package com.evolveum.midpoint.model.impl.lens.projector;

import com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition;
import com.evolveum.midpoint.common.refinery.ResourceShadowDiscriminator;
import com.evolveum.midpoint.model.api.PolicyViolationException;
import com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision;
import com.evolveum.midpoint.model.common.expression.Source;
import com.evolveum.midpoint.model.common.expression.StringPolicyResolver;
import com.evolveum.midpoint.model.common.mapping.Mapping;
import com.evolveum.midpoint.model.common.mapping.MappingFactory;
import com.evolveum.midpoint.model.impl.lens.LensContext;
import com.evolveum.midpoint.model.impl.lens.LensFocusContext;
import com.evolveum.midpoint.model.impl.lens.LensProjectionContext;
import com.evolveum.midpoint.model.impl.lens.LensUtil;
import com.evolveum.midpoint.prism.ItemDefinition;
import com.evolveum.midpoint.prism.OriginType;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.PrismPropertyDefinition;
import com.evolveum.midpoint.prism.delta.ChangeType;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.schema.constants.ExpressionConstants;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MappingStrengthType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:lib/model-impl-3.0.jar:com/evolveum/midpoint/model/impl/lens/projector/CredentialsProcessor.class */
public class CredentialsProcessor {
    private static final Trace LOGGER = TraceManager.getTrace(CredentialsProcessor.class);

    @Autowired(required = true)
    private PrismContext prismContext;

    @Autowired(required = true)
    private MappingFactory valueConstructionFactory;

    @Autowired(required = true)
    private PasswordPolicyProcessor passwordPolicyProcessor;

    public <F extends ObjectType> void processCredentials(LensContext<F> lensContext, LensProjectionContext lensProjectionContext, Task task, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException {
        LensFocusContext<F> focusContext = lensContext.getFocusContext();
        if (focusContext != null && FocusType.class.isAssignableFrom(focusContext.getObjectTypeClass())) {
            processCredentialsFocal(lensContext, lensProjectionContext, task, operationResult);
        }
        this.passwordPolicyProcessor.processPasswordPolicy(lensProjectionContext, lensContext, operationResult);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v81, types: [com.evolveum.midpoint.prism.delta.PropertyDelta] */
    public <F extends FocusType> void processCredentialsFocal(LensContext<F> lensContext, final LensProjectionContext lensProjectionContext, Task task, OperationResult operationResult) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException {
        LensFocusContext<F> focusContext = lensContext.getFocusContext();
        ObjectDelta<F> delta = focusContext.getDelta();
        boolean z = false;
        if (delta != null) {
            z = delta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
        }
        if (focusContext.getObjectNew() == null) {
            LOGGER.trace("userNew is null, skipping credentials processing");
            return;
        }
        PrismPropertyDefinition findPropertyDefinition = this.prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ShadowType.class).findPropertyDefinition(SchemaConstants.PATH_PASSWORD_VALUE);
        ResourceShadowDiscriminator resourceShadowDiscriminator = lensProjectionContext.getResourceShadowDiscriminator();
        ObjectDelta<ShadowType> delta2 = lensProjectionContext.getDelta();
        ItemDelta itemDelta = null;
        if (delta2 != null) {
            itemDelta = delta2.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
        }
        if (delta2 != null && delta2.getChangeType() == ChangeType.MODIFY && itemDelta != null && (itemDelta.isAdd() || delta2.isDelete())) {
            throw new SchemaException("Password for account " + resourceShadowDiscriminator + " cannot be added or deleted, it can only be replaced");
        }
        if ((delta2 == null || !(delta2.getChangeType() == ChangeType.ADD || lensProjectionContext.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.ADD)) && !z) {
            LOGGER.trace("No change in password and the account is not added, skipping credentials processing for account " + resourceShadowDiscriminator);
            return;
        }
        RefinedObjectClassDefinition refinedAccountDefinition = lensProjectionContext.getRefinedAccountDefinition();
        if (refinedAccountDefinition == null) {
            LOGGER.trace("No RefinedAccountDefinition, therefore also no password outbound definition, skipping credentials processing for account " + resourceShadowDiscriminator);
            return;
        }
        MappingType credentialsOutbound = refinedAccountDefinition.getCredentialsOutbound();
        if (credentialsOutbound == null) {
            LOGGER.trace("No outbound definition in password definition in credentials in account type {}, skipping credentials processing", resourceShadowDiscriminator);
            return;
        }
        Mapping createMapping = this.valueConstructionFactory.createMapping(credentialsOutbound, "outbound password mapping in account type " + resourceShadowDiscriminator);
        if (createMapping.isApplicableToChannel(lensContext.getChannel())) {
            createMapping.setDefaultTargetDefinition(findPropertyDefinition);
            createMapping.setDefaultSource(new Source<>(focusContext.getObjectDeltaObject().findIdi(SchemaConstants.PATH_PASSWORD_VALUE), ExpressionConstants.VAR_INPUT));
            createMapping.setOriginType(OriginType.OUTBOUND);
            createMapping.setOriginObject(lensProjectionContext.getResource());
            if (createMapping.getStrength() == MappingStrengthType.STRONG || itemDelta == null || itemDelta.isEmpty()) {
                createMapping.setStringPolicyResolver(new StringPolicyResolver() { // from class: com.evolveum.midpoint.model.impl.lens.projector.CredentialsProcessor.1
                    private ItemPath outputPath;
                    private ItemDefinition outputDefinition;

                    @Override // com.evolveum.midpoint.model.common.expression.StringPolicyResolver
                    public void setOutputPath(ItemPath itemPath) {
                        this.outputPath = itemPath;
                    }

                    @Override // com.evolveum.midpoint.model.common.expression.StringPolicyResolver
                    public void setOutputDefinition(ItemDefinition itemDefinition) {
                        this.outputDefinition = itemDefinition;
                    }

                    @Override // com.evolveum.midpoint.model.common.expression.StringPolicyResolver
                    public StringPolicyType resolve() {
                        ValuePolicyType effectivePasswordPolicy = lensProjectionContext.getEffectivePasswordPolicy();
                        if (effectivePasswordPolicy == null) {
                            return null;
                        }
                        return effectivePasswordPolicy.getStringPolicy();
                    }
                });
                LensUtil.evaluateMapping(createMapping, lensContext, task, operationResult);
                PrismProperty prismProperty = (PrismProperty) createMapping.getOutput();
                if (prismProperty == null || prismProperty.isEmpty()) {
                    LOGGER.trace("Credentials 'password' expression resulted in null, skipping credentials processing for {}", resourceShadowDiscriminator);
                    return;
                }
                PropertyDelta propertyDelta = new PropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE, findPropertyDefinition);
                propertyDelta.setValuesToReplace(prismProperty.getClonedValues());
                LOGGER.trace("Adding new password delta for account {}", resourceShadowDiscriminator);
                lensProjectionContext.swallowToSecondaryDelta(propertyDelta);
            }
        }
    }
}
