package com.atlassian.bamboo.security;

import com.atlassian.bamboo.FeatureManager;
import com.atlassian.bamboo.applinks.ImpersonationServiceImpl;
import com.atlassian.bamboo.configuration.AdministrationConfigurationManager;
import com.atlassian.bamboo.plan.Plan;
import com.atlassian.bamboo.plan.PlanKey;
import com.atlassian.bamboo.plan.PlanKeys;
import com.atlassian.bamboo.plan.PlanManager;
import com.atlassian.bamboo.security.acegi.BambooAcegiSecurityUtils;
import com.atlassian.bamboo.security.acegi.acls.BambooPermission;
import com.atlassian.bamboo.security.acegi.acls.GroupPrincipalSid;
import com.atlassian.bamboo.security.acegi.acls.HibernateObjectIdentityImpl;
import com.atlassian.bamboo.user.BambooUserManager;
import com.atlassian.bamboo.user.DefaultBambooUser;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import org.acegisecurity.Authentication;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.acls.AccessControlEntry;
import org.acegisecurity.acls.Acl;
import org.acegisecurity.acls.MutableAclService;
import org.acegisecurity.acls.NotFoundException;
import org.acegisecurity.acls.Permission;
import org.acegisecurity.acls.objectidentity.ObjectIdentity;
import org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategy;
import org.acegisecurity.acls.sid.SidRetrievalStrategy;
import org.acegisecurity.adapters.PrincipalAcegiUserToken;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.userdetails.UserDetails;
import org.apache.log4j.Logger;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/bamboo/security/BambooPermissionManagerImpl.class */
public class BambooPermissionManagerImpl implements BambooPermissionManager {
    private static final Logger log = Logger.getLogger(BambooPermissionManagerImpl.class);
    protected MutableAclService aclService;
    private SidRetrievalStrategy sidRetrievalStrategy;
    private ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy;
    private PlanManager planManager;
    private GrantedAuthority[] overrideAuthorities = new GrantedAuthority[0];
    private BambooUserManager bambooUserManager;
    private AdministrationConfigurationManager administrationConfigurationManager;
    private FeatureManager featureManager;

    @Deprecated
    public boolean hasPermission(Authentication authentication, String str, Object obj) {
        return hasPermission(BambooPermission.buildFromName(str), obj, authentication);
    }

    public boolean hasPermission(@NotNull Permission permission, @NotNull Object obj, @Nullable Authentication authentication) {
        if (authentication == null) {
            authentication = SecurityContextHolder.getContext().getAuthentication();
        }
        if (authentication == null) {
            return false;
        }
        if (isOverrideAuthority(authentication)) {
            return true;
        }
        if (BambooAcegiSecurityUtils.hasAuthority(authentication, DefaultBambooUser.RESTRICTED_ADMIN_AUTHORITY) && (BambooPermission.isGrantedForRestrictedAdmin(permission) || !(obj instanceof GlobalApplicationSecureObject))) {
            return true;
        }
        try {
            return getAcl(obj).isGranted(new Permission[]{permission}, this.sidRetrievalStrategy.getSids(authentication), false);
        } catch (NotFoundException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Acl getAcl(@NotNull Object obj) {
        return this.aclService.readAclById(createObjectIdentity(obj));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ObjectIdentity createObjectIdentity(@NotNull Object obj) {
        return this.objectIdentityRetrievalStrategy.getObjectIdentity(obj);
    }

    private boolean isOverrideAuthority(@NotNull Authentication authentication) {
        for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
            for (GrantedAuthority grantedAuthority2 : this.overrideAuthorities) {
                if (grantedAuthority2.getAuthority().equals(grantedAuthority.getAuthority())) {
                    return true;
                }
            }
        }
        return false;
    }

    @Deprecated
    public boolean hasPermission(String str, Object obj) {
        return hasPermission(BambooPermission.buildFromName(str), obj, SecurityContextHolder.getContext().getAuthentication());
    }

    public boolean hasPermission(String str, String str2, Object obj) {
        return hasPermission(str, BambooPermission.buildFromName(str2), obj);
    }

    public boolean hasPermission(@NotNull String str, @NotNull Permission permission, @NotNull Object obj) {
        UserDetails loadUserByUsername = this.bambooUserManager.loadUserByUsername(str);
        if (loadUserByUsername == null) {
            return false;
        }
        return hasPermission(permission, obj, (Authentication) new PrincipalAcegiUserToken(ImpersonationServiceImpl.USER_TOKEN_KEY, loadUserByUsername.getUsername(), loadUserByUsername.getPassword(), loadUserByUsername.getAuthorities(), loadUserByUsername));
    }

    public boolean hasPlanPermission(String str, String str2) {
        try {
            return hasPlanPermission(BambooPermission.buildFromName(str), PlanKeys.getPlanKey(str2));
        } catch (IllegalArgumentException e) {
            log.warn("Incorrect plan key passed to hasPlanPermission: " + str2);
            return false;
        }
    }

    public boolean hasPlanPermission(@NotNull Permission permission, @NotNull PlanKey planKey) {
        Plan planByKey = this.planManager.getPlanByKey(planKey);
        return planByKey != null && hasPermission(permission, planByKey, (Authentication) null);
    }

    public boolean hasGlobalPermission(String str) {
        return hasGlobalPermission(BambooPermission.buildFromName(str));
    }

    public boolean hasGlobalPermission(@NotNull Permission permission) {
        return hasPermission(permission, GlobalApplicationSecureObject.INSTANCE, (Authentication) null);
    }

    public Collection<Permission> getPermissionsForPlan(@NotNull PlanKey planKey) {
        ArrayList newArrayList = Lists.newArrayList();
        Plan planByKey = this.planManager.getPlanByKey(planKey);
        if (planByKey != null) {
            Iterator it = BambooPermission.getPlanPermissionsList().iterator();
            while (it.hasNext()) {
                BambooPermission bambooPermission = (BambooPermission) it.next();
                if (hasPermission((Permission) bambooPermission, (Object) planByKey, (Authentication) null)) {
                    newArrayList.add(bambooPermission);
                }
            }
        }
        return newArrayList;
    }

    public Collection<Permission> getPermissionsForPlan(String str) {
        try {
            return getPermissionsForPlan(PlanKeys.getPlanKey(str));
        } catch (IllegalArgumentException e) {
            log.warn("Incorrect plan key passed to getPermissionsForPlan: " + str);
            return Collections.emptyList();
        }
    }

    public boolean isEnableSignup() {
        return this.featureManager.isSignupConfigurable() && this.administrationConfigurationManager.getAdministrationConfiguration().isEnableSignup();
    }

    @NotNull
    public Collection<String> getAdminGroups() {
        ArrayList newArrayList = Lists.newArrayList();
        for (AccessControlEntry accessControlEntry : this.aclService.readAclById(new HibernateObjectIdentityImpl(GlobalApplicationSecureObject.INSTANCE)).getEntries()) {
            if (accessControlEntry.getPermission().equals(BambooPermission.ADMINISTRATION) && (accessControlEntry.getSid() instanceof GroupPrincipalSid)) {
                newArrayList.add(((GroupPrincipalSid) accessControlEntry.getSid()).getPrincipal());
            }
        }
        return newArrayList;
    }

    public boolean isAdmin(String str) {
        if (this.bambooUserManager.loadUserByUsername(str) != null) {
            return hasPermission(str, (Permission) BambooPermission.ADMINISTRATION, (Object) GlobalApplicationSecureObject.INSTANCE) || hasPermission(str, (Permission) BambooPermission.RESTRICTEDADMINISTRATION, (Object) GlobalApplicationSecureObject.INSTANCE);
        }
        return false;
    }

    public boolean isSystemAdmin(String str) {
        return this.bambooUserManager.loadUserByUsername(str) != null && hasPermission(str, (Permission) BambooPermission.ADMINISTRATION, (Object) GlobalApplicationSecureObject.INSTANCE);
    }

    public void setAdministrationConfigurationManager(AdministrationConfigurationManager administrationConfigurationManager) {
        this.administrationConfigurationManager = administrationConfigurationManager;
    }

    public void setAclService(MutableAclService mutableAclService) {
        this.aclService = mutableAclService;
    }

    public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy) {
        this.sidRetrievalStrategy = sidRetrievalStrategy;
    }

    public void setPlanManager(PlanManager planManager) {
        this.planManager = planManager;
    }

    public void setOverrideAuthorities(GrantedAuthority[] grantedAuthorityArr) {
        this.overrideAuthorities = grantedAuthorityArr;
    }

    public void setBambooUserManager(BambooUserManager bambooUserManager) {
        this.bambooUserManager = bambooUserManager;
    }

    public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
        this.objectIdentityRetrievalStrategy = objectIdentityRetrievalStrategy;
    }

    public void setFeatureManager(FeatureManager featureManager) {
        this.featureManager = featureManager;
    }
}
