package com.atlassian.stash.internal.user;

import com.atlassian.stash.internal.user.DefaultPermissionGraph;
import com.atlassian.stash.internal.user.StashUserAuthenticationToken;
import com.atlassian.stash.project.Project;
import com.atlassian.stash.repository.Repository;
import com.atlassian.stash.request.RequestContext;
import com.atlassian.stash.user.EscalatedSecurityContext;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.StashUser;
import com.atlassian.stash.util.Operation;
import com.atlassian.stash.web.conditions.AbstractPermissionCondition;
import com.google.common.base.Preconditions;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:WEB-INF/lib/stash-service-impl-3.10.2.jar:com/atlassian/stash/internal/user/DefaultEscalatedSecurityContext.class */
class DefaultEscalatedSecurityContext implements EscalatedSecurityContext {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultEscalatedSecurityContext.class);
    private final DefaultPermissionGraph elevatedPermissions;
    private final String reason;
    private final RequestContext requestContext;
    private final StashUser user;

    private DefaultEscalatedSecurityContext(String str, StashUser stashUser, RequestContext requestContext, DefaultPermissionGraph defaultPermissionGraph) {
        this.elevatedPermissions = defaultPermissionGraph;
        this.reason = str;
        this.requestContext = requestContext;
        this.user = stashUser;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DefaultEscalatedSecurityContext(String str, StashUser stashUser, RequestContext requestContext) {
        this(str, stashUser, requestContext, new DefaultPermissionGraph.Builder().build());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v23, types: [com.atlassian.stash.internal.user.PermissionGraph] */
    @Override // com.atlassian.stash.user.EscalatedSecurityContext
    public <T, E extends Throwable> T call(@Nonnull Operation<T, E> operation) throws Throwable {
        Preconditions.checkNotNull(operation, "operation cannot be null");
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        DefaultPermissionGraph defaultPermissionGraph = this.elevatedPermissions;
        if (authentication instanceof StashUserAuthenticationToken) {
            defaultPermissionGraph = CompositePermissionGraph.maybeCompose(defaultPermissionGraph, ((StashUserAuthenticationToken) authentication).getElevatedPermissions());
        }
        StashUserAuthenticationToken build = new StashUserAuthenticationToken.Builder().user(this.user).elevatedPermissions(defaultPermissionGraph).build();
        SecurityContextHolder.getContext().setAuthentication(build);
        try {
            log.trace("doWithPermission: running as user {} with permissions {}, reason: {}", build.getName(), defaultPermissionGraph, this.reason);
            T mo1438perform = operation.mo1438perform();
            SecurityContextHolder.getContext().setAuthentication(authentication);
            return mo1438perform;
        } catch (Throwable th) {
            SecurityContextHolder.getContext().setAuthentication(authentication);
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v17, types: [com.atlassian.stash.internal.user.PermissionGraph] */
    @Override // com.atlassian.stash.user.EscalatedSecurityContext
    public void applyToRequest() {
        if (!this.requestContext.isActive()) {
            throw new IllegalStateException("No request is active");
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        DefaultPermissionGraph defaultPermissionGraph = this.elevatedPermissions;
        if (authentication instanceof StashUserAuthenticationToken) {
            defaultPermissionGraph = CompositePermissionGraph.maybeCompose(defaultPermissionGraph, ((StashUserAuthenticationToken) authentication).getElevatedPermissions());
        }
        SecurityContextHolder.getContext().setAuthentication(new StashUserAuthenticationToken.Builder().user(this.user).elevatedPermissions(defaultPermissionGraph).build());
    }

    @Override // com.atlassian.stash.user.EscalatedSecurityContext
    @Nonnull
    public EscalatedSecurityContext withPermission(@Nonnull Permission permission) {
        return new DefaultEscalatedSecurityContext(this.reason, this.user, this.requestContext, new DefaultPermissionGraph.Builder().addAll(this.elevatedPermissions).add((Permission) Preconditions.checkNotNull(permission, AbstractPermissionCondition.PERMISSION), null).build());
    }

    @Override // com.atlassian.stash.user.EscalatedSecurityContext
    @Nonnull
    public EscalatedSecurityContext withPermission(@Nonnull Object obj, @Nonnull Permission permission) {
        Integer id;
        if (Preconditions.checkNotNull(obj, "resource") instanceof Repository) {
            id = ((Repository) obj).getId();
            Preconditions.checkArgument(permission.isResource(Repository.class), "Repository permission required");
        } else {
            if (!(obj instanceof Project)) {
                throw new IllegalArgumentException("Only repository and project resources are supported. Got " + obj.getClass().getCanonicalName());
            }
            id = ((Project) obj).getId();
            Preconditions.checkArgument(permission.isResource(Project.class), "Project permission required");
        }
        return new DefaultEscalatedSecurityContext(this.reason, this.user, this.requestContext, new DefaultPermissionGraph.Builder().addAll(this.elevatedPermissions).add(permission, id).build());
    }

    @Override // com.atlassian.stash.user.EscalatedSecurityContext
    @Nonnull
    public EscalatedSecurityContext withPermissions(@Nonnull Set<Permission> set) {
        DefaultPermissionGraph.Builder addAll = new DefaultPermissionGraph.Builder().addAll(this.elevatedPermissions);
        int i = 0;
        Iterator<Permission> it = set.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            addAll.add((Permission) Preconditions.checkNotNull(it.next(), "permissions[%s]", Integer.valueOf(i2)), null);
        }
        return new DefaultEscalatedSecurityContext(this.reason, this.user, this.requestContext, addAll.build());
    }
}
