package com.atlassian.bitbucket.internal.key.ssh;

import com.atlassian.activeobjects.external.ActiveObjects;
import com.atlassian.bitbucket.dmz.user.DmzPermissionAdminService;
import com.atlassian.bitbucket.dmz.user.PermittedUserSearchRequest;
import com.atlassian.bitbucket.dmz.user.ProjectPermissionRequest;
import com.atlassian.bitbucket.dmz.user.ProjectPermissionSearchRequest;
import com.atlassian.bitbucket.dmz.user.RepositoryPermissionRequest;
import com.atlassian.bitbucket.dmz.user.RepositoryPermissionSearchRequest;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.internal.importer.web.RepositoryImportInProgressServlet;
import com.atlassian.bitbucket.internal.ssh.InternalSshKeyService;
import com.atlassian.bitbucket.internal.ssh.SshConstants;
import com.atlassian.bitbucket.internal.ssh.SshKeySearchRequest;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.permission.PermissionService;
import com.atlassian.bitbucket.permission.PermissionValidationService;
import com.atlassian.bitbucket.permission.PermittedUser;
import com.atlassian.bitbucket.permission.SetPermissionRequest;
import com.atlassian.bitbucket.project.Project;
import com.atlassian.bitbucket.repository.Repository;
import com.atlassian.bitbucket.scope.GlobalScope;
import com.atlassian.bitbucket.scope.ProjectScope;
import com.atlassian.bitbucket.scope.RepositoryScope;
import com.atlassian.bitbucket.scope.Scope;
import com.atlassian.bitbucket.scope.ScopeVisitor;
import com.atlassian.bitbucket.ssh.DuplicateSshKeyException;
import com.atlassian.bitbucket.ssh.KeyType;
import com.atlassian.bitbucket.ssh.NoSuchSshKeyException;
import com.atlassian.bitbucket.ssh.SetSshAccessKeyRequest;
import com.atlassian.bitbucket.ssh.SshAccessKey;
import com.atlassian.bitbucket.ssh.SshAccessKeySearchRequest;
import com.atlassian.bitbucket.ssh.SshAccessKeyService;
import com.atlassian.bitbucket.ssh.SshConfigurationService;
import com.atlassian.bitbucket.ssh.SshKey;
import com.atlassian.bitbucket.ssh.SshKeyAccessDisabledException;
import com.atlassian.bitbucket.ssh.event.SshAccessKeyEvent;
import com.atlassian.bitbucket.ssh.event.SshAccessKeyGrantedEvent;
import com.atlassian.bitbucket.ssh.event.SshAccessKeyRevokedEvent;
import com.atlassian.bitbucket.ssh.event.SshKeyDeletedEvent;
import com.atlassian.bitbucket.ssh.util.KeyUtils;
import com.atlassian.bitbucket.user.AbstractApplicationUserVisitor;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.EscalatedSecurityContext;
import com.atlassian.bitbucket.user.SecurityService;
import com.atlassian.bitbucket.user.ServiceUser;
import com.atlassian.bitbucket.user.ServiceUserCreateRequest;
import com.atlassian.bitbucket.user.UserAdminService;
import com.atlassian.bitbucket.user.UserType;
import com.atlassian.bitbucket.util.Chainable;
import com.atlassian.bitbucket.util.Page;
import com.atlassian.bitbucket.util.PageProvider;
import com.atlassian.bitbucket.util.PageRequest;
import com.atlassian.bitbucket.util.PageRequestImpl;
import com.atlassian.bitbucket.util.PageUtils;
import com.atlassian.bitbucket.util.PagedIterable;
import com.atlassian.bitbucket.util.ValidationUtils;
import com.atlassian.event.api.EventListener;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.plugin.connect.bitbucket.web.context.BitbucketModuleContextFilter;
import com.atlassian.sal.api.transaction.TransactionCallback;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.Arrays;
import java.util.Collection;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.validation.Validator;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-ssh-6.0.0.jar:com/atlassian/bitbucket/internal/key/ssh/DefaultSshAccessKeyService.class */
public class DefaultSshAccessKeyService implements SshAccessKeyService {
    static final int LIMIT_PAGE_SIZE = 50;
    private static final int BATCH_SIZE = 100;
    private static final String GLOBAL_SCOPE_ACCESS_KEY = "GlobalScope is not applicable when searching for SSH access keys";
    private final ActiveObjects ao;
    private final SshConfigurationService configurationService;
    private final EventPublisher eventPublisher;
    private final I18nService i18nService;
    private final InternalSshKeyService keyService;
    private final DmzPermissionAdminService permissionAdminService;
    private final PermissionService permissionService;
    private final PermissionValidationService permissionValidationService;
    private final SecurityService securityService;
    private final UserAdminService userAdminService;
    private final Validator validator;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultSshAccessKeyService.class);
    private static final EnumSet<Permission> REPO_ACCESS_KEY_PERMS = Sets.newEnumSet(Arrays.asList(Permission.REPO_READ, Permission.REPO_WRITE), Permission.class);
    private static final EnumSet<Permission> PROJECT_ACCESS_KEY_PERMS = Sets.newEnumSet(Arrays.asList(Permission.PROJECT_READ, Permission.PROJECT_WRITE), Permission.class);

    public DefaultSshAccessKeyService(SshConfigurationService sshConfigurationService, EventPublisher eventPublisher, I18nService i18nService, InternalSshKeyService internalSshKeyService, DmzPermissionAdminService dmzPermissionAdminService, PermissionService permissionService, PermissionValidationService permissionValidationService, SecurityService securityService, ActiveObjects activeObjects, UserAdminService userAdminService, Validator validator) {
        this.ao = activeObjects;
        this.configurationService = sshConfigurationService;
        this.eventPublisher = eventPublisher;
        this.i18nService = i18nService;
        this.keyService = internalSshKeyService;
        this.permissionAdminService = dmzPermissionAdminService;
        this.permissionService = permissionService;
        this.permissionValidationService = permissionValidationService;
        this.securityService = securityService;
        this.userAdminService = userAdminService;
        this.validator = validator;
    }

    @Override // com.atlassian.bitbucket.ssh.SshAccessKeyService
    public boolean existsForProject(@Nonnull Project project) {
        Preconditions.checkNotNull(Integer.valueOf(((Project) Preconditions.checkNotNull(project, "project")).getId()), BitbucketModuleContextFilter.PROJECT_ID);
        if (this.permissionService.hasProjectPermission(project, Permission.PROJECT_ADMIN)) {
            return ((Boolean) this.ao.executeInTransaction(() -> {
                Predicate<PermittedUser> serviceUserWithSshKeyPredicate = serviceUserWithSshKeyPredicate(Maps.newHashMap());
                PagedIterable pagedIterable = new PagedIterable(pageRequest -> {
                    return this.permissionAdminService.searchUsers(new PermittedUserSearchRequest.Builder().project(project).userType(UserType.SERVICE).build(), pageRequest);
                }, 50);
                serviceUserWithSshKeyPredicate.getClass();
                return Boolean.valueOf(Iterables.any(pagedIterable, (v1) -> {
                    return r1.test(v1);
                }));
            })).booleanValue();
        }
        return false;
    }

    @Override // com.atlassian.bitbucket.ssh.SshAccessKeyService
    public boolean existsForRepository(@Nonnull Repository repository) {
        Preconditions.checkNotNull(Integer.valueOf(((Repository) Preconditions.checkNotNull(repository, "repository")).getId()), BitbucketModuleContextFilter.REPOSITORY_ID);
        if (this.permissionService.hasRepositoryPermission(repository, Permission.REPO_ADMIN)) {
            return ((Boolean) this.ao.executeInTransaction(() -> {
                Predicate<PermittedUser> serviceUserWithSshKeyPredicate = serviceUserWithSshKeyPredicate(Maps.newHashMap());
                PagedIterable pagedIterable = new PagedIterable(pageRequest -> {
                    return this.permissionAdminService.searchUsers(new PermittedUserSearchRequest.Builder().repository(repository).userType(UserType.SERVICE).build(), pageRequest);
                }, 50);
                serviceUserWithSshKeyPredicate.getClass();
                return Boolean.valueOf(Iterables.any(pagedIterable, (v1) -> {
                    return r1.test(v1);
                }));
            })).booleanValue();
        }
        return false;
    }

    @Override // com.atlassian.bitbucket.ssh.SshAccessKeyService
    @Nonnull
    public Page<SshAccessKey> findByKeyForProjects(int i, @Nonnull PageRequest pageRequest) {
        return (Page) this.ao.executeInTransaction(() -> {
            SshKey andValidateServiceUserKey = getAndValidateServiceUserKey(i);
            ApplicationUser user = andValidateServiceUserKey.getUser();
            EscalatedSecurityContext withPermission = this.securityService.withPermission(Permission.ADMIN, "Read in key accesses before filtering on visibility");
            return filterForVisibility(pageRequest2 -> {
                return (Page) withPermission.call(() -> {
                    return findPermittedProjects(andValidateServiceUserKey, user, pageRequest2);
                });
            }, pageRequest);
        });
    }

    @Override // com.atlassian.bitbucket.ssh.SshAccessKeyService
    @Nonnull
    public Page<SshAccessKey> findByKeyForRepositories(int i, @Nonnull PageRequest pageRequest) {
        return (Page) this.ao.executeInTransaction(() -> {
            SshKey andValidateServiceUserKey = getAndValidateServiceUserKey(i);
            ApplicationUser user = andValidateServiceUserKey.getUser();
            EscalatedSecurityContext withPermission = this.securityService.withPermission(Permission.ADMIN, "Read in key accesses before filtering on visibility");
            return filterForVisibility(pageRequest2 -> {
                return (Page) withPermission.call(() -> {
                    return findPermittedRepositories(andValidateServiceUserKey, user, pageRequest2);
                });
            }, pageRequest);
        });
    }

    @Override // com.atlassian.bitbucket.ssh.SshAccessKeyService
    @Nonnull
    public Optional<SshAccessKey> getByKeyAndProject(int i, @Nonnull Project project) {
        Preconditions.checkNotNull(Integer.valueOf(((Project) Preconditions.checkNotNull(project, "project")).getId()), BitbucketModuleContextFilter.PROJECT_ID);
        this.permissionValidationService.validateForProject(project, Permission.PROJECT_ADMIN);
        return (Optional) this.ao.executeInTransaction(() -> {
            return internalGetByProjectAndKey(i, project, false);
        });
    }

    @Override // com.atlassian.bitbucket.ssh.SshAccessKeyService
    @Nonnull
    public Optional<SshAccessKey> getByKeyAndRepository(int i, @Nonnull Repository repository) {
        Preconditions.checkNotNull(Integer.valueOf(((Repository) Preconditions.checkNotNull(repository, "repository")).getId()), BitbucketModuleContextFilter.REPOSITORY_ID);
        this.permissionValidationService.validateForRepository(repository, Permission.REPO_ADMIN);
        return (Optional) this.ao.executeInTransaction(() -> {
            Optional<SshAccessKey> internalGetByRepositoryAndKey = internalGetByRepositoryAndKey(i, repository, false);
            if (!internalGetByRepositoryAndKey.isPresent()) {
                internalGetByRepositoryAndKey = (Optional) this.securityService.withPermission(Permission.PROJECT_ADMIN, repository.getProject(), "Finding access keys for this repository's project").call(() -> {
                    return internalGetByProjectAndKey(i, repository.getProject(), false);
                });
            }
            return internalGetByRepositoryAndKey;
        });
    }

    @Override // com.atlassian.bitbucket.ssh.SshAccessKeyService
    public void revoke(int i, @Nonnull Project project) {
        Preconditions.checkNotNull(project, "project");
        Preconditions.checkNotNull(Integer.valueOf(((Project) Preconditions.checkNotNull(project, "project")).getId()), BitbucketModuleContextFilter.PROJECT_ID);
        this.permissionValidationService.validateForProject(project, Permission.PROJECT_ADMIN);
        this.ao.executeInTransaction(() -> {
            internalGetByProjectAndKey(i, project, true).ifPresent(sshAccessKey -> {
                ApplicationUser user = sshAccessKey.getKey().getUser();
                this.permissionAdminService.revokeAllProjectPermissions(project, user);
                log.debug("Access to project \"{}\" has been revoked for service user {}", project, user.getDisplayName());
                publish(new SshAccessKeyRevokedEvent(this, sshAccessKey));
                this.keyService.removeIfOrphaned(sshAccessKey.getKey(), user);
            });
            return null;
        });
    }

    @Override // com.atlassian.bitbucket.ssh.SshAccessKeyService
    public void revoke(int i, @Nonnull Repository repository) {
        Preconditions.checkNotNull(repository, "repository");
        Preconditions.checkNotNull(Integer.valueOf(((Repository) Preconditions.checkNotNull(repository, "repository")).getId()), BitbucketModuleContextFilter.REPOSITORY_ID);
        this.permissionValidationService.validateForRepository(repository, Permission.REPO_ADMIN);
        this.ao.executeInTransaction(() -> {
            internalGetByRepositoryAndKey(i, repository, true).ifPresent(sshAccessKey -> {
                ApplicationUser user = sshAccessKey.getKey().getUser();
                this.permissionAdminService.revokeAllRepositoryPermissions(repository, user);
                log.debug("Access to repository \"{}\" has been revoked for service user {}", repository, user.getDisplayName());
                publish(new SshAccessKeyRevokedEvent(this, sshAccessKey));
                this.keyService.removeIfOrphaned(sshAccessKey.getKey(), user);
            });
            return null;
        });
    }

    @Override // com.atlassian.bitbucket.ssh.SshAccessKeyService
    public void revoke(int i, @Nonnull Set<Repository> set, @Nonnull Set<Project> set2) {
        Preconditions.checkNotNull(set, "repositories");
        Preconditions.checkNotNull(set2, RepositoryImportInProgressServlet.PROJECTS);
        validateIsAdminOfRepos(set);
        validateIsAdminOfProjects(set2);
        SshKey serviceUserKey = getServiceUserKey(i);
        if (serviceUserKey == null) {
            return;
        }
        ApplicationUser user = serviceUserKey.getUser();
        ImmutableList build = ImmutableList.builder().addAll((Iterable) set2).addAll((Iterable) set).build();
        if (build.isEmpty()) {
            return;
        }
        Iterator it = Chainable.chain(build).partition(100).iterator();
        while (it.hasNext()) {
            List list = (List) it.next();
            this.ao.executeInTransaction(() -> {
                for (Object obj : list) {
                    if (obj instanceof Project) {
                        this.permissionAdminService.revokeAllProjectPermissions((Project) obj, user);
                    } else {
                        this.permissionAdminService.revokeAllRepositoryPermissions((Repository) obj, user);
                    }
                }
                this.keyService.removeIfOrphaned(serviceUserKey, user);
                return null;
            });
        }
    }

    @Override // com.atlassian.bitbucket.ssh.SshAccessKeyService
    @Nonnull
    public Page<SshAccessKey> search(@Nonnull SshAccessKeySearchRequest sshAccessKeySearchRequest, @Nonnull PageRequest pageRequest) {
        Scope scope = (Scope) sshAccessKeySearchRequest.getScope().accept(new ScopeVisitor<Scope>() { // from class: com.atlassian.bitbucket.internal.key.ssh.DefaultSshAccessKeyService.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.bitbucket.scope.ScopeVisitor
            public Scope visit(@Nonnull GlobalScope globalScope) {
                throw new IllegalArgumentException("GlobalScope is not applicable when searching for SshAccess keys");
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.bitbucket.scope.ScopeVisitor
            /* renamed from: visit */
            public Scope visit2(@Nonnull ProjectScope projectScope) {
                DefaultSshAccessKeyService.this.permissionValidationService.validateForProject(projectScope.getProject(), Permission.PROJECT_ADMIN);
                return projectScope;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.bitbucket.scope.ScopeVisitor
            /* renamed from: visit */
            public Scope visit2(@Nonnull RepositoryScope repositoryScope) {
                DefaultSshAccessKeyService.this.permissionValidationService.validateForRepository(repositoryScope.getRepository(), Permission.REPO_ADMIN);
                return repositoryScope;
            }
        });
        return ((scope instanceof ProjectScope) || !sshAccessKeySearchRequest.isEffective()) ? ((Page) this.ao.executeInTransaction(() -> {
            return PageUtils.filterPages(explicitAccessKeysProvider(scope), permissionFilter(sshAccessKeySearchRequest.getMinimumPermission()).and(labelFilter(sshAccessKeySearchRequest.getLabelPrefix())), limit(pageRequest));
        })).transform((v0) -> {
            return v0.get();
        }) : ((Page) this.ao.executeInTransaction(() -> {
            return PageUtils.filterPages(effectiveAccessKeysByLabelProvider(((RepositoryScope) scope).getRepository(), sshAccessKeySearchRequest.getLabelPrefix()), permissionFilter(sshAccessKeySearchRequest.getMinimumPermission()), limit(pageRequest));
        })).transform((v0) -> {
            return v0.get();
        });
    }

    @Override // com.atlassian.bitbucket.ssh.SshAccessKeyService
    @Nonnull
    public SshAccessKey set(@Nonnull final SetSshAccessKeyRequest setSshAccessKeyRequest) {
        if (!isAccessKeysEnabled()) {
            throw new SshKeyAccessDisabledException(this.i18nService.createKeyedMessage("bitbucket.service.ssh.key.access.disabled", new Object[0]));
        }
        if (setSshAccessKeyRequest.getKeyId() == null) {
            ValidationUtils.validate(this.validator, new ValidatingSshKey(setSshAccessKeyRequest.getKeyText()), new Class[0]);
        }
        this.permissionValidationService.validateAuthenticated();
        return (SshAccessKey) this.ao.executeInTransaction(new TransactionCallback<SshAccessKey>() { // from class: com.atlassian.bitbucket.internal.key.ssh.DefaultSshAccessKeyService.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.sal.api.transaction.TransactionCallback
            public SshAccessKey doInTransaction() {
                SimpleSshAccessKey simpleSshAccessKey;
                SshKey orCreateServiceUserKey = setSshAccessKeyRequest.getKeyId() == null ? DefaultSshAccessKeyService.this.getOrCreateServiceUserKey(setSshAccessKeyRequest.getKeyText(), setSshAccessKeyRequest.getKeyLabel()) : DefaultSshAccessKeyService.this.getAndValidateServiceUserKey(setSshAccessKeyRequest.getKeyId().intValue());
                SetPermissionRequest.Builder user = new SetPermissionRequest.Builder().user(orCreateServiceUserKey.getUser());
                Project project = setSshAccessKeyRequest.getProject();
                if (project != null) {
                    Permission projectPermission = DefaultSshAccessKeyService.this.permissionAdminService.getProjectPermission(new ProjectPermissionRequest.Builder().user(orCreateServiceUserKey.getUser()).project(project).build());
                    if (projectPermission != null && projectPermission == setSshAccessKeyRequest.getPermission()) {
                        throw new DuplicateSshKeyException(DefaultSshAccessKeyService.this.i18nService.createKeyedMessage("bitbucket.service.ssh.key.project.inuse", new Object[0]));
                    }
                    DefaultSshAccessKeyService.this.permissionAdminService.setPermission(user.projectPermission(setSshAccessKeyRequest.getPermission(), project).build());
                    DefaultSshAccessKeyService.log.debug("Service user {} added ssh access key for project \"{}\"", orCreateServiceUserKey.getUser().getName(), project);
                    simpleSshAccessKey = new SimpleSshAccessKey(orCreateServiceUserKey, project, setSshAccessKeyRequest.getPermission());
                } else {
                    Repository repository = setSshAccessKeyRequest.getRepository();
                    Permission repositoryPermission = DefaultSshAccessKeyService.this.permissionAdminService.getRepositoryPermission(new RepositoryPermissionRequest.Builder().user(orCreateServiceUserKey.getUser()).repository(repository).build());
                    if (repositoryPermission != null && repositoryPermission == setSshAccessKeyRequest.getPermission()) {
                        throw new DuplicateSshKeyException(DefaultSshAccessKeyService.this.i18nService.createKeyedMessage("bitbucket.service.ssh.key.repository.inuse", new Object[0]));
                    }
                    DefaultSshAccessKeyService.this.permissionAdminService.setPermission(user.repositoryPermission(setSshAccessKeyRequest.getPermission(), repository).build());
                    DefaultSshAccessKeyService.log.debug("Service user {} added ssh access key for repository \"{}\"", orCreateServiceUserKey.getUser().getName(), repository);
                    simpleSshAccessKey = new SimpleSshAccessKey(orCreateServiceUserKey, repository, setSshAccessKeyRequest.getPermission());
                }
                DefaultSshAccessKeyService.this.publish(new SshAccessKeyGrantedEvent(this, simpleSshAccessKey));
                return simpleSshAccessKey;
            }
        });
    }

    @EventListener
    public void onSshKeyDeleted(SshKeyDeletedEvent sshKeyDeletedEvent) {
        SshKey key = sshKeyDeletedEvent.getKey();
        if (isAccessKeyUser(key.getUser())) {
            this.securityService.withPermission(Permission.ADMIN, "Revoking all permissions for access key user because their SSH key has been deleted").call(() -> {
                this.permissionAdminService.revokeAllUserPermissions(key.getUser());
                return null;
            });
        }
    }

    private Function<SshKey, Optional<SshAccessKey>> createAccessKeyFunction(Repository repository) {
        HashMap hashMap = new HashMap();
        return sshKey -> {
            Permission permission = (Permission) hashMap.computeIfAbsent(sshKey.getUser(), applicationUser -> {
                if (isAccessKeyUser(applicationUser) && this.permissionService.hasRepositoryPermission(applicationUser, repository, Permission.REPO_READ)) {
                    return this.permissionService.hasRepositoryPermission(applicationUser, repository, Permission.REPO_WRITE) ? Permission.REPO_WRITE : Permission.REPO_READ;
                }
                return null;
            });
            return permission != null ? Optional.of(new SimpleSshAccessKey(sshKey, repository, permission)) : Optional.empty();
        };
    }

    private PageProvider<Optional<SshAccessKey>> effectiveAccessKeysByLabelProvider(Repository repository, String str) {
        Objects.requireNonNull(repository, "repository");
        SshKeySearchRequest build = new SshKeySearchRequest.Builder().labelPrefix(str).keyType(KeyType.ACCESS_KEY).build();
        return pageRequest -> {
            return this.keyService.search(build, pageRequest).transform(createAccessKeyFunction(repository));
        };
    }

    private Optional<SshAccessKey> internalGetByProjectAndKey(int i, Project project, boolean z) {
        SshKey andValidateServiceUserKey = z ? getAndValidateServiceUserKey(i) : getServiceUserKey(i);
        if (andValidateServiceUserKey == null) {
            return Optional.empty();
        }
        ApplicationUser user = andValidateServiceUserKey.getUser();
        Permission permission = null;
        if (user != null) {
            permission = this.permissionAdminService.getProjectPermission(new ProjectPermissionRequest.Builder().user(user).project(project).build());
        }
        return (permission == null || !PROJECT_ACCESS_KEY_PERMS.contains(permission)) ? Optional.empty() : Optional.of(new SimpleSshAccessKey(andValidateServiceUserKey, project, permission));
    }

    private PageProvider<Optional<SshAccessKey>> explicitAccessKeysProvider(Scope scope) {
        PermittedUserSearchRequest permittedUserSearchRequest = (PermittedUserSearchRequest) scope.accept(new ScopeVisitor<PermittedUserSearchRequest>() { // from class: com.atlassian.bitbucket.internal.key.ssh.DefaultSshAccessKeyService.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.bitbucket.scope.ScopeVisitor
            public PermittedUserSearchRequest visit(@Nonnull GlobalScope globalScope) {
                throw new IllegalArgumentException(DefaultSshAccessKeyService.GLOBAL_SCOPE_ACCESS_KEY);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.bitbucket.scope.ScopeVisitor
            /* renamed from: visit */
            public PermittedUserSearchRequest visit2(@Nonnull ProjectScope projectScope) {
                return new PermittedUserSearchRequest.Builder().userType(UserType.SERVICE).project(projectScope.getProject()).build();
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.bitbucket.scope.ScopeVisitor
            /* renamed from: visit */
            public PermittedUserSearchRequest visit2(@Nonnull RepositoryScope repositoryScope) {
                return new PermittedUserSearchRequest.Builder().userType(UserType.SERVICE).repository(repositoryScope.getRepository()).build();
            }
        });
        Object accept = scope.accept(new ScopeVisitor<Object>() { // from class: com.atlassian.bitbucket.internal.key.ssh.DefaultSshAccessKeyService.4
            @Override // com.atlassian.bitbucket.scope.ScopeVisitor
            public Object visit(@Nonnull GlobalScope globalScope) {
                throw new IllegalArgumentException(DefaultSshAccessKeyService.GLOBAL_SCOPE_ACCESS_KEY);
            }

            @Override // com.atlassian.bitbucket.scope.ScopeVisitor
            /* renamed from: visit */
            public Object visit2(@Nonnull ProjectScope projectScope) {
                return projectScope.getProject();
            }

            @Override // com.atlassian.bitbucket.scope.ScopeVisitor
            /* renamed from: visit */
            public Object visit2(@Nonnull RepositoryScope repositoryScope) {
                return repositoryScope.getRepository();
            }
        });
        HashMap hashMap = new HashMap();
        return pageRequest -> {
            return this.permissionAdminService.searchUsers(permittedUserSearchRequest, pageRequest).transform(permittedUser -> {
                ApplicationUser user = permittedUser.getUser();
                SshKey sshKey = (SshKey) hashMap.computeIfAbsent(Integer.valueOf(user.getId()), num -> {
                    return (SshKey) Iterables.getOnlyElement(this.keyService.findAllForUser(user, DefaultSshKeyService.PAGE_REQUEST_OF_1).getValues(), null);
                });
                return sshKey == null ? Optional.empty() : Optional.of(new SimpleSshAccessKey(sshKey, accept, permittedUser.getPermission()));
            });
        };
    }

    private Optional<SshAccessKey> internalGetByRepositoryAndKey(int i, Repository repository, boolean z) {
        SshKey andValidateServiceUserKey = z ? getAndValidateServiceUserKey(i) : getServiceUserKey(i);
        if (andValidateServiceUserKey == null) {
            return Optional.empty();
        }
        ApplicationUser user = andValidateServiceUserKey.getUser();
        Permission permission = null;
        if (user != null) {
            permission = this.permissionAdminService.getRepositoryPermission(new RepositoryPermissionRequest.Builder().user(user).repository(repository).build());
        }
        return (permission == null || !REPO_ACCESS_KEY_PERMS.contains(permission)) ? Optional.empty() : Optional.of(new SimpleSshAccessKey(andValidateServiceUserKey, repository, permission));
    }

    private boolean isAccessKeysEnabled() {
        return this.configurationService.getConfiguration().isAccessKeysEnabled();
    }

    private boolean isAccessKeyUser(ApplicationUser applicationUser) {
        return applicationUser != null && ((Boolean) applicationUser.accept(new AbstractApplicationUserVisitor<Boolean>() { // from class: com.atlassian.bitbucket.internal.key.ssh.DefaultSshAccessKeyService.5
            @Override // com.atlassian.bitbucket.user.AbstractApplicationUserVisitor, com.atlassian.bitbucket.user.ApplicationUserVisitor
            public Boolean visit(@Nonnull ServiceUser serviceUser) {
                return Boolean.valueOf(SshConstants.LABEL_ACCESS_KEY.equals(serviceUser.getLabel()));
            }

            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.bitbucket.user.AbstractApplicationUserVisitor
            public Boolean defaultValue(@Nonnull ApplicationUser applicationUser2) {
                return false;
            }
        })).booleanValue();
    }

    private Predicate<Optional<SshAccessKey>> labelFilter(String str) {
        String trimToNull = StringUtils.trimToNull(str);
        return trimToNull == null ? (v0) -> {
            return v0.isPresent();
        } : optional -> {
            return ((Boolean) optional.map(sshAccessKey -> {
                return Boolean.valueOf(StringUtils.startsWith(sshAccessKey.getKey().getLabel(), trimToNull));
            }).orElse(false)).booleanValue();
        };
    }

    private PageRequest limit(PageRequest pageRequest) {
        return pageRequest == null ? new PageRequestImpl(0, 50) : pageRequest.buildRestrictedPageRequest(50);
    }

    private Predicate<Optional<SshAccessKey>> permissionFilter(@Nonnull Permission permission) {
        return optional -> {
            return ((Boolean) optional.map(sshAccessKey -> {
                return Boolean.valueOf(permission.getInheritingPermissions().contains(sshAccessKey.getPermission()));
            }).orElse(false)).booleanValue();
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void publish(SshAccessKeyEvent sshAccessKeyEvent) {
        this.eventPublisher.publish(sshAccessKeyEvent);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SshKey getAndValidateServiceUserKey(int i) {
        SshKey byId = this.keyService.getById(i);
        if (byId == null || !isAccessKeyUser(byId.getUser())) {
            throw new NoSuchSshKeyException(this.i18nService.createKeyedMessage("bitbucket.service.ssh.nosuchkey", Integer.valueOf(i)));
        }
        return byId;
    }

    private SshKey getServiceUserKey(int i) {
        SshKey byId = this.keyService.getById(i);
        if (byId == null || isAccessKeyUser(byId.getUser())) {
            return byId;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SshKey getOrCreateServiceUserKey(String str, String str2) {
        SshKey byPublicKey = this.keyService.getByPublicKey(KeyUtils.getPublicKey(str));
        if (byPublicKey != null) {
            ApplicationUser user = byPublicKey.getUser();
            if (user == null) {
                this.keyService.remove(byPublicKey.getId().intValue());
                byPublicKey = null;
            } else if (!isAccessKeyUser(user)) {
                throw new DuplicateSshKeyException(this.i18nService.createKeyedMessage("bitbucket.service.ssh.key.duplicate", user.getName()));
            }
        }
        if (byPublicKey == null) {
            byPublicKey = this.keyService.addForUser(this.userAdminService.createServiceUser(new ServiceUserCreateRequest.Builder().active(true).displayName(SshAccessKeyUtils.generateServiceUserDisplayName(str, str2)).label(SshConstants.LABEL_ACCESS_KEY).build()), str, str2);
        }
        return byPublicKey;
    }

    private boolean isAdminOfResource(SshAccessKey sshAccessKey) {
        Object resource = sshAccessKey.getResource();
        if (resource instanceof Project) {
            return this.permissionService.hasProjectPermission((Project) resource, Permission.PROJECT_ADMIN);
        }
        if (resource instanceof Repository) {
            return this.permissionService.hasRepositoryPermission((Repository) resource, Permission.REPO_ADMIN);
        }
        throw new IllegalArgumentException("Unexpected access key resource type: " + resource.getClass().getName());
    }

    private Predicate<PermittedUser> serviceUserWithSshKeyPredicate(Map<Integer, SshKey> map) {
        return permittedUser -> {
            ApplicationUser user = permittedUser.getUser();
            return (user.getType() == UserType.NORMAL || ((SshKey) map.computeIfAbsent(Integer.valueOf(user.getId()), num -> {
                return (SshKey) Iterables.getOnlyElement(this.keyService.findAllForUser(permittedUser.getUser(), DefaultSshKeyService.PAGE_REQUEST_OF_1).getValues(), null);
            })) == null) ? false : true;
        };
    }

    private void validateIsAdminOfProjects(Collection<Project> collection) {
        Iterator<Project> it = collection.iterator();
        while (it.hasNext()) {
            this.permissionValidationService.validateForProject(it.next(), Permission.PROJECT_ADMIN);
        }
    }

    private void validateIsAdminOfRepos(Collection<Repository> collection) {
        Iterator<Repository> it = collection.iterator();
        while (it.hasNext()) {
            this.permissionValidationService.validateForRepository(it.next(), Permission.REPO_ADMIN);
        }
    }

    private Page<SshAccessKey> filterForVisibility(PageProvider<SshAccessKey> pageProvider, PageRequest pageRequest) {
        return PageUtils.filterPages(pageProvider, this::isAdminOfResource, limit(pageRequest));
    }

    private Page<SshAccessKey> findPermittedProjects(SshKey sshKey, ApplicationUser applicationUser, PageRequest pageRequest) {
        return this.permissionAdminService.searchProjects(new ProjectPermissionSearchRequest.Builder().user(applicationUser).build(), pageRequest).transform(projectPermission -> {
            return new SimpleSshAccessKey(sshKey, projectPermission.getProject(), projectPermission.getPermission());
        });
    }

    private Page<SshAccessKey> findPermittedRepositories(SshKey sshKey, ApplicationUser applicationUser, PageRequest pageRequest) {
        return this.permissionAdminService.searchRepositories(new RepositoryPermissionSearchRequest.Builder().user(applicationUser).build(), pageRequest).transform(repositoryPermission -> {
            return new SimpleSshAccessKey(sshKey, repositoryPermission.getRepository(), repositoryPermission.getPermission());
        });
    }
}
