package org.apache.tomee.security.identitystore;

import jakarta.annotation.PostConstruct;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.security.enterprise.credential.Credential;
import jakarta.security.enterprise.credential.UsernamePasswordCredential;
import jakarta.security.enterprise.identitystore.CredentialValidationResult;
import jakarta.security.enterprise.identitystore.IdentityStore;
import jakarta.security.enterprise.identitystore.IdentityStorePermission;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.function.Supplier;
import org.apache.catalina.User;
import org.apache.catalina.UserDatabase;
import org.apache.catalina.core.StandardServer;
import org.apache.tomee.loader.TomcatHelper;
import org.apache.tomee.security.cdi.TomcatUserIdentityStoreDefinition;

@ApplicationScoped
/* loaded from: input_file:lib/tomee-security-9.1.3.jar:org/apache/tomee/security/identitystore/TomEEDefaultIdentityStore.class */
public class TomEEDefaultIdentityStore implements IdentityStore {

    @Inject
    private Supplier<TomcatUserIdentityStoreDefinition> definitionSupplier;
    private TomcatUserIdentityStoreDefinition definition;
    private UserDatabase userDatabase;

    @PostConstruct
    private void init() throws Exception {
        this.definition = this.definitionSupplier.get();
        StandardServer server = TomcatHelper.getServer();
        this.userDatabase = (UserDatabase) server.getGlobalNamingContext().lookup(server.getGlobalNamingResources().findResource(this.definition.resource()).getName());
    }

    @Override // jakarta.security.enterprise.identitystore.IdentityStore
    public CredentialValidationResult validate(Credential credential) {
        if (!(credential instanceof UsernamePasswordCredential)) {
            return CredentialValidationResult.NOT_VALIDATED_RESULT;
        }
        UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
        User user = getUser(usernamePasswordCredential.getCaller());
        if (user == null) {
            return CredentialValidationResult.INVALID_RESULT;
        }
        if (!user.getPassword().equals(usernamePasswordCredential.getPasswordAsString())) {
            return CredentialValidationResult.NOT_VALIDATED_RESULT;
        }
        Set emptySet = Collections.emptySet();
        if (validationTypes().contains(IdentityStore.ValidationType.PROVIDE_GROUPS)) {
            emptySet = new HashSet(getUserRoles(user));
        }
        return new CredentialValidationResult(usernamePasswordCredential.getCaller(), (Set<String>) emptySet);
    }

    private User getUser(String str) {
        return this.userDatabase.findUser(str);
    }

    @Override // jakarta.security.enterprise.identitystore.IdentityStore
    public Set<String> getCallerGroups(CredentialValidationResult credentialValidationResult) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new IdentityStorePermission("getGroups"));
        }
        return getUserRoles(getUser(credentialValidationResult.getCallerPrincipal().getName()));
    }

    private Set<String> getUserRoles(User user) {
        if (user == null) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        user.getRoles().forEachRemaining(role -> {
            hashSet.add(role.getRolename());
        });
        return hashSet;
    }
}
