package com.atlassian.stash.internal.key.ssh;

import com.atlassian.activeobjects.external.ActiveObjects;
import com.atlassian.event.api.EventListener;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.sal.api.transaction.TransactionCallback;
import com.atlassian.stash.audit.AuditEntry;
import com.atlassian.stash.audit.Channels;
import com.atlassian.stash.audit.Priority;
import com.atlassian.stash.event.audit.TransactionAwareAuditEvent;
import com.atlassian.stash.experimental.user.ExperimentalPermissionAdminService;
import com.atlassian.stash.experimental.user.PermittedUserSearchRequest;
import com.atlassian.stash.experimental.user.ProjectPermission;
import com.atlassian.stash.experimental.user.ProjectPermissionRequest;
import com.atlassian.stash.experimental.user.ProjectPermissionSearchRequest;
import com.atlassian.stash.experimental.user.RepositoryPermission;
import com.atlassian.stash.experimental.user.RepositoryPermissionRequest;
import com.atlassian.stash.experimental.user.RepositoryPermissionSearchRequest;
import com.atlassian.stash.i18n.I18nService;
import com.atlassian.stash.internal.ssh.InternalSshKeyService;
import com.atlassian.stash.project.Project;
import com.atlassian.stash.repository.Repository;
import com.atlassian.stash.request.RequestContext;
import com.atlassian.stash.request.RequestManager;
import com.atlassian.stash.ssh.NoSuchSshKeyException;
import com.atlassian.stash.ssh.SshKeyDeletedEvent;
import com.atlassian.stash.ssh.api.DuplicateSshKeyException;
import com.atlassian.stash.ssh.api.SshConfigurationService;
import com.atlassian.stash.ssh.api.SshKey;
import com.atlassian.stash.ssh.api.SshKeyAccessDisabledException;
import com.atlassian.stash.ssh.utils.KeyUtils;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.PermissionService;
import com.atlassian.stash.user.PermissionValidationService;
import com.atlassian.stash.user.PermittedUser;
import com.atlassian.stash.user.SecurityService;
import com.atlassian.stash.user.ServiceUserCreateRequest;
import com.atlassian.stash.user.SetPermissionRequest;
import com.atlassian.stash.user.StashAuthenticationContext;
import com.atlassian.stash.user.StashUser;
import com.atlassian.stash.user.UserAdminService;
import com.atlassian.stash.user.UserType;
import com.atlassian.stash.util.Chainable;
import com.atlassian.stash.util.Page;
import com.atlassian.stash.util.PageProvider;
import com.atlassian.stash.util.PageRequest;
import com.atlassian.stash.util.PageRequestImpl;
import com.atlassian.stash.util.PageUtils;
import com.atlassian.stash.util.PagedIterable;
import com.atlassian.stash.util.UncheckedOperation;
import com.atlassian.stash.util.ValidationUtils;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.validation.Validator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.DirectFieldAccessor;

/* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:stash-ssh-3.10.2.jar:com/atlassian/stash/internal/key/ssh/DefaultSshKeyAccessService.class */
public class DefaultSshKeyAccessService implements SshKeyAccessService {
    static final String LABEL_ACCESS_KEY = "access-key";
    static final int LIMIT_PAGE_SIZE = 50;
    private static final int BATCH_SIZE = 100;
    private final StashAuthenticationContext authenticationContext;
    private final SshConfigurationService configurationService;
    private final EventPublisher eventPublisher;
    private final I18nService i18nService;
    private final InternalSshKeyService keyService;
    private final PermissionValidationService permissionValidationService;
    private final ExperimentalPermissionAdminService permissionAdminService;
    private final PermissionService permissionService;
    private final RequestManager requestManager;
    private final SecurityService securityService;
    private final ActiveObjects ao;
    private final UserAdminService userAdminService;
    private final Validator validator;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultSshKeyAccessService.class);
    private static final EnumSet<Permission> REPO_ACCESS_KEY_PERMS = Sets.newEnumSet(Arrays.asList(Permission.REPO_READ, Permission.REPO_WRITE), Permission.class);
    private static final EnumSet<Permission> PROJECT_ACCESS_KEY_PERMS = Sets.newEnumSet(Arrays.asList(Permission.PROJECT_READ, Permission.PROJECT_WRITE), Permission.class);
    private Predicate<SshKeyAccess> isAdminOfResource = new Predicate<SshKeyAccess>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.1
        @Override // com.google.common.base.Predicate
        public boolean apply(SshKeyAccess sshKeyAccess) {
            Object resource2 = sshKeyAccess.getResource();
            if (resource2 instanceof Project) {
                return DefaultSshKeyAccessService.this.permissionService.hasProjectPermission((Project) resource2, Permission.PROJECT_ADMIN);
            }
            if (resource2 instanceof Repository) {
                return DefaultSshKeyAccessService.this.permissionService.hasRepositoryPermission((Repository) resource2, Permission.REPO_ADMIN);
            }
            throw new IllegalArgumentException("Unexpected key access resource type: " + resource2.getClass().getName());
        }
    };
    private final SshKeyAccessEventConverter eventConverter = new SshKeyAccessEventConverter();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService$4, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:stash-ssh-3.10.2.jar:com/atlassian/stash/internal/key/ssh/DefaultSshKeyAccessService$4.class */
    public class AnonymousClass4 implements TransactionCallback<Page<SshKeyAccess>> {
        final /* synthetic */ int val$sshKeyId;
        final /* synthetic */ PageRequest val$pageRequest;

        AnonymousClass4(int i, PageRequest pageRequest) {
            this.val$sshKeyId = i;
            this.val$pageRequest = pageRequest;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.atlassian.sal.api.transaction.TransactionCallback
        public Page<SshKeyAccess> doInTransaction() {
            final SshKey andValidateServiceUserKey = DefaultSshKeyAccessService.this.getAndValidateServiceUserKey(this.val$sshKeyId);
            final StashUser user = andValidateServiceUserKey.getUser();
            return DefaultSshKeyAccessService.this.filterForVisibility(new PageProvider<SshKeyAccess>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.4.1
                @Override // com.atlassian.stash.util.PageProvider
                public Page<SshKeyAccess> get(final PageRequest pageRequest) {
                    return (Page) DefaultSshKeyAccessService.this.securityService.withPermission(Permission.ADMIN, "Read in key accesses before filtering on visibility").call(new UncheckedOperation<Page<SshKeyAccess>>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.4.1.1
                        @Override // com.atlassian.stash.util.UncheckedOperation, com.atlassian.stash.util.Operation
                        /* renamed from: perform */
                        public Page<SshKeyAccess> mo1438perform() {
                            return DefaultSshKeyAccessService.this.findPermittedProjects(andValidateServiceUserKey, user, pageRequest);
                        }
                    });
                }
            }, this.val$pageRequest);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService$5, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:stash-ssh-3.10.2.jar:com/atlassian/stash/internal/key/ssh/DefaultSshKeyAccessService$5.class */
    public class AnonymousClass5 implements TransactionCallback<Page<SshKeyAccess>> {
        final /* synthetic */ int val$sshKeyId;
        final /* synthetic */ PageRequest val$pageRequest;

        AnonymousClass5(int i, PageRequest pageRequest) {
            this.val$sshKeyId = i;
            this.val$pageRequest = pageRequest;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.atlassian.sal.api.transaction.TransactionCallback
        public Page<SshKeyAccess> doInTransaction() {
            final SshKey andValidateServiceUserKey = DefaultSshKeyAccessService.this.getAndValidateServiceUserKey(this.val$sshKeyId);
            final StashUser user = andValidateServiceUserKey.getUser();
            return DefaultSshKeyAccessService.this.filterForVisibility(new PageProvider<SshKeyAccess>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.5.1
                @Override // com.atlassian.stash.util.PageProvider
                public Page<SshKeyAccess> get(final PageRequest pageRequest) {
                    return (Page) DefaultSshKeyAccessService.this.securityService.withPermission(Permission.ADMIN, "Read in key accesses before filtering on visibility").call(new UncheckedOperation<Page<SshKeyAccess>>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.5.1.1
                        @Override // com.atlassian.stash.util.UncheckedOperation, com.atlassian.stash.util.Operation
                        /* renamed from: perform */
                        public Page<SshKeyAccess> mo1438perform() {
                            return DefaultSshKeyAccessService.this.findPermittedRepositories(andValidateServiceUserKey, user, pageRequest);
                        }
                    });
                }
            }, this.val$pageRequest);
        }
    }

    public DefaultSshKeyAccessService(StashAuthenticationContext stashAuthenticationContext, SshConfigurationService sshConfigurationService, EventPublisher eventPublisher, I18nService i18nService, InternalSshKeyService internalSshKeyService, ExperimentalPermissionAdminService experimentalPermissionAdminService, PermissionService permissionService, PermissionValidationService permissionValidationService, RequestManager requestManager, SecurityService securityService, ActiveObjects activeObjects, UserAdminService userAdminService, Validator validator) {
        this.authenticationContext = stashAuthenticationContext;
        this.configurationService = sshConfigurationService;
        this.eventPublisher = eventPublisher;
        this.keyService = internalSshKeyService;
        this.i18nService = i18nService;
        this.permissionAdminService = experimentalPermissionAdminService;
        this.permissionService = permissionService;
        this.permissionValidationService = permissionValidationService;
        this.requestManager = requestManager;
        this.securityService = securityService;
        this.ao = activeObjects;
        this.userAdminService = userAdminService;
        this.validator = validator;
    }

    @Override // com.atlassian.stash.internal.key.ssh.SshKeyAccessService
    public boolean existsForProject(@Nonnull final Project project) {
        Preconditions.checkNotNull(((Project) Preconditions.checkNotNull(project, "project")).getId(), "project.id");
        if (this.permissionService.hasProjectPermission(project, Permission.PROJECT_ADMIN)) {
            return ((Boolean) this.ao.executeInTransaction(new TransactionCallback<Boolean>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // com.atlassian.sal.api.transaction.TransactionCallback
                public Boolean doInTransaction() {
                    return Boolean.valueOf(Iterables.any(new PagedIterable(new PageProvider<PermittedUser>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.2.1
                        @Override // com.atlassian.stash.util.PageProvider
                        public Page<PermittedUser> get(PageRequest pageRequest) {
                            return DefaultSshKeyAccessService.this.permissionAdminService.searchUsers(new PermittedUserSearchRequest.Builder().project(project).userType(UserType.SERVICE).build(), pageRequest);
                        }
                    }, 50), DefaultSshKeyAccessService.this.serviceUserWithSshKeyPredicate(Maps.newHashMap())));
                }
            })).booleanValue();
        }
        return false;
    }

    @Override // com.atlassian.stash.internal.key.ssh.SshKeyAccessService
    public boolean existsForRepository(@Nonnull final Repository repository) {
        Preconditions.checkNotNull(((Repository) Preconditions.checkNotNull(repository, "repository")).getId(), "repository.id");
        if (this.permissionService.hasRepositoryPermission(repository, Permission.REPO_ADMIN)) {
            return ((Boolean) this.ao.executeInTransaction(new TransactionCallback<Boolean>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // com.atlassian.sal.api.transaction.TransactionCallback
                public Boolean doInTransaction() {
                    return Boolean.valueOf(Iterables.any(new PagedIterable(new PageProvider<PermittedUser>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.3.1
                        @Override // com.atlassian.stash.util.PageProvider
                        public Page<PermittedUser> get(PageRequest pageRequest) {
                            return DefaultSshKeyAccessService.this.permissionAdminService.searchUsers(new PermittedUserSearchRequest.Builder().repository(repository).userType(UserType.SERVICE).build(), pageRequest);
                        }
                    }, 50), DefaultSshKeyAccessService.this.serviceUserWithSshKeyPredicate(Maps.newHashMap())));
                }
            })).booleanValue();
        }
        return false;
    }

    @Override // com.atlassian.stash.internal.key.ssh.SshKeyAccessService
    @Nonnull
    public Page<SshKeyAccess> findByKeyForProjects(int i, @Nullable PageRequest pageRequest) {
        return (Page) this.ao.executeInTransaction(new AnonymousClass4(i, pageRequest));
    }

    @Override // com.atlassian.stash.internal.key.ssh.SshKeyAccessService
    @Nonnull
    public Page<SshKeyAccess> findByKeyForRepositories(int i, @Nullable PageRequest pageRequest) {
        return (Page) this.ao.executeInTransaction(new AnonymousClass5(i, pageRequest));
    }

    @Override // com.atlassian.stash.internal.key.ssh.SshKeyAccessService
    @Nonnull
    public Page<SshKeyAccess> findByProject(@Nonnull final Project project, final PageRequest pageRequest) {
        Preconditions.checkNotNull(((Project) Preconditions.checkNotNull(project, "project")).getId(), "project.id");
        this.permissionValidationService.validateForProject(project, Permission.PROJECT_ADMIN);
        return (Page) this.ao.executeInTransaction(new TransactionCallback<Page<SshKeyAccess>>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.6
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.sal.api.transaction.TransactionCallback
            public Page<SshKeyAccess> doInTransaction() {
                HashMap newHashMap = Maps.newHashMap();
                return DefaultSshKeyAccessService.this.toKeyAccess((Page<PermittedUser>) PageUtils.filterPages(new PageProvider<PermittedUser>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.6.1
                    @Override // com.atlassian.stash.util.PageProvider
                    public Page<PermittedUser> get(PageRequest pageRequest2) {
                        return DefaultSshKeyAccessService.this.permissionAdminService.searchUsers(new PermittedUserSearchRequest.Builder().project(project).userType(UserType.SERVICE).build(), pageRequest2);
                    }
                }, DefaultSshKeyAccessService.this.serviceUserWithSshKeyPredicate(newHashMap), DefaultSshKeyAccessService.this.limit(pageRequest)), project, newHashMap);
            }
        });
    }

    @Override // com.atlassian.stash.internal.key.ssh.SshKeyAccessService
    @Nonnull
    public Page<SshKeyAccess> findByRepository(@Nonnull final Repository repository, final PageRequest pageRequest) {
        Preconditions.checkNotNull(((Repository) Preconditions.checkNotNull(repository, "repository")).getId(), "repository.id");
        this.permissionValidationService.validateForRepository(repository, Permission.REPO_ADMIN);
        return (Page) this.ao.executeInTransaction(new TransactionCallback<Page<SshKeyAccess>>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.7
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.sal.api.transaction.TransactionCallback
            public Page<SshKeyAccess> doInTransaction() {
                HashMap newHashMap = Maps.newHashMap();
                return DefaultSshKeyAccessService.this.toKeyAccess((Page<PermittedUser>) PageUtils.filterPages(new PageProvider<PermittedUser>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.7.1
                    @Override // com.atlassian.stash.util.PageProvider
                    public Page<PermittedUser> get(PageRequest pageRequest2) {
                        return DefaultSshKeyAccessService.this.permissionAdminService.searchUsers(new PermittedUserSearchRequest.Builder().repository(repository).userType(UserType.SERVICE).build(), pageRequest2);
                    }
                }, DefaultSshKeyAccessService.this.serviceUserWithSshKeyPredicate(newHashMap), DefaultSshKeyAccessService.this.limit(pageRequest)), repository, newHashMap);
            }
        });
    }

    @Override // com.atlassian.stash.internal.key.ssh.SshKeyAccessService
    @Nullable
    public SshKeyAccess getByKeyAndProject(final int i, @Nonnull final Project project) {
        Preconditions.checkNotNull(((Project) Preconditions.checkNotNull(project, "project")).getId(), "project.id");
        this.permissionValidationService.validateForProject(project, Permission.PROJECT_ADMIN);
        return (SshKeyAccess) this.ao.executeInTransaction(new TransactionCallback<SshKeyAccess>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.8
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.sal.api.transaction.TransactionCallback
            public SshKeyAccess doInTransaction() {
                return DefaultSshKeyAccessService.this.internalGetByProjectAndKey(i, project, false);
            }
        });
    }

    @Override // com.atlassian.stash.internal.key.ssh.SshKeyAccessService
    @Nullable
    public SshKeyAccess getByKeyAndRepository(final int i, @Nonnull final Repository repository) {
        Preconditions.checkNotNull(((Repository) Preconditions.checkNotNull(repository, "repository")).getId(), "repository.id");
        this.permissionValidationService.validateForRepository(repository, Permission.REPO_ADMIN);
        return (SshKeyAccess) this.ao.executeInTransaction(new TransactionCallback<SshKeyAccess>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.9
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.sal.api.transaction.TransactionCallback
            public SshKeyAccess doInTransaction() {
                return DefaultSshKeyAccessService.this.internalGetByRepositoryAndKey(i, repository, false);
            }
        });
    }

    @Override // com.atlassian.stash.internal.key.ssh.SshKeyAccessService
    public void revokeAccess(final int i, @Nonnull final Project project) {
        Preconditions.checkNotNull(project, "project");
        Preconditions.checkNotNull(((Project) Preconditions.checkNotNull(project, "project")).getId(), "project.id");
        this.permissionValidationService.validateForProject(project, Permission.PROJECT_ADMIN);
        this.ao.executeInTransaction(new TransactionCallback<Void>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.10
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.sal.api.transaction.TransactionCallback
            public Void doInTransaction() {
                SshKeyAccess internalGetByProjectAndKey = DefaultSshKeyAccessService.this.internalGetByProjectAndKey(i, project, true);
                if (internalGetByProjectAndKey == null) {
                    return null;
                }
                StashUser user = internalGetByProjectAndKey.getKey().getUser();
                DefaultSshKeyAccessService.this.permissionAdminService.revokeAllProjectPermissions(project, user);
                DefaultSshKeyAccessService.log.debug("Access to project \"{}\" has been revoked for service user {}", project, user.getDisplayName());
                DefaultSshKeyAccessService.this.publish(new SshKeyAccessRevokedEvent(this, internalGetByProjectAndKey));
                DefaultSshKeyAccessService.this.keyService.removeIfOrphaned(internalGetByProjectAndKey.getKey(), user);
                return null;
            }
        });
    }

    @Override // com.atlassian.stash.internal.key.ssh.SshKeyAccessService
    public void revokeAccess(final int i, @Nonnull final Repository repository) {
        Preconditions.checkNotNull(repository, "repository");
        Preconditions.checkNotNull(((Repository) Preconditions.checkNotNull(repository, "repository")).getId(), "repository.id");
        this.permissionValidationService.validateForRepository(repository, Permission.REPO_ADMIN);
        this.ao.executeInTransaction(new TransactionCallback<Void>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.11
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.sal.api.transaction.TransactionCallback
            public Void doInTransaction() {
                SshKeyAccess internalGetByRepositoryAndKey = DefaultSshKeyAccessService.this.internalGetByRepositoryAndKey(i, repository, true);
                if (internalGetByRepositoryAndKey == null) {
                    return null;
                }
                StashUser user = internalGetByRepositoryAndKey.getKey().getUser();
                DefaultSshKeyAccessService.this.permissionAdminService.revokeAllRepositoryPermissions(repository, user);
                DefaultSshKeyAccessService.log.debug("Access to repository \"{}\" has been revoked for service user {}", repository, user.getDisplayName());
                DefaultSshKeyAccessService.this.publish(new SshKeyAccessRevokedEvent(this, internalGetByRepositoryAndKey));
                DefaultSshKeyAccessService.this.keyService.removeIfOrphaned(internalGetByRepositoryAndKey.getKey(), user);
                return null;
            }
        });
    }

    @Override // com.atlassian.stash.internal.key.ssh.SshKeyAccessService
    public void revokeAccess(int i, @Nonnull Set<Repository> set, @Nonnull Set<Project> set2) {
        Preconditions.checkNotNull(set, "repositories");
        Preconditions.checkNotNull(set2, "projects");
        validateIsAdminOfRepos(set);
        validateIsAdminOfProjects(set2);
        final SshKey serviceUserKey = getServiceUserKey(i);
        if (serviceUserKey == null) {
            return;
        }
        final StashUser user = serviceUserKey.getUser();
        ImmutableList build = ImmutableList.builder().addAll((Iterable) set2).addAll((Iterable) set).build();
        if (build.isEmpty()) {
            return;
        }
        Iterator it = Chainable.chain(build).partition(100).iterator();
        while (it.hasNext()) {
            final List list = (List) it.next();
            this.ao.executeInTransaction(new TransactionCallback<Void>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.12
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // com.atlassian.sal.api.transaction.TransactionCallback
                public Void doInTransaction() {
                    for (Object obj : list) {
                        if (obj instanceof Project) {
                            DefaultSshKeyAccessService.this.permissionAdminService.revokeAllProjectPermissions((Project) obj, user);
                        } else {
                            DefaultSshKeyAccessService.this.permissionAdminService.revokeAllRepositoryPermissions((Repository) obj, user);
                        }
                    }
                    DefaultSshKeyAccessService.this.keyService.removeIfOrphaned(serviceUserKey, user);
                    return null;
                }
            });
        }
    }

    @Override // com.atlassian.stash.internal.key.ssh.SshKeyAccessService
    @Nonnull
    public SshKeyAccess setAccess(@Nonnull final SetAccessRequest setAccessRequest) {
        if (!isAccessKeysEnabled()) {
            throw new SshKeyAccessDisabledException(this.i18nService.createKeyedMessage("stash.service.ssh.key.access.disabled", new Object[0]));
        }
        if (setAccessRequest.getKeyId() == null) {
            ValidationUtils.validate(this.validator, new ValidatingSshKey(setAccessRequest.getKeyText()), new Class[0]);
        }
        this.permissionValidationService.validateAuthenticated();
        return (SshKeyAccess) this.ao.executeInTransaction(new TransactionCallback<SshKeyAccess>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.13
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.sal.api.transaction.TransactionCallback
            public SshKeyAccess doInTransaction() {
                SimpleSshKeyAccess simpleSshKeyAccess;
                SshKey orCreateServiceUserKey = setAccessRequest.getKeyId() == null ? DefaultSshKeyAccessService.this.getOrCreateServiceUserKey(setAccessRequest.getKeyText(), setAccessRequest.getKeyLabel()) : DefaultSshKeyAccessService.this.getAndValidateServiceUserKey(setAccessRequest.getKeyId().intValue());
                SetPermissionRequest.Builder user = new SetPermissionRequest.Builder().user(orCreateServiceUserKey.getUser());
                Project project = setAccessRequest.getProject();
                if (project != null) {
                    Permission projectPermission = DefaultSshKeyAccessService.this.permissionAdminService.getProjectPermission(new ProjectPermissionRequest.Builder().user(orCreateServiceUserKey.getUser()).project(project).build());
                    if (projectPermission != null && projectPermission == setAccessRequest.getPermission()) {
                        throw new DuplicateSshKeyException(DefaultSshKeyAccessService.this.i18nService.createKeyedMessage("stash.service.ssh.key.project.inuse", new Object[0]));
                    }
                    DefaultSshKeyAccessService.this.permissionAdminService.setPermission(user.projectPermission(setAccessRequest.getPermission(), project).build());
                    DefaultSshKeyAccessService.log.debug("Service user {} added ssh key access for project \"{}\"", orCreateServiceUserKey.getUser().getName(), project);
                    simpleSshKeyAccess = new SimpleSshKeyAccess(orCreateServiceUserKey, project, setAccessRequest.getPermission());
                } else {
                    Repository repository = setAccessRequest.getRepository();
                    Permission repositoryPermission = DefaultSshKeyAccessService.this.permissionAdminService.getRepositoryPermission(new RepositoryPermissionRequest.Builder().user(orCreateServiceUserKey.getUser()).repository(repository).build());
                    if (repositoryPermission != null && repositoryPermission == setAccessRequest.getPermission()) {
                        throw new DuplicateSshKeyException(DefaultSshKeyAccessService.this.i18nService.createKeyedMessage("stash.service.ssh.key.repository.inuse", new Object[0]));
                    }
                    DefaultSshKeyAccessService.this.permissionAdminService.setPermission(user.repositoryPermission(setAccessRequest.getPermission(), repository).build());
                    DefaultSshKeyAccessService.log.debug("Service user {} added ssh key access for repository \"{}\"", orCreateServiceUserKey.getUser().getName(), repository);
                    simpleSshKeyAccess = new SimpleSshKeyAccess(orCreateServiceUserKey, repository, setAccessRequest.getPermission());
                }
                DefaultSshKeyAccessService.this.publish(new SshKeyAccessGrantedEvent(this, simpleSshKeyAccess));
                return simpleSshKeyAccess;
            }
        });
    }

    @EventListener
    public void onSshKeyDeleted(SshKeyDeletedEvent sshKeyDeletedEvent) {
        final StashUser user = sshKeyDeletedEvent.getKey().getUser();
        if (user == null || user.getType() != UserType.SERVICE) {
            return;
        }
        this.securityService.withPermission(Permission.ADMIN, "Revoking all permissions for service user because their SSH key has been deleted").call(new UncheckedOperation<Void>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.14
            @Override // com.atlassian.stash.util.UncheckedOperation, com.atlassian.stash.util.Operation
            /* renamed from: perform */
            public Void mo1438perform() {
                DefaultSshKeyAccessService.this.permissionAdminService.revokeAllUserPermissions(user);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SshKeyAccess internalGetByProjectAndKey(int i, Project project, boolean z) {
        SshKey andValidateServiceUserKey = z ? getAndValidateServiceUserKey(i) : getServiceUserKey(i);
        if (andValidateServiceUserKey == null) {
            return null;
        }
        Permission projectPermission = this.permissionAdminService.getProjectPermission(new ProjectPermissionRequest.Builder().user(andValidateServiceUserKey.getUser()).project(project).build());
        if (projectPermission == null || !PROJECT_ACCESS_KEY_PERMS.contains(projectPermission)) {
            return null;
        }
        return new SimpleSshKeyAccess(andValidateServiceUserKey, project, projectPermission);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SshKeyAccess internalGetByRepositoryAndKey(int i, Repository repository, boolean z) {
        SshKey andValidateServiceUserKey = z ? getAndValidateServiceUserKey(i) : getServiceUserKey(i);
        if (andValidateServiceUserKey == null) {
            return null;
        }
        Permission repositoryPermission = this.permissionAdminService.getRepositoryPermission(new RepositoryPermissionRequest.Builder().user(andValidateServiceUserKey.getUser()).repository(repository).build());
        if (repositoryPermission == null || !REPO_ACCESS_KEY_PERMS.contains(repositoryPermission)) {
            return null;
        }
        return new SimpleSshKeyAccess(andValidateServiceUserKey, repository, repositoryPermission);
    }

    private boolean isAccessKeysEnabled() {
        return this.configurationService.getConfiguration().isAccessKeysEnabled();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PageRequest limit(PageRequest pageRequest) {
        return pageRequest == null ? new PageRequestImpl(0, 50) : pageRequest.buildRestrictedPageRequest(50);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void publish(SshKeyAccessEvent sshKeyAccessEvent) {
        AuditEntry.Builder timestamp = new AuditEntry.Builder().action(sshKeyAccessEvent.getClass()).timestamp(new Date());
        RequestContext requestContext = this.requestManager.getRequestContext();
        if (requestContext != null) {
            timestamp.sourceIpAddress(requestContext.getRemoteAddress());
        }
        new DirectFieldAccessor(sshKeyAccessEvent).setPropertyValue("user", this.authenticationContext.getCurrentUser());
        AuditEntry convert = this.eventConverter.convert(sshKeyAccessEvent, timestamp);
        this.eventPublisher.publish(new TransactionAwareAuditEvent(sshKeyAccessEvent.getSource(), convert, Collections.singleton(convert.getRepository() != null ? Channels.REPOSITORY_UI : Channels.PROJECT_UI), Priority.HIGH));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SshKey getAndValidateServiceUserKey(int i) {
        SshKey byId = this.keyService.getById(i);
        if (byId == null || byId.getUser() == null || byId.getUser().getType() != UserType.SERVICE) {
            throw new NoSuchSshKeyException(this.i18nService.createKeyedMessage("stash.service.ssh.nosuchkey", Integer.valueOf(i)));
        }
        return byId;
    }

    private SshKey getServiceUserKey(int i) {
        SshKey byId = this.keyService.getById(i);
        if (byId == null || (byId.getUser() != null && byId.getUser().getType() == UserType.SERVICE)) {
            return byId;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SshKey getOrCreateServiceUserKey(String str, String str2) {
        SshKey byPublicKey = this.keyService.getByPublicKey(KeyUtils.getPublicKey(str));
        if (byPublicKey != null) {
            StashUser user = byPublicKey.getUser();
            if (user == null) {
                this.keyService.remove(byPublicKey.getId().intValue());
                byPublicKey = null;
            } else if (user.getType() != UserType.SERVICE) {
                throw new DuplicateSshKeyException(this.i18nService.createKeyedMessage("stash.service.ssh.key.duplicate", user.getName()));
            }
        }
        if (byPublicKey == null) {
            byPublicKey = this.keyService.addForServiceUser(this.userAdminService.createServiceUser(new ServiceUserCreateRequest.Builder().active(true).displayName(SshKeyAccessUtils.generateServiceUserDisplayName(this.i18nService, str, str2)).label(LABEL_ACCESS_KEY).build()), str, str2);
        }
        return byPublicKey;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Page<SshKeyAccess> toKeyAccess(Page<PermittedUser> page, final Project project, final Map<Integer, SshKey> map) {
        return page.transform(new Function<PermittedUser, SshKeyAccess>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.15
            @Override // com.google.common.base.Function
            public SshKeyAccess apply(PermittedUser permittedUser) {
                return new SimpleSshKeyAccess((SshKey) map.get(permittedUser.getUser().getId()), project, permittedUser.getPermission());
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Page<SshKeyAccess> toKeyAccess(Page<PermittedUser> page, final Repository repository, final Map<Integer, SshKey> map) {
        return page.transform(new Function<PermittedUser, SshKeyAccess>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.16
            @Override // com.google.common.base.Function
            public SshKeyAccess apply(PermittedUser permittedUser) {
                return new SimpleSshKeyAccess((SshKey) map.get(permittedUser.getUser().getId()), repository, permittedUser.getPermission());
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Predicate<PermittedUser> serviceUserWithSshKeyPredicate(final Map<Integer, SshKey> map) {
        return new Predicate<PermittedUser>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.17
            @Override // com.google.common.base.Predicate
            public boolean apply(PermittedUser permittedUser) {
                StashUser user = permittedUser.getUser();
                if (user.getType() == UserType.NORMAL) {
                    return false;
                }
                SshKey sshKey = null;
                if (!map.containsKey(user.getId())) {
                    Page<? extends SshKey> findAllForUser = DefaultSshKeyAccessService.this.keyService.findAllForUser(permittedUser.getUser(), DefaultSshKeyService.PAGE_REQUEST_OF_1);
                    if (findAllForUser.getSize() > 0) {
                        sshKey = (SshKey) Iterables.getOnlyElement(findAllForUser.getValues());
                        map.put(user.getId(), sshKey);
                    }
                    map.put(user.getId(), sshKey);
                }
                return sshKey != null;
            }
        };
    }

    private void validateIsAdminOfProjects(Collection<Project> collection) {
        Iterator<Project> it = collection.iterator();
        while (it.hasNext()) {
            this.permissionValidationService.validateForProject(it.next(), Permission.PROJECT_ADMIN);
        }
    }

    private void validateIsAdminOfRepos(Collection<Repository> collection) {
        Iterator<Repository> it = collection.iterator();
        while (it.hasNext()) {
            this.permissionValidationService.validateForRepository(it.next(), Permission.REPO_ADMIN);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Page<SshKeyAccess> filterForVisibility(PageProvider<SshKeyAccess> pageProvider, PageRequest pageRequest) {
        return PageUtils.filterPages(pageProvider, this.isAdminOfResource, limit(pageRequest));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Page<SshKeyAccess> findPermittedProjects(final SshKey sshKey, StashUser stashUser, PageRequest pageRequest) {
        return this.permissionAdminService.searchProjects(new ProjectPermissionSearchRequest.Builder().user(stashUser).build(), pageRequest).transform(new Function<ProjectPermission, SshKeyAccess>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.18
            @Override // com.google.common.base.Function
            public SshKeyAccess apply(ProjectPermission projectPermission) {
                return new SimpleSshKeyAccess(sshKey, projectPermission.getProject(), projectPermission.getPermission());
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Page<SshKeyAccess> findPermittedRepositories(final SshKey sshKey, StashUser stashUser, PageRequest pageRequest) {
        return this.permissionAdminService.searchRepositories(new RepositoryPermissionSearchRequest.Builder().user(stashUser).build(), pageRequest).transform(new Function<RepositoryPermission, SshKeyAccess>() { // from class: com.atlassian.stash.internal.key.ssh.DefaultSshKeyAccessService.19
            @Override // com.google.common.base.Function
            public SshKeyAccess apply(RepositoryPermission repositoryPermission) {
                return new SimpleSshKeyAccess(sshKey, repositoryPermission.getRepository(), repositoryPermission.getPermission());
            }
        });
    }
}
