package com.atlassian.bitbucket.internal.mirroring.upstream.auth;

import com.atlassian.bitbucket.AuthorisationException;
import com.atlassian.bitbucket.auth.Authentication;
import com.atlassian.bitbucket.auth.AuthenticationContext;
import com.atlassian.bitbucket.auth.AuthenticationException;
import com.atlassian.bitbucket.auth.AuthenticationService;
import com.atlassian.bitbucket.auth.AuthenticationSystemException;
import com.atlassian.bitbucket.auth.CaptchaRequiredAuthenticationException;
import com.atlassian.bitbucket.dmz.permission.DmzPermissionService;
import com.atlassian.bitbucket.dmz.permission.EffectivePermission;
import com.atlassian.bitbucket.dmz.permission.SimpleEffectiveGlobalPermission;
import com.atlassian.bitbucket.dmz.permission.SimpleEffectiveRepositoryPermission;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.internal.mirroring.auth.Credentials;
import com.atlassian.bitbucket.internal.mirroring.auth.CredentialsVisitor;
import com.atlassian.bitbucket.internal.mirroring.auth.SshCredentials;
import com.atlassian.bitbucket.internal.mirroring.auth.UsernamePasswordCredentials;
import com.atlassian.bitbucket.internal.mirroring.upstream.InternalMirrorService;
import com.atlassian.bitbucket.internal.mirroring.upstream.SmartMirroringFeature;
import com.atlassian.bitbucket.internal.mirroring.user.ApplicationUserWithPermissions;
import com.atlassian.bitbucket.internal.mirroring.user.SimpleApplicationUserWithPermissions;
import com.atlassian.bitbucket.mirroring.upstream.MirrorServer;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.repository.Repository;
import com.atlassian.bitbucket.repository.RepositorySupplier;
import com.atlassian.bitbucket.ssh.SshKeyService;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.NoSuchUserException;
import com.atlassian.bitbucket.util.ValidationUtils;
import com.google.common.collect.ImmutableList;
import java.util.Collections;
import java.util.Optional;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.validation.Validator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-mirroring-upstream-6.0.0.jar:com/atlassian/bitbucket/internal/mirroring/upstream/auth/DefaultMirrorAuthenticationService.class */
public class DefaultMirrorAuthenticationService implements MirrorAuthenticationService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultMirrorAuthenticationService.class);
    private final AuthenticationContext authenticationContext;
    private final AuthenticationService authenticationService;
    private final I18nService i18nService;
    private final SmartMirroringFeature mirroringFeature;
    private final InternalMirrorService mirrorServerService;
    private final DmzPermissionService permissionService;
    private final RepositorySupplier repositorySupplier;
    private final SshKeyService sshKeyService;
    private final Validator validator;

    @Autowired
    public DefaultMirrorAuthenticationService(AuthenticationContext authenticationContext, AuthenticationService authenticationService, I18nService i18nService, InternalMirrorService internalMirrorService, SmartMirroringFeature smartMirroringFeature, DmzPermissionService dmzPermissionService, RepositorySupplier repositorySupplier, SshKeyService sshKeyService, Validator validator) {
        this.authenticationContext = authenticationContext;
        this.authenticationService = authenticationService;
        this.i18nService = i18nService;
        this.mirrorServerService = internalMirrorService;
        this.mirroringFeature = smartMirroringFeature;
        this.permissionService = dmzPermissionService;
        this.repositorySupplier = repositorySupplier;
        this.sshKeyService = sshKeyService;
        this.validator = validator;
    }

    @Override // com.atlassian.bitbucket.internal.mirroring.upstream.auth.MirrorAuthenticationService
    public ApplicationUserWithPermissions authenticateForUser(@Nonnull Credentials credentials) {
        return authenticateForUser(credentials, null);
    }

    @Override // com.atlassian.bitbucket.internal.mirroring.upstream.auth.MirrorAuthenticationService
    public ApplicationUserWithPermissions authenticateForUser(@Nonnull Credentials credentials, @Nullable final Integer num) {
        this.mirroringFeature.checkEnabled();
        MirrorServer forUser = this.mirrorServerService.getForUser(this.authenticationContext.getCurrentUser());
        if (forUser == null || !forUser.isEnabled()) {
            throw new AuthorisationException(this.i18nService.createKeyedMessage("bitbucket.mirroring.authentication.delegation.permission.denied", new Object[0]));
        }
        ValidationUtils.validate(this.validator, credentials, new Class[0]);
        return (ApplicationUserWithPermissions) credentials.accept(new CredentialsVisitor<ApplicationUserWithPermissions>() { // from class: com.atlassian.bitbucket.internal.mirroring.upstream.auth.DefaultMirrorAuthenticationService.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.bitbucket.internal.mirroring.auth.CredentialsVisitor
            public ApplicationUserWithPermissions visit(@Nonnull SshCredentials sshCredentials) {
                return DefaultMirrorAuthenticationService.this.performPublicKeyAuthentication(sshCredentials);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.bitbucket.internal.mirroring.auth.CredentialsVisitor
            public ApplicationUserWithPermissions visit(@Nonnull UsernamePasswordCredentials usernamePasswordCredentials) {
                return DefaultMirrorAuthenticationService.this.performUsernamePasswordAuthentication(usernamePasswordCredentials, num);
            }
        });
    }

    private Optional<Permission> getHighestGlobalPermission() {
        Permission permission = null;
        if (this.permissionService.hasGlobalPermission(Permission.ADMIN)) {
            permission = this.permissionService.hasGlobalPermission(Permission.SYS_ADMIN) ? Permission.SYS_ADMIN : Permission.ADMIN;
        } else if (this.permissionService.hasGlobalPermission(Permission.LICENSED_USER)) {
            permission = Permission.LICENSED_USER;
        }
        return Optional.ofNullable(permission);
    }

    private Optional<Permission> getHighestRepositoryPermission(int i) {
        try {
            Repository byId = this.repositorySupplier.getById(i);
            if (byId == null) {
                return Optional.empty();
            }
            Permission permission = Permission.REPO_READ;
            if (this.permissionService.hasRepositoryPermission(byId, Permission.REPO_WRITE)) {
                permission = this.permissionService.hasRepositoryPermission(byId, Permission.REPO_ADMIN) ? Permission.REPO_ADMIN : Permission.REPO_WRITE;
            }
            return Optional.of(permission);
        } catch (AuthorisationException e) {
            return Optional.empty();
        }
    }

    private Iterable<EffectivePermission> getPermissions(@Nonnull Authentication authentication, Integer num) {
        if (num == null) {
            Optional<ApplicationUser> user = authentication.getUser();
            DmzPermissionService dmzPermissionService = this.permissionService;
            dmzPermissionService.getClass();
            return (Iterable) user.map(dmzPermissionService::getEffectivePermissions).orElse(Collections.emptyList());
        }
        Authentication authentication2 = this.authenticationService.set(authentication);
        try {
            ImmutableList.Builder builder = ImmutableList.builder();
            getHighestGlobalPermission().ifPresent(permission -> {
                builder.add((ImmutableList.Builder) new SimpleEffectiveGlobalPermission(permission));
            });
            getHighestRepositoryPermission(num.intValue()).ifPresent(permission2 -> {
                builder.add((ImmutableList.Builder) new SimpleEffectiveRepositoryPermission(num.intValue(), permission2));
            });
            ImmutableList build = builder.build();
            this.authenticationService.set(authentication2);
            return build;
        } catch (Throwable th) {
            this.authenticationService.set(authentication2);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ApplicationUserWithPermissions performPublicKeyAuthentication(SshCredentials sshCredentials) {
        ApplicationUser findUserByPublicKey = this.sshKeyService.findUserByPublicKey(sshCredentials.getPublicKey());
        if (findUserByPublicKey != null) {
            return new SimpleApplicationUserWithPermissions(findUserByPublicKey, this.permissionService.getEffectivePermissions(findUserByPublicKey));
        }
        log.debug("Mirror SSH authentication failed for {} with {} public key", sshCredentials.getUsername(), sshCredentials.getPublicKey().getAlgorithm());
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ApplicationUserWithPermissions performUsernamePasswordAuthentication(UsernamePasswordCredentials usernamePasswordCredentials, Integer num) {
        try {
            Authentication authenticateWithCaptcha = this.authenticationService.authenticateWithCaptcha(usernamePasswordCredentials.getUsername(), usernamePasswordCredentials.getPassword());
            if (!authenticateWithCaptcha.getUser().isPresent()) {
                return null;
            }
            return new SimpleApplicationUserWithPermissions(authenticateWithCaptcha.getUser().get(), getPermissions(authenticateWithCaptcha, num));
        } catch (AuthenticationSystemException | CaptchaRequiredAuthenticationException e) {
            throw e;
        } catch (AuthenticationException | NoSuchUserException e2) {
            log.debug("Mirror username/password authentication failed for {}", usernamePasswordCredentials.getUsername(), e2);
            return null;
        }
    }
}
