package com.atlassian.bitbucket.internal.secretscanning.rules;

import com.atlassian.bitbucket.NoSuchEntityException;
import com.atlassian.bitbucket.dmz.features.RequireFeature;
import com.atlassian.bitbucket.dmz.secretscanning.DmzSecretScanningRule;
import com.atlassian.bitbucket.dmz.secretscanning.DmzSecretScanningRuleService;
import com.atlassian.bitbucket.dmz.secretscanning.SecretScanningRuleSearchRequest;
import com.atlassian.bitbucket.dmz.secretscanning.SecretScanningRuleSetRequest;
import com.atlassian.bitbucket.dmz.secretscanning.event.SecretScanningRuleCreatedEvent;
import com.atlassian.bitbucket.dmz.secretscanning.event.SecretScanningRuleDeletedEvent;
import com.atlassian.bitbucket.dmz.secretscanning.event.SecretScanningRuleUpdatedEvent;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.internal.secretscanning.dao.SecretScanningRuleDao;
import com.atlassian.bitbucket.internal.secretscanning.rules.SimpleSecretScanningRule;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.permission.PermissionService;
import com.atlassian.bitbucket.permission.PermissionValidationService;
import com.atlassian.bitbucket.project.ProjectType;
import com.atlassian.bitbucket.scope.GlobalScope;
import com.atlassian.bitbucket.scope.ProjectScope;
import com.atlassian.bitbucket.scope.RepositoryScope;
import com.atlassian.bitbucket.scope.Scope;
import com.atlassian.bitbucket.scope.ScopeVisitor;
import com.atlassian.bitbucket.server.StandardFeature;
import com.atlassian.bitbucket.util.Page;
import com.atlassian.bitbucket.util.PageRequest;
import com.atlassian.bitbucket.util.ValidationUtils;
import com.atlassian.bitbucket.validation.ArgumentValidationException;
import com.atlassian.bitbucket.validation.groups.Create;
import com.atlassian.bitbucket.validation.groups.Update;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.stash.internal.secretscanning.InternalSecretScanningRule;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.validation.Validator;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.transaction.annotation.Transactional;

@Transactional(readOnly = true)
@RequireFeature(StandardFeature.SECRET_SCANNING)
/* loaded from: input_file:com/atlassian/bitbucket/internal/secretscanning/rules/DefaultSecretScanningRuleService.class */
public class DefaultSecretScanningRuleService implements DmzSecretScanningRuleService {
    private final SecretScanningRuleDao dao;
    private final EventPublisher eventPublisher;
    private final I18nService i18nService;
    private final PermissionService permissionService;
    private final PermissionValidationService permissionValidationService;
    private final Validator validator;

    public DefaultSecretScanningRuleService(SecretScanningRuleDao secretScanningRuleDao, EventPublisher eventPublisher, I18nService i18nService, PermissionService permissionService, PermissionValidationService permissionValidationService, Validator validator) {
        this.dao = secretScanningRuleDao;
        this.eventPublisher = eventPublisher;
        this.i18nService = i18nService;
        this.permissionValidationService = permissionValidationService;
        this.permissionService = permissionService;
        this.validator = validator;
    }

    @Transactional
    public DmzSecretScanningRule create(SecretScanningRuleSetRequest secretScanningRuleSetRequest, Scope scope) {
        Objects.requireNonNull(secretScanningRuleSetRequest, "request");
        Objects.requireNonNull(scope, "scope");
        ValidationUtils.validate(this.validator, secretScanningRuleSetRequest, new Class[]{Create.class});
        validateRequiredRegex(secretScanningRuleSetRequest.getLineRegex(), secretScanningRuleSetRequest.getPathRegex());
        validateIsAdminForScope(scope);
        validateScopeType(scope);
        DmzSecretScanningRule transform = transform((InternalSecretScanningRule) this.dao.create(new InternalSecretScanningRule.Builder(secretScanningRuleSetRequest.getName()).lineRegex(secretScanningRuleSetRequest.getLineRegex()).pathRegex(secretScanningRuleSetRequest.getPathRegex()).scope(scope).build()));
        this.eventPublisher.publish(new SecretScanningRuleCreatedEvent(this, transform, scope));
        return transform;
    }

    @Transactional
    public void deleteRuleById(long j, Scope scope) {
        InternalSecretScanningRule internalSecretScanningRule = (InternalSecretScanningRule) this.dao.getById(Long.valueOf(j));
        if (internalSecretScanningRule != null && isAdminForScope(internalSecretScanningRule.getScope()) && internalSecretScanningRule.getScope().getType() == scope.getType()) {
            DmzSecretScanningRule transform = transform(internalSecretScanningRule);
            this.dao.deleteById(Long.valueOf(j));
            this.eventPublisher.publish(new SecretScanningRuleDeletedEvent(this, transform, internalSecretScanningRule.getScope()));
        }
    }

    public Optional<DmzSecretScanningRule> getRuleById(long j, Scope scope) {
        return Optional.ofNullable(this.dao.getById(Long.valueOf(j))).filter(internalSecretScanningRule -> {
            return internalSecretScanningRule.getScope().getType() == scope.getType();
        }).filter(internalSecretScanningRule2 -> {
            return isAdminForScope(internalSecretScanningRule2.getScope());
        }).map(this::transform);
    }

    public Page<DmzSecretScanningRule> search(PageRequest pageRequest, Scope scope, SecretScanningRuleSearchRequest secretScanningRuleSearchRequest) {
        Objects.requireNonNull(pageRequest, "pageRequest");
        Objects.requireNonNull(secretScanningRuleSearchRequest, "searchRequest");
        validateIsAdminForScope((Scope) Objects.requireNonNull(scope, "scope"));
        return this.dao.search(pageRequest, scope, secretScanningRuleSearchRequest).transform(this::transform);
    }

    @Transactional
    public DmzSecretScanningRule update(SecretScanningRuleSetRequest secretScanningRuleSetRequest, Scope scope) {
        Objects.requireNonNull(secretScanningRuleSetRequest, "request");
        ValidationUtils.validate(this.validator, secretScanningRuleSetRequest, new Class[]{Update.class});
        InternalSecretScanningRule internalSecretScanningRule = (InternalSecretScanningRule) this.dao.getById(secretScanningRuleSetRequest.getId());
        if (internalSecretScanningRule == null || !isAdminForScope(internalSecretScanningRule.getScope()) || internalSecretScanningRule.getScope().getType() != scope.getType()) {
            throw new NoSuchEntityException(this.i18nService.createKeyedMessage("bitbucket.secretscanning.error.nosuchrule", new Object[]{secretScanningRuleSetRequest.getId()}));
        }
        DmzSecretScanningRule transform = transform(internalSecretScanningRule);
        String str = (String) ObjectUtils.firstNonNull(new String[]{secretScanningRuleSetRequest.getName(), internalSecretScanningRule.getName()});
        String str2 = (String) ObjectUtils.firstNonNull(new String[]{secretScanningRuleSetRequest.getLineRegex(), (String) internalSecretScanningRule.getLineRegex().orElse(null)});
        String str3 = (String) ObjectUtils.firstNonNull(new String[]{secretScanningRuleSetRequest.getPathRegex(), (String) internalSecretScanningRule.getPathRegex().orElse(null)});
        validateRequiredRegex(str2, str3);
        DmzSecretScanningRule transform2 = transform((InternalSecretScanningRule) this.dao.update(internalSecretScanningRule.copy().name(str).lineRegex(str2).pathRegex(str3).build()));
        this.eventPublisher.publish(new SecretScanningRuleUpdatedEvent(this, transform2, transform, internalSecretScanningRule.getScope()));
        return transform2;
    }

    private boolean isAdminForScope(Scope scope) {
        return ((Boolean) scope.accept(new ScopeVisitor<Boolean>() { // from class: com.atlassian.bitbucket.internal.secretscanning.rules.DefaultSecretScanningRuleService.1
            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Boolean m43visit(GlobalScope globalScope) {
                return Boolean.valueOf(DefaultSecretScanningRuleService.this.permissionService.hasGlobalPermission(Permission.ADMIN));
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Boolean m42visit(ProjectScope projectScope) {
                return Boolean.valueOf(DefaultSecretScanningRuleService.this.permissionService.hasProjectPermission(projectScope.getProject(), Permission.PROJECT_ADMIN));
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Boolean m41visit(RepositoryScope repositoryScope) {
                return Boolean.valueOf(DefaultSecretScanningRuleService.this.permissionService.hasRepositoryPermission(repositoryScope.getRepository(), Permission.REPO_ADMIN));
            }
        })).booleanValue();
    }

    private DmzSecretScanningRule transform(InternalSecretScanningRule internalSecretScanningRule) {
        return new SimpleSecretScanningRule.Builder(internalSecretScanningRule).build();
    }

    private void validateIsAdminForScope(Scope scope) {
        scope.accept(new ScopeVisitor<Void>() { // from class: com.atlassian.bitbucket.internal.secretscanning.rules.DefaultSecretScanningRuleService.2
            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m46visit(GlobalScope globalScope) {
                DefaultSecretScanningRuleService.this.permissionValidationService.validateForGlobal(Permission.ADMIN);
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m45visit(ProjectScope projectScope) {
                DefaultSecretScanningRuleService.this.permissionValidationService.validateForProject(projectScope.getProject(), Permission.PROJECT_ADMIN);
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m44visit(RepositoryScope repositoryScope) {
                DefaultSecretScanningRuleService.this.permissionValidationService.validateForRepository(repositoryScope.getRepository(), Permission.REPO_ADMIN);
                return null;
            }
        });
    }

    private void validateRequiredRegex(@Nullable String str, @Nullable String str2) {
        if (StringUtils.isBlank(str) && StringUtils.isBlank(str2)) {
            throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.secretscanning.error.regex.required", new Object[0]));
        }
    }

    private void validateScopeType(Scope scope) {
        scope.accept(new ScopeVisitor<Void>() { // from class: com.atlassian.bitbucket.internal.secretscanning.rules.DefaultSecretScanningRuleService.3
            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m47visit(@Nonnull ProjectScope projectScope) {
                if (projectScope.getProject().getType() == ProjectType.PERSONAL) {
                    throw new ArgumentValidationException(DefaultSecretScanningRuleService.this.i18nService.createKeyedMessage("bitbucket.secretscanning.error.scope.project.personal.nocreate", new Object[0]));
                }
                return null;
            }
        });
    }
}
