package com.atlassian.business.insights.bitbucket.spi;

import com.atlassian.annotations.VisibleForTesting;
import com.atlassian.bitbucket.auth.Authentication;
import com.atlassian.bitbucket.auth.AuthenticationService;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.user.SecurityService;
import com.atlassian.bitbucket.user.ServiceUser;
import com.atlassian.bitbucket.user.ServiceUserCreateRequest;
import com.atlassian.bitbucket.user.UserAdminService;
import com.atlassian.bitbucket.user.UserService;
import com.atlassian.business.insights.api.user.RequestContext;
import java.util.concurrent.atomic.AtomicReference;
import javax.annotation.Nonnull;

/* loaded from: input_file:com/atlassian/business/insights/bitbucket/spi/BitbucketRequestContext.class */
public class BitbucketRequestContext implements RequestContext {

    @VisibleForTesting
    static final String SECURITY_ESCALATION_REASON = "Data Pipeline scheduled export";
    private static final String SERVICE_USER_NAME = "data.pipeline";
    private static final String SERVICE_USER_DISPLAY_NAME = "Data Pipeline Scheduler";
    private final AtomicReference<Authentication> userReference = new AtomicReference<>();
    private final AuthenticationService authenticationService;
    private final UserAdminService userAdminService;
    private final UserService userService;
    private final SecurityService securityService;

    public BitbucketRequestContext(AuthenticationService authenticationService, UserService userService, UserAdminService userAdminService, SecurityService securityService) {
        this.authenticationService = authenticationService;
        this.userService = userService;
        this.userAdminService = userAdminService;
        this.securityService = securityService;
    }

    @Override // com.atlassian.business.insights.api.user.RequestContext
    public void dumpThreadContextInfo() {
        this.userReference.set(this.authenticationService.get());
    }

    @Override // com.atlassian.business.insights.api.user.RequestContext
    public void runInCustomContext(Runnable runnable) {
        Authentication authentication = this.userReference.get();
        if (!authentication.getUser().isPresent()) {
            this.securityService.impersonating(getOrCreateServiceUser(), SECURITY_ESCALATION_REASON).withPermission(Permission.SYS_ADMIN).call(() -> {
                runnable.run();
                return null;
            });
        } else {
            this.authenticationService.set(authentication);
            runnable.run();
        }
    }

    @Nonnull
    private synchronized ServiceUser getOrCreateServiceUser() {
        ServiceUser serviceUserByName = this.userService.getServiceUserByName(SERVICE_USER_NAME, true);
        return serviceUserByName != null ? serviceUserByName : this.userAdminService.createServiceUser(new ServiceUserCreateRequest.Builder().active(false).name(SERVICE_USER_NAME).displayName(SERVICE_USER_DISPLAY_NAME).build());
    }
}
