package org.kie.remote.services.jms;

import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import javax.annotation.Resource;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import javax.inject.Inject;
import javax.jms.Connection;
import javax.jms.ConnectionFactory;
import javax.jms.JMSException;
import javax.jms.Message;
import javax.jms.MessageListener;
import javax.jms.MessageProducer;
import javax.jms.Queue;
import javax.jms.Session;
import javax.jms.TextMessage;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.chemistry.opencmis.commons.exceptions.CmisConnectionException;
import org.apache.commons.jxpath.servlet.Constants;
import org.jbpm.services.task.commands.TaskCommand;
import org.jbpm.services.task.identity.JAASUserGroupCallbackImpl;
import org.jbpm.services.task.identity.adapter.UserGroupAdapter;
import org.kie.api.command.Command;
import org.kie.remote.services.AcceptedServerCommands;
import org.kie.remote.services.cdi.DeploymentInfoBean;
import org.kie.remote.services.cdi.ProcessRequestBean;
import org.kie.remote.services.exception.KieRemoteServicesInternalError;
import org.kie.remote.services.exception.KieRemoteServicesRuntimeException;
import org.kie.remote.services.jaxb.JaxbCommandsRequest;
import org.kie.remote.services.jaxb.JaxbCommandsResponse;
import org.kie.remote.services.jaxb.ServerJaxbSerializationProvider;
import org.kie.remote.services.jms.request.BackupIdentityProviderProducer;
import org.kie.remote.services.jms.security.JmsUserGroupAdapter;
import org.kie.remote.services.jms.security.UserPassCallbackHandler;
import org.kie.remote.services.rest.jaxb.DynamicJaxbContext;
import org.kie.remote.services.rest.jaxb.DynamicJaxbContextFilter;
import org.kie.services.client.serialization.SerializationConstants;
import org.kie.services.client.serialization.SerializationException;
import org.kie.services.client.serialization.SerializationProvider;
import org.kie.services.client.serialization.jaxb.impl.JaxbRequestStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.uberfire.backend.server.security.IOServiceSecuritySetup;

/* loaded from: input_file:WEB-INF/lib/kie-remote-services-6.3.0.CR1.jar:org/kie/remote/services/jms/RequestMessageBean.class */
public class RequestMessageBean implements MessageListener {
    private static final Logger logger = LoggerFactory.getLogger(RequestMessageBean.class);

    @Resource(mappedName = "java:/JmsXA")
    private ConnectionFactory factory;
    private Session session;
    private Connection connection;

    @Inject
    private RetryTrackerSingleton retryTracker;

    @Inject
    protected DeploymentInfoBean runtimeMgrMgr;

    @Inject
    protected ProcessRequestBean processRequestBean;

    @Inject
    protected BackupIdentityProviderProducer backupIdentityProviderProducer;

    @Inject
    private DynamicJaxbContext dynamicJaxbContext;
    private String RESPONSE_QUEUE_NAME = null;
    private static final String RESPONSE_QUEUE_NAME_PROPERTY = "kie.services.jms.queues.response";
    private static final String ID_NECESSARY = "This id is needed to be able to match a request to a response message.";
    private static final String USERNAME_PROPERTY = "username";
    private static final String PASSWORD_PROPERTY = "password";

    @PostConstruct
    public void init() {
        this.RESPONSE_QUEUE_NAME = System.getProperty(RESPONSE_QUEUE_NAME_PROPERTY, "queue/KIE.RESPONSE.ALL");
        try {
            this.connection = this.factory.createConnection();
            this.session = this.connection.createSession(false, 1);
            this.connection.start();
        } catch (JMSException e) {
            logger.error("Unable to open new session to send response messages", e);
            throw new KieRemoteServicesRuntimeException("Unable to open new session to send response messages", e);
        }
    }

    @PreDestroy
    public void cleanup() {
        try {
            if (this.connection != null) {
                this.connection.close();
                this.connection = null;
            }
            if (this.session != null) {
                this.session.close();
                this.session = null;
            }
        } catch (JMSException e) {
            String str = "Unable to close " + (this.connection == null ? Constants.SESSION_SCOPE : CmisConnectionException.EXCEPTION_NAME);
            logger.error(str, e);
            throw new KieRemoteServicesRuntimeException(str, e);
        }
    }

    @TransactionAttribute(TransactionAttributeType.REQUIRED)
    public void onMessage(Message message) {
        String str = null;
        boolean z = false;
        try {
            str = message.getJMSMessageID();
            z = message.getJMSRedelivered();
        } catch (JMSException e) {
            logger.warn("Unable to retrieve JMS " + (str == null ? "redelivered flag" : "message id") + " from JMS message. Message will not be returned to queue.", e);
        }
        if (z) {
            if (this.retryTracker.maxRetriesReached(str)) {
                logger.warn("Maximum number of retries (" + this.retryTracker.getMaximumLimitRetries() + ") reached for message " + str);
                logger.warn("Acknowledging message but NOT processing it.");
                return;
            }
            logger.warn("Retry number " + this.retryTracker.incrementRetries(str) + " of message " + str);
        }
        try {
            String jMSCorrelationID = message.getJMSCorrelationID();
            try {
                int intProperty = !message.propertyExists(SerializationConstants.SERIALIZATION_TYPE_PROPERTY_NAME) ? 0 : message.getIntProperty(SerializationConstants.SERIALIZATION_TYPE_PROPERTY_NAME);
                switch (intProperty) {
                    case 0:
                        SerializationProvider jaxbSerializationProvider = getJaxbSerializationProvider(message);
                        JaxbCommandsRequest deserializeRequest = deserializeRequest(message, jMSCorrelationID, jaxbSerializationProvider, intProperty);
                        deserializeRequest.setUserPass(getUserPass(message));
                        Message serializeResponse = serializeResponse(this.session, jMSCorrelationID, intProperty, jaxbSerializationProvider, jmsProcessJaxbCommandsRequest(deserializeRequest));
                        jaxbSerializationProvider.dispose();
                        sendResponse(jMSCorrelationID, intProperty, serializeResponse);
                        if (z) {
                            this.retryTracker.clearRetries(str);
                            return;
                        }
                        return;
                    default:
                        throw new KieRemoteServicesInternalError("Unknown serialization type: " + intProperty);
                }
            } catch (JMSException e2) {
                throw new KieRemoteServicesRuntimeException("Unable to get properties from message " + jMSCorrelationID + ".", e2);
            }
        } catch (JMSException e3) {
            throw new KieRemoteServicesRuntimeException("Unable to retrieve JMS correlation id from message! This id is needed to be able to match a request to a response message.", e3);
        }
    }

    private void sendResponse(String str, int i, Message message) {
        try {
            message.setJMSCorrelationID(str);
            MessageProducer messageProducer = null;
            try {
                try {
                    messageProducer = this.session.createProducer((Queue) new InitialContext().lookup(this.RESPONSE_QUEUE_NAME));
                    messageProducer.send(message);
                    if (messageProducer != null) {
                        try {
                            messageProducer.close();
                        } catch (JMSException e) {
                            logger.debug("Closing the producer resulted in an exception: " + e.getMessage(), e);
                        }
                    }
                } catch (Throwable th) {
                    if (messageProducer != null) {
                        try {
                            messageProducer.close();
                        } catch (JMSException e2) {
                            logger.debug("Closing the producer resulted in an exception: " + e2.getMessage(), e2);
                        }
                    }
                    throw th;
                }
            } catch (JMSException e3) {
                logger.error("Unable to send msg " + str + " to " + this.RESPONSE_QUEUE_NAME, e3);
                if (messageProducer != null) {
                    try {
                        messageProducer.close();
                    } catch (JMSException e4) {
                        logger.debug("Closing the producer resulted in an exception: " + e4.getMessage(), e4);
                    }
                }
            } catch (NamingException e5) {
                logger.error("Unable to lookup response queue " + this.RESPONSE_QUEUE_NAME + " to send msg " + str + " (Is " + RESPONSE_QUEUE_NAME_PROPERTY + " incorrect?).", e5);
                if (messageProducer != null) {
                    try {
                        messageProducer.close();
                    } catch (JMSException e6) {
                        logger.debug("Closing the producer resulted in an exception: " + e6.getMessage(), e6);
                    }
                }
            }
        } catch (JMSException e7) {
            logger.error("Unable to set correlation id of response to msg id " + str, e7);
        }
    }

    private static JaxbCommandsRequest deserializeRequest(Message message, String str, SerializationProvider serializationProvider, int i) {
        try {
            switch (i) {
                case 0:
                    return (JaxbCommandsRequest) serializationProvider.deserialize(((TextMessage) message).getText());
                default:
                    throw new KieRemoteServicesRuntimeException("Unknown serialization type when deserializing message " + str + ":" + i);
            }
        } catch (JMSException e) {
            throw new KieRemoteServicesRuntimeException("Unable to read information from message " + str + ".", e);
        } catch (Exception e2) {
            throw new KieRemoteServicesInternalError("Unable to serialize String to " + JaxbCommandsRequest.class.getSimpleName() + " [msg id: " + str + "].", e2);
        }
    }

    private SerializationProvider getJaxbSerializationProvider(Message message) {
        try {
            if (message.propertyExists(SerializationConstants.DEPLOYMENT_ID_PROPERTY_NAME)) {
                DynamicJaxbContext.setDeploymentJaxbContext(message.getStringProperty(SerializationConstants.DEPLOYMENT_ID_PROPERTY_NAME));
            } else {
                DynamicJaxbContext.setDeploymentJaxbContext(DynamicJaxbContextFilter.DEFAULT_JAXB_CONTEXT_ID);
            }
            return ServerJaxbSerializationProvider.newInstance(this.dynamicJaxbContext);
        } catch (JMSException e) {
            throw new KieRemoteServicesInternalError("Unable to check or read JMS message for property.", e);
        } catch (SerializationException e2) {
            throw new KieRemoteServicesRuntimeException("Unable to load classes needed for JAXB deserialization.", e2);
        }
    }

    private static Message serializeResponse(Session session, String str, int i, SerializationProvider serializationProvider, JaxbCommandsResponse jaxbCommandsResponse) {
        try {
            switch (i) {
                case 0:
                    TextMessage createTextMessage = session.createTextMessage(serializationProvider.serialize(jaxbCommandsResponse));
                    createTextMessage.setIntProperty(SerializationConstants.SERIALIZATION_TYPE_PROPERTY_NAME, i);
                    return createTextMessage;
                default:
                    throw new KieRemoteServicesRuntimeException("Unknown serialization type when deserializing message " + str + ":" + i);
            }
        } catch (JMSException e) {
            throw new KieRemoteServicesRuntimeException("Unable to create response message or write to it [msg id: " + str + "].", e);
        } catch (Exception e2) {
            throw new KieRemoteServicesInternalError("Unable to serialize " + jaxbCommandsResponse.getClass().getSimpleName() + " to a String.", e2);
        }
    }

    protected JaxbCommandsResponse jmsProcessJaxbCommandsRequest(JaxbCommandsRequest jaxbCommandsRequest) {
        JaxbCommandsResponse jaxbCommandsResponse = new JaxbCommandsResponse(jaxbCommandsRequest);
        List<Command> commands = jaxbCommandsRequest.getCommands();
        if (commands != null) {
            UserGroupAdapter userGroupAdapter = null;
            for (int i = 0; i < commands.size(); i++) {
                try {
                    Command<?> command = commands.get(i);
                    if (AcceptedServerCommands.isAcceptedCommandClass(command.getClass())) {
                        ArrayList arrayList = new ArrayList();
                        if (command instanceof TaskCommand) {
                            String[] userPass = jaxbCommandsRequest.getUserPass();
                            if (userGroupAdapter == null) {
                                userGroupAdapter = getUserFromMessageAndLookupAndInjectGroups(userPass, arrayList);
                                if (userGroupAdapter == null) {
                                    jaxbCommandsResponse.addException(new IllegalStateException(userPass == null ? "No user/password combination passed in command request and can not login" : "Unable to login for user '" + userPass[0] + "'"), i, command, JaxbRequestStatus.PERMISSIONS_CONFLICT);
                                }
                            }
                            String simpleName = command.getClass().getSimpleName();
                            if (simpleName.startsWith("GetTask")) {
                                String userId = ((TaskCommand) command).getUserId();
                                if (userId == null) {
                                    jaxbCommandsResponse.addException(new IllegalStateException("A null user id for a '" + simpleName + "' is not allowed!"), i, command, JaxbRequestStatus.PERMISSIONS_CONFLICT);
                                } else {
                                    String str = userPass[0];
                                    if (!userId.equals(str)) {
                                        jaxbCommandsResponse.addException(new IllegalStateException("The user id used when retrieving task information (" + userId + ") must match the authenticating user (" + str + ")!"), i, command, JaxbRequestStatus.PERMISSIONS_CONFLICT);
                                    }
                                }
                            }
                        }
                        this.backupIdentityProviderProducer.createBackupIdentityProvider(jaxbCommandsRequest.getUser(), arrayList);
                        this.processRequestBean.processCommand(command, jaxbCommandsRequest, i, jaxbCommandsResponse);
                    } else {
                        String str2 = command.getClass().getName() + " is not a supported command and will not be executed.";
                        logger.warn(str2);
                        jaxbCommandsResponse.addException(new UnsupportedOperationException(str2), i, command, JaxbRequestStatus.FORBIDDEN);
                    }
                } finally {
                    clearUserGroupAdapter(userGroupAdapter);
                }
            }
        }
        if (commands == null || commands.isEmpty()) {
            logger.info("Commands request object with no commands sent!");
        }
        return jaxbCommandsResponse;
    }

    private UserGroupAdapter getUserFromMessageAndLookupAndInjectGroups(String[] strArr, List<String> list) {
        JmsUserGroupAdapter jmsUserGroupAdapter = null;
        try {
        } catch (Exception e) {
            logger.warn("Unable to retrieve group information for user in message: " + e.getMessage(), (Throwable) e);
        }
        if (strArr == null) {
            logger.warn("Unable to retrieve user and password from message: NOT injecting group information.");
            return null;
        }
        Subject tryLogin = tryLogin(strArr);
        if (tryLogin == null) {
            logger.warn("Unable to login to JAAS with received user and password.");
            return null;
        }
        List<Principal> groupsFromSubject = getGroupsFromSubject(tryLogin);
        String[] strArr2 = new String[groupsFromSubject.size()];
        for (int i = 0; i < strArr2.length; i++) {
            strArr2[i] = groupsFromSubject.get(i).getName();
            list.add(strArr2[i]);
        }
        JmsUserGroupAdapter jmsUserGroupAdapter2 = new JmsUserGroupAdapter(strArr[0], strArr2);
        jmsUserGroupAdapter = jmsUserGroupAdapter2;
        JAASUserGroupCallbackImpl.addExternalUserGroupAdapter(jmsUserGroupAdapter2);
        return jmsUserGroupAdapter;
    }

    private void clearUserGroupAdapter(UserGroupAdapter userGroupAdapter) {
        if (userGroupAdapter != null) {
            JAASUserGroupCallbackImpl.clearExternalUserGroupAdapter();
        }
    }

    private String[] getUserPass(Message message) {
        String str = "username";
        try {
            String str2 = null;
            String str3 = null;
            if (message.propertyExists(str)) {
                str2 = message.getStringProperty(str);
            }
            str = "password";
            if (message.propertyExists(str)) {
                str3 = message.getStringProperty(str);
            }
            if (str2 == null || str3 == null) {
                return null;
            }
            return new String[]{str2, str3};
        } catch (Exception e) {
            logger.error("Unable to retrieve '" + str + "' from JMS message.", (Throwable) e);
            return null;
        }
    }

    protected Subject tryLogin(String[] strArr) throws LoginException {
        try {
            LoginContext loginContext = new LoginContext(System.getProperty(IOServiceSecuritySetup.AUTH_DOMAIN_KEY, "kie-jms-login-context"), new UserPassCallbackHandler(strArr));
            loginContext.login();
            return loginContext.getSubject();
        } catch (Exception e) {
            logger.error("Unable to login via JAAS with message supplied user and password", (Throwable) e);
            return null;
        }
    }

    private List<Principal> getGroupsFromSubject(Subject subject) {
        ArrayList arrayList = new ArrayList();
        for (Principal principal : subject.getPrincipals()) {
            if ((principal instanceof Group) && "Roles".equalsIgnoreCase(principal.getName())) {
                Enumeration<? extends Principal> members = ((Group) principal).members();
                while (members.hasMoreElements()) {
                    arrayList.add(members.nextElement());
                }
            }
        }
        return arrayList;
    }
}
