package org.kie.server.services.jbpm.security;

import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.ServiceLoader;
import org.jbpm.services.task.identity.AbstractUserGroupInfo;
import org.jbpm.services.task.identity.adapter.UserGroupAdapter;
import org.kie.api.task.UserGroupCallback;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.realm.FileSystemSecurityRealm;
import org.wildfly.security.auth.server.NameRewriter;
import org.wildfly.security.auth.server.RealmUnavailableException;

/* loaded from: input_file:WEB-INF/lib/kie-server-services-jbpm-7.62.0-SNAPSHOT.jar:org/kie/server/services/jbpm/security/ElytronUserGroupCallbackImpl.class */
public class ElytronUserGroupCallbackImpl extends AbstractUserGroupInfo implements UserGroupCallback {
    private static final String FOLDER_PATH = "org.kie.server.services.jbpm.security.filesystemrealm.folder-path";
    private static final String ENCODING = "org.kie.server.services.jbpm.security.filesystemrealm.encoded";
    private static final String LEVELS = "org.kie.server.services.jbpm.security.filesystemrealm.levels";
    public static final Logger logger = LoggerFactory.getLogger((Class<?>) ElytronUserGroupCallbackImpl.class);
    public static final String DEFAULT_FILE_SYSTEM_REALM_PATH = System.getProperty("jboss.server.config.dir") + "/kie-fs-realm-users";
    public static final Integer DEFAULT_FILE_SYSTEM_LEVELS = 2;
    public static final Boolean DEFAULT_FILE_SYSTEM_ENCODED = true;
    private static final ThreadLocal<UserGroupAdapter> externalUserGroupAdapterLocal = new ThreadLocal<>();
    private ServiceLoader<UserGroupAdapter> ugAdapterServiceLoader = ServiceLoader.load(UserGroupAdapter.class);
    private final String folderPath = System.getProperty(FOLDER_PATH, DEFAULT_FILE_SYSTEM_REALM_PATH);
    private final int levels = getLevels();
    private final boolean encoded = getEncoded();

    private boolean getEncoded() {
        try {
            return Boolean.valueOf(System.getProperty(ENCODING, DEFAULT_FILE_SYSTEM_ENCODED.toString())).booleanValue();
        } catch (NumberFormatException e) {
            return DEFAULT_FILE_SYSTEM_ENCODED.booleanValue();
        }
    }

    private int getLevels() {
        try {
            return Integer.valueOf(System.getProperty(LEVELS, DEFAULT_FILE_SYSTEM_LEVELS.toString())).intValue();
        } catch (NumberFormatException e) {
            return DEFAULT_FILE_SYSTEM_LEVELS.intValue();
        }
    }

    @Override // org.kie.api.task.UserGroupCallback
    public boolean existsUser(String str) {
        return true;
    }

    @Override // org.kie.api.task.UserGroupCallback
    public boolean existsGroup(String str) {
        return true;
    }

    public static void addExternalUserGroupAdapter(UserGroupAdapter userGroupAdapter) {
        if (externalUserGroupAdapterLocal.get() != null) {
            throw new IllegalStateException("The external UserGroupAdapter has already been set! (" + externalUserGroupAdapterLocal.get().getClass().getName() + ")");
        }
        externalUserGroupAdapterLocal.set(userGroupAdapter);
    }

    public static void clearExternalUserGroupAdapter() {
        externalUserGroupAdapterLocal.set(null);
    }

    @Override // org.kie.api.task.UserGroupCallback
    public List<String> getGroupsForUser(String str) {
        HashSet hashSet = new HashSet();
        try {
            Iterator<String> it = getRealm().getRealmIdentityForUpdate(new NamePrincipal(str)).getAttributes().get("role").iterator();
            while (it.hasNext()) {
                hashSet.add(it.next());
            }
        } catch (RealmUnavailableException e) {
            Iterator<UserGroupAdapter> it2 = this.ugAdapterServiceLoader.iterator();
            while (it2.hasNext()) {
                UserGroupAdapter next = it2.next();
                logger.debug("Adding roles from UserGroupAdapter service ({})", next.getClass().getSimpleName());
                List<String> groupsForUser = next.getGroupsForUser(str);
                if (groupsForUser != null) {
                    hashSet.addAll(groupsForUser);
                }
            }
        }
        UserGroupAdapter userGroupAdapter = externalUserGroupAdapterLocal.get();
        if (userGroupAdapter != null) {
            logger.debug("Adding roles from external UserGroupAdapter ({})", userGroupAdapter.getClass().getSimpleName());
            List<String> groupsForUser2 = userGroupAdapter.getGroupsForUser(str);
            if (groupsForUser2 != null) {
                hashSet.addAll(groupsForUser2);
            }
        }
        return new ArrayList(hashSet);
    }

    private FileSystemSecurityRealm getRealm() {
        return new FileSystemSecurityRealm(Paths.get(this.folderPath, new String[0]), NameRewriter.IDENTITY_REWRITER, this.levels, this.encoded);
    }
}
