION_DATA, "Unexpected activation item: " + findProperty);
        if (getConfiguration().fixExtraData) {
            shadowCheckResult.addFixDelta(this.prismContext.deltaFactory().property().createReplaceEmptyDelta(prismObject.mo2415getDefinition(), ItemPath.create(ShadowType.F_ACTIVATION, itemName)), ShadowStatistics.EXTRA_ACTIVATION_DATA);
        }
    }

    private ShadowCheckConfiguration getConfiguration() {
        return this.activityRun.getConfiguration();
    }

    private ShadowStatistics getStats() {
        return this.activityRun.getStatistics();
    }

    private ProvisioningService getProvisioningService() {
        return getModelBeans().provisioningService;
    }

    private RepositoryService getRepositoryService() {
        return getModelBeans().cacheRepositoryService;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @NotNull
    private ModelBeans getModelBeans() {
        return ((ShadowIntegrityCheckActivityHandler) this.activityRun.getActivityHandler()).getModelBeans();
    }
}
