package com.atlassian.stash.internal.key.ssh.dao.v3;

import com.atlassian.activeobjects.external.ActiveObjects;
import com.atlassian.activeobjects.external.ActiveObjectsUpgradeTask;
import com.atlassian.activeobjects.external.ModelVersion;
import com.atlassian.stash.ao.AoUtils;
import com.atlassian.stash.i18n.I18nService;
import com.atlassian.stash.internal.key.ssh.SshKeyAccessUtils;
import com.atlassian.stash.internal.key.ssh.dao.AoSshKey;
import com.atlassian.stash.internal.key.ssh.dao.v1.AoSshKeyAccessV1;
import com.atlassian.stash.internal.key.ssh.dao.v1.AoSshKeyV1;
import com.atlassian.stash.project.Project;
import com.atlassian.stash.project.ProjectService;
import com.atlassian.stash.repository.Repository;
import com.atlassian.stash.repository.RepositoryService;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.PermissionAdminService;
import com.atlassian.stash.user.SecurityService;
import com.atlassian.stash.user.ServiceUser;
import com.atlassian.stash.user.SetPermissionRequest;
import com.atlassian.stash.user.UserAdminService;
import com.atlassian.stash.util.Page;
import com.atlassian.stash.util.PageProvider;
import com.atlassian.stash.util.PageRequest;
import com.atlassian.stash.util.PageUtils;
import com.atlassian.stash.util.PagedIterable;
import com.atlassian.stash.util.UncheckedOperation;
import com.google.common.base.Preconditions;
import com.google.common.collect.Iterators;
import com.google.common.collect.UnmodifiableIterator;
import java.util.Arrays;
import net.java.ao.Query;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:stash-ssh-3.10.2.jar:com/atlassian/stash/internal/key/ssh/dao/v3/MigrateAccessKeysToServiceUsersTask.class */
public class MigrateAccessKeysToServiceUsersTask implements ActiveObjectsUpgradeTask {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) MigrateAccessKeysToServiceUsersTask.class);
    public static final int PAGE_SIZE = 1000;
    private final I18nService i18nService;
    private final PermissionAdminService permissionAdminService;
    private final ProjectService projectService;
    private final RepositoryService repositoryService;
    private final SecurityService securityService;
    private final UserAdminService userAdminService;

    public MigrateAccessKeysToServiceUsersTask(I18nService i18nService, PermissionAdminService permissionAdminService, ProjectService projectService, RepositoryService repositoryService, SecurityService securityService, UserAdminService userAdminService) {
        this.i18nService = i18nService;
        this.permissionAdminService = permissionAdminService;
        this.projectService = projectService;
        this.repositoryService = repositoryService;
        this.securityService = securityService;
        this.userAdminService = userAdminService;
    }

    @Override // com.atlassian.activeobjects.external.ActiveObjectsUpgradeTask
    public ModelVersion getModelVersion() {
        return ModelVersion.valueOf("3");
    }

    @Override // com.atlassian.activeobjects.external.ActiveObjectsUpgradeTask
    public void upgrade(ModelVersion modelVersion, final ActiveObjects activeObjects) {
        Preconditions.checkState(modelVersion.isSame(ModelVersion.valueOf("2")), "This upgrade task can only upgrade from version 2 to 3");
        activeObjects.migrateDestructively(AoSshKeyV1.class, AoSshKeyAccessV1.class);
        log.info("Migrating key accesses to service users and permissions");
        final PagedIterable pagedIterable = new PagedIterable(new PageProvider<AoSshKeyV1>() { // from class: com.atlassian.stash.internal.key.ssh.dao.v3.MigrateAccessKeysToServiceUsersTask.1
            @Override // com.atlassian.stash.util.PageProvider
            public Page<AoSshKeyV1> get(PageRequest pageRequest) {
                return PageUtils.createPage(Arrays.asList(activeObjects.find(AoSshKeyV1.class, AoUtils.restrict(Query.select().where("USER_ID is null", new Object[0]).order("ENTITY_ID"), pageRequest))), pageRequest);
            }
        }, 1000);
        this.securityService.withPermission(Permission.ADMIN, "Migration of access keys to service users").call(new UncheckedOperation<Void>() { // from class: com.atlassian.stash.internal.key.ssh.dao.v3.MigrateAccessKeysToServiceUsersTask.2
            @Override // com.atlassian.stash.util.UncheckedOperation, com.atlassian.stash.util.Operation
            /* renamed from: perform */
            public Void mo1438perform() {
                MigrateAccessKeysToServiceUsersTask.this.migrate(pagedIterable, activeObjects);
                return null;
            }
        });
        activeObjects.migrateDestructively(AoSshKey.class);
        log.info("Migrated key accesses to service users and permissions");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void migrate(Iterable<AoSshKeyV1> iterable, ActiveObjects activeObjects) {
        for (AoSshKeyV1 aoSshKeyV1 : iterable) {
            UnmodifiableIterator forArray = Iterators.forArray(aoSshKeyV1.getAccessEntries());
            if (forArray.hasNext()) {
                ServiceUser createServiceUser = this.userAdminService.createServiceUser(SshKeyAccessUtils.generateServiceUserDisplayName(this.i18nService, aoSshKeyV1.getText(), aoSshKeyV1.getLabel()));
                aoSshKeyV1.setUserId(createServiceUser.getId());
                aoSshKeyV1.save();
                while (forArray.hasNext()) {
                    grantPermission(createServiceUser, (AoSshKeyAccessV1) forArray.next());
                }
            } else {
                activeObjects.delete(aoSshKeyV1);
            }
        }
    }

    private void grantPermission(ServiceUser serviceUser, AoSshKeyAccessV1 aoSshKeyAccessV1) {
        SetPermissionRequest.Builder user = new SetPermissionRequest.Builder().user(serviceUser);
        switch (aoSshKeyAccessV1.getType()) {
            case PROJECT:
                Permission permission = aoSshKeyAccessV1.isReadOnly() ? Permission.PROJECT_READ : Permission.PROJECT_WRITE;
                Project byId = this.projectService.getById(aoSshKeyAccessV1.getResourceId().intValue());
                if (byId != null) {
                    user.projectPermission(permission, byId);
                    break;
                } else {
                    log.warn("Key access {} relates to a project {} that no longer exists. Not migrating.", Integer.valueOf(aoSshKeyAccessV1.getId()), aoSshKeyAccessV1.getResourceId());
                    return;
                }
            case REPOSITORY:
                Permission permission2 = aoSshKeyAccessV1.isReadOnly() ? Permission.REPO_READ : Permission.REPO_WRITE;
                Repository byId2 = this.repositoryService.getById(aoSshKeyAccessV1.getResourceId().intValue());
                if (byId2 != null) {
                    user.repositoryPermission(permission2, byId2);
                    break;
                } else {
                    log.warn("Key access {} relates to a repository {} that no longer exists. Not migrating.", Integer.valueOf(aoSshKeyAccessV1.getId()), aoSshKeyAccessV1.getResourceId());
                    return;
                }
        }
        this.permissionAdminService.setPermission(user.build());
    }
}
