package org.camunda.bpm.engine.impl.identity.db;

import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.Callable;
import org.camunda.bpm.container.impl.metadata.DeploymentMetadataConstants;
import org.camunda.bpm.engine.AuthenticationException;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.Tenant;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl;
import org.camunda.bpm.engine.impl.context.Context;
import org.camunda.bpm.engine.impl.identity.WritableIdentityProvider;
import org.camunda.bpm.engine.impl.persistence.entity.GroupEntity;
import org.camunda.bpm.engine.impl.persistence.entity.MembershipEntity;
import org.camunda.bpm.engine.impl.persistence.entity.TenantEntity;
import org.camunda.bpm.engine.impl.persistence.entity.TenantMembershipEntity;
import org.camunda.bpm.engine.impl.persistence.entity.UserEntity;
import org.camunda.bpm.engine.impl.util.ClockUtil;
import org.camunda.bpm.engine.impl.util.EnsureUtil;

/* loaded from: input_file:BOOT-INF/lib/camunda-engine-7.10.0.jar:org/camunda/bpm/engine/impl/identity/db/DbIdentityServiceProvider.class */
public class DbIdentityServiceProvider extends DbReadOnlyIdentityServiceProvider implements WritableIdentityProvider {
    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public UserEntity createNewUser(String str) {
        checkAuthorization(Permissions.CREATE, Resources.USER, null);
        return new UserEntity(str);
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public User saveUser(User user) {
        UserEntity userEntity = (UserEntity) user;
        userEntity.encryptPassword();
        if (userEntity.getRevision() == 0) {
            checkAuthorization(Permissions.CREATE, Resources.USER, null);
            getDbEntityManager().insert(userEntity);
            createDefaultAuthorizations(userEntity);
        } else {
            checkAuthorization(Permissions.UPDATE, Resources.USER, user.getId());
            getDbEntityManager().merge(userEntity);
        }
        return userEntity;
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public void deleteUser(final String str) {
        checkAuthorization(Permissions.DELETE, Resources.USER, str);
        UserEntity findUserById = findUserById(str);
        if (findUserById != null) {
            deleteMembershipsByUserId(str);
            deleteTenantMembershipsOfUser(str);
            deleteAuthorizations(Resources.USER, str);
            Context.getCommandContext().runWithoutAuthorization(new Callable<Void>() { // from class: org.camunda.bpm.engine.impl.identity.db.DbIdentityServiceProvider.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Void call() throws Exception {
                    List<Tenant> list = DbIdentityServiceProvider.this.createTenantQuery().userMember(str).list();
                    if (list == null || list.isEmpty()) {
                        return null;
                    }
                    Iterator<Tenant> it = list.iterator();
                    while (it.hasNext()) {
                        DbIdentityServiceProvider.this.deleteAuthorizationsForUser(Resources.TENANT, it.next().getId(), str);
                    }
                    return null;
                }
            });
            getDbEntityManager().delete(findUserById);
        }
    }

    @Override // org.camunda.bpm.engine.impl.identity.db.DbReadOnlyIdentityServiceProvider, org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider
    public boolean checkPassword(String str, String str2) {
        UserEntity findUserById = findUserById(str);
        if (findUserById == null || str2 == null) {
            return false;
        }
        if (isUserLocked(findUserById)) {
            throw new AuthenticationException(str, findUserById.getLockExpirationTime());
        }
        if (matchPassword(str2, findUserById)) {
            unlockUser(findUserById);
            return true;
        }
        lockUser(findUserById);
        return false;
    }

    protected boolean isUserLocked(UserEntity userEntity) {
        if (userEntity.getAttempts() >= Context.getProcessEngineConfiguration().getLoginMaxAttempts()) {
            throw new AuthenticationException(userEntity.getId());
        }
        Date lockExpirationTime = userEntity.getLockExpirationTime();
        return lockExpirationTime != null && lockExpirationTime.after(ClockUtil.getCurrentTime());
    }

    protected void lockUser(UserEntity userEntity) {
        ProcessEngineConfigurationImpl processEngineConfiguration = Context.getProcessEngineConfiguration();
        int loginDelayMaxTime = processEngineConfiguration.getLoginDelayMaxTime();
        int loginDelayBase = processEngineConfiguration.getLoginDelayBase();
        int loginDelayFactor = processEngineConfiguration.getLoginDelayFactor();
        getIdentityInfoManager().updateUserLock(userEntity, userEntity.getAttempts() + 1, new Date(ClockUtil.getCurrentTime().getTime() + (Math.min((long) (loginDelayBase * Math.pow(loginDelayFactor, r0 - 1)), loginDelayMaxTime) * 1000)));
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public void unlockUser(String str) {
        UserEntity findUserById = findUserById(str);
        if (findUserById != null) {
            unlockUser(findUserById);
        }
    }

    protected void unlockUser(UserEntity userEntity) {
        if (userEntity.getAttempts() > 0 || userEntity.getLockExpirationTime() != null) {
            getIdentityInfoManager().updateUserLock(userEntity, 0, null);
        }
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public GroupEntity createNewGroup(String str) {
        checkAuthorization(Permissions.CREATE, Resources.GROUP, null);
        return new GroupEntity(str);
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public GroupEntity saveGroup(Group group) {
        GroupEntity groupEntity = (GroupEntity) group;
        if (groupEntity.getRevision() == 0) {
            checkAuthorization(Permissions.CREATE, Resources.GROUP, null);
            getDbEntityManager().insert(groupEntity);
            createDefaultAuthorizations(group);
        } else {
            checkAuthorization(Permissions.UPDATE, Resources.GROUP, group.getId());
            getDbEntityManager().merge(groupEntity);
        }
        return groupEntity;
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public void deleteGroup(final String str) {
        checkAuthorization(Permissions.DELETE, Resources.GROUP, str);
        GroupEntity findGroupById = findGroupById(str);
        if (findGroupById != null) {
            deleteMembershipsByGroupId(str);
            deleteTenantMembershipsOfGroup(str);
            deleteAuthorizations(Resources.GROUP, str);
            Context.getCommandContext().runWithoutAuthorization(new Callable<Void>() { // from class: org.camunda.bpm.engine.impl.identity.db.DbIdentityServiceProvider.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Void call() throws Exception {
                    List<Tenant> list = DbIdentityServiceProvider.this.createTenantQuery().groupMember(str).list();
                    if (list == null || list.isEmpty()) {
                        return null;
                    }
                    Iterator<Tenant> it = list.iterator();
                    while (it.hasNext()) {
                        DbIdentityServiceProvider.this.deleteAuthorizationsForGroup(Resources.TENANT, it.next().getId(), str);
                    }
                    return null;
                }
            });
            getDbEntityManager().delete(findGroupById);
        }
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public Tenant createNewTenant(String str) {
        checkAuthorization(Permissions.CREATE, Resources.TENANT, null);
        return new TenantEntity(str);
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public Tenant saveTenant(Tenant tenant) {
        TenantEntity tenantEntity = (TenantEntity) tenant;
        if (tenantEntity.getRevision() == 0) {
            checkAuthorization(Permissions.CREATE, Resources.TENANT, null);
            getDbEntityManager().insert(tenantEntity);
            createDefaultAuthorizations(tenant);
        } else {
            checkAuthorization(Permissions.UPDATE, Resources.TENANT, tenant.getId());
            getDbEntityManager().merge(tenantEntity);
        }
        return tenantEntity;
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public void deleteTenant(String str) {
        checkAuthorization(Permissions.DELETE, Resources.TENANT, str);
        TenantEntity findTenantById = findTenantById(str);
        if (findTenantById != null) {
            deleteTenantMembershipsOfTenant(str);
            deleteAuthorizations(Resources.TENANT, str);
            getDbEntityManager().delete(findTenantById);
        }
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public void createMembership(String str, String str2) {
        checkAuthorization(Permissions.CREATE, Resources.GROUP_MEMBERSHIP, str2);
        UserEntity findUserById = findUserById(str);
        GroupEntity findGroupById = findGroupById(str2);
        MembershipEntity membershipEntity = new MembershipEntity();
        membershipEntity.setUser(findUserById);
        membershipEntity.setGroup(findGroupById);
        getDbEntityManager().insert(membershipEntity);
        createDefaultMembershipAuthorizations(str, str2);
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public void deleteMembership(String str, String str2) {
        checkAuthorization(Permissions.DELETE, Resources.GROUP_MEMBERSHIP, str2);
        deleteAuthorizations(Resources.GROUP_MEMBERSHIP, str2);
        HashMap hashMap = new HashMap();
        hashMap.put("userId", str);
        hashMap.put("groupId", str2);
        getDbEntityManager().delete(MembershipEntity.class, "deleteMembership", hashMap);
    }

    protected void deleteMembershipsByUserId(String str) {
        getDbEntityManager().delete(MembershipEntity.class, "deleteMembershipsByUserId", str);
    }

    protected void deleteMembershipsByGroupId(String str) {
        getDbEntityManager().delete(MembershipEntity.class, "deleteMembershipsByGroupId", str);
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public void createTenantUserMembership(String str, String str2) {
        checkAuthorization(Permissions.CREATE, Resources.TENANT_MEMBERSHIP, str);
        TenantEntity findTenantById = findTenantById(str);
        UserEntity findUserById = findUserById(str2);
        EnsureUtil.ensureNotNull("No tenant found with id '" + str + "'.", "tenant", findTenantById);
        EnsureUtil.ensureNotNull("No user found with id '" + str2 + "'.", "user", findUserById);
        TenantMembershipEntity tenantMembershipEntity = new TenantMembershipEntity();
        tenantMembershipEntity.setTenant(findTenantById);
        tenantMembershipEntity.setUser(findUserById);
        getDbEntityManager().insert(tenantMembershipEntity);
        createDefaultTenantMembershipAuthorizations(findTenantById, findUserById);
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public void createTenantGroupMembership(String str, String str2) {
        checkAuthorization(Permissions.CREATE, Resources.TENANT_MEMBERSHIP, str);
        TenantEntity findTenantById = findTenantById(str);
        GroupEntity findGroupById = findGroupById(str2);
        EnsureUtil.ensureNotNull("No tenant found with id '" + str + "'.", "tenant", findTenantById);
        EnsureUtil.ensureNotNull("No group found with id '" + str2 + "'.", "group", findGroupById);
        TenantMembershipEntity tenantMembershipEntity = new TenantMembershipEntity();
        tenantMembershipEntity.setTenant(findTenantById);
        tenantMembershipEntity.setGroup(findGroupById);
        getDbEntityManager().insert(tenantMembershipEntity);
        createDefaultTenantMembershipAuthorizations(findTenantById, findGroupById);
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public void deleteTenantUserMembership(String str, String str2) {
        checkAuthorization(Permissions.DELETE, Resources.TENANT_MEMBERSHIP, str);
        deleteAuthorizations(Resources.TENANT_MEMBERSHIP, str2);
        deleteAuthorizationsForUser(Resources.TENANT, str, str2);
        HashMap hashMap = new HashMap();
        hashMap.put(DeploymentMetadataConstants.TENANT_ID, str);
        hashMap.put("userId", str2);
        getDbEntityManager().delete(TenantMembershipEntity.class, "deleteTenantMembership", hashMap);
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public void deleteTenantGroupMembership(String str, String str2) {
        checkAuthorization(Permissions.DELETE, Resources.TENANT_MEMBERSHIP, str);
        deleteAuthorizations(Resources.TENANT_MEMBERSHIP, str2);
        deleteAuthorizationsForGroup(Resources.TENANT, str, str2);
        HashMap hashMap = new HashMap();
        hashMap.put(DeploymentMetadataConstants.TENANT_ID, str);
        hashMap.put("groupId", str2);
        getDbEntityManager().delete(TenantMembershipEntity.class, "deleteTenantMembership", hashMap);
    }

    protected void deleteTenantMembershipsOfUser(String str) {
        getDbEntityManager().delete(TenantMembershipEntity.class, "deleteTenantMembershipsOfUser", str);
    }

    protected void deleteTenantMembershipsOfGroup(String str) {
        getDbEntityManager().delete(TenantMembershipEntity.class, "deleteTenantMembershipsOfGroup", str);
    }

    protected void deleteTenantMembershipsOfTenant(String str) {
        getDbEntityManager().delete(TenantMembershipEntity.class, "deleteTenantMembershipsOfTenant", str);
    }

    protected void createDefaultAuthorizations(UserEntity userEntity) {
        if (Context.getProcessEngineConfiguration().isAuthorizationEnabled()) {
            saveDefaultAuthorizations(getResourceAuthorizationProvider().newUser(userEntity));
        }
    }

    protected void createDefaultAuthorizations(Group group) {
        if (isAuthorizationEnabled()) {
            saveDefaultAuthorizations(getResourceAuthorizationProvider().newGroup(group));
        }
    }

    protected void createDefaultAuthorizations(Tenant tenant) {
        if (isAuthorizationEnabled()) {
            saveDefaultAuthorizations(getResourceAuthorizationProvider().newTenant(tenant));
        }
    }

    protected void createDefaultMembershipAuthorizations(String str, String str2) {
        if (isAuthorizationEnabled()) {
            saveDefaultAuthorizations(getResourceAuthorizationProvider().groupMembershipCreated(str2, str));
        }
    }

    protected void createDefaultTenantMembershipAuthorizations(Tenant tenant, User user) {
        if (isAuthorizationEnabled()) {
            saveDefaultAuthorizations(getResourceAuthorizationProvider().tenantMembershipCreated(tenant, user));
        }
    }

    protected void createDefaultTenantMembershipAuthorizations(Tenant tenant, Group group) {
        if (isAuthorizationEnabled()) {
            saveDefaultAuthorizations(getResourceAuthorizationProvider().tenantMembershipCreated(tenant, group));
        }
    }
}
