package org.camunda.bpm.webapp.impl.security.auth;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.core.Response;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.Tenant;
import org.camunda.bpm.engine.rest.exception.InvalidRequestException;
import org.camunda.bpm.webapp.impl.util.ProcessEngineUtil;

/* JADX WARN: Classes with same name are omitted:
  input_file:BOOT-INF/lib/camunda-webapp-3.0.0-SP.45-classes.jar:org/camunda/bpm/webapp/impl/security/auth/AuthenticationService.class
 */
/* loaded from: input_file:BOOT-INF/lib/camunda-webapp-7.10.0-classes.jar:org/camunda/bpm/webapp/impl/security/auth/AuthenticationService.class */
public class AuthenticationService {
    public static final String[] APPS = {"cockpit", "tasklist", "admin"};
    public static final String APP_WELCOME = "welcome";

    public Authentication createAuthenticate(String str, String str2) {
        return createAuthenticate(str, str2, (List<String>) null, (List<String>) null);
    }

    public Authentication createAuthenticate(String str, String str2, List<String> list, List<String> list2) {
        ProcessEngine lookupProcessEngine = ProcessEngineUtil.lookupProcessEngine(str);
        if (lookupProcessEngine == null) {
            throw new InvalidRequestException(Response.Status.BAD_REQUEST, "Process engine with name " + str + " does not exist");
        }
        return createAuthenticate(lookupProcessEngine, str2, list, list2);
    }

    public Authentication createAuthenticate(ProcessEngine processEngine, String str, List<String> list, List<String> list2) {
        String id = processEngine.getIdentityService().createUserQuery().userId(str).singleResult().getId();
        processEngine.getIdentityService().clearAuthentication();
        if (list == null) {
            list = getGroupsOfUser(processEngine, id);
        }
        if (list2 == null) {
            list2 = getTenantsOfUser(processEngine, id);
        }
        AuthorizationService authorizationService = processEngine.getAuthorizationService();
        HashSet hashSet = new HashSet();
        hashSet.add(APP_WELCOME);
        if (processEngine.getProcessEngineConfiguration().isAuthorizationEnabled()) {
            for (String str2 : APPS) {
                if (isAuthorizedForApp(authorizationService, id, list, str2)) {
                    hashSet.add(str2);
                }
            }
        } else {
            Collections.addAll(hashSet, APPS);
        }
        UserAuthentication userAuthentication = new UserAuthentication(id, processEngine.getName());
        userAuthentication.setGroupIds(list);
        userAuthentication.setTenantIds(list2);
        userAuthentication.setAuthorizedApps(hashSet);
        return userAuthentication;
    }

    public List<String> getTenantsOfUser(ProcessEngine processEngine, String str) {
        List<Tenant> list = processEngine.getIdentityService().createTenantQuery().userMember(str).includingGroupsOfUser(true).list();
        ArrayList arrayList = new ArrayList();
        Iterator<Tenant> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getId());
        }
        return arrayList;
    }

    public List<String> getGroupsOfUser(ProcessEngine processEngine, String str) {
        List<Group> list = processEngine.getIdentityService().createGroupQuery().groupMember(str).list();
        ArrayList arrayList = new ArrayList();
        Iterator<Group> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getId());
        }
        return arrayList;
    }

    protected boolean isAuthorizedForApp(AuthorizationService authorizationService, String str, List<String> list, String str2) {
        return authorizationService.isUserAuthorized(str, list, Permissions.ACCESS, Resources.APPLICATION, str2);
    }
}
