package com.atlassian.bitbucket.internal.secretscanning;

import com.atlassian.bitbucket.AuthorisationException;
import com.atlassian.bitbucket.dmz.features.RequireFeature;
import com.atlassian.bitbucket.dmz.secretscanning.DmzSecretScanningExemptRepository;
import com.atlassian.bitbucket.dmz.secretscanning.DmzSecretScanningExemptRepositoryService;
import com.atlassian.bitbucket.dmz.secretscanning.RepositoryExemptAlreadyExistsException;
import com.atlassian.bitbucket.dmz.secretscanning.SecretScanningExemptRepositoryOrder;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.internal.secretscanning.dao.SecretScanningExemptRepositoryDao;
import com.atlassian.bitbucket.internal.secretscanning.event.SecretScanningExemptRepoAddedEvent;
import com.atlassian.bitbucket.internal.secretscanning.event.SecretScanningExemptRepoDeletedEvent;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.permission.PermissionValidationService;
import com.atlassian.bitbucket.project.ProjectType;
import com.atlassian.bitbucket.repository.Repository;
import com.atlassian.bitbucket.scope.GlobalScope;
import com.atlassian.bitbucket.scope.ProjectScope;
import com.atlassian.bitbucket.scope.RepositoryScope;
import com.atlassian.bitbucket.scope.Scope;
import com.atlassian.bitbucket.scope.ScopeVisitor;
import com.atlassian.bitbucket.server.StandardFeature;
import com.atlassian.bitbucket.util.MoreCollectors;
import com.atlassian.bitbucket.util.Page;
import com.atlassian.bitbucket.util.PageRequest;
import com.atlassian.bitbucket.util.PageUtils;
import com.atlassian.bitbucket.validation.ArgumentValidationException;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.stash.internal.secretscanning.InternalSecretScanningExemptRepository;
import com.atlassian.stash.internal.server.InternalApplicationPropertiesService;
import com.google.common.collect.ImmutableList;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.transaction.annotation.Transactional;

@Transactional(readOnly = true)
@RequireFeature(StandardFeature.SECRET_SCANNING)
/* loaded from: input_file:com/atlassian/bitbucket/internal/secretscanning/DefaultSecretScanningExemptRepositoryService.class */
public class DefaultSecretScanningExemptRepositoryService implements DmzSecretScanningExemptRepositoryService {
    private final EventPublisher eventPublisher;
    private final SecretScanningExemptRepositoryDao exemptRepositoryDao;
    private final I18nService i18nService;
    private final PermissionValidationService permissionValidationService;
    private final InternalApplicationPropertiesService propertiesService;

    public DefaultSecretScanningExemptRepositoryService(EventPublisher eventPublisher, SecretScanningExemptRepositoryDao secretScanningExemptRepositoryDao, I18nService i18nService, PermissionValidationService permissionValidationService, InternalApplicationPropertiesService internalApplicationPropertiesService) {
        this.eventPublisher = eventPublisher;
        this.exemptRepositoryDao = secretScanningExemptRepositoryDao;
        this.i18nService = i18nService;
        this.permissionValidationService = permissionValidationService;
        this.propertiesService = internalApplicationPropertiesService;
    }

    @Transactional
    public void add(Repository repository, Scope scope) {
        Objects.requireNonNull(repository, "repository");
        add((List<Repository>) ImmutableList.of(repository), scope);
    }

    @Transactional
    public void add(List<Repository> list, Scope scope) {
        Objects.requireNonNull(list, "repositories");
        validateAdminPermission(scope, false);
        validateExistingExemptions(list);
        list.forEach(repository -> {
            validateRepoInScope(repository, scope);
            this.exemptRepositoryDao.create(new InternalSecretScanningExemptRepository.Builder(repository).scope(scope).build());
            this.eventPublisher.publish(new SecretScanningExemptRepoAddedEvent(this, repository));
        });
    }

    @Transactional
    public void delete(Repository repository) {
        Objects.requireNonNull(repository, "repository");
        InternalSecretScanningExemptRepository internalSecretScanningExemptRepository = (InternalSecretScanningExemptRepository) this.exemptRepositoryDao.getById(Integer.valueOf(repository.getId()));
        if (internalSecretScanningExemptRepository == null) {
            return;
        }
        validateAdminPermission(internalSecretScanningExemptRepository.getScope(), false);
        this.exemptRepositoryDao.deleteById(Integer.valueOf(repository.getId()));
        this.eventPublisher.publish(new SecretScanningExemptRepoDeletedEvent(this, repository));
    }

    public Page<DmzSecretScanningExemptRepository> findByScope(Scope scope, SecretScanningExemptRepositoryOrder secretScanningExemptRepositoryOrder, PageRequest pageRequest) {
        Objects.requireNonNull(scope, "scope");
        Objects.requireNonNull(pageRequest, "pageRequest");
        Objects.requireNonNull(secretScanningExemptRepositoryOrder, "order");
        validateAdminPermission(scope, true);
        return PageUtils.asPageOf(DmzSecretScanningExemptRepository.class, this.exemptRepositoryDao.findByScope(scope, secretScanningExemptRepositoryOrder, pageRequest));
    }

    public boolean isExempt(Repository repository) {
        Objects.requireNonNull(repository, "repository");
        this.permissionValidationService.validateForRepository(repository, Permission.REPO_READ);
        return (repository.getProject().getType() == ProjectType.PERSONAL && isPersonalReposExempt()) || this.exemptRepositoryDao.getById(Integer.valueOf(repository.getId())) != null;
    }

    public boolean isPersonalReposExempt() {
        return !this.propertiesService.isSecretScanningEnabledForPrivateRepositories();
    }

    @Transactional
    public void setExemptPersonalRepositories(boolean z) {
        this.permissionValidationService.validateForGlobal(Permission.ADMIN);
        this.propertiesService.setSecretScanningEnabledForPrivateRepositories(!z);
    }

    private void validateAdminPermission(Scope scope, final boolean z) {
        scope.accept(new ScopeVisitor<Void>() { // from class: com.atlassian.bitbucket.internal.secretscanning.DefaultSecretScanningExemptRepositoryService.1
            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m2visit(GlobalScope globalScope) {
                DefaultSecretScanningExemptRepositoryService.this.permissionValidationService.validateForGlobal(Permission.ADMIN);
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m1visit(ProjectScope projectScope) {
                DefaultSecretScanningExemptRepositoryService.this.permissionValidationService.validateForProject(projectScope.getProject(), Permission.PROJECT_ADMIN);
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m0visit(RepositoryScope repositoryScope) {
                if (!z) {
                    throw new ArgumentValidationException(DefaultSecretScanningExemptRepositoryService.this.i18nService.createKeyedMessage("bitbucket.secretscanning.error.exemptrepo.reposcopenotallowed", new Object[0]));
                }
                DefaultSecretScanningExemptRepositoryService.this.permissionValidationService.validateForRepository(repositoryScope.getRepository(), Permission.REPO_ADMIN);
                return null;
            }
        });
    }

    private void validateExistingExemptions(List<Repository> list) {
        List<InternalSecretScanningExemptRepository> byRepositoryIds = this.exemptRepositoryDao.getByRepositoryIds((Set) list.stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet()));
        if (byRepositoryIds.isEmpty()) {
            return;
        }
        Set set = (Set) byRepositoryIds.stream().map((v0) -> {
            return v0.getRepositoryId();
        }).collect(MoreCollectors.toImmutableSet());
        if (byRepositoryIds.size() != 1) {
            throw new RepositoryExemptAlreadyExistsException(this.i18nService.createKeyedMessage("bitbucket.secretscanning.error.exemptrepo.alreadyexists.multiple", new Object[0]), set);
        }
        InternalSecretScanningExemptRepository internalSecretScanningExemptRepository = byRepositoryIds.stream().findFirst().get();
        Repository repository = internalSecretScanningExemptRepository.getRepository();
        throw new RepositoryExemptAlreadyExistsException(this.i18nService.createKeyedMessage("bitbucket.secretscanning.error.exemptrepo.alreadyexists.single", new Object[]{repository.getProject().getKey() + "/" + repository.getSlug(), internalSecretScanningExemptRepository.getScope().getType()}), set);
    }

    private void validateRepoInScope(final Repository repository, Scope scope) {
        scope.accept(new ScopeVisitor<Void>() { // from class: com.atlassian.bitbucket.internal.secretscanning.DefaultSecretScanningExemptRepositoryService.2
            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m3visit(ProjectScope projectScope) {
                if (repository.getProject().equals(projectScope.getProject())) {
                    return null;
                }
                throw new AuthorisationException(DefaultSecretScanningExemptRepositoryService.this.i18nService.createKeyedMessage("bitbucket.secretscanning.error.exemptrepo.reponotinproject", new Object[]{Integer.valueOf(repository.getId())}));
            }
        });
    }
}
