package com.atlassian.bitbucket.internal.secretscanning;

import com.atlassian.bitbucket.auth.AuthenticationContext;
import com.atlassian.bitbucket.hook.repository.CommitAddedDetails;
import com.atlassian.bitbucket.hook.repository.PostRepositoryHook;
import com.atlassian.bitbucket.hook.repository.PostRepositoryHookContext;
import com.atlassian.bitbucket.hook.repository.RepositoryHookCommitCallback;
import com.atlassian.bitbucket.hook.repository.RepositoryHookCommitFilter;
import com.atlassian.bitbucket.hook.repository.RepositoryHookRequest;
import com.atlassian.bitbucket.hook.repository.RepositoryHookTrigger;
import com.atlassian.bitbucket.hook.repository.StandardRepositoryHookTrigger;
import com.atlassian.bitbucket.internal.secretscanning.event.SecretScanningCommitLimitReachedEvent;
import com.atlassian.bitbucket.project.ProjectType;
import com.atlassian.bitbucket.repository.Repository;
import com.atlassian.bitbucket.server.FeatureManager;
import com.atlassian.bitbucket.server.StandardFeature;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.stash.internal.server.InternalApplicationPropertiesService;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/bitbucket/internal/secretscanning/SecretScanningHook.class */
public class SecretScanningHook implements PostRepositoryHook<RepositoryHookRequest> {

    @VisibleForTesting
    static final String IS_REF_SYNC_KEY = "isRefSync";

    @VisibleForTesting
    static final String SCAN_PRIVATE_REPOSITORIES_PROPERTY_KEY = "secretscanning.scan.personal.repositories";
    private static final int DEFAULT_BATCH_SIZE = 200;
    private static final int DEFAULT_COMMIT_LIMIT = 10000;
    private final AuthenticationContext authenticationContext;
    private final EventPublisher eventPublisher;
    private final FeatureManager featureManager;
    private final InternalApplicationPropertiesService propertiesService;
    private final SecretScanningService secretScanningService;
    private static final Set<RepositoryHookTrigger> ALLOWED_TRIGGERS = ImmutableSet.of(StandardRepositoryHookTrigger.BRANCH_CREATE, StandardRepositoryHookTrigger.FILE_EDIT, StandardRepositoryHookTrigger.MERGE, StandardRepositoryHookTrigger.PULL_REQUEST_MERGE, StandardRepositoryHookTrigger.REPO_PUSH, StandardRepositoryHookTrigger.UNKNOWN, new RepositoryHookTrigger[0]);
    private static final Logger log = LoggerFactory.getLogger(SecretScanningHook.class);

    /* loaded from: input_file:com/atlassian/bitbucket/internal/secretscanning/SecretScanningHook$SecretScanningHookCallback.class */
    private class SecretScanningHookCallback implements RepositoryHookCommitCallback {
        private final int batchSize;
        private final int commitScanLimit;
        private final ApplicationUser initiatingUser;
        private final Repository repository;
        private Set<String> commits;
        private int commitsProcessed;

        SecretScanningHookCallback(Repository repository, @Nullable ApplicationUser applicationUser) {
            this.batchSize = SecretScanningHook.this.propertiesService.getProperty("secretscanning.scan.batch.size", SecretScanningHook.DEFAULT_BATCH_SIZE);
            this.commitScanLimit = SecretScanningHook.this.propertiesService.getProperty("secretscanning.scan.commit.limit", SecretScanningHook.DEFAULT_COMMIT_LIMIT);
            this.commits = new HashSet(this.batchSize, 1.0f);
            this.repository = (Repository) Objects.requireNonNull(repository, "repository");
            this.initiatingUser = applicationUser;
        }

        public boolean onCommitAdded(@Nonnull CommitAddedDetails commitAddedDetails) {
            this.commits.add(((CommitAddedDetails) Objects.requireNonNull(commitAddedDetails, "commitDetails")).getCommit().getId());
            if (this.commits.size() < this.batchSize) {
                return true;
            }
            this.commitsProcessed += this.commits.size();
            sendCommitsForScanning(false);
            if (this.commitsProcessed < this.commitScanLimit) {
                return true;
            }
            SecretScanningHook.this.eventPublisher.publish(new SecretScanningCommitLimitReachedEvent(this, this.initiatingUser, this.repository));
            SecretScanningHook.log.warn("Reached the commit limit when scanning secrets for {}", this.repository.getSlug());
            return false;
        }

        public void onEnd() {
            if (this.commits.isEmpty()) {
                return;
            }
            sendCommitsForScanning(true);
        }

        private void sendCommitsForScanning(boolean z) {
            SecretScanningHook.this.secretScanningService.onCommits(this.repository, ImmutableList.copyOf(this.commits), this.initiatingUser);
            if (z) {
                return;
            }
            this.commits = new HashSet(this.batchSize, 1.0f);
        }
    }

    public SecretScanningHook(AuthenticationContext authenticationContext, EventPublisher eventPublisher, FeatureManager featureManager, InternalApplicationPropertiesService internalApplicationPropertiesService, SecretScanningService secretScanningService) {
        this.authenticationContext = authenticationContext;
        this.eventPublisher = eventPublisher;
        this.featureManager = featureManager;
        this.propertiesService = internalApplicationPropertiesService;
        this.secretScanningService = secretScanningService;
    }

    public void postUpdate(PostRepositoryHookContext postRepositoryHookContext, RepositoryHookRequest repositoryHookRequest) {
        Objects.requireNonNull(postRepositoryHookContext, "context");
        Objects.requireNonNull(repositoryHookRequest, "request");
        if (shouldTriggerScan(repositoryHookRequest)) {
            postRepositoryHookContext.registerCommitCallback(new SecretScanningHookCallback(repositoryHookRequest.getRepository(), this.authenticationContext.getCurrentUser()), RepositoryHookCommitFilter.ADDED_TO_REPOSITORY, new RepositoryHookCommitFilter[0]);
        }
    }

    private boolean shouldTriggerScan(RepositoryHookRequest repositoryHookRequest) {
        if (this.featureManager.isEnabled(StandardFeature.SECRET_SCANNING) && ALLOWED_TRIGGERS.contains(repositoryHookRequest.getTrigger()) && !repositoryHookRequest.getContext().containsKey(IS_REF_SYNC_KEY)) {
            return repositoryHookRequest.getRepository().getProject().getType() != ProjectType.PERSONAL || this.propertiesService.getProperty(SCAN_PRIVATE_REPOSITORIES_PROPERTY_KEY, true);
        }
        return false;
    }
}
