package com.atlassian.jira.plugins.dvcs.rest.external.v1;

import com.atlassian.fusion.aci.api.model.LifeCyclePayload;
import com.atlassian.fusion.aci.api.service.ACIJwtService;
import com.atlassian.jira.plugins.dvcs.exception.SourceControlException;
import com.atlassian.jira.plugins.dvcs.model.Organization;
import com.atlassian.jira.plugins.dvcs.model.Repository;
import com.atlassian.jira.plugins.dvcs.model.RepositoryList;
import com.atlassian.jira.plugins.dvcs.rest.ResourceHelper;
import com.atlassian.jira.plugins.dvcs.rest.security.AdminOnly;
import com.atlassian.jira.plugins.dvcs.service.OrganizationService;
import com.atlassian.jira.plugins.dvcs.service.RepositoryService;
import com.atlassian.jira.plugins.dvcs.service.optional.aci.ACIJwtServiceAccessor;
import com.atlassian.jira.plugins.dvcs.spi.bitbucket.clientlibrary.model.BitbucketConstants;
import com.atlassian.jira.plugins.dvcs.sync.SynchronizationFlag;
import com.atlassian.jira.plugins.dvcs.util.ExceptionLogger;
import com.atlassian.jira.util.json.JSONException;
import com.atlassian.jira.util.json.JSONObject;
import com.atlassian.plugins.rest.common.security.AnonymousAllowed;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import java.net.URL;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.egit.github.core.client.IGitHubConstants;
import org.scribe.model.Request;
import org.slf4j.Logger;

@Path("/repository")
@Consumes({IGitHubConstants.CONTENT_TYPE_JSON})
/* loaded from: input_file:com/atlassian/jira/plugins/dvcs/rest/external/v1/RepositoryResource.class */
public class RepositoryResource {
    private static final Logger log = ExceptionLogger.getLogger(RepositoryResource.class);
    private static final Map<String, SynchronizationFlag> WEBHOOK_EVENT_MAP = ImmutableMap.of("repo:push", SynchronizationFlag.SYNC_CHANGESETS, "pullrequest:created", SynchronizationFlag.SYNC_PULL_REQUESTS);
    private final OrganizationService organizationService;
    private final RepositoryService repositoryService;
    private final ACIJwtServiceAccessor jwtServiceAccessor;

    public RepositoryResource(@Nonnull ACIJwtServiceAccessor aCIJwtServiceAccessor, @Nonnull OrganizationService organizationService, @Nonnull RepositoryService repositoryService) {
        this.organizationService = (OrganizationService) Preconditions.checkNotNull(organizationService);
        this.repositoryService = (RepositoryService) Preconditions.checkNotNull(repositoryService);
        this.jwtServiceAccessor = (ACIJwtServiceAccessor) Preconditions.checkNotNull(aCIJwtServiceAccessor);
    }

    @GET
    @Path("/")
    @AdminOnly
    @Produces({IGitHubConstants.CONTENT_TYPE_JSON, "application/xml"})
    public Response getAllRepositories() {
        return Response.ok(new RepositoryList(this.repositoryService.getAllRepositories())).build();
    }

    @GET
    @Path("/{id}")
    @AdminOnly
    @Produces({IGitHubConstants.CONTENT_TYPE_JSON})
    public Response getRepository(@PathParam("id") int i) {
        Repository repository = this.repositoryService.get(i);
        return repository != null ? Response.ok(repository).build() : Response.noContent().build();
    }

    @GET
    @Path("/find")
    @AdminOnly
    @Produces({IGitHubConstants.CONTENT_TYPE_JSON})
    public Response getRepositoriesByOrganization(@QueryParam("orgId") int i) {
        return Response.ok(this.repositoryService.getAllByOrganization(i)).build();
    }

    @Path("/disable")
    @AdminOnly
    @POST
    @Produces({"text/plain"})
    public Response disableAllRepositories() {
        return Response.ok(String.valueOf(this.repositoryService.disableAllRepositories())).build();
    }

    @Path("/{id}/disable")
    @AdminOnly
    @POST
    @Produces({IGitHubConstants.CONTENT_TYPE_JSON})
    public Response disableRepository(@PathParam("id") Integer num) {
        if (num == null) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        this.repositoryService.enableRepository(num.intValue(), false);
        return Response.noContent().build();
    }

    @Path("/{id}/enable")
    @AdminOnly
    @POST
    @Produces({IGitHubConstants.CONTENT_TYPE_JSON})
    public Response enableRepository(@PathParam("id") Integer num) {
        this.repositoryService.enableRepository(num.intValue(), true);
        return Response.noContent().build();
    }

    @Path("/{id}/fullSyncPullRequests")
    @AdminOnly
    @POST
    @Produces({IGitHubConstants.CONTENT_TYPE_JSON, "application/xml"})
    public Response startRepositoryPullRequestsSynchronization(@PathParam("id") int i, @Context UriInfo uriInfo) {
        log.debug("Rest request to pull request fullsync repository [{}] ", Integer.valueOf(i));
        try {
            this.repositoryService.sync(i, EnumSet.of(SynchronizationFlag.SYNC_PULL_REQUESTS));
            return Response.seeOther(uriInfo.getBaseUriBuilder().path("/repository/{id}").build(new Object[]{Integer.valueOf(i)})).build();
        } catch (SourceControlException.SynchronizationDisabled e) {
            return ResourceHelper.buildErrorResponse(Response.Status.SERVICE_UNAVAILABLE, e.getMessage());
        }
    }

    @Path("/{id}/fullSyncChangesets")
    @AdminOnly
    @POST
    @Produces({IGitHubConstants.CONTENT_TYPE_JSON, "application/xml"})
    public Response startRepositoryChangesetsSynchronization(@PathParam("id") int i, @Context UriInfo uriInfo) {
        log.debug("Rest request to changesets fullsync repository [{}] ", Integer.valueOf(i));
        try {
            this.repositoryService.sync(i, EnumSet.of(SynchronizationFlag.SYNC_CHANGESETS));
            return Response.seeOther(uriInfo.getBaseUriBuilder().path("/repository/{id}").build(new Object[]{Integer.valueOf(i)})).build();
        } catch (SourceControlException.SynchronizationDisabled e) {
            return ResourceHelper.buildErrorResponse(Response.Status.SERVICE_UNAVAILABLE, e.getMessage());
        }
    }

    @Path("/{id}/fullsync")
    @AdminOnly
    @POST
    @Produces({IGitHubConstants.CONTENT_TYPE_JSON, "application/xml"})
    public Response startRepositoryFullSync(@PathParam("id") int i, @Context UriInfo uriInfo) {
        log.debug("Rest request to fullsync repository [{}] ", Integer.valueOf(i));
        try {
            this.repositoryService.sync(i, EnumSet.of(SynchronizationFlag.SYNC_CHANGESETS, SynchronizationFlag.SYNC_PULL_REQUESTS));
            return Response.seeOther(uriInfo.getBaseUriBuilder().path("/repository/{id}").build(new Object[]{Integer.valueOf(i)})).build();
        } catch (SourceControlException.SynchronizationDisabled e) {
            return ResourceHelper.buildErrorResponse(Response.Status.SERVICE_UNAVAILABLE, e.getMessage());
        }
    }

    @Path("/{id}/softsync")
    @AdminOnly
    @POST
    @Produces({IGitHubConstants.CONTENT_TYPE_JSON, "application/xml"})
    public Response startRepositorySoftSync(@PathParam("id") int i, @Context UriInfo uriInfo) {
        log.debug("Rest request to softsync repository [{}] ", Integer.valueOf(i));
        try {
            this.repositoryService.sync(i, EnumSet.of(SynchronizationFlag.SOFT_SYNC, SynchronizationFlag.SYNC_CHANGESETS, SynchronizationFlag.SYNC_PULL_REQUESTS));
            return Response.seeOther(uriInfo.getBaseUriBuilder().path("/repository/{id}").build(new Object[]{Integer.valueOf(i)})).build();
        } catch (SourceControlException.SynchronizationDisabled e) {
            return ResourceHelper.buildErrorResponse(Response.Status.SERVICE_UNAVAILABLE, e.getMessage());
        }
    }

    @Path("/{id}/sync")
    @AnonymousAllowed
    @POST
    @Produces({IGitHubConstants.CONTENT_TYPE_JSON, "application/xml"})
    public Response startRepositoryPRSync(@PathParam("id") int i, String str) {
        log.info("Pull Request Postcommit hook started synchronization for repository [{}].", Integer.valueOf(i));
        String str2 = null;
        try {
            Iterator keys = new JSONObject(str).keys();
            if (keys.hasNext()) {
                str2 = (String) keys.next();
            }
        } catch (JSONException e) {
            log.info("Could not parse json request.", e);
        }
        log.debug("Rest request to soft sync pull requests for repository [{}] with type [{}]", Integer.valueOf(i), str2);
        try {
            this.repositoryService.sync(i, EnumSet.of(SynchronizationFlag.SOFT_SYNC, SynchronizationFlag.SYNC_PULL_REQUESTS, SynchronizationFlag.WEBHOOK_SYNC));
            return Response.ok().build();
        } catch (SourceControlException.SynchronizationDisabled e2) {
            return ResourceHelper.buildErrorResponse(Response.Status.SERVICE_UNAVAILABLE, e2.getMessage());
        }
    }

    @Path("/{id}/sync")
    @Consumes({Request.DEFAULT_CONTENT_TYPE})
    @AnonymousAllowed
    @POST
    @Produces({IGitHubConstants.CONTENT_TYPE_JSON, "application/xml"})
    public Response startRepositorySync(@PathParam("id") int i, @FormParam("payload") String str) {
        log.info("Postcommit hook started synchronization for repository [{}].", Integer.valueOf(i));
        log.debug("Rest request to soft sync repository [{}] with payload [{}]", Integer.valueOf(i), str);
        try {
            this.repositoryService.sync(i, EnumSet.of(SynchronizationFlag.SOFT_SYNC, SynchronizationFlag.SYNC_CHANGESETS, SynchronizationFlag.WEBHOOK_SYNC));
            return Response.ok().build();
        } catch (SourceControlException.SynchronizationDisabled e) {
            return ResourceHelper.buildErrorResponse(Response.Status.SERVICE_UNAVAILABLE, e.getMessage());
        }
    }

    @AnonymousAllowed
    @POST
    @Path("/webhook")
    public void receiveWebhook(String str, @Context HttpServletRequest httpServletRequest) {
        log.trace("Received webhook payload: {}", str);
        log.debug("Received webhook. Processing...");
        try {
            JSONObject jSONObject = new JSONObject(str);
            String string = jSONObject.getString("event");
            if (!WEBHOOK_EVENT_MAP.containsKey(string)) {
                log.debug("Webhook event '{}' is unsupported. Ignoring webhook.", string);
                return;
            }
            JSONObject jSONObject2 = jSONObject.getJSONObject("data").getJSONObject("repository");
            String string2 = jSONObject2.getString(org.eclipse.egit.github.core.service.RepositoryService.FIELD_NAME);
            String string3 = jSONObject2.getJSONObject("owner").getString(LifeCyclePayload.UUID);
            log.debug("Webhook has event '{}' for repo '{}' owned by '{}'.", new Object[]{string, string2, string3});
            if (!verifyJwtHeader(string3, httpServletRequest)) {
                log.debug("Webhook failed JWT authentication. Ignoring webhook.");
                return;
            }
            Organization byPrincipalId = this.organizationService.getByPrincipalId(string3);
            if (byPrincipalId == null) {
                log.debug("No organization found for principal UUID '{}'. Ignoring webhook.", string3);
                return;
            }
            Repository byNameForOrganization = this.repositoryService.getByNameForOrganization(byPrincipalId.getId(), string2);
            if (byNameForOrganization == null) {
                log.debug("No repository found with name '{}' for organization '{}'. Ignoring webhook.", string2, byPrincipalId.getName());
            } else if (!byNameForOrganization.isLinked()) {
                log.debug("Repository '{}' is not linked. Ignoring webhook.", string2);
            } else {
                log.info("Valid webhook received for '{}'. Triggering sync.", jSONObject2.getString("full_name"));
                this.repositoryService.sync(byNameForOrganization.getId(), EnumSet.of(SynchronizationFlag.SOFT_SYNC, SynchronizationFlag.WEBHOOK_SYNC, WEBHOOK_EVENT_MAP.get(string)));
            }
        } catch (Exception e) {
            log.debug("Exception occurred while processing webhook.", e);
        } catch (JSONException e2) {
            log.debug("Received a malformed JSON payload. Ignoring webhook.", e2);
        }
    }

    private boolean verifyJwtHeader(String str, HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        Optional<ACIJwtService> optional = this.jwtServiceAccessor.get();
        if (!optional.isPresent()) {
            log.trace("JWT service is not available. Failing verification.");
            return false;
        }
        if (StringUtils.isEmpty(header) || !header.startsWith(ACIJwtService.JWT_HEADER)) {
            log.trace("Authentication header is not a JWT token. Failing verification");
            return false;
        }
        log.trace("Verifying '{}' with header '{}'.", httpServletRequest.getRequestURL(), header);
        try {
            return optional.get().verifyJwtToken(BitbucketConstants.BITBUCKET_CONNECTOR_APPLICATION_ID, str, httpServletRequest.getMethod(), new URL(httpServletRequest.getRequestURL().toString()), header.replace(ACIJwtService.JWT_HEADER, "").trim()) != null;
        } catch (Exception e) {
            log.trace("Exception while verifying JWT. Failing verification.", e);
            return false;
        }
    }
}
