package com.atlassian.stash.internal.user;

import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.project.Project;
import com.atlassian.bitbucket.repository.Repository;
import com.atlassian.bitbucket.request.RequestContext;
import com.atlassian.bitbucket.request.RequestManager;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.EscalatedSecurityContext;
import com.atlassian.bitbucket.util.Operation;
import com.atlassian.stash.internal.user.DefaultPermissionGraph;
import com.atlassian.stash.internal.user.StashUserAuthenticationToken;
import com.google.common.base.Preconditions;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/atlassian/stash/internal/user/DefaultEscalatedSecurityContext.class */
public class DefaultEscalatedSecurityContext implements EscalatedSecurityContext {
    private static final Logger log = LoggerFactory.getLogger(DefaultEscalatedSecurityContext.class);
    private final DefaultPermissionGraph elevatedPermissions;
    private final boolean impersonateUser;
    private final String reason;
    private final RequestManager requestManager;
    private final ApplicationUser user;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/stash/internal/user/DefaultEscalatedSecurityContext$Builder.class */
    public static class Builder {
        private final RequestManager requestManager;
        private final String reason;
        private DefaultPermissionGraph.Builder permissionsBuilder;
        private boolean impersonateUser;
        private ApplicationUser user;

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder(@Nonnull String str, @Nonnull RequestManager requestManager) {
            this.requestManager = (RequestManager) Preconditions.checkNotNull(requestManager, "requestManager");
            this.reason = (String) Preconditions.checkNotNull(str, "reason");
            this.permissionsBuilder = new DefaultPermissionGraph.Builder();
        }

        Builder(@Nonnull DefaultEscalatedSecurityContext defaultEscalatedSecurityContext) {
            Preconditions.checkNotNull(defaultEscalatedSecurityContext, "escalatedSecurityContext");
            this.impersonateUser = defaultEscalatedSecurityContext.impersonateUser;
            this.permissionsBuilder = new DefaultPermissionGraph.Builder().addGraph(defaultEscalatedSecurityContext.elevatedPermissions);
            this.reason = defaultEscalatedSecurityContext.reason;
            this.requestManager = defaultEscalatedSecurityContext.requestManager;
            this.user = defaultEscalatedSecurityContext.user;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Nonnull
        public Builder anonymously() {
            this.impersonateUser = true;
            this.user = null;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Nonnull
        public DefaultEscalatedSecurityContext build() {
            return new DefaultEscalatedSecurityContext(this);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Nonnull
        public Builder impersonating(@Nonnull ApplicationUser applicationUser) {
            this.impersonateUser = true;
            this.user = (ApplicationUser) Preconditions.checkNotNull(applicationUser, "user");
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Nonnull
        public Builder withPermission(@Nonnull Permission permission) {
            this.permissionsBuilder.add((Permission) Preconditions.checkNotNull(permission, "permission"), null);
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Nonnull
        public Builder withPermission(@Nonnull Object obj, @Nonnull Permission permission) {
            Integer valueOf;
            if (Preconditions.checkNotNull(obj, "resource") instanceof Repository) {
                valueOf = Integer.valueOf(((Repository) obj).getId());
                Preconditions.checkArgument(permission.isResource(Repository.class), "Repository permission required");
            } else {
                if (!(obj instanceof Project)) {
                    throw new IllegalArgumentException("Only repository and project resources are supported. Got " + obj.getClass().getCanonicalName());
                }
                valueOf = Integer.valueOf(((Project) obj).getId());
                Preconditions.checkArgument(permission.isResource(Project.class), "Project permission required");
            }
            this.permissionsBuilder.add(permission, valueOf);
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Nonnull
        public Builder withPermissions(@Nonnull Iterable<Permission> iterable) {
            int i = 0;
            Iterator it = ((Iterable) Preconditions.checkNotNull(iterable, "permissions")).iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                this.permissionsBuilder.add((Permission) Preconditions.checkNotNull((Permission) it.next(), "permissions[%s]", new Object[]{Integer.valueOf(i2)}), null);
            }
            return this;
        }
    }

    private DefaultEscalatedSecurityContext(Builder builder) {
        this.elevatedPermissions = builder.permissionsBuilder.build();
        this.impersonateUser = builder.impersonateUser;
        this.reason = builder.reason;
        this.requestManager = builder.requestManager;
        this.user = builder.user;
    }

    public <T, E extends Throwable> T call(@Nonnull Operation<T, E> operation) throws Throwable {
        Preconditions.checkNotNull(operation, "operation cannot be null");
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        StashUserAuthenticationToken createRunAsToken = createRunAsToken();
        SecurityContextHolder.getContext().setAuthentication(createRunAsToken);
        try {
            log.trace("doWithPermission: running as {}", createRunAsToken);
            T t = (T) operation.perform();
            SecurityContextHolder.getContext().setAuthentication(authentication);
            return t;
        } catch (Throwable th) {
            SecurityContextHolder.getContext().setAuthentication(authentication);
            throw th;
        }
    }

    public void applyToRequest() {
        RequestContext requestContext = this.requestManager.getRequestContext();
        if (requestContext == null || !requestContext.isActive()) {
            throw new IllegalStateException("No request is active");
        }
        SecurityContextHolder.getContext().setAuthentication(createRunAsToken());
    }

    @Nonnull
    public EscalatedSecurityContext withPermission(@Nonnull Permission permission) {
        return new Builder(this).withPermission((Permission) Preconditions.checkNotNull(permission, "permission")).build();
    }

    @Nonnull
    public EscalatedSecurityContext withPermission(@Nonnull Object obj, @Nonnull Permission permission) {
        return new Builder(this).withPermission(obj, permission).build();
    }

    @Nonnull
    public EscalatedSecurityContext withPermissions(@Nonnull Set<Permission> set) {
        DefaultPermissionGraph.Builder addGraph = new DefaultPermissionGraph.Builder().addGraph(this.elevatedPermissions);
        int i = 0;
        Iterator<Permission> it = set.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            addGraph.add((Permission) Preconditions.checkNotNull(it.next(), "permissions[%s]", new Object[]{Integer.valueOf(i2)}), null);
        }
        return new Builder(this).withPermissions(set).build();
    }

    private StashUserAuthenticationToken createRunAsToken() {
        StashUserAuthenticationToken authentication = SecurityContextHolder.getContext().getAuthentication();
        PermissionGraph permissionGraph = null;
        ApplicationUser applicationUser = null;
        if (authentication instanceof StashUserAuthenticationToken) {
            StashUserAuthenticationToken stashUserAuthenticationToken = authentication;
            permissionGraph = stashUserAuthenticationToken.getElevatedPermissions();
            applicationUser = stashUserAuthenticationToken.getPrincipal();
        }
        return new StashUserAuthenticationToken.Builder().user(this.impersonateUser ? this.user : applicationUser).elevatedPermissions(CompositePermissionGraph.maybeCompose(permissionGraph, this.elevatedPermissions)).build();
    }
}
