package eu.etaxonomy.cdm.api.application;

import java.util.ArrayList;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.access.intercept.RunAsUserToken;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:lib/cdmlib-services-5.42.0.jar:eu/etaxonomy/cdm/api/application/RunAsAuthenticator.class */
public class RunAsAuthenticator {
    private static final Logger logger = LogManager.getLogger();
    private static final String RUN_AS_KEY = "TtlCx3pgKC4l";
    private AuthenticationProvider runAsAuthenticationProvider = null;
    private Authentication authentication;

    public void runAsAuthentication(GrantedAuthority grantedAuthority) {
        if (this.runAsAuthenticationProvider == null) {
            logger.debug("no RunAsAuthenticationProvider set, skipping run-as authentication");
            return;
        }
        this.authentication = SecurityContextHolder.getContext().getAuthentication();
        ArrayList arrayList = new ArrayList();
        arrayList.add(grantedAuthority);
        Authentication authenticate = this.runAsAuthenticationProvider.authenticate(new RunAsUserToken(RUN_AS_KEY, "system-admin", null, arrayList, this.authentication != null ? this.authentication.getClass() : AnonymousAuthenticationToken.class));
        SecurityContextHolder.getContext().setAuthentication(authenticate);
        logger.debug("switched to run-as authentication: " + authenticate);
    }

    public void restoreAuthentication() {
        if (this.runAsAuthenticationProvider == null) {
            logger.debug("no RunAsAuthenticationProvider set, thus nothing to restore");
        }
        SecurityContextHolder.getContext().setAuthentication(this.authentication);
        logger.debug("last authentication restored: " + (this.authentication != null ? this.authentication : "NULL"));
    }

    public AuthenticationProvider getRunAsAuthenticationProvider() {
        return this.runAsAuthenticationProvider;
    }

    public void setRunAsAuthenticationProvider(AuthenticationProvider authenticationProvider) {
        this.runAsAuthenticationProvider = authenticationProvider;
    }
}
