package org.camunda.bpm.engine.rest.impl;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import javax.ws.rs.core.Response;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.rest.IdentityRestService;
import org.camunda.bpm.engine.rest.dto.identity.BasicUserCredentialsDto;
import org.camunda.bpm.engine.rest.dto.identity.CheckPasswordPolicyResultDto;
import org.camunda.bpm.engine.rest.dto.identity.PasswordPolicyDto;
import org.camunda.bpm.engine.rest.dto.identity.PasswordPolicyRequestDto;
import org.camunda.bpm.engine.rest.dto.identity.UserProfileDto;
import org.camunda.bpm.engine.rest.dto.task.GroupDto;
import org.camunda.bpm.engine.rest.dto.task.GroupInfoDto;
import org.camunda.bpm.engine.rest.dto.task.UserDto;
import org.camunda.bpm.engine.rest.exception.InvalidRequestException;
import org.camunda.bpm.engine.rest.security.auth.AuthenticationResult;

/* loaded from: input_file:WEB-INF/lib/camunda-engine-rest-core-7.20.0-alpha4.jar:org/camunda/bpm/engine/rest/impl/IdentityRestServiceImpl.class */
public class IdentityRestServiceImpl extends AbstractRestProcessEngineAware implements IdentityRestService {
    public IdentityRestServiceImpl(String str, ObjectMapper objectMapper) {
        super(str, objectMapper);
    }

    @Override // org.camunda.bpm.engine.rest.IdentityRestService
    public GroupInfoDto getGroupInfo(String str) {
        if (str == null) {
            throw new InvalidRequestException(Response.Status.BAD_REQUEST, "No user id was supplied");
        }
        IdentityService identityService = getProcessEngine().getIdentityService();
        List<Group> unlimitedList = identityService.createGroupQuery().groupMember(str).orderByGroupName().asc().unlimitedList();
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        for (Group group : unlimitedList) {
            for (User user : identityService.createUserQuery().memberOfGroup(group.getId()).unlimitedList()) {
                if (!user.getId().equals(str)) {
                    hashSet.add(new UserDto(user.getId(), user.getFirstName(), user.getLastName()));
                }
            }
            arrayList.add(new GroupDto(group.getId(), group.getName()));
        }
        return new GroupInfoDto(arrayList, hashSet);
    }

    @Override // org.camunda.bpm.engine.rest.IdentityRestService
    public AuthenticationResult verifyUser(BasicUserCredentialsDto basicUserCredentialsDto) {
        if (basicUserCredentialsDto.getUsername() == null || basicUserCredentialsDto.getPassword() == null) {
            throw new InvalidRequestException(Response.Status.BAD_REQUEST, "Username and password are required");
        }
        return getProcessEngine().getIdentityService().checkPassword(basicUserCredentialsDto.getUsername(), basicUserCredentialsDto.getPassword()) ? AuthenticationResult.successful(basicUserCredentialsDto.getUsername()) : AuthenticationResult.unsuccessful(basicUserCredentialsDto.getUsername());
    }

    @Override // org.camunda.bpm.engine.rest.IdentityRestService
    public Response getPasswordPolicy() {
        if (!getProcessEngine().getProcessEngineConfiguration().isEnablePasswordPolicy()) {
            return Response.status(Response.Status.NOT_FOUND.getStatusCode()).build();
        }
        return Response.status(Response.Status.OK.getStatusCode()).entity(PasswordPolicyDto.fromPasswordPolicy(getProcessEngine().getIdentityService().getPasswordPolicy())).build();
    }

    @Override // org.camunda.bpm.engine.rest.IdentityRestService
    public Response checkPassword(PasswordPolicyRequestDto passwordPolicyRequestDto) {
        if (!getProcessEngine().getProcessEngineConfiguration().isEnablePasswordPolicy()) {
            return Response.status(Response.Status.NOT_FOUND.getStatusCode()).build();
        }
        IdentityService identityService = getProcessEngine().getIdentityService();
        User user = null;
        UserProfileDto profile = passwordPolicyRequestDto.getProfile();
        if (profile != null) {
            user = identityService.newUser(sanitizeUserId(profile.getId()));
            user.setFirstName(profile.getFirstName());
            user.setLastName(profile.getLastName());
            user.setEmail(profile.getEmail());
        }
        return Response.status(Response.Status.OK.getStatusCode()).entity(CheckPasswordPolicyResultDto.fromPasswordPolicyResult(identityService.checkPasswordAgainstPolicy(passwordPolicyRequestDto.getPassword(), user))).build();
    }

    protected String sanitizeUserId(String str) {
        return str != null ? str : "";
    }
}
