package com.google.gerrit.server.git.validators;

import com.google.common.collect.ImmutableList;
import com.google.common.flogger.FluentLogger;
import com.google.gerrit.entities.Account;
import com.google.gerrit.entities.Project;
import com.google.gerrit.entities.RefNames;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllUsersName;
import com.google.gerrit.server.events.RefReceivedEvent;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.plugincontext.PluginSetContext;
import com.google.gerrit.server.validators.ValidationException;
import com.google.inject.Inject;
import com.google.inject.assistedinject.Assisted;
import java.util.ArrayList;
import java.util.List;
import org.eclipse.jgit.lib.RefUpdate;
import org.eclipse.jgit.transport.ReceiveCommand;

/* loaded from: input_file:com/google/gerrit/server/git/validators/RefOperationValidators.class */
public class RefOperationValidators {
    private static final FluentLogger logger = FluentLogger.forEnclosingClass();
    private final PermissionBackend.WithUser perm;
    private final AllUsersName allUsersName;
    private final PluginSetContext<RefOperationValidationListener> refOperationValidationListeners;
    private final RefReceivedEvent event = new RefReceivedEvent();

    /* loaded from: input_file:com/google/gerrit/server/git/validators/RefOperationValidators$DisallowCreationAndDeletionOfGerritMaintainedBranches.class */
    private static class DisallowCreationAndDeletionOfGerritMaintainedBranches implements RefOperationValidationListener {
        private final PermissionBackend.WithUser perm;
        private final AllUsersName allUsersName;

        DisallowCreationAndDeletionOfGerritMaintainedBranches(PermissionBackend.WithUser withUser, AllUsersName allUsersName) {
            this.perm = withUser;
            this.allUsersName = allUsersName;
        }

        @Override // com.google.gerrit.server.git.validators.RefOperationValidationListener
        public List<ValidationMessage> onRefOperation(RefReceivedEvent refReceivedEvent) throws ValidationException {
            if (refReceivedEvent.project.getNameKey().equals(this.allUsersName)) {
                if (refReceivedEvent.command.getRefName().startsWith(RefNames.REFS_USERS) && !refReceivedEvent.command.getRefName().equals(RefNames.REFS_USERS_DEFAULT)) {
                    if (refReceivedEvent.command.getType().equals(ReceiveCommand.Type.CREATE)) {
                        try {
                            this.perm.check(GlobalPermission.ACCESS_DATABASE);
                            if (Account.Id.fromRef(refReceivedEvent.command.getRefName()) == null) {
                                throw new ValidationException(String.format("Not allowed to create non-user branch under %s.", RefNames.REFS_USERS));
                            }
                        } catch (AuthException | PermissionBackendException e) {
                            throw new ValidationException("Not allowed to create user branch.");
                        }
                    } else if (refReceivedEvent.command.getType().equals(ReceiveCommand.Type.DELETE)) {
                        try {
                            this.perm.check(GlobalPermission.ACCESS_DATABASE);
                        } catch (AuthException | PermissionBackendException e2) {
                            throw new ValidationException("Not allowed to delete user branch.");
                        }
                    }
                }
                if (RefNames.isGroupRef(refReceivedEvent.command.getRefName())) {
                    if (refReceivedEvent.command.getType().equals(ReceiveCommand.Type.CREATE)) {
                        throw new ValidationException("Not allowed to create group branch.");
                    }
                    if (refReceivedEvent.command.getType().equals(ReceiveCommand.Type.DELETE)) {
                        throw new ValidationException("Not allowed to delete group branch.");
                    }
                }
            }
            return ImmutableList.of();
        }
    }

    /* loaded from: input_file:com/google/gerrit/server/git/validators/RefOperationValidators$Factory.class */
    public interface Factory {
        RefOperationValidators create(Project project, IdentifiedUser identifiedUser, ReceiveCommand receiveCommand);
    }

    public static ReceiveCommand getCommand(RefUpdate refUpdate, ReceiveCommand.Type type) {
        return new ReceiveCommand(refUpdate.getExpectedOldObjectId(), refUpdate.getNewObjectId(), refUpdate.getName(), type);
    }

    @Inject
    RefOperationValidators(PermissionBackend permissionBackend, AllUsersName allUsersName, PluginSetContext<RefOperationValidationListener> pluginSetContext, @Assisted Project project, @Assisted IdentifiedUser identifiedUser, @Assisted ReceiveCommand receiveCommand) {
        this.perm = permissionBackend.user(identifiedUser);
        this.allUsersName = allUsersName;
        this.refOperationValidationListeners = pluginSetContext;
        this.event.command = receiveCommand;
        this.event.project = project;
        this.event.user = identifiedUser;
    }

    public List<ValidationMessage> validateForRefOperation() throws RefOperationValidationException {
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        try {
            arrayList.addAll(new DisallowCreationAndDeletionOfGerritMaintainedBranches(this.perm, this.allUsersName).onRefOperation(this.event));
            this.refOperationValidationListeners.runEach(refOperationValidationListener -> {
                refOperationValidationListener.onRefOperation(this.event);
            }, ValidationException.class);
        } catch (ValidationException e) {
            arrayList.add(new ValidationMessage(e.getMessage(), true));
            z = true;
        }
        if (z) {
            throwException(arrayList, this.event);
        }
        return arrayList;
    }

    private void throwException(List<ValidationMessage> list, RefReceivedEvent refReceivedEvent) throws RefOperationValidationException {
        String format = String.format("Ref \"%s\" %S in project %s validation failed", refReceivedEvent.command.getRefName(), refReceivedEvent.command.getType(), refReceivedEvent.project.getName());
        logger.atSevere().log(format);
        throw new RefOperationValidationException(format, (ImmutableList) list.stream().filter((v0) -> {
            return v0.isError();
        }).collect(ImmutableList.toImmutableList()));
    }
}
