package ru.tinkoff.kora.camunda.engine.bpmn.configurator;

import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resource;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import ru.tinkoff.kora.camunda.engine.bpmn.CamundaEngineBpmnConfig;
import ru.tinkoff.kora.camunda.engine.bpmn.CamundaEngineDataSource;
import ru.tinkoff.kora.common.util.TimeUtils;

/* loaded from: input_file:ru/tinkoff/kora/camunda/engine/bpmn/configurator/AdminUserProcessEngineConfigurator.class */
public final class AdminUserProcessEngineConfigurator implements ProcessEngineConfigurator {
    private static final Logger logger = LoggerFactory.getLogger(AdminUserProcessEngineConfigurator.class);
    private final CamundaEngineBpmnConfig.AdminConfig adminConfig;
    private final CamundaEngineDataSource camundaEngineDataSource;

    public AdminUserProcessEngineConfigurator(CamundaEngineBpmnConfig camundaEngineBpmnConfig, CamundaEngineDataSource camundaEngineDataSource) {
        this.adminConfig = camundaEngineBpmnConfig.admin();
        this.camundaEngineDataSource = camundaEngineDataSource;
    }

    @Override // ru.tinkoff.kora.camunda.engine.bpmn.configurator.ProcessEngineConfigurator
    public void setup(ProcessEngine processEngine) {
        if (this.adminConfig != null) {
            logger.debug("Camunda Configurator Admin user creating...");
            long started = TimeUtils.started();
            IdentityService identityService = processEngine.getIdentityService();
            AuthorizationService authorizationService = processEngine.getAuthorizationService();
            this.camundaEngineDataSource.transactionManager().inNewTx(() -> {
                if (userAlreadyExists(identityService, this.adminConfig.id())) {
                    logger.debug("Camunda Configurator Admin user already exist");
                    return;
                }
                createUser(identityService);
                if (!adminGroupAlreadyExists(identityService)) {
                    createAdminGroup(identityService);
                }
                createAdminGroupAuthorizations(authorizationService);
                identityService.createMembership(this.adminConfig.id(), "camunda-admin");
                logger.info("Camunda Configurator Admin user created in {}", TimeUtils.tookForLogging(started));
            });
        }
    }

    private boolean userAlreadyExists(IdentityService identityService, String str) {
        return identityService.createUserQuery().userId(str).singleResult() != null;
    }

    private boolean adminGroupAlreadyExists(IdentityService identityService) {
        return identityService.createGroupQuery().groupId("camunda-admin").count() > 0;
    }

    private void createUser(IdentityService identityService) {
        User newUser = identityService.newUser(this.adminConfig.id());
        newUser.setPassword(this.adminConfig.password());
        newUser.setFirstName(this.adminConfig.firstname() == null ? this.adminConfig.id().toUpperCase() : this.adminConfig.firstname());
        newUser.setLastName(this.adminConfig.lastname() == null ? this.adminConfig.id().toUpperCase() : this.adminConfig.lastname());
        newUser.setEmail(this.adminConfig.email() == null ? this.adminConfig.id() + "@localhost" : this.adminConfig.email());
        identityService.saveUser(newUser);
    }

    private void createAdminGroup(IdentityService identityService) {
        Group newGroup = identityService.newGroup("camunda-admin");
        newGroup.setName("Camunda Administrators");
        newGroup.setType("SYSTEM");
        identityService.saveGroup(newGroup);
    }

    private void createAdminGroupAuthorizations(AuthorizationService authorizationService) {
        for (Resource resource : Resources.values()) {
            if (authorizationService.createAuthorizationQuery().groupIdIn(new String[]{"camunda-admin"}).resourceType(resource).resourceId("*").count() == 0) {
                AuthorizationEntity authorizationEntity = new AuthorizationEntity(1);
                authorizationEntity.setGroupId("camunda-admin");
                authorizationEntity.setResource(resource);
                authorizationEntity.setResourceId("*");
                authorizationEntity.addPermission(Permissions.ALL);
                authorizationService.saveAuthorization(authorizationEntity);
            }
        }
    }
}
