package com.atlassian.stash.internal.license;

import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.crowd.event.directory.DirectoryUpdatedEvent;
import com.atlassian.crowd.event.group.GroupMembershipCreatedEvent;
import com.atlassian.crowd.event.group.GroupMembershipDeletedEvent;
import com.atlassian.crowd.event.user.UserDeletedEvent;
import com.atlassian.event.api.EventListener;
import com.atlassian.extras.api.LicenseManager;
import com.atlassian.extras.api.Product;
import com.atlassian.extras.api.stash.StashLicense;
import com.atlassian.extras.decoder.api.LicenseDecoder;
import com.atlassian.plugin.spring.AvailableToPlugins;
import com.atlassian.stash.event.permission.PermissionGrantedEvent;
import com.atlassian.stash.event.permission.PermissionRevokedEvent;
import com.atlassian.stash.exception.InvalidLicenseException;
import com.atlassian.stash.exception.LicenseLimitException;
import com.atlassian.stash.i18n.I18nService;
import com.atlassian.stash.i18n.KeyedMessage;
import com.atlassian.stash.internal.AbstractService;
import com.atlassian.stash.internal.ApplicationConstants;
import com.atlassian.stash.internal.annotation.Unsecured;
import com.atlassian.stash.internal.server.InternalApplicationPropertiesService;
import com.atlassian.stash.internal.user.PermissionServiceImpl;
import com.atlassian.stash.license.LicenseService;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.PermissionService;
import com.atlassian.stash.user.StashUser;
import com.atlassian.stash.user.UserService;
import com.atlassian.stash.util.DateFormatter;
import com.atlassian.stash.util.Page;
import com.atlassian.stash.util.PageRequest;
import com.atlassian.stash.util.PageRequestImpl;
import java.security.Principal;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import javax.annotation.PostConstruct;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.CacheManager;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@AvailableToPlugins(LicenseService.class)
@Service("licenseService")
/* loaded from: input_file:com/atlassian/stash/internal/license/LicenseServiceImpl.class */
public class LicenseServiceImpl extends AbstractService implements LicenseService {
    public static final String LICENSE_CACHE = "com.atlassian.extras.api.stash.StashLicense";
    public static final String VALID_KEY = "'valid'";
    public static final String STATUS_KEY = "'status'";
    public static final String LIMIT_KEY = "'limit'";
    public static final String USER_COUNT_CACHE_KEY = "'userCount'";
    public static final String IS_LICENSED_KEY = "'isLicensed:'";
    private static final Logger LOG = LoggerFactory.getLogger(LicenseServiceImpl.class);
    private final CacheManager cacheManager;
    private final CrowdService crowdService;
    private final DateFormatter dateFormatter;
    private final I18nService i18nService;
    private volatile StashLicense license;
    private final LicenseDecoder licenseDecoder;
    private final LicenseManager licenseManager;
    private final PermissionService permissionService;
    private final InternalApplicationPropertiesService propertiesService;
    private final UserService userService;

    @Autowired
    public LicenseServiceImpl(LicenseManager licenseManager, LicenseDecoder licenseDecoder, PermissionService permissionService, InternalApplicationPropertiesService internalApplicationPropertiesService, I18nService i18nService, DateFormatter dateFormatter, CacheManager cacheManager, CrowdService crowdService, UserService userService) {
        this.i18nService = i18nService;
        this.licenseDecoder = licenseDecoder;
        this.licenseManager = licenseManager;
        this.permissionService = permissionService;
        this.propertiesService = internalApplicationPropertiesService;
        this.dateFormatter = dateFormatter;
        this.cacheManager = cacheManager;
        this.crowdService = crowdService;
        this.userService = userService;
    }

    @Unsecured("everyone needs access to this method")
    public boolean hasLicense() {
        return this.license != null;
    }

    @Unsecured("everyone needs access to this method")
    public StashLicense getLicense() {
        return this.license;
    }

    @Unsecured("Access to the encrypted license is required by UPM")
    public String getLicenseString() {
        return this.propertiesService.getLicense();
    }

    @Unsecured("everyone needs access to this method")
    @Cacheable(key = USER_COUNT_CACHE_KEY, value = {LICENSE_CACHE})
    public int getLicensedUsersCount() {
        return this.permissionService.getCountOfUsersWithPermission(Permission.LICENSED_USER);
    }

    @PostConstruct
    public void initialise() {
        String licenseString = getLicenseString();
        if (licenseString == null) {
            LOG.warn("No license has been configured.");
            return;
        }
        try {
            this.license = decodeLicense(licenseString);
        } catch (Exception e) {
            LOG.warn("Failed to decode the configured license.", e);
        }
    }

    @Unsecured("everyone needs access to this method")
    @Cacheable(key = "'isLicensed:'+#user.name", value = {LICENSE_CACHE})
    public boolean isUserLicensed(StashUser stashUser) {
        return this.permissionService.hasGlobalPermission(stashUser, Permission.LICENSED_USER);
    }

    @Unsecured("everyone needs access to this method")
    public boolean canLogin(Principal principal) {
        if (!(principal instanceof StashUser)) {
            return false;
        }
        StashUser stashUser = (StashUser) principal;
        return stashUser.isActive() && isUserLicensed(stashUser);
    }

    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public void validateCanLicenseUser(StashUser stashUser, Permission permission) throws LicenseLimitException {
        StashLicense license;
        int maximumNumberOfUsers;
        if (Permission.LICENSED_USER.getInheritingPermissions().contains(permission) && (license = getLicense()) != null && !license.isUnlimitedNumberOfUsers() && !isUserLicensed(stashUser) && getLicensedUsersCount() >= (maximumNumberOfUsers = license.getMaximumNumberOfUsers())) {
            throw new LicenseLimitException(this.i18nService.getKeyedText("stash.service.license.userlimit", "You cannot grant this permission to user {0} as it would exceed your license limit of {1}.", new Object[]{stashUser.getDisplayName(), Integer.valueOf(maximumNumberOfUsers)}));
        }
    }

    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public void validateCanLicenseGroup(String str, Permission permission) throws LicenseLimitException {
        StashLicense license;
        if (!Permission.LICENSED_USER.getInheritingPermissions().contains(permission) || (license = getLicense()) == null || license.isUnlimitedNumberOfUsers() || this.permissionService.hasGlobalGroupPermission(Permission.LICENSED_USER, str)) {
            return;
        }
        int maximumNumberOfUsers = license.getMaximumNumberOfUsers();
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.permissionService.getUsersWithPermission(Permission.LICENSED_USER));
        PageRequest pageRequestImpl = new PageRequestImpl(0, PermissionServiceImpl.GROUP_PAGESIZE);
        do {
            Page usersInGroup = this.userService.getUsersInGroup(str, pageRequestImpl);
            Iterator it = usersInGroup.getValues().iterator();
            while (it.hasNext()) {
                hashSet.add((String) it.next());
                if (hashSet.size() > maximumNumberOfUsers) {
                    throw new LicenseLimitException(this.i18nService.getKeyedText("stash.service.license.grouplimit", "You cannot grant this permission to group {0} as it would exceed your license limit of {1}.", new Object[]{str, Integer.valueOf(maximumNumberOfUsers)}));
                }
            }
            pageRequestImpl = usersInGroup.getNextPageRequest();
        } while (pageRequestImpl != null);
    }

    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public void validateCanAddUserToGroup(String str, String str2) {
        StashUser user;
        if (this.permissionService.hasGlobalGroupPermission(Permission.LICENSED_USER, str2) && (user = this.userService.getUser(str)) != null) {
            validateCanLicenseUser(user, Permission.LICENSED_USER);
        }
    }

    @EventListener
    public void onGroupMembershipCreatedEvent(GroupMembershipCreatedEvent groupMembershipCreatedEvent) {
        clearCacheIfLicensedGroup(groupMembershipCreatedEvent.getGroupName());
    }

    @EventListener
    public void onPermissionGrantedEvent(PermissionGrantedEvent permissionGrantedEvent) {
        if (Permission.LICENSED_USER.getInheritingPermissions().contains(permissionGrantedEvent.getPermission())) {
            clearCache();
        }
    }

    @EventListener
    public void onPermissionRevokedEvent(PermissionRevokedEvent permissionRevokedEvent) {
        if (Permission.LICENSED_USER.getInheritingPermissions().contains(permissionRevokedEvent.getPermission())) {
            clearCache();
        }
    }

    @EventListener
    public void onDirectoryUpdated(DirectoryUpdatedEvent directoryUpdatedEvent) {
        clearCache();
    }

    private void clearCacheIfLicensedGroup(String str) {
        if (this.permissionService.hasGlobalGroupPermission(Permission.LICENSED_USER, str)) {
            clearCache();
            return;
        }
        Page grantedGroups = this.permissionService.getGrantedGroups(Permission.LICENSED_USER, new PageRequestImpl(0, 10));
        if (!grantedGroups.getIsLastPage()) {
            clearCache();
            return;
        }
        Iterator it = grantedGroups.getValues().iterator();
        while (it.hasNext()) {
            if (this.crowdService.isGroupMemberOfGroup(str, (String) it.next())) {
                clearCache();
                return;
            }
        }
    }

    @EventListener
    public void onGroupMembershipDeletedEvent(GroupMembershipDeletedEvent groupMembershipDeletedEvent) {
        clearCacheIfLicensedGroup(groupMembershipDeletedEvent.getGroupName());
    }

    @EventListener
    public void onUserDeletedEvent(UserDeletedEvent userDeletedEvent) {
        clearCache();
    }

    protected void clearCache() {
        this.cacheManager.getCache(LICENSE_CACHE).clear();
    }

    @Unsecured("everyone needs access to this method")
    @Cacheable(key = VALID_KEY, value = {LICENSE_CACHE})
    public KeyedMessage getLicenseValidityMessage() {
        return getLicenseValidityMessage(getLicense());
    }

    private String getDateString(Date date) {
        return this.dateFormatter.formatDate(date, DateFormatter.FormatType.FULL);
    }

    private KeyedMessage getLicenseValidityMessage(StashLicense stashLicense) {
        if (stashLicense == null) {
            return this.i18nService.getKeyedText("stash.license.no.license", "No license has been configured.", new Object[0]);
        }
        if (stashLicense.isExpired()) {
            return stashLicense.isEvaluation() ? this.i18nService.getKeyedText("stash.license.evaluation.expired", "Your evaluation license is expired.", new Object[0]) : this.i18nService.getKeyedText("stash.license.expired", "Your license has expired.", new Object[0]);
        }
        if (stashLicense.getMaintenanceExpiryDate() == null || this.propertiesService.getBuildTimestamp() == null || !this.propertiesService.getBuildTimestamp().after(stashLicense.getMaintenanceExpiryDate())) {
            return null;
        }
        return this.i18nService.getKeyedText("stash.license.unsupported.upgrade", "Your license is not valid for this version of {0}.", new Object[]{ApplicationConstants.PRODUCT_NAME});
    }

    @Unsecured("everyone needs access to this method")
    @Cacheable(key = LIMIT_KEY, value = {LICENSE_CACHE})
    public KeyedMessage getLicenseOverLimitMessage() {
        if (this.license == null || this.license.isUnlimitedNumberOfUsers()) {
            return null;
        }
        if (getLicensedUsersCount() > this.license.getMaximumNumberOfUsers()) {
            return this.i18nService.getKeyedText("stash.license.over.limit", "You have more users than your license allows.", new Object[0]);
        }
        return null;
    }

    @Unsecured("everyone needs access to this method")
    @Cacheable(key = STATUS_KEY, value = {LICENSE_CACHE})
    public KeyedMessage getLicenseStatus() {
        KeyedMessage licenseValidityMessage = getLicenseValidityMessage();
        if (licenseValidityMessage == null) {
            licenseValidityMessage = getLicenseOverLimitMessage();
        }
        return licenseValidityMessage;
    }

    @Transactional
    @CacheEvict(allEntries = true, value = {LICENSE_CACHE})
    @PreAuthorize("hasGlobalPermission('SYS_ADMIN')")
    public void updateLicense(String str) {
        if (StringUtils.isEmpty(str)) {
            throw new InvalidLicenseException(this.i18nService.getKeyedText("stash.license.empty", "You must provide a license string.", new Object[0]));
        }
        StashLicense decodeLicense = decodeLicense(str);
        KeyedMessage licenseValidityMessage = getLicenseValidityMessage(decodeLicense);
        if (licenseValidityMessage != null) {
            throw new InvalidLicenseException(licenseValidityMessage);
        }
        this.propertiesService.setLicense(str);
        this.license = decodeLicense;
    }

    private StashLicense decodeLicense(String str) throws InvalidLicenseException {
        if (!this.licenseDecoder.canDecode(str)) {
            throw new InvalidLicenseException(this.i18nService.getKeyedText("stash.license.invalid", "The provided license is not valid and cannot be used.", new Object[0]));
        }
        StashLicense productLicense = this.licenseManager.getLicense(str).getProductLicense(Product.STASH);
        if (productLicense == null) {
            throw new InvalidLicenseException(this.i18nService.getKeyedText("stash.license.not.included", "The provided license does not include an active {0} license and cannot be used.", new Object[]{ApplicationConstants.PRODUCT_NAME}));
        }
        return productLicense;
    }
}
