package com.evolveum.midpoint.security.enforcer.impl;

import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismObjectValue;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.security.api.Authorization;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.enforcer.api.CompileConstraintsOptions;
import com.evolveum.midpoint.security.enforcer.api.ObjectSecurityConstraints;
import com.evolveum.midpoint.security.enforcer.api.PrismEntityOpConstraints;
import com.evolveum.midpoint.security.enforcer.api.SecurityEnforcer;
import com.evolveum.midpoint.security.enforcer.impl.SecurityTraceEvent;
import com.evolveum.midpoint.security.enforcer.impl.prism.SinglePhasePrismEntityOpConstraintsImpl;
import com.evolveum.midpoint.security.enforcer.impl.prism.TwoPhasesPrismEntityOpConstraintsImpl;
import com.evolveum.midpoint.security.enforcer.impl.prism.UpdatablePrismEntityOpConstraints;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import java.util.Iterator;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/security-enforcer-impl-4.9.4-SNAPSHOT.jar:com/evolveum/midpoint/security/enforcer/impl/CompileConstraintsOperation.class */
public class CompileConstraintsOperation<O extends ObjectType> extends EnforcerOperation {

    @NotNull
    private final CompileConstraintsOptions options;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CompileConstraintsOperation(@Nullable MidPointPrincipal midPointPrincipal, @NotNull SecurityEnforcer.Options options, @NotNull Beans beans, @NotNull CompileConstraintsOptions compileConstraintsOptions, @NotNull Task task) {
        super(midPointPrincipal, options, beans, task);
        this.options = compileConstraintsOptions;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public ObjectSecurityConstraints compileSecurityConstraints(PrismObject<O> prismObject, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        MiscUtil.argCheck(prismObject != null, "Cannot compile security constraints of null object", new Object[0]);
        traceCompileObjectSecurityConstraintStarted(prismObject);
        ObjectSecurityConstraintsImpl objectSecurityConstraintsImpl = new ObjectSecurityConstraintsImpl();
        int i = 0;
        for (Authorization authorization : getAuthorizations()) {
            int i2 = i;
            i++;
            AuthorizationEvaluation authorizationEvaluation = new AuthorizationEvaluation(i2, authorization, this, operationResult);
            authorizationEvaluation.traceStart();
            if (authorizationEvaluation.isApplicableToObject(prismObject)) {
                objectSecurityConstraintsImpl.applyAuthorization(authorization);
                authorizationEvaluation.traceEndApplied();
            } else {
                authorizationEvaluation.traceEndNotApplicable();
            }
        }
        traceCompileObjectSecurityConstraintsFinished(prismObject, objectSecurityConstraintsImpl);
        return objectSecurityConstraintsImpl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public PrismEntityOpConstraints.ForValueContent compileValueOperationConstraints(@NotNull PrismObjectValue<?> prismObjectValue, @Nullable AuthorizationPhaseType authorizationPhaseType, @NotNull String[] strArr, @NotNull OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, CommunicationException, SecurityViolationException, ConfigurationException, ObjectNotFoundException {
        traceCompileValueOperationConstraintsStarted(prismObjectValue, strArr);
        UpdatablePrismEntityOpConstraints.ForValueContent forValueContent = authorizationPhaseType != null ? new SinglePhasePrismEntityOpConstraintsImpl.ForValueContent(authorizationPhaseType) : new TwoPhasesPrismEntityOpConstraintsImpl.ForValueContent();
        int i = 0;
        Iterator<Authorization> it = getAuthorizations().iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            AuthorizationEvaluation authorizationEvaluation = new AuthorizationEvaluation(i2, it.next(), this, operationResult);
            authorizationEvaluation.traceStart();
            if (authorizationEvaluation.isApplicableToActions(strArr)) {
                forValueContent.applyAuthorization(prismObjectValue, authorizationEvaluation);
                authorizationEvaluation.traceEndApplied();
            } else {
                authorizationEvaluation.traceEndNotApplicable();
            }
        }
        traceCompileValueOperationConstraintsFinished(prismObjectValue, forValueContent);
        return forValueContent;
    }

    @NotNull
    public CompileConstraintsOptions getOptions() {
        return this.options;
    }

    private void traceCompileObjectSecurityConstraintStarted(@NotNull PrismObject<O> prismObject) {
        if (this.tracer.isEnabled()) {
            this.tracer.trace(new SecurityTraceEvent.CompileObjectSecurityConstraintsStarted(this, prismObject));
        }
    }

    private void traceCompileObjectSecurityConstraintsFinished(@NotNull PrismObject<O> prismObject, @NotNull ObjectSecurityConstraintsImpl objectSecurityConstraintsImpl) {
        if (this.tracer.isEnabled()) {
            this.tracer.trace(new SecurityTraceEvent.CompileObjectSecurityConstraintsFinished(this, prismObject, objectSecurityConstraintsImpl));
        }
    }

    private void traceCompileValueOperationConstraintsStarted(@NotNull PrismObjectValue<?> prismObjectValue, @NotNull String[] strArr) {
        if (this.tracer.isEnabled()) {
            this.tracer.trace(new SecurityTraceEvent.CompileValueOperationConstraintsStarted(this, prismObjectValue, strArr));
        }
    }

    private void traceCompileValueOperationConstraintsFinished(@NotNull PrismObjectValue<?> prismObjectValue, UpdatablePrismEntityOpConstraints.ForValueContent forValueContent) {
        if (this.tracer.isEnabled()) {
            this.tracer.trace(new SecurityTraceEvent.CompileValueOperationConstraintsFinished(this, prismObjectValue, forValueContent));
        }
    }

    @Override // com.evolveum.midpoint.security.enforcer.impl.EnforcerOperation
    public boolean isFullInformationAvailable() {
        return this.options.isFullInformationAvailable();
    }
}
