package com.atlassian.bitbucket.internal.accesstokens;

import com.atlassian.bitbucket.NoSuchEntityException;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.internal.accesstokens.SimpleAccessToken;
import com.atlassian.bitbucket.internal.accesstokens.SimpleHashedAccessToken;
import com.atlassian.bitbucket.internal.accesstokens.SimpleRawAccessToken;
import com.atlassian.bitbucket.internal.accesstokens.dao.AccessTokenDao;
import com.atlassian.bitbucket.internal.accesstokens.dao.AoAccessToken;
import com.atlassian.bitbucket.internal.accesstokens.exception.CreateTokenFailedException;
import com.atlassian.bitbucket.internal.accesstokens.exception.TokenLimitExceededException;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.UserService;
import com.atlassian.bitbucket.util.Page;
import com.atlassian.bitbucket.util.PageRequest;
import com.atlassian.bitbucket.validation.ArgumentValidationException;
import com.atlassian.sal.api.transaction.TransactionTemplate;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.util.Date;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("internalAccessTokenService")
/* loaded from: input_file:com/atlassian/bitbucket/internal/accesstokens/DefaultInternalAccessTokenService.class */
public class DefaultInternalAccessTokenService implements InternalAccessTokenService {
    private static final int MAX_CREATE_RETRIES = 10;
    private static final Set<Permission> allowablePermission = ImmutableSet.of(Permission.PROJECT_ADMIN, Permission.PROJECT_WRITE, Permission.PROJECT_READ, Permission.REPO_ADMIN, Permission.REPO_WRITE, Permission.REPO_READ, new Permission[0]);
    private final AccessTokenDao accessTokenDao;
    private final AccessTokenGenerator accessTokenGenerator;
    private final AccessTokenSettingsService accessTokensSettingsService;
    private final DateProvider dateProvider;
    private final I18nService i18nService;
    private final TransactionTemplate transactionTemplate;
    private final UserService userService;

    @Autowired
    DefaultInternalAccessTokenService(AccessTokenDao accessTokenDao, AccessTokenGenerator accessTokenGenerator, AccessTokenSettingsService accessTokenSettingsService, DateProvider dateProvider, I18nService i18nService, TransactionTemplate transactionTemplate, UserService userService) {
        this.accessTokenDao = accessTokenDao;
        this.accessTokenGenerator = accessTokenGenerator;
        this.accessTokensSettingsService = accessTokenSettingsService;
        this.dateProvider = dateProvider;
        this.i18nService = i18nService;
        this.transactionTemplate = transactionTemplate;
        this.userService = userService;
    }

    @Override // com.atlassian.bitbucket.internal.accesstokens.InternalAccessTokenService
    @Nonnull
    public RawAccessToken create(@Nonnull AccessTokenCreateRequest<ApplicationUser> accessTokenCreateRequest) {
        Objects.requireNonNull(accessTokenCreateRequest, "request");
        validateAllowablePermissions(accessTokenCreateRequest.getPermissions());
        ApplicationUser entity = accessTokenCreateRequest.getEntity();
        Integer maxExpiryDays = getMaxExpiryDays();
        Date date = this.dateProvider.getDate();
        if (maxExpiryDays == null || (accessTokenCreateRequest.getExpiryDays().isPresent() && accessTokenCreateRequest.getExpiryDays().get().intValue() <= maxExpiryDays.intValue())) {
            return (RawAccessToken) this.transactionTemplate.execute(() -> {
                int maxTokensPerUser = this.accessTokensSettingsService.getMaxTokensPerUser();
                if (this.accessTokenDao.countForUser(entity) >= maxTokensPerUser) {
                    throw new TokenLimitExceededException(this.i18nService.createKeyedMessage("bitbucket.access.tokens.error.too.many", new Object[]{Integer.valueOf(maxTokensPerUser)}));
                }
                int i = 0;
                while (i < MAX_CREATE_RETRIES) {
                    i++;
                    String generateToken = this.accessTokenGenerator.generateToken();
                    String id = this.accessTokenGenerator.getId(generateToken);
                    if (!this.accessTokenDao.getById(id).isPresent()) {
                        AoAccessToken create = this.accessTokenDao.create(new SimpleHashedAccessToken.Builder(id, this.accessTokenGenerator.hashToken(generateToken)).createdDate(date).name(accessTokenCreateRequest.getName()).permissions(accessTokenCreateRequest.getPermissions()).user(entity).build(), accessTokenCreateRequest.getExpiryDays().orElse(null));
                        return new SimpleRawAccessToken.Builder(create, entity, getEffectiveExpiryDays(create), "BBDC-" + generateToken).build();
                    }
                }
                throw new CreateTokenFailedException(this.i18nService.createKeyedMessage("bitbucket.access.tokens.error.create", new Object[0]));
            });
        }
        throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.access.tokens.error.create.expiry.toolarge", new Object[]{maxExpiryDays}));
    }

    @Override // com.atlassian.bitbucket.internal.accesstokens.InternalAccessTokenService
    public void delete(@Nonnull AccessToken accessToken) {
        Objects.requireNonNull(accessToken, "accessToken");
        this.transactionTemplate.execute(() -> {
            this.accessTokenDao.delete(this.accessTokenDao.getById(accessToken.getId()).orElseThrow(() -> {
                return new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.access.tokens.error.notfound", new Object[0]));
            }));
            return null;
        });
    }

    @Override // com.atlassian.bitbucket.internal.accesstokens.InternalAccessTokenService
    @Nonnull
    public Optional<AccessToken> getById(@Nonnull String str) {
        Objects.requireNonNull(str, "tokenId");
        return (Optional) this.transactionTemplate.execute(() -> {
            return this.accessTokenDao.getById(str).flatMap(aoAccessToken -> {
                ApplicationUser userById = this.userService.getUserById(aoAccessToken.getUserId());
                return userById == null ? Optional.empty() : Optional.of(new SimpleAccessToken.Builder(aoAccessToken, userById, getEffectiveExpiryDays(aoAccessToken)).build());
            });
        });
    }

    @Override // com.atlassian.bitbucket.internal.accesstokens.InternalAccessTokenService
    @Nonnull
    public Page<AccessToken> search(@Nonnull AccessTokenSearchRequest<ApplicationUser> accessTokenSearchRequest, @Nonnull PageRequest pageRequest) {
        Objects.requireNonNull(accessTokenSearchRequest, "request");
        Objects.requireNonNull(pageRequest, "pageRequest");
        ApplicationUser entity = accessTokenSearchRequest.getEntity();
        return (Page) this.transactionTemplate.execute(() -> {
            return this.accessTokenDao.searchByUser(entity, pageRequest).transform(aoAccessToken -> {
                return new SimpleAccessToken.Builder(aoAccessToken, entity, getEffectiveExpiryDays(aoAccessToken)).build();
            });
        });
    }

    @Override // com.atlassian.bitbucket.internal.accesstokens.InternalAccessTokenService
    @Nonnull
    public AccessToken update(@Nonnull AccessToken accessToken, @Nullable String str, @Nonnull Set<Permission> set) {
        Objects.requireNonNull(accessToken, "token");
        Objects.requireNonNull(set, "permissions");
        validateAllowablePermissions(set);
        return (AccessToken) this.transactionTemplate.execute(() -> {
            AoAccessToken orElseThrow = this.accessTokenDao.getById(accessToken.getId()).orElseThrow(() -> {
                return new NoSuchEntityException(this.i18nService.createKeyedMessage("bitbucket.access.tokens.error.notfound", new Object[]{accessToken.getId()}));
            });
            return new SimpleAccessToken.Builder(this.accessTokenDao.update(orElseThrow, str, set), accessToken.getUser(), getEffectiveExpiryDays(orElseThrow)).build();
        });
    }

    protected Integer getEffectiveExpiryDays(AoAccessToken aoAccessToken) {
        return AccessTokenExpiryHelper.getEffectiveExpiryDays(aoAccessToken.getExpiryDays(), getMaxExpiryDays());
    }

    protected Integer getMaxExpiryDays() {
        return this.accessTokensSettingsService.getMaxExpiry().orElse(null);
    }

    protected void validateAllowablePermissions(@Nonnull Set<Permission> set) {
        Sets.SetView difference = Sets.difference(set, allowablePermission);
        if (!difference.isEmpty()) {
            throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.access.tokens.error.bad.permissions", new Object[]{Integer.valueOf(difference.size()), StringUtils.join(difference, ", ")}));
        }
    }
}
