package org.flowable.ui.idm.conf;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.flowable.common.engine.api.FlowableException;
import org.flowable.idm.api.IdmIdentityService;
import org.flowable.idm.api.Privilege;
import org.flowable.idm.api.User;
import org.flowable.spring.boot.ldap.FlowableLdapProperties;
import org.flowable.ui.common.security.DefaultPrivileges;
import org.flowable.ui.idm.properties.FlowableIdmAppProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationListener;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;

@Component
/* loaded from: input_file:WEB-INF/lib/flowable-ui-idm-conf-6.5.0.jar:org/flowable/ui/idm/conf/Bootstrapper.class */
public class Bootstrapper implements ApplicationListener<ContextRefreshedEvent> {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) Bootstrapper.class);

    @Autowired
    private IdmIdentityService identityService;
    private FlowableLdapProperties ldapProperties;

    @Autowired
    private FlowableIdmAppProperties idmAppProperties;

    @Override // org.springframework.context.ApplicationListener
    public void onApplicationEvent(ContextRefreshedEvent contextRefreshedEvent) {
        if (contextRefreshedEvent.getApplicationContext().getParent() == null) {
            if (this.ldapProperties == null || !this.ldapProperties.isEnabled()) {
                if (this.idmAppProperties.isBootstrap()) {
                    createDefaultAdminUserAndPrivileges();
                }
            } else if (this.identityService.createPrivilegeQuery().privilegeName(DefaultPrivileges.ACCESS_IDM).count() == 0) {
                String userId = this.idmAppProperties.getAdmin().getUserId();
                if (StringUtils.isNotEmpty(userId)) {
                    initializeDefaultPrivileges(userId);
                } else {
                    LOGGER.warn("No user found with IDM access. Set flowable.idp.app.admin.user-id to give at least one user access to the IDM application to configure privileges.");
                }
            }
        }
    }

    protected void createDefaultAdminUserAndPrivileges() {
        String userId = this.idmAppProperties.getAdmin().getUserId();
        if (StringUtils.isNotEmpty(userId)) {
            User user = (User) this.identityService.createUserQuery().userId(userId).singleResult();
            if (user == null) {
                LOGGER.info("No admin user found, initializing default entities");
                user = initializeAdminUser();
            }
            initializeDefaultPrivileges(user.getId());
        }
    }

    protected User initializeAdminUser() {
        FlowableIdmAppProperties.Admin admin = this.idmAppProperties.getAdmin();
        String userId = admin.getUserId();
        Assert.notNull(userId, "flowable.idm.app.admin.user-id property must be set");
        String password = admin.getPassword();
        Assert.notNull(password, "flowable.idm.app.admin.password property must be set");
        String firstName = admin.getFirstName();
        Assert.notNull(firstName, "flowable.idm.app.admin.first-name property must be set");
        String lastName = admin.getLastName();
        Assert.notNull(lastName, "flowable.idm.app.admin.last-name property must be set");
        String email = admin.getEmail();
        User newUser = this.identityService.newUser(userId);
        newUser.setFirstName(firstName);
        newUser.setLastName(lastName);
        newUser.setEmail(email);
        newUser.setPassword(password);
        this.identityService.saveUser(newUser);
        return newUser;
    }

    protected void initializeDefaultPrivileges(String str) {
        List<Privilege> list = this.identityService.createPrivilegeQuery().list();
        HashMap hashMap = new HashMap();
        for (Privilege privilege : list) {
            hashMap.put(privilege.getName(), privilege);
        }
        Privilege findOrCreatePrivilege = findOrCreatePrivilege(DefaultPrivileges.ACCESS_IDM, hashMap);
        if (!privilegeMappingExists(str, findOrCreatePrivilege)) {
            this.identityService.addUserPrivilegeMapping(findOrCreatePrivilege.getId(), str);
        }
        Privilege findOrCreatePrivilege2 = findOrCreatePrivilege(DefaultPrivileges.ACCESS_ADMIN, hashMap);
        if (!privilegeMappingExists(str, findOrCreatePrivilege2)) {
            this.identityService.addUserPrivilegeMapping(findOrCreatePrivilege2.getId(), str);
        }
        Privilege findOrCreatePrivilege3 = findOrCreatePrivilege(DefaultPrivileges.ACCESS_MODELER, hashMap);
        if (!privilegeMappingExists(str, findOrCreatePrivilege3)) {
            this.identityService.addUserPrivilegeMapping(findOrCreatePrivilege3.getId(), str);
        }
        Privilege findOrCreatePrivilege4 = findOrCreatePrivilege(DefaultPrivileges.ACCESS_TASK, hashMap);
        if (!privilegeMappingExists(str, findOrCreatePrivilege4)) {
            this.identityService.addUserPrivilegeMapping(findOrCreatePrivilege4.getId(), str);
        }
        Privilege findOrCreatePrivilege5 = findOrCreatePrivilege(DefaultPrivileges.ACCESS_REST_API, hashMap);
        if (privilegeMappingExists(str, findOrCreatePrivilege5)) {
            return;
        }
        this.identityService.addUserPrivilegeMapping(findOrCreatePrivilege5.getId(), str);
    }

    protected Privilege findOrCreatePrivilege(String str, Map<String, Privilege> map) {
        Privilege singleResult;
        if (map.containsKey(str)) {
            singleResult = map.get(str);
        } else {
            try {
                singleResult = this.identityService.createPrivilege(str);
            } catch (Exception e) {
                singleResult = this.identityService.createPrivilegeQuery().privilegeName(str).singleResult();
            }
        }
        if (singleResult == null) {
            throw new FlowableException("Could not find or create access-rest-api privilege");
        }
        return singleResult;
    }

    protected boolean privilegeMappingExists(String str, Privilege privilege) {
        return this.identityService.createPrivilegeQuery().userId(str).privilegeId(privilege.getId()).singleResult() != null;
    }

    @Autowired(required = false)
    public void setLdapProperties(FlowableLdapProperties flowableLdapProperties) {
        this.ldapProperties = flowableLdapProperties;
    }
}
