package com.atlassian.bitbucket.internal.secretscanning.event;

import com.atlassian.audit.api.AuditService;
import com.atlassian.audit.entity.AuditAttribute;
import com.atlassian.audit.entity.AuditEvent;
import com.atlassian.audit.entity.AuditResource;
import com.atlassian.audit.entity.AuditType;
import com.atlassian.audit.entity.CoverageArea;
import com.atlassian.audit.entity.CoverageLevel;
import com.atlassian.bitbucket.repository.Repository;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.util.AuditUtils;
import com.atlassian.event.api.EventListener;
import com.google.common.collect.ImmutableList;
import java.util.List;
import javax.annotation.Nullable;

/* loaded from: input_file:com/atlassian/bitbucket/internal/secretscanning/event/AuditingSecretScanningEventListener.class */
public class AuditingSecretScanningEventListener {
    private static final String ACTION_SECRET_DETECTED = "bitbucket.secretscanning.audit.action.secretdetected";
    private static final String ACTION_SECRET_SCAN_COMMIT_LIMIT_REACHED = "bitbucket.secretscanning.audit.action.commitlimitreached";
    private static final String ACTION_SECRET_SCAN_INCOMPLETE = "bitbucket.secretscanning.audit.action.scanincomplete";
    private static final String ATTR_COMMAND_RESULT = "bitbucket.secretscanning.audit.attribute.scan.command.result";
    private static final String ATTR_COMMIT_ID = "bitbucket.secretscanning.audit.attribute.commitid";
    private static final String ATTR_INITIATING_USER = "bitbucket.secretscanning.audit.attribute.initiatinguser";
    private static final String ATTR_LINE = "bitbucket.secretscanning.audit.attribute.line";
    private static final String ATTR_PATH = "bitbucket.secretscanning.audit.attribute.path";
    private static final String ATTR_RULE_ID = "bitbucket.secretscanning.audit.attribute.ruleid";
    private static final String ATTR_SCAN_FAILED = "bitbucket.secretscanning.audit.attribute.scan.failed";
    private static final String ATTR_TRUNCATED = "bitbucket.secretscanning.audit.attribute.scan.truncated";
    private final AuditService auditService;

    public AuditingSecretScanningEventListener(AuditService auditService) {
        this.auditService = auditService;
    }

    @EventListener
    public void onSecretDetectedEvent(SecretsDetectedEvent secretsDetectedEvent) {
        secretsDetectedEvent.getSecretLocations().forEach(secretLocation -> {
            ImmutableList.Builder add = ImmutableList.builder().add(AuditAttribute.fromI18nKeys(ATTR_COMMIT_ID, secretLocation.getCommitId()).build()).add(AuditAttribute.fromI18nKeys(ATTR_PATH, secretLocation.getPath()).build()).add(AuditAttribute.fromI18nKeys(ATTR_LINE, String.valueOf(secretLocation.getLine())).build()).add(AuditAttribute.fromI18nKeys(ATTR_RULE_ID, secretLocation.getRuleName()).build());
            if (secretsDetectedEvent.getInitiatingUser() != null) {
                add.add(AuditAttribute.fromI18nKeys(ATTR_INITIATING_USER, secretsDetectedEvent.getInitiatingUser().getName()).build());
            }
            this.auditService.audit(getAuditEvent(ACTION_SECRET_DETECTED, getAffectedObjects(secretsDetectedEvent.getRepository(), secretsDetectedEvent.getInitiatingUser(), secretLocation.getCommitId()), add.build()));
        });
    }

    @EventListener
    public void onSecretScanningCommitLimitReachedEvent(SecretScanningCommitLimitReachedEvent secretScanningCommitLimitReachedEvent) {
        ImmutableList.Builder builder = ImmutableList.builder();
        if (secretScanningCommitLimitReachedEvent.getInitiatingUser() != null) {
            builder.add(AuditAttribute.fromI18nKeys(ATTR_INITIATING_USER, secretScanningCommitLimitReachedEvent.getInitiatingUser().getName()).build());
        }
        this.auditService.audit(getAuditEvent(ACTION_SECRET_SCAN_COMMIT_LIMIT_REACHED, AuditUtils.auditResourcesForProjectAndRepository(secretScanningCommitLimitReachedEvent.getRepository()), builder.build()));
    }

    @EventListener
    public void onSecretScanNotCompletedEvent(SecretScanningIncompleteEvent secretScanningIncompleteEvent) {
        ImmutableList.Builder add = ImmutableList.builder().add(AuditAttribute.fromI18nKeys(ATTR_COMMIT_ID, secretScanningIncompleteEvent.getCommitId()).build()).add(AuditAttribute.fromI18nKeys(ATTR_SCAN_FAILED, String.valueOf(secretScanningIncompleteEvent.isFailed())).build()).add(AuditAttribute.fromI18nKeys(ATTR_TRUNCATED, String.valueOf(secretScanningIncompleteEvent.isTruncated())).build());
        if (secretScanningIncompleteEvent.getCommandResult() != null) {
            add.add(AuditAttribute.fromI18nKeys(ATTR_COMMAND_RESULT, secretScanningIncompleteEvent.getCommandResult().name()).build());
        }
        if (secretScanningIncompleteEvent.getInitiatingUser() != null) {
            add.add(AuditAttribute.fromI18nKeys(ATTR_INITIATING_USER, secretScanningIncompleteEvent.getInitiatingUser().getName()).build());
        }
        this.auditService.audit(getAuditEvent(ACTION_SECRET_SCAN_INCOMPLETE, getAffectedObjects(secretScanningIncompleteEvent.getRepository(), secretScanningIncompleteEvent.getInitiatingUser(), secretScanningIncompleteEvent.getCommitId()), add.build()));
    }

    private List<AuditResource> getAffectedObjects(Repository repository, @Nullable ApplicationUser applicationUser, String str) {
        ImmutableList.Builder builder = ImmutableList.builder();
        builder.addAll(AuditUtils.auditResourcesForProjectAndRepository(repository));
        builder.add(AuditUtils.auditResourceForCommit(repository, str));
        if (applicationUser != null) {
            builder.add(AuditUtils.auditResourceForUser(applicationUser));
        }
        return builder.build();
    }

    private AuditEvent getAuditEvent(String str, List<AuditResource> list, List<AuditAttribute> list2) {
        return AuditEvent.builder(AuditType.fromI18nKeys(CoverageArea.SECURITY, CoverageLevel.BASE, "bitbucket.service.audit.category.security", str).build()).affectedObjects(list).extraAttributes(list2).build();
    }
}
