package com.atlassian.bamboo.upgrade.tasks.v10_0;

import com.atlassian.annotations.VisibleForTesting;
import com.atlassian.bamboo.persistence.BambooTransactionHibernateTemplate;
import com.atlassian.bamboo.plan.PlanDao;
import com.atlassian.bamboo.plan.TopLevelPlan;
import com.atlassian.bamboo.project.ProjectDao;
import com.atlassian.bamboo.repository.EncryptedRepositoryDefinitionAccessor;
import com.atlassian.bamboo.repository.RepositoryDefinitionDao;
import com.atlassian.bamboo.security.ImpersonationHelper;
import com.atlassian.bamboo.spring.ComponentAccessor;
import com.atlassian.bamboo.upgrade.AbstractUpgradeTask;
import com.atlassian.bamboo.upgrade.utils.DatabaseUpgradePaginator;
import com.atlassian.bamboo.vcs.configuration.service.RawRepositoryConfigurationXmlConverter;
import com.atlassian.plugins.whitelist.ImmutableWhitelistRuleBuilder;
import com.atlassian.plugins.whitelist.WhitelistService;
import com.atlassian.plugins.whitelist.WhitelistType;
import java.net.URI;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Supplier;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import javax.inject.Inject;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/bamboo/upgrade/tasks/v10_0/UpgradeTask100004AddAllowlistRecords.class */
public class UpgradeTask100004AddAllowlistRecords extends AbstractUpgradeTask {
    private static final Logger log = LogManager.getLogger(UpgradeTask100004AddAllowlistRecords.class);

    @VisibleForTesting
    static final String GIT_REPOSITORY_URL = "repository.git.repositoryUrl";

    @VisibleForTesting
    static final String GH_REPOSITORY_URL = "repository.github.baseUrl";
    static final String BBS_REPOSITORY_URL = "repository.stash.repositoryUrl";
    private static final String GH_BASE_URL = "https://github.com";
    private static final String BBC_BASE_URL = "https://bitbucket.org";
    private final Pattern IS_HTTP_PATTERN;
    private final Supplier<WhitelistService> whitelistService;

    @Inject
    private EncryptedRepositoryDefinitionAccessor encryptedRepositoryDefinitionAccessor;

    @Inject
    private RepositoryDefinitionDao repositoryDefinitionDao;

    @Inject
    private BambooTransactionHibernateTemplate bambooTransactionHibernateTemplate;

    @Inject
    private ProjectDao projectDao;

    @Inject
    private PlanDao planDao;

    @Inject
    private DatabaseUpgradePaginator upgradePaginator;

    @Inject
    private RawRepositoryConfigurationXmlConverter rawRepositoryConfigurationXmlConverter;

    protected UpgradeTask100004AddAllowlistRecords() {
        super("100004", "Add allowlist records for existing repositories");
        this.IS_HTTP_PATTERN = Pattern.compile("^https?.*");
        this.whitelistService = ComponentAccessor.newOsgiServiceProxy(WhitelistService.class);
    }

    public void doUpgrade() throws Exception {
        ImpersonationHelper.runWithSystemAuthority(this::performWhitelistInitialization);
    }

    private void performWhitelistInitialization() {
        log.info("Adding Bitbucket and Github repositories to whitelist");
        HashSet hashSet = new HashSet();
        log.info("Gathering URLs of linked repositories");
        this.bambooTransactionHibernateTemplate.doWork(connection -> {
            extractRepositoryBaseUrls(this.encryptedRepositoryDefinitionAccessor.getLinkedRepositories().stream().filter(vcsRepositoryData -> {
                return !vcsRepositoryData.isMarkedForDeletion();
            }).filter(vcsRepositoryData2 -> {
                return isGitBasedRepo(vcsRepositoryData2.getPluginKey());
            }).map(vcsRepositoryData3 -> {
                return vcsRepositoryData3.getVcsLocation().getConfiguration();
            }), hashSet);
        });
        log.info("Gathering URLs of project repositories");
        DatabaseUpgradePaginator databaseUpgradePaginator = this.upgradePaginator;
        ProjectDao projectDao = this.projectDao;
        Objects.requireNonNull(projectDao);
        databaseUpgradePaginator.forEach(projectDao::findAllProjectsIds, l -> {
            extractRepositoryBaseUrls(this.repositoryDefinitionDao.getProjectRepositoryDefinitions(l).stream().filter(repositoryDataEntity -> {
                return !repositoryDataEntity.isMarkedForDeletion();
            }).filter(repositoryDataEntity2 -> {
                return repositoryDataEntity2.getParent() == null;
            }).filter(repositoryDataEntity3 -> {
                return isGitBasedRepo(repositoryDataEntity3.getPluginKey());
            }).map(repositoryDataEntity4 -> {
                return this.rawRepositoryConfigurationXmlConverter.fromEntity(repositoryDataEntity4).getServerConfiguration();
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }), hashSet);
        });
        log.info("Gathering URLs of plan repositories");
        this.upgradePaginator.forEach((i, i2) -> {
            return this.planDao.findAllPlans(TopLevelPlan.class, i, i2);
        }, topLevelPlan -> {
            extractRepositoryBaseUrls(this.repositoryDefinitionDao.getPrivateRepositoryDefinitionsByPlan(topLevelPlan).stream().filter(repositoryDataEntity -> {
                return !repositoryDataEntity.isMarkedForDeletion();
            }).filter(repositoryDataEntity2 -> {
                return repositoryDataEntity2.getParent() == null;
            }).filter(repositoryDataEntity3 -> {
                return isGitBasedRepo(repositoryDataEntity3.getPluginKey());
            }).map(repositoryDataEntity4 -> {
                return this.rawRepositoryConfigurationXmlConverter.fromEntity(repositoryDataEntity4).getServerConfiguration();
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }), hashSet);
        });
        this.bambooTransactionHibernateTemplate.doWork(connection2 -> {
            hashSet.remove(BBC_BASE_URL);
            log.info("Found {} unique linked/project/plan repository URLs for whitelist", Integer.valueOf(hashSet.size()));
            whitelistRepositoryUrls(hashSet);
        });
    }

    private static void extractRepositoryBaseUrls(Stream<Map<String, String>> stream, Set<String> set) {
        Stream filter = stream.map(UpgradeTask100004AddAllowlistRecords::getGitBasedRepositoryUrl).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(UpgradeTask100004AddAllowlistRecords::parseFullUriToHost).filter((v0) -> {
            return Objects.nonNull(v0);
        });
        Objects.requireNonNull(set);
        filter.forEach((v1) -> {
            r1.add(v1);
        });
    }

    private void whitelistRepositoryUrls(Set<String> set) {
        for (String str : set) {
            if (isHttpUrl(str)) {
                addByDomainName(str, false);
            } else {
                addByRegularExpression(str, false);
            }
        }
    }

    private boolean isHttpUrl(String str) {
        return this.IS_HTTP_PATTERN.matcher(str).matches();
    }

    private static String getGitBasedRepositoryUrl(Map<String, String> map) {
        String str = (String) ObjectUtils.firstNonNull(new String[]{map.get(GIT_REPOSITORY_URL), map.get(GH_REPOSITORY_URL), map.get(BBS_REPOSITORY_URL)});
        if (StringUtils.isNotEmpty(str)) {
            if (str.contains("$")) {
                return null;
            }
            if (StringUtils.isNotEmpty(str) && (str.equals(GH_BASE_URL) || str.startsWith(BBC_BASE_URL))) {
                return null;
            }
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isGitBasedRepo(@NotNull String str) {
        return str.equals("com.atlassian.bamboo.plugins.atlassian-bamboo-plugin-git:gitv2") || str.equals("com.atlassian.bamboo.plugins.atlassian-bamboo-plugin-git:gh2") || str.equals("com.atlassian.bamboo.plugins.stash.atlassian-bamboo-plugin-stash:bbserver");
    }

    @Nullable
    private static String parseFullUriToHost(String str) {
        try {
            URI create = URI.create(str);
            return create.getScheme() + "://" + create.getHost() + (create.getPort() != -1 ? ":" + create.getPort() : "");
        } catch (Exception e) {
            log.info("Can't parse URL {}, error: {}", str, e.getMessage());
            return null;
        }
    }

    private void addByDomainName(String str, boolean z) {
        addUrl(str, WhitelistType.DOMAIN_NAME, z);
    }

    private void addByRegularExpression(String str, boolean z) {
        addUrl(str + "/.*", WhitelistType.REGULAR_EXPRESSION, z);
    }

    private void addUrl(String str, WhitelistType whitelistType, boolean z) {
        ImmutableWhitelistRuleBuilder immutableWhitelistRuleBuilder = new ImmutableWhitelistRuleBuilder();
        immutableWhitelistRuleBuilder.type(whitelistType);
        immutableWhitelistRuleBuilder.expression(str);
        immutableWhitelistRuleBuilder.allowInbound(z);
        getWhitelistService().add(immutableWhitelistRuleBuilder.build());
    }

    protected WhitelistService getWhitelistService() {
        return this.whitelistService.get();
    }
}
