package org.apache.syncope.core.workflow;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javassist.NotFoundException;
import javax.annotation.Resource;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
import org.activiti.engine.ActivitiException;
import org.activiti.engine.FormService;
import org.activiti.engine.HistoryService;
import org.activiti.engine.RepositoryService;
import org.activiti.engine.RuntimeService;
import org.activiti.engine.TaskService;
import org.activiti.engine.form.FormProperty;
import org.activiti.engine.form.FormType;
import org.activiti.engine.form.TaskFormData;
import org.activiti.engine.history.HistoricActivityInstance;
import org.activiti.engine.repository.ProcessDefinition;
import org.activiti.engine.runtime.ProcessInstance;
import org.activiti.engine.task.Task;
import org.apache.batik.util.SVGConstants;
import org.apache.commons.collections.keyvalue.DefaultMapEntry;
import org.apache.commons.lang.StringUtils;
import org.apache.syncope.client.mod.UserMod;
import org.apache.syncope.client.to.UserTO;
import org.apache.syncope.client.to.WorkflowDefinitionTO;
import org.apache.syncope.client.to.WorkflowFormPropertyTO;
import org.apache.syncope.client.to.WorkflowFormTO;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.propagation.PropagationByResource;
import org.apache.syncope.core.rest.controller.UnauthorizedRoleException;
import org.apache.syncope.types.PropagationOperation;
import org.apache.syncope.types.WorkflowFormPropertyType;
import org.identityconnectors.common.security.EncryptorFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.transaction.annotation.Transactional;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/classes/org/apache/syncope/core/workflow/ActivitiUserWorkflowAdapter.class */
public class ActivitiUserWorkflowAdapter extends AbstractUserWorkflowAdapter {
    private static final Logger LOG = LoggerFactory.getLogger(ActivitiUserWorkflowAdapter.class);
    private static final String[] PROPERTY_IGNORE_PROPS = {"type"};
    public static final String WF_PROCESS_ID = "userWorkflow";
    public static final String WF_PROCESS_RESOURCE = "userWorkflow.bpmn20.xml";
    public static final String SYNCOPE_USER = "syncopeUser";
    public static final String USER_TO = "userTO";
    public static final String ENABLED = "enabled";
    public static final String USER_MOD = "userMod";
    public static final String EMAIL_KIND = "emailKind";
    public static final String TASK = "task";
    public static final String TOKEN = "token";
    public static final String PROP_BY_RESOURCE = "propByResource";
    public static final String PROPAGATE_ENABLE = "propagateEnable";
    public static final String ENCRYPTED_PWD = "encryptedPwd";

    @Resource(name = "adminUser")
    private String adminUser;

    @Autowired
    private RuntimeService runtimeService;

    @Autowired
    private TaskService taskService;

    @Autowired
    private FormService formService;

    @Autowired
    private HistoryService historyService;

    @Autowired
    private RepositoryService repositoryService;

    private void updateStatus(SyncopeUser syncopeUser) {
        List<Task> list = this.taskService.createTaskQuery().processInstanceId(syncopeUser.getWorkflowId()).list();
        if (list.isEmpty() || list.size() > 1) {
            LOG.warn("While setting user status: unexpected task number ({})", Integer.valueOf(list.size()));
        } else {
            syncopeUser.setStatus(list.get(0).getTaskDefinitionKey());
        }
    }

    private boolean waitingForForm(SyncopeUser syncopeUser) {
        boolean z;
        boolean z2 = false;
        List<Task> list = this.taskService.createTaskQuery().processInstanceId(syncopeUser.getWorkflowId()).list();
        if (list.isEmpty() || list.size() > 1) {
            LOG.warn("While checking if form task: unexpected task number ({})", Integer.valueOf(list.size()));
        } else {
            try {
                TaskFormData taskFormData = this.formService.getTaskFormData(list.get(0).getId());
                if (taskFormData != null) {
                    if (!taskFormData.getFormProperties().isEmpty()) {
                        z = true;
                        z2 = z;
                    }
                }
                z = false;
                z2 = z;
            } catch (ActivitiException e) {
                LOG.warn("Could not get task form data", (Throwable) e);
            }
        }
        return z2;
    }

    private Set<String> getPerformedTasks(SyncopeUser syncopeUser) {
        HashSet hashSet = new HashSet();
        Iterator<HistoricActivityInstance> it = this.historyService.createHistoricActivityInstanceQuery().executionId(syncopeUser.getWorkflowId()).list().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getActivityId());
        }
        return hashSet;
    }

    private String encrypt(String str) {
        return new String(Base64.encode(EncryptorFactory.getInstance().getDefaultEncryptor().encrypt(str.getBytes())));
    }

    private String decrypt(String str) {
        return new String(EncryptorFactory.getInstance().getDefaultEncryptor().decrypt(Base64.decode(str.getBytes())));
    }

    @Override // org.apache.syncope.core.workflow.UserWorkflowAdapter
    public WorkflowResult<Map.Entry<Long, Boolean>> create(UserTO userTO, boolean z) throws WorkflowException {
        return create(userTO, z, null);
    }

    @Override // org.apache.syncope.core.workflow.UserWorkflowAdapter
    public WorkflowResult<Map.Entry<Long, Boolean>> create(UserTO userTO, boolean z, Boolean bool) throws WorkflowException {
        HashMap hashMap = new HashMap();
        hashMap.put(USER_TO, userTO);
        hashMap.put("enabled", bool);
        try {
            ProcessInstance startProcessInstanceByKey = this.runtimeService.startProcessInstanceByKey(WF_PROCESS_ID, hashMap);
            SyncopeUser syncopeUser = (SyncopeUser) this.runtimeService.getVariable(startProcessInstanceByKey.getProcessInstanceId(), SYNCOPE_USER);
            if (z) {
                syncopeUser.removeClearPassword();
            }
            updateStatus(syncopeUser);
            SyncopeUser save = this.userDAO.save(syncopeUser);
            Boolean bool2 = (Boolean) this.runtimeService.getVariable(startProcessInstanceByKey.getProcessInstanceId(), PROPAGATE_ENABLE);
            if (bool2 == null) {
                bool2 = bool;
            }
            PropagationByResource propagationByResource = new PropagationByResource();
            propagationByResource.set(PropagationOperation.CREATE, save.getResourceNames());
            if (waitingForForm(save)) {
                this.runtimeService.setVariable(startProcessInstanceByKey.getProcessInstanceId(), PROP_BY_RESOURCE, propagationByResource);
                propagationByResource = null;
                if (StringUtils.isNotBlank(userTO.getPassword())) {
                    this.runtimeService.setVariable(startProcessInstanceByKey.getProcessInstanceId(), ENCRYPTED_PWD, encrypt(userTO.getPassword()));
                }
            }
            return new WorkflowResult<>(new DefaultMapEntry(save.getId(), bool2), propagationByResource, getPerformedTasks(save));
        } catch (ActivitiException e) {
            throw new WorkflowException(e);
        }
    }

    private Set<String> doExecuteTask(SyncopeUser syncopeUser, String str, Map<String, Object> map) throws WorkflowException {
        Set<String> performedTasks = getPerformedTasks(syncopeUser);
        HashMap hashMap = new HashMap();
        hashMap.put(SYNCOPE_USER, syncopeUser);
        hashMap.put("task", str);
        if (map != null && !map.isEmpty()) {
            hashMap.putAll(map);
        }
        if (StringUtils.isBlank(syncopeUser.getWorkflowId())) {
            throw new WorkflowException(new NotFoundException("Empty workflow id"));
        }
        List<Task> list = this.taskService.createTaskQuery().processInstanceId(syncopeUser.getWorkflowId()).list();
        if (list.size() != 1) {
            LOG.warn("Expected a single task, found {}", Integer.valueOf(list.size()));
        } else {
            try {
                this.taskService.complete(list.get(0).getId(), hashMap);
            } catch (ActivitiException e) {
                throw new WorkflowException(e);
            }
        }
        Set<String> performedTasks2 = getPerformedTasks(syncopeUser);
        performedTasks2.removeAll(performedTasks);
        performedTasks2.add(str);
        return performedTasks2;
    }

    @Override // org.apache.syncope.core.workflow.AbstractUserWorkflowAdapter
    protected WorkflowResult<Long> doActivate(SyncopeUser syncopeUser, String str) throws WorkflowException {
        Set<String> doExecuteTask = doExecuteTask(syncopeUser, "activate", Collections.singletonMap(TOKEN, str));
        updateStatus(syncopeUser);
        return new WorkflowResult<>(this.userDAO.save(syncopeUser).getId(), (PropagationByResource) null, doExecuteTask);
    }

    @Override // org.apache.syncope.core.workflow.AbstractUserWorkflowAdapter
    protected WorkflowResult<Map.Entry<Long, Boolean>> doUpdate(SyncopeUser syncopeUser, UserMod userMod) throws WorkflowException {
        Set<String> doExecuteTask = doExecuteTask(syncopeUser, "update", Collections.singletonMap(USER_MOD, userMod));
        updateStatus(syncopeUser);
        SyncopeUser save = this.userDAO.save(syncopeUser);
        PropagationByResource propagationByResource = (PropagationByResource) this.runtimeService.getVariable(syncopeUser.getWorkflowId(), PROP_BY_RESOURCE);
        if (waitingForForm(syncopeUser) && StringUtils.isNotBlank(userMod.getPassword())) {
            this.runtimeService.setVariable(syncopeUser.getWorkflowId(), ENCRYPTED_PWD, encrypt(userMod.getPassword()));
        }
        return new WorkflowResult<>(new DefaultMapEntry(save.getId(), (Boolean) this.runtimeService.getVariable(syncopeUser.getWorkflowId(), PROPAGATE_ENABLE)), propagationByResource, doExecuteTask);
    }

    @Override // org.apache.syncope.core.workflow.AbstractUserWorkflowAdapter
    @Transactional(rollbackFor = {Throwable.class})
    protected WorkflowResult<Long> doSuspend(SyncopeUser syncopeUser) throws WorkflowException {
        Set<String> doExecuteTask = doExecuteTask(syncopeUser, "suspend", null);
        updateStatus(syncopeUser);
        return new WorkflowResult<>(this.userDAO.save(syncopeUser).getId(), (PropagationByResource) null, doExecuteTask);
    }

    @Override // org.apache.syncope.core.workflow.AbstractUserWorkflowAdapter
    protected WorkflowResult<Long> doReactivate(SyncopeUser syncopeUser) throws WorkflowException {
        Set<String> doExecuteTask = doExecuteTask(syncopeUser, "reactivate", null);
        updateStatus(syncopeUser);
        return new WorkflowResult<>(this.userDAO.save(syncopeUser).getId(), (PropagationByResource) null, doExecuteTask);
    }

    @Override // org.apache.syncope.core.workflow.AbstractUserWorkflowAdapter
    protected void doDelete(SyncopeUser syncopeUser) throws WorkflowException {
        doExecuteTask(syncopeUser, "delete", null);
        this.userDAO.delete(syncopeUser);
    }

    @Override // org.apache.syncope.core.workflow.UserWorkflowAdapter
    public WorkflowResult<Long> execute(UserTO userTO, String str) throws UnauthorizedRoleException, NotFoundException, WorkflowException {
        SyncopeUser userFromId = this.dataBinder.getUserFromId(Long.valueOf(userTO.getId()));
        HashMap hashMap = new HashMap();
        hashMap.put(USER_TO, userTO);
        Set<String> doExecuteTask = doExecuteTask(userFromId, str, hashMap);
        updateStatus(userFromId);
        return new WorkflowResult<>(this.userDAO.save(userFromId).getId(), (PropagationByResource) null, doExecuteTask);
    }

    @Override // org.apache.syncope.core.workflow.UserWorkflowAdapter
    public WorkflowDefinitionTO getDefinition() throws WorkflowException {
        try {
            ProcessDefinition singleResult = this.repositoryService.createProcessDefinitionQuery().processDefinitionKey(WF_PROCESS_ID).latestVersion().singleResult();
            InputStream resourceAsStream = this.repositoryService.getResourceAsStream(singleResult.getDeploymentId(), WF_PROCESS_RESOURCE);
            BufferedReader bufferedReader = null;
            StringWriter stringWriter = new StringWriter();
            try {
                try {
                    bufferedReader = new BufferedReader(new InputStreamReader(resourceAsStream));
                    char[] cArr = new char[1024];
                    while (true) {
                        int read = bufferedReader.read(cArr);
                        if (read == -1) {
                            break;
                        }
                        stringWriter.write(cArr, 0, read);
                    }
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e) {
                            LOG.error("While closing input stream for {}", singleResult.getKey(), e);
                        }
                    }
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                } catch (Throwable th) {
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e2) {
                            LOG.error("While closing input stream for {}", singleResult.getKey(), e2);
                            throw th;
                        }
                    }
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    throw th;
                }
            } catch (IOException e3) {
                LOG.error("While reading workflow definition {}", singleResult.getKey(), e3);
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e4) {
                        LOG.error("While closing input stream for {}", singleResult.getKey(), e4);
                    }
                }
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
            }
            WorkflowDefinitionTO workflowDefinitionTO = new WorkflowDefinitionTO();
            workflowDefinitionTO.setId(WF_PROCESS_ID);
            workflowDefinitionTO.setXmlDefinition(stringWriter.toString());
            return workflowDefinitionTO;
        } catch (ActivitiException e5) {
            throw new WorkflowException(e5);
        }
    }

    @Override // org.apache.syncope.core.workflow.UserWorkflowAdapter
    public void updateDefinition(WorkflowDefinitionTO workflowDefinitionTO) throws NotFoundException, WorkflowException {
        if (!WF_PROCESS_ID.equals(workflowDefinitionTO.getId())) {
            throw new NotFoundException("Workflow process id " + workflowDefinitionTO.getId());
        }
        try {
            this.repositoryService.createDeployment().addInputStream(WF_PROCESS_RESOURCE, new ByteArrayInputStream(workflowDefinitionTO.getXmlDefinition().getBytes())).deploy();
        } catch (ActivitiException e) {
            throw new WorkflowException(e);
        }
    }

    @Override // org.apache.syncope.core.workflow.UserWorkflowAdapter
    public List<String> getDefinedTasks() throws WorkflowException {
        ArrayList arrayList = new ArrayList();
        try {
            ProcessDefinition singleResult = this.repositoryService.createProcessDefinitionQuery().processDefinitionKey(WF_PROCESS_ID).latestVersion().singleResult();
            InputStream resourceAsStream = this.repositoryService.getResourceAsStream(singleResult.getDeploymentId(), WF_PROCESS_RESOURCE);
            try {
                try {
                    NodeList nodeList = (NodeList) XPathFactory.newInstance().newXPath().evaluate("//userTask | //serviceTask | //scriptTask", DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(resourceAsStream), XPathConstants.NODESET);
                    for (int i = 0; i < nodeList.getLength(); i++) {
                        arrayList.add(nodeList.item(i).getAttributes().getNamedItem("id").getNodeValue());
                    }
                    return arrayList;
                } finally {
                    try {
                        resourceAsStream.close();
                    } catch (IOException e) {
                        LOG.error("While closing input stream for {}", singleResult.getKey(), e);
                    }
                }
            } catch (Exception e2) {
                throw new WorkflowException(e2);
            }
        } catch (ActivitiException e3) {
            throw new WorkflowException(e3);
        }
    }

    private WorkflowFormPropertyType fromActivitiFormType(FormType formType) {
        WorkflowFormPropertyType workflowFormPropertyType = WorkflowFormPropertyType.String;
        if (SVGConstants.SVG_STRING_ATTRIBUTE.equals(formType.getName())) {
            workflowFormPropertyType = WorkflowFormPropertyType.String;
        }
        if ("long".equals(formType.getName())) {
            workflowFormPropertyType = WorkflowFormPropertyType.Long;
        }
        if ("enum".equals(formType.getName())) {
            workflowFormPropertyType = WorkflowFormPropertyType.Enum;
        }
        if ("date".equals(formType.getName())) {
            workflowFormPropertyType = WorkflowFormPropertyType.Date;
        }
        if ("boolean".equals(formType.getName())) {
            workflowFormPropertyType = WorkflowFormPropertyType.Boolean;
        }
        return workflowFormPropertyType;
    }

    private WorkflowFormTO getFormTO(Task task, TaskFormData taskFormData) {
        WorkflowFormTO workflowFormTO = new WorkflowFormTO();
        workflowFormTO.setTaskId(task.getId());
        workflowFormTO.setKey(taskFormData.getFormKey());
        BeanUtils.copyProperties(task, workflowFormTO);
        for (FormProperty formProperty : taskFormData.getFormProperties()) {
            WorkflowFormPropertyTO workflowFormPropertyTO = new WorkflowFormPropertyTO();
            BeanUtils.copyProperties(formProperty, workflowFormPropertyTO, PROPERTY_IGNORE_PROPS);
            workflowFormPropertyTO.setType(fromActivitiFormType(formProperty.getType()));
            if (workflowFormPropertyTO.getType() == WorkflowFormPropertyType.Date) {
                workflowFormPropertyTO.setDatePattern((String) formProperty.getType().getInformation("datePattern"));
            }
            if (workflowFormPropertyTO.getType() == WorkflowFormPropertyType.Enum) {
                workflowFormPropertyTO.setEnumValues((Map) formProperty.getType().getInformation("values"));
            }
            workflowFormTO.addProperty(workflowFormPropertyTO);
        }
        return workflowFormTO;
    }

    @Override // org.apache.syncope.core.workflow.UserWorkflowAdapter
    public List<WorkflowFormTO> getForms() {
        TaskFormData taskFormData;
        ArrayList arrayList = new ArrayList();
        for (Task task : this.taskService.createTaskQuery().list()) {
            try {
                taskFormData = this.formService.getTaskFormData(task.getId());
            } catch (ActivitiException e) {
                LOG.debug("No form found for task {}", task.getId(), e);
                taskFormData = null;
            }
            if (taskFormData != null && !taskFormData.getFormProperties().isEmpty()) {
                arrayList.add(getFormTO(task, taskFormData));
            }
        }
        return arrayList;
    }

    @Override // org.apache.syncope.core.workflow.UserWorkflowAdapter
    public WorkflowFormTO getForm(String str) throws NotFoundException, WorkflowException {
        TaskFormData taskFormData;
        try {
            Task singleResult = this.taskService.createTaskQuery().processInstanceId(str).singleResult();
            try {
                taskFormData = this.formService.getTaskFormData(singleResult.getId());
            } catch (ActivitiException e) {
                LOG.debug("No form found for task {}", singleResult.getId(), e);
                taskFormData = null;
            }
            WorkflowFormTO workflowFormTO = null;
            if (taskFormData != null && !taskFormData.getFormProperties().isEmpty()) {
                workflowFormTO = getFormTO(singleResult, taskFormData);
            }
            return workflowFormTO;
        } catch (ActivitiException e2) {
            throw new WorkflowException(e2);
        }
    }

    private Map.Entry<Task, TaskFormData> checkTask(String str, String str2) throws NotFoundException {
        try {
            Task singleResult = this.taskService.createTaskQuery().taskId(str).singleResult();
            try {
                TaskFormData taskFormData = this.formService.getTaskFormData(singleResult.getId());
                if (this.adminUser.equals(str2) || this.userDAO.find(str2) != null) {
                    return new DefaultMapEntry(singleResult, taskFormData);
                }
                throw new NotFoundException("Syncope User " + str2);
            } catch (ActivitiException e) {
                throw new NotFoundException("Form for Activiti Task " + str, e);
            }
        } catch (ActivitiException e2) {
            throw new NotFoundException("Activiti Task " + str, e2);
        }
    }

    @Override // org.apache.syncope.core.workflow.UserWorkflowAdapter
    public WorkflowFormTO claimForm(String str, String str2) throws NotFoundException, WorkflowException {
        Map.Entry<Task, TaskFormData> checkTask = checkTask(str, str2);
        if (!this.adminUser.equals(str2) && this.taskService.createTaskQuery().taskId(str).taskCandidateUser(str2).list().isEmpty()) {
            throw new WorkflowException(new RuntimeException(str2 + " is not candidate for task " + str));
        }
        try {
            this.taskService.setOwner(str, str2);
            return getFormTO(this.taskService.createTaskQuery().taskId(str).singleResult(), checkTask.getValue());
        } catch (ActivitiException e) {
            throw new WorkflowException(e);
        }
    }

    @Override // org.apache.syncope.core.workflow.UserWorkflowAdapter
    public WorkflowResult<Map.Entry<Long, String>> submitForm(WorkflowFormTO workflowFormTO, String str) throws NotFoundException, WorkflowException {
        Map.Entry<Task, TaskFormData> checkTask = checkTask(workflowFormTO.getTaskId(), str);
        if (!checkTask.getKey().getOwner().equals(str)) {
            throw new WorkflowException(new RuntimeException("Task " + workflowFormTO.getTaskId() + " assigned to " + checkTask.getKey().getOwner() + " but submited by " + str));
        }
        SyncopeUser findByWorkflowId = this.userDAO.findByWorkflowId(checkTask.getKey().getProcessInstanceId());
        if (findByWorkflowId == null) {
            throw new NotFoundException("User with workflow id " + checkTask.getKey().getProcessInstanceId());
        }
        Set<String> performedTasks = getPerformedTasks(findByWorkflowId);
        try {
            this.formService.submitTaskFormData(workflowFormTO.getTaskId(), workflowFormTO.getPropertiesForSubmit());
            Set<String> performedTasks2 = getPerformedTasks(findByWorkflowId);
            performedTasks2.removeAll(performedTasks);
            performedTasks2.add(workflowFormTO.getTaskId());
            updateStatus(findByWorkflowId);
            SyncopeUser save = this.userDAO.save(findByWorkflowId);
            PropagationByResource propagationByResource = (PropagationByResource) this.runtimeService.getVariable(findByWorkflowId.getWorkflowId(), PROP_BY_RESOURCE);
            String str2 = null;
            String str3 = (String) this.runtimeService.getVariable(findByWorkflowId.getWorkflowId(), ENCRYPTED_PWD);
            if (StringUtils.isNotBlank(str3)) {
                str2 = decrypt(str3);
            }
            return new WorkflowResult<>(new DefaultMapEntry(save.getId(), str2), propagationByResource, performedTasks2);
        } catch (ActivitiException e) {
            throw new WorkflowException(e);
        }
    }
}
