package com.atlassian.bitbucket.internal.secretscanning.event;

import com.atlassian.audit.api.AuditService;
import com.atlassian.audit.entity.AuditAttribute;
import com.atlassian.audit.entity.AuditEvent;
import com.atlassian.audit.entity.AuditResource;
import com.atlassian.audit.entity.AuditType;
import com.atlassian.audit.entity.ChangedValue;
import com.atlassian.audit.entity.CoverageArea;
import com.atlassian.audit.entity.CoverageLevel;
import com.atlassian.bitbucket.dmz.secretscanning.DmzSecretScanningAllowlistRule;
import com.atlassian.bitbucket.dmz.secretscanning.DmzSecretScanningRule;
import com.atlassian.bitbucket.dmz.secretscanning.event.SecretScanningAllowlistRuleCreatedEvent;
import com.atlassian.bitbucket.dmz.secretscanning.event.SecretScanningAllowlistRuleDeletedEvent;
import com.atlassian.bitbucket.dmz.secretscanning.event.SecretScanningAllowlistRuleUpdatedEvent;
import com.atlassian.bitbucket.dmz.secretscanning.event.SecretScanningCommitLimitReachedEvent;
import com.atlassian.bitbucket.dmz.secretscanning.event.SecretScanningIncompleteEvent;
import com.atlassian.bitbucket.dmz.secretscanning.event.SecretScanningRuleCreatedEvent;
import com.atlassian.bitbucket.dmz.secretscanning.event.SecretScanningRuleDeletedEvent;
import com.atlassian.bitbucket.dmz.secretscanning.event.SecretScanningRuleUpdatedEvent;
import com.atlassian.bitbucket.dmz.secretscanning.event.SecretsDetectedEvent;
import com.atlassian.bitbucket.repository.Repository;
import com.atlassian.bitbucket.scope.GlobalScope;
import com.atlassian.bitbucket.scope.ProjectScope;
import com.atlassian.bitbucket.scope.RepositoryScope;
import com.atlassian.bitbucket.scope.Scope;
import com.atlassian.bitbucket.scope.ScopeVisitor;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.util.AuditUtils;
import com.atlassian.event.api.EventListener;
import com.google.common.collect.ImmutableList;
import java.util.Collections;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/* loaded from: input_file:com/atlassian/bitbucket/internal/secretscanning/event/SecretScanningAuditingEventListener.class */
public class SecretScanningAuditingEventListener {
    static final String ACTION_EXEMPT_REPO_ADDED = "bitbucket.secretscanning.audit.action.exempt.repo.added";
    static final String ACTION_EXEMPT_REPO_DELETED = "bitbucket.secretscanning.audit.action.exempt.repo.deleted";
    static final String ACTION_GLOBAL_ALLOWLIST_ADDED = "bitbucket.secretscanning.audit.action.global.allowlist.added";
    static final String ACTION_GLOBAL_ALLOWLIST_DELETED = "bitbucket.secretscanning.audit.action.global.allowlist.deleted";
    static final String ACTION_GLOBAL_ALLOWLIST_UPDATED = "bitbucket.secretscanning.audit.action.global.allowlist.updated";
    static final String ACTION_GLOBAL_RULE_CREATED = "bitbucket.secretscanning.global.rule.audit.action.created";
    static final String ACTION_GLOBAL_RULE_DELETED = "bitbucket.secretscanning.global.rule.audit.action.deleted";
    static final String ACTION_GLOBAL_RULE_UPDATED = "bitbucket.secretscanning.global.rule.audit.action.updated";
    static final String ACTION_PROJECT_ALLOWLIST_ADDED = "bitbucket.secretscanning.audit.action.project.allowlist.added";
    static final String ACTION_PROJECT_ALLOWLIST_DELETED = "bitbucket.secretscanning.audit.action.project.allowlist.deleted";
    static final String ACTION_PROJECT_ALLOWLIST_UPDATED = "bitbucket.secretscanning.audit.action.project.allowlist.updated";
    static final String ACTION_PROJECT_RULE_CREATED = "bitbucket.secretscanning.project.rule.audit.action.created";
    static final String ACTION_PROJECT_RULE_DELETED = "bitbucket.secretscanning.project.rule.audit.action.deleted";
    static final String ACTION_PROJECT_RULE_UPDATED = "bitbucket.secretscanning.project.rule.audit.action.updated";
    static final String ACTION_REPOSITORY_ALLOWLIST_ADDED = "bitbucket.secretscanning.audit.action.repository.allowlist.added";
    static final String ACTION_REPOSITORY_ALLOWLIST_DELETED = "bitbucket.secretscanning.audit.action.repository.allowlist.deleted";
    static final String ACTION_REPOSITORY_ALLOWLIST_UPDATED = "bitbucket.secretscanning.audit.action.repository.allowlist.updated";
    static final String ACTION_REPOSITORY_RULE_CREATED = "bitbucket.secretscanning.repository.rule.audit.action.created";
    static final String ACTION_REPOSITORY_RULE_DELETED = "bitbucket.secretscanning.repository.rule.audit.action.deleted";
    static final String ACTION_REPOSITORY_RULE_UPDATED = "bitbucket.secretscanning.repository.rule.audit.action.updated";
    static final String ACTION_SECRET_DETECTED = "bitbucket.secretscanning.audit.action.secretdetected";
    static final String ACTION_SECRET_SCAN_COMMIT_LIMIT_REACHED = "bitbucket.secretscanning.audit.action.commitlimitreached";
    static final String ACTION_SECRET_SCAN_INCOMPLETE = "bitbucket.secretscanning.audit.action.scanincomplete";
    static final String ATTR_COMMAND_RESULT = "bitbucket.secretscanning.audit.attribute.scan.command.result";
    static final String ATTR_COMMIT_ID = "bitbucket.secretscanning.audit.attribute.commitid";
    static final String ATTR_INITIATING_USER = "bitbucket.secretscanning.audit.attribute.initiatinguser";
    static final String ATTR_LINE = "bitbucket.secretscanning.audit.attribute.line";
    static final String ATTR_PATH = "bitbucket.secretscanning.audit.attribute.path";
    static final String ATTR_RULE_ID = "bitbucket.secretscanning.audit.attribute.ruleid";
    static final String ATTR_RULE_LINE = "bitbucket.secretscanning.rule.audit.attribute.line";
    static final String ATTR_RULE_NAME = "bitbucket.secretscanning.rule.audit.attribute.name";
    static final String ATTR_RULE_PATH = "bitbucket.secretscanning.rule.audit.attribute.path";
    static final String ATTR_SCAN_FAILED = "bitbucket.secretscanning.audit.attribute.scan.failed";
    static final String ATTR_TRUNCATED = "bitbucket.secretscanning.audit.attribute.scan.truncated";
    private final AuditService auditService;

    public SecretScanningAuditingEventListener(AuditService auditService) {
        this.auditService = auditService;
    }

    @EventListener
    public void onSecretDetectedEvent(SecretsDetectedEvent secretsDetectedEvent) {
        secretsDetectedEvent.getSecretLocations().forEach(secretLocation -> {
            ImmutableList.Builder add = ImmutableList.builder().add(AuditAttribute.fromI18nKeys(ATTR_COMMIT_ID, secretLocation.getCommitId()).build()).add(AuditAttribute.fromI18nKeys(ATTR_PATH, secretLocation.getPath()).build()).add(AuditAttribute.fromI18nKeys(ATTR_LINE, String.valueOf(secretLocation.getLine())).build()).add(AuditAttribute.fromI18nKeys(ATTR_RULE_ID, secretLocation.getRuleName()).build());
            if (secretsDetectedEvent.getInitiatingUser() != null) {
                add.add(AuditAttribute.fromI18nKeys(ATTR_INITIATING_USER, secretsDetectedEvent.getInitiatingUser().getName()).build());
            }
            this.auditService.audit(getAuditEvent(ACTION_SECRET_DETECTED, getAffectedObjects(secretsDetectedEvent.getRepository(), secretsDetectedEvent.getInitiatingUser(), secretLocation.getCommitId()), add.build()));
        });
    }

    @EventListener
    public void onSecretScanNotCompletedEvent(SecretScanningIncompleteEvent secretScanningIncompleteEvent) {
        ImmutableList.Builder add = ImmutableList.builder().add(AuditAttribute.fromI18nKeys(ATTR_COMMIT_ID, secretScanningIncompleteEvent.getCommitId()).build()).add(AuditAttribute.fromI18nKeys(ATTR_SCAN_FAILED, String.valueOf(secretScanningIncompleteEvent.isFailed())).build()).add(AuditAttribute.fromI18nKeys(ATTR_TRUNCATED, String.valueOf(secretScanningIncompleteEvent.isTruncated())).build());
        if (secretScanningIncompleteEvent.getCommandResult() != null) {
            add.add(AuditAttribute.fromI18nKeys(ATTR_COMMAND_RESULT, secretScanningIncompleteEvent.getCommandResult().name()).build());
        }
        if (secretScanningIncompleteEvent.getInitiatingUser() != null) {
            add.add(AuditAttribute.fromI18nKeys(ATTR_INITIATING_USER, secretScanningIncompleteEvent.getInitiatingUser().getName()).build());
        }
        this.auditService.audit(getAuditEvent(ACTION_SECRET_SCAN_INCOMPLETE, getAffectedObjects(secretScanningIncompleteEvent.getRepository(), secretScanningIncompleteEvent.getInitiatingUser(), secretScanningIncompleteEvent.getCommitId()), add.build()));
    }

    @EventListener
    public void onSecretScanningAllowlistAddedEvent(SecretScanningAllowlistRuleCreatedEvent secretScanningAllowlistRuleCreatedEvent) {
        Scope scope = secretScanningAllowlistRuleCreatedEvent.getScope();
        this.auditService.audit(AuditEvent.builder(getAuditType(scope, ACTION_GLOBAL_ALLOWLIST_ADDED, ACTION_PROJECT_ALLOWLIST_ADDED, ACTION_REPOSITORY_ALLOWLIST_ADDED)).affectedObjects(getAffectedObjects(scope)).extraAttributes(getExtraAttributes(secretScanningAllowlistRuleCreatedEvent.getRule())).build());
    }

    @EventListener
    public void onSecretScanningAllowlistDeletedEvent(SecretScanningAllowlistRuleDeletedEvent secretScanningAllowlistRuleDeletedEvent) {
        this.auditService.audit(AuditEvent.builder(getAuditType(secretScanningAllowlistRuleDeletedEvent.getScope(), ACTION_GLOBAL_ALLOWLIST_DELETED, ACTION_PROJECT_ALLOWLIST_DELETED, ACTION_REPOSITORY_ALLOWLIST_DELETED)).affectedObjects(getAffectedObjects(secretScanningAllowlistRuleDeletedEvent.getScope())).extraAttributes(getExtraAttributes(secretScanningAllowlistRuleDeletedEvent.getDeletedRule())).build());
    }

    @EventListener
    public void onSecretScanningAllowlistUpdatedEvent(SecretScanningAllowlistRuleUpdatedEvent secretScanningAllowlistRuleUpdatedEvent) {
        DmzSecretScanningAllowlistRule newRule = secretScanningAllowlistRuleUpdatedEvent.getNewRule();
        DmzSecretScanningAllowlistRule previousRule = secretScanningAllowlistRuleUpdatedEvent.getPreviousRule();
        Scope scope = secretScanningAllowlistRuleUpdatedEvent.getScope();
        AuditEvent.Builder affectedObjects = AuditEvent.builder(getAuditType(scope, ACTION_GLOBAL_ALLOWLIST_UPDATED, ACTION_PROJECT_ALLOWLIST_UPDATED, ACTION_REPOSITORY_ALLOWLIST_UPDATED)).affectedObjects(getAffectedObjects(scope));
        if (previousRule.getName().equals(newRule.getName())) {
            affectedObjects.extraAttribute(AuditAttribute.fromI18nKeys(ATTR_RULE_NAME, newRule.getName()).build());
        } else {
            affectedObjects.addChangedValueIfDifferent(new ChangedValue.Builder(ATTR_RULE_NAME).from(previousRule.getName()).to(newRule.getName()).build());
        }
        if (previousRule.getLineRegex().equals(newRule.getLineRegex())) {
            newRule.getLineRegex().ifPresent(str -> {
                affectedObjects.extraAttribute(AuditAttribute.fromI18nKeys(ATTR_RULE_LINE, str).build());
            });
        } else {
            affectedObjects.addChangedValueIfDifferent(new ChangedValue.Builder(ATTR_RULE_LINE).from((String) previousRule.getLineRegex().orElse(null)).to((String) newRule.getLineRegex().orElse(null)).build());
        }
        if (previousRule.getPathRegex().equals(newRule.getPathRegex())) {
            newRule.getPathRegex().ifPresent(str2 -> {
                affectedObjects.extraAttribute(AuditAttribute.fromI18nKeys(ATTR_RULE_PATH, str2).build());
            });
        } else {
            affectedObjects.addChangedValueIfDifferent(new ChangedValue.Builder(ATTR_RULE_PATH).from((String) previousRule.getPathRegex().orElse(null)).to((String) newRule.getPathRegex().orElse(null)).build());
        }
        this.auditService.audit(affectedObjects.build());
    }

    @EventListener
    public void onSecretScanningCommitLimitReachedEvent(SecretScanningCommitLimitReachedEvent secretScanningCommitLimitReachedEvent) {
        ImmutableList.Builder builder = ImmutableList.builder();
        if (secretScanningCommitLimitReachedEvent.getInitiatingUser() != null) {
            builder.add(AuditAttribute.fromI18nKeys(ATTR_INITIATING_USER, secretScanningCommitLimitReachedEvent.getInitiatingUser().getName()).build());
        }
        this.auditService.audit(getAuditEvent(ACTION_SECRET_SCAN_COMMIT_LIMIT_REACHED, AuditUtils.auditResourcesForProjectAndRepository(secretScanningCommitLimitReachedEvent.getRepository()), builder.build()));
    }

    @EventListener
    public void onSecretScanningExemptRepoAddedEvent(SecretScanningExemptRepoAddedEvent secretScanningExemptRepoAddedEvent) {
        this.auditService.audit(AuditEvent.builder(AuditType.fromI18nKeys(CoverageArea.LOCAL_CONFIG_AND_ADMINISTRATION, CoverageLevel.BASE, "bitbucket.service.audit.category.projects", ACTION_EXEMPT_REPO_ADDED).build()).affectedObjects(AuditUtils.auditResourcesForProjectAndRepository(secretScanningExemptRepoAddedEvent.getRepository())).build());
    }

    @EventListener
    public void onSecretScanningExemptRepoDeletedEvent(SecretScanningExemptRepoDeletedEvent secretScanningExemptRepoDeletedEvent) {
        this.auditService.audit(AuditEvent.builder(AuditType.fromI18nKeys(CoverageArea.LOCAL_CONFIG_AND_ADMINISTRATION, CoverageLevel.BASE, "bitbucket.service.audit.category.projects", ACTION_EXEMPT_REPO_DELETED).build()).affectedObjects(AuditUtils.auditResourcesForProjectAndRepository(secretScanningExemptRepoDeletedEvent.getRepository())).build());
    }

    @EventListener
    public void onSecretScanningRuleCreated(SecretScanningRuleCreatedEvent secretScanningRuleCreatedEvent) {
        this.auditService.audit(AuditEvent.builder(getAuditType(secretScanningRuleCreatedEvent.getScope(), ACTION_GLOBAL_RULE_CREATED, ACTION_PROJECT_RULE_CREATED, ACTION_REPOSITORY_RULE_CREATED)).affectedObjects(getAffectedObjects(secretScanningRuleCreatedEvent.getScope())).extraAttributes(getExtraAttributes(secretScanningRuleCreatedEvent.getRule())).build());
    }

    @EventListener
    public void onSecretScanningRuleDeleted(SecretScanningRuleDeletedEvent secretScanningRuleDeletedEvent) {
        this.auditService.audit(AuditEvent.builder(getAuditType(secretScanningRuleDeletedEvent.getScope(), ACTION_GLOBAL_RULE_DELETED, ACTION_PROJECT_RULE_DELETED, ACTION_REPOSITORY_RULE_DELETED)).affectedObjects(getAffectedObjects(secretScanningRuleDeletedEvent.getScope())).extraAttributes(getExtraAttributes(secretScanningRuleDeletedEvent.getDeletedRule())).build());
    }

    @EventListener
    public void onSecretScanningRuleUpdated(SecretScanningRuleUpdatedEvent secretScanningRuleUpdatedEvent) {
        DmzSecretScanningRule newRule = secretScanningRuleUpdatedEvent.getNewRule();
        DmzSecretScanningRule previousRule = secretScanningRuleUpdatedEvent.getPreviousRule();
        AuditEvent.Builder affectedObjects = AuditEvent.builder(getAuditType(secretScanningRuleUpdatedEvent.getScope(), ACTION_GLOBAL_RULE_UPDATED, ACTION_PROJECT_RULE_UPDATED, ACTION_REPOSITORY_RULE_UPDATED)).affectedObjects(getAffectedObjects(secretScanningRuleUpdatedEvent.getScope()));
        if (previousRule.getName().equals(newRule.getName())) {
            affectedObjects.extraAttribute(AuditAttribute.fromI18nKeys(ATTR_RULE_NAME, newRule.getName()).build());
        } else {
            affectedObjects.addChangedValueIfDifferent(new ChangedValue.Builder(ATTR_RULE_NAME).from(previousRule.getName()).to(newRule.getName()).build());
        }
        if (previousRule.getLineRegex().equals(newRule.getLineRegex())) {
            newRule.getLineRegex().ifPresent(str -> {
                affectedObjects.extraAttribute(AuditAttribute.fromI18nKeys(ATTR_RULE_LINE, str).build());
            });
        } else {
            affectedObjects.addChangedValueIfDifferent(new ChangedValue.Builder(ATTR_RULE_LINE).from((String) previousRule.getLineRegex().orElse(null)).to((String) newRule.getLineRegex().orElse(null)).build());
        }
        if (previousRule.getPathRegex().equals(newRule.getPathRegex())) {
            newRule.getPathRegex().ifPresent(str2 -> {
                affectedObjects.extraAttribute(AuditAttribute.fromI18nKeys(ATTR_RULE_PATH, str2).build());
            });
        } else {
            affectedObjects.addChangedValueIfDifferent(new ChangedValue.Builder(ATTR_RULE_PATH).from((String) previousRule.getPathRegex().orElse(null)).to((String) newRule.getPathRegex().orElse(null)).build());
        }
        this.auditService.audit(affectedObjects.build());
    }

    private List<AuditResource> getAffectedObjects(Repository repository, @Nullable ApplicationUser applicationUser, String str) {
        ImmutableList.Builder builder = ImmutableList.builder();
        builder.addAll(AuditUtils.auditResourcesForProjectAndRepository(repository));
        builder.add(AuditUtils.auditResourceForCommit(repository, str));
        if (applicationUser != null) {
            builder.add(AuditUtils.auditResourceForUser(applicationUser));
        }
        return builder.build();
    }

    private List<AuditResource> getAffectedObjects(Scope scope) {
        return (List) scope.accept(new ScopeVisitor<List<AuditResource>>() { // from class: com.atlassian.bitbucket.internal.secretscanning.event.SecretScanningAuditingEventListener.1
            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public List<AuditResource> m29visit(@Nonnull GlobalScope globalScope) {
                return Collections.emptyList();
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public List<AuditResource> m28visit(@Nonnull ProjectScope projectScope) {
                return Collections.singletonList(AuditUtils.auditResourceForProject(projectScope.getProject()));
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public List<AuditResource> m27visit(@Nonnull RepositoryScope repositoryScope) {
                return AuditUtils.auditResourcesForProjectAndRepository(repositoryScope.getRepository());
            }
        });
    }

    private AuditEvent getAuditEvent(String str, List<AuditResource> list, List<AuditAttribute> list2) {
        return AuditEvent.builder(AuditType.fromI18nKeys(CoverageArea.SECURITY, CoverageLevel.BASE, "bitbucket.service.audit.category.security", str).build()).affectedObjects(list).extraAttributes(list2).build();
    }

    private AuditType getAuditType(Scope scope, final String str, final String str2, final String str3) {
        return (AuditType) scope.accept(new ScopeVisitor<AuditType>() { // from class: com.atlassian.bitbucket.internal.secretscanning.event.SecretScanningAuditingEventListener.2
            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public AuditType m32visit(@Nonnull GlobalScope globalScope) {
                return AuditType.fromI18nKeys(CoverageArea.GLOBAL_CONFIG_AND_ADMINISTRATION, CoverageLevel.BASE, "bitbucket.service.audit.category.globaladministration", str).build();
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public AuditType m31visit(@Nonnull ProjectScope projectScope) {
                return AuditType.fromI18nKeys(CoverageArea.LOCAL_CONFIG_AND_ADMINISTRATION, CoverageLevel.BASE, "bitbucket.service.audit.category.projects", str2).build();
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public AuditType m30visit(@Nonnull RepositoryScope repositoryScope) {
                return AuditType.fromI18nKeys(CoverageArea.LOCAL_CONFIG_AND_ADMINISTRATION, CoverageLevel.BASE, "bitbucket.service.audit.category.repositories", str3).build();
            }
        });
    }

    private List<AuditAttribute> getExtraAttributes(DmzSecretScanningRule dmzSecretScanningRule) {
        return getExtraAttributes(dmzSecretScanningRule, ATTR_RULE_NAME, ATTR_RULE_LINE, ATTR_RULE_PATH);
    }

    private List<AuditAttribute> getExtraAttributes(DmzSecretScanningRule dmzSecretScanningRule, String str, String str2, String str3) {
        ImmutableList.Builder add = ImmutableList.builder().add(AuditAttribute.fromI18nKeys(str, dmzSecretScanningRule.getName()).build());
        dmzSecretScanningRule.getLineRegex().ifPresent(str4 -> {
            add.add(AuditAttribute.fromI18nKeys(str2, str4).build());
        });
        dmzSecretScanningRule.getPathRegex().ifPresent(str5 -> {
            add.add(AuditAttribute.fromI18nKeys(str3, str5).build());
        });
        return add.build();
    }
}
