package com.atlassian.bamboo.configuration.external.yaml;

import com.atlassian.bamboo.configuration.external.RssPermissionsService;
import com.atlassian.bamboo.configuration.external.yaml.properties.BambooYamlDeploymentDefinition;
import com.atlassian.bamboo.configuration.external.yaml.properties.BambooYamlDeploymentPermissionsDefinition;
import com.atlassian.bamboo.configuration.external.yaml.properties.BambooYamlPlanDefinition;
import com.atlassian.bamboo.configuration.external.yaml.properties.BambooYamlPlanPermissionsDefinition;
import com.atlassian.bamboo.configuration.external.yaml.properties.branch.MasterBranch;
import com.atlassian.bamboo.configuration.external.yaml.properties.common.Requirement;
import com.atlassian.bamboo.configuration.external.yaml.properties.common.permissions.Permission;
import com.atlassian.bamboo.configuration.external.yaml.properties.common.permissions.PermissionSet;
import com.atlassian.bamboo.configuration.external.yaml.properties.deployment.Environment;
import com.atlassian.bamboo.configuration.external.yaml.properties.deployment.ReleaseNaming;
import com.atlassian.bamboo.configuration.external.yaml.properties.plan.Job;
import com.atlassian.bamboo.configuration.external.yaml.properties.plan.Stage;
import com.atlassian.bamboo.crypto.instance.SecretEncryptionService;
import com.atlassian.bamboo.plan.Plan;
import com.atlassian.bamboo.plan.PlanKey;
import com.atlassian.bamboo.plan.PlanKeys;
import com.atlassian.bamboo.plan.PlanManager;
import com.atlassian.bamboo.project.ProjectManager;
import com.atlassian.bamboo.specs.yaml.YamlSpecsValidationException;
import com.atlassian.bamboo.util.BambooStringUtils;
import com.atlassian.bamboo.util.PasswordMaskingUtils;
import com.atlassian.bamboo.utils.error.ErrorCollection;
import com.atlassian.bamboo.utils.i18n.DocumentationLinkProvider;
import com.atlassian.bamboo.validation.ValidationService;
import com.atlassian.bamboo.vcs.configuration.VcsRepositoryData;
import com.google.common.annotations.VisibleForTesting;
import java.util.List;
import java.util.function.Consumer;
import java.util.stream.Stream;
import javax.inject.Inject;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/bamboo/configuration/external/yaml/BambooYamlValidatorImpl.class */
public class BambooYamlValidatorImpl implements BambooYamlValidator {

    @VisibleForTesting
    static final String ERROR_ANONYMOUS_USER_CAN_HAVE_ONLY_VIEW_PERMISSION = "Anonymous user can have only view permission";

    @VisibleForTesting
    static final String ERROR_WRONG_DEPLOYMENT_PERMISSION = "Deployment project doesn't support permission: %s";

    @VisibleForTesting
    static final String ERROR_WRONG_ENVIRONMENT_PERMISSION = "Environment doesn't support permission: %s";

    @VisibleForTesting
    static final String ERROR_WRONG_PLAN_PERMISSION = "Plan doesn't support permission: %s";
    private final PlanManager planManager;
    private final ProjectManager projectManager;
    private final RssPermissionsService rssPermissionsService;
    private final ValidationService validationService;
    private final SecretEncryptionService secretEncryptionService;
    private final DocumentationLinkProvider documentationLinkProvider;

    @Inject
    public BambooYamlValidatorImpl(PlanManager planManager, ProjectManager projectManager, RssPermissionsService rssPermissionsService, ValidationService validationService, SecretEncryptionService secretEncryptionService, DocumentationLinkProvider documentationLinkProvider) {
        this.planManager = planManager;
        this.projectManager = projectManager;
        this.rssPermissionsService = rssPermissionsService;
        this.validationService = validationService;
        this.secretEncryptionService = secretEncryptionService;
        this.documentationLinkProvider = documentationLinkProvider;
    }

    @Override // com.atlassian.bamboo.configuration.external.yaml.BambooYamlValidator
    public void validatePlan(@NotNull BambooYamlPlanDefinition bambooYamlPlanDefinition, @NotNull VcsRepositoryData vcsRepositoryData) {
        String projectKey = bambooYamlPlanDefinition.getPlan().getProjectKey();
        String key = bambooYamlPlanDefinition.getPlan().getKey();
        String name = bambooYamlPlanDefinition.getPlan().getName();
        if (this.projectManager.getProjectByKey(projectKey) == null) {
            throw new YamlSpecsValidationException(String.format("Project with key %s does not exist", projectKey));
        }
        if (!this.rssPermissionsService.buildRssPermissions(vcsRepositoryData).isProjectAllowed(projectKey)) {
            throw new YamlSpecsValidationException(String.format("Repository \"%s\" doesn't have access to project with key \"%s\"", vcsRepositoryData.getName(), projectKey));
        }
        Plan planByKey = this.planManager.getPlanByKey(PlanKeys.getPlanKey(projectKey, key));
        if (this.planManager.isChainNameConflicting(projectKey, planByKey != null ? planByKey.getId() : -1L, name)) {
            throw new YamlSpecsValidationException(String.format("Plan with name: '%s' already exists in project '%s'. Can't create a new one with same name.", name, projectKey));
        }
        validateName(name, "plan");
        bambooYamlPlanDefinition.getStages().forEach(this::validateStage);
        bambooYamlPlanDefinition.getVariables().forEach(this::validateVariable);
        validateBranch(bambooYamlPlanDefinition.getPlan().getMasterBranch());
    }

    private void validateBranch(@Nullable MasterBranch masterBranch) {
        if (masterBranch == null) {
            return;
        }
        if (BambooStringUtils.containsShellInjectionRelatedCharacters(masterBranch.getName())) {
            throw new YamlSpecsValidationException("Branch name contains invalid characters");
        }
        if (BambooStringUtils.containsRelaxedXssRelatedCharacters(masterBranch.getDisplayName())) {
            throw new YamlSpecsValidationException("Branch display name contains invalid characters");
        }
    }

    private void validateVariable(String str, String str2) {
        if (PasswordMaskingUtils.shouldBeMasked(str) && StringUtils.isNotBlank(str2) && !this.secretEncryptionService.isEncrypted(str2)) {
            throw new YamlSpecsValidationException(String.format("Variable %s is a password-type variable and must be encrypted. Learn more at: %s", str, this.documentationLinkProvider.getUrl("specs.encryption")));
        }
    }

    @Override // com.atlassian.bamboo.configuration.external.yaml.BambooYamlValidator
    public void validatePlanPermissions(@NotNull BambooYamlPlanPermissionsDefinition bambooYamlPlanPermissionsDefinition) {
        bambooYamlPlanPermissionsDefinition.getPermissions().stream().filter((v0) -> {
            return v0.isAnonymous();
        }).forEach(getAnonymousPermissionsValidator());
        bambooYamlPlanPermissionsDefinition.getPermissions().stream().flatMap(permissionSet -> {
            return permissionSet.getPermissions().stream();
        }).filter(permission -> {
            return !permission.supports(Permission.Entity.PLAN);
        }).findFirst().ifPresent(permission2 -> {
            throw new YamlSpecsValidationException(String.format(ERROR_WRONG_PLAN_PERMISSION, permission2.getLabel()));
        });
    }

    @Override // com.atlassian.bamboo.configuration.external.yaml.BambooYamlValidator
    public void validateDeploymentPermissions(@NotNull BambooYamlDeploymentPermissionsDefinition bambooYamlDeploymentPermissionsDefinition) {
        if (StringUtils.isBlank(bambooYamlDeploymentPermissionsDefinition.getDeploymentProjectName())) {
            throw new YamlSpecsValidationException("deployment project name should be not empty");
        }
        validateAnonymousPermissions(bambooYamlDeploymentPermissionsDefinition);
        validateDeploymentSupportedPermissions(bambooYamlDeploymentPermissionsDefinition);
    }

    private void validateDeploymentSupportedPermissions(BambooYamlDeploymentPermissionsDefinition bambooYamlDeploymentPermissionsDefinition) {
        bambooYamlDeploymentPermissionsDefinition.getDeploymentPermissions().stream().flatMap(permissionSet -> {
            return permissionSet.getPermissions().stream();
        }).filter(permission -> {
            return !permission.supports(Permission.Entity.DEPLOYMENT_PROJECT);
        }).findFirst().ifPresent(permission2 -> {
            throw new YamlSpecsValidationException(String.format(ERROR_WRONG_DEPLOYMENT_PERMISSION, permission2.getLabel()));
        });
        Stream.concat(bambooYamlDeploymentPermissionsDefinition.getDefaultEnvironmentPermissions().stream(), bambooYamlDeploymentPermissionsDefinition.getEnvironmentPermissions().stream().flatMap(environmentPermissions -> {
            return environmentPermissions.getPermissionSets().stream();
        })).flatMap(permissionSet2 -> {
            return permissionSet2.getPermissions().stream();
        }).filter(permission3 -> {
            return !permission3.supports(Permission.Entity.ENVIRONMENT);
        }).findFirst().ifPresent(permission4 -> {
            throw new YamlSpecsValidationException(String.format(ERROR_WRONG_ENVIRONMENT_PERMISSION, permission4.getLabel()));
        });
    }

    private void validateAnonymousPermissions(@NotNull BambooYamlDeploymentPermissionsDefinition bambooYamlDeploymentPermissionsDefinition) {
        Consumer<PermissionSet> anonymousPermissionsValidator = getAnonymousPermissionsValidator();
        bambooYamlDeploymentPermissionsDefinition.getDeploymentPermissions().stream().filter((v0) -> {
            return v0.isAnonymous();
        }).forEach(anonymousPermissionsValidator);
        bambooYamlDeploymentPermissionsDefinition.getDefaultEnvironmentPermissions().stream().filter((v0) -> {
            return v0.isAnonymous();
        }).forEach(anonymousPermissionsValidator);
        bambooYamlDeploymentPermissionsDefinition.getEnvironmentPermissions().stream().flatMap(environmentPermissions -> {
            return environmentPermissions.getPermissionSets().stream();
        }).filter((v0) -> {
            return v0.isAnonymous();
        }).forEach(anonymousPermissionsValidator);
    }

    @NotNull
    private Consumer<PermissionSet> getAnonymousPermissionsValidator() {
        return permissionSet -> {
            if (!permissionSet.getPermissions().contains(Permission.VIEW) || permissionSet.getPermissions().size() != 1) {
                throw new YamlSpecsValidationException(ERROR_ANONYMOUS_USER_CAN_HAVE_ONLY_VIEW_PERMISSION);
            }
        };
    }

    @Override // com.atlassian.bamboo.configuration.external.yaml.BambooYamlValidator
    public void validateDeployment(@NotNull BambooYamlDeploymentDefinition bambooYamlDeploymentDefinition, @NotNull List<com.atlassian.bamboo.specs.api.builders.plan.Plan> list) throws YamlSpecsValidationException {
        try {
            PlanKey planKey = PlanKeys.getPlanKey(bambooYamlDeploymentDefinition.getSourcePlan());
            if (this.planManager.getPlanByKey(planKey) == null && !planExistsInYamlFile(planKey, list)) {
                throw new YamlSpecsValidationException("Plan " + planKey + " does not exist");
            }
            validateName(bambooYamlDeploymentDefinition.getName(), "deployment.project");
            validateReleaseNaming(bambooYamlDeploymentDefinition.getReleaseNaming());
            bambooYamlDeploymentDefinition.getEnvironments().forEach(this::validateEnvironment);
        } catch (Exception e) {
            throw new YamlSpecsValidationException(e.getMessage(), e);
        }
    }

    private boolean planExistsInYamlFile(PlanKey planKey, List<com.atlassian.bamboo.specs.api.builders.plan.Plan> list) {
        return list.stream().anyMatch(plan -> {
            return PlanKeys.getPlanKey(plan.getIdentifier().getProjectKey().toString(), plan.getIdentifier().getPlanKey().toString()).equals(planKey);
        });
    }

    private void validateReleaseNaming(@NotNull ReleaseNaming releaseNaming) {
        if (StringUtils.isBlank(releaseNaming.getNextVersionName())) {
            throw new YamlSpecsValidationException(ReleaseNaming.Config.NAME + " is required");
        }
    }

    private void validateStage(@NotNull Stage stage) {
        validateName(stage.getName(), "stage");
        stage.getJobs().forEach(this::validateJob);
    }

    private void validateJob(Job job) {
        validateName(job.getName(), "job");
        validateRequirements(job.getRequirements());
    }

    private void validateRequirements(List<Requirement> list) {
        list.forEach(requirement -> {
            if (requirement.getType() == Requirement.Type.MATCHES && StringUtils.isBlank(requirement.getValue())) {
                throw new YamlSpecsValidationException("Requirement pattern is empty for " + requirement.getName());
            }
        });
    }

    private void validateEnvironment(@NotNull Environment environment) {
        validateName(environment.getName(), "deployment.environment");
        environment.getVariables().forEach(this::validateVariable);
        validateRequirements(environment.getRequirements());
    }

    private void validateName(String str, String str2) {
        ErrorCollection validateName = this.validationService.validateName("name", str2, str);
        if (validateName.hasAnyErrors()) {
            throw new YamlSpecsValidationException(String.join(";", (Iterable<? extends CharSequence>) validateName.getFieldErrors().get("name")));
        }
    }
}
