package com.evolveum.midpoint.provisioning.impl.shadows.manager;

import com.evolveum.midpoint.common.Clock;
import com.evolveum.midpoint.prism.Item;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.provisioning.impl.ProvisioningContext;
import com.evolveum.midpoint.repo.common.security.CredentialsStorageManager;
import com.evolveum.midpoint.repo.common.security.SecurityPolicyFinder;
import com.evolveum.midpoint.schema.processor.ResourceObjectDefinition;
import com.evolveum.midpoint.schema.processor.ShadowAttribute;
import com.evolveum.midpoint.schema.processor.ShadowReferenceAttribute;
import com.evolveum.midpoint.schema.processor.ShadowReferenceAttributeDefinition;
import com.evolveum.midpoint.schema.processor.ShadowReferenceAttributeValue;
import com.evolveum.midpoint.schema.processor.ShadowSimpleAttribute;
import com.evolveum.midpoint.schema.processor.ShadowSimpleAttributeDefinition;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.AbstractShadow;
import com.evolveum.midpoint.schema.util.RawRepoShadow;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CachingMetadataType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.util.Iterator;
import java.util.function.Supplier;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

/* JADX INFO: Access modifiers changed from: package-private */
@Component
/* loaded from: input_file:BOOT-INF/lib/provisioning-impl-4.9.4-SNAPSHOT.jar:com/evolveum/midpoint/provisioning/impl/shadows/manager/ShadowObjectComputer.class */
public class ShadowObjectComputer {

    @Autowired
    private Clock clock;

    @Autowired
    CredentialsStorageManager credentialsStorageManager;

    @Autowired
    SecurityPolicyFinder securityPolicyFinder;
    static final /* synthetic */ boolean $assertionsDisabled;

    ShadowObjectComputer() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public RawRepoShadow createShadowForRepoStorage(ProvisioningContext provisioningContext, AbstractShadow abstractShadow, OperationResult operationResult) throws SchemaException, EncryptionException {
        PasswordType password;
        abstractShadow.checkConsistence();
        ShadowType clone = abstractShadow.getBean().clone();
        PrismObject<ShadowType> asPrismObject = clone.asPrismObject();
        asPrismObject.removeContainer(ShadowType.F_ASSOCIATIONS);
        asPrismObject.removeContainer(ShadowType.F_ATTRIBUTES);
        asPrismObject.applyDefinition(PrismContext.get().getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ShadowType.class));
        Object determinePrimaryIdentifierValue = ShadowManagerMiscUtil.determinePrimaryIdentifierValue(abstractShadow, provisioningContext.determineShadowState(clone));
        clone.setPrimaryIdentifierValue(determinePrimaryIdentifierValue != null ? determinePrimaryIdentifierValue.toString() : null);
        ResourceObjectDefinition objectDefinition = abstractShadow.getObjectDefinition();
        for (ShadowAttribute<?, ?, ?, ?> shadowAttribute : abstractShadow.getAttributes()) {
            if (shadowAttribute instanceof ShadowSimpleAttribute) {
                ShadowSimpleAttribute shadowSimpleAttribute = (ShadowSimpleAttribute) shadowAttribute;
                ShadowSimpleAttributeDefinition definitionRequired = shadowSimpleAttribute.getDefinitionRequired();
                if (ShadowComputerUtil.shouldStoreSimpleAttributeInShadow(objectDefinition, definitionRequired)) {
                    asPrismObject.findOrCreateContainer(ShadowType.F_ATTRIBUTES).add(definitionRequired.toNormalizationAware().adoptRealValuesAndInstantiate(shadowSimpleAttribute.getRealValues()));
                }
            } else {
                if (!(shadowAttribute instanceof ShadowReferenceAttribute)) {
                    throw new AssertionError(shadowAttribute);
                }
                ShadowReferenceAttribute shadowReferenceAttribute = (ShadowReferenceAttribute) shadowAttribute;
                ShadowReferenceAttributeDefinition definitionRequired2 = shadowReferenceAttribute.getDefinitionRequired();
                if (ShadowComputerUtil.shouldStoreReferenceAttributeInShadow(objectDefinition, definitionRequired2)) {
                    Item<?, ?> mo968instantiate = ShadowComputerUtil.createRepoRefAttrDef(definitionRequired2).mo968instantiate();
                    Iterator<ShadowReferenceAttributeValue> it = shadowReferenceAttribute.getAttributeValues().iterator();
                    while (it.hasNext()) {
                        ObjectReferenceType repoFormat = ShadowComputerUtil.toRepoFormat(provisioningContext, it.next());
                        if (repoFormat != null) {
                            mo968instantiate.addIgnoringEquivalents(repoFormat.asReferenceValue());
                        }
                    }
                    if (mo968instantiate.hasAnyValue()) {
                        asPrismObject.findOrCreateContainer(ShadowType.F_REFERENCE_ATTRIBUTES).add(mo968instantiate);
                    }
                }
            }
        }
        if (provisioningContext.getObjectDefinitionRequired().isCachingEnabled()) {
            CachingMetadataType cachingMetadataType = new CachingMetadataType();
            cachingMetadataType.setRetrievalTimestamp(this.clock.currentTimeXMLGregorianCalendar());
            clone.setCachingMetadata(cachingMetadataType);
        } else {
            clone.setCachingMetadata(null);
        }
        ShadowComputerUtil.cleanupShadowActivation(provisioningContext, clone.getActivation());
        CredentialsType credentials = clone.getCredentials();
        if (credentials != null && (password = credentials.getPassword()) != null) {
            preparePasswordForStorage(provisioningContext, password, operationResult);
            ShadowComputerUtil.addPasswordMetadata(password, this.clock.currentTimeXMLGregorianCalendar(), provisioningContext.getTask().getOwnerRef());
        }
        if (clone.getName() == null) {
            clone.setName(PolyString.toPolyStringType((PolyString) MiscUtil.requireNonNull(abstractShadow.determineShadowName(), (Supplier<String>) () -> {
                return "Cannot determine the shadow name for " + abstractShadow;
            })));
        }
        clone.setProtectedObject(null);
        clone.setEffectiveOperationPolicy(null);
        MetadataUtil.addCreationMetadata(clone);
        return RawRepoShadow.of(clone);
    }

    private void preparePasswordForStorage(ProvisioningContext provisioningContext, @NotNull PasswordType passwordType, OperationResult operationResult) throws SchemaException, EncryptionException {
        PrismProperty<ProtectedStringType> findProperty = passwordType.asPrismContainerValue().findProperty(PasswordType.F_VALUE);
        if (findProperty == null) {
            return;
        }
        ResourceObjectDefinition objectDefinitionRequired = provisioningContext.getObjectDefinitionRequired();
        if (!objectDefinitionRequired.areCredentialsCached()) {
            ShadowUtil.removePasswordValueProperty(passwordType);
            return;
        }
        ProtectedStringType realValue = findProperty.getRealValue();
        boolean isIncomplete = findProperty.isIncomplete();
        if (realValue == null) {
            if (isIncomplete) {
                return;
            }
            ShadowUtil.removePasswordValueProperty(passwordType);
        } else if (!realValue.isHashed()) {
            this.credentialsStorageManager.transformShadowPasswordWithRealValue(this.securityPolicyFinder.locateResourceObjectCredentialsPolicy(objectDefinitionRequired, operationResult), objectDefinitionRequired.areCredentialsCachedLegacy(), findProperty);
        } else {
            if (!$assertionsDisabled && isIncomplete) {
                throw new AssertionError("Incomplete password value with a real value?");
            }
            ShadowUtil.removePasswordValueProperty(passwordType);
        }
    }

    static {
        $assertionsDisabled = !ShadowObjectComputer.class.desiredAssertionStatus();
    }
}
