package io.camunda.operate.webapp.security.auth;

import io.camunda.operate.conditions.DatabaseInfo;
import io.camunda.operate.entities.UserEntity;
import io.camunda.operate.property.OperateProperties;
import io.camunda.operate.store.UserStore;
import io.camunda.operate.util.CollectionUtil;
import io.camunda.operate.webapp.rest.exception.NotFoundException;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.context.annotation.Profile;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Profile({"!ldap-auth & !sso-auth & !identity-auth & !auth-basic"})
@Configuration
@Primary
/* loaded from: input_file:io/camunda/operate/webapp/security/auth/OperateUserDetailsService.class */
public class OperateUserDetailsService implements UserDetailsService {
    private static final Logger LOGGER = LoggerFactory.getLogger(OperateUserDetailsService.class);
    private static final String READ_ONLY_USER = "view";
    private static final String ACT_USERNAME = "act";
    private static final String ACT_PASSWORD = "act";

    @Autowired
    private UserStore userStore;

    @Autowired
    private OperateProperties operateProperties;

    @Bean
    @Primary
    public PasswordEncoder getPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    public void initializeUsers() {
        if (needsToCreateUser()) {
            String userId = this.operateProperties.getUserId();
            if (!userExists(userId)) {
                addUserWith(userId, this.operateProperties.getDisplayName(), this.operateProperties.getPassword(), this.operateProperties.getRoles());
            }
            if (!userExists(READ_ONLY_USER)) {
                addUserWith(READ_ONLY_USER, READ_ONLY_USER, READ_ONLY_USER, List.of(Role.USER.name()));
            }
            if (userExists("act")) {
                return;
            }
            addUserWith("act", "act", "act", List.of(Role.OPERATOR.name()));
        }
    }

    private boolean needsToCreateUser() {
        return DatabaseInfo.isOpensearch() ? this.operateProperties.getOpensearch().isCreateSchema() : this.operateProperties.getElasticsearch().isCreateSchema();
    }

    private OperateUserDetailsService addUserWith(String str, String str2, String str3, List<String> list) {
        LOGGER.info("Create user in {} for userId {}", DatabaseInfo.getCurrent().getCode(), str);
        this.userStore.save(new UserEntity().setId(str).setUserId(str).setDisplayName(str2).setPassword(getPasswordEncoder().encode(str3)).setRoles(list));
        return this;
    }

    /* renamed from: loadUserByUsername, reason: merged with bridge method [inline-methods] */
    public User m70loadUserByUsername(String str) {
        try {
            UserEntity byId = this.userStore.getById(str);
            return new User(byId.getUserId(), byId.getDisplayName(), byId.getPassword(), CollectionUtil.map(byId.getRoles(), Role::fromString));
        } catch (NotFoundException e) {
            throw new UsernameNotFoundException(String.format("User with userId '%s' not found.", str), e);
        }
    }

    private boolean userExists(String str) {
        try {
            return this.userStore.getById(str) != null;
        } catch (Exception e) {
            return false;
        }
    }
}
