package io.camunda.zeebe.engine.processing.user;

import io.camunda.security.configuration.SecurityConfiguration;
import io.camunda.zeebe.engine.Loggers;
import io.camunda.zeebe.protocol.impl.record.value.authorization.IdentitySetupRecord;
import io.camunda.zeebe.protocol.impl.record.value.authorization.MappingRecord;
import io.camunda.zeebe.protocol.impl.record.value.authorization.RoleRecord;
import io.camunda.zeebe.protocol.impl.record.value.tenant.TenantRecord;
import io.camunda.zeebe.protocol.impl.record.value.user.UserRecord;
import io.camunda.zeebe.protocol.record.intent.IdentitySetupIntent;
import io.camunda.zeebe.protocol.record.value.UserType;
import io.camunda.zeebe.stream.api.ReadonlyStreamProcessorContext;
import io.camunda.zeebe.stream.api.StreamProcessorLifecycleAware;
import io.camunda.zeebe.stream.api.scheduling.Task;
import io.camunda.zeebe.stream.api.scheduling.TaskResult;
import io.camunda.zeebe.stream.api.scheduling.TaskResultBuilder;
import org.slf4j.Logger;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;

/* loaded from: input_file:io/camunda/zeebe/engine/processing/user/IdentitySetupInitializer.class */
public final class IdentitySetupInitializer implements StreamProcessorLifecycleAware, Task {
    public static final String DEFAULT_ROLE_NAME = "Admin";
    public static final String DEFAULT_TENANT_ID = "<default>";
    public static final String DEFAULT_TENANT_NAME = "Default";
    private static final Logger LOG = Loggers.PROCESS_PROCESSOR_LOGGER;
    private final SecurityConfiguration securityConfig;
    private final PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();

    public IdentitySetupInitializer(SecurityConfiguration securityConfiguration) {
        this.securityConfig = securityConfiguration;
    }

    @Override // io.camunda.zeebe.stream.api.StreamProcessorLifecycleAware
    public void onRecovered(ReadonlyStreamProcessorContext readonlyStreamProcessorContext) {
        if (readonlyStreamProcessorContext.getPartitionId() != 1) {
            LOG.debug("Skipping identity setup on partition {} as it is not the deployment partition", Integer.valueOf(readonlyStreamProcessorContext.getPartitionId()));
        } else {
            readonlyStreamProcessorContext.getScheduleService().runAtAsync(0L, this);
        }
    }

    @Override // io.camunda.zeebe.stream.api.scheduling.Task
    public TaskResult execute(TaskResultBuilder taskResultBuilder) {
        IdentitySetupRecord identitySetupRecord = new IdentitySetupRecord();
        identitySetupRecord.setDefaultRole(new RoleRecord().setName(DEFAULT_ROLE_NAME));
        this.securityConfig.getInitialization().getUsers().forEach(configuredUser -> {
            identitySetupRecord.addUser(new UserRecord().setUsername(configuredUser.getUsername()).setName(configuredUser.getName()).setEmail(configuredUser.getEmail()).setPassword(this.passwordEncoder.encode(configuredUser.getPassword())).setUserType(UserType.DEFAULT));
        });
        identitySetupRecord.setDefaultTenant(new TenantRecord().setTenantId("<default>").setName("Default"));
        this.securityConfig.getInitialization().getMappings().forEach(configuredMapping -> {
            identitySetupRecord.addMapping(new MappingRecord().setClaimName(configuredMapping.getClaimName()).setClaimValue(configuredMapping.getClaimValue()));
        });
        taskResultBuilder.appendCommandRecord(IdentitySetupIntent.INITIALIZE, identitySetupRecord);
        return taskResultBuilder.build();
    }
}
