package org.eclipse.stardust.engine.extensions.dms.data;

import java.util.Iterator;
import java.util.Set;
import javax.jcr.SimpleCredentials;
import org.eclipse.stardust.common.CollectionUtils;
import org.eclipse.stardust.engine.api.model.IModelParticipant;
import org.eclipse.stardust.engine.api.model.IOrganization;
import org.eclipse.stardust.engine.api.model.PredefinedConstants;
import org.eclipse.stardust.engine.core.runtime.beans.IDepartment;
import org.eclipse.stardust.engine.core.runtime.beans.IUser;
import org.eclipse.stardust.engine.core.runtime.beans.ModelManager;
import org.eclipse.stardust.engine.core.runtime.beans.ModelManagerFactory;
import org.eclipse.stardust.engine.core.runtime.beans.UserBean;
import org.eclipse.stardust.engine.core.runtime.beans.UserParticipantLink;
import org.eclipse.stardust.engine.core.runtime.beans.UserUserGroupLink;
import org.eclipse.stardust.engine.core.runtime.beans.removethis.SecurityProperties;
import org.eclipse.stardust.engine.core.runtime.utils.DepartmentUtils;
import org.eclipse.stardust.vfs.impl.jcr.AuthorizableOrganizationDetails;

/* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/extensions/dms/data/JcrSecurityUtils.class */
public class JcrSecurityUtils {
    private JcrSecurityUtils() {
    }

    public static SimpleCredentials getCredentialsIncludingParticipantHierarchy(IUser iUser, String str) {
        Set newSet = CollectionUtils.newSet();
        if (iUser.hasRole(PredefinedConstants.ADMINISTRATOR_ROLE)) {
            newSet.add(new AuthorizableOrganizationDetails("administrators"));
        }
        if (iUser instanceof UserBean) {
            Iterator<UserParticipantLink> allParticipantLinks = ((UserBean) iUser).getAllParticipantLinks();
            while (allParticipantLinks.hasNext()) {
                UserParticipantLink next = allParticipantLinks.next();
                for (IModelParticipant iModelParticipant : next.getParticipants()) {
                    if (iModelParticipant != null) {
                        IDepartment department = next.getDepartment();
                        String id = iModelParticipant.getModel().getId();
                        newSet.add(new AuthorizableOrganizationDetails(DmsPrincipal.getModelParticipantPrincipalName(iModelParticipant.getId(), DmsPrincipal.getFullDepartmentScopedId(department), id)));
                        newSet.add(new AuthorizableOrganizationDetails(iModelParticipant.getId()));
                        IDepartment iDepartment = null;
                        if (!(iModelParticipant instanceof IOrganization)) {
                            iDepartment = department;
                        } else if (department != null) {
                            iDepartment = department.getParentDepartment();
                        }
                        ModelManager current = ModelManagerFactory.getCurrent();
                        for (IOrganization parentOrg = DepartmentUtils.getParentOrg(iModelParticipant); parentOrg != null; parentOrg = DepartmentUtils.getParentOrg(parentOrg)) {
                            String str2 = null;
                            if (iDepartment != null && DepartmentUtils.isRestrictedModelParticipant(parentOrg) && current.getRuntimeOid(parentOrg) == iDepartment.getRuntimeOrganizationOID()) {
                                str2 = DmsPrincipal.getFullDepartmentScopedId(iDepartment);
                            }
                            newSet.add(new AuthorizableOrganizationDetails(DmsPrincipal.getModelParticipantPrincipalName(parentOrg.getId(), str2, id)));
                            if (str2 != null) {
                                iDepartment = iDepartment.getParentDepartment();
                            }
                        }
                    }
                }
            }
            Iterator<UserUserGroupLink> allUserGroupLinks = SecurityProperties.getUser().getAllUserGroupLinks();
            while (allUserGroupLinks.hasNext()) {
                newSet.add(new AuthorizableOrganizationDetails(DmsPrincipal.getUserGroupPrincipalName(allUserGroupLinks.next().getUserGroup().getId())));
            }
        }
        SimpleCredentials simpleCredentials = new SimpleCredentials(DmsPrincipal.getUserPrincipalName(iUser.getId(), iUser.getRealm().getId()), str.toCharArray());
        simpleCredentials.setAttribute("directGroups", newSet);
        return simpleCredentials;
    }
}
