package pro.taskana.common.internal.security;

import java.security.AccessController;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.security.auth.Subject;
import org.apache.ibatis.javassist.bytecode.Opcode;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.reflect.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pro.taskana.common.api.security.CurrentUserContext;
import pro.taskana.common.api.security.GroupPrincipal;
import pro.taskana.common.internal.logging.LoggingAspect;
import spinjar.com.fasterxml.jackson.annotation.JsonProperty;

/* loaded from: input_file:WEB-INF/lib/taskana-common-security-4.13.0.jar:pro/taskana/common/internal/security/CurrentUserContextImpl.class */
public class CurrentUserContextImpl implements CurrentUserContext {
    private static final String GET_UNIQUE_SECURITY_NAME_METHOD = "getUniqueSecurityName";
    private static final String GET_CALLER_SUBJECT_METHOD = "getCallerSubject";
    private static final String WSSUBJECT_CLASSNAME = "com.ibm.websphere.security.auth.WSSubject";
    private static final Logger LOGGER;
    private final boolean shouldUseLowerCaseForAccessIds;
    private boolean runningOnWebSphere;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_0;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_1;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_2;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_3;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_4;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_5;

    static {
        ajc$preClinit();
        LOGGER = LoggerFactory.getLogger((Class<?>) CurrentUserContextImpl.class);
    }

    public CurrentUserContextImpl(boolean z) {
        this.shouldUseLowerCaseForAccessIds = z;
        try {
            Class.forName(WSSUBJECT_CLASSNAME);
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("WSSubject detected. Assuming that Taskana runs on IBM WebSphere.");
            }
            this.runningOnWebSphere = true;
        } catch (ClassNotFoundException unused) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("No WSSubject detected. Using JAAS subject further on.");
            }
            this.runningOnWebSphere = false;
        }
    }

    @Override // pro.taskana.common.api.security.CurrentUserContext
    public String getUserid() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this);
        LoggingAspect.aspectOf().beforeMethodExecuted(makeJP);
        String userIdFromWsSubject = this.runningOnWebSphere ? getUserIdFromWsSubject() : getUserIdFromJaasSubject();
        String str = userIdFromWsSubject;
        LoggingAspect.aspectOf().afterMethodExecuted(makeJP, userIdFromWsSubject);
        return str;
    }

    @Override // pro.taskana.common.api.security.CurrentUserContext
    public List<String> getGroupIds() {
        List<String> emptyList;
        List<String> list;
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this);
        LoggingAspect.aspectOf().beforeMethodExecuted(makeJP);
        Subject subject = Subject.getSubject(AccessController.getContext());
        LOGGER.trace("Subject of caller: {}", subject);
        if (subject != null) {
            Set principals = subject.getPrincipals(GroupPrincipal.class);
            LOGGER.trace("Public groups of caller: {}", principals);
            emptyList = (List) principals.stream().map((v0) -> {
                return v0.getName();
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).map(this::convertAccessId).collect(Collectors.toList());
            list = emptyList;
        } else {
            LOGGER.trace("No groupIds found in subject!");
            emptyList = Collections.emptyList();
            list = emptyList;
        }
        LoggingAspect.aspectOf().afterMethodExecuted(makeJP, emptyList);
        return list;
    }

    @Override // pro.taskana.common.api.security.CurrentUserContext
    public List<String> getAccessIds() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this);
        LoggingAspect.aspectOf().beforeMethodExecuted(makeJP);
        ArrayList arrayList = new ArrayList(getGroupIds());
        arrayList.add(getUserid());
        LoggingAspect.aspectOf().afterMethodExecuted(makeJP, arrayList);
        return arrayList;
    }

    private String getUserIdFromWsSubject() {
        String str;
        String str2;
        Subject subject;
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_3, this, this);
        LoggingAspect.aspectOf().beforeMethodExecuted(makeJP);
        try {
            subject = (Subject) Class.forName(WSSUBJECT_CLASSNAME).getMethod(GET_CALLER_SUBJECT_METHOD, null).invoke(null, null);
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Subject of caller: {}", subject);
            }
        } catch (Exception unused) {
            LOGGER.warn("Could not get user from WSSubject. Going ahead unauthorized.");
        }
        if (subject != null) {
            Set<Object> publicCredentials = subject.getPublicCredentials();
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Public credentials of caller: {}", publicCredentials);
            }
            str = (String) publicCredentials.stream().map(obj -> {
                try {
                    return obj.getClass().getMethod(GET_UNIQUE_SECURITY_NAME_METHOD, null).invoke(obj, null);
                } catch (Exception e) {
                    throw new SecurityException("Could not retrieve principal", e);
                }
            }).peek(obj2 -> {
                LOGGER.debug("Returning the unique security name of first public credential: {}", obj2);
            }).map((v0) -> {
                return v0.toString();
            }).map(this::convertAccessId).findFirst().orElse(null);
            str2 = str;
            LoggingAspect.aspectOf().afterMethodExecuted(makeJP, str);
            return str2;
        }
        str = null;
        str2 = null;
        LoggingAspect.aspectOf().afterMethodExecuted(makeJP, str);
        return str2;
    }

    private String getUserIdFromJaasSubject() {
        String str;
        String str2;
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_4, this, this);
        LoggingAspect.aspectOf().beforeMethodExecuted(makeJP);
        Subject subject = Subject.getSubject(AccessController.getContext());
        LOGGER.trace("Subject of caller: {}", subject);
        if (subject != null) {
            Set<Principal> principals = subject.getPrincipals();
            LOGGER.trace("Public principals of caller: {}", principals);
            str = (String) principals.stream().filter(principal -> {
                return !(principal instanceof GroupPrincipal);
            }).map((v0) -> {
                return v0.getName();
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).map(this::convertAccessId).findFirst().orElse(null);
            str2 = str;
        } else {
            LOGGER.trace("No userId found in subject!");
            str = null;
            str2 = null;
        }
        LoggingAspect.aspectOf().afterMethodExecuted(makeJP, str);
        return str2;
    }

    private String convertAccessId(String str) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_5, this, this, str);
        LoggingAspect.aspectOf().beforeMethodExecuted(makeJP);
        String str2 = str;
        if (this.shouldUseLowerCaseForAccessIds) {
            str2 = str.toLowerCase();
        }
        LOGGER.trace("Found AccessId '{}'. Returning AccessId '{}' ", str, str2);
        String str3 = str2;
        LoggingAspect.aspectOf().afterMethodExecuted(makeJP, str3);
        return str3;
    }

    private static /* synthetic */ void ajc$preClinit() {
        Factory factory = new Factory("CurrentUserContextImpl.java", CurrentUserContextImpl.class);
        ajc$tjp_0 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "getUserid", "pro.taskana.common.internal.security.CurrentUserContextImpl", JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, "java.lang.String"), 46);
        ajc$tjp_1 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "getGroupIds", "pro.taskana.common.internal.security.CurrentUserContextImpl", JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, "java.util.List"), 51);
        ajc$tjp_2 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "getAccessIds", "pro.taskana.common.internal.security.CurrentUserContextImpl", JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, "java.util.List"), 68);
        ajc$tjp_3 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "getUserIdFromWsSubject", "pro.taskana.common.internal.security.CurrentUserContextImpl", JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, "java.lang.String"), 80);
        ajc$tjp_4 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "getUserIdFromJaasSubject", "pro.taskana.common.internal.security.CurrentUserContextImpl", JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, JsonProperty.USE_DEFAULT_NAME, "java.lang.String"), Opcode.LAND);
        ajc$tjp_5 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "convertAccessId", "pro.taskana.common.internal.security.CurrentUserContextImpl", "java.lang.String", "accessId", JsonProperty.USE_DEFAULT_NAME, "java.lang.String"), Opcode.I2B);
    }
}
