package com.atlassian.stash.internal.user;

import com.atlassian.event.api.EventListener;
import com.atlassian.plugin.spring.AvailableToPlugins;
import com.atlassian.stash.event.request.RequestEndedEvent;
import com.atlassian.stash.i18n.I18nService;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.PreAuthenticationFailedException;
import com.atlassian.stash.user.SecurityService;
import com.atlassian.stash.user.StashAuthenticationContext;
import com.atlassian.stash.user.StashUser;
import com.atlassian.stash.user.UserService;
import com.atlassian.stash.util.Operation;
import com.google.common.base.Preconditions;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;

@Service("securityService")
@AvailableToPlugins(SecurityService.class)
/* loaded from: input_file:com/atlassian/stash/internal/user/SecurityServiceImpl.class */
public class SecurityServiceImpl implements SecurityService {
    private final Logger log = LoggerFactory.getLogger(SecurityServiceImpl.class);
    private final UserService userService;
    private final StashAuthenticationContext authenticationContext;
    private final I18nService i18nService;

    @Autowired
    public SecurityServiceImpl(UserService userService, StashAuthenticationContext stashAuthenticationContext, I18nService i18nService) {
        this.userService = userService;
        this.authenticationContext = stashAuthenticationContext;
        this.i18nService = i18nService;
    }

    public <T, E extends Throwable> T doAnonymously(@Nonnull String str, @Nonnull Operation<T, E> operation) throws Throwable {
        Preconditions.checkNotNull(str, "reason cannot be null");
        Preconditions.checkNotNull(operation, "operation cannot be null");
        StashUser currentUser = this.authenticationContext.getCurrentUser();
        try {
            this.userService.unauthenticate();
            this.log.trace("doAnonymously: running as anonymously, reason: " + str);
            T t = (T) operation.perform();
            this.userService.unauthenticate();
            if (currentUser != null) {
                this.userService.preauthenticate(currentUser.getName());
            }
            return t;
        } catch (Throwable th) {
            this.userService.unauthenticate();
            if (currentUser != null) {
                this.userService.preauthenticate(currentUser.getName());
            }
            throw th;
        }
    }

    public <T, E extends Throwable> T doAsUser(@Nonnull String str, @Nonnull String str2, @Nonnull Operation<T, E> operation) throws Throwable {
        Preconditions.checkNotNull(str, "reason cannot be null");
        Preconditions.checkNotNull(str2, "userName cannot be null");
        Preconditions.checkNotNull(operation, "operation cannot be null");
        StashUser currentUser = this.authenticationContext.getCurrentUser();
        try {
            if (this.userService.preauthenticate(str2) == null) {
                throw new PreAuthenticationFailedException(this.i18nService.getKeyedText("stash.service.user.preauthfail", "Could not pre-authenticate as {0}", new Object[]{str2}));
            }
            this.log.trace("doAsUser: running as user " + str2 + ", reason: " + str);
            T t = (T) operation.perform();
            this.userService.unauthenticate();
            if (currentUser != null) {
                this.userService.preauthenticate(currentUser.getName());
            }
            return t;
        } catch (Throwable th) {
            this.userService.unauthenticate();
            if (currentUser != null) {
                this.userService.preauthenticate(currentUser.getName());
            }
            throw th;
        }
    }

    public <T, E extends Throwable> T doWithPermission(@Nonnull String str, @Nonnull Permission permission, @Nonnull Operation<T, E> operation) throws Throwable {
        Preconditions.checkNotNull(permission, "permission cannot be null");
        return (T) doWithPermissions(str, Collections.singleton(permission), operation);
    }

    public <T, E extends Throwable> T doWithPermissions(@Nonnull String str, @Nonnull Collection<Permission> collection, @Nonnull Operation<T, E> operation) throws Throwable {
        Preconditions.checkNotNull(str, "reason cannot be null");
        Preconditions.checkNotNull(collection, "permissions cannot be null");
        Preconditions.checkNotNull(operation, "operation cannot be null");
        StashUserAuthenticationToken authentication = SecurityContextHolder.getContext().getAuthentication();
        try {
            EnumSet copyOf = EnumSet.copyOf((Collection) collection);
            if (authentication instanceof StashUserAuthenticationToken) {
                copyOf.addAll(authentication.getRunWithPermissions());
            }
            StashUserAuthenticationToken stashUserAuthenticationToken = new StashUserAuthenticationToken(this.authenticationContext.getCurrentUser(), copyOf);
            SecurityContextHolder.getContext().setAuthentication(stashUserAuthenticationToken);
            this.log.trace("doWithPermission: running as user {} with permissions {}, reason: {}", new Object[]{stashUserAuthenticationToken.getName(), copyOf, str});
            T t = (T) operation.perform();
            SecurityContextHolder.getContext().setAuthentication(authentication);
            return t;
        } catch (Throwable th) {
            SecurityContextHolder.getContext().setAuthentication(authentication);
            throw th;
        }
    }

    @EventListener
    public void onRequestEnded(RequestEndedEvent requestEndedEvent) {
        SecurityContextHolder.clearContext();
    }
}
