package org.eclipse.stardust.engine.core.runtime.beans;

import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentMap;
import org.eclipse.stardust.common.Action;
import org.eclipse.stardust.common.CollectionUtils;
import org.eclipse.stardust.common.Flushable;
import org.eclipse.stardust.common.Pair;
import org.eclipse.stardust.common.StringUtils;
import org.eclipse.stardust.common.config.ExtensionProviderUtils;
import org.eclipse.stardust.common.config.GlobalParameters;
import org.eclipse.stardust.common.config.Parameters;
import org.eclipse.stardust.common.config.ParametersFacade;
import org.eclipse.stardust.common.error.InternalException;
import org.eclipse.stardust.common.error.ObjectNotFoundException;
import org.eclipse.stardust.common.log.LogManager;
import org.eclipse.stardust.common.log.Logger;
import org.eclipse.stardust.engine.api.dto.OrganizationInfoDetails;
import org.eclipse.stardust.engine.api.model.IModel;
import org.eclipse.stardust.engine.api.model.IModelParticipant;
import org.eclipse.stardust.engine.api.model.IOrganization;
import org.eclipse.stardust.engine.api.model.PredefinedConstants;
import org.eclipse.stardust.engine.api.runtime.BpmRuntimeError;
import org.eclipse.stardust.engine.api.runtime.DepartmentInfo;
import org.eclipse.stardust.engine.api.runtime.LoginUtils;
import org.eclipse.stardust.engine.core.monitoring.MonitoringUtils;
import org.eclipse.stardust.engine.core.persistence.Session;
import org.eclipse.stardust.engine.core.persistence.jdbc.SessionFactory;
import org.eclipse.stardust.engine.core.pojo.data.JavaAccessPathEditor;
import org.eclipse.stardust.engine.core.runtime.beans.removethis.SecurityProperties;
import org.eclipse.stardust.engine.core.runtime.internal.SessionManager;
import org.eclipse.stardust.engine.core.runtime.removethis.EngineProperties;
import org.eclipse.stardust.engine.core.runtime.utils.Authorization2;
import org.eclipse.stardust.engine.core.runtime.utils.DepartmentUtils;
import org.eclipse.stardust.engine.core.spi.security.DynamicParticipantSynchronizationProvider;
import org.eclipse.stardust.engine.core.spi.security.DynamicParticipantSynchronizationStrategy;
import org.eclipse.stardust.engine.core.spi.security.ExternalDepartmentConfiguration;
import org.eclipse.stardust.engine.core.spi.security.ExternalUserConfiguration;
import org.eclipse.stardust.engine.core.spi.security.ExternalUserGroupConfiguration;
import org.eclipse.stardust.engine.core.spi.security.TimebasedSynchronizationStrategy;
import org.eclipse.stardust.engine.runtime.utils.TimestampProviderUtils;

/* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/core/runtime/beans/SynchronizationService.class */
public abstract class SynchronizationService {
    public static final Logger trace = LogManager.getLogger(SynchronizationService.class);
    public static final String PRP_DISABLE_SYNCHRONIZATION = SynchronizationService.class.getName() + ".DisableSynchronization";
    public static final String PRP_SYNC_PROVIDER_CACHE = SynchronizationService.class.getName() + ".SyncProviderCache";
    private static final String GLOBAL = SynchronizationService.class.getName() + ".Global";
    private Map properties;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/core/runtime/beans/SynchronizationService$CreateDepartmentAction.class */
    public static class CreateDepartmentAction implements Action {
        private final String id;
        private final IDepartment parentDepartment;

        /* renamed from: org, reason: collision with root package name */
        private final IOrganization f0org;

        public CreateDepartmentAction(String str, IDepartment iDepartment, IOrganization iOrganization) {
            this.id = str;
            this.parentDepartment = iDepartment;
            this.f0org = iOrganization;
        }

        public Object execute() {
            SynchronizationService.trace.info("New Department " + new DepartmentBean(this.id, this.id, (AuditTrailPartitionBean) SecurityProperties.getPartition(false), (DepartmentBean) this.parentDepartment, null, new OrganizationInfoDetails(ModelManagerFactory.getCurrent().getRuntimeOid(this.f0org), this.f0org.getQualifiedId(), null, true, true, null)) + " was created.");
            return Boolean.TRUE;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/core/runtime/beans/SynchronizationService$CreateUserAction.class */
    public static class CreateUserAction implements Action {
        private final String realmId;
        private final String account;
        private final ExternalUserConfiguration userConf;
        private final Map properties;

        CreateUserAction(String str, String str2, ExternalUserConfiguration externalUserConfiguration, Map map) {
            this.realmId = str;
            this.account = str2;
            this.userConf = externalUserConfiguration;
            this.properties = map;
        }

        public Object execute() {
            UserRealmBean userRealmBean;
            try {
                userRealmBean = UserRealmBean.findById(this.realmId, SynchronizationService.getPartitionOid(this.properties));
            } catch (ObjectNotFoundException e) {
                userRealmBean = new UserRealmBean(this.realmId, this.realmId, (AuditTrailPartitionBean) SynchronizationService.getPartition(this.properties, false));
                SynchronizationService.trace.info("New " + userRealmBean + " was created.");
                MonitoringUtils.partitionMonitors().userRealmCreated(userRealmBean);
            }
            UserBean userBean = new UserBean(this.account, this.userConf.getFirstName(), this.userConf.getLastName(), userRealmBean);
            SynchronizationService.trace.info("New User " + userBean + " was created.");
            MonitoringUtils.partitionMonitors().userCreated(userBean);
            new NonisolatedCreateSyncService(this.properties).synchronizeUnguarded(userBean, this.userConf);
            return Boolean.TRUE;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/core/runtime/beans/SynchronizationService$CreateUserGroupAction.class */
    public static class CreateUserGroupAction implements Action {
        private final String id;
        private final ExternalUserGroupConfiguration groupConf;
        private final Map properties;

        CreateUserGroupAction(String str, ExternalUserGroupConfiguration externalUserGroupConfiguration, Map map) {
            this.id = str;
            this.groupConf = externalUserGroupConfiguration;
            this.properties = map;
        }

        public Object execute() {
            UserGroupBean userGroupBean = new UserGroupBean(this.id, this.groupConf.getName(), (AuditTrailPartitionBean) SynchronizationService.getPartition(this.properties, false));
            SynchronizationService.trace.info("New User Group " + userGroupBean + " was created.");
            new NonisolatedCreateSyncService(Collections.EMPTY_MAP).synchronizeUnguarded(userGroupBean, this.groupConf);
            return Boolean.TRUE;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/core/runtime/beans/SynchronizationService$DepartmentSynchronizationException.class */
    public static final class DepartmentSynchronizationException extends InternalException {
        private static final long serialVersionUID = -6175204231885854282L;

        public DepartmentSynchronizationException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/core/runtime/beans/SynchronizationService$IsolatedCreateSyncService.class */
    public static class IsolatedCreateSyncService extends SynchronizationService {
        public IsolatedCreateSyncService(Map map) {
            super(map);
        }

        @Override // org.eclipse.stardust.engine.core.runtime.beans.SynchronizationService
        protected void performCreateAction(Action action) throws Exception {
            ForkingServiceFactory forkingServiceFactory = (ForkingServiceFactory) Parameters.instance().get(EngineProperties.FORKING_SERVICE_HOME);
            ForkingService forkingService = null;
            try {
                forkingService = forkingServiceFactory.get();
                forkingService.isolate(action);
                forkingServiceFactory.release(forkingService);
            } catch (Throwable th) {
                forkingServiceFactory.release(forkingService);
                throw th;
            }
        }
    }

    /* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/core/runtime/beans/SynchronizationService$NonisolatedCreateSyncService.class */
    private static class NonisolatedCreateSyncService extends SynchronizationService {
        public NonisolatedCreateSyncService(Map map) {
            super(map);
        }

        @Override // org.eclipse.stardust.engine.core.runtime.beans.SynchronizationService
        protected void performCreateAction(Action action) throws Exception {
            action.execute();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/core/runtime/beans/SynchronizationService$ScopedParticipant.class */
    public static final class ScopedParticipant extends Pair<IModelParticipant, IDepartment> {
        private static final long serialVersionUID = 1;

        public static ScopedParticipant factory(IModelParticipant iModelParticipant, IDepartment iDepartment) {
            return new ScopedParticipant(iModelParticipant, iDepartment);
        }

        public ScopedParticipant(IModelParticipant iModelParticipant, IDepartment iDepartment) {
            super(iModelParticipant, iDepartment);
        }

        public IModelParticipant getParticipant() {
            return (IModelParticipant) getFirst();
        }

        public IDepartment getDepartment() {
            return (IDepartment) getSecond();
        }

        public String toString() {
            return getParticipant() + " - " + getDepartment();
        }
    }

    /* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/core/runtime/beans/SynchronizationService$TransientAdministratorDecorator.class */
    public static class TransientAdministratorDecorator implements InvocationHandler {
        private final IUser delegate;

        public TransientAdministratorDecorator(IUser iUser) {
            this.delegate = iUser;
        }

        @Override // java.lang.reflect.InvocationHandler
        public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
            return ("hasRole".equals(method.getName()) && 1 == method.getParameterTypes().length && String.class.equals(method.getParameterTypes()[0])) ? PredefinedConstants.ADMINISTRATOR_ROLE.equals(objArr[0]) ? Boolean.TRUE : Boolean.FALSE : method.invoke(this.delegate, objArr);
        }
    }

    public static synchronized void flush() {
        if (getSynchronizationStrategy() != null) {
            Flushable synchronizationStrategy = getSynchronizationStrategy();
            if (synchronizationStrategy instanceof Flushable) {
                synchronizationStrategy.flush();
            }
        }
    }

    public static void synchronize(IUser iUser) {
        if (!Parameters.instance().getBoolean(Constants.CARNOT_ARCHIVE_AUDITTRAIL, false)) {
            new IsolatedCreateSyncService(Collections.EMPTY_MAP).synchronizeUnguarded(iUser);
        } else if (trace.isDebugEnabled()) {
            trace.debug("Skipping synchronization of user '" + iUser.getRealmQualifiedAccount() + "'. Synchronization is not enabled for archive audit trails.");
        }
    }

    public static void synchronize(IUserGroup iUserGroup) {
        if (!Parameters.instance().getBoolean(Constants.CARNOT_ARCHIVE_AUDITTRAIL, false)) {
            new IsolatedCreateSyncService(Collections.EMPTY_MAP).synchronizeUnguarded(iUserGroup);
        } else if (trace.isDebugEnabled()) {
            trace.debug("Skipping synchronization of user group '" + iUserGroup.getId() + "'. Synchronization is not enabled for archive audit trails.");
        }
    }

    public static void synchronize(IDepartment iDepartment) {
        if (!Parameters.instance().getBoolean(Constants.CARNOT_ARCHIVE_AUDITTRAIL, false)) {
            new IsolatedCreateSyncService(Collections.EMPTY_MAP).synchronizeUnguarded(iDepartment, -50L);
        } else if (trace.isDebugEnabled()) {
            trace.debug("Skipping synchronization of department '" + iDepartment.getId() + "'. Synchronization is not enabled for archive audit trails.");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v16, types: [org.eclipse.stardust.engine.core.runtime.beans.IUser] */
    /* JADX WARN: Type inference failed for: r0v18, types: [org.eclipse.stardust.engine.core.runtime.beans.IUser] */
    public static IUser synchronize(String str, IModel iModel, boolean z, Map map) throws ObjectNotFoundException {
        UserBean findByAccount;
        HashMap hashMap = new HashMap(map);
        LoginUtils.mergeDefaultCredentials(hashMap);
        if (SecurityProperties.isInternalAuthentication() || Parameters.instance().getBoolean(Constants.CARNOT_ARCHIVE_AUDITTRAIL, false)) {
            findByAccount = UserBean.findByAccount(str, UserRealmBean.findById(LoginUtils.getUserRealmId(hashMap), getPartitionOid(map)));
        } else {
            IsolatedCreateSyncService isolatedCreateSyncService = new IsolatedCreateSyncService(hashMap);
            findByAccount = null != iModel ? isolatedCreateSyncService.synchronizeExternalUser(str, z) : isolatedCreateSyncService.synchronizeExternalAdministrator(str, z);
        }
        return findByAccount;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v7, types: [org.eclipse.stardust.engine.core.runtime.beans.IUserGroup] */
    public static IUserGroup synchronizeUserGroup(String str) throws ObjectNotFoundException {
        return (SecurityProperties.isInternalAuthorization() || Parameters.instance().getBoolean(Constants.CARNOT_ARCHIVE_AUDITTRAIL, false)) ? UserGroupBean.findById(str, SecurityProperties.getPartitionOid()) : new IsolatedCreateSyncService(Collections.EMPTY_MAP).synchronizeExternalUserGroup(str);
    }

    public static Pair<IDepartment, Boolean> synchronizeDepartment(String str, long j, List<String> list) throws ObjectNotFoundException {
        return (SecurityProperties.isInternalAuthorization() || Parameters.instance().getBoolean(Constants.CARNOT_ARCHIVE_AUDITTRAIL, false)) ? new Pair<>(findDepartment(str, list), true) : new IsolatedCreateSyncService(Collections.EMPTY_MAP).synchronizeExternalDepartment(str, j, list);
    }

    public static Pair<String, List<String>> getDepartmentPairFor(IDepartment iDepartment, long j) {
        String qualifiedId = DepartmentUtils.getOrganization(iDepartment, j).getQualifiedId();
        ArrayList newArrayList = CollectionUtils.newArrayList();
        createDepartmentKeys(iDepartment, newArrayList);
        return new Pair<>(qualifiedId, newArrayList);
    }

    public static Pair<String, List<String>> getDepartmentPairFor(String str, String str2, DepartmentInfo departmentInfo) {
        ArrayList newArrayList = CollectionUtils.newArrayList();
        if (departmentInfo != null) {
            createDepartmentKeys(DepartmentUtils.getDepartment(departmentInfo), newArrayList);
        }
        newArrayList.add(str);
        return new Pair<>(str2, newArrayList);
    }

    protected SynchronizationService(Map map) {
        this.properties = map;
    }

    protected IUser synchronizeExternalUser(String str, boolean z) throws ObjectNotFoundException {
        IUser importExternalUser;
        try {
            UserRealmBean findById = UserRealmBean.findById(LoginUtils.getUserRealmId(this.properties), getPartitionOid(this.properties));
            Parameters instance = Parameters.instance();
            try {
                ParametersFacade.pushLayer(instance, Collections.EMPTY_MAP).setProperty(PRP_DISABLE_SYNCHRONIZATION, Boolean.TRUE.toString());
                importExternalUser = UserBean.findByAccount(str, findById);
                ParametersFacade.popLayer(instance);
                if (!instance.getBoolean(Constants.CARNOT_ARCHIVE_AUDITTRAIL, false)) {
                    synchronizeUnguarded(importExternalUser);
                } else if (trace.isDebugEnabled()) {
                    trace.debug("Skipping synchronization of user '" + importExternalUser.getRealmQualifiedAccount() + "'. Synchronization is not enabled for archive audit trails.");
                }
            } catch (Throwable th) {
                ParametersFacade.popLayer(instance);
                throw th;
            }
        } catch (ObjectNotFoundException e) {
            importExternalUser = importExternalUser(str, z);
        }
        return importExternalUser;
    }

    protected IUserGroup synchronizeExternalUserGroup(String str) throws ObjectNotFoundException {
        IUserGroup importExternalGroup;
        try {
            Parameters instance = Parameters.instance();
            try {
                ParametersFacade.pushLayer(instance, Collections.EMPTY_MAP).setProperty(PRP_DISABLE_SYNCHRONIZATION, Boolean.TRUE.toString());
                importExternalGroup = UserGroupBean.findById(str, getPartitionOid(this.properties));
                ParametersFacade.popLayer(instance);
                synchronizeUnguarded(importExternalGroup);
            } catch (Throwable th) {
                ParametersFacade.popLayer(instance);
                throw th;
            }
        } catch (ObjectNotFoundException e) {
            importExternalGroup = importExternalGroup(str);
        }
        return importExternalGroup;
    }

    protected Pair<IDepartment, Boolean> synchronizeExternalDepartment(String str, long j, List<String> list) {
        Pair<IDepartment, Boolean> pair;
        try {
            Parameters instance = Parameters.instance();
            try {
                ParametersFacade.pushLayer(instance, Collections.EMPTY_MAP).setProperty(PRP_DISABLE_SYNCHRONIZATION, Boolean.TRUE.toString());
                pair = new Pair<>(findDepartment(str, list), true);
                ParametersFacade.popLayer(instance);
                synchronizeUnguarded((IDepartment) pair.getFirst(), j);
            } catch (Throwable th) {
                ParametersFacade.popLayer(instance);
                throw th;
            }
        } catch (ObjectNotFoundException e) {
            IOrganization firstScopedOrganization = DepartmentUtils.getFirstScopedOrganization(findModelParticipantFor(str, ModelManagerFactory.getCurrent()));
            if (firstScopedOrganization != null) {
                String qualifiedId = firstScopedOrganization.getQualifiedId();
                DynamicParticipantSynchronizationProvider initializeProvider = initializeProvider();
                pair = (initializeProvider == null || initializeProvider.provideValidDepartmentConfiguration(qualifiedId, list, this.properties) == null) ? new Pair<>((Object) null, false) : importDepartmentHierarchy(qualifiedId, list);
            } else {
                pair = new Pair<>((Object) null, false);
            }
        }
        return pair;
    }

    private IUser synchronizeExternalAdministrator(String str, boolean z) throws ObjectNotFoundException {
        DynamicParticipantSynchronizationProvider initializeProvider = initializeProvider();
        if (null == initializeProvider) {
            throw new ObjectNotFoundException(BpmRuntimeError.AUTHx_SYNC_MISSING_SYNCHRONIZATION_PROVIDER.raise());
        }
        ExternalUserConfiguration provideValidUserConfiguration = initializeProvider.provideValidUserConfiguration(LoginUtils.getUserRealmId(this.properties), str, this.properties);
        if (null == provideValidUserConfiguration) {
            throw new ObjectNotFoundException(BpmRuntimeError.AUTHx_SYNC_UNKNOWN_USER.raise(str), str);
        }
        boolean isAdmin = isAdmin(provideValidUserConfiguration);
        IUser synchronizeExternalUser = synchronizeExternalUser(str, isAdmin || z);
        if (isAdmin) {
            synchronizeExternalUser = (IUser) Proxy.newProxyInstance(synchronizeExternalUser.getClass().getClassLoader(), new Class[]{IUser.class}, new TransientAdministratorDecorator(synchronizeExternalUser));
        }
        return synchronizeExternalUser;
    }

    private boolean isAdmin(ExternalUserConfiguration externalUserConfiguration) {
        boolean contains;
        Set<ExternalUserConfiguration.GrantInfo> modelParticipantsGrants = externalUserConfiguration.getModelParticipantsGrants();
        if (CollectionUtils.isEmpty(modelParticipantsGrants)) {
            contains = externalUserConfiguration.getGrantedModelParticipants().contains(PredefinedConstants.ADMINISTRATOR_ROLE);
            trace.debug("Detected use of a to be deprecated SPI. Please refer to ExternalUserConfiguration#getModelParticipantsGrants().");
        } else {
            contains = modelParticipantsGrants.contains(new ExternalUserConfiguration.GrantInfo(PredefinedConstants.ADMINISTRATOR_ROLE, (List<String>) Collections.emptyList()));
            if (CollectionUtils.isNotEmpty(externalUserConfiguration.getGrantedModelParticipants())) {
                trace.warn("Received grants from both the department aware as well as the to be deprecated SPI. Ignoring the latter.");
            }
        }
        return contains;
    }

    private IUser importExternalUser(String str, boolean z) throws ObjectNotFoundException {
        if (Parameters.instance().getBoolean(Constants.CARNOT_ARCHIVE_AUDITTRAIL, false)) {
            throw new ObjectNotFoundException(BpmRuntimeError.ATDB_ARCHIVE_AUDIT_TRAIL_WRITE_PROTECTED.raise());
        }
        if (!z) {
            throw new ObjectNotFoundException(BpmRuntimeError.AUTHx_SYNC_IMPORTING_USERS_NOT_ALLOWED.raise(), str);
        }
        DynamicParticipantSynchronizationProvider initializeProvider = initializeProvider();
        if (null == initializeProvider) {
            throw new ObjectNotFoundException(BpmRuntimeError.AUTHx_SYNC_MISSING_SYNCHRONIZATION_PROVIDER.raise());
        }
        String userRealmId = LoginUtils.getUserRealmId(this.properties);
        ExternalUserConfiguration provideValidUserConfiguration = initializeProvider.provideValidUserConfiguration(userRealmId, str, this.properties);
        if (null == provideValidUserConfiguration) {
            throw new ObjectNotFoundException(BpmRuntimeError.AUTHx_SYNC_UNKNOWN_USER.raise(str), str);
        }
        UserBean userBean = null;
        int i = 3;
        while (null == userBean) {
            try {
                performCreateAction(new CreateUserAction(userRealmId, str, provideValidUserConfiguration, this.properties));
            } catch (Exception e) {
                if (trace.isDebugEnabled()) {
                    trace.debug("Failed to synchronize user '" + str + "' to audit trail. Trying again.", e);
                }
            }
            try {
                userBean = UserBean.findByAccount(str, UserRealmBean.findById(userRealmId, getPartitionOid(this.properties)));
            } catch (ObjectNotFoundException e2) {
                i--;
                if (0 >= i) {
                    throw new ObjectNotFoundException(BpmRuntimeError.AUTHx_SYNC_FAILED_IMPORTING_USER.raise(str), e2);
                }
            }
        }
        if (trace.isDebugEnabled()) {
            trace.debug("Synchronizing new user '" + str + "' with oid " + userBean.getOID() + JavaAccessPathEditor.SEPERATOR);
        }
        synchronizeUnguarded(userBean, provideValidUserConfiguration);
        return userBean;
    }

    private IUserGroup importExternalGroup(String str) throws ObjectNotFoundException {
        if (Parameters.instance().getBoolean(Constants.CARNOT_ARCHIVE_AUDITTRAIL, false)) {
            throw new ObjectNotFoundException(BpmRuntimeError.ATDB_ARCHIVE_AUDIT_TRAIL_WRITE_PROTECTED.raise());
        }
        DynamicParticipantSynchronizationProvider initializeProvider = initializeProvider();
        if (null == initializeProvider) {
            throw new ObjectNotFoundException(BpmRuntimeError.AUTHx_SYNC_MISSING_SYNCHRONIZATION_PROVIDER.raise());
        }
        ExternalUserGroupConfiguration provideValidUserGroupConfiguration = initializeProvider.provideValidUserGroupConfiguration(str, this.properties);
        if (null == provideValidUserGroupConfiguration) {
            throw new ObjectNotFoundException(BpmRuntimeError.AUTHx_SYNC_UNKNOWN_USER_GROUP.raise(str), str);
        }
        UserGroupBean userGroupBean = null;
        int i = 3;
        while (null == userGroupBean) {
            try {
                performCreateAction(new CreateUserGroupAction(str, provideValidUserGroupConfiguration, this.properties));
            } catch (Exception e) {
                if (trace.isDebugEnabled()) {
                    trace.debug("Failed to synchronize user group '" + str + "' to audit trail. Trying again.", e);
                }
            }
            try {
                userGroupBean = UserGroupBean.findById(str, getPartitionOid(this.properties));
            } catch (ObjectNotFoundException e2) {
                i--;
                if (0 >= i) {
                    throw new ObjectNotFoundException(BpmRuntimeError.AUTHx_SYNC_FAILED_IMPORTING_USER_GROUP.raise(str), e2);
                }
            }
        }
        if (trace.isDebugEnabled()) {
            trace.debug("Synchronizing user group '" + str + "' with oid " + userGroupBean.getOID() + JavaAccessPathEditor.SEPERATOR);
        }
        synchronizeUnguarded(userGroupBean, provideValidUserGroupConfiguration);
        return userGroupBean;
    }

    private IDepartment importExternalDepartment(String str, IDepartment iDepartment, IOrganization iOrganization) {
        DepartmentBean departmentBean = null;
        int i = 3;
        while (departmentBean == null) {
            try {
                performCreateAction(new CreateDepartmentAction(str, iDepartment, iOrganization));
            } catch (Exception e) {
                if (trace.isDebugEnabled()) {
                    trace.debug("Failed to synchronize department '" + str + "' to audit trail. Trying again.", e);
                }
            }
            try {
                departmentBean = DepartmentBean.findById(str, iDepartment, iOrganization);
            } catch (ObjectNotFoundException e2) {
                i--;
                if (0 >= i) {
                    throw new ObjectNotFoundException(BpmRuntimeError.AUTHx_SYNC_FAILED_IMPORTING_DEPARTMENT.raise(str, iDepartment.getId()), e2);
                }
            }
        }
        return departmentBean;
    }

    protected abstract void performCreateAction(Action action) throws Exception;

    protected void synchronizeUnguarded(IUser iUser) {
        if ((SecurityProperties.isInternalAuthentication() && SecurityProperties.isInternalAuthorization()) || SessionFactory.getSession("AuditTrail").isSynchronized(iUser) || !getSynchronizationStrategy().isDirtyLogAware(iUser)) {
            return;
        }
        DynamicParticipantSynchronizationProvider initializeProvider = initializeProvider();
        if (null == initializeProvider) {
            trace.warn("Skipping synchronization of user '" + iUser.getRealmQualifiedAccount() + "'. Invalid synchronization provider configuration.");
            return;
        }
        ExternalUserConfiguration provideValidUserConfiguration = initializeProvider.provideValidUserConfiguration(iUser.getRealm().getId(), iUser.getAccount(), this.properties);
        if (null != provideValidUserConfiguration) {
            synchronizeUnguarded(iUser, provideValidUserConfiguration);
            return;
        }
        if (!Parameters.instance().getBoolean(SecurityProperties.AUTHORIZATION_SYNC_INVALIDATE_NONEXISTING_PARTICIPANTS_PROPERTY, false)) {
            trace.info("User '" + iUser.getRealmQualifiedAccount() + "' does not exist in external registry. Skipping synchronization.");
            return;
        }
        Date validTo = iUser.getValidTo();
        if (validTo == null || validTo.after(TimestampProviderUtils.getTimeStamp())) {
            trace.info("User '" + iUser.getRealmQualifiedAccount() + "' does not exist in external registry. User gets invalidated.");
            iUser.setValidTo(TimestampProviderUtils.getTimeStamp());
        }
    }

    protected void synchronizeUnguarded(IUser iUser, ExternalUserConfiguration externalUserConfiguration) {
        if (null == externalUserConfiguration) {
            trace.warn("Skipping synchronization of user '" + iUser.getRealmQualifiedAccount() + "'. Missing user data.");
            return;
        }
        Session session = SessionFactory.getSession("AuditTrail");
        if (session.isSynchronized(iUser) || !getSynchronizationStrategy().isDirtyLogAware(iUser)) {
            return;
        }
        if (!SecurityProperties.isInternalAuthentication()) {
            if (Parameters.instance().getBoolean(SecurityProperties.AUTHORIZATION_SYNC_TRACE_PROPERTY, false)) {
                trace.info("Synchronizing user '" + iUser.getRealmQualifiedAccount() + "' with external registry.");
            }
            synchronizeUserAttributes(iUser, externalUserConfiguration);
        }
        if (!SecurityProperties.isInternalAuthorization()) {
            if (ModelManagerFactory.getCurrent().getAllModels().hasNext()) {
                synchronizeModelParticipantGrants(iUser, externalUserConfiguration);
            }
            synchronizeUserGroupMemberships(iUser, externalUserConfiguration);
        }
        session.setSynchronized(iUser);
        getSynchronizationStrategy().setSynchronizedLogAware(iUser);
    }

    protected void synchronizeUnguarded(IUserGroup iUserGroup) {
        if (SecurityProperties.isInternalAuthorization() || SessionFactory.getSession("AuditTrail").isSynchronized(iUserGroup) || !getSynchronizationStrategy().isDirty(iUserGroup)) {
            return;
        }
        DynamicParticipantSynchronizationProvider initializeProvider = initializeProvider();
        if (null == initializeProvider) {
            trace.warn("Skipping synchronization of user group '" + iUserGroup.getId() + "'. Invalid synchronization provider configuration.");
            return;
        }
        ExternalUserGroupConfiguration provideValidUserGroupConfiguration = initializeProvider.provideValidUserGroupConfiguration(iUserGroup.getId(), this.properties);
        if (null != provideValidUserGroupConfiguration) {
            synchronizeUnguarded(iUserGroup, provideValidUserGroupConfiguration);
            return;
        }
        if (!Parameters.instance().getBoolean(SecurityProperties.AUTHORIZATION_SYNC_INVALIDATE_NONEXISTING_PARTICIPANTS_PROPERTY, false)) {
            trace.info("User group '" + iUserGroup.getId() + "' does not exist in external registry. Skipping synchronization.");
            return;
        }
        Date validTo = iUserGroup.getValidTo();
        if (validTo == null || validTo.after(TimestampProviderUtils.getTimeStamp())) {
            trace.info("User group '" + iUserGroup.getId() + "' does not exist in external registry. User group gets invalidated.");
            iUserGroup.setValidTo(TimestampProviderUtils.getTimeStamp());
        }
    }

    protected void synchronizeUnguarded(IUserGroup iUserGroup, ExternalUserGroupConfiguration externalUserGroupConfiguration) {
        if (null != externalUserGroupConfiguration) {
            Session session = SessionFactory.getSession("AuditTrail");
            if (session.isSynchronized(iUserGroup) || !getSynchronizationStrategy().isDirty(iUserGroup)) {
                return;
            }
            if (Parameters.instance().getBoolean(SecurityProperties.AUTHORIZATION_SYNC_TRACE_PROPERTY, false)) {
                trace.info("Synchronizing user group '" + iUserGroup.getId() + "' with external registry.");
            }
            synchronizeUserGroupAttributes(iUserGroup, externalUserGroupConfiguration);
            session.setSynchronized(iUserGroup);
            getSynchronizationStrategy().setSynchronized(iUserGroup);
        }
    }

    protected void synchronizeUnguarded(IDepartment iDepartment, long j) {
        if (iDepartment == null || SecurityProperties.isInternalAuthorization() || SessionFactory.getSession("AuditTrail").isSynchronized(iDepartment) || !getSynchronizationStrategy().isDirty(iDepartment)) {
            return;
        }
        DynamicParticipantSynchronizationProvider initializeProvider = initializeProvider();
        if (null == initializeProvider) {
            trace.warn("Skipping synchronization of department '" + iDepartment.getId() + "'. Invalid synchronization provider configuration.");
            return;
        }
        Pair<String, List<String>> departmentPairFor = getDepartmentPairFor(iDepartment, j);
        ExternalDepartmentConfiguration provideValidDepartmentConfiguration = initializeProvider.provideValidDepartmentConfiguration((String) departmentPairFor.getFirst(), (List) departmentPairFor.getSecond(), this.properties);
        if (provideValidDepartmentConfiguration != null) {
            synchronizeUnguarded(iDepartment, provideValidDepartmentConfiguration);
        }
    }

    protected void synchronizeUnguarded(IDepartment iDepartment, ExternalDepartmentConfiguration externalDepartmentConfiguration) {
        if (null != externalDepartmentConfiguration) {
            Session session = SessionFactory.getSession("AuditTrail");
            if (session.isSynchronized(iDepartment) || !getSynchronizationStrategy().isDirty(iDepartment)) {
                return;
            }
            if (Parameters.instance().getBoolean(SecurityProperties.AUTHORIZATION_SYNC_TRACE_PROPERTY, false)) {
                trace.info("Synchronizing department '" + iDepartment.getId() + "' with external registry.");
            }
            synchronizeDepartmentAttributes(iDepartment, externalDepartmentConfiguration);
            session.setSynchronized(iDepartment);
            getSynchronizationStrategy().setSynchronized(iDepartment);
        }
    }

    private void synchronizeUserAttributes(IUser iUser, ExternalUserConfiguration externalUserConfiguration) {
        if (!iUser.isValid()) {
            iUser.setValidFrom(TimestampProviderUtils.getTimeStamp());
        }
        iUser.setValidTo(null);
        iUser.setFirstName(externalUserConfiguration.getFirstName());
        iUser.setLastName(externalUserConfiguration.getLastName());
        iUser.setEMail(externalUserConfiguration.getEMail());
        iUser.setDescription(externalUserConfiguration.getDescription());
        Map properties = externalUserConfiguration.getProperties();
        if (null != properties && !properties.isEmpty()) {
            for (Map.Entry entry : properties.entrySet()) {
                iUser.setPropertyValue((String) entry.getKey(), (String) entry.getValue());
            }
        }
        SessionManager.instance().updateSessionTokens(iUser, externalUserConfiguration.getSessionTokens());
    }

    private void synchronizeModelParticipantGrants(IUser iUser, ExternalUserConfiguration externalUserConfiguration) {
        Set<ScopedParticipant> determineValidGrants = determineValidGrants(iUser, externalUserConfiguration);
        HashSet newHashSet = CollectionUtils.newHashSet();
        ArrayList newArrayList = CollectionUtils.newArrayList();
        determineGrantDelta(iUser, determineValidGrants, newHashSet, newArrayList);
        removeInvalidGrants(iUser, newArrayList);
        addValidGrants(iUser, determineValidGrants, newHashSet);
    }

    private void determineGrantDelta(IUser iUser, Set<ScopedParticipant> set, Set<ScopedParticipant> set2, List<ScopedParticipant> list) {
        Iterator<UserParticipantLink> allParticipantLinks = iUser.getAllParticipantLinks();
        while (allParticipantLinks.hasNext()) {
            UserParticipantLink next = allParticipantLinks.next();
            IDepartment department = next.getDepartment();
            for (IModelParticipant iModelParticipant : next.getParticipants()) {
                ScopedParticipant factory = ScopedParticipant.factory(iModelParticipant, department);
                if (set.contains(factory)) {
                    if (trace.isDebugEnabled()) {
                        trace.debug("Model participant " + iModelParticipant.getId() + " (model OID " + iModelParticipant.getModel().getModelOID() + ") for department " + (department != null ? department.getId() : "null") + " remains granted to user " + iUser.getId());
                    }
                    set2.add(factory);
                } else {
                    if (iModelParticipant != null) {
                        trace.warn("Model participant " + iModelParticipant.getId() + " (model OID " + iModelParticipant.getModel().getModelOID() + ") for department " + (department != null ? department.getId() : "null") + " is no longer granted to user " + iUser.getId());
                    } else {
                        trace.warn("Model participant: null is no langer granted to user " + iUser.getId());
                    }
                    list.add(factory);
                }
            }
        }
    }

    private void addValidGrants(IUser iUser, Set<ScopedParticipant> set, Set<ScopedParticipant> set2) {
        for (ScopedParticipant scopedParticipant : set) {
            if (!set2.contains(scopedParticipant)) {
                IModelParticipant participant = scopedParticipant.getParticipant();
                IDepartment department = scopedParticipant.getDepartment();
                trace.info("Adding grant for model participant " + participant.getId() + " (model OID " + participant.getModel().getModelOID() + ") for department " + (department != null ? department.getId() : "null") + "for user " + iUser.getId());
                iUser.addToParticipants(participant, department);
            }
        }
    }

    private void removeInvalidGrants(IUser iUser, List<ScopedParticipant> list) {
        for (ScopedParticipant scopedParticipant : list) {
            iUser.removeFromParticipants(scopedParticipant.getParticipant(), scopedParticipant.getDepartment());
        }
    }

    private Set<ScopedParticipant> determineValidGrants(IUser iUser, ExternalUserConfiguration externalUserConfiguration) {
        ModelManager current = ModelManagerFactory.getCurrent();
        HashSet hashSet = new HashSet();
        for (ExternalUserConfiguration.GrantInfo grantInfo : getModelParticipantsGrants(iUser, externalUserConfiguration)) {
            Set<IModelParticipant> determineValidParticipants = determineValidParticipants(current, grantInfo);
            if (determineValidParticipants.isEmpty()) {
                trace.warn("Skipping synchronization of invalid model participant (" + grantInfo.getParticipantId() + ").");
            } else {
                for (IModelParticipant iModelParticipant : determineValidParticipants) {
                    if (grantInfo.getDepartmentKey().isEmpty()) {
                        if (trace.isDebugEnabled()) {
                            trace.debug("Synchronizing valid model participant (" + grantInfo.getParticipantId() + ")");
                        }
                        hashSet.add(ScopedParticipant.factory(iModelParticipant, null));
                    } else {
                        addValidScopedGrants(current, hashSet, grantInfo, iModelParticipant);
                    }
                }
            }
        }
        return hashSet;
    }

    private void addValidScopedGrants(ModelManager modelManager, Set<ScopedParticipant> set, ExternalUserConfiguration.GrantInfo grantInfo, IModelParticipant iModelParticipant) {
        Pair<IDepartment, Boolean> synchronizeDepartment = synchronizeDepartment(iModelParticipant.getQualifiedId(), iModelParticipant.getModel().getModelOID(), grantInfo.getDepartmentKey());
        if (!(synchronizeDepartment.getSecond() != null && ((Boolean) synchronizeDepartment.getSecond()).booleanValue())) {
            trace.warn("Skipping synchronization of invalid model participant (" + grantInfo.getParticipantId() + ", " + synchronizeDepartment.getFirst() + ")");
            return;
        }
        if (trace.isDebugEnabled()) {
            trace.debug("Synchronizing valid model participant (" + grantInfo.getParticipantId() + ", " + synchronizeDepartment.getFirst() + ")");
        }
        set.add(ScopedParticipant.factory(iModelParticipant, (IDepartment) synchronizeDepartment.getFirst()));
    }

    private Set<IModelParticipant> determineValidParticipants(ModelManager modelManager, ExternalUserConfiguration.GrantInfo grantInfo) {
        Iterator<IModelParticipant> participantsForID = modelManager.getParticipantsForID(grantInfo.getParticipantId());
        HashSet hashSet = new HashSet();
        while (participantsForID.hasNext()) {
            hashSet.add(participantsForID.next());
        }
        return hashSet;
    }

    private Set<ExternalUserConfiguration.GrantInfo> getModelParticipantsGrants(IUser iUser, ExternalUserConfiguration externalUserConfiguration) {
        Set<ExternalUserConfiguration.GrantInfo> modelParticipantsGrants = externalUserConfiguration.getModelParticipantsGrants();
        Set<ExternalUserConfiguration.GrantInfo> newHashSet = modelParticipantsGrants == null ? CollectionUtils.newHashSet() : CollectionUtils.copySet(modelParticipantsGrants);
        if (CollectionUtils.isEmpty(newHashSet)) {
            Collection grantedModelParticipants = externalUserConfiguration.getGrantedModelParticipants();
            if (CollectionUtils.isNotEmpty(grantedModelParticipants)) {
                trace.debug("Detected use of a to be deprecated SPI. Please refer to ExternalUserConfiguration#getModelParticipantsGrants().");
                Iterator it = grantedModelParticipants.iterator();
                while (it.hasNext()) {
                    newHashSet.add(new ExternalUserConfiguration.GrantInfo((String) it.next(), (List<String>) Collections.emptyList()));
                }
            }
        } else if (CollectionUtils.isNotEmpty(externalUserConfiguration.getGrantedModelParticipants())) {
            trace.warn("Received grants from both the department aware as well as the to be deprecated SPI. Ignoring the latter.");
        }
        return newHashSet;
    }

    private void synchronizeUserGroupMemberships(IUser iUser, ExternalUserConfiguration externalUserConfiguration) {
        IUserGroup iUserGroup;
        HashMap hashMap = new HashMap();
        for (String str : externalUserConfiguration.getUserGroupMemberships()) {
            try {
                iUserGroup = UserGroupBean.findById(str, getPartitionOid(this.properties));
                synchronize(iUserGroup);
            } catch (ObjectNotFoundException e) {
                try {
                    iUserGroup = SecurityProperties.isInternalAuthorization() ? null : synchronizeExternalUserGroup(str);
                } catch (ObjectNotFoundException e2) {
                    trace.warn("Failed synchronizing group membership for user " + iUser + " and group '" + str + "'.", e2);
                    iUserGroup = null;
                }
            }
            if (null != iUserGroup) {
                if (trace.isDebugEnabled()) {
                    trace.debug("Considering user group '" + str + "' membership for user '" + iUser.getRealmQualifiedAccount() + "'.");
                }
                hashMap.put(iUserGroup.getId(), iUserGroup);
            }
        }
        ArrayList arrayList = new ArrayList();
        Iterator allUserGroups = iUser.getAllUserGroups(false);
        while (allUserGroups.hasNext()) {
            IUserGroup iUserGroup2 = (IUserGroup) allUserGroups.next();
            if (hashMap.containsKey(iUserGroup2.getId())) {
                if (trace.isDebugEnabled()) {
                    trace.debug("User group '" + iUserGroup2.getId() + "' still contains user '" + iUser.getId() + "'.");
                }
                hashMap.remove(iUserGroup2.getId());
            } else {
                trace.info("User group '" + iUserGroup2.getId() + "' no longer contains user '" + iUser.getId() + "'.");
                arrayList.add(iUserGroup2);
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            ((IUserGroup) it.next()).removeUser(iUser);
        }
        for (IUserGroup iUserGroup3 : hashMap.values()) {
            trace.info("New user group " + iUserGroup3 + " joined by user " + iUser.getId());
            iUserGroup3.addUser(iUser);
        }
    }

    private void synchronizeUserGroupAttributes(IUserGroup iUserGroup, ExternalUserGroupConfiguration externalUserGroupConfiguration) {
        if (!iUserGroup.isValid()) {
            iUserGroup.setValidFrom(TimestampProviderUtils.getTimeStamp());
        }
        iUserGroup.setValidTo(null);
        iUserGroup.setName(externalUserGroupConfiguration.getName());
        iUserGroup.setDescription(externalUserGroupConfiguration.getDescription());
        Map properties = externalUserGroupConfiguration.getProperties();
        if (null == properties || properties.isEmpty()) {
            return;
        }
        for (Map.Entry entry : properties.entrySet()) {
            iUserGroup.setPropertyValue((String) entry.getKey(), (String) entry.getValue());
        }
    }

    private void synchronizeDepartmentAttributes(IDepartment iDepartment, ExternalDepartmentConfiguration externalDepartmentConfiguration) {
        DepartmentBean findByOID = DepartmentBean.findByOID(iDepartment.getOID());
        findByOID.setName(externalDepartmentConfiguration.getName());
        findByOID.setDescription(externalDepartmentConfiguration.getDescription());
    }

    private Pair<IDepartment, Boolean> importDepartmentHierarchy(String str, List<String> list) {
        IDepartment iDepartment;
        boolean z;
        try {
            iDepartment = importDepartmentHierarchyInternal(str, new ArrayList(list));
            z = true;
        } catch (DepartmentSynchronizationException e) {
            trace.warn("Department for Participant with id '" + str + "' could not be imported.");
            iDepartment = null;
            z = false;
        }
        return new Pair<>(iDepartment, Boolean.valueOf(z));
    }

    private IDepartment importDepartmentHierarchyInternal(String str, List<String> list) {
        if (list.isEmpty()) {
            return null;
        }
        IModelParticipant findModelParticipantFor = findModelParticipantFor(str, ModelManagerFactory.getCurrent());
        if (findModelParticipantFor == null) {
            trace.warn("No valid participant found for id '" + str + "'.");
            throw new DepartmentSynchronizationException("Participant not found for id: " + str);
        }
        IOrganization firstScopedOrganization = DepartmentUtils.getFirstScopedOrganization(findModelParticipantFor);
        if (firstScopedOrganization == null) {
            return null;
        }
        long scopeLevel = getScopeLevel(firstScopedOrganization);
        if (scopeLevel < list.size()) {
            throw new DepartmentSynchronizationException("More department keys specified than permitted.");
        }
        while (scopeLevel > list.size()) {
            list.add(null);
        }
        return importDepartment(firstScopedOrganization, list);
    }

    private IDepartment importDepartment(IOrganization iOrganization, List<String> list) throws DepartmentSynchronizationException {
        IDepartment importExternalDepartment;
        String remove = list.remove(list.size() - 1);
        IOrganization firstScopedOrganization = DepartmentUtils.getFirstScopedOrganization(DepartmentUtils.getParentOrg(iOrganization));
        IDepartment iDepartment = null;
        if (firstScopedOrganization != null) {
            iDepartment = importDepartment(firstScopedOrganization, list);
        }
        if (remove == null) {
            return iDepartment;
        }
        try {
            importExternalDepartment = DepartmentBean.findById(remove, iDepartment, iOrganization);
        } catch (ObjectNotFoundException e) {
            importExternalDepartment = importExternalDepartment(remove, iDepartment, iOrganization);
        }
        synchronizeUnguarded(importExternalDepartment, iOrganization.getModel().getModelOID());
        return importExternalDepartment;
    }

    private long getScopeLevel(IModelParticipant iModelParticipant) {
        IOrganization firstScopedOrganization = DepartmentUtils.getFirstScopedOrganization(DepartmentUtils.getParentOrg(iModelParticipant));
        if (firstScopedOrganization == null) {
            return 1L;
        }
        return getScopeLevel(firstScopedOrganization) + 1;
    }

    private static IDepartment findDepartment(String str, List<String> list) throws ObjectNotFoundException {
        if (list == null || list.isEmpty()) {
            return null;
        }
        int indexOf = list.indexOf(null);
        if (indexOf >= 0) {
            list = list.subList(0, indexOf);
        }
        if (list.isEmpty()) {
            return null;
        }
        IModelParticipant findModelParticipantFor = findModelParticipantFor(str, ModelManagerFactory.getCurrent());
        if (findModelParticipantFor == null) {
            trace.warn("No valid participant found for id '" + str + "'.");
            throw new ObjectNotFoundException(BpmRuntimeError.MDL_UNKNOWN_PARTICIPANT_ID.raise(str));
        }
        List<IOrganization> findRestricted = Authorization2.findRestricted(findModelParticipantFor);
        DepartmentBean departmentBean = null;
        int size = list.size();
        for (int i = 0; i < size; i++) {
            departmentBean = DepartmentBean.findById(list.get(i), departmentBean, findRestricted.get(i));
        }
        if (departmentBean != null) {
            return departmentBean;
        }
        int size2 = list.size();
        throw new ObjectNotFoundException(BpmRuntimeError.ATDB_UNKNOWN_DEPARTMENT_ID2.raise(list.get(size2 - 1), size2 > 1 ? list.get(size2 - 2) : null));
    }

    public static IModelParticipant findModelParticipantFor(String str, ModelManager modelManager) {
        Iterator<IModelParticipant> participantsForID = modelManager.getParticipantsForID(str);
        if (participantsForID.hasNext()) {
            return participantsForID.next();
        }
        return null;
    }

    private static void createDepartmentKeys(IDepartment iDepartment, List<String> list) {
        IDepartment parentDepartment = iDepartment.getParentDepartment();
        if (parentDepartment != null) {
            createDepartmentKeys(parentDepartment, list);
        }
        list.add(iDepartment.getId());
    }

    public static DynamicParticipantSynchronizationProvider getSynchronizationProvider() {
        return initializeProvider();
    }

    private static DynamicParticipantSynchronizationProvider initializeProvider() {
        DynamicParticipantSynchronizationProvider dynamicParticipantSynchronizationProvider = null;
        try {
            dynamicParticipantSynchronizationProvider = (DynamicParticipantSynchronizationProvider) ExtensionProviderUtils.getFirstExtensionProvider(DynamicParticipantSynchronizationProvider.class, SecurityProperties.AUTHORIZATION_SYNC_CLASS_PROPERTY);
            if (null == dynamicParticipantSynchronizationProvider && !StringUtils.isEmpty(Parameters.instance().getString(SecurityProperties.AUTHORIZATION_SYNC_CLASS_PROPERTY))) {
                trace.warn("Missing or invalid dynamic participant synchronization provider: " + Parameters.instance().getString(SecurityProperties.AUTHORIZATION_SYNC_CLASS_PROPERTY));
            }
        } catch (Exception e) {
            trace.warn("Invalid dynamic participant synchronization provider configuration.", e);
        }
        return dynamicParticipantSynchronizationProvider;
    }

    public static DynamicParticipantSynchronizationStrategy getSynchronizationStrategy() {
        ConcurrentMap<String, DynamicParticipantSynchronizationStrategy> syncStrategyCache = getSyncStrategyCache();
        IAuditTrailPartition partition = SecurityProperties.getPartition();
        String id = null != partition ? partition.getId() : GLOBAL;
        DynamicParticipantSynchronizationStrategy dynamicParticipantSynchronizationStrategy = syncStrategyCache.get(id);
        if (null == dynamicParticipantSynchronizationStrategy) {
            syncStrategyCache.putIfAbsent(id, initializeStrategy());
            dynamicParticipantSynchronizationStrategy = syncStrategyCache.get(id);
        }
        return dynamicParticipantSynchronizationStrategy;
    }

    public static ConcurrentMap<String, DynamicParticipantSynchronizationStrategy> getSyncStrategyCache() {
        GlobalParameters globals = GlobalParameters.globals();
        ConcurrentMap<String, DynamicParticipantSynchronizationStrategy> concurrentMap = (ConcurrentMap) globals.get(PRP_SYNC_PROVIDER_CACHE);
        if (null == concurrentMap) {
            concurrentMap = (ConcurrentMap) globals.getOrInitialize(PRP_SYNC_PROVIDER_CACHE, CollectionUtils.newConcurrentHashMap());
        }
        return concurrentMap;
    }

    public static DynamicParticipantSynchronizationStrategy initializeStrategy() {
        DynamicParticipantSynchronizationStrategy dynamicParticipantSynchronizationStrategy = null;
        try {
            dynamicParticipantSynchronizationStrategy = (DynamicParticipantSynchronizationStrategy) ExtensionProviderUtils.getFirstExtensionProvider(DynamicParticipantSynchronizationStrategy.class, SecurityProperties.AUTHORIZATION_SYNC_STRATEGY_CLASS_PROPERTY);
            if (null == dynamicParticipantSynchronizationStrategy && !StringUtils.isEmpty(Parameters.instance().getString(SecurityProperties.AUTHORIZATION_SYNC_STRATEGY_CLASS_PROPERTY))) {
                trace.warn("Missing or invalid dynamic participant synchronization strategy: " + Parameters.instance().getString(SecurityProperties.AUTHORIZATION_SYNC_STRATEGY_CLASS_PROPERTY));
            }
        } catch (Exception e) {
            trace.warn("Invalid dynamic participant synchronization strategy configuration.", e);
        }
        if (null == dynamicParticipantSynchronizationStrategy) {
            dynamicParticipantSynchronizationStrategy = new TimebasedSynchronizationStrategy();
        }
        return dynamicParticipantSynchronizationStrategy;
    }

    protected Map getProperties() {
        return this.properties;
    }

    public static short getPartitionOid(Map map) {
        IAuditTrailPartition partition;
        short partitionOid = SecurityProperties.getPartitionOid();
        if (-1 == partitionOid && null != (partition = getPartition(map))) {
            partitionOid = partition.getOID();
        }
        return partitionOid;
    }

    public static IAuditTrailPartition getPartition(Map map) {
        return getPartition(map, true);
    }

    public static IAuditTrailPartition getPartition(Map map, boolean z) {
        IAuditTrailPartition partition = SecurityProperties.getPartition(z);
        if (null == partition) {
            partition = AuditTrailPartitionBean.findById(LoginUtils.getPartitionId(map));
        }
        return partition;
    }
}
