package org.camunda.bpm.spring.boot.starter.configuration.impl.custom;

import java.util.Collections;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.PostConstruct;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.authorization.Groups;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity;
import org.camunda.bpm.spring.boot.starter.configuration.impl.AbstractCamundaConfiguration;
import org.springframework.beans.BeanUtils;

/* loaded from: input_file:BOOT-INF/lib/camunda-bpm-spring-boot-starter-3.3.10.jar:org/camunda/bpm/spring/boot/starter/configuration/impl/custom/CreateAdminUserConfiguration.class */
public class CreateAdminUserConfiguration extends AbstractCamundaConfiguration {
    private User adminUser;

    @PostConstruct
    void init() {
        this.adminUser = (User) Optional.ofNullable(this.camundaBpmProperties.getAdminUser()).map((v0) -> {
            return v0.init();
        }).orElseThrow(fail("adminUser not configured!"));
    }

    @Override // org.camunda.bpm.spring.boot.starter.util.SpringBootProcessEnginePlugin, org.camunda.bpm.engine.impl.cfg.AbstractProcessEnginePlugin, org.camunda.bpm.engine.impl.cfg.ProcessEnginePlugin
    public void postProcessEngineBuild(ProcessEngine processEngine) {
        Objects.requireNonNull(this.adminUser);
        IdentityService identityService = processEngine.getIdentityService();
        AuthorizationService authorizationService = processEngine.getAuthorizationService();
        if (userAlreadyExists(identityService, this.adminUser)) {
            return;
        }
        createUser(identityService, this.adminUser);
        if (identityService.createGroupQuery().groupId(Groups.CAMUNDA_ADMIN).count() == 0) {
            Group newGroup = identityService.newGroup(Groups.CAMUNDA_ADMIN);
            newGroup.setName("camunda BPM Administrators");
            newGroup.setType(Groups.GROUP_TYPE_SYSTEM);
            identityService.saveGroup(newGroup);
        }
        for (Resources resources : Resources.values()) {
            if (authorizationService.createAuthorizationQuery().groupIdIn(Groups.CAMUNDA_ADMIN).resourceType(resources).resourceId("*").count() == 0) {
                AuthorizationEntity authorizationEntity = new AuthorizationEntity(1);
                authorizationEntity.setGroupId(Groups.CAMUNDA_ADMIN);
                authorizationEntity.setResource(resources);
                authorizationEntity.setResourceId("*");
                authorizationEntity.addPermission(Permissions.ALL);
                authorizationService.saveAuthorization(authorizationEntity);
            }
        }
        identityService.createMembership(this.adminUser.getId(), Groups.CAMUNDA_ADMIN);
        LOG.creatingInitialAdminUser(this.adminUser);
    }

    static boolean userAlreadyExists(IdentityService identityService, User user) {
        User singleResult = identityService.createUserQuery().userId(user.getId()).singleResult();
        if (singleResult == null) {
            return false;
        }
        LOG.skipAdminUserCreation(singleResult);
        return true;
    }

    static User createUser(IdentityService identityService, User user) {
        User newUser = identityService.newUser(user.getId());
        BeanUtils.copyProperties(user, newUser);
        identityService.saveUser(newUser);
        return newUser;
    }

    @Override // org.camunda.bpm.engine.spring.SpringProcessEnginePlugin, org.camunda.bpm.engine.impl.cfg.AbstractProcessEnginePlugin
    public String toString() {
        return createToString(Collections.singletonMap("adminUser", this.adminUser));
    }
}
