package org.apache.syncope.core.logic;

import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.IterableUtils;
import org.apache.commons.collections4.IteratorUtils;
import org.apache.commons.collections4.Predicate;
import org.apache.commons.collections4.Transformer;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.ImmutablePair;
import org.apache.commons.lang3.tuple.ImmutableTriple;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.commons.lang3.tuple.Triple;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.to.ConnObjectTO;
import org.apache.syncope.common.lib.to.ResourceTO;
import org.apache.syncope.common.lib.types.AnyTypeKind;
import org.apache.syncope.common.lib.types.ClientExceptionType;
import org.apache.syncope.core.persistence.api.dao.AnyObjectDAO;
import org.apache.syncope.core.persistence.api.dao.AnyTypeDAO;
import org.apache.syncope.core.persistence.api.dao.ConnInstanceDAO;
import org.apache.syncope.core.persistence.api.dao.DuplicateException;
import org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO;
import org.apache.syncope.core.persistence.api.dao.GroupDAO;
import org.apache.syncope.core.persistence.api.dao.NotFoundException;
import org.apache.syncope.core.persistence.api.dao.UserDAO;
import org.apache.syncope.core.persistence.api.dao.VirSchemaDAO;
import org.apache.syncope.core.persistence.api.dao.search.OrderByClause;
import org.apache.syncope.core.persistence.api.entity.Any;
import org.apache.syncope.core.persistence.api.entity.AnyType;
import org.apache.syncope.core.persistence.api.entity.ConnInstance;
import org.apache.syncope.core.persistence.api.entity.VirSchema;
import org.apache.syncope.core.persistence.api.entity.resource.ExternalResource;
import org.apache.syncope.core.persistence.api.entity.resource.MappingItem;
import org.apache.syncope.core.persistence.api.entity.resource.Provision;
import org.apache.syncope.core.provisioning.api.Connector;
import org.apache.syncope.core.provisioning.api.ConnectorFactory;
import org.apache.syncope.core.provisioning.api.MappingManager;
import org.apache.syncope.core.provisioning.api.data.ConnInstanceDataBinder;
import org.apache.syncope.core.provisioning.api.data.ResourceDataBinder;
import org.apache.syncope.core.provisioning.api.utils.RealmUtils;
import org.apache.syncope.core.provisioning.java.utils.ConnObjectUtils;
import org.apache.syncope.core.provisioning.java.utils.MappingUtils;
import org.apache.syncope.core.spring.security.AuthContextUtils;
import org.apache.syncope.core.spring.security.DelegatedAdministrationException;
import org.identityconnectors.framework.common.objects.AttributeBuilder;
import org.identityconnectors.framework.common.objects.AttributeUtil;
import org.identityconnectors.framework.common.objects.ConnectorObject;
import org.identityconnectors.framework.common.objects.Name;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.OperationOptions;
import org.identityconnectors.framework.common.objects.ResultsHandler;
import org.identityconnectors.framework.common.objects.SearchResult;
import org.identityconnectors.framework.common.objects.SyncToken;
import org.identityconnectors.framework.common.objects.Uid;
import org.identityconnectors.framework.common.objects.filter.Filter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Component
/* loaded from: input_file:org/apache/syncope/core/logic/ResourceLogic.class */
public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> {

    @Autowired
    private ExternalResourceDAO resourceDAO;

    @Autowired
    private AnyTypeDAO anyTypeDAO;

    @Autowired
    private AnyObjectDAO anyObjectDAO;

    @Autowired
    private ConnInstanceDAO connInstanceDAO;

    @Autowired
    private UserDAO userDAO;

    @Autowired
    private GroupDAO groupDAO;

    @Autowired
    private VirSchemaDAO virSchemaDAO;

    @Autowired
    private ResourceDataBinder binder;

    @Autowired
    private ConnInstanceDataBinder connInstanceDataBinder;

    @Autowired
    private MappingManager mappingManager;

    @Autowired
    private ConnectorFactory connFactory;

    protected void securityChecks(Set<String> set, final String str, String str2) {
        if (!IterableUtils.matchesAny(set, new Predicate<String>() { // from class: org.apache.syncope.core.logic.ResourceLogic.1
            public boolean evaluate(String str3) {
                return str.startsWith(str3);
            }
        })) {
            throw new DelegatedAdministrationException(str, ExternalResource.class.getSimpleName(), str2);
        }
    }

    @PreAuthorize("hasRole('RESOURCE_CREATE')")
    public ResourceTO create(ResourceTO resourceTO) {
        if (StringUtils.isBlank(resourceTO.getKey())) {
            SyncopeClientException build = SyncopeClientException.build(ClientExceptionType.RequiredValuesMissing);
            build.getElements().add("Resource key");
            throw build;
        }
        ConnInstance authFind = this.connInstanceDAO.authFind(resourceTO.getConnector());
        if (authFind == null) {
            SyncopeClientException build2 = SyncopeClientException.build(ClientExceptionType.InvalidExternalResource);
            build2.getElements().add("Connector " + resourceTO.getConnector());
            throw build2;
        }
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("RESOURCE_CREATE"), authFind.getAdminRealm().getFullPath()), authFind.getAdminRealm().getFullPath(), null);
        if (this.resourceDAO.authFind(resourceTO.getKey()) != null) {
            throw new DuplicateException(resourceTO.getKey());
        }
        return this.binder.getResourceTO(this.resourceDAO.save(this.binder.create(resourceTO)));
    }

    @PreAuthorize("hasRole('RESOURCE_UPDATE')")
    public ResourceTO update(ResourceTO resourceTO) {
        ExternalResource authFind = this.resourceDAO.authFind(resourceTO.getKey());
        if (authFind == null) {
            throw new NotFoundException("Resource '" + resourceTO.getKey() + "'");
        }
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("RESOURCE_UPDATE"), authFind.getConnector().getAdminRealm().getFullPath()), authFind.getConnector().getAdminRealm().getFullPath(), authFind.getKey());
        return this.binder.getResourceTO(this.resourceDAO.save(this.binder.update(authFind, resourceTO)));
    }

    @PreAuthorize("hasRole('RESOURCE_UPDATE')")
    public void setLatestSyncToken(String str, String str2) {
        ExternalResource authFind = this.resourceDAO.authFind(str);
        if (authFind == null) {
            throw new NotFoundException("Resource '" + str + "'");
        }
        try {
            Connector connector = this.connFactory.getConnector(authFind);
            if (!"REALM".equals(str2)) {
                AnyType find = this.anyTypeDAO.find(str2);
                if (find == null) {
                    throw new NotFoundException("AnyType '" + str2 + "'");
                }
                Provision provision = authFind.getProvision(find);
                if (provision == null) {
                    throw new NotFoundException("Provision for AnyType '" + str2 + "' in Resource '" + str + "'");
                }
                provision.setSyncToken(connector.getLatestSyncToken(provision.getObjectClass()));
            } else {
                if (authFind.getOrgUnit() == null) {
                    throw new NotFoundException("Realm provision not enabled for Resource '" + str + "'");
                }
                authFind.getOrgUnit().setSyncToken(connector.getLatestSyncToken(authFind.getOrgUnit().getObjectClass()));
            }
            securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("RESOURCE_UPDATE"), authFind.getConnector().getAdminRealm().getFullPath()), authFind.getConnector().getAdminRealm().getFullPath(), authFind.getKey());
            this.resourceDAO.save(authFind);
        } catch (Exception e) {
            SyncopeClientException build = SyncopeClientException.build(ClientExceptionType.InvalidConnInstance);
            build.getElements().add(e.getMessage());
            throw build;
        }
    }

    @PreAuthorize("hasRole('RESOURCE_UPDATE')")
    public void removeSyncToken(String str, String str2) {
        ExternalResource authFind = this.resourceDAO.authFind(str);
        if (authFind == null) {
            throw new NotFoundException("Resource '" + str + "'");
        }
        if (!"REALM".equals(str2)) {
            AnyType find = this.anyTypeDAO.find(str2);
            if (find == null) {
                throw new NotFoundException("AnyType '" + str2 + "'");
            }
            Provision provision = authFind.getProvision(find);
            if (provision == null) {
                throw new NotFoundException("Provision for AnyType '" + str2 + "' in Resource '" + str + "'");
            }
            provision.setSyncToken((SyncToken) null);
        } else {
            if (authFind.getOrgUnit() == null) {
                throw new NotFoundException("Realm provision not enabled for Resource '" + str + "'");
            }
            authFind.getOrgUnit().setSyncToken((SyncToken) null);
        }
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("RESOURCE_UPDATE"), authFind.getConnector().getAdminRealm().getFullPath()), authFind.getConnector().getAdminRealm().getFullPath(), authFind.getKey());
        this.resourceDAO.save(authFind);
    }

    @PreAuthorize("hasRole('RESOURCE_DELETE')")
    public ResourceTO delete(String str) {
        ExternalResource authFind = this.resourceDAO.authFind(str);
        if (authFind == null) {
            throw new NotFoundException("Resource '" + str + "'");
        }
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("RESOURCE_DELETE"), authFind.getConnector().getAdminRealm().getFullPath()), authFind.getConnector().getAdminRealm().getFullPath(), authFind.getKey());
        ResourceTO resourceTO = this.binder.getResourceTO(authFind);
        this.resourceDAO.delete(str);
        return resourceTO;
    }

    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('RESOURCE_READ')")
    public ResourceTO read(String str) {
        ExternalResource authFind = this.resourceDAO.authFind(str);
        if (authFind == null) {
            throw new NotFoundException("Resource '" + str + "'");
        }
        return this.binder.getResourceTO(authFind);
    }

    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('RESOURCE_LIST')")
    public List<ResourceTO> list() {
        return (List) CollectionUtils.collect(this.resourceDAO.findAll(), new Transformer<ExternalResource, ResourceTO>() { // from class: org.apache.syncope.core.logic.ResourceLogic.2
            public ResourceTO transform(ExternalResource externalResource) {
                return ResourceLogic.this.binder.getResourceTO(externalResource);
            }
        }, new ArrayList());
    }

    private Triple<ExternalResource, AnyType, Provision> connObjectInit(String str, String str2) {
        ExternalResource authFind = this.resourceDAO.authFind(str);
        if (authFind == null) {
            throw new NotFoundException("Resource '" + str + "'");
        }
        AnyType find = this.anyTypeDAO.find(str2);
        if (find == null) {
            throw new NotFoundException("AnyType '" + str2 + "'");
        }
        Provision provision = authFind.getProvision(find);
        if (provision == null) {
            throw new NotFoundException("Provision on resource '" + str + "' for type '" + str2 + "'");
        }
        return ImmutableTriple.of(authFind, find, provision);
    }

    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('RESOURCE_GET_CONNOBJECT')")
    public ConnObjectTO readConnObject(String str, String str2, String str3) {
        Triple<ExternalResource, AnyType, Provision> connObjectInit = connObjectInit(str, str2);
        Any find = ((AnyType) connObjectInit.getMiddle()).getKind() == AnyTypeKind.USER ? this.userDAO.find(str3) : ((AnyType) connObjectInit.getMiddle()).getKind() == AnyTypeKind.ANY_OBJECT ? this.anyObjectDAO.find(str3) : this.groupDAO.find(str3);
        if (find == null) {
            throw new NotFoundException(connObjectInit.getMiddle() + " " + str3);
        }
        MappingItem connObjectKeyItem = MappingUtils.getConnObjectKeyItem((Provision) connObjectInit.getRight());
        if (connObjectKeyItem == null) {
            throw new NotFoundException("ConnObjectKey mapping for " + connObjectInit.getMiddle() + " " + str3 + " on resource '" + str + "'");
        }
        String connObjectKeyValue = this.mappingManager.getConnObjectKeyValue(find, (Provision) connObjectInit.getRight());
        HashSet hashSet = new HashSet();
        Iterator it = this.virSchemaDAO.findByProvision((Provision) connObjectInit.getRight()).iterator();
        while (it.hasNext()) {
            hashSet.add(((VirSchema) it.next()).asLinkingMappingItem());
        }
        ConnectorObject object = this.connFactory.getConnector((ExternalResource) connObjectInit.getLeft()).getObject(((Provision) connObjectInit.getRight()).getObjectClass(), AttributeBuilder.build(connObjectKeyItem.getExtAttrName(), new Object[]{connObjectKeyValue}), MappingUtils.buildOperationOptions(IteratorUtils.chainedIterator(((Provision) connObjectInit.getRight()).getMapping().getItems().iterator(), hashSet.iterator())));
        if (object == null) {
            throw new NotFoundException("Object " + connObjectKeyValue + " with class " + ((Provision) connObjectInit.getRight()).getObjectClass() + " not found on resource " + str);
        }
        Set attributes = object.getAttributes();
        if (AttributeUtil.find(Uid.NAME, attributes) == null) {
            attributes.add(object.getUid());
        }
        if (AttributeUtil.find(Name.NAME, attributes) == null) {
            attributes.add(object.getName());
        }
        return ConnObjectUtils.getConnObjectTO(object);
    }

    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('RESOURCE_LIST_CONNOBJECT')")
    public Pair<SearchResult, List<ConnObjectTO>> listConnObjects(String str, String str2, final int i, String str3, List<OrderByClause> list) {
        ExternalResource externalResource;
        ObjectClass objectClass;
        OperationOptions buildOperationOptions;
        if ("REALM".equals(str2)) {
            externalResource = this.resourceDAO.authFind(str);
            if (externalResource == null) {
                throw new NotFoundException("Resource '" + str + "'");
            }
            if (externalResource.getOrgUnit() == null) {
                throw new NotFoundException("Realm provisioning for resource '" + str + "'");
            }
            objectClass = externalResource.getOrgUnit().getObjectClass();
            buildOperationOptions = MappingUtils.buildOperationOptions(MappingUtils.getPropagationItems(externalResource.getOrgUnit().getItems()).iterator());
        } else {
            Triple<ExternalResource, AnyType, Provision> connObjectInit = connObjectInit(str, str2);
            externalResource = (ExternalResource) connObjectInit.getLeft();
            objectClass = ((Provision) connObjectInit.getRight()).getObjectClass();
            ((Provision) connObjectInit.getRight()).getMapping().getItems();
            HashSet hashSet = new HashSet();
            Iterator it = this.virSchemaDAO.findByProvision((Provision) connObjectInit.getRight()).iterator();
            while (it.hasNext()) {
                hashSet.add(((VirSchema) it.next()).asLinkingMappingItem());
            }
            buildOperationOptions = MappingUtils.buildOperationOptions(IteratorUtils.chainedIterator(((Provision) connObjectInit.getRight()).getMapping().getItems().iterator(), hashSet.iterator()));
        }
        final ArrayList arrayList = new ArrayList();
        return ImmutablePair.of(this.connFactory.getConnector(externalResource).search(objectClass, (Filter) null, new ResultsHandler() { // from class: org.apache.syncope.core.logic.ResourceLogic.3
            private int count;

            public boolean handle(ConnectorObject connectorObject) {
                arrayList.add(ConnObjectUtils.getConnObjectTO(connectorObject));
                this.count++;
                return this.count < i;
            }
        }, i, str3, list, buildOperationOptions), arrayList);
    }

    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('CONNECTOR_READ')")
    public void check(ResourceTO resourceTO) {
        ConnInstance find = this.connInstanceDAO.find(resourceTO.getConnector());
        if (find == null) {
            throw new NotFoundException("Connector '" + resourceTO.getConnector() + "'");
        }
        this.connFactory.createConnector(this.connFactory.buildConnInstanceOverride(this.connInstanceDataBinder.getConnInstanceTO(find), resourceTO.getConfOverride(), resourceTO.isOverrideCapabilities() ? resourceTO.getCapabilitiesOverride() : null)).test();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.syncope.core.logic.AbstractLogic
    /* renamed from: resolveReference, reason: merged with bridge method [inline-methods] */
    public ResourceTO mo3resolveReference(Method method, Object... objArr) throws UnresolvedReferenceException {
        String str = null;
        if (ArrayUtils.isNotEmpty(objArr)) {
            for (int i = 0; str == null && i < objArr.length; i++) {
                if (objArr[i] instanceof String) {
                    str = (String) objArr[i];
                } else if (objArr[i] instanceof ResourceTO) {
                    str = ((ResourceTO) objArr[i]).getKey();
                }
            }
        }
        if (str == null) {
            throw new UnresolvedReferenceException();
        }
        try {
            return this.binder.getResourceTO(this.resourceDAO.find(str));
        } catch (Throwable th) {
            LOG.debug("Unresolved reference", th);
            throw new UnresolvedReferenceException(th);
        }
    }
}
