package com.atlassian.bitbucket.internal.key.ssh;

import com.atlassian.activeobjects.external.ActiveObjects;
import com.atlassian.bitbucket.AuthorisationException;
import com.atlassian.bitbucket.auth.AuthenticationContext;
import com.atlassian.bitbucket.event.user.UserCleanupEvent;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.internal.key.ssh.dao.AoSshKey;
import com.atlassian.bitbucket.internal.key.ssh.dao.SshKeyDao;
import com.atlassian.bitbucket.internal.key.ssh.dao.SshKeySearchCriteria;
import com.atlassian.bitbucket.internal.ssh.InternalSshKeyService;
import com.atlassian.bitbucket.internal.ssh.SshKeySearchRequest;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.permission.PermissionService;
import com.atlassian.bitbucket.ssh.DuplicateSshKeyException;
import com.atlassian.bitbucket.ssh.SshKey;
import com.atlassian.bitbucket.ssh.event.SshKeyCreatedEvent;
import com.atlassian.bitbucket.ssh.event.SshKeyDeletedEvent;
import com.atlassian.bitbucket.ssh.util.KeyUtils;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.SecurityService;
import com.atlassian.bitbucket.user.UserService;
import com.atlassian.bitbucket.user.UserType;
import com.atlassian.bitbucket.util.Page;
import com.atlassian.bitbucket.util.PageRequest;
import com.atlassian.bitbucket.util.PageUtils;
import com.atlassian.bitbucket.util.UncheckedOperation;
import com.atlassian.bitbucket.util.ValidationUtils;
import com.atlassian.event.api.EventListener;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.sal.api.transaction.TransactionCallback;
import com.atlassian.stash.experimental.user.ExperimentalPermissionAdminService;
import com.atlassian.stash.experimental.user.ProjectPermissionSearchRequest;
import com.atlassian.stash.experimental.user.RepositoryPermissionSearchRequest;
import com.google.common.base.Preconditions;
import java.security.PublicKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.HashMap;
import java.util.Iterator;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.validation.Validator;
import net.i2p.crypto.eddsa.EdDSAPublicKey;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/bitbucket/internal/key/ssh/DefaultSshKeyService.class */
public class DefaultSshKeyService implements InternalSshKeyService {
    static final int LIMIT = 25;
    static final PageRequest PAGE_REQUEST_OF_1 = PageUtils.newRequest(0, 1);
    private static final Logger log = LoggerFactory.getLogger(DefaultSshKeyService.class);
    private final ActiveObjects ao;
    private final AuthenticationContext authenticationContext;
    private final EventPublisher eventPublisher;
    private final I18nService i18nService;
    private final SshKeyDao keyDao;
    private final ExperimentalPermissionAdminService permissionAdminService;
    private final PermissionService permissionService;
    private final SecurityService securityService;
    private final UserService userService;
    private final Validator validator;

    public DefaultSshKeyService(ActiveObjects activeObjects, AuthenticationContext authenticationContext, EventPublisher eventPublisher, I18nService i18nService, ExperimentalPermissionAdminService experimentalPermissionAdminService, PermissionService permissionService, SecurityService securityService, SshKeyDao sshKeyDao, UserService userService, Validator validator) {
        this.ao = activeObjects;
        this.authenticationContext = authenticationContext;
        this.eventPublisher = eventPublisher;
        this.i18nService = i18nService;
        this.keyDao = sshKeyDao;
        this.permissionAdminService = experimentalPermissionAdminService;
        this.permissionService = permissionService;
        this.securityService = securityService;
        this.userService = userService;
        this.validator = validator;
    }

    @Override // com.atlassian.bitbucket.ssh.SshKeyService
    @Nonnull
    public SshKey addForUser(@Nonnull ApplicationUser applicationUser, @Nonnull String str) {
        return addForUser(applicationUser, str, null);
    }

    @Override // com.atlassian.bitbucket.ssh.SshKeyService
    @Nonnull
    public SshKey addForUser(@Nonnull ApplicationUser applicationUser, @Nonnull String str, @Nullable String str2) {
        return internalAddForUser(applicationUser, str, str2);
    }

    @Override // com.atlassian.bitbucket.internal.ssh.InternalSshKeyService
    public boolean canEditSshKeyForUser(@Nonnull ApplicationUser applicationUser) {
        Preconditions.checkNotNull(applicationUser, "user");
        ApplicationUser currentUser = this.authenticationContext.getCurrentUser();
        if (currentUser == null || applicationUser.getId() != currentUser.getId()) {
            return this.permissionService.hasGlobalPermission(applicationUser, Permission.SYS_ADMIN) ? this.permissionService.hasGlobalPermission(Permission.SYS_ADMIN) : applicationUser.getType() == UserType.NORMAL ? this.permissionService.hasGlobalPermission(Permission.ADMIN) : this.permissionService.hasAnyUserPermission(Permission.REPO_ADMIN);
        }
        return true;
    }

    @Override // com.atlassian.bitbucket.ssh.SshKeyService
    @Nonnull
    public Page<SshKey> findAllForUser(@Nonnull final ApplicationUser applicationUser, @Nullable final PageRequest pageRequest) {
        Preconditions.checkNotNull(Integer.valueOf(applicationUser.getId()), "user.id");
        checkCanEditSshKeyForUser(applicationUser);
        return (Page) this.ao.executeInTransaction(new TransactionCallback<Page<SshKey>>() { // from class: com.atlassian.bitbucket.internal.key.ssh.DefaultSshKeyService.1
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Page<SshKey> m13doInTransaction() {
                return DefaultSshKeyService.this.initialize(DefaultSshKeyService.this.keyDao.findByUser(applicationUser.getId(), DefaultSshKeyService.this.limit(pageRequest)), applicationUser);
            }
        });
    }

    @Override // com.atlassian.bitbucket.internal.ssh.InternalSshKeyService
    @Nonnull
    public Page<SshKey> search(@Nonnull SshKeySearchRequest sshKeySearchRequest, @Nonnull PageRequest pageRequest) {
        Preconditions.checkNotNull(sshKeySearchRequest, "request cannot be null");
        SshKeySearchCriteria build = new SshKeySearchCriteria.Builder().labelPrefix((String) sshKeySearchRequest.getLabelPrefix().map(StringUtils::trimToEmpty).orElse(null)).keyType(sshKeySearchRequest.getKeyType().orElse(null)).build();
        return (Page) this.ao.executeInTransaction(() -> {
            return initialize(this.keyDao.search(build, pageRequest));
        });
    }

    @Override // com.atlassian.bitbucket.ssh.SshKeyService
    @Nullable
    public ApplicationUser findUserByPublicKey(@Nonnull final PublicKey publicKey) {
        Preconditions.checkNotNull(publicKey, "key");
        if (isValidKeyType(publicKey)) {
            return (ApplicationUser) this.ao.executeInTransaction(new TransactionCallback<ApplicationUser>() { // from class: com.atlassian.bitbucket.internal.key.ssh.DefaultSshKeyService.2
                /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
                public ApplicationUser m14doInTransaction() {
                    AoSshKey initialize = DefaultSshKeyService.this.initialize(DefaultSshKeyService.this.keyDao.getByUserPublicKey(publicKey));
                    if (initialize == null) {
                        return null;
                    }
                    return initialize.getUser();
                }
            });
        }
        return null;
    }

    @Override // com.atlassian.bitbucket.ssh.SshKeyService
    @Nullable
    public SshKey getByPublicKey(@Nonnull final PublicKey publicKey) {
        Preconditions.checkNotNull(publicKey, "key");
        if (isValidKeyType(publicKey)) {
            return (SshKey) this.ao.executeInTransaction(new TransactionCallback<AoSshKey>() { // from class: com.atlassian.bitbucket.internal.key.ssh.DefaultSshKeyService.3
                /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
                public AoSshKey m15doInTransaction() {
                    return DefaultSshKeyService.this.initialize(DefaultSshKeyService.this.keyDao.getByPublicKey(publicKey));
                }
            });
        }
        return null;
    }

    @Override // com.atlassian.bitbucket.ssh.SshKeyService
    @Nullable
    public SshKey getById(final int i) {
        return (SshKey) this.ao.executeInTransaction(new TransactionCallback<AoSshKey>() { // from class: com.atlassian.bitbucket.internal.key.ssh.DefaultSshKeyService.4
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public AoSshKey m16doInTransaction() {
                AoSshKey initialize = DefaultSshKeyService.this.initialize(DefaultSshKeyService.this.keyDao.getById(i));
                if (initialize != null) {
                    if (initialize.getUser() == null) {
                        DefaultSshKeyService.this.keyDao.delete(initialize);
                        return null;
                    }
                    DefaultSshKeyService.this.checkCanEditSshKeyForUser(initialize.getUser());
                }
                return initialize;
            }
        });
    }

    @Override // com.atlassian.bitbucket.ssh.SshKeyService
    public boolean hasSshKey(@Nonnull final ApplicationUser applicationUser) {
        Preconditions.checkNotNull(applicationUser, "user");
        Preconditions.checkNotNull(Integer.valueOf(applicationUser.getId()), "user.id");
        checkCanEditSshKeyForUser(applicationUser);
        return ((Boolean) this.ao.executeInTransaction(new TransactionCallback<Boolean>() { // from class: com.atlassian.bitbucket.internal.key.ssh.DefaultSshKeyService.5
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Boolean m17doInTransaction() {
                return Boolean.valueOf(DefaultSshKeyService.this.keyDao.existsForUser(applicationUser.getId()));
            }
        })).booleanValue();
    }

    @EventListener
    public void onUserDeleted(UserCleanupEvent userCleanupEvent) {
        doRemoveAllForUser(userCleanupEvent.getDeletedUser());
    }

    @Override // com.atlassian.bitbucket.ssh.SshKeyService
    public void remove(final int i) {
        this.ao.executeInTransaction(new TransactionCallback<Void>() { // from class: com.atlassian.bitbucket.internal.key.ssh.DefaultSshKeyService.6
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Void m18doInTransaction() {
                AoSshKey initialize = DefaultSshKeyService.this.initialize(DefaultSshKeyService.this.keyDao.getById(i));
                if (initialize == null) {
                    return null;
                }
                if (initialize.getUser() != null) {
                    DefaultSshKeyService.this.checkCanEditSshKeyForUser(initialize.getUser());
                }
                DefaultSshKeyService.this.keyDao.delete(initialize);
                DefaultSshKeyService.this.eventPublisher.publish(new SshKeyDeletedEvent(this, initialize));
                return null;
            }
        });
    }

    @Override // com.atlassian.bitbucket.ssh.SshKeyService
    public void removeAllForUser(@Nonnull ApplicationUser applicationUser) {
        checkCanEditSshKeyForUser(applicationUser);
        doRemoveAllForUser(applicationUser);
    }

    @Override // com.atlassian.bitbucket.internal.ssh.InternalSshKeyService
    public boolean removeIfOrphaned(@Nonnull final SshKey sshKey, @Nonnull final ApplicationUser applicationUser) {
        return ((Boolean) this.securityService.withPermission(Permission.ADMIN, "Checking SSH key to remove orphans").call(new UncheckedOperation<Boolean>() { // from class: com.atlassian.bitbucket.internal.key.ssh.DefaultSshKeyService.7
            /* renamed from: perform, reason: merged with bridge method [inline-methods] */
            public Boolean m19perform() {
                if (countProjects() != 0 || countRepositories() != 0) {
                    return false;
                }
                DefaultSshKeyService.this.remove(sshKey.getId().intValue());
                return true;
            }

            private int countProjects() {
                return DefaultSshKeyService.this.permissionAdminService.searchProjects(new ProjectPermissionSearchRequest.Builder().user(applicationUser).build(), DefaultSshKeyService.PAGE_REQUEST_OF_1).getSize();
            }

            private int countRepositories() {
                return DefaultSshKeyService.this.permissionAdminService.searchRepositories(new RepositoryPermissionSearchRequest.Builder().user(applicationUser).build(), DefaultSshKeyService.PAGE_REQUEST_OF_1).getSize();
            }
        })).booleanValue();
    }

    protected void doRemoveAllForUser(@Nonnull final ApplicationUser applicationUser) {
        Preconditions.checkNotNull(applicationUser, "user");
        Preconditions.checkNotNull(Integer.valueOf(applicationUser.getId()), "user.id");
        this.ao.executeInTransaction(new TransactionCallback<Void>() { // from class: com.atlassian.bitbucket.internal.key.ssh.DefaultSshKeyService.8
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Void m20doInTransaction() {
                DefaultSshKeyService.log.debug("\"{}\" removing all ssh key access entries for user \"{}\"", DefaultSshKeyService.this.currentUserName(), applicationUser.getDisplayName());
                PageRequest newRequest = PageUtils.newRequest(0, 25);
                Page<AoSshKey> findByUser = DefaultSshKeyService.this.keyDao.findByUser(applicationUser.getId(), newRequest);
                while (true) {
                    Page<AoSshKey> page = findByUser;
                    if (page == null || page.getSize() <= 0) {
                        break;
                    }
                    for (AoSshKey aoSshKey : page.getValues()) {
                        DefaultSshKeyService.this.keyDao.delete(aoSshKey);
                        DefaultSshKeyService.this.eventPublisher.publish(new SshKeyDeletedEvent(this, DefaultSshKeyService.this.initialize(aoSshKey, applicationUser)));
                    }
                    findByUser = page.getIsLastPage() ? null : DefaultSshKeyService.this.keyDao.findByUser(applicationUser.getId(), newRequest);
                }
                DefaultSshKeyService.log.debug("\"{}\" removed all ssh key access entries for user \"{}\"", DefaultSshKeyService.this.currentUserName(), applicationUser.getDisplayName());
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void cleanupStaleKeyOrThrow(AoSshKey aoSshKey) {
        ApplicationUser user = aoSshKey.getUser();
        if (user != null) {
            log.debug("Duplicate key encountered with MD5 hash: {}, username: {}", aoSshKey.getMD5(), user.getName());
            if (user.getType() == UserType.NORMAL) {
                throw new DuplicateSshKeyException(this.i18nService.createKeyedMessage("bitbucket.service.ssh.key.duplicate", new Object[]{user.getName()}));
            }
            if (!removeIfOrphaned(aoSshKey, user)) {
                throw new DuplicateSshKeyException(this.i18nService.createKeyedMessage("bitbucket.service.ssh.key.resource.usage", new Object[0]));
            }
        }
        log.info("Key with id {} is not assigned to a user. Deleting the key", aoSshKey.getId());
        this.keyDao.delete(aoSshKey);
        this.eventPublisher.publish(new SshKeyDeletedEvent(this, initialize(aoSshKey)));
    }

    private SshKey internalAddForUser(final ApplicationUser applicationUser, final String str, final String str2) {
        Preconditions.checkNotNull(applicationUser, "user");
        if (!this.authenticationContext.isAuthenticated()) {
            throw newUnauthorizedException();
        }
        checkCanEditSshKeyForUser(applicationUser);
        ValidationUtils.validate(this.validator, new ValidatingSshKey(str), new Class[0]);
        return (SshKey) this.ao.executeInTransaction(new TransactionCallback<SshKey>() { // from class: com.atlassian.bitbucket.internal.key.ssh.DefaultSshKeyService.9
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public SshKey m21doInTransaction() {
                AoSshKey initialize = DefaultSshKeyService.this.initialize(DefaultSshKeyService.this.keyDao.getByPublicKey(KeyUtils.getPublicKey(str)));
                if (initialize != null) {
                    DefaultSshKeyService.this.cleanupStaleKeyOrThrow(initialize);
                }
                AoSshKey initialize2 = DefaultSshKeyService.this.initialize(DefaultSshKeyService.this.keyDao.create(applicationUser, str, StringUtils.isBlank(str2) ? KeyUtils.getKeyComment(str) : str2), applicationUser);
                DefaultSshKeyService.log.debug("{} added an ssh key for {}", DefaultSshKeyService.this.currentUserName(), applicationUser.getName());
                DefaultSshKeyService.this.eventPublisher.publish(new SshKeyCreatedEvent(this, initialize2));
                return initialize2;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String currentUserName() {
        return this.authenticationContext.isAuthenticated() ? this.authenticationContext.getCurrentUser().getDisplayName() : "Anonymous user";
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PageRequest limit(PageRequest pageRequest) {
        return pageRequest == null ? PageUtils.newRequest(0, 25) : pageRequest.buildRestrictedPageRequest(25);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Page<SshKey> initialize(Page<AoSshKey> page, ApplicationUser applicationUser) {
        Iterator it = page.getValues().iterator();
        while (it.hasNext()) {
            initialize((AoSshKey) it.next(), applicationUser);
        }
        return PageUtils.asPageOf(SshKey.class, page);
    }

    private Page<SshKey> initialize(Page<AoSshKey> page) {
        HashMap hashMap = new HashMap();
        for (AoSshKey aoSshKey : page.getValues()) {
            Integer userId = aoSshKey.getUserId();
            UserService userService = this.userService;
            userService.getClass();
            initialize(aoSshKey, (ApplicationUser) hashMap.computeIfAbsent(userId, (v1) -> {
                return r2.getUserById(v1);
            }));
        }
        return PageUtils.asPageOf(SshKey.class, page);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AoSshKey initialize(AoSshKey aoSshKey) {
        return initialize(aoSshKey, (ApplicationUser) null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AoSshKey initialize(AoSshKey aoSshKey, ApplicationUser applicationUser) {
        if (aoSshKey == null) {
            return null;
        }
        if (applicationUser == null) {
            aoSshKey.initialize(this.userService.getUserById(aoSshKey.getUserId().intValue()));
        } else {
            aoSshKey.initialize(applicationUser);
        }
        return aoSshKey;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkCanEditSshKeyForUser(ApplicationUser applicationUser) {
        if (!canEditSshKeyForUser(applicationUser)) {
            throw newUnauthorizedException();
        }
    }

    private AuthorisationException newUnauthorizedException() {
        throw new AuthorisationException(this.i18nService.createKeyedMessage("bitbucket.service.ssh.key.edit.permissions.error", new Object[0]));
    }

    private boolean isValidKeyType(PublicKey publicKey) {
        if ((publicKey instanceof RSAPublicKey) || (publicKey instanceof DSAPublicKey) || (publicKey instanceof ECPublicKey) || (publicKey instanceof EdDSAPublicKey)) {
            return true;
        }
        log.warn("Unsupported key type: {}", publicKey.getAlgorithm());
        return false;
    }
}
