package org.eclipse.hawkbit.repository.jpa;

import java.util.Collection;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.im.authentication.UserPrincipal;
import org.eclipse.hawkbit.repository.RolloutApprovalStrategy;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.repository.model.Rollout;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/hawkbit-repository-jpa-0.4.1.jar:org/eclipse/hawkbit/repository/jpa/DefaultRolloutApprovalStrategy.class */
public class DefaultRolloutApprovalStrategy implements RolloutApprovalStrategy {
    private final UserDetailsService userDetailsService;
    private final TenantConfigurationManagement tenantConfigurationManagement;
    private final SystemSecurityContext systemSecurityContext;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DefaultRolloutApprovalStrategy(UserDetailsService userDetailsService, TenantConfigurationManagement tenantConfigurationManagement, SystemSecurityContext systemSecurityContext) {
        this.userDetailsService = userDetailsService;
        this.tenantConfigurationManagement = tenantConfigurationManagement;
        this.systemSecurityContext = systemSecurityContext;
    }

    @Override // org.eclipse.hawkbit.repository.RolloutApprovalStrategy
    public boolean isApprovalNeeded(Rollout rollout) {
        return isApprovalEnabled() && hasNoApproveRolloutPermission(getActor(rollout).getAuthorities());
    }

    private boolean isApprovalEnabled() {
        return ((Boolean) this.systemSecurityContext.runAsSystem(() -> {
            return (Boolean) this.tenantConfigurationManagement.getConfigurationValue(TenantConfigurationProperties.TenantConfigurationKey.ROLLOUT_APPROVAL_ENABLED, Boolean.class).getValue();
        })).booleanValue();
    }

    private UserDetails getActor(Rollout rollout) {
        if (Rollout.RolloutStatus.CREATING == rollout.getStatus()) {
            String lastModifiedBy = rollout.getLastModifiedBy() != null ? rollout.getLastModifiedBy() : rollout.getCreatedBy();
            if (!StringUtils.isEmpty(lastModifiedBy)) {
                return (UserDetails) this.systemSecurityContext.runAsSystem(() -> {
                    return this.userDetailsService.loadUserByUsername(lastModifiedBy);
                });
            }
        }
        return (UserPrincipal) getCurrentAuthentication().getPrincipal();
    }

    private static Authentication getCurrentAuthentication() {
        return SecurityContextHolder.getContext().getAuthentication();
    }

    private static boolean hasNoApproveRolloutPermission(Collection<? extends GrantedAuthority> collection) {
        return collection.stream().noneMatch(grantedAuthority -> {
            return SpPermission.APPROVE_ROLLOUT.equals(grantedAuthority.getAuthority());
        });
    }

    @Override // org.eclipse.hawkbit.repository.RolloutApprovalStrategy
    public void onApprovalRequired(Rollout rollout) {
    }

    @Override // org.eclipse.hawkbit.repository.RolloutApprovalStrategy
    public String getApprovalUser(Rollout rollout) {
        return getCurrentAuthentication().getName();
    }
}
