package pro.taskana.common.internal.security;

import java.security.AccessController;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.security.auth.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pro.taskana.common.api.security.CurrentUserContext;
import pro.taskana.common.api.security.GroupPrincipal;

/* loaded from: input_file:WEB-INF/lib/taskana-common-security-4.5.0.jar:pro/taskana/common/internal/security/CurrentUserContextImpl.class */
public class CurrentUserContextImpl implements CurrentUserContext {
    private static final String GET_UNIQUE_SECURITY_NAME_METHOD = "getUniqueSecurityName";
    private static final String GET_CALLER_SUBJECT_METHOD = "getCallerSubject";
    private static final String WSSUBJECT_CLASSNAME = "com.ibm.websphere.security.auth.WSSubject";
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CurrentUserContext.class);
    private final boolean shouldUseLowerCaseForAccessIds;
    private boolean runningOnWebSphere;

    public CurrentUserContextImpl(boolean z) {
        this.shouldUseLowerCaseForAccessIds = z;
        try {
            Class.forName(WSSUBJECT_CLASSNAME);
            LOGGER.debug("WSSubject detected. Assuming that Taskana runs on IBM WebSphere.");
            this.runningOnWebSphere = true;
        } catch (ClassNotFoundException e) {
            LOGGER.debug("No WSSubject detected. Using JAAS subject further on.");
            this.runningOnWebSphere = false;
        }
    }

    @Override // pro.taskana.common.api.security.CurrentUserContext
    public String getUserid() {
        return this.runningOnWebSphere ? getUserIdFromWsSubject() : getUserIdFromJaasSubject();
    }

    @Override // pro.taskana.common.api.security.CurrentUserContext
    public List<String> getGroupIds() {
        Subject subject = Subject.getSubject(AccessController.getContext());
        LOGGER.trace("Subject of caller: {}", subject);
        if (subject == null) {
            LOGGER.trace("No groupIds found in subject!");
            return Collections.emptyList();
        }
        Set principals = subject.getPrincipals(GroupPrincipal.class);
        LOGGER.trace("Public groups of caller: {}", principals);
        return (List) principals.stream().map((v0) -> {
            return v0.getName();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(this::convertAccessId).collect(Collectors.toList());
    }

    @Override // pro.taskana.common.api.security.CurrentUserContext
    public List<String> getAccessIds() {
        ArrayList arrayList = new ArrayList(getGroupIds());
        arrayList.add(getUserid());
        return arrayList;
    }

    private String getUserIdFromWsSubject() {
        try {
            Subject subject = (Subject) Class.forName(WSSUBJECT_CLASSNAME).getMethod(GET_CALLER_SUBJECT_METHOD, (Class[]) null).invoke(null, (Object[]) null);
            LOGGER.debug("Subject of caller: {}", subject);
            if (subject == null) {
                return null;
            }
            Set<Object> publicCredentials = subject.getPublicCredentials();
            LOGGER.debug("Public credentials of caller: {}", publicCredentials);
            return (String) publicCredentials.stream().map(obj -> {
                try {
                    return obj.getClass().getMethod(GET_UNIQUE_SECURITY_NAME_METHOD, (Class[]) null).invoke(obj, (Object[]) null);
                } catch (Exception e) {
                    throw new SecurityException("Could not retrieve principal", e);
                }
            }).peek(obj2 -> {
                LOGGER.debug("Returning the unique security name of first public credential: {}", obj2);
            }).map((v0) -> {
                return v0.toString();
            }).map(this::convertAccessId).findFirst().orElse(null);
        } catch (Exception e) {
            LOGGER.warn("Could not get user from WSSubject. Going ahead unauthorized.");
            return null;
        }
    }

    private String getUserIdFromJaasSubject() {
        Subject subject = Subject.getSubject(AccessController.getContext());
        LOGGER.trace("Subject of caller: {}", subject);
        if (subject == null) {
            LOGGER.trace("No userId found in subject!");
            return null;
        }
        Set<Principal> principals = subject.getPrincipals();
        LOGGER.trace("Public principals of caller: {}", principals);
        return (String) principals.stream().filter(principal -> {
            return !(principal instanceof GroupPrincipal);
        }).map((v0) -> {
            return v0.getName();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(this::convertAccessId).findFirst().orElse(null);
    }

    private String convertAccessId(String str) {
        String str2 = str;
        if (this.shouldUseLowerCaseForAccessIds) {
            str2 = str.toLowerCase();
        }
        LOGGER.trace("Found AccessId '{}'. Returning AccessId '{}' ", str, str2);
        return str2;
    }
}
