package org.jbpm.services.task.identity;

import java.io.IOException;
import java.io.InputStream;
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.ServiceLoader;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import org.hibernate.secure.internal.JACCPermissions;
import org.jbpm.services.task.identity.adapter.UserGroupAdapter;
import org.kie.internal.task.api.UserGroupCallback;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/jbpm-human-task-core-6.1.0.Beta2.jar:org/jbpm/services/task/identity/JAASUserGroupCallbackImpl.class */
public class JAASUserGroupCallbackImpl implements UserGroupCallback {
    private static final Logger logger = LoggerFactory.getLogger(JAASUserGroupCallbackImpl.class);
    protected static final String DEFAULT_PROPERTIES_NAME = "/jbpm.usergroup.callback.properties";
    private ServiceLoader<UserGroupAdapter> ugAdapterServiceLoader;
    private String rolePrincipleName;

    public JAASUserGroupCallbackImpl(boolean z) {
        this("Roles");
        String property = System.getProperty("jbpm.usergroup.callback.properties");
        InputStream resourceAsStream = getClass().getResourceAsStream(property == null ? DEFAULT_PROPERTIES_NAME : property);
        if (resourceAsStream != null) {
            Properties properties = new Properties();
            try {
                properties.load(resourceAsStream);
                this.rolePrincipleName = properties.getProperty("jaas.role.principle.name");
            } catch (IOException e) {
                logger.error("Error when loading properties for JAAS user group callback", (Throwable) e);
            }
        }
    }

    public JAASUserGroupCallbackImpl(String str) {
        this.ugAdapterServiceLoader = ServiceLoader.load(UserGroupAdapter.class);
        this.rolePrincipleName = null;
        this.rolePrincipleName = str;
    }

    public String getRolePrincipleName() {
        return this.rolePrincipleName;
    }

    public void setRolePrincipleName(String str) {
        this.rolePrincipleName = str;
    }

    @Override // org.kie.internal.task.api.UserGroupCallback, org.kie.api.task.UserGroupCallback
    public boolean existsUser(String str) {
        return true;
    }

    @Override // org.kie.internal.task.api.UserGroupCallback, org.kie.api.task.UserGroupCallback
    public boolean existsGroup(String str) {
        return true;
    }

    @Override // org.kie.internal.task.api.UserGroupCallback, org.kie.api.task.UserGroupCallback
    public List<String> getGroupsForUser(String str, List<String> list, List<String> list2) {
        ArrayList arrayList = new ArrayList();
        try {
            Subject subjectFromContainer = getSubjectFromContainer();
            if (subjectFromContainer != null) {
                Set<Principal> principals = subjectFromContainer.getPrincipals();
                if (principals != null) {
                    arrayList = new ArrayList();
                    Iterator<Principal> it = principals.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Principal next = it.next();
                        if ((next instanceof Group) && this.rolePrincipleName.equalsIgnoreCase(next.getName())) {
                            Enumeration<? extends Principal> members = ((Group) next).members();
                            while (members.hasMoreElements()) {
                                arrayList.add(members.nextElement().getName());
                            }
                        }
                    }
                }
            } else {
                Iterator<UserGroupAdapter> it2 = this.ugAdapterServiceLoader.iterator();
                while (it2.hasNext()) {
                    List<String> groupsForUser = it2.next().getGroupsForUser(str);
                    if (groupsForUser != null) {
                        arrayList.addAll(groupsForUser);
                    }
                }
            }
        } catch (Exception e) {
            logger.error("Error when getting user roles, userid:" + str, (Throwable) e);
        }
        return arrayList;
    }

    protected Subject getSubjectFromContainer() {
        try {
            return (Subject) PolicyContext.getContext(JACCPermissions.PolicyContextActions.SUBJECT_CONTEXT_KEY);
        } catch (Exception e) {
            return null;
        }
    }
}
