package com.atlassian.bitbucket.internal.key.ssh.dao.v3;

import com.atlassian.activeobjects.external.ActiveObjects;
import com.atlassian.activeobjects.external.ActiveObjectsUpgradeTask;
import com.atlassian.activeobjects.external.ModelVersion;
import com.atlassian.bitbucket.ao.AoUtils;
import com.atlassian.bitbucket.internal.key.ssh.ResourceType;
import com.atlassian.bitbucket.internal.key.ssh.SshAccessKeyUtils;
import com.atlassian.bitbucket.internal.key.ssh.dao.v1.AoSshAccessKeyV1;
import com.atlassian.bitbucket.internal.key.ssh.dao.v1.AoSshKeyV1;
import com.atlassian.bitbucket.internal.ssh.SshConstants;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.permission.PermissionAdminService;
import com.atlassian.bitbucket.permission.SetPermissionRequest;
import com.atlassian.bitbucket.project.Project;
import com.atlassian.bitbucket.project.ProjectService;
import com.atlassian.bitbucket.repository.Repository;
import com.atlassian.bitbucket.repository.RepositoryService;
import com.atlassian.bitbucket.user.SecurityService;
import com.atlassian.bitbucket.user.ServiceUser;
import com.atlassian.bitbucket.user.ServiceUserCreateRequest;
import com.atlassian.bitbucket.user.UserAdminService;
import com.atlassian.bitbucket.util.PageUtils;
import com.atlassian.bitbucket.util.PagedIterable;
import com.google.common.base.Preconditions;
import com.google.common.collect.Iterators;
import com.google.common.collect.UnmodifiableIterator;
import java.util.Arrays;
import net.java.ao.Query;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-ssh-5.16.0.jar:com/atlassian/bitbucket/internal/key/ssh/dao/v3/MigrateAccessKeysToServiceUsersTask.class */
public class MigrateAccessKeysToServiceUsersTask implements ActiveObjectsUpgradeTask {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) MigrateAccessKeysToServiceUsersTask.class);
    private final PermissionAdminService permissionAdminService;
    private final ProjectService projectService;
    private final RepositoryService repositoryService;
    private final SecurityService securityService;
    private final UserAdminService userAdminService;

    public MigrateAccessKeysToServiceUsersTask(PermissionAdminService permissionAdminService, ProjectService projectService, RepositoryService repositoryService, SecurityService securityService, UserAdminService userAdminService) {
        this.permissionAdminService = permissionAdminService;
        this.projectService = projectService;
        this.repositoryService = repositoryService;
        this.securityService = securityService;
        this.userAdminService = userAdminService;
    }

    @Override // com.atlassian.activeobjects.external.ActiveObjectsUpgradeTask
    public ModelVersion getModelVersion() {
        return ModelVersion.valueOf("3");
    }

    @Override // com.atlassian.activeobjects.external.ActiveObjectsUpgradeTask
    public void upgrade(ModelVersion modelVersion, ActiveObjects activeObjects) {
        Preconditions.checkState(modelVersion.isSame(ModelVersion.valueOf("2")), "This upgrade task can only upgrade from version 2 to 3");
        activeObjects.migrateDestructively(AoSshKeyV1.class, AoSshAccessKeyV1.class);
        log.info("Migrating key accesses to service users and permissions");
        PagedIterable pagedIterable = new PagedIterable(pageRequest -> {
            return PageUtils.createPage(Arrays.asList(activeObjects.find(AoSshKeyV1.class, AoUtils.restrict(Query.select().where("USER_ID is null", new Object[0]).order("ENTITY_ID"), pageRequest))), pageRequest);
        }, 1000);
        this.securityService.withPermission(Permission.ADMIN, "Migration of access keys to service users").call(() -> {
            return migrate(pagedIterable, activeObjects);
        });
        activeObjects.migrateDestructively(AoSshKeyV3.class);
        log.info("Migrated key accesses to service users and permissions");
    }

    private Object migrate(Iterable<AoSshKeyV1> iterable, ActiveObjects activeObjects) {
        for (AoSshKeyV1 aoSshKeyV1 : iterable) {
            UnmodifiableIterator forArray = Iterators.forArray(aoSshKeyV1.getAccessEntries());
            if (forArray.hasNext()) {
                ServiceUser createServiceUser = this.userAdminService.createServiceUser(new ServiceUserCreateRequest.Builder().displayName(SshAccessKeyUtils.generateServiceUserDisplayName(aoSshKeyV1.getText(), aoSshKeyV1.getLabel())).label(SshConstants.LABEL_ACCESS_KEY).build());
                aoSshKeyV1.setUserId(Integer.valueOf(createServiceUser.getId()));
                aoSshKeyV1.save();
                while (forArray.hasNext()) {
                    grantPermission(createServiceUser, (AoSshAccessKeyV1) forArray.next());
                }
            } else {
                activeObjects.delete(aoSshKeyV1);
            }
        }
        return null;
    }

    private void grantPermission(ServiceUser serviceUser, AoSshAccessKeyV1 aoSshAccessKeyV1) {
        SetPermissionRequest.Builder user = new SetPermissionRequest.Builder().user(serviceUser);
        ResourceType type = aoSshAccessKeyV1.getType();
        if (type == ResourceType.PROJECT) {
            Permission permission = aoSshAccessKeyV1.isReadOnly() ? Permission.PROJECT_READ : Permission.PROJECT_WRITE;
            Project byId = this.projectService.getById(aoSshAccessKeyV1.getResourceId().intValue());
            if (byId == null) {
                log.warn("Key access {} relates to a project {} that no longer exists. Not migrating.", Integer.valueOf(aoSshAccessKeyV1.getId()), aoSshAccessKeyV1.getResourceId());
                return;
            }
            user.projectPermission(permission, byId);
        } else if (type == ResourceType.REPOSITORY) {
            Permission permission2 = aoSshAccessKeyV1.isReadOnly() ? Permission.REPO_READ : Permission.REPO_WRITE;
            Repository byId2 = this.repositoryService.getById(aoSshAccessKeyV1.getResourceId().intValue());
            if (byId2 == null) {
                log.warn("Key access {} relates to a repository {} that no longer exists. Not migrating.", Integer.valueOf(aoSshAccessKeyV1.getId()), aoSshAccessKeyV1.getResourceId());
                return;
            }
            user.repositoryPermission(permission2, byId2);
        }
        this.permissionAdminService.setPermission(user.build());
    }
}
