package com.netflix.spinnaker.security;

import com.google.common.base.Preconditions;
import com.netflix.spinnaker.kork.common.Header;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.Callable;
import java.util.concurrent.atomic.AtomicReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:com/netflix/spinnaker/security/AuthenticatedRequest.class */
public class AuthenticatedRequest {
    private static final Logger log = LoggerFactory.getLogger(AuthenticatedRequest.class);
    private static final AtomicReference<PrincipalExtractor> PRINCIPAL_EXTRACTOR = new AtomicReference<>(DefaultPrincipalExtractor.INSTANCE);

    /* loaded from: input_file:com/netflix/spinnaker/security/AuthenticatedRequest$DefaultPrincipalExtractor.class */
    private static class DefaultPrincipalExtractor implements PrincipalExtractor {
        private static final DefaultPrincipalExtractor INSTANCE = new DefaultPrincipalExtractor();

        private DefaultPrincipalExtractor() {
        }
    }

    /* loaded from: input_file:com/netflix/spinnaker/security/AuthenticatedRequest$PrincipalExtractor.class */
    public interface PrincipalExtractor {
        default Object principal() {
            return Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication()).map((v0) -> {
                return v0.getPrincipal();
            }).orElse(null);
        }

        default Optional<String> getSpinnakerAccounts() {
            return getSpinnakerAccounts(principal());
        }

        default Optional<String> getSpinnakerAccounts(Object obj) {
            if (obj instanceof UserDetails) {
                Collection<String> allowedAccounts = AllowedAccountsAuthorities.getAllowedAccounts((UserDetails) obj);
                if (!CollectionUtils.isEmpty(allowedAccounts)) {
                    return Optional.of(String.join(",", allowedAccounts));
                }
            }
            return AuthenticatedRequest.get(Header.ACCOUNTS);
        }

        default Optional<String> getSpinnakerUser() {
            return getSpinnakerUser(principal());
        }

        default Optional<String> getSpinnakerUser(Object obj) {
            return obj instanceof UserDetails ? Optional.ofNullable(((UserDetails) obj).getUsername()) : AuthenticatedRequest.get(Header.USER);
        }
    }

    public static void setPrincipalExtractor(PrincipalExtractor principalExtractor) {
        Objects.requireNonNull(principalExtractor, "PrincipalExtractor is required");
        PRINCIPAL_EXTRACTOR.set(principalExtractor);
        log.info("replaced AuthenticatedRequest PrincipalExtractor with {}", principalExtractor.getClass().getSimpleName());
    }

    public static <V> V allowAnonymous(Callable<V> callable) {
        try {
            String str = MDC.get(Header.XSpinnakerAnonymous);
            MDC.put(Header.XSpinnakerAnonymous, SpinnakerUsers.ANONYMOUS);
            try {
                V call = callable.call();
                setOrRemoveMdc(Header.XSpinnakerAnonymous, str);
                return call;
            } catch (Throwable th) {
                setOrRemoveMdc(Header.XSpinnakerAnonymous, str);
                throw th;
            }
        } catch (Exception e) {
            throw e;
        }
    }

    public static <V> Callable<V> runAs(String str, Callable<V> callable) {
        return runAs(str, Collections.emptySet(), callable);
    }

    public static <V> Callable<V> runAs(String str, boolean z, Callable<V> callable) {
        return runAs(str, Collections.emptySet(), z, callable);
    }

    public static <V> Callable<V> runAs(String str, Collection<String> collection, Callable<V> callable) {
        return runAs(str, collection, true, callable);
    }

    public static <V> Callable<V> runAs(String str, Collection<String> collection, boolean z, Callable<V> callable) {
        return wrapCallableForPrincipal(callable, z, org.springframework.security.core.userdetails.User.withUsername(str).password("").authorities(AllowedAccountsAuthorities.buildAllowedAccounts(collection)).build());
    }

    public static <V> Callable<V> propagate(Callable<V> callable) {
        return wrapCallableForPrincipal(callable, true, principal());
    }

    public static <V> Callable<V> propagate(Callable<V> callable, boolean z) {
        return wrapCallableForPrincipal(callable, z, principal());
    }

    @Deprecated
    public static <V> Callable<V> propagate(Callable<V> callable, Object obj) {
        return wrapCallableForPrincipal(callable, true, obj);
    }

    @Deprecated
    public static <V> Callable<V> propagate(Callable<V> callable, boolean z, Object obj) {
        return wrapCallableForPrincipal(callable, z, obj);
    }

    private static <V> Callable<V> wrapCallableForPrincipal(Callable<V> callable, boolean z, Object obj) {
        String orElse = getSpinnakerUser(obj).orElse(null);
        String orElse2 = getSpinnakerUserOrigin().orElse(null);
        String orElse3 = getSpinnakerExecutionId().orElse(null);
        String orElse4 = getSpinnakerRequestId().orElse(null);
        String orElse5 = getSpinnakerAccounts(obj).orElse(null);
        String orElse6 = getSpinnakerApplication().orElse(null);
        return () -> {
            Map copyOfContextMap = MDC.getCopyOfContextMap();
            try {
                setOrRemoveMdc(Header.USER.getHeader(), orElse);
                setOrRemoveMdc(Header.USER_ORIGIN.getHeader(), orElse2);
                setOrRemoveMdc(Header.ACCOUNTS.getHeader(), orElse5);
                setOrRemoveMdc(Header.REQUEST_ID.getHeader(), orElse4);
                setOrRemoveMdc(Header.EXECUTION_ID.getHeader(), orElse3);
                setOrRemoveMdc(Header.APPLICATION.getHeader(), orElse6);
                Object call = callable.call();
                clear();
                if (z && copyOfContextMap != null) {
                    MDC.setContextMap(copyOfContextMap);
                }
                return call;
            } catch (Throwable th) {
                clear();
                if (z && copyOfContextMap != null) {
                    MDC.setContextMap(copyOfContextMap);
                }
                throw th;
            }
        };
    }

    public static Map<String, Optional<String>> getAuthenticationHeaders() {
        HashMap hashMap = new HashMap();
        hashMap.put(Header.USER.getHeader(), getSpinnakerUser());
        hashMap.put(Header.ACCOUNTS.getHeader(), getSpinnakerAccounts());
        Map copyOfContextMap = MDC.getCopyOfContextMap();
        if (copyOfContextMap != null) {
            for (Map.Entry entry : copyOfContextMap.entrySet()) {
                String str = (String) entry.getKey();
                boolean startsWith = str.toLowerCase().startsWith(Header.XSpinnakerPrefix.toLowerCase());
                boolean z = Header.USER.getHeader().equalsIgnoreCase(str) || Header.ACCOUNTS.getHeader().equalsIgnoreCase(str);
                if (startsWith && !z) {
                    hashMap.put(str, Optional.ofNullable((String) entry.getValue()));
                }
            }
        }
        return hashMap;
    }

    public static Optional<String> getSpinnakerUser() {
        return PRINCIPAL_EXTRACTOR.get().getSpinnakerUser();
    }

    private static Optional<String> getSpinnakerUser(Object obj) {
        return PRINCIPAL_EXTRACTOR.get().getSpinnakerUser(obj);
    }

    public static Optional<String> getSpinnakerAccounts() {
        return PRINCIPAL_EXTRACTOR.get().getSpinnakerAccounts();
    }

    private static Optional<String> getSpinnakerAccounts(Object obj) {
        return PRINCIPAL_EXTRACTOR.get().getSpinnakerAccounts(obj);
    }

    public static Optional<String> getSpinnakerRequestId() {
        return Optional.of(get(Header.REQUEST_ID).orElse((String) getSpinnakerExecutionId().map(str -> {
            return String.format("%s:%s", str, UUID.randomUUID().toString());
        }).orElse(UUID.randomUUID().toString())));
    }

    public static Optional<String> getSpinnakerExecutionType() {
        return get(Header.EXECUTION_TYPE);
    }

    public static Optional<String> getSpinnakerUserOrigin() {
        return get(Header.USER_ORIGIN);
    }

    public static Optional<String> getSpinnakerExecutionId() {
        return get(Header.EXECUTION_ID);
    }

    public static Optional<String> getSpinnakerApplication() {
        return get(Header.APPLICATION);
    }

    public static Optional<String> get(Header header) {
        return get(header.getHeader());
    }

    public static Optional<String> get(String str) {
        return Optional.ofNullable(MDC.get(str));
    }

    public static void setAccounts(String str) {
        set(Header.ACCOUNTS, str);
    }

    public static void setUser(String str) {
        set(Header.USER, str);
    }

    public static void setUserOrigin(String str) {
        set(Header.USER_ORIGIN, str);
    }

    public static void setRequestId(String str) {
        set(Header.REQUEST_ID, str);
    }

    public static void setExecutionId(String str) {
        set(Header.EXECUTION_ID, str);
    }

    public static void setApplication(String str) {
        set(Header.APPLICATION, str);
    }

    public static void setExecutionType(String str) {
        set(Header.EXECUTION_TYPE, str);
    }

    public static void set(Header header, String str) {
        set(header.getHeader(), str);
    }

    public static void set(String str, String str2) {
        Preconditions.checkArgument(str.startsWith(Header.XSpinnakerPrefix), "Header '%s' does not start with 'X-SPINNAKER-'", str);
        MDC.put(str, str2);
    }

    public static void clear() {
        MDC.clear();
        try {
            Class.forName("org.apache.log4j.MDC").getDeclaredMethod("clear", new Class[0]).invoke(null, new Object[0]);
        } catch (Exception e) {
        }
    }

    private static Object principal() {
        return PRINCIPAL_EXTRACTOR.get().principal();
    }

    private static void setOrRemoveMdc(String str, String str2) {
        if (str2 != null) {
            MDC.put(str, str2);
        } else {
            MDC.remove(str);
        }
    }
}
