package com.atlassian.plugin.connect.plugin.auth.oauth2;

import com.atlassian.plugin.connect.plugin.ConnectAddonInformationProvider;
import com.atlassian.plugin.connect.spi.auth.user.ConnectUserService;
import com.atlassian.sal.api.user.UserKey;
import com.atlassian.sal.api.user.UserManager;
import java.util.Optional;
import org.hsqldb.Tokens;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-connect-server-plugin-2.0.0-39bf8e4.jar:com/atlassian/plugin/connect/plugin/auth/oauth2/AddonPrincipalServiceImpl.class */
public class AddonPrincipalServiceImpl implements AddonPrincipalService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AddonPrincipalServiceImpl.class);
    private final UserManager userManager;
    private final ConnectUserService connectUserService;
    private final OAuthClientManager oAuthClientManager;
    private final ConnectAddonInformationProvider connectAddonInformationProvider;

    @Autowired
    public AddonPrincipalServiceImpl(UserManager userManager, ConnectUserService connectUserService, OAuthClientManager oAuthClientManager, ConnectAddonInformationProvider connectAddonInformationProvider) {
        this.userManager = userManager;
        this.connectUserService = connectUserService;
        this.oAuthClientManager = oAuthClientManager;
        this.connectAddonInformationProvider = connectAddonInformationProvider;
    }

    @Override // com.atlassian.plugin.connect.plugin.auth.oauth2.AddonPrincipalService
    public Optional<AddonPrincipal> lookupByOauthClientId(String str) {
        Optional<String> findAddonKeyByClientId = this.oAuthClientManager.findAddonKeyByClientId(str);
        ConnectAddonInformationProvider connectAddonInformationProvider = this.connectAddonInformationProvider;
        connectAddonInformationProvider.getClass();
        Optional<U> flatMap = findAddonKeyByClientId.flatMap(connectAddonInformationProvider::getUserKey);
        if (!flatMap.isPresent()) {
            log.error(String.format("No user key stored for add-on '%s'. Incoming requests from this issuer will be authenticated as an anonymous request.", findAddonKeyByClientId.orElse(Tokens.T_UNKNOWN)));
            return Optional.empty();
        }
        String str2 = (String) flatMap.get();
        if (this.connectUserService.isActive(str2)) {
            return Optional.of(new AddonPrincipal(str2, str));
        }
        log.error(String.format("addon user is disabled for add-on '%s'. Incoming requests from this issuer will be authenticated as an anonymous request.", findAddonKeyByClientId.orElse(Tokens.T_UNKNOWN)));
        return Optional.empty();
    }

    @Override // com.atlassian.plugin.connect.plugin.auth.oauth2.AddonPrincipalService
    public Optional<ImpersonatedPrincipal<AddonPrincipal>> lookupImpersonatingPrincipal(String str, String str2) {
        Optional<String> findAddonKeyByClientId = this.oAuthClientManager.findAddonKeyByClientId(str2);
        ConnectAddonInformationProvider connectAddonInformationProvider = this.connectAddonInformationProvider;
        connectAddonInformationProvider.getClass();
        return findAddonKeyByClientId.flatMap(connectAddonInformationProvider::getUserKey).flatMap(str3 -> {
            return getUsername(str).map(str3 -> {
                return new ImpersonatedPrincipal(str3, new AddonPrincipal(str3, str2));
            });
        });
    }

    private Optional<String> getUsername(String str) {
        Optional map = Optional.ofNullable(this.userManager.getUserProfile(new UserKey(str))).map((v0) -> {
            return v0.getUsername();
        });
        if (!map.isPresent()) {
            log.info("No user for impersonated User id " + str);
            return Optional.empty();
        }
        String str2 = (String) map.get();
        if (this.connectUserService.isActive(str2)) {
            return Optional.of(str2);
        }
        log.info("User record is inactive for impersonated User id " + str);
        return Optional.empty();
    }
}
