package com.netflix.spinnaker.clouddriver.security;

import com.netflix.spinnaker.kork.secrets.EncryptedSecret;
import com.netflix.spinnaker.kork.secrets.SecretManager;
import javax.annotation.Nonnull;
import lombok.Generated;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:com/netflix/spinnaker/clouddriver/security/AccountDefinitionSecretManager.class */
public class AccountDefinitionSecretManager {
    private final SecretManager secretManager;
    private final AccountDefinitionAuthorizer authorizer;

    public String getEncryptedSecret(String str) {
        return EncryptedSecret.isEncryptedFile(str) ? this.secretManager.decryptAsFile(str).toString() : this.secretManager.decrypt(str);
    }

    public boolean canAccessAccountWithSecrets(@Nonnull String str) {
        String name = SecurityContextHolder.getContext().getAuthentication().getName();
        if (this.authorizer.isAdmin(name)) {
            return true;
        }
        if ("anonymous".equals(name) || !this.authorizer.getRoles(name).isEmpty()) {
            return this.authorizer.canAccessAccount(name, str);
        }
        return false;
    }

    @Generated
    public AccountDefinitionSecretManager(SecretManager secretManager, AccountDefinitionAuthorizer accountDefinitionAuthorizer) {
        this.secretManager = secretManager;
        this.authorizer = accountDefinitionAuthorizer;
    }
}
