package org.eclipse.stardust.engine.core.runtime.beans;

import java.io.Serializable;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import org.eclipse.stardust.common.CollectionUtils;
import org.eclipse.stardust.common.CompareHelper;
import org.eclipse.stardust.common.StringUtils;
import org.eclipse.stardust.common.config.Parameters;
import org.eclipse.stardust.common.error.ConcurrencyException;
import org.eclipse.stardust.common.error.InvalidArgumentException;
import org.eclipse.stardust.common.error.ObjectNotFoundException;
import org.eclipse.stardust.common.error.PublicException;
import org.eclipse.stardust.common.log.LogManager;
import org.eclipse.stardust.common.log.Logger;
import org.eclipse.stardust.common.security.InvalidPasswordException;
import org.eclipse.stardust.engine.api.dto.UserDetails;
import org.eclipse.stardust.engine.api.dto.UserDetailsLevel;
import org.eclipse.stardust.engine.api.dto.UserGroupDetailsLevel;
import org.eclipse.stardust.engine.api.model.IModel;
import org.eclipse.stardust.engine.api.model.IModelParticipant;
import org.eclipse.stardust.engine.api.model.IOrganization;
import org.eclipse.stardust.engine.api.model.PredefinedConstants;
import org.eclipse.stardust.engine.api.runtime.BpmRuntimeError;
import org.eclipse.stardust.engine.api.runtime.Department;
import org.eclipse.stardust.engine.api.runtime.DepartmentInfo;
import org.eclipse.stardust.engine.api.runtime.Deputy;
import org.eclipse.stardust.engine.api.runtime.DeputyOptions;
import org.eclipse.stardust.engine.api.runtime.IllegalOperationException;
import org.eclipse.stardust.engine.api.runtime.User;
import org.eclipse.stardust.engine.api.runtime.UserExistsException;
import org.eclipse.stardust.engine.api.runtime.UserGroup;
import org.eclipse.stardust.engine.api.runtime.UserGroupExistsException;
import org.eclipse.stardust.engine.api.runtime.UserInfo;
import org.eclipse.stardust.engine.api.runtime.UserRealm;
import org.eclipse.stardust.engine.api.runtime.UserRealmExistsException;
import org.eclipse.stardust.engine.api.runtime.UserService;
import org.eclipse.stardust.engine.core.model.utils.ModelUtils;
import org.eclipse.stardust.engine.core.monitoring.MonitoringUtils;
import org.eclipse.stardust.engine.core.persistence.Predicates;
import org.eclipse.stardust.engine.core.persistence.QueryExtension;
import org.eclipse.stardust.engine.core.persistence.ResultIterator;
import org.eclipse.stardust.engine.core.persistence.jdbc.SessionFactory;
import org.eclipse.stardust.engine.core.runtime.beans.removethis.SecurityProperties;
import org.eclipse.stardust.engine.core.runtime.internal.SessionManager;
import org.eclipse.stardust.engine.core.runtime.utils.DepartmentUtils;
import org.eclipse.stardust.engine.core.security.utils.PasswordGenerator;
import org.eclipse.stardust.engine.core.security.utils.PasswordValidation;
import org.eclipse.stardust.engine.core.security.utils.SecurityUtils;
import org.eclipse.stardust.engine.runtime.utils.TimestampProviderUtils;

/* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/core/runtime/beans/UserServiceImpl.class */
public class UserServiceImpl implements UserService, Serializable {
    private static final long serialVersionUID = 2;
    private static final Logger trace = LogManager.getLogger(UserServiceImpl.class);

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public String startSession(String str) {
        return Parameters.instance().getBoolean(Constants.CARNOT_ARCHIVE_AUDITTRAIL, false) ? UserService.ARCHIVE : SessionManager.isUserSessionTrackingDisabled(SecurityProperties.getUser()) ? UserService.DISABLED_FOR_USER : Long.toHexString(new UserSessionBean(SecurityProperties.getUser(), str).getOID());
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public void closeSession(String str) {
        long j;
        if (UserService.ARCHIVE.equals(str) || UserService.DISABLED_FOR_USER.equals(str)) {
            return;
        }
        try {
            j = Long.decode("0x" + str).longValue();
        } catch (NumberFormatException e) {
            j = 0;
        }
        try {
            UserSessionBean findByOid = UserSessionBean.findByOid(j);
            Date timeStamp = TimestampProviderUtils.getTimeStamp();
            findByOid.setLastModificationTime(timeStamp);
            findByOid.setExpirationTime(timeStamp);
        } catch (ObjectNotFoundException e2) {
            trace.warn("Unknown session: " + j);
        }
    }

    public boolean isTeamLeader(IUser iUser) {
        return SecurityProperties.isTeamLeader(iUser);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public boolean isInternalAuthentified() {
        return isInternalAuthentication();
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public boolean isInternalAuthentication() {
        return SecurityProperties.isInternalAuthentication();
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public boolean isInternalAuthorization() {
        return SecurityProperties.isInternalAuthorization();
    }

    public IUser internalGetUser(String str, String str2) throws ObjectNotFoundException {
        HashMap hashMap = new HashMap();
        hashMap.put(SecurityProperties.REALM, str);
        hashMap.put(SecurityProperties.DOMAIN, SecurityProperties.getUserDomain().getId());
        hashMap.put(SecurityProperties.PARTITION, SecurityProperties.getPartition().getId());
        return SynchronizationService.synchronize(str2, getModel(), Parameters.instance().getBoolean(SecurityProperties.AUTHORIZATION_SYNC_ADMIN_PROPERTY, true), hashMap);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public User getUser() {
        return (User) DetailsFactory.create(SecurityProperties.getUser(), IUser.class, UserDetails.class);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public User modifyLoginUser(String str, String str2, String str3, String str4, String str5) {
        checkInternalAuthentified();
        IUser user = SecurityProperties.getUser();
        user.lock();
        if (!user.checkPassword(str)) {
            throw new PublicException(BpmRuntimeError.AUTHx_CHANGE_PASSWORD_OLD_PW_VERIFICATION_FAILED.raise());
        }
        if (str4 == null) {
            throw new PublicException(BpmRuntimeError.AUTHx_CHANGE_PASSWORD_NEW_PW_MISSING.raise());
        }
        try {
            PasswordValidation.validate(str4.toCharArray(), SecurityUtils.getPasswordRules(SecurityProperties.getPartitionOid()), SecurityUtils.getPasswordRules(SecurityProperties.getPartitionOid()) != null ? SecurityUtils.getPreviousPasswords(user, str) : null);
            user.setAccount(user.getAccount());
            user.setFirstName(str2);
            user.setLastName(str3);
            user.setDescription(user.getDescription());
            if (str4 != null) {
                user.setPassword(str4);
                SecurityUtils.changePassword(user, str, str4);
            }
            user.setPasswordExpired(false);
            user.setEMail(str5);
            return (User) DetailsFactory.create(SecurityProperties.getUser(), IUser.class, UserDetails.class);
        } catch (InvalidPasswordException e) {
            throw new InvalidPasswordException(BpmRuntimeError.AUTHx_CHANGE_PASSWORD_NEW_PW_VERIFICATION_FAILED.raise(), e.getFailureCodes());
        }
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public User modifyUser(User user) {
        return modifyUser(user, false);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public User modifyUser(User user, boolean z) {
        if (!isFullyInitialized(user)) {
            throw new IllegalOperationException(BpmRuntimeError.AUTHx_OPERATION_FAILED_USER_OID_NOT_FULLY_INITIALIZED.raise(user.getOID()));
        }
        if (!isInternalAuthentication() && !isInternalAuthorization()) {
            throw new IllegalOperationException(BpmRuntimeError.AUTHx_OPERATION_FAILED_REQUIRES_INTERNAL_AUTH.raise());
        }
        UserBean findByOid = UserBean.findByOid(user.getOID());
        findByOid.lock();
        if (isInternalAuthentication()) {
            if (isTeamLeader(findByOid) || !SecurityProperties.getUser().hasRole(PredefinedConstants.ADMINISTRATOR_ROLE)) {
            }
            findByOid.setQualityAssuranceProbability(user.getQualityAssuranceProbability());
            findByOid.setQualityAssuranceProbability(user.getQualityAssuranceProbability());
            String password = findByOid.getPassword();
            String str = z ? new String(PasswordGenerator.generatePassword(SecurityUtils.getPasswordRules(SecurityProperties.getPartitionOid()), SecurityUtils.getPreviousPasswords(findByOid, password))) : ((UserDetails) user).getPassword();
            if (str != null) {
                try {
                    PasswordValidation.validate(str.toCharArray(), SecurityUtils.getPasswordRules(SecurityProperties.getPartitionOid()), SecurityUtils.getPreviousPasswords(findByOid, password));
                } catch (InvalidPasswordException e) {
                    throw new InvalidPasswordException(BpmRuntimeError.AUTHx_CHANGE_PASSWORD_NEW_PW_VERIFICATION_FAILED.raise(), e.getFailureCodes());
                }
            }
            findByOid.setAccount(user.getAccount());
            findByOid.setFirstName(user.getFirstName());
            findByOid.setLastName(user.getLastName());
            findByOid.setDescription(user.getDescription());
            if (z) {
                findByOid.setPassword(str);
                SecurityUtils.publishGeneratedPassword(findByOid, str);
                findByOid.setPasswordExpired(true);
                SecurityUtils.changePassword(findByOid, password, str);
            } else if (str != null) {
                findByOid.setPassword(str);
                SecurityUtils.changePassword(findByOid, password, str);
            }
            findByOid.setEMail(user.getEMail());
            findByOid.setValidFrom(user.getValidFrom());
            if (findByOid.isPasswordExpired() && SecurityUtils.isUserInvalid(findByOid)) {
                SecurityUtils.generatePassword(findByOid);
            }
            findByOid.setValidTo(user.getValidTo());
        }
        if (isInternalAuthorization()) {
            ModelManager current = ModelManagerFactory.getCurrent();
            Collection<UserDetails.AddedGrant> newGrants = ((UserDetails) user).getNewGrants();
            for (UserDetails.AddedGrant addedGrant : newGrants) {
                QName valueOf = QName.valueOf(addedGrant.getQualifiedId());
                ProcessInstanceGroupUtils.assertNotCasePerformer(addedGrant.getQualifiedId());
                DepartmentInfo department = addedGrant.getDepartment();
                IDepartment findByOID = (department == null || department == Department.DEFAULT) ? null : DepartmentBean.findByOID(department.getOID());
                Iterator<IModel> allModels = current.getAllModels();
                while (true) {
                    if (allModels.hasNext()) {
                        IModel next = allModels.next();
                        if (StringUtils.isEmpty(valueOf.getNamespaceURI()) || CompareHelper.areEqual(next.getId(), valueOf.getNamespaceURI())) {
                            IModelParticipant findParticipant = next.findParticipant(valueOf.getLocalPart());
                            if (findParticipant != null) {
                                addToParticipants(current, findByOid, findParticipant, findByOID);
                                break;
                            }
                        }
                    }
                }
            }
            Iterator<UserParticipantLink> allParticipantLinks = findByOid.getAllParticipantLinks();
            while (allParticipantLinks.hasNext()) {
                UserParticipantLink next2 = allParticipantLinks.next();
                IDepartment department2 = next2.getDepartment();
                boolean z2 = false;
                Iterator<UserDetails.AddedGrant> it = newGrants.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    UserDetails.AddedGrant next3 = it.next();
                    QName valueOf2 = QName.valueOf(next3.getQualifiedId());
                    if (valueOf2.toString().equals(StringUtils.isEmpty(valueOf2.getNamespaceURI()) ? next2.getParticipant().getId() : ModelUtils.getQualifiedId(next2.getParticipant())) && areEqual(department2, next3.getDepartment())) {
                        z2 = true;
                        break;
                    }
                }
                if (!z2) {
                    findByOid.removeFromParticipants(next2.getParticipant(), department2);
                }
            }
            for (Map.Entry<String, Object> entry : user.getAllProperties().entrySet()) {
                findByOid.setPropertyValue(entry.getKey(), (Serializable) entry.getValue());
            }
            Collection<String> newGroupIds = ((UserDetails) user).getNewGroupIds();
            Iterator<String> it2 = newGroupIds.iterator();
            while (it2.hasNext()) {
                UserGroupBean.findById(it2.next(), SecurityProperties.getPartitionOid()).addUser(findByOid);
            }
            Iterator allUserGroups = findByOid.getAllUserGroups(false);
            while (allUserGroups.hasNext()) {
                IUserGroup iUserGroup = (IUserGroup) allUserGroups.next();
                if (false == newGroupIds.contains(iUserGroup.getId())) {
                    iUserGroup.removeUser(findByOid);
                }
            }
        }
        return (User) DetailsFactory.create(findByOid, IUser.class, UserDetails.class);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public void generatePasswordResetToken(String str, String str2) {
        IUserRealm userRealm = SecurityProperties.getUserRealm();
        if (!StringUtils.isEmpty(str)) {
            try {
                userRealm = UserRealmBean.findById(str, SecurityProperties.getPartition().getOID());
            } catch (ObjectNotFoundException e) {
            }
        }
        SecurityUtils.generatePasswordResetToken(UserBean.findByAccount(str2, userRealm));
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public void resetPassword(String str, Map map, String str2) throws ConcurrencyException, ObjectNotFoundException, IllegalOperationException {
        if (!isInternalAuthentication()) {
            throw new IllegalOperationException(BpmRuntimeError.AUTHx_OPERATION_FAILED_REQUIRES_INTERNAL_AUTH.raise());
        }
        IModel findActiveModel = ModelManagerFactory.getCurrent().findActiveModel();
        if (findActiveModel == null) {
            findActiveModel = ModelManagerFactory.getCurrent().findLastDeployedModel();
        }
        IUser synchronize = SynchronizationService.synchronize(str, findActiveModel, true, map);
        if (!synchronize.isValid()) {
            throw new IllegalOperationException(BpmRuntimeError.AUTHx_EXP_ACCOUNT_EXPIRED.raise(synchronize.getRealmQualifiedAccount()));
        }
        synchronize.lock();
        if (isInternalAuthentication()) {
            SecurityUtils.generatePassword(synchronize, str2);
        }
    }

    private void addToParticipants(ModelManager modelManager, UserBean userBean, IModelParticipant iModelParticipant, IDepartment iDepartment) {
        IOrganization iOrganization;
        if (iDepartment != null && iModelParticipant != (iOrganization = (IOrganization) modelManager.findModelParticipant(iModelParticipant.getModel().getModelOID(), iDepartment.getRuntimeOrganizationOID())) && !DepartmentUtils.isChild(iModelParticipant, iOrganization)) {
            throw new IllegalOperationException(BpmRuntimeError.AUTHx_AUTH_INVALID_GRANT.raise(iModelParticipant.getId(), Long.valueOf(iDepartment.getOID())));
        }
        userBean.addToParticipants(iModelParticipant, iDepartment);
    }

    private boolean areEqual(IDepartment iDepartment, DepartmentInfo departmentInfo) {
        if (departmentInfo == Department.DEFAULT) {
            departmentInfo = null;
        }
        return iDepartment == null ? departmentInfo == null : departmentInfo != null && iDepartment.getOID() == departmentInfo.getOID();
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public User createUser(String str, String str2, String str3, String str4, String str5, String str6, Date date, Date date2) {
        return createUser(SecurityProperties.getUserRealm().getId(), str, str2, str3, str4, str5, str6, date, date2);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public User createUser(String str, String str2, String str3, String str4, String str5, String str6, String str7, Date date, Date date2) {
        if (StringUtils.isEmpty(str)) {
            throw new InvalidArgumentException(BpmRuntimeError.BPMRT_NULL_ARGUMENT.raise("realm"));
        }
        if (StringUtils.isEmpty(str2)) {
            throw new InvalidArgumentException(BpmRuntimeError.BPMRT_NULL_ARGUMENT.raise(UserBean.FIELD__ACCOUNT));
        }
        if (StringUtils.isEmpty(str3)) {
            throw new InvalidArgumentException(BpmRuntimeError.BPMRT_NULL_ARGUMENT.raise(UserBean.FIELD__FIRST_NAME));
        }
        if (StringUtils.isEmpty(str4)) {
            throw new InvalidArgumentException(BpmRuntimeError.BPMRT_NULL_ARGUMENT.raise(UserBean.FIELD__LAST_NAME));
        }
        if (StringUtils.isEmpty(str6)) {
            throw new InvalidArgumentException(BpmRuntimeError.BPMRT_NULL_ARGUMENT.raise("password"));
        }
        checkInternalAuthentified();
        IAuditTrailPartition partition = SecurityProperties.getPartition();
        try {
            UserBean.findByAccount(str2, UserRealmBean.findById(str, partition.getOID()));
            throw new UserExistsException(str2, str);
        } catch (ObjectNotFoundException e) {
            try {
                PasswordValidation.validate(str6.toCharArray(), SecurityUtils.getPasswordRules(partition.getOID()), null);
                UserBean userBean = new UserBean(str2, str3, str4, UserRealmBean.findById(str, partition.getOID()));
                userBean.setDescription(str5);
                userBean.setPassword(str6);
                SecurityUtils.updatePasswordHistory(userBean, str6);
                userBean.setEMail(str7);
                userBean.setValidFrom(date);
                userBean.setValidTo(date2);
                trace.info("Created user '" + userBean.getRealmQualifiedAccount() + "', oid = " + userBean.getOID());
                MonitoringUtils.partitionMonitors().userCreated(userBean);
                return (User) DetailsFactory.create(userBean, IUser.class, UserDetails.class);
            } catch (InvalidPasswordException e2) {
                throw new InvalidPasswordException(BpmRuntimeError.AUTHx_CHANGE_PASSWORD_NEW_PW_VERIFICATION_FAILED.raise(), e2.getFailureCodes());
            }
        }
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public User getUser(String str) throws ObjectNotFoundException, IllegalOperationException {
        return getUser(SecurityProperties.getUserRealm().getId(), str);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public User getUser(String str, String str2) throws ObjectNotFoundException {
        return (User) DetailsFactory.create(internalGetUser(str, str2), IUser.class, UserDetails.class);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public User getUser(long j) throws ObjectNotFoundException {
        UserBean findByOid = UserBean.findByOid(j);
        if (!isInternalAuthentication()) {
            SynchronizationService.synchronize(findByOid);
        }
        return (User) DetailsFactory.create(findByOid, IUser.class, UserDetails.class);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public User invalidate(String str) {
        return invalidateUser(str);
    }

    public void changeUserPassword(String str, String str2) {
        IUser user = SecurityProperties.getUser();
        if (!user.checkPassword(str)) {
            throw new PublicException(BpmRuntimeError.AUTHx_CHANGE_PASSWORD_OLD_PW_VERIFICATION_FAILED.raise());
        }
        try {
            PasswordValidation.validate(str2.toCharArray(), SecurityUtils.getPasswordRules(SecurityProperties.getPartitionOid()), SecurityUtils.getPasswordRules(SecurityProperties.getPartitionOid()) != null ? SecurityUtils.getPreviousPasswords(user, str) : null);
            user.setPassword(str2);
            SecurityUtils.changePassword(user, str, str2);
        } catch (InvalidPasswordException e) {
            throw new InvalidPasswordException(BpmRuntimeError.AUTHx_CHANGE_PASSWORD_NEW_PW_VERIFICATION_FAILED.raise(), e.getFailureCodes());
        }
    }

    public IModel getModel() {
        return ModelManagerFactory.getCurrent().findActiveModel();
    }

    private void checkInternalAuthentified() {
        if (!isInternalAuthentication()) {
            throw new IllegalOperationException(BpmRuntimeError.AUTHx_OPERATION_FAILED_REQUIRES_INTERNAL_AUTH.raise());
        }
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public User invalidateUser(String str) throws ObjectNotFoundException, IllegalOperationException {
        return invalidateUser(SecurityProperties.getUserRealm().getId(), str);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public User invalidateUser(String str, String str2) throws ObjectNotFoundException, IllegalOperationException {
        checkInternalAuthentified();
        UserBean findByAccount = UserBean.findByAccount(str2, UserRealmBean.findById(str, SecurityProperties.getPartition().getOID()));
        findByAccount.lock();
        findByAccount.setValidTo(TimestampProviderUtils.getTimeStamp());
        findByAccount.clearAllParticipants();
        MonitoringUtils.partitionMonitors().userDisabled(findByAccount);
        return (User) DetailsFactory.create(findByAccount, IUser.class, UserDetails.class);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public UserGroup createUserGroup(String str, String str2, String str3, Date date, Date date2) throws UserGroupExistsException, IllegalOperationException, InvalidArgumentException {
        if (StringUtils.isEmpty(str)) {
            throw new InvalidArgumentException(BpmRuntimeError.BPMRT_INVALID_ARGUMENT.raise("id", "empty"));
        }
        if (StringUtils.isEmpty(str2)) {
            throw new InvalidArgumentException(BpmRuntimeError.BPMRT_INVALID_ARGUMENT.raise("name", "empty"));
        }
        if (str3 == null) {
            throw new InvalidArgumentException(BpmRuntimeError.BPMRT_INVALID_ARGUMENT.raise("description", "null"));
        }
        try {
            UserGroupBean.findById(str, SecurityProperties.getPartitionOid());
            throw new UserGroupExistsException(str);
        } catch (ObjectNotFoundException e) {
            UserGroupBean userGroupBean = new UserGroupBean(str, str2, (AuditTrailPartitionBean) SecurityProperties.getPartition(false));
            userGroupBean.setDescription(str3);
            userGroupBean.setValidFrom(date);
            userGroupBean.setValidTo(date2);
            trace.info("Created user group '" + str + "', oid = " + userGroupBean.getOID());
            return (UserGroup) DetailsFactory.create(userGroupBean, IUserGroup.class, UserGroupDetails.class);
        }
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public UserGroup modifyUserGroup(UserGroup userGroup) throws ConcurrencyException, ObjectNotFoundException, IllegalOperationException {
        checkInternalAuthentified();
        if (!isFullyInitialized(userGroup)) {
            throw new IllegalOperationException(BpmRuntimeError.AUTHx_OPERATION_FAILED_USER_GROUP_OID_NOT_FULLY_INITIALIZED.raise(userGroup.getOID()));
        }
        UserGroupBean findByOid = UserGroupBean.findByOid(userGroup.getOID());
        findByOid.lock();
        findByOid.setId(userGroup.getId());
        findByOid.setName(userGroup.getName());
        findByOid.setDescription(userGroup.getDescription());
        findByOid.setValidFrom(userGroup.getValidFrom());
        findByOid.setValidTo(userGroup.getValidTo());
        for (Map.Entry entry : userGroup.getAllAttributes().entrySet()) {
            findByOid.setPropertyValue((String) entry.getKey(), (Serializable) entry.getValue());
        }
        return (UserGroup) DetailsFactory.create(findByOid, IUserGroup.class, UserGroupDetails.class);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public UserGroup getUserGroup(String str) throws ObjectNotFoundException {
        return (UserGroup) DetailsFactory.create(SynchronizationService.synchronizeUserGroup(str), IUserGroup.class, UserGroupDetails.class);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public UserGroup getUserGroup(long j) throws ObjectNotFoundException {
        UserGroupBean findByOid = UserGroupBean.findByOid(j);
        if (!isInternalAuthentication()) {
            SynchronizationService.synchronize(findByOid);
        }
        return (UserGroup) DetailsFactory.create(findByOid, IUserGroup.class, UserGroupDetails.class);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public UserGroup invalidateUserGroup(String str) throws ConcurrencyException, ObjectNotFoundException, IllegalOperationException {
        checkInternalAuthentified();
        UserGroupBean findById = UserGroupBean.findById(str, SecurityProperties.getPartitionOid());
        findById.lock();
        findById.setValidTo(TimestampProviderUtils.getTimeStamp());
        return (UserGroup) DetailsFactory.create(findById, IUserGroup.class, UserGroupDetails.class);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public UserGroup invalidateUserGroup(long j) throws ConcurrencyException, ObjectNotFoundException, IllegalOperationException {
        checkInternalAuthentified();
        UserGroupBean findByOid = UserGroupBean.findByOid(j);
        findByOid.lock();
        findByOid.setValidTo(TimestampProviderUtils.getTimeStamp());
        return (UserGroup) DetailsFactory.create(findByOid, IUserGroup.class, UserGroupDetails.class);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public UserRealm createUserRealm(String str, String str2, String str3) throws UserRealmExistsException, IllegalOperationException {
        try {
            UserRealmBean.findById(str, SecurityProperties.getPartition().getOID());
            throw new UserRealmExistsException(str);
        } catch (ObjectNotFoundException e) {
            UserRealmBean userRealmBean = new UserRealmBean(str, str2, (AuditTrailPartitionBean) SecurityProperties.getPartition(false));
            userRealmBean.setDescription(str3);
            trace.info(MessageFormat.format("Created user realm ''{0}'', oid = {1}.", str, new Long(userRealmBean.getOID())));
            MonitoringUtils.partitionMonitors().userRealmCreated(userRealmBean);
            return (UserRealm) DetailsFactory.create(userRealmBean, IUserRealm.class, UserRealmDetails.class);
        }
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public void dropUserRealm(String str) throws ConcurrencyException, ObjectNotFoundException, IllegalOperationException {
        UserRealmBean findById = UserRealmBean.findById(str, SecurityProperties.getPartition().getOID());
        long oid = findById.getOID();
        if (null != SessionFactory.getSession("AuditTrail").findFirst(UserBean.class, QueryExtension.where(Predicates.isEqual(UserBean.FR__REALM, oid)))) {
            throw new IllegalOperationException(BpmRuntimeError.ATDB_DELETION_FAILED_USER_REALM_ID_DANGLING_REFERENCE.raise(str));
        }
        findById.delete();
        trace.info(MessageFormat.format("Dropped user realm ''{0}'', oid = {1}.", str, new Long(oid)));
        MonitoringUtils.partitionMonitors().userRealmDropped(findById);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public List getUserRealms() throws ConcurrencyException, IllegalOperationException {
        ArrayList arrayList = new ArrayList();
        ResultIterator iterator = SessionFactory.getSession("AuditTrail").getIterator(UserRealmBean.class, QueryExtension.where(Predicates.isEqual(UserRealmBean.FR__PARTITION, SecurityProperties.getPartition().getOID())));
        while (iterator.hasNext()) {
            arrayList.add(DetailsFactory.create(iterator.next(), IUserRealm.class, UserRealmDetails.class));
        }
        return Collections.unmodifiableList(arrayList);
    }

    private boolean isFullyInitialized(User user) {
        return UserDetailsLevel.Full == user.getDetailsLevel();
    }

    private boolean isFullyInitialized(UserGroup userGroup) {
        return UserGroupDetailsLevel.Full == userGroup.getDetailsLevel();
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public Deputy addDeputy(UserInfo userInfo, UserInfo userInfo2, DeputyOptions deputyOptions) {
        if (userInfo.getOID() == userInfo2.getOID()) {
            throw new InvalidArgumentException(BpmRuntimeError.ATDB_DEPUTY_SELF_REFERENCE_NOT_ALLOWED.raise(userInfo.getOID()));
        }
        if (deputyOptions == null) {
            deputyOptions = DeputyOptions.DEFAULT;
        }
        UserBean findByOid = UserBean.findByOid(userInfo.getOID());
        UserBean findByOid2 = UserBean.findByOid(userInfo2.getOID());
        UserUtils.removeExistingDeputy(userInfo.getOID(), findByOid2);
        DeputyBean deputyBean = new DeputyBean(findByOid.getOID(), deputyOptions.getFromDate(), deputyOptions.getToDate(), deputyOptions.getParticipants());
        findByOid2.setPropertyValue(UserUtils.IS_DEPUTY_OF, deputyBean.toString());
        UserUtils.updateDeputyGrants(findByOid2);
        return deputyBean.createDeputyDetails(userInfo2);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public Deputy modifyDeputy(UserInfo userInfo, UserInfo userInfo2, DeputyOptions deputyOptions) {
        if (deputyOptions == null) {
            deputyOptions = DeputyOptions.DEFAULT;
        }
        Iterator<Deputy> it = getUsersBeingDeputyFor(userInfo2).iterator();
        while (it.hasNext()) {
            if (it.next().getUser().equals(userInfo)) {
                removeDeputy(userInfo, userInfo2);
                return addDeputy(userInfo, userInfo2, deputyOptions);
            }
        }
        throw new ObjectNotFoundException(BpmRuntimeError.ATDB_DEPUTY_DOES_NOT_EXISTS.raise(userInfo2.getOID(), userInfo.getOID()));
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public void removeDeputy(UserInfo userInfo, UserInfo userInfo2) {
        UserBean findByOid = UserBean.findByOid(userInfo2.getOID());
        UserUtils.removeExistingDeputy(userInfo.getOID(), findByOid);
        UserUtils.updateDeputyGrants(findByOid);
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public List<Deputy> getDeputies(UserInfo userInfo) {
        ResultIterator iterator = SessionFactory.getSession("AuditTrail").getIterator(UserProperty.class, QueryExtension.where(Predicates.andTerm(Predicates.isEqual(UserProperty.FR__NAME, UserUtils.IS_DEPUTY_OF), Predicates.isLike(UserProperty.FR__STRING_VALUE, MessageFormat.format(UserUtils.IS_DEPUTY_OF_PROP_PREFIX_PATTERN, Long.valueOf(UserBean.findByOid(userInfo.getOID()).getOID()).toString())))));
        HashMap newHashMap = CollectionUtils.newHashMap();
        while (iterator.hasNext()) {
            UserProperty userProperty = (UserProperty) iterator.next();
            long objectOID = userProperty.getObjectOID();
            if (!newHashMap.containsKey(Long.valueOf(objectOID))) {
                newHashMap.put(Long.valueOf(objectOID), DeputyBean.fromString((String) userProperty.getValue()).createDeputyDetails(DetailsFactory.create(UserBean.findByOid(objectOID))));
            }
        }
        return CollectionUtils.newArrayList(newHashMap.values());
    }

    @Override // org.eclipse.stardust.engine.api.runtime.UserService
    public List<Deputy> getUsersBeingDeputyFor(UserInfo userInfo) {
        ArrayList newArrayList = CollectionUtils.newArrayList();
        Iterator<DeputyBean> it = UserUtils.getDeputies(UserBean.findByOid(userInfo.getOID())).iterator();
        while (it.hasNext()) {
            newArrayList.add(it.next().createDeputyDetails(userInfo));
        }
        return newArrayList;
    }
}
