package com.atlassian.crowd.directory;

import com.atlassian.crowd.directory.authentication.UserCredentialVerifier;
import com.atlassian.crowd.directory.authentication.UserCredentialVerifierFactory;
import com.atlassian.crowd.directory.cache.AzureGroupFilterProcessor;
import com.atlassian.crowd.directory.query.FetchMode;
import com.atlassian.crowd.directory.query.GraphQuery;
import com.atlassian.crowd.directory.query.MicrosoftGraphDeltaToken;
import com.atlassian.crowd.directory.query.MicrosoftGraphQueryTranslator;
import com.atlassian.crowd.directory.query.ODataExpand;
import com.atlassian.crowd.directory.query.ODataSelect;
import com.atlassian.crowd.directory.query.ODataTop;
import com.atlassian.crowd.directory.rest.AzureAdPagingWrapper;
import com.atlassian.crowd.directory.rest.AzureAdRestClient;
import com.atlassian.crowd.directory.rest.AzureAdRestClientFactory;
import com.atlassian.crowd.directory.rest.endpoint.AzureApiUriResolver;
import com.atlassian.crowd.directory.rest.endpoint.AzureApiUriResolverFactory;
import com.atlassian.crowd.directory.rest.entity.PageableGraphList;
import com.atlassian.crowd.directory.rest.entity.group.GraphGroup;
import com.atlassian.crowd.directory.rest.entity.group.GraphGroupList;
import com.atlassian.crowd.directory.rest.entity.membership.DirectoryObject;
import com.atlassian.crowd.directory.rest.entity.user.GraphUsersList;
import com.atlassian.crowd.directory.rest.mapper.AzureAdRestEntityMapper;
import com.atlassian.crowd.directory.rest.mapper.DeltaQueryResult;
import com.atlassian.crowd.directory.rest.util.MembershipFilterUtil;
import com.atlassian.crowd.directory.synchronisation.Defaults;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.InvalidGroupException;
import com.atlassian.crowd.exception.InvalidMembershipException;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.MembershipAlreadyExistsException;
import com.atlassian.crowd.exception.MembershipNotFoundException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.OperationNotSupportedException;
import com.atlassian.crowd.exception.ReadOnlyGroupException;
import com.atlassian.crowd.exception.UserAlreadyExistsException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.manager.avatar.AvatarReference;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupTemplate;
import com.atlassian.crowd.model.group.GroupTemplateWithAttributes;
import com.atlassian.crowd.model.group.GroupWithAttributes;
import com.atlassian.crowd.model.group.GroupWithMembershipChanges;
import com.atlassian.crowd.model.group.Membership;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.crowd.model.user.UserTemplateWithAttributes;
import com.atlassian.crowd.model.user.UserWithAttributes;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.search.builder.Restriction;
import com.atlassian.crowd.search.query.QueryUtils;
import com.atlassian.crowd.search.query.entity.EntityQuery;
import com.atlassian.crowd.search.query.entity.restriction.NullRestrictionImpl;
import com.atlassian.crowd.search.query.entity.restriction.constants.GroupTermKeys;
import com.atlassian.crowd.search.query.entity.restriction.constants.UserTermKeys;
import com.atlassian.crowd.search.query.membership.MembershipQuery;
import com.atlassian.crowd.search.util.QuerySplitter;
import com.atlassian.crowd.search.util.SearchResultsUtil;
import com.atlassian.crowd.util.AttributeUtil;
import com.atlassian.crowd.util.BoundedCount;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Suppliers;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/directory/AzureAdDirectory.class */
public class AzureAdDirectory implements RemoteDirectory {
    private static Logger logger = LoggerFactory.getLogger(AzureAdDirectory.class);
    public static final String WEBAPP_CLIENT_ID_ATTRIBUTE = "AZURE_AD_WEBAPP_CLIENT_ID";
    public static final String WEBAPP_CLIENT_SECRET_ATTRIBUTE = "AZURE_AD_WEBAPP_CLIENT_SECRET";
    public static final String TENANT_ID_ATTRIBUTE = "AZURE_AD_TENANT_ID";
    public static final String NATIVE_APP_ID_ATTRIBUTE = "AZURE_AD_NATIVE_AP_IDD";
    public static final String GRAPH_API_ENDPOINT_ATTRIBUTE = "AZURE_AD_GRAPH_API_ENDPOINT";
    public static final String AUTHORITY_API_ENDPOINT_ATTRIBUTE = "AZURE_AD_AUTHORITY_API_ENDPOINT";
    public static final String REGION_ATTRIBUTE = "AZURE_AD_REGION";
    public static final String CUSTOM_REGION_ATTRIBUTE_VALUE = "CUSTOM";
    public static final String FILTERED_GROUPS_ATTRIBUTE = "AZURE_AD_FILTERED_GROUPS";
    public static final String GROUP_FILTERING_ENABLED_ATTRIBUTE = "GROUP_FILTERING_ENABLED";
    public static final String NOT_IMPLEMENTED = "Azure Active Directory support is Read-only";
    public static final int MAX_RESTRICTIONS_PER_QUERY = 10;
    private final AzureAdRestClientFactory restClientFactory;
    private final MicrosoftGraphQueryTranslator graphQueryTranslator;
    private final AzureAdRestEntityMapper restEntityMapper;
    private final UserCredentialVerifierFactory credentialVerifierFactory;
    private final AzureApiUriResolverFactory endpointDataProviderFactory;
    private AzureApiUriResolver endpointDataProvider;
    private Supplier<UserCredentialVerifier> userCredentialVerifier;
    private Supplier<AzureAdRestClient> azureAdRestClient;
    private Supplier<AzureAdPagingWrapper> azureAdPagingWrapper;
    private AttributeValuesHolder attributes;
    private long directoryId;
    private boolean supportsNestedGroups;
    private boolean localGroupsEnabled;

    public AzureAdDirectory(AzureAdRestClientFactory azureAdRestClientFactory, MicrosoftGraphQueryTranslator microsoftGraphQueryTranslator, AzureAdRestEntityMapper azureAdRestEntityMapper, UserCredentialVerifierFactory userCredentialVerifierFactory, AzureApiUriResolverFactory azureApiUriResolverFactory) {
        this.restClientFactory = azureAdRestClientFactory;
        this.graphQueryTranslator = microsoftGraphQueryTranslator;
        this.restEntityMapper = azureAdRestEntityMapper;
        this.credentialVerifierFactory = userCredentialVerifierFactory;
        this.endpointDataProviderFactory = azureApiUriResolverFactory;
    }

    @Nullable
    public Set<String> getValues(String str) {
        return this.attributes.getValues(str);
    }

    @Nullable
    public String getValue(String str) {
        return this.attributes.getValue(str);
    }

    public Set<String> getKeys() {
        return this.attributes.getKeys();
    }

    public boolean isEmpty() {
        return this.attributes.isEmpty();
    }

    public long getDirectoryId() {
        return this.directoryId;
    }

    public void setDirectoryId(long j) {
        this.directoryId = j;
    }

    @Nonnull
    public String getDescriptiveName() {
        return "Microsoft Azure Active Directory";
    }

    public void setAttributes(Map<String, String> map) {
        this.attributes = new AttributeValuesHolder(map);
        String str = map.get(WEBAPP_CLIENT_ID_ATTRIBUTE);
        String str2 = map.get(WEBAPP_CLIENT_SECRET_ATTRIBUTE);
        String str3 = map.get(TENANT_ID_ATTRIBUTE);
        String str4 = map.get(NATIVE_APP_ID_ATTRIBUTE);
        Duration safeParseDurationMillis = AttributeUtil.safeParseDurationMillis(map.get("ldap.connection.timeout"), Defaults.CONNECTION_TIMEOUT);
        Duration safeParseDurationMillis2 = AttributeUtil.safeParseDurationMillis(map.get("ldap.read.timeout"), Defaults.READ_TIMEOUT);
        this.endpointDataProvider = this.endpointDataProviderFactory.getEndpointDataProviderForDirectory(this);
        this.supportsNestedGroups = Boolean.parseBoolean(map.get("useNestedGroups"));
        this.localGroupsEnabled = Boolean.parseBoolean(map.get("ldap.local.groups"));
        com.google.common.base.Supplier memoize = Suppliers.memoize(() -> {
            return this.restClientFactory.create(str, str2, str3, this.endpointDataProvider, safeParseDurationMillis.toMillis(), safeParseDurationMillis2.toMillis());
        });
        memoize.getClass();
        this.azureAdRestClient = memoize::get;
        com.google.common.base.Supplier memoize2 = Suppliers.memoize(() -> {
            return this.restClientFactory.create(getRestClient());
        });
        memoize2.getClass();
        this.azureAdPagingWrapper = memoize2::get;
        com.google.common.base.Supplier memoize3 = Suppliers.memoize(() -> {
            return this.credentialVerifierFactory.create(this.endpointDataProvider, str4, str3);
        });
        memoize3.getClass();
        this.userCredentialVerifier = memoize3::get;
    }

    @Nonnull
    public User findUserByName(String str) throws UserNotFoundException, OperationFailedException {
        EntityQuery returningAtMost = QueryBuilder.queryFor(User.class, EntityDescriptor.user()).with(Restriction.on(UserTermKeys.USERNAME).exactlyMatching(str)).returningAtMost(1);
        GraphUsersList searchUsers = getRestClient().searchUsers(this.graphQueryTranslator.convert(returningAtMost));
        validateSingleResult(searchUsers, () -> {
            return new UserNotFoundException(str);
        });
        return (User) Iterables.getOnlyElement(this.restEntityMapper.mapUsers(searchUsers, returningAtMost.getReturnType(), this.directoryId));
    }

    @Nonnull
    public UserWithAttributes findUserWithAttributesByName(String str) throws UserNotFoundException, OperationFailedException {
        return UserTemplateWithAttributes.toUserWithNoAttributes(findUserByName(str));
    }

    @Nonnull
    public User findUserByExternalId(String str) throws UserNotFoundException, OperationFailedException {
        GraphUsersList searchUsers = getRestClient().searchUsers(this.graphQueryTranslator.convert(QueryBuilder.queryFor(User.class, EntityDescriptor.user()).with(Restriction.on(UserTermKeys.EXTERNAL_ID).exactlyMatching(str)).returningAtMost(1)));
        validateSingleResult(searchUsers, () -> {
            return UserNotFoundException.forExternalId(str);
        });
        return (User) Iterables.getOnlyElement(this.restEntityMapper.mapUsers(searchUsers, User.class, this.directoryId));
    }

    @Nonnull
    public User authenticate(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        User findUserByName = findUserByName(str);
        getUserCredentialVerifier().checkUserCredential(str, passwordCredential);
        return findUserByName;
    }

    @Nonnull
    public User addUser(UserTemplate userTemplate, PasswordCredential passwordCredential) throws InvalidUserException, InvalidCredentialException, UserAlreadyExistsException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    public UserWithAttributes addUser(UserTemplateWithAttributes userTemplateWithAttributes, PasswordCredential passwordCredential) throws InvalidUserException, InvalidCredentialException, UserAlreadyExistsException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    @Nonnull
    public User updateUser(UserTemplate userTemplate) throws InvalidUserException, UserNotFoundException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    public void updateUserCredential(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InvalidCredentialException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    @Nonnull
    public User renameUser(String str, String str2) throws UserNotFoundException, InvalidUserException, UserAlreadyExistsException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    public void storeUserAttributes(String str, Map<String, Set<String>> map) throws UserNotFoundException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    public void removeUserAttributes(String str, String str2) throws UserNotFoundException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    public void removeUser(String str) throws UserNotFoundException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    @Nonnull
    public <T> List<T> searchUsers(EntityQuery<T> entityQuery) throws OperationFailedException {
        QueryUtils.checkAssignableFrom(entityQuery.getReturnType(), new Class[]{String.class, User.class});
        return QuerySplitter.batchConditionsIfNeeded(entityQuery, this::searchUsersSplit, 10);
    }

    private <T> List<T> searchUsersSplit(EntityQuery<T> entityQuery) throws OperationFailedException {
        return this.restEntityMapper.mapUsers(getAzureAdPagingWrapper().fetchAppropriateAmountOfResults(getRestClient().searchUsers(this.graphQueryTranslator.convert(entityQuery)), entityQuery.getStartIndex(), entityQuery.getMaxResults()), entityQuery.getReturnType(), getDirectoryId());
    }

    @Nonnull
    public Group findGroupByName(String str) throws GroupNotFoundException, OperationFailedException {
        EntityQuery returningAtMost = QueryBuilder.queryFor(Group.class, EntityDescriptor.group()).with(Restriction.on(GroupTermKeys.NAME).exactlyMatching(str)).returningAtMost(1);
        GraphGroupList searchGroups = getRestClient().searchGroups(this.graphQueryTranslator.convert(returningAtMost));
        validateSingleResult(searchGroups, () -> {
            return new GroupNotFoundException(str);
        });
        return (Group) Iterables.getOnlyElement(this.restEntityMapper.mapGroups(searchGroups, returningAtMost.getReturnType(), this.directoryId));
    }

    @Nonnull
    public GroupWithAttributes findGroupWithAttributesByName(String str) throws GroupNotFoundException, OperationFailedException {
        return GroupTemplateWithAttributes.ofGroupWithNoAttributes(findGroupByName(str));
    }

    @Nonnull
    public Group addGroup(GroupTemplate groupTemplate) throws InvalidGroupException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    @Nonnull
    public Group updateGroup(GroupTemplate groupTemplate) throws InvalidGroupException, GroupNotFoundException, ReadOnlyGroupException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    @Nonnull
    public Group renameGroup(String str, String str2) throws GroupNotFoundException, InvalidGroupException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    public void storeGroupAttributes(String str, Map<String, Set<String>> map) throws GroupNotFoundException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    public void removeGroupAttributes(String str, String str2) throws GroupNotFoundException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    public void removeGroup(String str) throws GroupNotFoundException, ReadOnlyGroupException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    @Nonnull
    public <T> List<T> searchGroups(EntityQuery<T> entityQuery) throws OperationFailedException {
        QueryUtils.checkAssignableFrom(entityQuery.getReturnType(), new Class[]{String.class, Group.class});
        return QuerySplitter.batchConditionsIfNeeded(entityQuery, this::searchGroupsSplit, 10);
    }

    private <T> List<T> searchGroupsSplit(EntityQuery<T> entityQuery) throws OperationFailedException {
        return this.restEntityMapper.mapGroups(getAzureAdPagingWrapper().fetchAppropriateAmountOfResults(getRestClient().searchGroups(this.graphQueryTranslator.convert(entityQuery)), entityQuery.getStartIndex(), entityQuery.getMaxResults()), entityQuery.getReturnType(), getDirectoryId());
    }

    public boolean isUserDirectGroupMember(String str, String str2) throws OperationFailedException {
        return getAzureAdPagingWrapper().pageForElement(getRestClient().getDirectParentsOfUser(str, this.graphQueryTranslator.resolveAzureAdColumnsForSingleEntityTypeQuery(EntityDescriptor.group(), FetchMode.NAME)), withGroup(str2)).isPresent();
    }

    private Predicate<DirectoryObject> withGroup(String str) {
        return directoryObject -> {
            return MembershipFilterUtil.isGroup(directoryObject) && directoryObject.getDisplayName().equals(str);
        };
    }

    public boolean isGroupDirectGroupMember(String str, String str2) throws OperationFailedException {
        return getAzureAdPagingWrapper().pageForElement(getRestClient().getDirectParentsOfGroup(fetchExternalIdOfGroup(str).orElseThrow(() -> {
            return new OperationFailedException(new GroupNotFoundException(str));
        }), this.graphQueryTranslator.resolveAzureAdColumnsForSingleEntityTypeQuery(EntityDescriptor.group(), FetchMode.NAME)), withGroup(str2)).isPresent();
    }

    @Nonnull
    public BoundedCount countDirectMembersOfGroup(String str, int i) throws OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    public void addUserToGroup(String str, String str2) throws GroupNotFoundException, UserNotFoundException, ReadOnlyGroupException, OperationFailedException, MembershipAlreadyExistsException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    public void addGroupToGroup(String str, String str2) throws GroupNotFoundException, InvalidMembershipException, ReadOnlyGroupException, OperationFailedException, MembershipAlreadyExistsException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    public void removeUserFromGroup(String str, String str2) throws GroupNotFoundException, UserNotFoundException, MembershipNotFoundException, ReadOnlyGroupException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    public void removeGroupFromGroup(String str, String str2) throws GroupNotFoundException, InvalidMembershipException, MembershipNotFoundException, ReadOnlyGroupException, OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    @Nonnull
    public <T> List<T> searchGroupRelationships(MembershipQuery<T> membershipQuery) throws OperationFailedException {
        Preconditions.checkArgument(membershipQuery.getSearchRestriction() == NullRestrictionImpl.INSTANCE, "Azure AD membership queries do not support search restrictions.");
        if (membershipQuery.getEntityToReturn() == EntityDescriptor.group() && membershipQuery.getEntityToMatch() == EntityDescriptor.group() && !this.supportsNestedGroups) {
            return Collections.emptyList();
        }
        ODataSelect resolveAzureAdColumnsForSingleEntityTypeQuery = this.graphQueryTranslator.resolveAzureAdColumnsForSingleEntityTypeQuery(membershipQuery.getEntityToReturn(), membershipQuery.getReturnType());
        ArrayList arrayList = new ArrayList();
        if (membershipQuery.isFindChildren()) {
            Preconditions.checkArgument(membershipQuery.getEntityToMatch() == EntityDescriptor.group(), "Cannot search for children of entities other than groups");
            Predicate<DirectoryObject> directoryObjectFilter = getDirectoryObjectFilter(membershipQuery);
            Iterator<String> it = getGroupIds(membershipQuery.getEntityNamesToMatch()).iterator();
            while (it.hasNext()) {
                arrayList.addAll(this.restEntityMapper.mapDirectoryObjects(getAzureAdPagingWrapper().fetchAllMatchingResults(getRestClient().getDirectChildrenOfGroup(it.next(), resolveAzureAdColumnsForSingleEntityTypeQuery), directoryObjectFilter), membershipQuery.getReturnType(), this.directoryId));
            }
        } else {
            Preconditions.checkArgument(membershipQuery.getEntityToReturn() == EntityDescriptor.group(), "Cannot search for parents of other types than groups");
            if (membershipQuery.getEntityToMatch() == EntityDescriptor.user()) {
                Iterator it2 = membershipQuery.getEntityNamesToMatch().iterator();
                while (it2.hasNext()) {
                    arrayList.addAll(mapGroupMemberships(membershipQuery, getAzureAdPagingWrapper().fetchAllResults(getRestClient().getDirectParentsOfUser((String) it2.next(), resolveAzureAdColumnsForSingleEntityTypeQuery))));
                }
            } else {
                if (membershipQuery.getEntityToMatch() != EntityDescriptor.group()) {
                    throw new IllegalArgumentException("Unsupported entity type " + membershipQuery.getEntityToMatch());
                }
                Iterator<String> it3 = getGroupIds(membershipQuery.getEntityNamesToMatch()).iterator();
                while (it3.hasNext()) {
                    arrayList.addAll(mapGroupMemberships(membershipQuery, getAzureAdPagingWrapper().fetchAllResults(getRestClient().getDirectParentsOfGroup(it3.next(), resolveAzureAdColumnsForSingleEntityTypeQuery))));
                }
            }
        }
        return SearchResultsUtil.constrainResults(arrayList, membershipQuery.getStartIndex(), membershipQuery.getMaxResults());
    }

    private List<String> getGroupIds(Collection<String> collection) throws OperationFailedException {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            Optional<String> fetchExternalIdOfGroup = fetchExternalIdOfGroup(it.next());
            arrayList.getClass();
            fetchExternalIdOfGroup.ifPresent((v1) -> {
                r1.add(v1);
            });
        }
        return arrayList;
    }

    public void testConnection() throws OperationFailedException {
        this.azureAdRestClient.get().searchUsers(this.graphQueryTranslator.convert(QueryBuilder.queryFor(String.class, EntityDescriptor.user()).returningAtMost(1)));
    }

    public boolean supportsInactiveAccounts() {
        return true;
    }

    public boolean supportsNestedGroups() {
        return this.supportsNestedGroups;
    }

    public boolean supportsPasswordExpiration() {
        return false;
    }

    public boolean supportsSettingEncryptedCredential() {
        return false;
    }

    public boolean isRolesDisabled() {
        return true;
    }

    @Nonnull
    public Iterable<Membership> getMemberships() throws OperationFailedException {
        Iterator<Membership> membershipIterator = createMembershipHelper().membershipIterator();
        return () -> {
            return membershipIterator;
        };
    }

    @Nonnull
    public RemoteDirectory getAuthoritativeDirectory() {
        return this;
    }

    public void expireAllPasswords() throws OperationFailedException {
        throw new OperationNotSupportedException(NOT_IMPLEMENTED);
    }

    @Nullable
    public AvatarReference getUserAvatarByName(String str, int i) {
        return null;
    }

    public boolean isGroupFilteringEnabled() {
        return Boolean.parseBoolean(getValue(GROUP_FILTERING_ENABLED_ATTRIBUTE));
    }

    public Set<String> getGroupsNamesToFilter() {
        return AzureGroupFilterProcessor.getGroupNames(getValue(FILTERED_GROUPS_ATTRIBUTE));
    }

    public List<GroupWithAttributes> getFilteredGroups() throws OperationFailedException {
        ImmutableList<String> copyOf = ImmutableList.copyOf(getGroupsNamesToFilter());
        ImmutableList<GroupWithAttributes> copyOf2 = ImmutableList.copyOf(searchGroups(QueryBuilder.queryFor(GroupWithAttributes.class, EntityDescriptor.group()).with(Restriction.on(GroupTermKeys.NAME).exactlyMatchingAny(copyOf)).returningAtMost(-1)));
        logNotExistingGroupNames(copyOf, copyOf2);
        return copyOf2;
    }

    private void logNotExistingGroupNames(ImmutableList<String> immutableList, ImmutableList<GroupWithAttributes> immutableList2) {
        Set set = (Set) immutableList.stream().filter(IdentifierUtils.containsIdentifierPredicate((List) immutableList2.stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList())).negate()).collect(Collectors.toSet());
        if (set.isEmpty()) {
            return;
        }
        logger.warn("Non existent Group(s) to filter out in Azure AD: {}", set);
    }

    public DeltaQueryResult<UserWithAttributes> performUsersDeltaQuery() throws OperationFailedException {
        return this.restEntityMapper.mapDeltaQueryUsers(getAzureAdPagingWrapper().fetchAllDeltaQueryResults(getRestClient().performUsersDeltaQuery(this.graphQueryTranslator.resolveAzureAdColumnsForSingleEntityTypeQuery(EntityDescriptor.user(), FetchMode.DELTA_QUERY))), getDirectoryId());
    }

    public DeltaQueryResult<GroupWithMembershipChanges> performGroupsDeltaQuery() throws OperationFailedException {
        ODataExpand resolveAzureAdNavigationPropertiesForSingleEntityTypeQuery = this.graphQueryTranslator.resolveAzureAdNavigationPropertiesForSingleEntityTypeQuery(EntityDescriptor.group(), FetchMode.DELTA_QUERY);
        return this.restEntityMapper.mapDeltaQueryGroups(getAzureAdPagingWrapper().fetchAllDeltaQueryResults(getRestClient().performGroupsDeltaQuery(this.graphQueryTranslator.resolveAzureAdColumnsForSingleEntityTypeQuery(EntityDescriptor.group(), FetchMode.DELTA_QUERY), resolveAzureAdNavigationPropertiesForSingleEntityTypeQuery)), getDirectoryId());
    }

    public DeltaQueryResult<GroupWithMembershipChanges> fetchGroupChanges(String str) throws OperationFailedException {
        return this.restEntityMapper.mapDeltaQueryGroups(getAzureAdPagingWrapper().fetchAllDeltaQueryResults(getRestClient().performGroupsDeltaQuery(new MicrosoftGraphDeltaToken(str))), getDirectoryId());
    }

    public DeltaQueryResult<UserWithAttributes> fetchUserChanges(String str) throws OperationFailedException {
        return this.restEntityMapper.mapDeltaQueryUsers(getAzureAdPagingWrapper().fetchAllDeltaQueryResults(getRestClient().performUsersDeltaQuery(new MicrosoftGraphDeltaToken(str))), getDirectoryId());
    }

    private Optional<String> fetchExternalIdOfGroup(String str) throws OperationFailedException {
        List<GraphGroup> entries = getRestClient().searchGroups(new GraphQuery(this.graphQueryTranslator.translateSearchRestriction(EntityDescriptor.group(), Restriction.on(GroupTermKeys.NAME).exactlyMatching(str)), this.graphQueryTranslator.resolveAzureAdColumnsForSingleEntityTypeQuery(EntityDescriptor.group(), FetchMode.ID), 0, ODataTop.SINGLE_RESULT)).getEntries();
        if (entries.isEmpty()) {
            return Optional.empty();
        }
        if (entries.size() > 1) {
            throw new IllegalStateException(String.format("More than one group with name %s exists", str));
        }
        return Optional.of(((GraphGroup) Iterables.getOnlyElement(entries)).getId());
    }

    public boolean supportsDeltaQueryApi() {
        return getRestClient().supportsDeltaQuery();
    }

    private <T> Predicate<DirectoryObject> getDirectoryObjectFilter(MembershipQuery<T> membershipQuery) {
        if (membershipQuery.getEntityToReturn() == EntityDescriptor.user()) {
            return MembershipFilterUtil::isUser;
        }
        if (membershipQuery.getEntityToReturn() == EntityDescriptor.group()) {
            return MembershipFilterUtil::isGroup;
        }
        throw new IllegalStateException("Unsupported entity type " + membershipQuery.getEntityToReturn());
    }

    private <T> List<T> mapGroupMemberships(MembershipQuery<T> membershipQuery, List<DirectoryObject> list) {
        return this.restEntityMapper.mapDirectoryObjects((Collection<DirectoryObject>) list.stream().filter(MembershipFilterUtil::isGroup).collect(Collectors.toList()), membershipQuery.getReturnType(), this.directoryId);
    }

    private <T extends Exception> void validateSingleResult(PageableGraphList pageableGraphList, Supplier<T> supplier) throws Exception {
        int size = pageableGraphList.getEntries().size();
        if (size == 0) {
            throw supplier.get();
        }
        if (size > 1) {
            throw new IllegalStateException(String.format("Expected one result, found %d. Please verify that there are noentities with duplicate names in the directory", Integer.valueOf(size)));
        }
    }

    public AzureMembershipHelper createMembershipHelper() {
        return new AzureMembershipHelper(getRestClient(), getAzureAdPagingWrapper(), this.graphQueryTranslator, this.restEntityMapper, this);
    }

    @VisibleForTesting
    public AzureAdRestClient getRestClient() {
        return this.azureAdRestClient.get();
    }

    private UserCredentialVerifier getUserCredentialVerifier() {
        return this.userCredentialVerifier.get();
    }

    private AzureAdPagingWrapper getAzureAdPagingWrapper() {
        return this.azureAdPagingWrapper.get();
    }

    public MicrosoftGraphQueryTranslator getTranslator() {
        return this.graphQueryTranslator;
    }

    public boolean isLocalGroupsEnabled() {
        return this.localGroupsEnabled;
    }
}
