package com.atlassian.bitbucket.internal.mirroring.mirror.auth;

import com.atlassian.bitbucket.auth.AuthenticationContext;
import com.atlassian.bitbucket.auth.HttpAuthenticationSuccessContext;
import com.atlassian.bitbucket.auth.HttpAuthenticationSuccessHandler;
import com.atlassian.bitbucket.internal.mirroring.mirror.MirrorAuthenticationContext;
import com.atlassian.bitbucket.internal.mirroring.mirror.MirrorConstants;
import com.atlassian.bitbucket.internal.mirroring.mirror.MirroringUserUtils;
import com.atlassian.bitbucket.internal.mirroring.mirror.jwt.JwtClaims;
import com.atlassian.bitbucket.internal.mirroring.mirror.jwt.SimpleJwtUser;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.request.RequestManager;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.ServiceUser;
import java.io.IOException;
import java.util.Optional;
import javax.annotation.Nonnull;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.codehaus.jackson.map.ObjectMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-mirroring-mirror-5.16.0.jar:com/atlassian/bitbucket/internal/mirroring/mirror/auth/AbstractMirrorAuthenticationContext.class */
public abstract class AbstractMirrorAuthenticationContext implements MirrorAuthenticationContext, HttpAuthenticationSuccessHandler {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AbstractMirrorAuthenticationContext.class);
    private final AuthenticationContext authenticationContext;
    private final ObjectMapper mapper = new ObjectMapper();
    private final RequestManager requestManager;

    @Autowired
    public AbstractMirrorAuthenticationContext(AuthenticationContext authenticationContext, RequestManager requestManager) {
        this.authenticationContext = authenticationContext;
        this.requestManager = requestManager;
    }

    @Override // com.atlassian.bitbucket.internal.mirroring.mirror.MirrorAuthenticationContext
    @Nonnull
    public Optional<ServiceUser> getCurrentUpstreamUser() {
        ApplicationUser currentUser = this.authenticationContext.getCurrentUser();
        return MirroringUserUtils.isUpstreamUser(currentUser) ? Optional.of(ServiceUser.class.cast(currentUser)) : Optional.empty();
    }

    @Override // com.atlassian.bitbucket.internal.mirroring.mirror.MirrorAuthenticationContext
    @Nonnull
    public Optional<ApplicationUser> getImpersonatedUser() {
        return getHttpRequest().flatMap(httpServletRequest -> {
            Object attribute = httpServletRequest.getAttribute(MirrorConstants.ATTR_JWT_IMP_USER);
            if (attribute instanceof Optional) {
                return (Optional) Optional.class.cast(attribute);
            }
            Optional<ApplicationUser> doGetImpersonatedUser = doGetImpersonatedUser(httpServletRequest);
            httpServletRequest.setAttribute(MirrorConstants.ATTR_JWT_IMP_USER, doGetImpersonatedUser);
            return doGetImpersonatedUser.filter(this::isImpersonatedUserReturned);
        });
    }

    @Override // com.atlassian.bitbucket.internal.mirroring.mirror.MirrorAuthenticationContext
    @Nonnull
    public Optional<Permission> getImpersonatedUserHighestPermission() {
        Optional<ApplicationUser> impersonatedUser = getImpersonatedUser();
        Class<SimpleJwtUser> cls = SimpleJwtUser.class;
        SimpleJwtUser.class.getClass();
        Optional<ApplicationUser> filter = impersonatedUser.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<SimpleJwtUser> cls2 = SimpleJwtUser.class;
        SimpleJwtUser.class.getClass();
        return filter.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.getHighestPermission();
        });
    }

    @Override // com.atlassian.bitbucket.internal.mirroring.mirror.MirrorAuthenticationContext
    @Nonnull
    public Optional<Permission> getUpstreamRequestedHighestPermission() {
        Optional map = getHttpRequest().map(httpServletRequest -> {
            return httpServletRequest.getSession(false);
        }).map(httpSession -> {
            return httpSession.getAttribute(MirrorConstants.ATTR_JWT_HIGHEST_PERM);
        });
        Class<Permission> cls = Permission.class;
        Permission.class.getClass();
        Optional filter = map.filter(cls::isInstance);
        Class<Permission> cls2 = Permission.class;
        Permission.class.getClass();
        return filter.map(cls2::cast);
    }

    @Override // com.atlassian.bitbucket.auth.HttpAuthenticationSuccessHandler
    public boolean onAuthenticationSuccess(@Nonnull HttpAuthenticationSuccessContext httpAuthenticationSuccessContext) throws ServletException, IOException {
        HttpSession session;
        HttpServletRequest request = httpAuthenticationSuccessContext.getRequest();
        Permission permission = (Permission) request.getAttribute(MirrorConstants.ATTR_JWT_HIGHEST_PERM);
        Object attribute = request.getAttribute("jwt.payload");
        if ((attribute == null && permission == null) || (session = request.getSession(false)) == null) {
            return false;
        }
        if (attribute != null) {
            session.setAttribute(MirrorConstants.ATTR_JWT_PAYLOAD, attribute);
        }
        if (permission == null) {
            return false;
        }
        session.setAttribute(MirrorConstants.ATTR_JWT_HIGHEST_PERM, permission);
        return false;
    }

    abstract Optional<ApplicationUser> doGetImpersonatedUser(HttpServletRequest httpServletRequest);

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<JwtClaims> getJwtClaims(HttpServletRequest httpServletRequest) {
        HttpSession session;
        Object attribute = httpServletRequest.getAttribute("jwt.payload");
        if (attribute == null && (session = httpServletRequest.getSession(false)) != null) {
            attribute = session.getAttribute(MirrorConstants.ATTR_JWT_PAYLOAD);
        }
        if (attribute instanceof String) {
            String str = (String) String.class.cast(attribute);
            try {
                return Optional.of(this.mapper.readValue(str, JwtClaims.class));
            } catch (IOException e) {
                log.info("Ignoring invalid JWT claims ('{}'); error is {}", str, e.getMessage());
            }
        }
        return Optional.empty();
    }

    abstract boolean isImpersonatedUserReturned(ApplicationUser applicationUser);

    private Optional<HttpServletRequest> getHttpRequest() {
        Optional filter = Optional.ofNullable(this.requestManager.getRequestContext()).map((v0) -> {
            return v0.getRawRequest();
        }).filter(obj -> {
            return HttpServletRequest.class.isAssignableFrom(obj.getClass());
        });
        Class<HttpServletRequest> cls = HttpServletRequest.class;
        HttpServletRequest.class.getClass();
        return filter.map(cls::cast);
    }
}
