package com.atlassian.bamboo.credentials;

import com.atlassian.bamboo.FeatureManager;
import com.atlassian.bamboo.core.BambooEntityOid;
import com.atlassian.bamboo.crypto.instance.SecretEncryptionService;
import com.atlassian.bamboo.event.analytics.GenericAnalyticsEvent;
import com.atlassian.bamboo.exception.WebValidationException;
import com.atlassian.bamboo.persister.AuditLogService;
import com.atlassian.bamboo.repository.RepositoryDataEntityImpl_;
import com.atlassian.bamboo.security.BambooPermissionManager;
import com.atlassian.bamboo.specs.api.exceptions.PropertiesValidationException;
import com.atlassian.bamboo.specs.api.validators.common.ValidationProblem;
import com.atlassian.bamboo.util.Narrow;
import com.atlassian.bamboo.util.PasswordMaskingUtils;
import com.atlassian.bamboo.util.pagination.PaginatedDataCollector;
import com.atlassian.bamboo.utils.BambooValidationUtils;
import com.atlassian.bamboo.utils.Comparators;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.plugin.PluginAccessor;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Maps;
import com.opensymphony.xwork2.TextProvider;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.inject.Inject;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.Contract;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Lazy;

/* loaded from: input_file:com/atlassian/bamboo/credentials/CredentialsManagerImpl.class */
public class CredentialsManagerImpl implements CredentialsManager {
    private final AuditLogService auditLogService;
    private final CredentialsDao credentialsDao;
    private final FeatureManager featureManager;
    private final PluginAccessor pluginAccessor;
    private final TextProvider textProvider;
    private final EventPublisher eventPublisher;

    @Inject
    @Lazy
    private SecretEncryptionService secretEncryptionService;

    @Autowired
    @Qualifier("bambooPermissionManager")
    @Lazy
    private BambooPermissionManager bambooPermissionManager;

    @Autowired
    @Lazy
    private PaginatedDataCollector paginatedDataCollector;

    @Inject
    public CredentialsManagerImpl(AuditLogService auditLogService, CredentialsDao credentialsDao, FeatureManager featureManager, EventPublisher eventPublisher, PluginAccessor pluginAccessor, TextProvider textProvider) {
        this.auditLogService = auditLogService;
        this.credentialsDao = credentialsDao;
        this.featureManager = featureManager;
        this.eventPublisher = eventPublisher;
        this.pluginAccessor = pluginAccessor;
        this.textProvider = textProvider;
    }

    @NotNull
    public List<CredentialTypeModuleDescriptor> getCredentialTypeDescriptors() {
        return Comparators.getModuleDescriptorNameOrdering().sortedCopy(this.pluginAccessor.getEnabledModuleDescriptorsByClass(CredentialTypeModuleDescriptor.class));
    }

    @Nullable
    public CredentialTypeModuleDescriptor getCredentialTypeDescriptor(@Nullable String str) {
        if (StringUtils.isNotEmpty(str)) {
            return (CredentialTypeModuleDescriptor) Narrow.reinterpret(this.pluginAccessor.getEnabledPluginModule(str), CredentialTypeModuleDescriptor.class);
        }
        return null;
    }

    @NotNull
    public CredentialsData updateCredentialsName(long j, @NotNull String str) throws WebValidationException {
        MutableCredentialsData findById = this.credentialsDao.findById(j);
        BambooValidationUtils.validate(findById != null, (Supplier<String>) () -> {
            return "No credentials with id " + j + " could be found";
        });
        String name = findById.getName();
        findById.setName(str);
        this.credentialsDao.save(findById);
        this.auditLogService.log(buildLogMessage(name, findById.getProjectId(), String.format("has been renamed to [%s].", str)));
        return decrypt(findById);
    }

    @NotNull
    public CredentialsData createOrUpdateCredentials(@NotNull CredentialsData credentialsData) {
        Preconditions.checkArgument(StringUtils.isNotEmpty(credentialsData.getPluginKey()));
        Preconditions.checkArgument(StringUtils.isNotEmpty(credentialsData.getName()));
        assertProjectLevelBuildResourcesEnabled(credentialsData.getProjectId());
        MutableCredentialsData merge = this.credentialsDao.merge(encrypt(credentialsData));
        this.auditLogService.log(buildLogMessage(merge.getName(), merge.getProjectId(), "has been created or updated."));
        return decrypt(merge);
    }

    @NotNull
    public CredentialsData createCredentials(@NotNull CredentialTypeModuleDescriptor credentialTypeModuleDescriptor, @NotNull String str, @NotNull Map<String, String> map) {
        return createCredentials(credentialTypeModuleDescriptor, str, map, null);
    }

    @NotNull
    public CredentialsData createProjectCredentials(@NotNull CredentialTypeModuleDescriptor credentialTypeModuleDescriptor, @NotNull String str, @NotNull Map<String, String> map, @NotNull Long l) {
        return createCredentials(credentialTypeModuleDescriptor, str, map, l);
    }

    private CredentialsData createCredentials(@NotNull CredentialTypeModuleDescriptor credentialTypeModuleDescriptor, @NotNull String str, @NotNull Map<String, String> map, @Nullable Long l) {
        assertProjectLevelBuildResourcesEnabled(l);
        CredentialsDataEntity credentialsDataEntity = new CredentialsDataEntity(credentialTypeModuleDescriptor.getCompleteKey(), str, Credentials.configToXml(map));
        if (l != null) {
            credentialsDataEntity.setProjectId(l);
        }
        MutableCredentialsData encrypt = encrypt(credentialsDataEntity);
        this.credentialsDao.save(encrypt);
        this.auditLogService.log(buildLogMessage(encrypt.getName(), encrypt.getProjectId(), "has been created."));
        return decrypt(encrypt);
    }

    @NotNull
    public CredentialsData editCredentials(long j, @NotNull String str, @NotNull Map<String, String> map) {
        return editCredentialsInternal(j, str, map, null);
    }

    @NotNull
    public CredentialsData editProjectCredentials(long j, @NotNull String str, @NotNull Map<String, String> map, long j2) {
        return editCredentialsInternal(j, str, map, Long.valueOf(j2));
    }

    public CredentialsData getCredentials(long j) {
        MutableCredentialsData findById = this.credentialsDao.findById(j);
        if (findById != null) {
            return decrypt(findById);
        }
        return null;
    }

    public CredentialsData getCredentialsByOid(BambooEntityOid bambooEntityOid) {
        MutableCredentialsData findByOid = this.credentialsDao.findByOid(bambooEntityOid);
        if (findByOid != null) {
            return decrypt(findByOid);
        }
        return null;
    }

    public CredentialsData getCredentialsByName(String str) {
        MutableCredentialsData findGlobalByName = this.credentialsDao.findGlobalByName(str);
        if (findGlobalByName != null) {
            return decrypt(findGlobalByName);
        }
        return null;
    }

    public CredentialsData getCredentialsByNameAndProjectId(String str, long j) {
        MutableCredentialsData findByNameAndProjectId = this.credentialsDao.findByNameAndProjectId(str, j);
        if (findByNameAndProjectId != null) {
            return decrypt(findByNameAndProjectId);
        }
        return null;
    }

    @NotNull
    public Iterable<CredentialsData> getAllCredentials() {
        return (Iterable) this.credentialsDao.findGlobalAll().stream().map((v1) -> {
            return decrypt(v1);
        }).collect(Collectors.toList());
    }

    @NotNull
    public Long countAllGlobalCredentials() {
        return this.credentialsDao.countAllGlobalCredentials();
    }

    @NotNull
    public Long countAllProjectsCredentials() {
        return this.credentialsDao.countAllProjectsCredentials();
    }

    @NotNull
    public List<Long> findAllProjectsIdsUsingProjectSharedCredentials() {
        return this.credentialsDao.findAllProjectsIdsUsingProjectSharedCredentials();
    }

    @NotNull
    public Iterable<CredentialsData> getAllCredentials(@NotNull String str) {
        return (Iterable) this.credentialsDao.findGlobalByPluginKey(str).stream().map((v1) -> {
            return decrypt(v1);
        }).collect(Collectors.toList());
    }

    @NotNull
    public PaginatedProjectSharedCredentials getPaginatedSharedCredentials(@Nullable Long l, int i, int i2, @Nullable String str) {
        List list = (List) this.credentialsDao.getPaginatedSharedCredentials(l, i, i2 + 1, str).stream().map((v1) -> {
            return decrypt(v1);
        }).collect(Collectors.toList());
        int min = Math.min(list.size(), i2);
        ArrayList arrayList = new ArrayList();
        for (int i3 = 0; i3 < min; i3++) {
            arrayList.add(list.get(i3));
        }
        return new PaginatedProjectSharedCredentials(arrayList, list.size() == i2 + 1, i + i2);
    }

    public boolean hasAnyCredentials(@NotNull String str) {
        return this.credentialsDao.hasAnyGlobalCredentials(str);
    }

    public void deleteCredentials(long j) {
        MutableCredentialsData findById = this.credentialsDao.findById(j);
        if (findById != null) {
            this.credentialsDao.delete(findById);
            this.auditLogService.log(buildLogMessage(findById.getName(), findById.getProjectId(), "has been deleted."));
        }
    }

    public void validate(@NotNull CredentialsData credentialsData) throws PropertiesValidationException {
        CredentialsData findGlobalByName;
        MutableCredentialsData findGlobalByName2;
        ArrayList arrayList = new ArrayList();
        if (credentialsData.getOid() != null) {
            findGlobalByName = this.credentialsDao.findByOid(credentialsData.getOid());
            if ((findGlobalByName == null || !StringUtils.equals(credentialsData.getName(), findGlobalByName.getName())) && (findGlobalByName2 = this.credentialsDao.findGlobalByName(credentialsData.getName())) != null && !findGlobalByName2.getOid().equals(credentialsData.getOid())) {
                arrayList.add(new ValidationProblem(this.textProvider.getText("sharedCredentials.validate.name.not.unique", Collections.singletonList(credentialsData.getName()))));
            }
        } else {
            findGlobalByName = this.credentialsDao.findGlobalByName(credentialsData.getName());
        }
        if (findGlobalByName != null) {
            if (!StringUtils.equals(credentialsData.getPluginKey(), findGlobalByName.getPluginKey())) {
                arrayList.add(new ValidationProblem(this.textProvider.getText("sharedCredentials.validate.type.can.not.be.changed", ImmutableList.of(findGlobalByName.getPluginKey(), credentialsData.getPluginKey()))));
            }
            if ((credentialsData.getProjectId() != null) ^ (findGlobalByName.getProjectId() != null)) {
                arrayList.add(new ValidationProblem(this.textProvider.getText("sharedCredentials.validate.scope.can.not.be.changed", ImmutableList.of(scope(findGlobalByName.getProjectId()), scope(credentialsData.getProjectId())))));
            }
            if (credentialsData.getProjectId() != null && findGlobalByName.getProjectId() != null && !credentialsData.getProjectId().equals(findGlobalByName.getProjectId())) {
                arrayList.add(new ValidationProblem(this.textProvider.getText("sharedCredentials.validate.project.can.not.be.changed", ImmutableList.of(findGlobalByName.getProjectId(), credentialsData.getProjectId()))));
            }
        }
        if (!arrayList.isEmpty()) {
            throw new PropertiesValidationException(arrayList);
        }
    }

    @NotNull
    public CredentialTypeExporter retrieveCredentialTypeExporter(@Nullable String str) {
        return (CredentialTypeExporter) Optional.ofNullable(str).map(this::getCredentialTypeDescriptor).map((v0) -> {
            return v0.getExporter();
        }).orElseGet(DefaultCredentialTypeExporter::new);
    }

    @NotNull
    public CredentialsData mergeImportedEntity(@NotNull CredentialsData credentialsData) {
        assertProjectLevelBuildResourcesEnabled(credentialsData.getProjectId());
        MutableCredentialsData findByOid = credentialsData.getOid() != null ? this.credentialsDao.findByOid(credentialsData.getOid()) : this.credentialsDao.findGlobalByName(credentialsData.getName());
        MutableCredentialsData encrypt = encrypt(credentialsData);
        if (findByOid != null) {
            encrypt.setId(findByOid.getId());
            encrypt.setOid(findByOid.getOid());
        }
        MutableCredentialsData merge = this.credentialsDao.merge(encrypt);
        if (findByOid != null) {
            this.eventPublisher.publish(new GenericAnalyticsEvent(merge.getProjectId() != null ? "bamboo.import.credential.project.update" : "bamboo.import.credential.update"));
            this.auditLogService.log(buildLogMessage(merge.getName(), merge.getProjectId(), "has been updated."));
        } else {
            this.eventPublisher.publish(new GenericAnalyticsEvent(merge.getProjectId() != null ? "bamboo.import.credential.project.create" : "bamboo.import.credential.create"));
            this.auditLogService.log(buildLogMessage(merge.getName(), merge.getProjectId(), "has been created."));
        }
        return decrypt(merge);
    }

    @NotNull
    public Iterable<CredentialsData> getProjectCredentials(@NotNull Long l) {
        return (Iterable) this.credentialsDao.findAllByProject(l).stream().map((v1) -> {
            return decrypt(v1);
        }).collect(Collectors.toList());
    }

    @NotNull
    public Iterable<CredentialsData> getProjectCredentialsByPluginKey(@NotNull Long l, String str) {
        return (Iterable) this.credentialsDao.findAllByProjectAndPluginKey(l, str).stream().map((v1) -> {
            return decrypt(v1);
        }).collect(Collectors.toList());
    }

    @Nullable
    public CredentialsData getProjectCredentials(long j, long j2) {
        MutableCredentialsData findById = this.credentialsDao.findById(j);
        if (findById == null || findById.getProjectId().longValue() != j2) {
            return null;
        }
        return findById;
    }

    @Contract("null -> null")
    @VisibleForTesting
    MutableCredentialsData encrypt(@Nullable CredentialsData credentialsData) {
        if (credentialsData == null) {
            return null;
        }
        Map transformEntries = Maps.transformEntries(credentialsData.getConfiguration(), (str, str2) -> {
            return (str2 == null || !PasswordMaskingUtils.shouldBeMasked(str) || this.secretEncryptionService.isEncrypted(str2)) ? str2 : this.secretEncryptionService.encrypt(str2);
        });
        CredentialsDataEntity credentialsDataEntity = new CredentialsDataEntity(credentialsData);
        credentialsDataEntity.setXml(Credentials.configToXml(transformEntries));
        return credentialsDataEntity;
    }

    @Contract("null -> null")
    @VisibleForTesting
    CredentialsData decrypt(@Nullable CredentialsData credentialsData) {
        if (credentialsData == null) {
            return null;
        }
        Map transformEntries = Maps.transformEntries(credentialsData.getConfiguration(), (str, str2) -> {
            return (str2 != null && PasswordMaskingUtils.shouldBeMasked(str) && this.secretEncryptionService.isEncrypted(str2)) ? this.secretEncryptionService.decrypt(str2) : str2;
        });
        CredentialsDataEntity credentialsDataEntity = new CredentialsDataEntity(credentialsData);
        credentialsDataEntity.setXml(Credentials.configToXml(transformEntries));
        return new CredentialsDataImpl(credentialsDataEntity);
    }

    private CredentialsData editCredentialsInternal(long j, @NotNull String str, @NotNull Map<String, String> map, @Nullable Long l) {
        MutableCredentialsData findById = this.credentialsDao.findById(j);
        Preconditions.checkArgument(findById != null && Objects.equals(findById.getProjectId(), l), this.textProvider.getText("sharedCredentials.edit.error.incorrectId", Collections.singletonList(Long.valueOf(j))));
        String name = findById.getName();
        CredentialsDataEntity credentialsDataEntity = new CredentialsDataEntity(findById);
        credentialsDataEntity.setName(str);
        credentialsDataEntity.setXml(Credentials.configToXml(map));
        MutableCredentialsData merge = this.credentialsDao.merge(encrypt(credentialsDataEntity));
        if (name.equals(str)) {
            this.auditLogService.log(buildLogMessage(name, l, "has been updated."));
        } else {
            this.auditLogService.log(buildLogMessage(name, l, String.format("has been renamed to [%s] and updated.", str)));
        }
        return decrypt(merge);
    }

    private String buildLogMessage(String str, Long l, String str2) {
        StringBuilder sb = new StringBuilder();
        sb.append("Shared credential [");
        sb.append(str);
        sb.append("]");
        if (l != null) {
            sb.append(" for project id=[");
            sb.append(l);
            sb.append("]");
        }
        if (str2 != null) {
            sb.append(" ");
            sb.append(str2);
        }
        return sb.toString();
    }

    private String scope(Long l) {
        return l != null ? "project" : RepositoryDataEntityImpl_.GLOBAL;
    }

    private void assertProjectLevelBuildResourcesEnabled(@Nullable Long l) {
        if (l != null && !this.featureManager.isProjectLevelBuildResourcesEnabled()) {
            throw new IllegalArgumentException("Project level Shared Credentials are disabled");
        }
    }
}
