package com.atlassian.bitbucket.internal.secretscanning.email;

import com.atlassian.bitbucket.commit.BulkCommitsRequest;
import com.atlassian.bitbucket.commit.Commit;
import com.atlassian.bitbucket.commit.CommitService;
import com.atlassian.bitbucket.i18n.I18nKey;
import com.atlassian.bitbucket.internal.secretscanning.event.SecretsDetectedEvent;
import com.atlassian.bitbucket.internal.secretscanning.scan.SecretLocation;
import com.atlassian.bitbucket.mail.MailMessage;
import com.atlassian.bitbucket.mail.MailService;
import com.atlassian.bitbucket.mail.SoyMailBuilder;
import com.atlassian.bitbucket.mail.SoyMailMessageRequest;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.permission.PermissionService;
import com.atlassian.bitbucket.repository.Repository;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.Person;
import com.atlassian.bitbucket.user.SecurityService;
import com.atlassian.bitbucket.user.UserService;
import com.atlassian.event.api.EventListener;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/atlassian/bitbucket/internal/secretscanning/email/SecretScanningMailer.class */
public class SecretScanningMailer {
    private static final Logger log = LoggerFactory.getLogger(SecretScanningMailer.class);
    private static final String NOTIFICATION_EMAIL_STYLES_MODULE = "com.atlassian.bitbucket.server.bitbucket-notification:notification-email-styles";
    private static final String MODULE_KEY = "com.atlassian.bitbucket.server.bitbucket-secret-scanning";
    private static final String SOY_EMAIL_TEMPLATE_MODULE = "com.atlassian.bitbucket.server.bitbucket-secret-scanning:secret-scanning-email-templates";
    private static final String SOY_TEMPLATE = "bitbucket.internal.notification.email.secretscanning.email";
    private static final String TOKEN_EMAIL_STYLES_MODULE = "com.atlassian.bitbucket.server.bitbucket-secret-scanning:secret-scanning-email-styles";
    private final CommitService commitService;
    private final MailService mailService;
    private final int maxSecretsPerEmail;
    private final PermissionService permissionService;
    private final SecurityService securityService;
    private final SoyMailBuilder soyMailBuilder;
    private final UserService userService;

    public SecretScanningMailer(CommitService commitService, int i, MailService mailService, PermissionService permissionService, SecurityService securityService, SoyMailBuilder soyMailBuilder, UserService userService) {
        this.commitService = commitService;
        this.mailService = mailService;
        this.maxSecretsPerEmail = i;
        this.permissionService = permissionService;
        this.securityService = securityService;
        this.soyMailBuilder = soyMailBuilder;
        this.userService = userService;
    }

    @EventListener
    public void onSecretsFound(SecretsDetectedEvent secretsDetectedEvent) {
        if (!this.mailService.isHostConfigured()) {
            log.warn("Could not send an e-mail about detected secrets because there is no mail service configured. Please configure a mail server to stop this message.");
            return;
        }
        Map<String, Commit> commitMap = getCommitMap(secretsDetectedEvent);
        Repository repository = secretsDetectedEvent.getRepository();
        List<SecretLocation> filterOutSecretsWithInvalidCommits = filterOutSecretsWithInvalidCommits(secretsDetectedEvent, commitMap);
        ApplicationUser initiatingUser = getInitiatingUser(secretsDetectedEvent);
        for (Map.Entry<ApplicationUser, List<SecretLocation>> entry : getSecretsByRecipient(filterOutSecretsWithInvalidCommits, initiatingUser, commitMap).entrySet()) {
            ApplicationUser key = entry.getKey();
            Iterator it = Lists.partition(entry.getValue(), this.maxSecretsPerEmail).iterator();
            while (it.hasNext()) {
                Iterator<MailMessage> it2 = buildMessage(commitMap, initiatingUser, key, repository, (List) it.next()).iterator();
                while (it2.hasNext()) {
                    this.mailService.submit(it2.next());
                }
            }
        }
    }

    private static Map<String, Object> getContext(Repository repository, @Nullable ApplicationUser applicationUser, ApplicationUser applicationUser2, List<SecretLocation> list, Map<String, Commit> map) {
        ImmutableMap.Builder put = ImmutableMap.builder().put("moduleKey", NOTIFICATION_EMAIL_STYLES_MODULE).put("repository", repository).put("secrets", list.stream().map(secretLocation -> {
            return mapSecretToContext(secretLocation, map);
        }).collect(Collectors.toList())).put("includeCommitterColumn", Boolean.valueOf(shouldIncludeCommitterColumn(list, map)));
        if (applicationUser != null) {
            put.put("initiatingUser", applicationUser);
        }
        return put.build();
    }

    private static boolean isDifferentPerson(@Nullable Person person, @Nullable Person person2) {
        if (person == null && person2 == null) {
            return false;
        }
        if (person == null || person2 == null) {
            return true;
        }
        return (StringUtils.isBlank(person2.getEmailAddress()) || StringUtils.isBlank(person.getEmailAddress())) ? !person.getName().equals(person2.getName()) : !person2.getEmailAddress().equals(person.getEmailAddress());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<String, Object> mapSecretToContext(SecretLocation secretLocation, Map<String, Commit> map) {
        ImmutableMap.Builder put = ImmutableMap.builder().put("ruleName", secretLocation.getRuleName()).put("path", secretLocation.getPath()).put("commit", map.get(secretLocation.getCommitId()));
        if (secretLocation.getLine() != null) {
            put.put("line", secretLocation.getLine());
        }
        return put.build();
    }

    private static boolean shouldIncludeCommitterColumn(List<SecretLocation> list, Map<String, Commit> map) {
        return list.stream().anyMatch(secretLocation -> {
            Commit commit = (Commit) map.get(secretLocation.getCommitId());
            return isDifferentPerson(commit.getAuthor(), commit.getCommitter());
        });
    }

    private Iterable<MailMessage> buildMessage(Map<String, Commit> map, ApplicationUser applicationUser, ApplicationUser applicationUser2, Repository repository, List<SecretLocation> list) {
        return this.soyMailBuilder.build(new SoyMailMessageRequest.Builder().cssModuleKey(TOKEN_EMAIL_STYLES_MODULE).context(getContext(repository, applicationUser, applicationUser2, list, map)).recipients(Collections.singletonList(applicationUser2)).soyTemplateModuleKey(SOY_EMAIL_TEMPLATE_MODULE).soyTemplateName(SOY_TEMPLATE).subjectKey(getSubjectKey(repository)).build());
    }

    private boolean canReadRepository(ApplicationUser applicationUser, Repository repository) {
        return this.permissionService.hasRepositoryPermission(applicationUser, repository, Permission.REPO_READ);
    }

    private boolean canReceiveEmail(Repository repository, @Nullable ApplicationUser applicationUser) {
        return (applicationUser == null || StringUtils.isBlank(applicationUser.getEmailAddress()) || !canReadRepository(applicationUser, repository)) ? false : true;
    }

    private List<SecretLocation> filterOutSecretsWithInvalidCommits(SecretsDetectedEvent secretsDetectedEvent, Map<String, Commit> map) {
        return (List) secretsDetectedEvent.getSecretLocations().stream().filter(secretLocation -> {
            if (map.containsKey(secretLocation.getCommitId())) {
                return true;
            }
            log.debug("Commit {} with secret was not found", secretLocation.getCommitId());
            return false;
        }).collect(Collectors.toList());
    }

    private Map<String, Commit> getCommitMap(SecretsDetectedEvent secretsDetectedEvent) {
        Set set = (Set) secretsDetectedEvent.getSecretLocations().stream().map((v0) -> {
            return v0.getCommitId();
        }).collect(Collectors.toSet());
        BulkCommitsRequest build = new BulkCommitsRequest.Builder().commits(secretsDetectedEvent.getRepository(), set).ignoreMissing(true).maxMessageLength(0).build();
        HashMap hashMap = new HashMap(set.size(), 1.0f);
        this.securityService.withPermission(Permission.REPO_READ, "Secret scanning").call(() -> {
            this.commitService.streamCommits(build, (commit, set2) -> {
                hashMap.put(commit.getId(), commit);
                return true;
            });
            return null;
        });
        return hashMap;
    }

    @Nullable
    private ApplicationUser getInitiatingUser(SecretsDetectedEvent secretsDetectedEvent) {
        if (secretsDetectedEvent.getInitiatingUser() == null) {
            return null;
        }
        return getUser(secretsDetectedEvent.getInitiatingUser());
    }

    private Map<ApplicationUser, List<SecretLocation>> getSecretsByRecipient(List<SecretLocation> list, @Nullable ApplicationUser applicationUser, Map<String, Commit> map) {
        HashMap hashMap = new HashMap();
        for (SecretLocation secretLocation : list) {
            Commit commit = map.get(secretLocation.getCommitId());
            Repository repository = secretLocation.getRepository();
            boolean z = false;
            if (canReceiveEmail(repository, applicationUser)) {
                ((List) hashMap.computeIfAbsent(applicationUser, applicationUser2 -> {
                    return new ArrayList();
                })).add(secretLocation);
                z = true;
            }
            if (isDifferentPerson(applicationUser, commit.getAuthor())) {
                ApplicationUser user = getUser(commit.getAuthor());
                if (canReceiveEmail(repository, user)) {
                    ((List) hashMap.computeIfAbsent(user, applicationUser3 -> {
                        return new ArrayList();
                    })).add(secretLocation);
                    z = true;
                }
            }
            if (isDifferentPerson(applicationUser, commit.getCommitter()) && isDifferentPerson(commit.getAuthor(), commit.getCommitter())) {
                ApplicationUser user2 = getUser(commit.getCommitter());
                if (canReceiveEmail(repository, user2)) {
                    ((List) hashMap.computeIfAbsent(user2, applicationUser4 -> {
                        return new ArrayList();
                    })).add(secretLocation);
                    z = true;
                }
            }
            if (!z) {
                log.debug("Secret scanning detected a secret matching the rule '{}' in {}/{} commit {}, file {}, line {} but no one involved in the commit is able to be emailed.", new Object[]{secretLocation.getRuleName(), repository.getProject().getKey(), repository.getSlug(), commit.getId(), secretLocation.getPath(), secretLocation.getLine()});
            }
        }
        return hashMap;
    }

    private I18nKey getSubjectKey(Repository repository) {
        return new I18nKey("bitbucket.secretscanning.email.subject", new Object[]{repository.getProject().getName(), repository.getName()});
    }

    @Nullable
    private ApplicationUser getUser(Person person) {
        return this.userService.findUserByNameOrEmail((String) StringUtils.firstNonBlank(new String[]{person.getEmailAddress(), person.getName()}));
    }
}
