package com.atlassian.stash.internal.key.ssh;

import com.atlassian.activeobjects.external.ActiveObjects;
import com.atlassian.event.api.EventListener;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.sal.api.transaction.TransactionCallback;
import com.atlassian.stash.event.user.UserCleanupEvent;
import com.atlassian.stash.exception.AuthorisationException;
import com.atlassian.stash.experimental.user.ExperimentalPermissionAdminService;
import com.atlassian.stash.experimental.user.ProjectPermissionSearchRequest;
import com.atlassian.stash.experimental.user.RepositoryPermissionSearchRequest;
import com.atlassian.stash.i18n.I18nService;
import com.atlassian.stash.internal.key.ssh.dao.AoSshKey;
import com.atlassian.stash.internal.key.ssh.dao.SshKeyDao;
import com.atlassian.stash.internal.ssh.InternalSshKeyService;
import com.atlassian.stash.ssh.SshKeyCreatedEvent;
import com.atlassian.stash.ssh.SshKeyDeletedEvent;
import com.atlassian.stash.ssh.api.DuplicateSshKeyException;
import com.atlassian.stash.ssh.api.SshKey;
import com.atlassian.stash.ssh.utils.KeyUtils;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.PermissionService;
import com.atlassian.stash.user.SecurityService;
import com.atlassian.stash.user.ServiceUser;
import com.atlassian.stash.user.StashAuthenticationContext;
import com.atlassian.stash.user.StashUser;
import com.atlassian.stash.user.UserService;
import com.atlassian.stash.user.UserType;
import com.atlassian.stash.util.Page;
import com.atlassian.stash.util.PageProvider;
import com.atlassian.stash.util.PageRequest;
import com.atlassian.stash.util.PageUtils;
import com.atlassian.stash.util.PagedIterable;
import com.atlassian.stash.util.UncheckedOperation;
import com.atlassian.stash.util.ValidationUtils;
import com.google.common.base.Preconditions;
import java.security.PublicKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Iterator;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.validation.Validator;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:stash-ssh-3.10.2.jar:com/atlassian/stash/internal/key/ssh/DefaultSshKeyService.class */
public class DefaultSshKeyService implements InternalSshKeyService {
    static final int LIMIT = 25;
    static final PageRequest PAGE_REQUEST_OF_1 = PageUtils.newRequest(0, 1);
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultSshKeyService.class);
    private final ActiveObjects ao;
    private final StashAuthenticationContext authenticationContext;
    private final EventPublisher eventPublisher;
    private final I18nService i18nService;
    private final SshKeyDao keyDao;
    private final ExperimentalPermissionAdminService permissionAdminService;
    private final PermissionService permissionService;
    private final SecurityService securityService;
    private final UserService userService;
    private final Validator validator;

    public DefaultSshKeyService(ActiveObjects activeObjects, StashAuthenticationContext stashAuthenticationContext, EventPublisher eventPublisher, I18nService i18nService, ExperimentalPermissionAdminService experimentalPermissionAdminService, PermissionService permissionService, SecurityService securityService, SshKeyDao sshKeyDao, UserService userService, Validator validator) {
        this.ao = activeObjects;
        this.authenticationContext = stashAuthenticationContext;
        this.eventPublisher = eventPublisher;
        this.i18nService = i18nService;
        this.keyDao = sshKeyDao;
        this.permissionAdminService = experimentalPermissionAdminService;
        this.permissionService = permissionService;
        this.securityService = securityService;
        this.userService = userService;
        this.validator = validator;
    }

    @Override // com.atlassian.stash.ssh.api.SshKeyService
    @Nonnull
    public SshKey addForUser(@Nonnull StashUser stashUser, @Nonnull String str) {
        return addForUser(stashUser, str, null);
    }

    @Override // com.atlassian.stash.ssh.api.SshKeyService
    @Nonnull
    public SshKey addForUser(@Nonnull StashUser stashUser, @Nonnull String str, @Nullable String str2) {
        checkIsNormal(stashUser);
        return internalAddForUser(stashUser, str, str2);
    }

    @Override // com.atlassian.stash.internal.ssh.InternalSshKeyService
    @Nonnull
    public SshKey addForServiceUser(@Nonnull ServiceUser serviceUser, @Nonnull String str, @Nullable String str2) {
        return internalAddForUser(serviceUser, str, str2);
    }

    @Override // com.atlassian.stash.internal.ssh.InternalSshKeyService
    public boolean canEditSshKeyForUser(@Nonnull StashUser stashUser) {
        Preconditions.checkNotNull(stashUser, "user");
        StashUser currentUser = this.authenticationContext.getCurrentUser();
        if (currentUser == null || !stashUser.getId().equals(currentUser.getId())) {
            return this.permissionService.hasGlobalPermission(stashUser, Permission.SYS_ADMIN) ? this.permissionService.hasGlobalPermission(Permission.SYS_ADMIN) : stashUser.getType() == UserType.NORMAL ? this.permissionService.hasGlobalPermission(Permission.ADMIN) : this.permissionService.hasAnyUserPermission(Permission.REPO_ADMIN);
        }
        return true;
    }

    @Override // com.atlassian.stash.ssh.api.SshKeyService
    @Nonnull
    public Page<? extends SshKey> findAllForUser(@Nonnull final StashUser stashUser, @Nullable final PageRequest pageRequest) {
        Preconditions.checkNotNull(stashUser.getId(), "user.id");
        checkCanEditSshKeyForUser(stashUser);
        return (Page) this.ao.executeInTransaction(new TransactionCallback<Page<? extends SshKey>>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyService.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.sal.api.transaction.TransactionCallback
            public Page<? extends SshKey> doInTransaction() {
                return DefaultSshKeyService.this.initialize(DefaultSshKeyService.this.keyDao.findByUser(stashUser.getId().intValue(), DefaultSshKeyService.this.limit(pageRequest)), stashUser);
            }
        });
    }

    @Override // com.atlassian.stash.ssh.api.SshKeyService
    @Nullable
    public StashUser findUserByPublicKey(@Nonnull final PublicKey publicKey) {
        Preconditions.checkNotNull(publicKey, "key");
        if (isValidKeyType(publicKey)) {
            return (StashUser) this.ao.executeInTransaction(new TransactionCallback<StashUser>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyService.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // com.atlassian.sal.api.transaction.TransactionCallback
                public StashUser doInTransaction() {
                    AoSshKey initialize = DefaultSshKeyService.this.initialize(DefaultSshKeyService.this.keyDao.getByUserPublicKey(publicKey));
                    if (initialize == null) {
                        return null;
                    }
                    return initialize.getUser();
                }
            });
        }
        return null;
    }

    @Override // com.atlassian.stash.ssh.api.SshKeyService
    @Nullable
    public SshKey getByPublicKey(@Nonnull final PublicKey publicKey) {
        Preconditions.checkNotNull(publicKey, "key");
        if (isValidKeyType(publicKey)) {
            return (AoSshKey) this.ao.executeInTransaction(new TransactionCallback<AoSshKey>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyService.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // com.atlassian.sal.api.transaction.TransactionCallback
                public AoSshKey doInTransaction() {
                    return DefaultSshKeyService.this.initialize(DefaultSshKeyService.this.keyDao.getByPublicKey(publicKey));
                }
            });
        }
        return null;
    }

    @Override // com.atlassian.stash.ssh.api.SshKeyService
    @Nullable
    public SshKey getById(final int i) {
        return (SshKey) this.ao.executeInTransaction(new TransactionCallback<AoSshKey>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyService.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.sal.api.transaction.TransactionCallback
            public AoSshKey doInTransaction() {
                AoSshKey initialize = DefaultSshKeyService.this.initialize(DefaultSshKeyService.this.keyDao.getById(i));
                if (initialize != null) {
                    if (initialize.getUser() == null) {
                        DefaultSshKeyService.this.keyDao.delete(initialize);
                        return null;
                    }
                    DefaultSshKeyService.this.checkCanEditSshKeyForUser(initialize.getUser());
                }
                return initialize;
            }
        });
    }

    @Override // com.atlassian.stash.ssh.api.SshKeyService
    public boolean hasSshKey(@Nonnull final StashUser stashUser) {
        Preconditions.checkNotNull(stashUser, "user");
        Preconditions.checkNotNull(stashUser.getId(), "user.id");
        checkCanEditSshKeyForUser(stashUser);
        return ((Boolean) this.ao.executeInTransaction(new TransactionCallback<Boolean>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyService.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.sal.api.transaction.TransactionCallback
            public Boolean doInTransaction() {
                return Boolean.valueOf(DefaultSshKeyService.this.keyDao.existsForUser(stashUser.getId().intValue()));
            }
        })).booleanValue();
    }

    @EventListener
    public void onUserDeleted(UserCleanupEvent userCleanupEvent) {
        doRemoveAllForUser(userCleanupEvent.getDeletedUser());
    }

    @Override // com.atlassian.stash.ssh.api.SshKeyService
    public void remove(final int i) {
        this.ao.executeInTransaction(new TransactionCallback<Void>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyService.6
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.sal.api.transaction.TransactionCallback
            public Void doInTransaction() {
                AoSshKey initialize = DefaultSshKeyService.this.initialize(DefaultSshKeyService.this.keyDao.getById(i));
                if (initialize == null) {
                    return null;
                }
                if (initialize.getUser() != null) {
                    DefaultSshKeyService.this.checkCanEditSshKeyForUser(initialize.getUser());
                }
                DefaultSshKeyService.this.keyDao.delete(initialize);
                DefaultSshKeyService.this.eventPublisher.publish(new SshKeyDeletedEvent(this, initialize));
                return null;
            }
        });
    }

    @Override // com.atlassian.stash.ssh.api.SshKeyService
    public void removeAllForUser(@Nonnull StashUser stashUser) {
        checkCanEditSshKeyForUser(stashUser);
        doRemoveAllForUser(stashUser);
    }

    @Override // com.atlassian.stash.internal.ssh.InternalSshKeyService
    public boolean removeIfOrphaned(@Nonnull final SshKey sshKey, @Nonnull final StashUser stashUser) {
        return ((Boolean) this.securityService.withPermission(Permission.ADMIN, "Checking SSH key to remove orphans").call(new UncheckedOperation<Boolean>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyService.7
            @Override // com.atlassian.stash.util.UncheckedOperation, com.atlassian.stash.util.Operation
            /* renamed from: perform */
            public Boolean mo1438perform() {
                if (countProjects() != 0 || countRepositories() != 0) {
                    return false;
                }
                DefaultSshKeyService.this.remove(sshKey.getId().intValue());
                return true;
            }

            private int countProjects() {
                return DefaultSshKeyService.this.permissionAdminService.searchProjects(new ProjectPermissionSearchRequest.Builder().user(stashUser).build(), DefaultSshKeyService.PAGE_REQUEST_OF_1).getSize();
            }

            private int countRepositories() {
                return DefaultSshKeyService.this.permissionAdminService.searchRepositories(new RepositoryPermissionSearchRequest.Builder().user(stashUser).build(), DefaultSshKeyService.PAGE_REQUEST_OF_1).getSize();
            }
        })).booleanValue();
    }

    protected void doRemoveAllForUser(@Nonnull final StashUser stashUser) {
        Preconditions.checkNotNull(stashUser, "user");
        Preconditions.checkNotNull(stashUser.getId(), "user.id");
        this.ao.executeInTransaction(new TransactionCallback<Void>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyService.8
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.sal.api.transaction.TransactionCallback
            public Void doInTransaction() {
                DefaultSshKeyService.log.debug("\"{}\" removing all ssh key access entries for user \"{}\"", DefaultSshKeyService.this.currentUserName(), stashUser.getDisplayName());
                Iterator it = new PagedIterable(new PageProvider<AoSshKey>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyService.8.1
                    @Override // com.atlassian.stash.util.PageProvider
                    public Page<AoSshKey> get(PageRequest pageRequest) {
                        return DefaultSshKeyService.this.keyDao.findByUser(stashUser.getId().intValue(), pageRequest);
                    }
                }, 25).iterator();
                while (it.hasNext()) {
                    AoSshKey aoSshKey = (AoSshKey) it.next();
                    DefaultSshKeyService.this.keyDao.delete(aoSshKey);
                    DefaultSshKeyService.this.eventPublisher.publish(new SshKeyDeletedEvent(this, DefaultSshKeyService.this.initialize(aoSshKey, stashUser)));
                }
                DefaultSshKeyService.log.debug("\"{}\" removed all ssh key access entries for user \"{}\"", DefaultSshKeyService.this.currentUserName(), stashUser.getDisplayName());
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void cleanupStaleKeyOrThrow(AoSshKey aoSshKey) {
        StashUser user = aoSshKey.getUser();
        if (user != null) {
            log.debug("Duplicate key encountered with MD5 hash: {}, username: {}", aoSshKey.getMD5(), user.getName());
            if (user.getType() == UserType.NORMAL) {
                throw new DuplicateSshKeyException(this.i18nService.createKeyedMessage("stash.service.ssh.key.duplicate", user.getName()));
            }
            if (!removeIfOrphaned(aoSshKey, user)) {
                throw new DuplicateSshKeyException(this.i18nService.createKeyedMessage("stash.service.ssh.key.resource.usage", new Object[0]));
            }
        }
        log.info("Key with id {} is not assigned to a user. Deleting the key", aoSshKey.getId());
        this.keyDao.delete(aoSshKey);
        this.eventPublisher.publish(new SshKeyDeletedEvent(this, initialize(aoSshKey)));
    }

    private SshKey internalAddForUser(final StashUser stashUser, final String str, final String str2) {
        Preconditions.checkNotNull(stashUser, "user");
        Preconditions.checkNotNull(stashUser.getId(), "user.id");
        if (!this.authenticationContext.isAuthenticated()) {
            throw newUnauthorizedException();
        }
        checkCanEditSshKeyForUser(stashUser);
        ValidationUtils.validate(this.validator, new ValidatingSshKey(str), new Class[0]);
        return (SshKey) this.ao.executeInTransaction(new TransactionCallback<SshKey>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyService.9
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.sal.api.transaction.TransactionCallback
            public SshKey doInTransaction() {
                AoSshKey initialize = DefaultSshKeyService.this.initialize(DefaultSshKeyService.this.keyDao.getByPublicKey(KeyUtils.getPublicKey(str)));
                if (initialize != null) {
                    DefaultSshKeyService.this.cleanupStaleKeyOrThrow(initialize);
                }
                AoSshKey initialize2 = DefaultSshKeyService.this.initialize(DefaultSshKeyService.this.keyDao.create(stashUser, str, StringUtils.isBlank(str2) ? KeyUtils.getKeyComment(str) : str2), stashUser);
                DefaultSshKeyService.log.debug("{} added an ssh key for {}", DefaultSshKeyService.this.currentUserName(), stashUser.getName());
                DefaultSshKeyService.this.eventPublisher.publish(new SshKeyCreatedEvent(this, initialize2));
                return initialize2;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String currentUserName() {
        return this.authenticationContext.isAuthenticated() ? this.authenticationContext.getCurrentUser().getDisplayName() : "Anonymous user";
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PageRequest limit(PageRequest pageRequest) {
        return pageRequest == null ? PageUtils.newRequest(0, 25) : pageRequest.buildRestrictedPageRequest(25);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Page<AoSshKey> initialize(Page<AoSshKey> page, StashUser stashUser) {
        Iterator<AoSshKey> it = page.getValues().iterator();
        while (it.hasNext()) {
            initialize(it.next(), stashUser);
        }
        return page;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AoSshKey initialize(AoSshKey aoSshKey) {
        return initialize(aoSshKey, (StashUser) null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AoSshKey initialize(AoSshKey aoSshKey, StashUser stashUser) {
        if (aoSshKey == null) {
            return null;
        }
        if (stashUser == null) {
            aoSshKey.initialize(this.userService.getUserById(aoSshKey.getUserId().intValue()));
        } else {
            aoSshKey.initialize(stashUser);
        }
        return aoSshKey;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkCanEditSshKeyForUser(StashUser stashUser) {
        if (!canEditSshKeyForUser(stashUser)) {
            throw newUnauthorizedException();
        }
    }

    private AuthorisationException newUnauthorizedException() {
        throw new AuthorisationException(this.i18nService.createKeyedMessage("stash.service.ssh.key.edit.permissions.error", new Object[0]));
    }

    private void checkIsNormal(@Nonnull StashUser stashUser) {
        Preconditions.checkNotNull(stashUser, "user");
        Preconditions.checkArgument(stashUser.getType() == UserType.NORMAL, "this operation can only be performed for normal users");
    }

    private boolean isValidKeyType(PublicKey publicKey) {
        if ((publicKey instanceof RSAPublicKey) || (publicKey instanceof DSAPublicKey)) {
            return true;
        }
        log.warn("Unsupported key type: {}", publicKey.getAlgorithm());
        return false;
    }
}
