package com.evolveum.midpoint.model.impl.security;

import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.util.CheckedCommonRunnable;
import com.evolveum.midpoint.util.annotation.Experimental;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import java.util.Objects;
import javax.xml.namespace.QName;
import org.jetbrains.annotations.NotNull;
import org.springframework.security.core.Authentication;

@Experimental
/* loaded from: input_file:BOOT-INF/lib/model-impl-4.6.2-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/security/RunAsRunner.class */
public class RunAsRunner implements AutoCloseable {

    @NotNull
    private final RunAsRunnerFactory beans;
    private final Authentication originalAuthentication;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RunAsRunner(@NotNull RunAsRunnerFactory runAsRunnerFactory) {
        this.beans = runAsRunnerFactory;
        this.originalAuthentication = this.beans.securityContextManager.getAuthentication();
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        this.beans.securityContextManager.setupPreAuthenticatedSecurityContext(this.originalAuthentication);
    }

    public void runAs(CheckedCommonRunnable checkedCommonRunnable, ObjectReferenceType objectReferenceType, OperationResult operationResult) throws CommonException {
        establishRequiredIdentity(objectReferenceType, operationResult);
        checkedCommonRunnable.run();
    }

    private void establishRequiredIdentity(ObjectReferenceType objectReferenceType, OperationResult operationResult) throws SecurityViolationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        if (objectReferenceType != null) {
            String oid = objectReferenceType.getOid();
            if (oid == null) {
                throw new UnsupportedOperationException("Identity reference without OID is not supported");
            }
            if (isLoggedIn(oid)) {
                return;
            }
            logIn((QName) Objects.requireNonNull(objectReferenceType.getType(), "target type"), oid, operationResult);
        }
    }

    private boolean isLoggedIn(@NotNull String str) throws SecurityViolationException {
        MidPointPrincipal principal = this.beans.securityContextManager.getPrincipal();
        return principal != null && str.equals(principal.getOid());
    }

    private void logIn(QName qName, String str, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
        this.beans.securityContextManager.setupPreAuthenticatedSecurityContext(this.beans.repositoryService.getObject(getObjectClass(qName), str, null, operationResult));
    }

    @NotNull
    private Class<? extends FocusType> getObjectClass(QName qName) {
        Class<? extends FocusType> determineClassForTypeRequired = this.beans.prismContext.getSchemaRegistry().determineClassForTypeRequired(qName);
        if (FocusType.class.isAssignableFrom(determineClassForTypeRequired)) {
            return determineClassForTypeRequired;
        }
        throw new IllegalStateException("Identity is not a FocusType: " + determineClassForTypeRequired + " (name: " + qName + ")");
    }
}
