package com.atlassian.bitbucket.internal.gpg;

import com.atlassian.bitbucket.AuthorisationException;
import com.atlassian.bitbucket.DataStoreException;
import com.atlassian.bitbucket.event.user.UserCleanupEvent;
import com.atlassian.bitbucket.gpg.AddGpgKeyRequest;
import com.atlassian.bitbucket.gpg.DuplicateGpgKeyException;
import com.atlassian.bitbucket.gpg.GpgKey;
import com.atlassian.bitbucket.gpg.GpgKeyCreatedEvent;
import com.atlassian.bitbucket.gpg.GpgKeyDeletedEvent;
import com.atlassian.bitbucket.gpg.GpgKeyService;
import com.atlassian.bitbucket.gpg.InvalidGpgKeyException;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.i18n.KeyedMessage;
import com.atlassian.bitbucket.internal.gpg.SimpleGpgKey;
import com.atlassian.bitbucket.internal.gpg.bc.SignatureUtil;
import com.atlassian.bitbucket.internal.gpg.dao.AoGpgKey;
import com.atlassian.bitbucket.internal.gpg.dao.GpgKeyDao;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.permission.PermissionValidationService;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.ApplicationUserEquality;
import com.atlassian.bitbucket.user.UserService;
import com.atlassian.bitbucket.util.Page;
import com.atlassian.bitbucket.util.PageRequest;
import com.atlassian.bitbucket.util.PageUtils;
import com.atlassian.event.api.EventListener;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.sal.api.transaction.TransactionTemplate;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.validation.ConstraintViolationException;
import javax.validation.Validator;
import net.java.ao.ActiveObjectsException;
import org.bouncycastle.openpgp.PGPRuntimeOperationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-gpg-6.0.0.jar:com/atlassian/bitbucket/internal/gpg/DefaultGpgKeyService.class */
public class DefaultGpgKeyService implements GpgKeyService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultGpgKeyService.class);
    private final EventPublisher eventPublisher;
    private final I18nService i18nService;
    private final GpgKeyDao keyDao;
    private final PermissionValidationService permissionValidationService;
    private final TransactionTemplate transactionTemplate;
    private final UserService userService;
    private final Validator validator;

    public DefaultGpgKeyService(EventPublisher eventPublisher, I18nService i18nService, PermissionValidationService permissionValidationService, GpgKeyDao gpgKeyDao, TransactionTemplate transactionTemplate, UserService userService, Validator validator) {
        this.eventPublisher = eventPublisher;
        this.i18nService = i18nService;
        this.keyDao = gpgKeyDao;
        this.permissionValidationService = permissionValidationService;
        this.transactionTemplate = transactionTemplate;
        this.userService = userService;
        this.validator = validator;
    }

    @Override // com.atlassian.bitbucket.gpg.GpgKeyService
    @Nonnull
    public List<GpgKey> addKeys(@Nonnull AddGpgKeyRequest addGpgKeyRequest) {
        Set validate = this.validator.validate(Objects.requireNonNull(addGpgKeyRequest, "request"), new Class[0]);
        if (!validate.isEmpty()) {
            throw new ConstraintViolationException(validate);
        }
        ApplicationUser user = ((AddGpgKeyRequest) Objects.requireNonNull(addGpgKeyRequest, "request")).getUser();
        this.permissionValidationService.validateForUser(user, Permission.USER_ADMIN);
        try {
            List<GpgKey> parseGpgKeyRing = SignatureUtil.parseGpgKeyRing(addGpgKeyRequest.getKeyText());
            if (parseGpgKeyRing.isEmpty()) {
                throw new InvalidGpgKeyException(this.i18nService.createKeyedMessage("bitbucket.service.gpg.key.not.provided", new Object[0]));
            }
            return (List) this.transactionTemplate.execute(() -> {
                ImmutableList.Builder builder = ImmutableList.builder();
                try {
                    Iterator it = parseGpgKeyRing.iterator();
                    while (it.hasNext()) {
                        GpgKey gpgKey = (GpgKey) it.next();
                        AoGpgKey orElse = this.keyDao.findByFingerprint(gpgKey.getFingerprint()).orElse(null);
                        if (orElse != null) {
                            ApplicationUser userById = orElse.getUserId().intValue() == user.getId() ? user : this.userService.getUserById(orElse.getUserId().intValue(), true);
                            boolean z = userById == null || !userById.isActive();
                            if (!z && !ApplicationUserEquality.equals(userById, user)) {
                                throw new DuplicateGpgKeyException(this.i18nService.createKeyedMessage("bitbucket.service.gpg.key.duplicate", new Object[0]));
                            }
                            if (z) {
                                log.info("Deleting stale GPG key with ID {} for inactive user {}", Long.toHexString(orElse.getId()), userById == null ? "<missing>" : userById.getName());
                            }
                            this.keyDao.delete(orElse);
                            this.eventPublisher.publish(new GpgKeyDeletedEvent(this, initialize(orElse)));
                        }
                        AoGpgKey initialize = initialize(this.keyDao.create(new SimpleGpgKey.Builder(gpgKey).user(user).build()));
                        this.eventPublisher.publish(new GpgKeyCreatedEvent(this, initialize));
                        builder.add((ImmutableList.Builder) initialize);
                    }
                    return builder.build();
                } catch (ActiveObjectsException e) {
                    log.error("Unable to persist GPG key", (Throwable) e);
                    throw new DataStoreException(this.i18nService.createKeyedMessage("bitbucket.service.gpg.key.db.create.failed", new Object[0]), e);
                }
            });
        } catch (IOException | PGPRuntimeOperationException e) {
            throw new InvalidGpgKeyException(getDetailedMessage(e), e);
        }
    }

    @Override // com.atlassian.bitbucket.gpg.GpgKeyService
    public int deleteAllForUser(@Nonnull ApplicationUser applicationUser) {
        this.permissionValidationService.validateForUser(applicationUser, Permission.USER_ADMIN);
        return ((Integer) this.transactionTemplate.execute(() -> {
            return Integer.valueOf(this.keyDao.deleteAllForUser(applicationUser.getId()));
        })).intValue();
    }

    @Override // com.atlassian.bitbucket.gpg.GpgKeyService
    public boolean deleteById(@Nonnull String str) {
        Objects.requireNonNull(str, "fingerprintOrId");
        this.permissionValidationService.validateAuthenticated();
        return ((Boolean) this.transactionTemplate.execute(() -> {
            ApplicationUser userById;
            if (str.length() != 16) {
                AoGpgKey orElse = this.keyDao.findByFingerprint(str).orElse(null);
                if (orElse == null) {
                    return false;
                }
                this.permissionValidationService.validateForUser(getUserForKey(orElse), Permission.USER_ADMIN);
                this.keyDao.delete(orElse);
                this.eventPublisher.publish(new GpgKeyDeletedEvent(this, initialize(orElse)));
                return true;
            }
            AuthorisationException authorisationException = null;
            for (AoGpgKey aoGpgKey : this.keyDao.findByKeyId(Long.parseUnsignedLong(str, 16))) {
                try {
                    userById = this.userService.getUserById(aoGpgKey.getUserId().intValue(), true);
                } catch (AuthorisationException e) {
                    authorisationException = e;
                }
                if (userById != null) {
                    this.permissionValidationService.validateForUser(userById, Permission.USER_ADMIN);
                    this.keyDao.delete(aoGpgKey);
                    this.eventPublisher.publish(new GpgKeyDeletedEvent(this, initialize(aoGpgKey)));
                    return true;
                }
                continue;
            }
            if (authorisationException != null) {
                throw authorisationException;
            }
            return false;
        })).booleanValue();
    }

    @Override // com.atlassian.bitbucket.gpg.GpgKeyService
    @Nonnull
    public Page<GpgKey> findAllForUser(@Nonnull ApplicationUser applicationUser, @Nonnull PageRequest pageRequest) {
        return (Page) this.transactionTemplate.execute(() -> {
            this.permissionValidationService.validateForUser(applicationUser, Permission.USER_ADMIN);
            return PageUtils.asPageOf(GpgKey.class, initialize(this.keyDao.findByUser(applicationUser, pageRequest), applicationUser));
        });
    }

    @Override // com.atlassian.bitbucket.gpg.GpgKeyService
    @Nonnull
    public List<GpgKey> findById(long j) {
        return (List) this.transactionTemplate.execute(() -> {
            return ImmutableList.copyOf((Collection) initialize(this.keyDao.findByKeyId(j)));
        });
    }

    @EventListener
    public void onUserCleanup(@Nonnull UserCleanupEvent userCleanupEvent) {
        do {
        } while (!((Page) this.transactionTemplate.execute(() -> {
            Page<AoGpgKey> findByUser = this.keyDao.findByUser(userCleanupEvent.getDeletedUser(), PageUtils.newRequest(0, 250));
            for (AoGpgKey aoGpgKey : findByUser.getValues()) {
                this.keyDao.delete(aoGpgKey);
                this.eventPublisher.publish(new GpgKeyDeletedEvent(this, initialize(aoGpgKey)));
            }
            return findByUser;
        })).getIsLastPage());
    }

    private ApplicationUser getUserForKey(AoGpgKey aoGpgKey) {
        return this.userService.getUserById(aoGpgKey.getUserId().intValue(), true);
    }

    private AoGpgKey initialize(AoGpgKey aoGpgKey) {
        aoGpgKey.initialize(this.userService.getUserById(aoGpgKey.getUserId().intValue(), true));
        return aoGpgKey;
    }

    private Page<AoGpgKey> initialize(Page<AoGpgKey> page, ApplicationUser applicationUser) {
        Iterator<AoGpgKey> it = page.getValues().iterator();
        while (it.hasNext()) {
            it.next().initialize(applicationUser);
        }
        return page;
    }

    private List<AoGpgKey> initialize(List<AoGpgKey> list) {
        list.forEach(this::initialize);
        return list;
    }

    private KeyedMessage getDetailedMessage(Exception exc) {
        return (exc.getCause() == null || !"unknown PGP public key algorithm encountered".equals(exc.getCause().getMessage())) ? this.i18nService.createKeyedMessage("bitbucket.service.gpg.key.invalid", new Object[0]) : this.i18nService.createKeyedMessage("bitbucket.service.gpg.key.unsupported.algorithm", new Object[0]);
    }
}
