package org.camunda.bpm.spring.boot.starter.configuration.impl;

import java.util.Objects;
import javax.annotation.PostConstruct;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resource;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity;
import org.camunda.bpm.spring.boot.starter.property.AdminUserProperty;
import org.springframework.beans.BeanUtils;

/* loaded from: input_file:org/camunda/bpm/spring/boot/starter/configuration/impl/CreateAdminUserConfiguration.class */
public class CreateAdminUserConfiguration extends AbstractCamundaConfiguration {
    private User adminUser;

    @PostConstruct
    void init() {
        this.adminUser = ((AdminUserProperty) Objects.requireNonNull(this.camundaBpmProperties.getAdminUser(), "adminUser not configured!")).init();
    }

    @Override // org.camunda.bpm.spring.boot.starter.util.SpringBootProcessEnginePlugin
    public void postProcessEngineBuild(ProcessEngine processEngine) {
        IdentityService identityService = processEngine.getIdentityService();
        AuthorizationService authorizationService = processEngine.getAuthorizationService();
        if (userAlreadyExists(identityService, this.adminUser)) {
            return;
        }
        createUser(identityService, this.adminUser);
        if (identityService.createGroupQuery().groupId("camunda-admin").count() == 0) {
            Group newGroup = identityService.newGroup("camunda-admin");
            newGroup.setName("camunda BPM Administrators");
            newGroup.setType("SYSTEM");
            identityService.saveGroup(newGroup);
        }
        for (Resource resource : Resources.values()) {
            if (authorizationService.createAuthorizationQuery().groupIdIn(new String[]{"camunda-admin"}).resourceType(resource).resourceId("*").count() == 0) {
                AuthorizationEntity authorizationEntity = new AuthorizationEntity(1);
                authorizationEntity.setGroupId("camunda-admin");
                authorizationEntity.setResource(resource);
                authorizationEntity.setResourceId("*");
                authorizationEntity.addPermission(Permissions.ALL);
                authorizationService.saveAuthorization(authorizationEntity);
            }
        }
        identityService.createMembership(this.adminUser.getId(), "camunda-admin");
        LOG.creatingInitialAdminUser(this.adminUser);
    }

    static boolean userAlreadyExists(IdentityService identityService, User user) {
        User user2 = (User) identityService.createUserQuery().userId(user.getId()).singleResult();
        if (user2 == null) {
            return false;
        }
        LOG.skipAdminUserCreation(user2);
        return true;
    }

    static User createUser(IdentityService identityService, User user) {
        User newUser = identityService.newUser(user.getId());
        BeanUtils.copyProperties(user, newUser);
        identityService.saveUser(newUser);
        return newUser;
    }
}
