package com.atlassian.stash.internal.license;

import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.i18n.KeyedMessage;
import com.atlassian.bitbucket.license.IncompatibleLicenseChangeException;
import com.atlassian.bitbucket.license.InvalidLicenseException;
import com.atlassian.bitbucket.license.LicenseLimitException;
import com.atlassian.bitbucket.license.LicenseService;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.server.ApplicationMode;
import com.atlassian.bitbucket.server.ApplicationPropertiesService;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.UserService;
import com.atlassian.bitbucket.user.UserType;
import com.atlassian.bitbucket.util.Page;
import com.atlassian.bitbucket.util.PageRequest;
import com.atlassian.bitbucket.util.PageRequestImpl;
import com.atlassian.cache.CacheFactory;
import com.atlassian.cache.CacheSettingsBuilder;
import com.atlassian.cache.CachedReference;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.extras.api.bitbucket.BitbucketServerLicense;
import com.atlassian.fugue.Option;
import com.atlassian.plugin.spring.AvailableToPlugins;
import com.atlassian.stash.internal.ApplicationConstants;
import com.atlassian.stash.internal.annotation.Unsecured;
import com.atlassian.stash.internal.server.InternalApplicationPropertiesService;
import com.atlassian.stash.internal.spring.SpringTransactionUtils;
import com.atlassian.stash.internal.user.InternalPermissionService;
import com.atlassian.stash.internal.user.PermissionServiceImpl;
import com.atlassian.stash.internal.user.StashUserAuthenticationToken;
import com.hazelcast.core.HazelcastInstance;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@Transactional(propagation = Propagation.SUPPORTS)
@AvailableToPlugins(LicenseService.class)
@Service("licenseService")
/* loaded from: input_file:com/atlassian/stash/internal/license/LicenseServiceImpl.class */
public class LicenseServiceImpl implements InternalLicenseService {
    private final HazelcastInstance hazelcast;
    private final I18nService i18nService;
    private final LicensedUserCountCache licensedUserCountCache;
    private final LicenseHelper licenseHelper;
    private final CachedReference<Option<DualLicense>> licenseReference;
    private final InternalPermissionService permissionService;
    private final ApplicationPropertiesService propertiesService;
    private final UserService userService;

    @Autowired
    public LicenseServiceImpl(LicenseHelper licenseHelper, @Lazy InternalPermissionService internalPermissionService, InternalApplicationPropertiesService internalApplicationPropertiesService, I18nService i18nService, LicensedUserCountCache licensedUserCountCache, UserService userService, CacheFactory cacheFactory, HazelcastInstance hazelcastInstance) {
        this.hazelcast = hazelcastInstance;
        this.i18nService = i18nService;
        this.licenseHelper = licenseHelper;
        this.permissionService = internalPermissionService;
        this.propertiesService = internalApplicationPropertiesService;
        this.licensedUserCountCache = licensedUserCountCache;
        this.userService = userService;
        this.licenseReference = cacheFactory.getCachedReference(LicenseService.class, "BitbucketServerLicense", this::loadLicense, new CacheSettingsBuilder().remote().build());
    }

    @Unsecured("everyone needs access to this method")
    public boolean isPresent() {
        return get() != null;
    }

    @Unsecured("everyone needs access to this method")
    public BitbucketServerLicense get() {
        return (BitbucketServerLicense) ((Option) this.licenseReference.get()).getOrNull();
    }

    @Unsecured("Access to the encrypted license is required by UPM")
    public String getAsString() {
        return (String) ((Option) this.licenseReference.get()).map((v0) -> {
            return v0.getEncodedLicense();
        }).getOrNull();
    }

    @Unsecured("everyone needs access to this method")
    public int getLicensedUsersCount() {
        return this.licensedUserCountCache.getCount();
    }

    @Unsecured("everyone needs access to this method")
    public boolean canLogin(Principal principal) {
        if (principal instanceof StashUserAuthenticationToken) {
            principal = ((StashUserAuthenticationToken) principal).getPrincipal();
        }
        if (!(principal instanceof ApplicationUser)) {
            return false;
        }
        ApplicationUser applicationUser = (ApplicationUser) principal;
        return applicationUser.getType() == UserType.SERVICE || (applicationUser.isActive() && isUserLicensed(applicationUser));
    }

    @Transactional(readOnly = true)
    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public void validateCanLicenseUser(ApplicationUser applicationUser, Permission permission) throws LicenseLimitException {
        BitbucketServerLicense bitbucketServerLicense;
        int maximumNumberOfUsers;
        if (Permission.LICENSED_USER.getInheritingPermissions().contains(permission) && (bitbucketServerLicense = get()) != null && !bitbucketServerLicense.isUnlimitedNumberOfUsers() && !isUserLicensed(applicationUser) && this.permissionService.getUsersWithPermission(Permission.LICENSED_USER).size() >= (maximumNumberOfUsers = bitbucketServerLicense.getMaximumNumberOfUsers())) {
            throw new LicenseLimitException(this.i18nService.createKeyedMessage("bitbucket.service.license.userlimit", new Object[]{applicationUser.getDisplayName(), Integer.valueOf(maximumNumberOfUsers)}));
        }
    }

    @Transactional(readOnly = true)
    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public void validateCanLicenseGroup(String str, Permission permission) throws LicenseLimitException {
        BitbucketServerLicense bitbucketServerLicense;
        if (!Permission.LICENSED_USER.getInheritingPermissions().contains(permission) || (bitbucketServerLicense = get()) == null || bitbucketServerLicense.isUnlimitedNumberOfUsers() || this.permissionService.hasGlobalGroupPermission(Permission.LICENSED_USER, str)) {
            return;
        }
        int maximumNumberOfUsers = bitbucketServerLicense.getMaximumNumberOfUsers();
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.permissionService.getUsersWithPermission(Permission.LICENSED_USER));
        PageRequest pageRequestImpl = new PageRequestImpl(0, PermissionServiceImpl.GROUP_PAGESIZE);
        do {
            Page findUsersByGroup = this.userService.findUsersByGroup(str, pageRequestImpl);
            Iterator it = findUsersByGroup.getValues().iterator();
            while (it.hasNext()) {
                hashSet.add(IdentifierUtils.toLowerCase(((ApplicationUser) it.next()).getName()));
                if (hashSet.size() > maximumNumberOfUsers) {
                    throw new LicenseLimitException(this.i18nService.createKeyedMessage("bitbucket.service.license.grouplimit", new Object[]{str, Integer.valueOf(maximumNumberOfUsers)}));
                }
            }
            pageRequestImpl = findUsersByGroup.getNextPageRequest();
        } while (pageRequestImpl != null);
    }

    @Transactional(readOnly = true)
    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public void validateCanAddUserToGroup(String str, String str2) {
        ApplicationUser userByName;
        if (this.permissionService.hasGlobalGroupPermission(Permission.LICENSED_USER, str2) && (userByName = this.userService.getUserByName(str, true)) != null) {
            validateCanLicenseUser(userByName, Permission.LICENSED_USER);
        }
    }

    @Unsecured("everyone needs access to this method")
    public KeyedMessage getValidityMessage() {
        return getLicenseValidityMessage(get());
    }

    @Unsecured("everyone needs access to this method")
    public KeyedMessage getOverLimitMessage() {
        BitbucketServerLicense bitbucketServerLicense = get();
        if (bitbucketServerLicense == null || bitbucketServerLicense.isUnlimitedNumberOfUsers()) {
            return null;
        }
        if (getLicensedUsersCount() > bitbucketServerLicense.getMaximumNumberOfUsers()) {
            return this.i18nService.createKeyedMessage("bitbucket.license.over.limit", new Object[0]);
        }
        return null;
    }

    @Unsecured("everyone needs access to this method")
    public KeyedMessage getStatus() {
        KeyedMessage validityMessage = getValidityMessage();
        if (validityMessage == null) {
            validityMessage = getOverLimitMessage();
        }
        return validityMessage;
    }

    @Nonnull
    @Transactional(propagation = Propagation.REQUIRES_NEW)
    @PreAuthorize("hasGlobalPermission('SYS_ADMIN')")
    public BitbucketServerLicense set(@Nonnull String str) {
        return set(str, true);
    }

    @Nonnull
    @Transactional(propagation = Propagation.REQUIRES_NEW)
    @PreAuthorize("hasGlobalPermission('SYS_ADMIN')")
    public BitbucketServerLicense setUnvalidated(@Nonnull String str) {
        return set(str, false);
    }

    private BitbucketServerLicense decodeLicense(String str) throws InvalidLicenseException {
        try {
            DualLicense decode = this.licenseHelper.decode(str);
            if (decode == null) {
                throw new InvalidLicenseException(this.i18nService.createKeyedMessage("bitbucket.license.not.included", new Object[]{ApplicationConstants.PRODUCT_NAME}));
            }
            return decode;
        } catch (IllegalArgumentException e) {
            throw new InvalidLicenseException(this.i18nService.createKeyedMessage("bitbucket.license.invalid", new Object[0]));
        }
    }

    private KeyedMessage getLicenseValidityMessage(BitbucketServerLicense bitbucketServerLicense) {
        if (bitbucketServerLicense == null) {
            return this.i18nService.createKeyedMessage("bitbucket.license.no.license", new Object[0]);
        }
        if (this.propertiesService.getMode() == ApplicationMode.MIRROR) {
            return null;
        }
        if (bitbucketServerLicense.isExpired()) {
            return bitbucketServerLicense.isEvaluation() ? this.i18nService.createKeyedMessage("bitbucket.license.evaluation.expired", new Object[0]) : this.i18nService.createKeyedMessage("bitbucket.license.expired", new Object[0]);
        }
        if (bitbucketServerLicense.getMaintenanceExpiryDate() == null || this.propertiesService.getBuildTimestamp() == null || !this.propertiesService.getBuildTimestamp().after(bitbucketServerLicense.getMaintenanceExpiryDate())) {
            return null;
        }
        return this.i18nService.createKeyedMessage("bitbucket.license.unsupported.upgrade", new Object[]{ApplicationConstants.PRODUCT_NAME});
    }

    private boolean isUserLicensed(ApplicationUser applicationUser) {
        return this.permissionService.hasGlobalPermission(applicationUser, Permission.LICENSED_USER);
    }

    private Option<DualLicense> loadLicense() {
        return Option.option(this.licenseHelper.getDecoded());
    }

    private BitbucketServerLicense set(@Nonnull String str, boolean z) {
        KeyedMessage licenseValidityMessage;
        if (StringUtils.isEmpty(str)) {
            throw new InvalidLicenseException(this.i18nService.createKeyedMessage("bitbucket.license.empty", new Object[0]));
        }
        BitbucketServerLicense decodeLicense = decodeLicense(str);
        if (z && (licenseValidityMessage = getLicenseValidityMessage(decodeLicense)) != null) {
            throw new InvalidLicenseException(licenseValidityMessage);
        }
        if (!decodeLicense.isClusteringEnabled() && this.hazelcast.getCluster().getMembers().size() > 1) {
            throw new IncompatibleLicenseChangeException(this.i18nService.createKeyedMessage("bitbucket.license.not.clustered", new Object[0]));
        }
        this.licenseHelper.set(str);
        CachedReference<Option<DualLicense>> cachedReference = this.licenseReference;
        cachedReference.getClass();
        SpringTransactionUtils.invokeAfterCommit(cachedReference::reset);
        return decodeLicense;
    }
}
