package org.opencastproject.kernel.security;

import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import org.opencastproject.security.api.JaxbOrganization;
import org.opencastproject.security.api.JaxbRole;
import org.opencastproject.security.api.JaxbUser;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.api.User;
import org.opencastproject.security.api.UserDirectoryService;
import org.opencastproject.security.util.SecurityUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:org/opencastproject/kernel/security/SecurityServiceSpringImpl.class */
public class SecurityServiceSpringImpl implements SecurityService {
    private static final Logger logger = LoggerFactory.getLogger(SecurityServiceSpringImpl.class);
    private static final ThreadLocal<User> delegatedUserHolder = new ThreadLocal<>();
    private static final ThreadLocal<String> delegatedUserIPHolder = new ThreadLocal<>();
    private static final ThreadLocal<Organization> organization = new ThreadLocal<>();
    private UserDirectoryService userDirectory;

    public Organization getOrganization() {
        return organization.get();
    }

    public void setOrganization(Organization organization2) {
        organization.set(organization2);
    }

    public User getUser() throws IllegalStateException {
        Object principal;
        Organization organization2 = getOrganization();
        if (organization2 == null) {
            throw new IllegalStateException("No organization is set in security context");
        }
        User user = delegatedUserHolder.get();
        if (user != null) {
            return user;
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        JaxbOrganization fromOrganization = JaxbOrganization.fromOrganization(organization2);
        if (authentication == null || (principal = authentication.getPrincipal()) == null || !(principal instanceof UserDetails)) {
            return SecurityUtil.createAnonymousUser(fromOrganization);
        }
        UserDetails userDetails = (UserDetails) principal;
        User user2 = null;
        if (this.userDirectory != null) {
            user2 = this.userDirectory.loadUser(userDetails.getUsername());
            if (user2 == null) {
                logger.debug("Authenticated user '{}' could not be found in any of the current UserProviders. Continuing anyway...", userDetails.getUsername());
            }
        } else {
            logger.debug("No UserDirectory was found when trying to search for user '{}'", userDetails.getUsername());
        }
        HashSet hashSet = new HashSet();
        Collection authorities = authentication.getAuthorities();
        if (authorities != null) {
            Iterator it = authorities.iterator();
            while (it.hasNext()) {
                hashSet.add(new JaxbRole(((GrantedAuthority) it.next()).getAuthority(), fromOrganization));
            }
        }
        JaxbUser jaxbUser = user2 == null ? new JaxbUser(userDetails.getUsername(), (String) null, fromOrganization, hashSet) : JaxbUser.fromUser(user2, hashSet);
        delegatedUserHolder.set(jaxbUser);
        return jaxbUser;
    }

    public void setUser(User user) {
        delegatedUserHolder.set(user);
    }

    public String getUserIP() {
        return delegatedUserIPHolder.get();
    }

    public void setUserIP(String str) {
        delegatedUserIPHolder.set(str);
    }

    void setUserDirectory(UserDirectoryService userDirectoryService) {
        this.userDirectory = userDirectoryService;
    }

    void removeUserDirectory() {
        this.userDirectory = null;
    }
}
