package org.camunda.bpm.webapp.impl.security.auth;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.Tenant;
import org.camunda.bpm.engine.rest.exception.InvalidRequestException;
import org.camunda.bpm.webapp.impl.util.ProcessEngineUtil;

/* JADX WARN: Classes with same name are omitted:
  input_file:BOOT-INF/lib/camunda-webapp-2.9.1-SP.16-classes.jar:org/camunda/bpm/webapp/impl/security/auth/UserAuthenticationResource.class
 */
@Path(UserAuthenticationResource.PATH)
/* loaded from: input_file:BOOT-INF/lib/camunda-webapp-7.10.0-classes.jar:org/camunda/bpm/webapp/impl/security/auth/UserAuthenticationResource.class */
public class UserAuthenticationResource {
    public static final String PATH = "/auth/user";

    @Context
    protected HttpServletRequest request;

    @GET
    @Path("/{processEngineName}")
    public Response getAuthenticatedUser(@PathParam("processEngineName") String str) {
        Authentication authenticationForProcessEngine;
        Authentications current = Authentications.getCurrent();
        if (current != null && (authenticationForProcessEngine = current.getAuthenticationForProcessEngine(str)) != null) {
            return Response.ok(AuthenticationDto.fromAuthentication(authenticationForProcessEngine)).build();
        }
        return notFound();
    }

    @POST
    @Path("/{processEngineName}/login/{appName}")
    public Response doLogin(@PathParam("processEngineName") String str, @PathParam("appName") String str2, @FormParam("username") String str3, @FormParam("password") String str4) {
        ProcessEngine lookupProcessEngine = ProcessEngineUtil.lookupProcessEngine(str);
        if (lookupProcessEngine == null) {
            throw new InvalidRequestException(Response.Status.BAD_REQUEST, "Process engine with name " + str + " does not exist");
        }
        lookupProcessEngine.getIdentityService().clearAuthentication();
        if (!lookupProcessEngine.getIdentityService().checkPassword(str3, str4)) {
            return unauthorized();
        }
        UserAuthentication userAuthentication = (UserAuthentication) new AuthenticationService().createAuthenticate(lookupProcessEngine, str3, (List<String>) null, (List<String>) null);
        if (!userAuthentication.getAuthorizedApps().contains(str2)) {
            return forbidden();
        }
        if (this.request != null) {
            Authentications.revalidateSession(this.request, userAuthentication);
        }
        return Response.ok(AuthenticationDto.fromAuthentication(userAuthentication)).build();
    }

    protected List<String> getGroupsOfUser(ProcessEngine processEngine, String str) {
        List<Group> list = processEngine.getIdentityService().createGroupQuery().groupMember(str).list();
        ArrayList arrayList = new ArrayList();
        Iterator<Group> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getId());
        }
        return arrayList;
    }

    protected List<String> getTenantsOfUser(ProcessEngine processEngine, String str) {
        List<Tenant> list = processEngine.getIdentityService().createTenantQuery().userMember(str).includingGroupsOfUser(true).list();
        ArrayList arrayList = new ArrayList();
        Iterator<Tenant> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getId());
        }
        return arrayList;
    }

    @POST
    @Path("/{processEngineName}/logout")
    public Response doLogout(@PathParam("processEngineName") String str) {
        Authentications.getCurrent().removeAuthenticationForProcessEngine(str);
        return Response.ok().build();
    }

    protected Response unauthorized() {
        return Response.status(Response.Status.UNAUTHORIZED).build();
    }

    protected Response forbidden() {
        return Response.status(Response.Status.FORBIDDEN).build();
    }

    protected Response notFound() {
        return Response.status(Response.Status.NOT_FOUND).build();
    }
}
