package com.google.gerrit.gpg.server;

import com.google.common.base.Joiner;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.flogger.FluentLogger;
import com.google.common.io.BaseEncoding;
import com.google.gerrit.exceptions.EmailException;
import com.google.gerrit.extensions.api.accounts.GpgKeysInput;
import com.google.gerrit.extensions.common.GpgKeyInfo;
import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.gpg.CheckResult;
import com.google.gerrit.gpg.Fingerprint;
import com.google.gerrit.gpg.GerritPublicKeyChecker;
import com.google.gerrit.gpg.PublicKeyStore;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.GerritPersonIdent;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.UserInitiated;
import com.google.gerrit.server.account.AccountResource;
import com.google.gerrit.server.account.AccountState;
import com.google.gerrit.server.account.AccountsUpdate;
import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.gerrit.server.account.externalids.ExternalIds;
import com.google.gerrit.server.mail.send.AddKeySender;
import com.google.gerrit.server.query.account.InternalAccountQuery;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.bcpg.ArmoredInputStream;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPRuntimeOperationException;
import org.bouncycastle.openpgp.bc.BcPGPObjectFactory;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.lib.CommitBuilder;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.lib.RefUpdate;

@Singleton
/* loaded from: input_file:com/google/gerrit/gpg/server/PostGpgKeys.class */
public class PostGpgKeys implements RestModifyView<AccountResource, GpgKeysInput> {
    private static final FluentLogger logger = FluentLogger.forEnclosingClass();
    private final Provider<PersonIdent> serverIdent;
    private final Provider<CurrentUser> self;
    private final Provider<PublicKeyStore> storeProvider;
    private final GerritPublicKeyChecker.Factory checkerFactory;
    private final AddKeySender.Factory addKeyFactory;
    private final Provider<InternalAccountQuery> accountQueryProvider;
    private final ExternalIds externalIds;
    private final Provider<AccountsUpdate> accountsUpdateProvider;

    @Inject
    PostGpgKeys(@GerritPersonIdent Provider<PersonIdent> provider, Provider<CurrentUser> provider2, Provider<PublicKeyStore> provider3, GerritPublicKeyChecker.Factory factory, AddKeySender.Factory factory2, Provider<InternalAccountQuery> provider4, ExternalIds externalIds, @UserInitiated Provider<AccountsUpdate> provider5) {
        this.serverIdent = provider;
        this.self = provider2;
        this.storeProvider = provider3;
        this.checkerFactory = factory;
        this.addKeyFactory = factory2;
        this.accountQueryProvider = provider4;
        this.externalIds = externalIds;
        this.accountsUpdateProvider = provider5;
    }

    @Override // com.google.gerrit.extensions.restapi.RestModifyView
    public Map<String, GpgKeyInfo> apply(AccountResource accountResource, GpgKeysInput gpgKeysInput) throws ResourceNotFoundException, BadRequestException, ResourceConflictException, PGPException, IOException, ConfigInvalidException {
        GpgKeys.checkVisible(this.self, accountResource);
        Set<ExternalId> byAccount = this.externalIds.byAccount(accountResource.getUser().getAccountId(), ExternalId.SCHEME_GPGKEY);
        PublicKeyStore publicKeyStore = this.storeProvider.get();
        try {
            Map<ExternalId, Fingerprint> readKeysToRemove = readKeysToRemove(gpgKeysInput, byAccount);
            Collection<Fingerprint> values = readKeysToRemove.values();
            List<PGPPublicKeyRing> readKeysToAdd = readKeysToAdd(gpgKeysInput, values);
            ArrayList arrayList = new ArrayList(byAccount.size());
            Iterator<PGPPublicKeyRing> it = readKeysToAdd.iterator();
            while (it.hasNext()) {
                ExternalId.Key extIdKey = toExtIdKey(it.next().getPublicKey().getFingerprint());
                Account accountByExternalId = getAccountByExternalId(extIdKey);
                if (accountByExternalId == null) {
                    arrayList.add(ExternalId.create(extIdKey, accountResource.getUser().getAccountId()));
                } else if (!accountByExternalId.getId().equals(accountResource.getUser().getAccountId())) {
                    throw new ResourceConflictException("GPG key already associated with another account");
                }
            }
            storeKeys(accountResource, readKeysToAdd, values);
            this.accountsUpdateProvider.get().update("Update GPG Keys via API", accountResource.getUser().getAccountId(), builder -> {
                builder.replaceExternalIds(readKeysToRemove.keySet(), arrayList);
            });
            Map<String, GpgKeyInfo> json = toJson(readKeysToAdd, values, publicKeyStore, accountResource.getUser());
            if (publicKeyStore != null) {
                $closeResource(null, publicKeyStore);
            }
            return json;
        } catch (Throwable th) {
            if (publicKeyStore != null) {
                $closeResource(null, publicKeyStore);
            }
            throw th;
        }
    }

    private Map<ExternalId, Fingerprint> readKeysToRemove(GpgKeysInput gpgKeysInput, Collection<ExternalId> collection) {
        if (gpgKeysInput.delete == null || gpgKeysInput.delete.isEmpty()) {
            return ImmutableMap.of();
        }
        HashMap newHashMapWithExpectedSize = Maps.newHashMapWithExpectedSize(gpgKeysInput.delete.size());
        Iterator<String> it = gpgKeysInput.delete.iterator();
        while (it.hasNext()) {
            try {
                ExternalId findGpgKey = GpgKeys.findGpgKey(it.next(), collection);
                newHashMapWithExpectedSize.put(findGpgKey, new Fingerprint(GpgKeys.parseFingerprint(findGpgKey)));
            } catch (ResourceNotFoundException e) {
            }
        }
        return newHashMapWithExpectedSize;
    }

    /* JADX WARN: Finally extract failed */
    private List<PGPPublicKeyRing> readKeysToAdd(GpgKeysInput gpgKeysInput, Collection<Fingerprint> collection) throws BadRequestException, IOException {
        if (gpgKeysInput.add == null || gpgKeysInput.add.isEmpty()) {
            return ImmutableList.of();
        }
        ArrayList arrayList = new ArrayList(gpgKeysInput.add.size());
        Iterator<String> it = gpgKeysInput.add.iterator();
        while (it.hasNext()) {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(it.next().getBytes(StandardCharsets.UTF_8));
                try {
                    ArmoredInputStream armoredInputStream = new ArmoredInputStream(byteArrayInputStream);
                    try {
                        ArrayList newArrayList = Lists.newArrayList((Iterable) new BcPGPObjectFactory(armoredInputStream));
                        if (newArrayList.size() != 1 || !(newArrayList.get(0) instanceof PGPPublicKeyRing)) {
                            throw new BadRequestException("Expected exactly one PUBLIC KEY BLOCK");
                        }
                        PGPPublicKeyRing pGPPublicKeyRing = (PGPPublicKeyRing) newArrayList.get(0);
                        if (collection.contains(new Fingerprint(pGPPublicKeyRing.getPublicKey().getFingerprint()))) {
                            throw new BadRequestException("Cannot both add and delete key: " + PublicKeyStore.keyToString(pGPPublicKeyRing.getPublicKey()));
                        }
                        arrayList.add(pGPPublicKeyRing);
                        $closeResource(null, armoredInputStream);
                        $closeResource(null, byteArrayInputStream);
                    } catch (Throwable th) {
                        $closeResource(null, armoredInputStream);
                        throw th;
                    }
                } catch (Throwable th2) {
                    $closeResource(null, byteArrayInputStream);
                    throw th2;
                }
            } catch (PGPRuntimeOperationException e) {
                throw new BadRequestException("Failed to parse GPG keys", e);
            }
        }
        return arrayList;
    }

    private void storeKeys(AccountResource accountResource, List<PGPPublicKeyRing> list, Collection<Fingerprint> collection) throws BadRequestException, ResourceConflictException, PGPException, IOException {
        PublicKeyStore publicKeyStore = this.storeProvider.get();
        try {
            ArrayList arrayList = new ArrayList();
            for (PGPPublicKeyRing pGPPublicKeyRing : list) {
                PGPPublicKey publicKey = pGPPublicKeyRing.getPublicKey();
                CheckResult check = this.checkerFactory.create(accountResource.getUser(), publicKeyStore).disableTrust().check(publicKey);
                if (!check.isOk()) {
                    throw new BadRequestException(String.format("Problems with public key %s:\n%s", PublicKeyStore.keyToString(publicKey), Joiner.on('\n').join(check.getProblems())));
                }
                arrayList.add(PublicKeyStore.keyToString(publicKey));
                publicKeyStore.add(pGPPublicKeyRing);
            }
            Iterator<Fingerprint> it = collection.iterator();
            while (it.hasNext()) {
                publicKeyStore.remove(it.next().get());
            }
            CommitBuilder commitBuilder = new CommitBuilder();
            PersonIdent personIdent = this.serverIdent.get();
            commitBuilder.setAuthor(accountResource.getUser().newCommitterIdent(personIdent.getWhen(), personIdent.getTimeZone()));
            commitBuilder.setCommitter(personIdent);
            RefUpdate.Result save = publicKeyStore.save(commitBuilder);
            switch (save) {
                case NEW:
                case FAST_FORWARD:
                case FORCED:
                    try {
                        this.addKeyFactory.create(accountResource.getUser(), arrayList).send();
                        break;
                    } catch (EmailException e) {
                        logger.atSevere().withCause(e).log("Cannot send GPG key added message to %s", accountResource.getUser().getAccount().getPreferredEmail());
                        break;
                    }
                case NO_CHANGE:
                    break;
                case IO_FAILURE:
                case LOCK_FAILURE:
                case NOT_ATTEMPTED:
                case REJECTED:
                case REJECTED_CURRENT_BRANCH:
                case RENAMED:
                case REJECTED_MISSING_OBJECT:
                case REJECTED_OTHER_REASON:
                default:
                    throw new ResourceConflictException("Failed to save public keys: " + save);
            }
        } finally {
            if (publicKeyStore != null) {
                $closeResource(null, publicKeyStore);
            }
        }
    }

    private ExternalId.Key toExtIdKey(byte[] bArr) {
        return ExternalId.Key.create(ExternalId.SCHEME_GPGKEY, BaseEncoding.base16().encode(bArr));
    }

    private Account getAccountByExternalId(ExternalId.Key key) {
        List<AccountState> byExternalId = this.accountQueryProvider.get().byExternalId(key);
        if (byExternalId.isEmpty()) {
            return null;
        }
        if (byExternalId.size() <= 1) {
            return byExternalId.get(0).getAccount();
        }
        StringBuilder sb = new StringBuilder();
        sb.append("GPG key ").append(key.get()).append(" associated with multiple accounts: ").append(Lists.transform(byExternalId, AccountState.ACCOUNT_ID_FUNCTION));
        throw new IllegalStateException(sb.toString());
    }

    private Map<String, GpgKeyInfo> toJson(Collection<PGPPublicKeyRing> collection, Collection<Fingerprint> collection2, PublicKeyStore publicKeyStore, IdentifiedUser identifiedUser) throws IOException {
        GerritPublicKeyChecker create = this.checkerFactory.create(identifiedUser, publicKeyStore);
        HashMap newHashMapWithExpectedSize = Maps.newHashMapWithExpectedSize(collection.size() + collection2.size());
        Iterator<PGPPublicKeyRing> it = collection.iterator();
        while (it.hasNext()) {
            PGPPublicKey publicKey = it.next().getPublicKey();
            GpgKeyInfo json = GpgKeys.toJson(publicKey, create.check(publicKey));
            newHashMapWithExpectedSize.put(json.id, json);
            json.id = null;
        }
        Iterator<Fingerprint> it2 = collection2.iterator();
        while (it2.hasNext()) {
            newHashMapWithExpectedSize.put(PublicKeyStore.keyIdToString(it2.next().getId()), new GpgKeyInfo());
        }
        return newHashMapWithExpectedSize;
    }

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }
}
