package org.kie.server.services.jbpm.security;

import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import org.jbpm.services.task.identity.adapter.UserGroupAdapter;
import org.kie.server.services.impl.security.ElytronIdentityProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;

/* loaded from: input_file:org/kie/server/services/jbpm/security/ElytronUserGroupAdapter.class */
public class ElytronUserGroupAdapter implements UserGroupAdapter {
    private static final Logger logger = LoggerFactory.getLogger(ElytronUserGroupAdapter.class);
    private Class<?> authorizationFailureExceptionClass;

    public ElytronUserGroupAdapter() {
        this.authorizationFailureExceptionClass = null;
        try {
            this.authorizationFailureExceptionClass = Class.forName("org.wildfly.security.authz.AuthorizationFailureException");
        } catch (Exception e) {
            logger.info("Unable to find org.wildfly.security.authz.AuthorizationFailureException, disabling elytron adapter");
        }
    }

    protected boolean isActive() {
        return this.authorizationFailureExceptionClass != null;
    }

    public List<String> getGroupsForUser(String str) {
        String userName = getUserName();
        logger.debug("Identifier Elytron as {}", str);
        if (!isActive() || userName == null) {
            return new ArrayList();
        }
        if (str.equals(userName)) {
            logger.debug("User identified as {} but auth as {}", str, userName);
            return toPrincipalRoles(str);
        }
        try {
            if (runAsPrincipalExists(str)) {
                logger.debug("Executing run as {}", str);
                return toRunAsPrincipalRoles(str, true);
            }
        } catch (Exception e) {
            logger.debug("Run as {} failed", str);
            if (e.getClass().isAssignableFrom(this.authorizationFailureExceptionClass)) {
                logger.debug("Executing run as {} without authorization", str);
                return toRunAsPrincipalRoles(str, false);
            }
        }
        return new ArrayList();
    }

    public List<String> toPrincipalRoles(String str) {
        return toRoles(getCurrentSecurityIdentity().get());
    }

    public List<String> toRunAsPrincipalRoles(String str, boolean z) {
        return toRoles(getCurrentSecurityIdentity().get().createRunAsIdentity(str, z));
    }

    public String getUserName() {
        Optional<SecurityIdentity> currentSecurityIdentity = getCurrentSecurityIdentity();
        if (currentSecurityIdentity.isPresent()) {
            return currentSecurityIdentity.get().getPrincipal().getName();
        }
        return null;
    }

    public List<String> toRoles(SecurityIdentity securityIdentity) {
        return securityIdentity == null ? new ArrayList() : (List) StreamSupport.stream(securityIdentity.getRoles().spliterator(), false).collect(Collectors.toCollection(ArrayList::new));
    }

    public boolean runAsPrincipalExists(String str) throws RealmUnavailableException {
        if (!isActive() || !ElytronIdentityProvider.available()) {
            return false;
        }
        RealmIdentity realmIdentity = null;
        try {
            realmIdentity = SecurityDomain.getCurrent().getIdentity(str);
            boolean exists = realmIdentity.exists();
            if (realmIdentity != null) {
                realmIdentity.dispose();
            }
            return exists;
        } catch (Throwable th) {
            if (realmIdentity != null) {
                realmIdentity.dispose();
            }
            throw th;
        }
    }

    public Optional<SecurityIdentity> getCurrentSecurityIdentity() {
        return (isActive() && ElytronIdentityProvider.available()) ? Optional.ofNullable(SecurityDomain.getCurrent().getCurrentSecurityIdentity()) : Optional.empty();
    }
}
