package org.camunda.bpm.webapp.impl.security.auth;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.Tenant;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.impl.util.ClockUtil;
import org.camunda.bpm.webapp.impl.WebappLogger;
import org.camunda.bpm.webapp.impl.security.filter.util.HttpSessionMutexListener;
import org.camunda.bpm.webapp.impl.util.ProcessEngineUtil;

/* loaded from: input_file:org/camunda/bpm/webapp/impl/security/auth/AuthenticationUtil.class */
public class AuthenticationUtil {
    protected static final String CAM_AUTH_SESSION_KEY = "authenticatedUser";
    public static final String APP_WELCOME = "welcome";
    protected static final WebappLogger LOGGER = WebappLogger.INSTANCE;
    public static final String[] APPS = {"cockpit", "tasklist", "admin"};

    public static UserAuthentication createAuthentication(String str, String str2) {
        return createAuthentication(str, str2, (List<String>) null, (List<String>) null);
    }

    public static UserAuthentication createAuthentication(ProcessEngine processEngine, String str) {
        return createAuthentication(processEngine, str, (List<String>) null, (List<String>) null);
    }

    public static UserAuthentication createAuthentication(String str, String str2, List<String> list, List<String> list2) {
        ProcessEngine lookupProcessEngine = ProcessEngineUtil.lookupProcessEngine(str);
        if (lookupProcessEngine == null) {
            throw LOGGER.invalidRequestEngineNotFoundForName(str);
        }
        return createAuthentication(lookupProcessEngine, str2, list, list2);
    }

    public static UserAuthentication createAuthentication(ProcessEngine processEngine, String str, List<String> list, List<String> list2) {
        String str2 = str;
        User user = (User) processEngine.getIdentityService().createUserQuery().userId(str).singleResult();
        if (user == null) {
            return null;
        }
        if (user.getId() != null && !user.getId().isEmpty()) {
            str2 = user.getId();
        }
        processEngine.getIdentityService().clearAuthentication();
        if (list == null) {
            list = getGroupsOfUser(processEngine, str2);
        }
        if (list2 == null) {
            list2 = getTenantsOfUser(processEngine, str2);
        }
        AuthorizationService authorizationService = processEngine.getAuthorizationService();
        HashSet hashSet = new HashSet();
        hashSet.add(APP_WELCOME);
        if (processEngine.getProcessEngineConfiguration().isAuthorizationEnabled()) {
            for (String str3 : APPS) {
                if (isAuthorizedForApp(authorizationService, str2, list, str3)) {
                    hashSet.add(str3);
                }
            }
        } else {
            Collections.addAll(hashSet, APPS);
        }
        UserAuthentication userAuthentication = new UserAuthentication(str2, processEngine.getName());
        userAuthentication.setGroupIds(list);
        userAuthentication.setTenantIds(list2);
        userAuthentication.setAuthorizedApps(hashSet);
        return userAuthentication;
    }

    public static List<String> getTenantsOfUser(ProcessEngine processEngine, String str) {
        List<Tenant> list = processEngine.getIdentityService().createTenantQuery().userMember(str).includingGroupsOfUser(true).list();
        ArrayList arrayList = new ArrayList();
        for (Tenant tenant : list) {
            if (tenant != null && tenant.getId() != null) {
                arrayList.add(tenant.getId());
            }
        }
        return arrayList;
    }

    public static List<String> getGroupsOfUser(ProcessEngine processEngine, String str) {
        List<Group> list = processEngine.getIdentityService().createGroupQuery().groupMember(str).list();
        ArrayList arrayList = new ArrayList();
        for (Group group : list) {
            if (group != null && group.getId() != null) {
                arrayList.add(group.getId());
            }
        }
        return arrayList;
    }

    protected static boolean isAuthorizedForApp(AuthorizationService authorizationService, String str, List<String> list, String str2) {
        return authorizationService.isUserAuthorized(str, list, Permissions.ACCESS, Resources.APPLICATION, str2);
    }

    public static Authentications getAuthsFromSession(HttpSession httpSession) {
        Authentications authentications = (Authentications) httpSession.getAttribute(CAM_AUTH_SESSION_KEY);
        if (authentications == null) {
            authentications = new Authentications();
            httpSession.setAttribute(CAM_AUTH_SESSION_KEY, authentications);
        }
        return authentications;
    }

    public static void revalidateSession(HttpServletRequest httpServletRequest, UserAuthentication userAuthentication) {
        HttpSession session = httpServletRequest.getSession();
        Authentications authsFromSession = getAuthsFromSession(session);
        session.invalidate();
        HttpSession session2 = httpServletRequest.getSession(true);
        if (userAuthentication != null) {
            authsFromSession.addOrReplace(userAuthentication);
            session2.setAttribute(CAM_AUTH_SESSION_KEY, authsFromSession);
        }
    }

    public static void updateSession(HttpSession httpSession, Authentications authentications) {
        if (httpSession != null) {
            httpSession.setAttribute(CAM_AUTH_SESSION_KEY, authentications);
        }
    }

    public static void updateCache(Authentications authentications, HttpSession httpSession, long j) {
        synchronized (getSessionMutex(httpSession)) {
            for (UserAuthentication userAuthentication : authentications.getAuthentications()) {
                Date cacheValidationTime = userAuthentication.getCacheValidationTime();
                if (cacheValidationTime == null || ClockUtil.getCurrentTime().after(cacheValidationTime)) {
                    String identityId = userAuthentication.getIdentityId();
                    String processEngineName = userAuthentication.getProcessEngineName();
                    UserAuthentication createAuthentication = createAuthentication(processEngineName, identityId);
                    if (createAuthentication != null) {
                        if (j > 0) {
                            Date date = new Date(ClockUtil.getCurrentTime().getTime() + j);
                            createAuthentication.setCacheValidationTime(date);
                            LOGGER.traceCacheValidationTimeUpdated(cacheValidationTime, date);
                        }
                        LOGGER.traceAuthenticationUpdated(processEngineName);
                        authentications.addOrReplace(createAuthentication);
                    } else {
                        authentications.removeByEngineName(processEngineName);
                        LOGGER.traceAuthenticationRemoved(processEngineName);
                    }
                }
            }
        }
    }

    protected static Object getSessionMutex(HttpSession httpSession) {
        Object attribute = httpSession.getAttribute(HttpSessionMutexListener.AUTH_TIME_SESSION_MUTEX);
        if (attribute == null) {
            attribute = httpSession;
        }
        return attribute;
    }
}
