package com.atlassian.stash.hooks.permissions.internal;

import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.event.api.EventListener;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.sal.api.transaction.TransactionCallback;
import com.atlassian.stash.event.RepositoryDeletedEvent;
import com.atlassian.stash.event.RepositoryRefsChangedEvent;
import com.atlassian.stash.event.user.GroupCleanupEvent;
import com.atlassian.stash.event.user.UserCleanupEvent;
import com.atlassian.stash.exception.IntegrityException;
import com.atlassian.stash.exception.LimitExceededException;
import com.atlassian.stash.exception.NoSuchEntityException;
import com.atlassian.stash.hooks.permissions.BranchPermissionService;
import com.atlassian.stash.hooks.permissions.PermittedEntity;
import com.atlassian.stash.hooks.permissions.RestrictedBranch;
import com.atlassian.stash.hooks.permissions.RestrictedPattern;
import com.atlassian.stash.hooks.permissions.RestrictedRef;
import com.atlassian.stash.hooks.permissions.RestrictedRefAddedEvent;
import com.atlassian.stash.hooks.permissions.RestrictedRefRemovedEvent;
import com.atlassian.stash.hooks.permissions.RestrictedRefUpdatedEvent;
import com.atlassian.stash.hooks.permissions.internal.dao.AoPermittedEntity;
import com.atlassian.stash.hooks.permissions.internal.dao.AoRestrictedRef;
import com.atlassian.stash.hooks.permissions.internal.dao.BranchPermissionDao;
import com.atlassian.stash.i18n.I18nService;
import com.atlassian.stash.repository.Branch;
import com.atlassian.stash.repository.RefChange;
import com.atlassian.stash.repository.RefChangeType;
import com.atlassian.stash.repository.Repository;
import com.atlassian.stash.repository.RepositoryService;
import com.atlassian.stash.scm.git.GitAgent;
import com.atlassian.stash.server.ApplicationPropertiesService;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.PermissionValidationService;
import com.atlassian.stash.user.SecurityService;
import com.atlassian.stash.user.StashAuthenticationContext;
import com.atlassian.stash.user.StashUser;
import com.atlassian.stash.user.UserService;
import com.atlassian.stash.util.Chainable;
import com.atlassian.stash.util.Operation;
import com.atlassian.stash.util.Page;
import com.atlassian.stash.util.PageImpl;
import com.atlassian.stash.util.PageProvider;
import com.atlassian.stash.util.PageRequest;
import com.atlassian.stash.util.PageRequestImpl;
import com.atlassian.stash.util.PageUtils;
import com.atlassian.stash.util.PagedIterable;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.Collections2;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;

/* loaded from: input_file:com/atlassian/stash/hooks/permissions/internal/BranchPermissionServiceImpl.class */
public class BranchPermissionServiceImpl implements BranchPermissionService {
    private static final String PLUGIN_PREFIX = "plugin.stash-branch-permissions.";
    private static final String PROPERTY_CASE_INSENSITIVE = "plugin.stash-branch-permissions.case.insensitive";
    private static final String PROPERTY_MAX_RESOURCES = "plugin.stash-branch-permissions.max.resources";
    private static final String PROPERTY_MAX_ENTITIES_PER_RESOURCE = "plugin.stash-branch-permissions.max.resource.entities";
    private static final int USER_GROUP_LIMIT = 500;
    private final PathMatcher pathMatcher = new AntPathMatcher();
    private final boolean caseInsensitive;
    private final int maxResourcesPerRepo;
    private final int maxEntitiesPerResource;
    private final int maxEntitiesPerRepo;
    private final StashAuthenticationContext authContext;
    private final BranchPermissionDao branchPermissionDao;
    private final PermissionValidationService permissionValidationService;
    private final GitAgent gitAgent;
    private final RepositoryService repositoryService;
    private final TransactionHelper transactionTemplate;
    private final UserService userService;
    private final I18nService i18nService;
    private final SecurityService securityService;
    private final EventPublisher eventPublisher;
    public static final Function<AoRestrictedRef, InternalRestrictedPattern> RESTRICTED_PATTERN_TRANSFORMER = new Function<AoRestrictedRef, InternalRestrictedPattern>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.16
        public InternalRestrictedPattern apply(AoRestrictedRef aoRestrictedRef) {
            Preconditions.checkArgument(aoRestrictedRef != null && RestrictedRef.Type.valueOf(aoRestrictedRef.getType()) == RestrictedRef.Type.PATTERN);
            return new InternalRestrictedPattern(aoRestrictedRef.getId().intValue(), aoRestrictedRef.getValue());
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl$18, reason: invalid class name */
    /* loaded from: input_file:com/atlassian/stash/hooks/permissions/internal/BranchPermissionServiceImpl$18.class */
    public static /* synthetic */ class AnonymousClass18 {
        static final /* synthetic */ int[] $SwitchMap$com$atlassian$stash$hooks$permissions$RestrictedRef$Type = new int[RestrictedRef.Type.values().length];

        static {
            try {
                $SwitchMap$com$atlassian$stash$hooks$permissions$RestrictedRef$Type[RestrictedRef.Type.BRANCH.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$atlassian$stash$hooks$permissions$RestrictedRef$Type[RestrictedRef.Type.PATTERN.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public BranchPermissionServiceImpl(StashAuthenticationContext stashAuthenticationContext, BranchPermissionDao branchPermissionDao, PermissionValidationService permissionValidationService, GitAgent gitAgent, RepositoryService repositoryService, TransactionHelper transactionHelper, UserService userService, I18nService i18nService, ApplicationPropertiesService applicationPropertiesService, SecurityService securityService, EventPublisher eventPublisher) {
        this.authContext = stashAuthenticationContext;
        this.branchPermissionDao = branchPermissionDao;
        this.permissionValidationService = permissionValidationService;
        this.gitAgent = gitAgent;
        this.repositoryService = repositoryService;
        this.transactionTemplate = transactionHelper;
        this.userService = userService;
        this.i18nService = i18nService;
        this.securityService = securityService;
        this.eventPublisher = eventPublisher;
        this.caseInsensitive = applicationPropertiesService.getPluginProperty(PROPERTY_CASE_INSENSITIVE, true);
        this.maxResourcesPerRepo = applicationPropertiesService.getPluginProperty(PROPERTY_MAX_RESOURCES, 100);
        this.maxEntitiesPerResource = applicationPropertiesService.getPluginProperty(PROPERTY_MAX_ENTITIES_PER_RESOURCE, 50);
        this.maxEntitiesPerRepo = this.maxResourcesPerRepo * this.maxEntitiesPerResource;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Branch resolveBranch(Repository repository, String str) {
        if ("git".equals(repository.getScmId())) {
            return this.gitAgent.resolveBranch(repository, str, true);
        }
        throw new UnsupportedOperationException();
    }

    @Override // com.atlassian.stash.hooks.permissions.BranchPermissionService
    @Nonnull
    public Page<? extends RestrictedRef> findRestrictedRefs(@Nonnull final Repository repository) {
        Preconditions.checkNotNull(repository, "repository");
        final PageRequestImpl pageRequestImpl = new PageRequestImpl(0, this.maxResourcesPerRepo);
        return (Page) this.transactionTemplate.execute(new TransactionCallback<Page<? extends RestrictedRef>>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.1
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Page<? extends RestrictedRef> m4doInTransaction() {
                BranchPermissionServiceImpl.this.permissionValidationService.validateForRepository(repository, Permission.REPO_ADMIN);
                Page<AoRestrictedRef> findRefs = BranchPermissionServiceImpl.this.branchPermissionDao.findRefs(repository.getId().intValue(), pageRequestImpl);
                return new PageImpl(pageRequestImpl, findRefs.getSize(), ImmutableList.copyOf(Iterables.transform(findRefs.getValues(), BranchPermissionServiceImpl.this.createRestrictedRefTransformer(repository))), findRefs.getIsLastPage());
            }
        });
    }

    @Override // com.atlassian.stash.hooks.permissions.BranchPermissionService
    @Nonnull
    public Page<? extends PermittedEntity> findPermittedEntities(@Nonnull final Repository repository) {
        Preconditions.checkNotNull(repository, "repository");
        final PageRequestImpl pageRequestImpl = new PageRequestImpl(0, this.maxEntitiesPerRepo);
        return (Page) this.transactionTemplate.execute(new TransactionCallback<Page<? extends PermittedEntity>>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.2
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Page<? extends PermittedEntity> m9doInTransaction() {
                BranchPermissionServiceImpl.this.permissionValidationService.validateForRepository(repository, Permission.REPO_ADMIN);
                Page<AoPermittedEntity> findEntities = BranchPermissionServiceImpl.this.branchPermissionDao.findEntities(repository.getId().intValue(), pageRequestImpl);
                if (findEntities.getSize() == 0) {
                    return PageUtils.createEmptyPage(pageRequestImpl);
                }
                ImmutableList.Builder builder = ImmutableList.builder();
                Map findUsers = BranchPermissionServiceImpl.this.findUsers(Chainable.chain(findEntities.getValues()).transform(AoPermittedEntity.TO_USER_ID).filter(Predicates.notNull()).toSet());
                for (AoPermittedEntity aoPermittedEntity : findEntities.getValues()) {
                    if (aoPermittedEntity.getUserId() != null) {
                        StashUser stashUser = (StashUser) findUsers.get(aoPermittedEntity.getUserId());
                        if (stashUser != null) {
                            builder.add(new InternalPermittedUser(aoPermittedEntity.getRestricted().getId().intValue(), stashUser));
                        }
                    } else {
                        builder.add(new InternalPermittedGroup(aoPermittedEntity.getRestricted().getId().intValue(), aoPermittedEntity.getGroup()));
                    }
                }
                return new PageImpl(pageRequestImpl, findEntities.getSize(), builder.build(), findEntities.getIsLastPage());
            }
        });
    }

    @Override // com.atlassian.stash.hooks.permissions.BranchPermissionService
    public RestrictedRef getRestrictedRef(final int i) {
        return (RestrictedRef) this.transactionTemplate.execute(new TransactionCallback<RestrictedRef>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.3
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public RestrictedRef m10doInTransaction() {
                AoRestrictedRef restrictedRefById = BranchPermissionServiceImpl.this.branchPermissionDao.getRestrictedRefById(i);
                if (restrictedRefById == null) {
                    return null;
                }
                Repository byId = BranchPermissionServiceImpl.this.repositoryService.getById(restrictedRefById.getRepositoryId().intValue());
                if (byId == null) {
                    throw new IllegalStateException("Repository with id " + restrictedRefById.getId() + " does not exist!");
                }
                BranchPermissionServiceImpl.this.permissionValidationService.validateForRepository(byId, Permission.REPO_ADMIN);
                return (RestrictedRef) BranchPermissionServiceImpl.this.createRestrictedRefTransformer(byId).apply(restrictedRefById);
            }
        });
    }

    @Override // com.atlassian.stash.hooks.permissions.BranchPermissionService
    public boolean removeRestrictedRef(final int i) {
        return ((Boolean) this.transactionTemplate.execute(new TransactionCallback<Boolean>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.4
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Boolean m11doInTransaction() {
                AoRestrictedRef restrictedRefById = BranchPermissionServiceImpl.this.branchPermissionDao.getRestrictedRefById(i);
                if (restrictedRefById == null) {
                    return false;
                }
                Repository byId = BranchPermissionServiceImpl.this.repositoryService.getById(restrictedRefById.getRepositoryId().intValue());
                BranchPermissionServiceImpl.this.permissionValidationService.validateForRepository(byId, Permission.REPO_ADMIN);
                BranchPermissionServiceImpl.this.validateRepoAdminPermission(i);
                boolean removeRestrictedRef = BranchPermissionServiceImpl.this.branchPermissionDao.removeRestrictedRef(i);
                if (removeRestrictedRef) {
                    BranchPermissionServiceImpl.this.eventPublisher.publish(new RestrictedRefRemovedEvent(this, byId, null, null, (RestrictedRef) BranchPermissionServiceImpl.this.createRestrictedRefTransformer(byId).apply(restrictedRefById)));
                }
                return Boolean.valueOf(removeRestrictedRef);
            }
        })).booleanValue();
    }

    @Override // com.atlassian.stash.hooks.permissions.BranchPermissionService
    public boolean removeRestrictedBranch(@Nonnull final Repository repository, @Nonnull final String str) {
        return ((Boolean) this.transactionTemplate.execute(new TransactionCallback<Boolean>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.5
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Boolean m12doInTransaction() {
                AoRestrictedRef restrictedRef = BranchPermissionServiceImpl.this.branchPermissionDao.getRestrictedRef(repository.getId().intValue(), RestrictedRef.Type.BRANCH, str);
                return Boolean.valueOf(restrictedRef != null && BranchPermissionServiceImpl.this.removeRestrictedRef(restrictedRef.getId().intValue()));
            }
        })).booleanValue();
    }

    @Override // com.atlassian.stash.hooks.permissions.BranchPermissionService
    @Nonnull
    public RestrictedPattern restrictPattern(@Nonnull final Repository repository, @Nonnull final String str, @Nonnull final Collection<? extends StashUser> collection, @Nonnull final Collection<String> collection2) {
        return (RestrictedPattern) this.transactionTemplate.execute(new TransactionCallback<RestrictedPattern>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.6
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public RestrictedPattern m13doInTransaction() {
                BranchPermissionServiceImpl.this.permissionValidationService.validateForRepository(repository, Permission.REPO_ADMIN);
                if (BranchPermissionServiceImpl.this.branchPermissionDao.isRestricted(repository.getId().intValue(), RestrictedRef.Type.PATTERN, str)) {
                    BranchPermissionServiceImpl.this.throwConflictingRestrictedRef(str);
                }
                AoRestrictedRef restrictPattern = BranchPermissionServiceImpl.this.branchPermissionDao.restrictPattern(repository.getId().intValue(), str);
                BranchPermissionServiceImpl.this.validateWithinResourceLimits(repository);
                BranchPermissionServiceImpl.this.grantEntityPermissions(restrictPattern.getId().intValue(), collection, collection2);
                InternalRestrictedPattern internalRestrictedPattern = (InternalRestrictedPattern) BranchPermissionServiceImpl.RESTRICTED_PATTERN_TRANSFORMER.apply(restrictPattern);
                BranchPermissionServiceImpl.this.eventPublisher.publish(new RestrictedRefAddedEvent(this, repository, collection2, collection, internalRestrictedPattern));
                return internalRestrictedPattern;
            }
        });
    }

    @Override // com.atlassian.stash.hooks.permissions.BranchPermissionService
    @Nonnull
    public RestrictedBranch restrictBranch(@Nonnull final Repository repository, @Nonnull final String str, @Nonnull final Collection<? extends StashUser> collection, @Nonnull final Collection<String> collection2) {
        return (RestrictedBranch) this.transactionTemplate.execute(new TransactionCallback<RestrictedBranch>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.7
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public RestrictedBranch m14doInTransaction() {
                BranchPermissionServiceImpl.this.permissionValidationService.validateForRepository(repository, Permission.REPO_ADMIN);
                if (BranchPermissionServiceImpl.this.branchPermissionDao.isRestricted(repository.getId().intValue(), RestrictedRef.Type.BRANCH, str)) {
                    BranchPermissionServiceImpl.this.throwConflictingRestrictedRef(str);
                }
                AoRestrictedRef restrictRef = BranchPermissionServiceImpl.this.branchPermissionDao.restrictRef(repository.getId().intValue(), str);
                BranchPermissionServiceImpl.this.validateWithinResourceLimits(repository);
                BranchPermissionServiceImpl.this.grantEntityPermissions(restrictRef.getId().intValue(), collection, collection2);
                InternalRestrictedBranch internalRestrictedBranch = (InternalRestrictedBranch) BranchPermissionServiceImpl.this.createRestrictedBranchTransformer(repository).apply(restrictRef);
                BranchPermissionServiceImpl.this.eventPublisher.publish(new RestrictedRefAddedEvent(this, repository, collection2, collection, internalRestrictedBranch));
                return internalRestrictedBranch;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void validateWithinResourceLimits(Repository repository) {
        if (this.branchPermissionDao.countRefs(repository.getId().intValue()) > this.maxResourcesPerRepo) {
            throw new LimitExceededException(this.i18nService.createKeyedMessage("stash.branch.permission.too.many.restricted.refs", new Object[]{Integer.valueOf(this.maxResourcesPerRepo)}));
        }
    }

    @Override // com.atlassian.stash.hooks.permissions.BranchPermissionService
    @Nonnull
    public RestrictedRef updateRestrictedRef(final int i, @Nonnull final String str, @Nonnull final Collection<? extends StashUser> collection, @Nonnull final Collection<String> collection2) {
        return (RestrictedRef) this.transactionTemplate.execute(new TransactionCallback<RestrictedRef>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.8
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public RestrictedRef m15doInTransaction() {
                AoRestrictedRef restrictedRefOrThrow = BranchPermissionServiceImpl.this.getRestrictedRefOrThrow(i);
                Repository byId = BranchPermissionServiceImpl.this.repositoryService.getById(restrictedRefOrThrow.getRepositoryId().intValue());
                if (byId == null) {
                    throw new IllegalStateException("Repository with id " + restrictedRefOrThrow.getId() + " does not exist!");
                }
                BranchPermissionServiceImpl.this.permissionValidationService.validateForRepository(byId, Permission.REPO_ADMIN);
                if (!restrictedRefOrThrow.getValue().equals(str) && BranchPermissionServiceImpl.this.branchPermissionDao.isRestricted(byId.getId().intValue(), RestrictedRef.Type.valueOf(restrictedRefOrThrow.getType()), str)) {
                    BranchPermissionServiceImpl.this.throwConflictingRestrictedRef(str);
                }
                BranchPermissionServiceImpl.this.setEntityPermissions(restrictedRefOrThrow.getId().intValue(), collection, collection2);
                InternalRestrictedRef internalRestrictedRef = (InternalRestrictedRef) BranchPermissionServiceImpl.this.createRestrictedRefTransformer(byId).apply(BranchPermissionServiceImpl.this.branchPermissionDao.updateValue(restrictedRefOrThrow.getId().intValue(), str));
                BranchPermissionServiceImpl.this.eventPublisher.publish(new RestrictedRefUpdatedEvent(this, byId, collection2, collection, internalRestrictedRef));
                return internalRestrictedRef;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void throwConflictingRestrictedRef(String str) {
        throw new IntegrityException(this.i18nService.createKeyedMessage("stash.branch.permission.ref.already.restricted", new Object[]{str}));
    }

    @Override // com.atlassian.stash.hooks.permissions.BranchPermissionService
    @Nonnull
    public Iterable<String> findUnauthorizedRefs(@Nonnull final Repository repository, @Nonnull final Iterable<String> iterable) {
        return (Iterable) this.transactionTemplate.execute(new TransactionCallback<Set<String>>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.9
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Set<String> m16doInTransaction() {
                Multimap<Integer, String> findMatchingRestrictions = findMatchingRestrictions(BranchPermissionServiceImpl.this.branchPermissionDao.findRefs(repository.getId().intValue(), new PageRequestImpl(0, BranchPermissionServiceImpl.this.maxResourcesPerRepo)).getValues(), iterable);
                if (findMatchingRestrictions.isEmpty()) {
                    return Collections.emptySet();
                }
                HashSet newHashSet = Sets.newHashSet(findMatchingRestrictions.values());
                ArrayListMultimap create = ArrayListMultimap.create();
                StashUser currentUser = BranchPermissionServiceImpl.this.authContext.getCurrentUser();
                Integer valueOf = Integer.valueOf(currentUser != null ? currentUser.getId().intValue() : 0);
                for (AoPermittedEntity aoPermittedEntity : BranchPermissionServiceImpl.this.branchPermissionDao.findEntities(repository.getId().intValue(), new PageRequestImpl(0, BranchPermissionServiceImpl.this.maxEntitiesPerRepo)).getValues()) {
                    Collection<?> filter = Collections2.filter(findMatchingRestrictions.get(aoPermittedEntity.getRestricted().getId()), Predicates.in(newHashSet));
                    if (!filter.isEmpty()) {
                        if (aoPermittedEntity.getUserId() == null) {
                            create.putAll(BranchPermissionServiceImpl.canonicalizeGroup(aoPermittedEntity.getGroup()), filter);
                        } else if (aoPermittedEntity.getUserId().equals(valueOf)) {
                            newHashSet.removeAll(filter);
                            if (newHashSet.isEmpty()) {
                                return newHashSet;
                            }
                        } else {
                            continue;
                        }
                    }
                }
                if (!create.isEmpty()) {
                    filterRefsByGroup(create, newHashSet, currentUser);
                }
                return newHashSet;
            }

            private Multimap<Integer, String> findMatchingRestrictions(Iterable<AoRestrictedRef> iterable2, Iterable<String> iterable3) {
                ArrayListMultimap create = ArrayListMultimap.create();
                for (AoRestrictedRef aoRestrictedRef : iterable2) {
                    create.putAll(aoRestrictedRef.getId(), Iterables.filter(iterable3, BranchPermissionServiceImpl.this.createRestrictedRefPredicate(aoRestrictedRef)));
                }
                return create;
            }

            private void filterRefsByGroup(Multimap<String, String> multimap, Set<String> set, final StashUser stashUser) {
                Iterator it = new PagedIterable(new PageProvider<String>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.9.1
                    public Page<String> get(PageRequest pageRequest) {
                        return BranchPermissionServiceImpl.this.userService.findGroupsByUser(stashUser.getName(), pageRequest);
                    }
                }, new PageRequestImpl(0, BranchPermissionServiceImpl.USER_GROUP_LIMIT)).iterator();
                while (it.hasNext()) {
                    set.removeAll(multimap.get(BranchPermissionServiceImpl.canonicalizeGroup((String) it.next())));
                    if (set.isEmpty()) {
                        return;
                    }
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String canonicalizeGroup(String str) {
        return IdentifierUtils.toLowerCase(str);
    }

    @EventListener
    public void onRepositoryDeleted(final RepositoryDeletedEvent repositoryDeletedEvent) {
        this.transactionTemplate.execute(new TransactionCallback<Void>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.10
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Void m5doInTransaction() {
                BranchPermissionServiceImpl.this.branchPermissionDao.removeAllRestrictedRefs(repositoryDeletedEvent.getRepository().getId().intValue());
                return null;
            }
        });
    }

    @EventListener
    public void onUserDeleted(final UserCleanupEvent userCleanupEvent) {
        this.transactionTemplate.execute(new TransactionCallback<Void>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.11
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Void m6doInTransaction() {
                BranchPermissionServiceImpl.this.branchPermissionDao.revokeAllUserPermissions(userCleanupEvent.getDeletedUser().getId().intValue());
                return null;
            }
        });
    }

    @EventListener
    public void onGroupDeleted(final GroupCleanupEvent groupCleanupEvent) {
        this.transactionTemplate.execute(new TransactionCallback<Void>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.12
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Void m7doInTransaction() {
                BranchPermissionServiceImpl.this.branchPermissionDao.revokeAllGroupPermissions(groupCleanupEvent.getGroup());
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void validateRepoAdminPermission(int i) {
        this.permissionValidationService.validateForRepository(this.repositoryService.getById(getRestrictedRefOrThrow(i).getRepositoryId().intValue()), Permission.REPO_ADMIN);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AoRestrictedRef getRestrictedRefOrThrow(int i) {
        AoRestrictedRef restrictedRefById = this.branchPermissionDao.getRestrictedRefById(i);
        if (restrictedRefById == null) {
            throw new NoSuchEntityException(this.i18nService.createKeyedMessage("stash.branch.permission.not.found", new Object[]{Integer.valueOf(i)}));
        }
        return restrictedRefById;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setEntityPermissions(int i, Collection<? extends StashUser> collection, Collection<String> collection2) {
        this.branchPermissionDao.revokeAllEntityPermissions(i);
        grantEntityPermissions(i, collection, collection2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void grantEntityPermissions(int i, Collection<? extends StashUser> collection, Collection<String> collection2) {
        if (sizeOf(collection) + sizeOf(collection2) > this.maxEntitiesPerResource) {
            throw new LimitExceededException(this.i18nService.createKeyedMessage("stash.branch.permission.too.many.permitted.entities", new Object[]{Integer.valueOf(this.maxEntitiesPerResource)}));
        }
        Iterator<? extends StashUser> it = collection.iterator();
        while (it.hasNext()) {
            this.branchPermissionDao.grantEntityPermission(i, it.next().getId().intValue());
        }
        Iterator<String> it2 = collection2.iterator();
        while (it2.hasNext()) {
            this.branchPermissionDao.grantEntityPermission(i, it2.next());
        }
    }

    private int sizeOf(Collection collection) {
        if (collection == null) {
            return 0;
        }
        return collection.size();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<Integer, StashUser> findUsers(Set<Integer> set) {
        if (set.isEmpty()) {
            return Collections.emptyMap();
        }
        Set<StashUser> usersById = this.userService.getUsersById(set);
        ImmutableMap.Builder builder = ImmutableMap.builder();
        for (StashUser stashUser : usersById) {
            builder.put(stashUser.getId(), stashUser);
        }
        return builder.build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Function<AoRestrictedRef, InternalRestrictedRef> createRestrictedRefTransformer(Repository repository) {
        final Function<AoRestrictedRef, InternalRestrictedBranch> createRestrictedBranchTransformer = createRestrictedBranchTransformer(repository);
        return new Function<AoRestrictedRef, InternalRestrictedRef>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.13
            public InternalRestrictedRef apply(AoRestrictedRef aoRestrictedRef) {
                switch (AnonymousClass18.$SwitchMap$com$atlassian$stash$hooks$permissions$RestrictedRef$Type[RestrictedRef.Type.valueOf(aoRestrictedRef.getType()).ordinal()]) {
                    case 1:
                        return (InternalRestrictedRef) createRestrictedBranchTransformer.apply(aoRestrictedRef);
                    case 2:
                        return (InternalRestrictedRef) BranchPermissionServiceImpl.RESTRICTED_PATTERN_TRANSFORMER.apply(aoRestrictedRef);
                    default:
                        throw new IllegalArgumentException();
                }
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Function<AoRestrictedRef, InternalRestrictedBranch> createRestrictedBranchTransformer(final Repository repository) {
        return new Function<AoRestrictedRef, InternalRestrictedBranch>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.14
            public InternalRestrictedBranch apply(AoRestrictedRef aoRestrictedRef) {
                Preconditions.checkArgument(aoRestrictedRef != null && RestrictedRef.Type.valueOf(aoRestrictedRef.getType()) == RestrictedRef.Type.BRANCH);
                Branch resolveBranch = BranchPermissionServiceImpl.this.resolveBranch(repository, aoRestrictedRef.getValue());
                return resolveBranch != null ? new InternalRestrictedBranch(aoRestrictedRef.getId().intValue(), resolveBranch) : new InternalRestrictedBranch(aoRestrictedRef.getId().intValue(), aoRestrictedRef.getValue());
            }
        };
    }

    Predicate<String> createRestrictedRefPredicate(final AoRestrictedRef aoRestrictedRef) {
        return new Predicate<String>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.15
            public boolean apply(String str) {
                String value = aoRestrictedRef.getValue();
                if (BranchPermissionServiceImpl.this.caseInsensitive) {
                    str = str.toLowerCase(Locale.US);
                    value = value.toLowerCase(Locale.US);
                }
                switch (AnonymousClass18.$SwitchMap$com$atlassian$stash$hooks$permissions$RestrictedRef$Type[RestrictedRef.Type.valueOf(aoRestrictedRef.getType()).ordinal()]) {
                    case 1:
                        return str.equals(value);
                    case 2:
                        if (!value.startsWith("**") && !value.startsWith("refs/")) {
                            value = "**/" + value;
                        }
                        if (value.endsWith("/") || value.endsWith("\\")) {
                            value = value + "**";
                        }
                        return BranchPermissionServiceImpl.this.pathMatcher.match(value, str);
                    default:
                        return false;
                }
            }
        };
    }

    @EventListener
    public void onRefsChangedEvent(final RepositoryRefsChangedEvent repositoryRefsChangedEvent) {
        this.securityService.withPermission(Permission.REPO_ADMIN, "Delete branch permission on push").call(new Operation<Object, RuntimeException>() { // from class: com.atlassian.stash.hooks.permissions.internal.BranchPermissionServiceImpl.17
            public Object perform() {
                for (RefChange refChange : repositoryRefsChangedEvent.getRefChanges()) {
                    if (refChange.getType() == RefChangeType.DELETE) {
                        BranchPermissionServiceImpl.this.removeRestrictedBranch(repositoryRefsChangedEvent.getRepository(), refChange.getRefId());
                    }
                }
                return null;
            }
        });
    }
}
