package org.graylog.security;

import com.google.common.base.Preconditions;
import jakarta.inject.Inject;
import java.util.Optional;
import java.util.concurrent.Callable;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.UnavailableSecurityManagerException;
import org.apache.shiro.authz.permission.AllPermission;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.graylog.grn.GRN;
import org.graylog.security.permissions.GRNPermission;
import org.graylog2.plugin.database.users.User;
import org.graylog2.shared.security.RestPermissions;
import org.graylog2.shared.users.UserService;

/* loaded from: input_file:org/graylog/security/UserContext.class */
public class UserContext implements HasUser {
    private final UserService userService;
    private final String userId;
    private final Subject subject;

    /* loaded from: input_file:org/graylog/security/UserContext$Factory.class */
    public static class Factory {
        private final UserService userService;

        @Inject
        public Factory(UserService userService) {
            this.userService = userService;
        }

        public UserContext create() throws UserContextMissingException {
            try {
                Subject subject = SecurityUtils.getSubject();
                Object principal = subject.getPrincipal();
                if (principal instanceof String) {
                    return new UserContext((String) principal, subject, this.userService);
                }
                throw new UserContextMissingException("Unknown SecurityContext class <" + principal + ">, cannot continue.");
            } catch (IllegalStateException | UnavailableSecurityManagerException e) {
                throw new UserContextMissingException("Cannot retrieve current subject, SecurityContext isn't set.");
            }
        }

        public UserContext create(Subject subject) {
            return new UserContext((String) subject.getPrincipal(), subject, this.userService);
        }
    }

    public static <T> T runAs(String str, Callable<T> callable) {
        return (T) new Subject.Builder().principals(new SimplePrincipalCollection(str, "runAs-context")).authenticated(true).sessionCreationEnabled(false).buildSubject().execute(callable);
    }

    public static void runAs(String str, Runnable runnable) {
        new Subject.Builder().principals(new SimplePrincipalCollection(str, "runAs-context")).authenticated(true).sessionCreationEnabled(false).buildSubject().execute(runnable);
    }

    public UserContext(String str, Subject subject, UserService userService) {
        this.userId = str;
        this.subject = subject;
        this.userService = userService;
    }

    public String getUserId() {
        return this.userId;
    }

    @Override // org.graylog.security.HasUser
    public User getUser() {
        return (User) Optional.ofNullable(this.userService.loadById(this.userId)).orElseThrow(() -> {
            return new IllegalStateException("Cannot load user <" + this.userId + "> from db");
        });
    }

    protected boolean isOwner(GRN grn) {
        return this.subject.isPermitted(GRNPermission.create(RestPermissions.ENTITY_OWN, grn));
    }

    public boolean hasAllPermission() {
        return this.subject.isPermitted(new AllPermission());
    }

    public boolean isPermitted(String str, GRN grn) {
        return isPermitted(str, grn.entity());
    }

    public boolean isPermitted(String str, String str2) {
        Preconditions.checkArgument(StringUtils.isNotBlank(str), "permission cannot be null or empty");
        Preconditions.checkArgument(StringUtils.isNotBlank(str2), "id cannot be null or empty");
        return this.subject.isPermitted(str + ":" + str2);
    }

    public boolean isPermitted(String str) {
        Preconditions.checkArgument(StringUtils.isNotBlank(str), "permission cannot be null or empty");
        return this.subject.isPermitted(str);
    }
}
