package com.evolveum.midpoint.model.impl.lens;

import com.evolveum.midpoint.common.ActivationComputer;
import com.evolveum.midpoint.model.api.PolicyViolationException;
import com.evolveum.midpoint.model.common.expression.ObjectDeltaObject;
import com.evolveum.midpoint.model.common.mapping.Mapping;
import com.evolveum.midpoint.model.common.mapping.MappingFactory;
import com.evolveum.midpoint.prism.Item;
import com.evolveum.midpoint.prism.OriginType;
import com.evolveum.midpoint.prism.PrismContainer;
import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismContainerable;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.PrismReferenceValue;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.processor.SimpleDelta;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ObjectResolver;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.security.api.Authorization;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractRoleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ConstructionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MappingsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
import java.util.Collection;
import java.util.Iterator;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;

/* loaded from: input_file:lib/model-impl-3.0.jar:com/evolveum/midpoint/model/impl/lens/AssignmentEvaluator.class */
public class AssignmentEvaluator<F extends FocusType> {
    private static final Trace LOGGER = TraceManager.getTrace(AssignmentEvaluator.class);
    private RepositoryService repository;
    private ObjectDeltaObject<F> focusOdo;
    private LensContext<F> lensContext;
    private String channel;
    private ObjectResolver objectResolver;
    private PrismContext prismContext;
    private MappingFactory mappingFactory;
    private ActivationComputer activationComputer;
    XMLGregorianCalendar now;
    private boolean evaluateConstructions = true;
    private PrismObject<SystemConfigurationType> systemConfiguration;

    public RepositoryService getRepository() {
        return this.repository;
    }

    public void setRepository(RepositoryService repositoryService) {
        this.repository = repositoryService;
    }

    public ObjectDeltaObject<F> getFocusOdo() {
        return this.focusOdo;
    }

    public void setFocusOdo(ObjectDeltaObject<F> objectDeltaObject) {
        this.focusOdo = objectDeltaObject;
    }

    public LensContext<F> getLensContext() {
        return this.lensContext;
    }

    public void setLensContext(LensContext<F> lensContext) {
        this.lensContext = lensContext;
    }

    public String getChannel() {
        return this.channel;
    }

    public void setChannel(String str) {
        this.channel = str;
    }

    public ObjectResolver getObjectResolver() {
        return this.objectResolver;
    }

    public void setObjectResolver(ObjectResolver objectResolver) {
        this.objectResolver = objectResolver;
    }

    public PrismContext getPrismContext() {
        return this.prismContext;
    }

    public void setPrismContext(PrismContext prismContext) {
        this.prismContext = prismContext;
    }

    public MappingFactory getMappingFactory() {
        return this.mappingFactory;
    }

    public void setMappingFactory(MappingFactory mappingFactory) {
        this.mappingFactory = mappingFactory;
    }

    public ActivationComputer getActivationComputer() {
        return this.activationComputer;
    }

    public void setActivationComputer(ActivationComputer activationComputer) {
        this.activationComputer = activationComputer;
    }

    public XMLGregorianCalendar getNow() {
        return this.now;
    }

    public void setNow(XMLGregorianCalendar xMLGregorianCalendar) {
        this.now = xMLGregorianCalendar;
    }

    public boolean isEvaluateConstructions() {
        return this.evaluateConstructions;
    }

    public void setEvaluateConstructions(boolean z) {
        this.evaluateConstructions = z;
    }

    public PrismObject<SystemConfigurationType> getSystemConfiguration() {
        return this.systemConfiguration;
    }

    public void setSystemConfiguration(PrismObject<SystemConfigurationType> prismObject) {
        this.systemConfiguration = prismObject;
    }

    public SimpleDelta<EvaluatedAssignment> evaluate(SimpleDelta<AssignmentType> simpleDelta, ObjectType objectType, String str, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, PolicyViolationException {
        SimpleDelta<EvaluatedAssignment> simpleDelta2 = new SimpleDelta<>();
        simpleDelta2.setType(simpleDelta.getType());
        for (AssignmentType assignmentType : simpleDelta.getChange()) {
            assertSource(objectType, assignmentType);
            simpleDelta2.getChange().add(evaluate(assignmentType, objectType, str, task, operationResult));
        }
        return simpleDelta2;
    }

    public EvaluatedAssignment evaluate(AssignmentType assignmentType, ObjectType objectType, String str, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, PolicyViolationException {
        assertSource(objectType, assignmentType);
        EvaluatedAssignment evaluatedAssignment = new EvaluatedAssignment();
        evaluatedAssignment.setAssignmentType(assignmentType);
        AssignmentPath assignmentPath = new AssignmentPath();
        AssignmentPathSegment assignmentPathSegment = new AssignmentPathSegment(assignmentType, null);
        assignmentPathSegment.setSource(objectType);
        assignmentPathSegment.setEvaluationOrder(1);
        assignmentPathSegment.setEvaluateConstructions(true);
        assignmentPathSegment.setValidityOverride(true);
        evaluateAssignment(evaluatedAssignment, assignmentPathSegment, objectType, str, assignmentPath, task, operationResult);
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Assignment evaluation finished:\n{}", evaluatedAssignment.debugDump());
        }
        return evaluatedAssignment;
    }

    private void evaluateAssignment(EvaluatedAssignment evaluatedAssignment, AssignmentPathSegment assignmentPathSegment, ObjectType objectType, String str, AssignmentPath assignmentPath, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, PolicyViolationException {
        assertSource(objectType, evaluatedAssignment);
        LOGGER.trace("Evaluate assignment {} (eval costr: {})", assignmentPath, Boolean.valueOf(assignmentPathSegment.isEvaluateConstructions()));
        AssignmentType assignmentType = assignmentPathSegment.getAssignmentType();
        checkSchema(assignmentType, str);
        PrismObject<?> prismObject = null;
        if (assignmentType.getTarget() != null) {
            prismObject = assignmentType.getTarget().asPrismObject();
        } else if (assignmentType.getTargetRef() != null) {
            prismObject = resolveTarget(assignmentType, objectType, str, task, operationResult);
        }
        if (prismObject != null && evaluatedAssignment.getTarget() == null) {
            evaluatedAssignment.setTarget(prismObject);
        }
        if (prismObject != null) {
            if (prismObject.getOid().equals(objectType.getOid())) {
                throw new PolicyViolationException("The " + objectType + " refers to itself in assignment/inducement");
            }
            if (assignmentPath.containsTarget((ObjectType) prismObject.asObjectable())) {
                throw new PolicyViolationException("Attempt to assign " + prismObject + " creates a role cycle");
            }
        }
        assignmentPath.add(assignmentPathSegment);
        boolean isValid = LensUtil.isValid(assignmentType, this.now, this.activationComputer);
        if (!isValid && !assignmentPathSegment.isValidityOverride()) {
            LOGGER.trace("Skipping evaluation of assignment {} because it is not valid", assignmentType);
        } else if (assignmentType.getConstruction() != null) {
            if (this.evaluateConstructions && assignmentPathSegment.isEvaluateConstructions()) {
                prepareConstructionEvaluation(evaluatedAssignment, assignmentPathSegment, objectType, str, assignmentPath, assignmentPathSegment.getOrderOneObject(), task, operationResult);
            }
        } else if (assignmentType.getFocusMappings() != null) {
            if (this.evaluateConstructions && assignmentPathSegment.isEvaluateConstructions()) {
                evaluateFocusMappings(evaluatedAssignment, assignmentPathSegment, objectType, str, assignmentPath, assignmentPathSegment.getOrderOneObject(), task, operationResult);
            }
        } else if (prismObject != null) {
            evaluateTarget(evaluatedAssignment, assignmentPathSegment, prismObject, objectType, assignmentType.getTargetRef().getRelation(), str, assignmentPath, task, operationResult);
        } else {
            LOGGER.debug("No target or construction in assignment in {}, ignoring it", objectType);
        }
        evaluatedAssignment.setValid(isValid);
        assignmentPath.remove(assignmentPathSegment);
    }

    private void prepareConstructionEvaluation(EvaluatedAssignment evaluatedAssignment, AssignmentPathSegment assignmentPathSegment, ObjectType objectType, String str, AssignmentPath assignmentPath, ObjectType objectType2, Task task, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException {
        assertSource(objectType, evaluatedAssignment);
        ConstructionType construction = assignmentPathSegment.getAssignmentType().getConstruction();
        LOGGER.trace("Preparing construction '{}' in {}", construction.getDescription(), objectType);
        Construction<F> construction2 = new Construction<>(construction, objectType);
        construction2.setAssignmentPath(assignmentPath.m185clone());
        construction2.setUserOdo(this.focusOdo);
        construction2.setLensContext(this.lensContext);
        construction2.setObjectResolver(this.objectResolver);
        construction2.setPrismContext(this.prismContext);
        construction2.setMappingFactory(this.mappingFactory);
        construction2.setOriginType(OriginType.ASSIGNMENTS);
        construction2.setChannel(this.channel);
        construction2.setOrderOneObject(objectType2);
        evaluatedAssignment.addConstruction(construction2);
    }

    private void evaluateFocusMappings(EvaluatedAssignment evaluatedAssignment, AssignmentPathSegment assignmentPathSegment, ObjectType objectType, String str, AssignmentPath assignmentPath, ObjectType objectType2, Task task, OperationResult operationResult) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException {
        assertSource(objectType, evaluatedAssignment);
        MappingsType focusMappings = assignmentPathSegment.getAssignmentType().getFocusMappings();
        LOGGER.trace("Evaluate focus mappings '{}' in {} ({} mappings)", new Object[]{focusMappings.getDescription(), objectType, Integer.valueOf(focusMappings.getMapping().size())});
        AssignmentPathVariables computeAssignmentPathVariables = LensUtil.computeAssignmentPathVariables(assignmentPath);
        Iterator<MappingType> it = focusMappings.getMapping().iterator();
        while (it.hasNext()) {
            Mapping<? extends PrismPropertyValue<?>> createFocusMapping = LensUtil.createFocusMapping(this.mappingFactory, this.lensContext, it.next(), objectType, this.focusOdo, computeAssignmentPathVariables, this.systemConfiguration, this.now, str, operationResult);
            if (createFocusMapping != null) {
                LensUtil.evaluateMapping(createFocusMapping, this.lensContext, task, operationResult);
                evaluatedAssignment.addFocusMapping(createFocusMapping);
            }
        }
    }

    private PrismObject<?> resolveTarget(AssignmentType assignmentType, ObjectType objectType, String str, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException {
        ObjectReferenceType targetRef = assignmentType.getTargetRef();
        String oid = targetRef.getOid();
        if (oid == null) {
            throw new SchemaException("The OID is null in assignment targetRef in " + objectType);
        }
        if (targetRef.getType() == null) {
            throw new SchemaException("Missing type in target reference in " + assignmentType + " in " + str);
        }
        Class determineCompileTimeClass = this.prismContext.getSchemaRegistry().determineCompileTimeClass(targetRef.getType());
        if (determineCompileTimeClass == null) {
            throw new SchemaException("Cannot determine type from " + targetRef.getType() + " in target reference in " + assignmentType + " in " + str);
        }
        PrismObject<?> prismObject = null;
        try {
            prismObject = this.repository.getObject(determineCompileTimeClass, oid, (Collection) null, operationResult);
            if (prismObject == null) {
                throw new IllegalArgumentException("Got null target from repository, oid:" + oid + ", class:" + determineCompileTimeClass + " (should not happen, probably a bug) in " + str);
            }
        } catch (ObjectNotFoundException e) {
            LOGGER.error(String.valueOf(e.getMessage()) + " in assignment target reference in " + str, (Throwable) e);
        }
        return prismObject;
    }

    private void evaluateTarget(EvaluatedAssignment evaluatedAssignment, AssignmentPathSegment assignmentPathSegment, PrismObject<?> prismObject, ObjectType objectType, QName qName, String str, AssignmentPath assignmentPath, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, PolicyViolationException {
        assertSource(objectType, evaluatedAssignment);
        ObjectType objectType2 = (ObjectType) prismObject.asObjectable();
        assignmentPathSegment.setTarget(objectType2);
        if (!(objectType2 instanceof AbstractRoleType)) {
            throw new SchemaException("Unknown assignment target type " + ObjectTypeUtil.toShortString(objectType2) + " in " + str);
        }
        evaluateAbstractRole(evaluatedAssignment, assignmentPathSegment, (AbstractRoleType) objectType2, objectType, str, assignmentPath, task, operationResult);
        if ((objectType2 instanceof OrgType) && assignmentPath.getEvaluationOrder() == 1) {
            PrismReferenceValue prismReferenceValue = new PrismReferenceValue();
            prismReferenceValue.setObject(objectType2.asPrismObject());
            prismReferenceValue.setRelation(qName);
            evaluatedAssignment.addOrgRefVal(prismReferenceValue);
        }
    }

    private void evaluateAbstractRole(EvaluatedAssignment evaluatedAssignment, AssignmentPathSegment assignmentPathSegment, AbstractRoleType abstractRoleType, ObjectType objectType, String str, AssignmentPath assignmentPath, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, PolicyViolationException {
        ObjectType orderOneObject;
        assertSource(objectType, evaluatedAssignment);
        int evaluationOrder = assignmentPath.getEvaluationOrder();
        if (evaluationOrder == 1) {
            orderOneObject = abstractRoleType;
        } else {
            AssignmentPathSegment last = assignmentPath.last();
            orderOneObject = (last == null || last.getOrderOneObject() == null) ? abstractRoleType : last.getOrderOneObject();
        }
        for (AssignmentType assignmentType : abstractRoleType.getInducement()) {
            AssignmentPathSegment assignmentPathSegment2 = new AssignmentPathSegment(assignmentType, null);
            assignmentPathSegment2.setSource(abstractRoleType);
            String str2 = abstractRoleType + " in " + str;
            Integer order = assignmentType.getOrder();
            if (order == null) {
                order = 1;
            }
            if (order.intValue() == evaluationOrder) {
                if (LOGGER.isTraceEnabled()) {
                    LOGGER.trace("E{}: evaluate inducement({}) {} in {}", new Object[]{Integer.valueOf(evaluationOrder), order, dumpAssignment(assignmentType), abstractRoleType});
                }
                assignmentPathSegment2.setEvaluateConstructions(true);
                assignmentPathSegment2.setEvaluationOrder(evaluationOrder);
                assignmentPathSegment2.setOrderOneObject(orderOneObject);
                evaluateAssignment(evaluatedAssignment, assignmentPathSegment2, abstractRoleType, str2, assignmentPath, task, operationResult);
            } else if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("E{}: NOT evaluate inducement({}) {} in {}", new Object[]{Integer.valueOf(evaluationOrder), order, dumpAssignment(assignmentType), abstractRoleType});
            }
        }
        for (AssignmentType assignmentType2 : abstractRoleType.getAssignment()) {
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("E{}: follow assignment {} in {}", new Object[]{Integer.valueOf(evaluationOrder), dumpAssignment(assignmentType2), abstractRoleType});
            }
            AssignmentPathSegment assignmentPathSegment3 = new AssignmentPathSegment(assignmentType2, null);
            assignmentPathSegment3.setSource(abstractRoleType);
            assignmentPathSegment3.setEvaluateConstructions(false);
            assignmentPathSegment3.setEvaluationOrder(evaluationOrder + 1);
            assignmentPathSegment3.setOrderOneObject(orderOneObject);
            evaluateAssignment(evaluatedAssignment, assignmentPathSegment3, abstractRoleType, abstractRoleType + " in " + str, assignmentPath, task, operationResult);
        }
        Iterator<AuthorizationType> it = abstractRoleType.getAuthorization().iterator();
        while (it.hasNext()) {
            evaluatedAssignment.addAuthorization(createAuthorization(it.next()));
        }
    }

    public static String dumpAssignment(AssignmentType assignmentType) {
        StringBuilder sb = new StringBuilder();
        if (assignmentType.getConstruction() != null) {
            sb.append("Constr '" + assignmentType.getConstruction().getDescription() + "' ");
        }
        if (assignmentType.getTargetRef() != null) {
            sb.append("-> ").append(assignmentType.getTargetRef().getOid());
        }
        return sb.toString();
    }

    private Authorization createAuthorization(AuthorizationType authorizationType) {
        return new Authorization(authorizationType);
    }

    private void assertSource(ObjectType objectType, EvaluatedAssignment evaluatedAssignment) {
        if (objectType == null) {
            throw new IllegalArgumentException("Source cannot be null (while evaluating assignment " + evaluatedAssignment + ")");
        }
    }

    private void assertSource(ObjectType objectType, AssignmentType assignmentType) {
        if (objectType == null) {
            throw new IllegalArgumentException("Source cannot be null (while evaluating assignment " + assignmentType + ")");
        }
    }

    private void checkSchema(AssignmentType assignmentType, String str) throws SchemaException {
        PrismContainerValue asPrismContainerValue = assignmentType.asPrismContainerValue();
        PrismContainerable parent = asPrismContainerValue.getParent();
        if (parent == null) {
            throw new SchemaException("The assignment " + assignmentType + " does not have a parent in " + str);
        }
        if (parent.getDefinition() == null) {
            throw new SchemaException("The assignment " + assignmentType + " does not have definition in " + str);
        }
        PrismContainer findContainer = asPrismContainerValue.findContainer(AssignmentType.F_EXTENSION);
        if (findContainer != null) {
            if (findContainer.getDefinition() == null) {
                throw new SchemaException("Extension does not have a definition in assignment " + assignmentType + " in " + str);
            }
            for (Item<?> item : findContainer.getValue().getItems()) {
                if (item == null) {
                    throw new SchemaException("Null item in extension in assignment " + assignmentType + " in " + str);
                }
                if (item.getDefinition() == null) {
                    throw new SchemaException("Item " + item + " has no definition in extension in assignment " + assignmentType + " in " + str);
                }
            }
        }
    }
}
