package com.atlassian.bitbucket.internal.ssh.servlet;

import com.atlassian.bitbucket.AuthorisationException;
import com.atlassian.bitbucket.NoSuchEntityException;
import com.atlassian.bitbucket.RequestCanceledException;
import com.atlassian.bitbucket.internal.ssh.dao.SshConfigurationDao;
import com.atlassian.bitbucket.internal.ssh.server.DefaultPublicKeyAuthenticator;
import com.atlassian.bitbucket.nav.NavBuilder;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.project.Project;
import com.atlassian.bitbucket.repository.Repository;
import com.atlassian.bitbucket.ssh.DuplicatePublicKeyException;
import com.atlassian.bitbucket.ssh.SetSshAccessKeyRequest;
import com.atlassian.bitbucket.ssh.SshAccessKeyService;
import com.atlassian.bitbucket.ssh.SshKeyService;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.util.UrlUtils;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.ConstraintViolation;
import javax.validation.ConstraintViolationException;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/atlassian/bitbucket/internal/ssh/servlet/AddKeyRequestHandler.class */
class AddKeyRequestHandler implements SshKeysRequestHandler {

    @VisibleForTesting
    static final String TEMPLATE_ADD_KEY = "bitbucket.internal.page.ssh.keys.addKey";
    static final String KEY_CANCEL_URL = "cancelUrl";
    static final String KEY_ASK_PERMISSION = "askPermission";
    static final String KEY_REPOSITORY = "repository";
    static final String KEY_PROJECT = "project";
    static final String KEY_USER = "user";
    private final SshAccessKeyService accessKeyService;
    private final NavBuilder navBuilder;
    private final ResponseRenderer responseRenderer;
    private final SshConfigurationDao sshConfig;
    private final SshKeyService sshKeyService;

    public AddKeyRequestHandler(NavBuilder navBuilder, ResponseRenderer responseRenderer, SshConfigurationDao sshConfigurationDao, SshAccessKeyService sshAccessKeyService, SshKeyService sshKeyService) {
        this.accessKeyService = sshAccessKeyService;
        this.navBuilder = navBuilder;
        this.responseRenderer = responseRenderer;
        this.sshConfig = sshConfigurationDao;
        this.sshKeyService = sshKeyService;
    }

    @Override // com.atlassian.bitbucket.internal.ssh.servlet.SshKeysRequestHandler
    public void get(SshKeysRequest sshKeysRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (isDisabled(sshKeysRequest)) {
            httpServletResponse.sendError(409);
        } else {
            this.responseRenderer.renderToResponse(httpServletRequest, httpServletResponse, SshKeysRequestHandler.MODULE_KEY, TEMPLATE_ADD_KEY, createModel(sshKeysRequest));
        }
    }

    @Override // com.atlassian.bitbucket.internal.ssh.servlet.SshKeysRequestHandler
    public void post(SshKeysRequest sshKeysRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String userKeysUrl;
        if (isDisabled(sshKeysRequest)) {
            httpServletResponse.sendError(409);
            return;
        }
        try {
            SshKeyForm form = sshKeysRequest.getForm();
            Project project = sshKeysRequest.getProject();
            Repository repository = sshKeysRequest.getRepository();
            ApplicationUser user = sshKeysRequest.getUser();
            if (project != null) {
                this.accessKeyService.set(new SetSshAccessKeyRequest.Builder().projectAccess(project, sshKeysRequest.getForm().isReadOnly() ? Permission.PROJECT_READ : Permission.PROJECT_WRITE).key(form.getText(), form.getLabel()).build());
                userKeysUrl = getProjectAccessKeysUrl(project);
            } else if (repository != null) {
                this.accessKeyService.set(new SetSshAccessKeyRequest.Builder().repositoryAccess(repository, sshKeysRequest.getForm().isReadOnly() ? Permission.REPO_READ : Permission.REPO_WRITE).key(form.getText(), form.getLabel()).build());
                userKeysUrl = getRepositoryAccessKeysUrl(repository);
            } else {
                if (user == null) {
                    throw new IllegalStateException("No project, repository or user identified by SshKeysRequest");
                }
                this.sshKeyService.addForUser(user, form.getText(), form.getLabel());
                userKeysUrl = getUserKeysUrl(user, sshKeysRequest.isAdmin());
            }
            String nextUrl = sshKeysRequest.getNextUrl();
            if (!StringUtils.isEmpty(nextUrl)) {
                userKeysUrl = nextUrl;
            }
            httpServletResponse.sendRedirect(UrlUtils.safeUrlForRedirect(userKeysUrl, this.navBuilder.buildAbsolute(), this.navBuilder.buildAbsolute()));
        } catch (AuthorisationException e) {
            httpServletResponse.sendError(401, e.getLocalizedMessage());
        } catch (DuplicatePublicKeyException e2) {
            renderValidationErrors(sshKeysRequest, httpServletRequest, httpServletResponse, null, e2.getLocalizedMessage());
        } catch (ConstraintViolationException e3) {
            renderValidationErrors(sshKeysRequest, httpServletRequest, httpServletResponse, e3.getConstraintViolations(), new String[0]);
        } catch (RequestCanceledException e4) {
            renderValidationErrors(sshKeysRequest, httpServletRequest, httpServletResponse, null, (String[]) e4.getCancelMessages().stream().map((v0) -> {
                return v0.getLocalisedMessage();
            }).toArray(i -> {
                return new String[i];
            }));
        } catch (NoSuchEntityException e5) {
            httpServletResponse.sendError(404, e5.getLocalizedMessage());
        }
    }

    private boolean isDisabled(SshKeysRequest sshKeysRequest) throws IOException {
        return sshKeysRequest.isForAccessKeys() && !(this.sshConfig.get().isEnabled() && this.sshConfig.get().isAccessKeysEnabled());
    }

    private Map<String, Object> createModel(SshKeysRequest sshKeysRequest) {
        HashMap hashMap = new HashMap();
        SshKeyForm form = sshKeysRequest.getForm();
        if (form != null && !form.isEmpty()) {
            hashMap.put("form", form);
        }
        Project project = sshKeysRequest.getProject();
        if (project != null) {
            hashMap.put(KEY_PROJECT, project);
            hashMap.put(KEY_ASK_PERMISSION, true);
            hashMap.put(KEY_CANCEL_URL, getProjectAccessKeysUrl(project));
            return hashMap;
        }
        Repository repository = sshKeysRequest.getRepository();
        if (repository != null) {
            hashMap.put(KEY_REPOSITORY, repository);
            hashMap.put(KEY_ASK_PERMISSION, true);
            hashMap.put(KEY_CANCEL_URL, getRepositoryAccessKeysUrl(repository));
            return hashMap;
        }
        ApplicationUser user = sshKeysRequest.getUser();
        if (user == null) {
            throw new IllegalStateException("No project, repository or user identified by SshKeysRequest");
        }
        hashMap.put(KEY_USER, user);
        hashMap.put(KEY_ASK_PERMISSION, false);
        hashMap.put(KEY_CANCEL_URL, getUserKeysUrl(user, sshKeysRequest.isAdmin()));
        return hashMap;
    }

    private String getUserKeysUrl(ApplicationUser applicationUser, boolean z) {
        return z ? this.navBuilder.admin().users().view(applicationUser.getName()).listSshKeys().buildRelative() : this.navBuilder.pluginServlets().path(new String[]{DefaultPublicKeyAuthenticator.AUTHENTICATION_METHOD, "account", "keys"}).buildRelative();
    }

    private String getProjectAccessKeysUrl(Project project) {
        return this.navBuilder.pluginServlets().path(new String[]{DefaultPublicKeyAuthenticator.AUTHENTICATION_METHOD, "projects", project.getKey(), "keys"}).buildRelative();
    }

    private String getRepositoryAccessKeysUrl(Repository repository) {
        return this.navBuilder.pluginServlets().path(new String[]{DefaultPublicKeyAuthenticator.AUTHENTICATION_METHOD, "projects", repository.getProject().getKey(), "repos", repository.getSlug(), "keys"}).buildRelative();
    }

    private void renderValidationErrors(SshKeysRequest sshKeysRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Set<ConstraintViolation<?>> set, String... strArr) throws ServletException, IOException {
        Map<String, Object> createModel = createModel(sshKeysRequest);
        if (set != null) {
            createModel.put("fieldErrors", toFieldErrors(set));
        }
        if (strArr != null) {
            createModel.put("formErrors", Arrays.asList(strArr));
        }
        this.responseRenderer.renderToResponse(httpServletRequest, httpServletResponse, SshKeysRequestHandler.MODULE_KEY, TEMPLATE_ADD_KEY, createModel);
    }

    private Map<String, List<String>> toFieldErrors(Set<ConstraintViolation<?>> set) {
        if (set == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        for (ConstraintViolation<?> constraintViolation : set) {
            String obj = constraintViolation.getPropertyPath().toString();
            if (!hashMap.containsKey(obj)) {
                hashMap.put(obj, new ArrayList());
            }
            ((List) hashMap.get(obj)).add(constraintViolation.getMessage());
        }
        return hashMap;
    }
}
