package com.atlassian.stash.internal.ssh.servlet;

import com.atlassian.stash.auth.HttpAuthenticationContext;
import com.atlassian.stash.exception.AuthorisationException;
import com.atlassian.stash.exception.NoSuchEntityException;
import com.atlassian.stash.internal.key.DuplicatePublicKeyException;
import com.atlassian.stash.internal.key.ssh.SetAccessRequest;
import com.atlassian.stash.internal.key.ssh.SshKeyAccessService;
import com.atlassian.stash.internal.ssh.dao.SshConfigurationDao;
import com.atlassian.stash.internal.ssh.server.DefaultPublicKeyAuthenticator;
import com.atlassian.stash.nav.NavBuilder;
import com.atlassian.stash.project.Project;
import com.atlassian.stash.repository.Repository;
import com.atlassian.stash.ssh.api.SshKeyService;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.StashUser;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.ConstraintViolation;
import javax.validation.ConstraintViolationException;

/* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:stash-ssh-3.10.2.jar:com/atlassian/stash/internal/ssh/servlet/AddKeyRequestHandler.class */
class AddKeyRequestHandler implements SshKeysRequestHandler {

    @VisibleForTesting
    static final String TEMPLATE_ADD_KEY = "stash.page.ssh.keys.addKey";
    static final String KEY_CANCEL_URL = "cancelUrl";
    static final String KEY_ASK_PERMISSION = "askPermission";
    static final String KEY_REPOSITORY = "repository";
    static final String KEY_PROJECT = "project";
    static final String KEY_USER = "user";
    private final NavBuilder navBuilder;
    private final ResponseRenderer responseRenderer;
    private final SshConfigurationDao sshConfig;
    private final SshKeyAccessService sshKeyAccessService;
    private final SshKeyService sshKeyService;

    public AddKeyRequestHandler(NavBuilder navBuilder, ResponseRenderer responseRenderer, SshConfigurationDao sshConfigurationDao, SshKeyAccessService sshKeyAccessService, SshKeyService sshKeyService) {
        this.navBuilder = navBuilder;
        this.responseRenderer = responseRenderer;
        this.sshConfig = sshConfigurationDao;
        this.sshKeyAccessService = sshKeyAccessService;
        this.sshKeyService = sshKeyService;
    }

    @Override // com.atlassian.stash.internal.ssh.servlet.SshKeysRequestHandler
    public void get(SshKeysRequest sshKeysRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (isDisabled(sshKeysRequest)) {
            httpServletResponse.sendError(409);
        } else {
            this.responseRenderer.renderToResponse(httpServletRequest, httpServletResponse, SshKeysRequestHandler.MODULE_KEY, TEMPLATE_ADD_KEY, createModel(sshKeysRequest));
        }
    }

    @Override // com.atlassian.stash.internal.ssh.servlet.SshKeysRequestHandler
    public void post(SshKeysRequest sshKeysRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String userKeysUrl;
        if (isDisabled(sshKeysRequest)) {
            httpServletResponse.sendError(409);
            return;
        }
        try {
            SshKeyForm form = sshKeysRequest.getForm();
            Project project = sshKeysRequest.getProject();
            Repository repository = sshKeysRequest.getRepository();
            StashUser user = sshKeysRequest.getUser();
            if (project != null) {
                this.sshKeyAccessService.setAccess(new SetAccessRequest.Builder().projectAccess(project, sshKeysRequest.getForm().isReadOnly() ? Permission.PROJECT_READ : Permission.PROJECT_WRITE).key(form.getText(), form.getLabel()).build());
                userKeysUrl = getProjectAccessKeysUrl(project);
            } else if (repository != null) {
                this.sshKeyAccessService.setAccess(new SetAccessRequest.Builder().repositoryAccess(repository, sshKeysRequest.getForm().isReadOnly() ? Permission.REPO_READ : Permission.REPO_WRITE).key(form.getText(), form.getLabel()).build());
                userKeysUrl = getRepositoryAccessKeysUrl(repository);
            } else {
                if (user == null) {
                    throw new IllegalStateException("No project, repository or user identified by SshKeysRequest");
                }
                this.sshKeyService.addForUser(user, form.getText(), form.getLabel());
                userKeysUrl = getUserKeysUrl(user, sshKeysRequest.isAdmin());
            }
            httpServletResponse.sendRedirect(userKeysUrl);
        } catch (AuthorisationException e) {
            httpServletResponse.sendError(401, e.getLocalizedMessage());
        } catch (NoSuchEntityException e2) {
            httpServletResponse.sendError(404, e2.getLocalizedMessage());
        } catch (DuplicatePublicKeyException e3) {
            renderValidationErrors(sshKeysRequest, httpServletRequest, httpServletResponse, null, e3.getLocalizedMessage());
        } catch (ConstraintViolationException e4) {
            renderValidationErrors(sshKeysRequest, httpServletRequest, httpServletResponse, e4.getConstraintViolations(), new String[0]);
        }
    }

    private boolean isDisabled(SshKeysRequest sshKeysRequest) throws IOException {
        return sshKeysRequest.isForAccessKeys() && !(this.sshConfig.get().isEnabled() && this.sshConfig.get().isAccessKeysEnabled());
    }

    private Map<String, Object> createModel(SshKeysRequest sshKeysRequest) {
        HashMap hashMap = new HashMap();
        SshKeyForm form = sshKeysRequest.getForm();
        if (form != null && !form.isEmpty()) {
            hashMap.put(HttpAuthenticationContext.METHOD_FORM, form);
        }
        Project project = sshKeysRequest.getProject();
        if (project != null) {
            hashMap.put("project", project);
            hashMap.put(KEY_ASK_PERMISSION, true);
            hashMap.put(KEY_CANCEL_URL, getProjectAccessKeysUrl(project));
            return hashMap;
        }
        Repository repository = sshKeysRequest.getRepository();
        if (repository != null) {
            hashMap.put("repository", repository);
            hashMap.put(KEY_ASK_PERMISSION, true);
            hashMap.put(KEY_CANCEL_URL, getRepositoryAccessKeysUrl(repository));
            return hashMap;
        }
        StashUser user = sshKeysRequest.getUser();
        if (user == null) {
            throw new IllegalStateException("No project, repository or user identified by SshKeysRequest");
        }
        hashMap.put("user", user);
        hashMap.put(KEY_ASK_PERMISSION, false);
        hashMap.put(KEY_CANCEL_URL, getUserKeysUrl(user, sshKeysRequest.isAdmin()));
        return hashMap;
    }

    private String getUserKeysUrl(StashUser stashUser, boolean z) {
        return z ? this.navBuilder.admin().users().view(stashUser.getName()).listSshKeys().buildRelative() : this.navBuilder.pluginServlets().path(DefaultPublicKeyAuthenticator.AUTHENTICATION_METHOD, "account", "keys").buildRelative();
    }

    private String getProjectAccessKeysUrl(Project project) {
        return this.navBuilder.pluginServlets().path(DefaultPublicKeyAuthenticator.AUTHENTICATION_METHOD, "projects", project.getKey(), "keys").buildRelative();
    }

    private String getRepositoryAccessKeysUrl(Repository repository) {
        return this.navBuilder.pluginServlets().path(DefaultPublicKeyAuthenticator.AUTHENTICATION_METHOD, "projects", repository.getProject().getKey(), "repos", repository.getSlug(), "keys").buildRelative();
    }

    private void renderValidationErrors(SshKeysRequest sshKeysRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Set<ConstraintViolation<?>> set, String... strArr) throws ServletException, IOException {
        Map<String, Object> createModel = createModel(sshKeysRequest);
        if (set != null) {
            createModel.put("fieldErrors", toFieldErrors(set));
        }
        if (strArr != null) {
            createModel.put("formErrors", Arrays.asList(strArr));
        }
        this.responseRenderer.renderToResponse(httpServletRequest, httpServletResponse, SshKeysRequestHandler.MODULE_KEY, TEMPLATE_ADD_KEY, createModel);
    }

    private Map<String, List<String>> toFieldErrors(Set<ConstraintViolation<?>> set) {
        if (set == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        for (ConstraintViolation<?> constraintViolation : set) {
            String obj = constraintViolation.getPropertyPath().toString();
            if (!hashMap.containsKey(obj)) {
                hashMap.put(obj, new ArrayList());
            }
            ((List) hashMap.get(obj)).add(constraintViolation.getMessage());
        }
        return hashMap;
    }
}
