package com.google.gerrit.server.git.validators;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.UnmodifiableIterator;
import com.google.common.flogger.FluentLogger;
import com.google.gerrit.common.FooterConstants;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.entities.Account;
import com.google.gerrit.entities.BooleanProjectConfig;
import com.google.gerrit.entities.BranchNameKey;
import com.google.gerrit.entities.Change;
import com.google.gerrit.entities.RefNames;
import com.google.gerrit.extensions.api.config.ConsistencyCheckInfo;
import com.google.gerrit.extensions.registration.DynamicItem;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.server.GerritPersonIdent;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.externalids.ExternalIdsConsistencyChecker;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.config.AllUsersName;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.config.UrlFormatter;
import com.google.gerrit.server.events.CommitReceivedEvent;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.git.ValidationError;
import com.google.gerrit.server.git.validators.ValidationMessage;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.RefPermission;
import com.google.gerrit.server.plugincontext.PluginSetContext;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectConfig;
import com.google.gerrit.server.project.ProjectState;
import com.google.gerrit.server.query.change.ChangeQueryBuilder;
import com.google.gerrit.server.ssh.SshInfo;
import com.google.gerrit.server.util.MagicBranch;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import com.jcraft.jsch.HostKey;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.compress.compressors.bzip2.BZip2Constants;
import org.apache.sshd.client.auth.keyboard.UserInteraction;
import org.eclipse.jgit.diff.DiffFormatter;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.lib.Config;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.notes.NoteMap;
import org.eclipse.jgit.revwalk.FooterKey;
import org.eclipse.jgit.revwalk.FooterLine;
import org.eclipse.jgit.revwalk.RevCommit;
import org.eclipse.jgit.revwalk.RevWalk;
import org.eclipse.jgit.util.SystemReader;
import org.eclipse.jgit.util.io.DisabledOutputStream;

/* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators.class */
public class CommitValidators {
    private static final FluentLogger logger = FluentLogger.forEnclosingClass();
    public static final Pattern NEW_PATCHSET_PATTERN = Pattern.compile("^refs/changes/(?:[0-9][0-9]/)?([1-9][0-9]*)(?:/[1-9][0-9]*)?$");
    private final List<CommitValidationListener> validators;

    /* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators$AccountCommitValidator.class */
    public static class AccountCommitValidator implements CommitValidationListener {
        private final GitRepositoryManager repoManager;
        private final AllUsersName allUsers;
        private final AccountValidator accountValidator;

        public AccountCommitValidator(GitRepositoryManager gitRepositoryManager, AllUsersName allUsersName, AccountValidator accountValidator) {
            this.repoManager = gitRepositoryManager;
            this.allUsers = allUsersName;
            this.accountValidator = accountValidator;
        }

        @Override // com.google.gerrit.server.git.validators.CommitValidationListener
        public List<CommitValidationMessage> onCommitReceived(CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
            Account.Id fromRef;
            if (this.allUsers.equals(commitReceivedEvent.project.getNameKey()) && !commitReceivedEvent.command.getRefName().startsWith(MagicBranch.NEW_CHANGE) && (fromRef = Account.Id.fromRef(commitReceivedEvent.refName)) != null) {
                try {
                    Repository openRepository = this.repoManager.openRepository(this.allUsers);
                    try {
                        List<String> validate = this.accountValidator.validate(fromRef, openRepository, commitReceivedEvent.revWalk, commitReceivedEvent.command.getOldId(), commitReceivedEvent.commit);
                        if (!validate.isEmpty()) {
                            throw new CommitValidationException("invalid account configuration", (List<CommitValidationMessage>) validate.stream().map(str -> {
                                return new CommitValidationMessage(str, ValidationMessage.Type.ERROR);
                            }).collect(Collectors.toList()));
                        }
                        if (openRepository != null) {
                            openRepository.close();
                        }
                        return Collections.emptyList();
                    } finally {
                    }
                } catch (IOException e) {
                    String format = String.format("Validating update for account %s failed", Integer.valueOf(fromRef.get()));
                    CommitValidators.logger.atSevere().withCause(e).log(format);
                    throw new CommitValidationException(format, e);
                }
            }
            return Collections.emptyList();
        }
    }

    /* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators$AmendedGerritMergeCommitValidationListener.class */
    public static class AmendedGerritMergeCommitValidationListener implements CommitValidationListener {
        private final PermissionBackend.ForRef perm;
        private final PersonIdent gerritIdent;

        public AmendedGerritMergeCommitValidationListener(PermissionBackend.ForRef forRef, PersonIdent personIdent) {
            this.perm = forRef;
            this.gerritIdent = personIdent;
        }

        @Override // com.google.gerrit.server.git.validators.CommitValidationListener
        public List<CommitValidationMessage> onCommitReceived(CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
            PersonIdent authorIdent = commitReceivedEvent.commit.getAuthorIdent();
            if (commitReceivedEvent.commit.getParentCount() > 1 && authorIdent.getName().equals(this.gerritIdent.getName()) && authorIdent.getEmailAddress().equals(this.gerritIdent.getEmailAddress())) {
                try {
                    this.perm.check(RefPermission.FORGE_SERVER);
                } catch (AuthException e) {
                    throw new CommitValidationException(String.format("pushing merge commit %s by %s requires '%s' permission", commitReceivedEvent.commit.getId(), this.gerritIdent.getEmailAddress(), RefPermission.FORGE_SERVER.name()), e);
                } catch (PermissionBackendException e2) {
                    CommitValidators.logger.atSevere().withCause(e2).log("cannot check FORGE_SERVER");
                    throw new CommitValidationException("internal auth error");
                }
            }
            return Collections.emptyList();
        }
    }

    /* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators$AuthorUploaderValidator.class */
    public static class AuthorUploaderValidator implements CommitValidationListener {
        private final IdentifiedUser user;
        private final PermissionBackend.ForRef perm;
        private final UrlFormatter urlFormatter;

        public AuthorUploaderValidator(IdentifiedUser identifiedUser, PermissionBackend.ForRef forRef, UrlFormatter urlFormatter) {
            this.user = identifiedUser;
            this.perm = forRef;
            this.urlFormatter = urlFormatter;
        }

        @Override // com.google.gerrit.server.git.validators.CommitValidationListener
        public List<CommitValidationMessage> onCommitReceived(CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
            PersonIdent authorIdent = commitReceivedEvent.commit.getAuthorIdent();
            if (this.user.hasEmailAddress(authorIdent.getEmailAddress())) {
                return Collections.emptyList();
            }
            try {
                this.perm.check(RefPermission.FORGE_AUTHOR);
                return Collections.emptyList();
            } catch (AuthException e) {
                throw new CommitValidationException("invalid author", CommitValidators.invalidEmail("author", authorIdent, this.user, this.urlFormatter), e);
            } catch (PermissionBackendException e2) {
                CommitValidators.logger.atSevere().withCause(e2).log("cannot check FORGE_AUTHOR");
                throw new CommitValidationException("internal auth error");
            }
        }
    }

    /* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators$BannedCommitsValidator.class */
    public static class BannedCommitsValidator implements CommitValidationListener {
        private final NoteMap rejectCommits;

        public BannedCommitsValidator(NoteMap noteMap) {
            this.rejectCommits = noteMap;
        }

        @Override // com.google.gerrit.server.git.validators.CommitValidationListener
        public List<CommitValidationMessage> onCommitReceived(CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
            try {
                if (this.rejectCommits.contains(commitReceivedEvent.commit)) {
                    throw new CommitValidationException("contains banned commit " + commitReceivedEvent.commit.getName());
                }
                return Collections.emptyList();
            } catch (IOException e) {
                CommitValidators.logger.atWarning().withCause(e).log("error checking banned commits");
                throw new CommitValidationException("error checking banned commits", e);
            }
        }
    }

    /* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators$ChangeIdValidator.class */
    public static class ChangeIdValidator implements CommitValidationListener {
        private static final String MISSING_CHANGE_ID_MSG = "missing Change-Id in message footer";
        private static final String MISSING_SUBJECT_MSG = "missing subject; Change-Id must be in message footer";
        private static final String CHANGE_ID_ABOVE_FOOTER_MSG = "Change-Id must be in message footer";
        private static final String MULTIPLE_CHANGE_ID_MSG = "multiple Change-Id lines in message footer";
        private static final String INVALID_CHANGE_ID_MSG = "invalid Change-Id line format in message footer";

        @VisibleForTesting
        public static final String CHANGE_ID_MISMATCH_MSG = "Change-Id in message footer does not match Change-Id of target change";
        private final ProjectState projectState;
        private final UrlFormatter urlFormatter;
        private final String installCommitMsgHookCommand;
        private final SshInfo sshInfo;
        private final IdentifiedUser user;
        private final Change change;
        private static final String CHANGE_ID_PREFIX = FooterConstants.CHANGE_ID.getName() + UserInteraction.DEFAULT_CHECK_INTERACTIVE_PASSWORD_DELIM;
        private static final Pattern CHANGE_ID = Pattern.compile(Change.CHANGE_ID_PATTERN);

        public ChangeIdValidator(ProjectState projectState, IdentifiedUser identifiedUser, UrlFormatter urlFormatter, Config config, SshInfo sshInfo, Change change) {
            this.projectState = projectState;
            this.user = identifiedUser;
            this.urlFormatter = urlFormatter;
            this.installCommitMsgHookCommand = config.getString("gerrit", null, "installCommitMsgHookCommand");
            this.sshInfo = sshInfo;
            this.change = change;
        }

        @Override // com.google.gerrit.server.git.validators.CommitValidationListener
        public List<CommitValidationMessage> onCommitReceived(CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
            if (!shouldValidateChangeId(commitReceivedEvent)) {
                return Collections.emptyList();
            }
            RevCommit revCommit = commitReceivedEvent.commit;
            ArrayList arrayList = new ArrayList();
            List<String> footerLines = revCommit.getFooterLines(FooterConstants.CHANGE_ID);
            if (footerLines.isEmpty()) {
                String shortMessage = revCommit.getShortMessage();
                if (shortMessage.startsWith(CHANGE_ID_PREFIX) && CHANGE_ID.matcher(shortMessage.substring(CHANGE_ID_PREFIX.length()).trim()).matches()) {
                    throw new CommitValidationException(MISSING_SUBJECT_MSG);
                }
                if (revCommit.getFullMessage().contains("\n" + CHANGE_ID_PREFIX)) {
                    arrayList.add(new CommitValidationMessage("Change-Id must be in message footer\n\nHint: run\n  git commit --amend\nand move 'Change-Id: Ixxx..' to the bottom on a separate line\n", ValidationMessage.Type.ERROR));
                    throw new CommitValidationException(CHANGE_ID_ABOVE_FOOTER_MSG, arrayList);
                }
                if (this.projectState.is(BooleanProjectConfig.REQUIRE_CHANGE_ID)) {
                    arrayList.add(getMissingChangeIdErrorMsg(MISSING_CHANGE_ID_MSG));
                    throw new CommitValidationException(MISSING_CHANGE_ID_MSG, arrayList);
                }
            } else {
                if (footerLines.size() > 1) {
                    throw new CommitValidationException(MULTIPLE_CHANGE_ID_MSG, arrayList);
                }
                String trim = footerLines.get(footerLines.size() - 1).trim();
                if (!CHANGE_ID.matcher(trim).matches() || trim.matches("^I00*$")) {
                    arrayList.add(getMissingChangeIdErrorMsg(INVALID_CHANGE_ID_MSG));
                    throw new CommitValidationException(INVALID_CHANGE_ID_MSG, arrayList);
                }
                if (this.change != null && !trim.equals(this.change.getKey().get())) {
                    throw new CommitValidationException(CHANGE_ID_MISMATCH_MSG);
                }
            }
            return Collections.emptyList();
        }

        private static boolean shouldValidateChangeId(CommitReceivedEvent commitReceivedEvent) {
            return MagicBranch.isMagicBranch(commitReceivedEvent.command.getRefName()) || CommitValidators.NEW_PATCHSET_PATTERN.matcher(commitReceivedEvent.command.getRefName()).matches();
        }

        private CommitValidationMessage getMissingChangeIdErrorMsg(String str) {
            return new CommitValidationMessage(str + "\n\nHint: to automatically insert a Change-Id, install the hook:\n" + getCommitMessageHookInstallationHint() + "\nand then amend the commit:\n  git commit --amend --no-edit\nFinally, push your changes again\n", ValidationMessage.Type.ERROR);
        }

        private String getCommitMessageHookInstallationHint() {
            String str;
            int i;
            if (this.installCommitMsgHookCommand != null) {
                return this.installCommitMsgHookCommand;
            }
            List<HostKey> hostKeys = this.sshInfo.getHostKeys();
            Optional<String> webUrl = this.urlFormatter.getWebUrl();
            if (hostKeys.isEmpty()) {
                Preconditions.checkState(webUrl.isPresent());
                return String.format("  f=\"$(git rev-parse --git-dir)/hooks/commit-msg\"; curl -o \"$f\" %stools/hooks/commit-msg ; chmod +x \"$f\"", webUrl.get());
            }
            String host = hostKeys.get(0).getHost();
            int lastIndexOf = host.lastIndexOf(58);
            if (0 <= lastIndexOf) {
                if (host.startsWith("*:")) {
                    Preconditions.checkState(webUrl.isPresent());
                    str = CommitValidators.getGerritHost(webUrl.get());
                } else {
                    str = host.substring(0, lastIndexOf);
                }
                i = Integer.parseInt(host.substring(lastIndexOf + 1));
            } else {
                str = host;
                i = 22;
            }
            return String.format("  gitdir=$(git rev-parse --git-dir); scp -p -P %d %s@%s:hooks/commit-msg ${gitdir}/hooks/", Integer.valueOf(i), this.user.getUserName().orElse("<USERNAME>"), str);
        }
    }

    /* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators$CommitterUploaderValidator.class */
    public static class CommitterUploaderValidator implements CommitValidationListener {
        private final IdentifiedUser user;
        private final PermissionBackend.ForRef perm;
        private final UrlFormatter urlFormatter;

        public CommitterUploaderValidator(IdentifiedUser identifiedUser, PermissionBackend.ForRef forRef, UrlFormatter urlFormatter) {
            this.user = identifiedUser;
            this.perm = forRef;
            this.urlFormatter = urlFormatter;
        }

        @Override // com.google.gerrit.server.git.validators.CommitValidationListener
        public List<CommitValidationMessage> onCommitReceived(CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
            PersonIdent committerIdent = commitReceivedEvent.commit.getCommitterIdent();
            if (this.user.hasEmailAddress(committerIdent.getEmailAddress())) {
                return Collections.emptyList();
            }
            try {
                this.perm.check(RefPermission.FORGE_COMMITTER);
                return Collections.emptyList();
            } catch (AuthException e) {
                throw new CommitValidationException("invalid committer", CommitValidators.invalidEmail(ChangeQueryBuilder.FIELD_COMMITTER, committerIdent, this.user, this.urlFormatter), e);
            } catch (PermissionBackendException e2) {
                CommitValidators.logger.atSevere().withCause(e2).log("cannot check FORGE_COMMITTER");
                throw new CommitValidationException("internal auth error");
            }
        }
    }

    /* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators$ConfigValidator.class */
    public static class ConfigValidator implements CommitValidationListener {
        private final ProjectConfig.Factory projectConfigFactory;
        private final BranchNameKey branch;
        private final IdentifiedUser user;
        private final RevWalk rw;
        private final AllUsersName allUsers;
        private final AllProjectsName allProjects;

        public ConfigValidator(ProjectConfig.Factory factory, BranchNameKey branchNameKey, IdentifiedUser identifiedUser, RevWalk revWalk, AllUsersName allUsersName, AllProjectsName allProjectsName) {
            this.projectConfigFactory = factory;
            this.branch = branchNameKey;
            this.user = identifiedUser;
            this.rw = revWalk;
            this.allProjects = allProjectsName;
            this.allUsers = allUsersName;
        }

        @Override // com.google.gerrit.server.git.validators.CommitValidationListener
        public List<CommitValidationMessage> onCommitReceived(CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
            if (RefNames.REFS_CONFIG.equals(this.branch.branch())) {
                ArrayList arrayList = new ArrayList();
                try {
                    ProjectConfig create = this.projectConfigFactory.create(commitReceivedEvent.project.getNameKey());
                    create.load(this.rw, commitReceivedEvent.command.getNewId());
                    if (!create.getValidationErrors().isEmpty()) {
                        CommitValidators.addError("Invalid project configuration:", arrayList);
                        Iterator<ValidationError> it = create.getValidationErrors().iterator();
                        while (it.hasNext()) {
                            CommitValidators.addError("  " + it.next().getMessage(), arrayList);
                        }
                        throw new ConfigInvalidException("invalid project configuration");
                    }
                    if (this.allUsers.equals(commitReceivedEvent.project.getNameKey()) && !this.allProjects.equals(create.getProject().getParent(this.allProjects))) {
                        CommitValidators.addError("Invalid project configuration:", arrayList);
                        CommitValidators.addError(String.format("  %s must inherit from %s", this.allUsers.get(), this.allProjects.get()), arrayList);
                        throw new ConfigInvalidException("invalid project configuration");
                    }
                } catch (IOException | ConfigInvalidException e) {
                    CommitValidators.logger.atSevere().withCause(e).log("User %s tried to push an invalid project configuration %s for project %s", this.user.getLoggableName(), commitReceivedEvent.command.getNewId().name(), commitReceivedEvent.project.getName());
                    throw new CommitValidationException("invalid project configuration", arrayList);
                }
            }
            return Collections.emptyList();
        }
    }

    /* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators$ExternalIdUpdateListener.class */
    public static class ExternalIdUpdateListener implements CommitValidationListener {
        private final AllUsersName allUsers;
        private final ExternalIdsConsistencyChecker externalIdsConsistencyChecker;

        public ExternalIdUpdateListener(AllUsersName allUsersName, ExternalIdsConsistencyChecker externalIdsConsistencyChecker) {
            this.externalIdsConsistencyChecker = externalIdsConsistencyChecker;
            this.allUsers = allUsersName;
        }

        @Override // com.google.gerrit.server.git.validators.CommitValidationListener
        public List<CommitValidationMessage> onCommitReceived(CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
            if (!this.allUsers.equals(commitReceivedEvent.project.getNameKey()) || !RefNames.REFS_EXTERNAL_IDS.equals(commitReceivedEvent.refName)) {
                return Collections.emptyList();
            }
            try {
                List<CommitValidationMessage> list = (List) this.externalIdsConsistencyChecker.check(commitReceivedEvent.commit).stream().map(consistencyProblemInfo -> {
                    return new CommitValidationMessage(consistencyProblemInfo.message, consistencyProblemInfo.status == ConsistencyCheckInfo.ConsistencyProblemInfo.Status.ERROR ? ValidationMessage.Type.ERROR : ValidationMessage.Type.OTHER);
                }).collect(Collectors.toList());
                if (list.stream().anyMatch((v0) -> {
                    return v0.isError();
                })) {
                    throw new CommitValidationException("invalid external IDs", list);
                }
                return list;
            } catch (IOException | ConfigInvalidException e) {
                CommitValidators.logger.atWarning().withCause(e).log("error validating external IDs");
                throw new CommitValidationException("error validating external IDs", e);
            }
        }
    }

    @Singleton
    /* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators$Factory.class */
    public static class Factory {
        private final PersonIdent gerritIdent;
        private final DynamicItem<UrlFormatter> urlFormatter;
        private final PluginSetContext<CommitValidationListener> pluginValidators;
        private final GitRepositoryManager repoManager;
        private final AllUsersName allUsers;
        private final AllProjectsName allProjects;
        private final ExternalIdsConsistencyChecker externalIdsConsistencyChecker;
        private final AccountValidator accountValidator;
        private final ProjectCache projectCache;
        private final ProjectConfig.Factory projectConfigFactory;
        private final Config config;

        @Inject
        Factory(@GerritPersonIdent PersonIdent personIdent, DynamicItem<UrlFormatter> dynamicItem, @GerritServerConfig Config config, PluginSetContext<CommitValidationListener> pluginSetContext, GitRepositoryManager gitRepositoryManager, AllUsersName allUsersName, AllProjectsName allProjectsName, ExternalIdsConsistencyChecker externalIdsConsistencyChecker, AccountValidator accountValidator, ProjectCache projectCache, ProjectConfig.Factory factory) {
            this.gerritIdent = personIdent;
            this.urlFormatter = dynamicItem;
            this.config = config;
            this.pluginValidators = pluginSetContext;
            this.repoManager = gitRepositoryManager;
            this.allUsers = allUsersName;
            this.allProjects = allProjectsName;
            this.externalIdsConsistencyChecker = externalIdsConsistencyChecker;
            this.accountValidator = accountValidator;
            this.projectCache = projectCache;
            this.projectConfigFactory = factory;
        }

        public CommitValidators forReceiveCommits(PermissionBackend.ForProject forProject, BranchNameKey branchNameKey, IdentifiedUser identifiedUser, SshInfo sshInfo, NoteMap noteMap, RevWalk revWalk, @Nullable Change change, boolean z) {
            PermissionBackend.ForRef ref = forProject.ref(branchNameKey.branch());
            ProjectState orElseThrow = this.projectCache.get(branchNameKey.project()).orElseThrow(ProjectCache.illegalState(branchNameKey.project()));
            ImmutableList.Builder builder = ImmutableList.builder();
            builder.add((ImmutableList.Builder) new UploadMergesPermissionValidator(ref)).add((ImmutableList.Builder) new ProjectStateValidationListener(orElseThrow)).add((ImmutableList.Builder) new AmendedGerritMergeCommitValidationListener(ref, this.gerritIdent)).add((ImmutableList.Builder) new AuthorUploaderValidator(identifiedUser, ref, this.urlFormatter.get())).add((ImmutableList.Builder) new FileCountValidator(this.repoManager, this.config)).add((ImmutableList.Builder) new CommitterUploaderValidator(identifiedUser, ref, this.urlFormatter.get())).add((ImmutableList.Builder) new SignedOffByValidator(identifiedUser, ref, orElseThrow)).add((ImmutableList.Builder) new ChangeIdValidator(orElseThrow, identifiedUser, this.urlFormatter.get(), this.config, sshInfo, change)).add((ImmutableList.Builder) new ConfigValidator(this.projectConfigFactory, branchNameKey, identifiedUser, revWalk, this.allUsers, this.allProjects)).add((ImmutableList.Builder) new BannedCommitsValidator(noteMap)).add((ImmutableList.Builder) new PluginCommitValidationListener(this.pluginValidators, z)).add((ImmutableList.Builder) new ExternalIdUpdateListener(this.allUsers, this.externalIdsConsistencyChecker)).add((ImmutableList.Builder) new AccountCommitValidator(this.repoManager, this.allUsers, this.accountValidator)).add((ImmutableList.Builder) new GroupCommitValidator(this.allUsers));
            return new CommitValidators(builder.build());
        }

        public CommitValidators forGerritCommits(PermissionBackend.ForProject forProject, BranchNameKey branchNameKey, IdentifiedUser identifiedUser, SshInfo sshInfo, RevWalk revWalk, @Nullable Change change) {
            PermissionBackend.ForRef ref = forProject.ref(branchNameKey.branch());
            ProjectState orElseThrow = this.projectCache.get(branchNameKey.project()).orElseThrow(ProjectCache.illegalState(branchNameKey.project()));
            ImmutableList.Builder builder = ImmutableList.builder();
            builder.add((ImmutableList.Builder) new UploadMergesPermissionValidator(ref)).add((ImmutableList.Builder) new ProjectStateValidationListener(orElseThrow)).add((ImmutableList.Builder) new AmendedGerritMergeCommitValidationListener(ref, this.gerritIdent)).add((ImmutableList.Builder) new AuthorUploaderValidator(identifiedUser, ref, this.urlFormatter.get())).add((ImmutableList.Builder) new FileCountValidator(this.repoManager, this.config)).add((ImmutableList.Builder) new SignedOffByValidator(identifiedUser, ref, orElseThrow)).add((ImmutableList.Builder) new ChangeIdValidator(orElseThrow, identifiedUser, this.urlFormatter.get(), this.config, sshInfo, change)).add((ImmutableList.Builder) new ConfigValidator(this.projectConfigFactory, branchNameKey, identifiedUser, revWalk, this.allUsers, this.allProjects)).add((ImmutableList.Builder) new PluginCommitValidationListener(this.pluginValidators)).add((ImmutableList.Builder) new ExternalIdUpdateListener(this.allUsers, this.externalIdsConsistencyChecker)).add((ImmutableList.Builder) new AccountCommitValidator(this.repoManager, this.allUsers, this.accountValidator)).add((ImmutableList.Builder) new GroupCommitValidator(this.allUsers));
            return new CommitValidators(builder.build());
        }

        public CommitValidators forMergedCommits(PermissionBackend.ForProject forProject, BranchNameKey branchNameKey, IdentifiedUser identifiedUser) {
            PermissionBackend.ForRef ref = forProject.ref(branchNameKey.branch());
            ProjectState orElseThrow = this.projectCache.get(branchNameKey.project()).orElseThrow(ProjectCache.illegalState(branchNameKey.project()));
            ImmutableList.Builder builder = ImmutableList.builder();
            builder.add((ImmutableList.Builder) new UploadMergesPermissionValidator(ref)).add((ImmutableList.Builder) new ProjectStateValidationListener(orElseThrow)).add((ImmutableList.Builder) new AuthorUploaderValidator(identifiedUser, ref, this.urlFormatter.get())).add((ImmutableList.Builder) new CommitterUploaderValidator(identifiedUser, ref, this.urlFormatter.get()));
            return new CommitValidators(builder.build());
        }
    }

    /* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators$FileCountValidator.class */
    private static class FileCountValidator implements CommitValidationListener {
        private final GitRepositoryManager repoManager;
        private final int maxFileCount;

        FileCountValidator(GitRepositoryManager gitRepositoryManager, Config config) {
            this.repoManager = gitRepositoryManager;
            this.maxFileCount = config.getInt(ChangeQueryBuilder.FIELD_CHANGE, null, "maxFiles", BZip2Constants.BASEBLOCKSIZE);
        }

        @Override // com.google.gerrit.server.git.validators.CommitValidationListener
        public List<CommitValidationMessage> onCommitReceived(CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
            long countChangedFiles;
            String refName = commitReceivedEvent.command.getRefName();
            if (!refName.startsWith(MagicBranch.NEW_CHANGE) && !refName.startsWith(RefNames.REFS_CHANGES)) {
                return Collections.emptyList();
            }
            try {
                countChangedFiles = countChangedFiles(commitReceivedEvent);
            } catch (IOException e) {
                if (!commitReceivedEvent.command.getRefName().startsWith(RefNames.REFS_CHANGES)) {
                    CommitValidators.logger.atWarning().withCause(e).log("Failed to validate file count for commit: %s", commitReceivedEvent.commit.toString());
                }
            }
            if (countChangedFiles > this.maxFileCount) {
                throw new CommitValidationException(String.format("Exceeding maximum number of files per change (%d > %d)", Long.valueOf(countChangedFiles), Integer.valueOf(this.maxFileCount)));
            }
            return Collections.emptyList();
        }

        private long countChangedFiles(CommitReceivedEvent commitReceivedEvent) throws IOException {
            Repository openRepository = this.repoManager.openRepository(commitReceivedEvent.project.getNameKey());
            try {
                RevWalk revWalk = new RevWalk(openRepository);
                try {
                    DiffFormatter diffFormatter = new DiffFormatter(DisabledOutputStream.INSTANCE);
                    try {
                        diffFormatter.setReader(revWalk.getObjectReader(), openRepository.getConfig());
                        diffFormatter.setDetectRenames(true);
                        long count = diffFormatter.scan(commitReceivedEvent.commit.getParentCount() > 0 ? commitReceivedEvent.commit.getParent(0) : null, commitReceivedEvent.commit).stream().map((v0) -> {
                            return v0.getNewPath();
                        }).distinct().count();
                        diffFormatter.close();
                        revWalk.close();
                        if (openRepository != null) {
                            openRepository.close();
                        }
                        return count;
                    } catch (Throwable th) {
                        try {
                            diffFormatter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (openRepository != null) {
                    try {
                        openRepository.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        }
    }

    /* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators$GroupCommitValidator.class */
    public static class GroupCommitValidator implements CommitValidationListener {
        private final AllUsersName allUsers;

        public GroupCommitValidator(AllUsersName allUsersName) {
            this.allUsers = allUsersName;
        }

        @Override // com.google.gerrit.server.git.validators.CommitValidationListener
        public List<CommitValidationMessage> onCommitReceived(CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
            if (this.allUsers.equals(commitReceivedEvent.project.getNameKey()) && !commitReceivedEvent.command.getRefName().startsWith(MagicBranch.NEW_CHANGE) && RefNames.isGroupRef(commitReceivedEvent.command.getRefName())) {
                throw new CommitValidationException("group update not allowed");
            }
            return Collections.emptyList();
        }
    }

    /* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators$PluginCommitValidationListener.class */
    public static class PluginCommitValidationListener implements CommitValidationListener {
        private boolean skipValidation;
        private final PluginSetContext<CommitValidationListener> commitValidationListeners;

        public PluginCommitValidationListener(PluginSetContext<CommitValidationListener> pluginSetContext) {
            this(pluginSetContext, false);
        }

        public PluginCommitValidationListener(PluginSetContext<CommitValidationListener> pluginSetContext, boolean z) {
            this.skipValidation = z;
            this.commitValidationListeners = pluginSetContext;
        }

        private void runValidator(CommitValidationListener commitValidationListener, List<CommitValidationMessage> list, CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
            if (!this.skipValidation || commitValidationListener.shouldValidateAllCommits()) {
                list.addAll(commitValidationListener.onCommitReceived(commitReceivedEvent));
            }
        }

        @Override // com.google.gerrit.server.git.validators.CommitValidationListener
        public List<CommitValidationMessage> onCommitReceived(CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
            ArrayList arrayList = new ArrayList();
            try {
                this.commitValidationListeners.runEach(commitValidationListener -> {
                    runValidator(commitValidationListener, arrayList, commitReceivedEvent);
                }, CommitValidationException.class);
                return arrayList;
            } catch (CommitValidationException e) {
                arrayList.addAll(e.getMessages());
                throw new CommitValidationException(e.getMessage(), arrayList);
            }
        }

        @Override // com.google.gerrit.server.git.validators.CommitValidationListener
        public boolean shouldValidateAllCommits() {
            return this.commitValidationListeners.stream().anyMatch(commitValidationListener -> {
                return commitValidationListener.shouldValidateAllCommits();
            });
        }
    }

    /* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators$ProjectStateValidationListener.class */
    public static class ProjectStateValidationListener implements CommitValidationListener {
        private final ProjectState projectState;

        public ProjectStateValidationListener(ProjectState projectState) {
            this.projectState = projectState;
        }

        @Override // com.google.gerrit.server.git.validators.CommitValidationListener
        public List<CommitValidationMessage> onCommitReceived(CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
            if (this.projectState.statePermitsWrite()) {
                return Collections.emptyList();
            }
            throw new CommitValidationException("project state does not permit write");
        }
    }

    /* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators$SignedOffByValidator.class */
    public static class SignedOffByValidator implements CommitValidationListener {
        private final IdentifiedUser user;
        private final PermissionBackend.ForRef perm;
        private final ProjectState state;

        public SignedOffByValidator(IdentifiedUser identifiedUser, PermissionBackend.ForRef forRef, ProjectState projectState) {
            this.user = identifiedUser;
            this.perm = forRef;
            this.state = projectState;
        }

        @Override // com.google.gerrit.server.git.validators.CommitValidationListener
        public List<CommitValidationMessage> onCommitReceived(CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
            String emailAddress;
            if (!this.state.is(BooleanProjectConfig.USE_SIGNED_OFF_BY)) {
                return Collections.emptyList();
            }
            RevCommit revCommit = commitReceivedEvent.commit;
            PersonIdent committerIdent = revCommit.getCommitterIdent();
            PersonIdent authorIdent = revCommit.getAuthorIdent();
            boolean z = false;
            boolean z2 = false;
            boolean z3 = false;
            for (FooterLine footerLine : revCommit.getFooterLines()) {
                if (footerLine.matches(FooterKey.SIGNED_OFF_BY) && (emailAddress = footerLine.getEmailAddress()) != null) {
                    z |= authorIdent.getEmailAddress().equals(emailAddress);
                    z2 |= committerIdent.getEmailAddress().equals(emailAddress);
                    z3 |= this.user.hasEmailAddress(emailAddress);
                }
            }
            if (!z && !z2 && !z3) {
                try {
                    this.perm.check(RefPermission.FORGE_COMMITTER);
                } catch (AuthException e) {
                    throw new CommitValidationException("not Signed-off-by author/committer/uploader in message footer", e);
                } catch (PermissionBackendException e2) {
                    CommitValidators.logger.atSevere().withCause(e2).log("cannot check FORGE_COMMITTER");
                    throw new CommitValidationException("internal auth error");
                }
            }
            return Collections.emptyList();
        }
    }

    /* loaded from: input_file:com/google/gerrit/server/git/validators/CommitValidators$UploadMergesPermissionValidator.class */
    public static class UploadMergesPermissionValidator implements CommitValidationListener {
        private final PermissionBackend.ForRef perm;

        public UploadMergesPermissionValidator(PermissionBackend.ForRef forRef) {
            this.perm = forRef;
        }

        @Override // com.google.gerrit.server.git.validators.CommitValidationListener
        public List<CommitValidationMessage> onCommitReceived(CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
            if (commitReceivedEvent.commit.getParentCount() <= 1) {
                return Collections.emptyList();
            }
            try {
                this.perm.check(RefPermission.MERGE);
                return Collections.emptyList();
            } catch (AuthException e) {
                throw new CommitValidationException("you are not allowed to upload merges", e);
            } catch (PermissionBackendException e2) {
                CommitValidators.logger.atSevere().withCause(e2).log("cannot check MERGE");
                throw new CommitValidationException("internal auth error");
            }
        }
    }

    CommitValidators(List<CommitValidationListener> list) {
        this.validators = list;
    }

    public List<CommitValidationMessage> validate(CommitReceivedEvent commitReceivedEvent) throws CommitValidationException {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<CommitValidationListener> it = this.validators.iterator();
            while (it.hasNext()) {
                arrayList.addAll(it.next().onCommitReceived(commitReceivedEvent));
            }
            return arrayList;
        } catch (CommitValidationException e) {
            logger.atFine().withCause(e).log("CommitValidationException occurred: %s", e.getFullMessage());
            arrayList.addAll(e.getMessages());
            throw new CommitValidationException(e.getMessage(), arrayList);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static CommitValidationMessage invalidEmail(String str, PersonIdent personIdent, IdentifiedUser identifiedUser, UrlFormatter urlFormatter) {
        StringBuilder sb = new StringBuilder();
        sb.append("email address ").append(personIdent.getEmailAddress()).append(" is not registered in your account, and you lack 'forge ").append(str).append("' permission.\n");
        if (identifiedUser.getEmailAddresses().isEmpty()) {
            sb.append("You have not registered any email addresses.\n");
        } else {
            sb.append("The following addresses are currently registered:\n");
            UnmodifiableIterator<String> it = identifiedUser.getEmailAddresses().iterator();
            while (it.hasNext()) {
                sb.append("   ").append(it.next()).append("\n");
            }
        }
        if (urlFormatter.getSettingsUrl("").isPresent()) {
            sb.append("To register an email address, visit:\n").append(urlFormatter.getSettingsUrl("EmailAddresses").get()).append("\n\n");
        }
        return new CommitValidationMessage(sb.toString(), ValidationMessage.Type.ERROR);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getGerritHost(String str) {
        if (str != null) {
            try {
                return new URL(str).getHost();
            } catch (MalformedURLException e) {
            }
        }
        return SystemReader.getInstance().getHostname();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void addError(String str, List<CommitValidationMessage> list) {
        list.add(new CommitValidationMessage(str, ValidationMessage.Type.ERROR));
    }
}
