package org.jbpm.services.task.identity;

import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Properties;
import java.util.ServiceLoader;
import java.util.Set;
import java.util.stream.Stream;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import org.hibernate.secure.internal.StandardJaccServiceImpl;
import org.jbpm.services.task.identity.adapter.UserGroupAdapter;
import org.kie.api.task.UserGroupCallback;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wildfly.security.authz.RoleDecoder;

/* loaded from: input_file:BOOT-INF/lib/jbpm-human-task-core-7.69.0.Final.jar:org/jbpm/services/task/identity/JAASUserGroupCallbackImpl.class */
public class JAASUserGroupCallbackImpl extends AbstractUserGroupInfo implements UserGroupCallback {
    protected static final String DEFAULT_PROPERTIES_NAME = "classpath:/jbpm.usergroup.callback.properties";
    private ServiceLoader<UserGroupAdapter> ugAdapterServiceLoader;
    private String rolePrincipleName;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) JAASUserGroupCallbackImpl.class);
    private static final ThreadLocal<UserGroupAdapter> externalUserGroupAdapterLocal = new ThreadLocal<>();

    public static void addExternalUserGroupAdapter(UserGroupAdapter userGroupAdapter) {
        if (externalUserGroupAdapterLocal.get() != null) {
            throw new IllegalStateException("The external UserGroupAdapter has already been set! (" + externalUserGroupAdapterLocal.get().getClass().getName() + ")");
        }
        externalUserGroupAdapterLocal.set(userGroupAdapter);
    }

    public static void clearExternalUserGroupAdapter() {
        externalUserGroupAdapterLocal.set(null);
    }

    public JAASUserGroupCallbackImpl(boolean z) {
        this(RoleDecoder.KEY_ROLES);
        Properties readProperties = readProperties(System.getProperty("jbpm.usergroup.callback.properties"), DEFAULT_PROPERTIES_NAME);
        if (readProperties != null) {
            this.rolePrincipleName = readProperties.getProperty("jaas.role.principle.name", RoleDecoder.KEY_ROLES);
        }
    }

    public JAASUserGroupCallbackImpl(String str) {
        this.ugAdapterServiceLoader = ServiceLoader.load(UserGroupAdapter.class);
        this.rolePrincipleName = null;
        this.rolePrincipleName = str;
    }

    public String getRolePrincipleName() {
        return this.rolePrincipleName;
    }

    public void setRolePrincipleName(String str) {
        this.rolePrincipleName = str;
    }

    @Override // org.kie.api.task.UserGroupCallback
    public boolean existsUser(String str) {
        return true;
    }

    @Override // org.kie.api.task.UserGroupCallback
    public boolean existsGroup(String str) {
        return true;
    }

    @Override // org.kie.api.task.UserGroupCallback
    public List<String> getGroupsForUser(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            Subject subjectFromContainer = getSubjectFromContainer();
            if (subjectFromContainer == null || !subjectContainsUser(subjectFromContainer, str)) {
                Iterator<UserGroupAdapter> it = this.ugAdapterServiceLoader.iterator();
                while (it.hasNext()) {
                    UserGroupAdapter next = it.next();
                    logger.debug("Adding roles from UserGroupAdapter service ({})", next.getClass().getSimpleName());
                    List<String> groupsForUser = next.getGroupsForUser(str);
                    if (groupsForUser != null) {
                        arrayList.addAll(groupsForUser);
                    }
                }
            } else {
                Set<Principal> principals = subjectFromContainer.getPrincipals();
                if (principals != null) {
                    logger.debug("Adding roles from JAAS subject");
                    arrayList = new ArrayList();
                    Iterator<Principal> it2 = principals.iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            break;
                        }
                        Principal next2 = it2.next();
                        if ((next2 instanceof Group) && this.rolePrincipleName.equalsIgnoreCase(next2.getName())) {
                            Enumeration<? extends Principal> members = ((Group) next2).members();
                            while (members.hasMoreElements()) {
                                arrayList.add(members.nextElement().getName());
                            }
                        }
                    }
                }
            }
            UserGroupAdapter userGroupAdapter = externalUserGroupAdapterLocal.get();
            if (userGroupAdapter != null) {
                logger.debug("Adding roles from external UserGroupAdapter ({})", userGroupAdapter.getClass().getSimpleName());
                List<String> groupsForUser2 = userGroupAdapter.getGroupsForUser(str);
                if (groupsForUser2 != null) {
                    arrayList.addAll(groupsForUser2);
                }
            }
        } catch (Exception e) {
            logger.error("Error when getting user roles for userid:" + str, (Throwable) e);
        }
        return arrayList;
    }

    private boolean subjectContainsUser(Subject subject, String str) {
        Stream<R> map = subject.getPrincipals().stream().map((v0) -> {
            return v0.getName();
        });
        Objects.requireNonNull(str);
        return map.anyMatch((v1) -> {
            return r1.equals(v1);
        });
    }

    protected Subject getSubjectFromContainer() {
        try {
            return (Subject) PolicyContext.getContext(StandardJaccServiceImpl.ContextSubjectAccess.SUBJECT_CONTEXT_KEY);
        } catch (Exception e) {
            return null;
        }
    }
}
