package com.evolveum.midpoint.model.impl.security;

import com.evolveum.midpoint.model.common.archetypes.ArchetypeManager;
import com.evolveum.midpoint.model.impl.ModelObjectResolver;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.repo.common.security.SecurityPolicyFinder;
import com.evolveum.midpoint.schema.merger.securitypolicy.SecurityPolicyCustomMerger;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ArchetypeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/model-impl-4.9.4-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/security/ModelSecurityPolicyFinder.class */
public class ModelSecurityPolicyFinder {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ModelSecurityPolicyFinder.class);

    @Autowired
    private SecurityPolicyFinder securityPolicyFinder;

    @Autowired
    private ArchetypeManager archetypeManager;

    @Autowired
    private ModelObjectResolver objectResolver;

    public <F extends FocusType> SecurityPolicyType locateSecurityPolicyForFocus(@Nullable PrismObject<F> prismObject, @Nullable PrismObject<SystemConfigurationType> prismObject2, @NotNull Task task, @NotNull OperationResult operationResult) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        SecurityPolicyType resolveSecurityPolicyForFocus;
        SecurityPolicyType locateGlobalSecurityPolicy = this.securityPolicyFinder.locateGlobalSecurityPolicy(prismObject2, true, operationResult);
        if (prismObject == null || (resolveSecurityPolicyForFocus = resolveSecurityPolicyForFocus(prismObject, locateGlobalSecurityPolicy, task, operationResult)) == null) {
            traceSecurityPolicy(locateGlobalSecurityPolicy, prismObject);
            return locateGlobalSecurityPolicy;
        }
        traceSecurityPolicy(resolveSecurityPolicyForFocus, prismObject);
        return resolveSecurityPolicyForFocus;
    }

    private <F extends FocusType> SecurityPolicyType resolveSecurityPolicyForFocus(PrismObject<F> prismObject, SecurityPolicyType securityPolicyType, Task task, OperationResult operationResult) throws SchemaException {
        return SecurityPolicyCustomMerger.mergeSecurityPolicies(locateFocusSecurityPolicyFromArchetypes(prismObject, task, operationResult), locateFocusSecurityPolicyFromOrgs(prismObject, task, operationResult), securityPolicyType);
    }

    public SecurityPolicyType locateSecurityPolicyForArchetype(@Nullable String str, @Nullable PrismObject<SystemConfigurationType> prismObject, @NotNull Task task, @NotNull OperationResult operationResult) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
        SecurityPolicyType resolveSecurityPolicyForArchetype;
        SecurityPolicyType locateGlobalSecurityPolicy = this.securityPolicyFinder.locateGlobalSecurityPolicy(prismObject, true, operationResult);
        if (str == null || (resolveSecurityPolicyForArchetype = resolveSecurityPolicyForArchetype(str, locateGlobalSecurityPolicy, task, operationResult)) == null) {
            traceSecurityPolicy(locateGlobalSecurityPolicy, null);
            return locateGlobalSecurityPolicy;
        }
        traceSecurityPolicy(resolveSecurityPolicyForArchetype, null);
        return resolveSecurityPolicyForArchetype;
    }

    private SecurityPolicyType resolveSecurityPolicyForArchetype(String str, SecurityPolicyType securityPolicyType, Task task, OperationResult operationResult) throws SchemaException {
        try {
            SecurityPolicyType loadArchetypeSecurityPolicy = loadArchetypeSecurityPolicy(this.archetypeManager.getArchetype(str, operationResult), "load security policy from archetype", task, operationResult);
            if (loadArchetypeSecurityPolicy == null) {
                return null;
            }
            return SecurityPolicyCustomMerger.mergeSecurityPolicies(loadArchetypeSecurityPolicy, securityPolicyType);
        } catch (ObjectNotFoundException e) {
            LOGGER.error("Cannot load archetype object, ", (Throwable) e);
            return null;
        }
    }

    private <F extends FocusType> SecurityPolicyType locateFocusSecurityPolicyFromOrgs(PrismObject<F> prismObject, Task task, OperationResult operationResult) throws SchemaException {
        SecurityPolicyType securityPolicyType = (SecurityPolicyType) ObjectTypeUtil.asObjectable(this.objectResolver.searchOrgTreeWidthFirstReference(prismObject, prismObject2 -> {
            if (prismObject2 != null) {
                return ((OrgType) prismObject2.asObjectable()).getSecurityPolicyRef();
            }
            return null;
        }, "security policy", task, operationResult));
        LOGGER.trace("Found organization security policy: {}", securityPolicyType);
        this.securityPolicyFinder.resolveValuePolicyRefs(securityPolicyType, operationResult);
        return securityPolicyType;
    }

    private <F extends FocusType> SecurityPolicyType locateFocusSecurityPolicyFromArchetypes(PrismObject<F> prismObject, Task task, OperationResult operationResult) throws SchemaException {
        SecurityPolicyType searchSecurityPolicyFromArchetype = searchSecurityPolicyFromArchetype(prismObject, "security policy", task, operationResult);
        LOGGER.trace("Found archetype security policy: {}", searchSecurityPolicyFromArchetype);
        this.securityPolicyFinder.resolveValuePolicyRefs(searchSecurityPolicyFromArchetype, operationResult);
        return searchSecurityPolicyFromArchetype;
    }

    private <O extends ObjectType> SecurityPolicyType searchSecurityPolicyFromArchetype(PrismObject<O> prismObject, String str, Task task, OperationResult operationResult) throws SchemaException {
        if (prismObject == null) {
            LOGGER.trace("No object provided. Cannot find security policy specific for an object.");
            return null;
        }
        ArchetypeType determineStructuralArchetype = this.archetypeManager.determineStructuralArchetype(prismObject.asObjectable(), operationResult);
        if (determineStructuralArchetype == null) {
            return null;
        }
        return loadArchetypeSecurityPolicy(determineStructuralArchetype, str, task, operationResult);
    }

    private SecurityPolicyType loadArchetypeSecurityPolicy(ArchetypeType archetypeType, String str, Task task, OperationResult operationResult) {
        ObjectReferenceType securityPolicyRef = archetypeType.getSecurityPolicyRef();
        if (securityPolicyRef == null) {
            return null;
        }
        try {
            return mergeSecurityPolicyWithSuperArchetype(archetypeType, (SecurityPolicyType) this.objectResolver.resolve(securityPolicyRef.asReferenceValue(), str, task, operationResult).asObjectable(), task, operationResult);
        } catch (ObjectNotFoundException e) {
            LOGGER.warn("Cannot find security policy referenced in archetype {}, oid {}", archetypeType.getName(), archetypeType.getOid());
            return null;
        }
    }

    private SecurityPolicyType mergeSecurityPolicyWithSuperArchetype(ArchetypeType archetypeType, SecurityPolicyType securityPolicyType, Task task, OperationResult operationResult) {
        try {
            ArchetypeType archetypeType2 = archetypeType.getSuperArchetypeRef() != null ? (ArchetypeType) this.objectResolver.resolve(archetypeType.getSuperArchetypeRef(), ArchetypeType.class, null, "resolving super archetype ref", task, operationResult) : null;
            if (archetypeType2 == null) {
                return securityPolicyType;
            }
            try {
                SecurityPolicyType securityPolicyType2 = archetypeType2.getSecurityPolicyRef() != null ? (SecurityPolicyType) this.objectResolver.resolve(archetypeType2.getSecurityPolicyRef(), SecurityPolicyType.class, null, "resolving security policy ref", task, operationResult) : null;
                return securityPolicyType2 == null ? securityPolicyType : mergeSecurityPolicyWithSuperArchetype(archetypeType2, SecurityPolicyCustomMerger.mergeSecurityPolicies(securityPolicyType, securityPolicyType2), task, operationResult);
            } catch (Exception e) {
                LOGGER.warn("Cannot resolve security policy reference for archetype {}, oid {}", archetypeType2.getName(), archetypeType2.getOid());
                return securityPolicyType;
            }
        } catch (Exception e2) {
            LOGGER.warn("Cannot resolve super archetype reference for archetype {}, oid {}", archetypeType.getName(), archetypeType.getOid());
            return securityPolicyType;
        }
    }

    private void traceSecurityPolicy(SecurityPolicyType securityPolicyType, PrismObject<?> prismObject) {
        if (prismObject != null) {
            if (securityPolicyType == null) {
                LOGGER.trace("Located security policy for {}: null", prismObject);
                return;
            } else {
                LOGGER.trace("Located security policy for {}:\n{}", prismObject, securityPolicyType.asPrismObject().debugDumpLazily(1));
                return;
            }
        }
        if (securityPolicyType == null) {
            LOGGER.trace("Located global security policy: null");
        } else {
            LOGGER.trace("Located global security policy :\n{}", securityPolicyType.asPrismObject().debugDumpLazily(1));
        }
    }
}
