package com.atlassian.stash.internal.plugin.hooks.verifycommitsignature;

import com.atlassian.bitbucket.dmz.signature.verification.SignatureState;
import com.atlassian.bitbucket.dmz.signature.verification.SignatureVerificationRequest;
import com.atlassian.bitbucket.dmz.signature.verification.SignatureVerificationResult;
import com.atlassian.bitbucket.dmz.signature.verification.SignatureVerifier;
import com.atlassian.bitbucket.scm.signed.InteractiveSignedObjectIdSource;
import com.atlassian.bitbucket.scm.signed.SignableObjectType;
import com.atlassian.bitbucket.scm.signed.SignedObjectCallback;
import com.atlassian.bitbucket.scm.signed.SignedObjectIdSource;
import com.atlassian.bitbucket.scm.signed.SignedObjectsContext;
import com.atlassian.bitbucket.scm.signed.SignedObjectsSummary;
import com.atlassian.bitbucket.scm.signed.StandardSignableObjectType;
import com.atlassian.bitbucket.util.MoreStreams;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/atlassian/stash/internal/plugin/hooks/verifycommitsignature/VerifyingSignedObjectCallback.class */
public class VerifyingSignedObjectCallback implements SignedObjectCallback {
    protected static final long TIMEOUT = 5;
    private static final Logger log = LoggerFactory.getLogger(VerifyingSignedObjectCallback.class);
    private final List<SignatureVerifier> signatureVerifiers;
    private final InteractiveSignedObjectIdSource objectIdProvider = new InteractiveSignedObjectIdSource();
    private final Map<String, ObjectVerificationTask> tasks = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/stash/internal/plugin/hooks/verifycommitsignature/VerifyingSignedObjectCallback$ObjectVerificationTask.class */
    public class ObjectVerificationTask extends CompletableFuture<Optional<SignatureVerificationResult>> {
        private final String objectId;
        private final Date objectTimestamp;
        private final SignableObjectType objectType;

        private ObjectVerificationTask(SignableObjectType signableObjectType, String str, Date date) {
            this.objectId = str;
            this.objectTimestamp = date;
            this.objectType = signableObjectType;
        }

        void onMissing() {
            VerifyingSignedObjectCallback.log.warn("{} was missing; the signature will not be verified", this.objectId);
            complete(Optional.of(new SignatureVerificationResult.Builder(SignatureState.ERROR).build()));
        }

        void onSigned(@Nonnull SignableObjectType signableObjectType, @Nonnull String str, @Nonnull String str2) {
            if (Objects.requireNonNull(this.objectType, "expectedType") != StandardSignableObjectType.TAG || Objects.requireNonNull(signableObjectType, "objectType") == this.objectType) {
                complete(VerifyingSignedObjectCallback.this.signatureVerifiers.stream().flatMap(signatureVerifier -> {
                    return MoreStreams.streamOptional(signatureVerifier.verifySignature(new SignatureVerificationRequest.Builder(str, str2).objectTimestamp(this.objectTimestamp).build()));
                }).findFirst());
            } else {
                complete(Optional.of(new SignatureVerificationResult.Builder(SignatureState.SIGNATURE_NOT_FOUND).build()));
            }
        }

        void onUnsigned(SignableObjectType signableObjectType) {
            complete(Optional.of(new SignatureVerificationResult.Builder(SignatureState.SIGNATURE_NOT_FOUND).build()));
        }
    }

    public VerifyingSignedObjectCallback(List<SignatureVerifier> list) {
        this.signatureVerifiers = list;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void complete() {
        this.objectIdProvider.complete();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignedObjectIdSource getObjectIdSource() {
        return this.objectIdProvider;
    }

    public void onEnd(@Nonnull SignedObjectsSummary signedObjectsSummary) {
        if (this.tasks.isEmpty()) {
            return;
        }
        log.debug("Never got a response for the following requested objects: [{}]", StringUtils.join(this.tasks.keySet(), ", "));
    }

    public void onMissing(@Nonnull String str) {
        ObjectVerificationTask remove = this.tasks.remove(str);
        if (remove != null) {
            remove.onMissing();
        } else {
            log.warn("Ignoring unexpected signed object {}", str);
        }
    }

    public void onSigned(@Nonnull SignableObjectType signableObjectType, @Nonnull String str, @Nonnull String str2, @Nonnull String str3) {
        ObjectVerificationTask remove = this.tasks.remove(str);
        if (remove != null) {
            remove.onSigned(signableObjectType, str2, str3);
        } else {
            log.warn("Ignoring unexpected signed object {}", str);
        }
    }

    public void onStart(@Nonnull SignedObjectsContext signedObjectsContext) {
    }

    public void onUnsigned(@Nullable SignableObjectType signableObjectType, @Nonnull String str) {
        ObjectVerificationTask remove = this.tasks.remove(str);
        if (remove != null) {
            remove.onUnsigned(signableObjectType);
        } else {
            log.warn("Ignoring unexpected signed object {}", str);
        }
    }

    public Optional<SignatureVerificationResult> verify(SignableObjectType signableObjectType, String str, Date date) {
        ObjectVerificationTask objectVerificationTask = new ObjectVerificationTask(signableObjectType, str, date);
        this.tasks.put(str, objectVerificationTask);
        this.objectIdProvider.add(str);
        try {
            return objectVerificationTask.get(TIMEOUT, TimeUnit.SECONDS);
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            return Optional.of(new SignatureVerificationResult.Builder(SignatureState.ERROR).build());
        } catch (ExecutionException e2) {
            log.warn("Failed to retrieve signature details for {}", str, e2);
            return Optional.of(new SignatureVerificationResult.Builder(SignatureState.ERROR).build());
        } catch (TimeoutException e3) {
            log.warn("Timed out waiting for signature details for {}", str);
            return Optional.of(new SignatureVerificationResult.Builder(SignatureState.ERROR).build());
        }
    }
}
