package com.atlassian.bitbucket.internal.search.common.settings.provisioning;

import com.atlassian.bitbucket.internal.search.common.settings.AuthenticationProvisioner;
import com.atlassian.bitbucket.internal.search.common.settings.InternalSearchSettingsService;
import com.atlassian.bitbucket.internal.search.common.settings.PluginProperty;
import com.atlassian.bitbucket.internal.search.common.settings.SimpleSearchSettings;
import com.atlassian.bitbucket.internal.search.common.settings.tester.ElasticsearchConnectionResult;
import com.atlassian.bitbucket.internal.search.common.settings.tester.ElasticsearchConnectionTester;
import com.atlassian.bitbucket.internal.search.common.util.Eithers;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service("authenticationProvisioner")
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-search-6.0.0.jar:com/atlassian/bitbucket/internal/search/common/settings/provisioning/AutomaticAuthenticationProvisioner.class */
public class AutomaticAuthenticationProvisioner implements AuthenticationProvisioner {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AutomaticAuthenticationProvisioner.class);
    private final ElasticsearchConnectionTester elasticsearchConnectionTester;
    private final ElasticsearchAuthenticationConfigurer esAuthConfigurer;
    private final InternalSearchSettingsService searchSettings;

    @Autowired
    public AutomaticAuthenticationProvisioner(ElasticsearchAuthenticationConfigurer elasticsearchAuthenticationConfigurer, ElasticsearchConnectionTester elasticsearchConnectionTester, InternalSearchSettingsService internalSearchSettingsService) {
        this.esAuthConfigurer = elasticsearchAuthenticationConfigurer;
        this.elasticsearchConnectionTester = elasticsearchConnectionTester;
        this.searchSettings = internalSearchSettingsService;
    }

    @Override // com.atlassian.bitbucket.internal.search.common.settings.AuthenticationProvisioner
    public synchronized boolean doProvision() {
        log.debug("Testing if automatic Elasticsearch authentication configuration should be performed.");
        String baseUrl = this.searchSettings.getBaseUrl();
        if (this.searchSettings.getPluginPropertyValue(PluginProperty.USERNAME).isPresent() || this.searchSettings.getPluginPropertyValue(PluginProperty.PASSWORD).isPresent()) {
            log.debug("Skipping automatic auth configuration: Username or password have already been set.");
            return false;
        }
        if (this.searchSettings.getPluginPropertyValue(PluginProperty.AWS_REGION).isPresent()) {
            log.debug("Skipping automatic auth configuration: AWS request signing is enabled.");
            return false;
        }
        if (this.esAuthConfigurer.hasUnrecoverableConnectionError(baseUrl)) {
            log.debug("Skipping automatic auth configuration: Elasticsearch instance is not available for connection.");
            return false;
        }
        if (this.esAuthConfigurer.isAccessibleWithoutAuthentication(baseUrl)) {
            log.debug("Skipping automatic auth configuration: Authentication is disabled on Elasticsearch instance");
            return false;
        }
        if (!this.esAuthConfigurer.isUsingDefaultCredentials(baseUrl)) {
            log.debug("Skipping automatic auth configuration: Elasticsearch instance is already configured");
            return false;
        }
        log.info("Performing automatic Elasticsearch auth configuration");
        Optional optional = Eithers.toOptional(this.esAuthConfigurer.configureAuthentication(baseUrl), authenticationConfigurationException -> {
            log.error("Automatic Elasticsearch auth configuration failed", (Throwable) authenticationConfigurationException);
        });
        optional.ifPresent(usernamePassword -> {
            this.searchSettings.updateConnectionSettings(Optional.of(baseUrl), Optional.of(usernamePassword.getUsername()), Optional.of(usernamePassword.getPassword()));
        });
        return optional.isPresent();
    }

    @Override // com.atlassian.bitbucket.internal.search.common.settings.AuthenticationProvisioner
    public synchronized boolean doProvisionWithDefaultDetails() {
        String baseUrl = this.searchSettings.getBaseUrl();
        log.debug("Attempting to configure Elasticsearch with the default configuration, ignoring saved settings");
        if (!this.esAuthConfigurer.isUsingDefaultCredentials(baseUrl)) {
            return false;
        }
        log.info("Elasticsearch is using default credentials. Will attempt to provision authentication");
        return ((Boolean) this.esAuthConfigurer.configureAuthentication(baseUrl).fold(authenticationConfigurationException -> {
            return false;
        }, usernamePassword -> {
            if (this.elasticsearchConnectionTester.testConnection(new SimpleSearchSettings.Builder(baseUrl).usernameAndPassword(usernamePassword).build()) == ElasticsearchConnectionResult.AUTHENTICATION_ERROR) {
                log.info("Provisioning was attempted but unable to complete due to expected username/password being unauthorised. This is possibly due to to another provisioning job taking place. Investigate the search connection to ensure your connection is valid");
                return false;
            }
            this.searchSettings.updateConnectionSettings(Optional.of(baseUrl), Optional.of(usernamePassword.getUsername()), Optional.of(usernamePassword.getPassword()));
            log.info("Authentication was failing, but Elasticsearch was set to default password. Reattempting original provisioning should now occur through StartupChecks");
            return true;
        })).booleanValue();
    }
}
