package com.atlassian.stash.internal.user;

import com.atlassian.stash.user.StashUser;
import com.atlassian.stash.user.UserService;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.web.context.HttpRequestResponseHolder;
import org.springframework.security.web.context.SecurityContextRepository;

/* loaded from: input_file:com/atlassian/stash/internal/user/SecurityContextRepositoryImpl.class */
public class SecurityContextRepositoryImpl implements SecurityContextRepository {
    public static final String STASH_SECURITY_CONTEXT_KEY = "STASH_SECURITY_CONTEXT";
    private final UserService userService;

    public SecurityContextRepositoryImpl(UserService userService) {
        this.userService = userService;
    }

    public void saveContext(SecurityContext securityContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        StashUserAuthenticationToken authentication = securityContext.getAuthentication();
        if (authentication == null) {
            HttpSession session = httpServletRequest.getSession(false);
            if (session != null) {
                session.removeAttribute(STASH_SECURITY_CONTEXT_KEY);
                return;
            }
            return;
        }
        if (authentication instanceof StashUserAuthenticationToken) {
            HttpSession session2 = httpServletRequest.getSession(!httpServletResponse.isCommitted());
            if (session2 != null) {
                session2.setAttribute(STASH_SECURITY_CONTEXT_KEY, authentication.getId());
            }
        }
    }

    public SecurityContext loadContext(HttpRequestResponseHolder httpRequestResponseHolder) {
        StashUser user;
        HttpServletRequest request = httpRequestResponseHolder.getRequest();
        SecurityContextImpl securityContextImpl = new SecurityContextImpl();
        Integer authenticationId = getAuthenticationId(request);
        if (authenticationId != null && (user = this.userService.getUser(authenticationId)) != null && user.isActive()) {
            securityContextImpl.setAuthentication(new StashUserAuthenticationToken(user));
        }
        return securityContextImpl;
    }

    private Integer getAuthenticationId(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        Object attribute = session.getAttribute(STASH_SECURITY_CONTEXT_KEY);
        if (attribute instanceof Integer) {
            return (Integer) attribute;
        }
        return null;
    }

    public boolean containsContext(HttpServletRequest httpServletRequest) {
        return getAuthenticationId(httpServletRequest) != null;
    }
}
