package com.atlassian.crowd.directory.cache;

import com.atlassian.crowd.directory.AzureAdDirectory;
import com.atlassian.crowd.directory.rest.AzureAdRestClient;
import com.atlassian.crowd.directory.rest.mapper.DeltaQueryResult;
import com.atlassian.crowd.directory.rest.util.ThrowingMapMergeOperatorUtil;
import com.atlassian.crowd.directory.synchronisation.CacheSynchronisationResult;
import com.atlassian.crowd.directory.synchronisation.PartialSynchronisationResult;
import com.atlassian.crowd.directory.synchronisation.cache.CacheRefresher;
import com.atlassian.crowd.directory.synchronisation.cache.DirectoryCache;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.model.group.GroupWithMembershipChanges;
import com.atlassian.crowd.model.user.UserWithAttributes;
import com.atlassian.crowd.util.EqualityUtil;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.Date;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/directory/cache/DeltaQueryCacheRefresher.class */
public class DeltaQueryCacheRefresher implements CacheRefresher {
    private static final Logger log = LoggerFactory.getLogger(DeltaQueryCacheRefresher.class);
    protected final AzureAdDirectory azureAdDirectory;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/atlassian/crowd/directory/cache/DeltaQueryCacheRefresher$IdToNameProvider.class */
    public interface IdToNameProvider {
        Map<String, String> getIdToNames(Set<String> set) throws OperationFailedException;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/atlassian/crowd/directory/cache/DeltaQueryCacheRefresher$IdToNameResolver.class */
    public interface IdToNameResolver {
        Set<String> getNames(Set<String> set, boolean z) throws OperationFailedException;
    }

    public DeltaQueryCacheRefresher(AzureAdDirectory azureAdDirectory) {
        this.azureAdDirectory = azureAdDirectory;
    }

    public CacheSynchronisationResult synchroniseAll(DirectoryCache directoryCache) throws OperationFailedException {
        String str = "DeltaQueryCacheRefresher-" + this.azureAdDirectory.getDirectoryId();
        Callable callable = this::getUsersFromDeltaQuery;
        AzureAdDirectory azureAdDirectory = this.azureAdDirectory;
        azureAdDirectory.getClass();
        BackgroundQueriesProcessor backgroundQueriesProcessor = new BackgroundQueriesProcessor(str, callable, azureAdDirectory::performGroupsDeltaQuery);
        Throwable th = null;
        try {
            try {
                Date date = new Date();
                DeltaQueryResult<UserWithAttributes> synchroniseAllUsers = synchroniseAllUsers(directoryCache, backgroundQueriesProcessor.getUsers(), date);
                PartialSynchronisationResult<GroupWithMembershipChanges> synchroniseAllGroups = synchroniseAllGroups(directoryCache, backgroundQueriesProcessor.getGroups(), date);
                synchroniseAllMemberships(directoryCache, synchroniseAllUsers, synchroniseAllGroups.getResults());
                CacheSynchronisationResult cacheSynchronisationResult = new CacheSynchronisationResult(true, new DeltaQuerySyncTokenHolder(synchroniseAllUsers.getSyncToken().orElse(null), (String) synchroniseAllGroups.getSyncToken().orElse(null)).serialize());
                if (backgroundQueriesProcessor != null) {
                    if (0 != 0) {
                        try {
                            backgroundQueriesProcessor.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        backgroundQueriesProcessor.close();
                    }
                }
                return cacheSynchronisationResult;
            } finally {
            }
        } catch (Throwable th3) {
            if (backgroundQueriesProcessor != null) {
                if (th != null) {
                    try {
                        backgroundQueriesProcessor.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    backgroundQueriesProcessor.close();
                }
            }
            throw th3;
        }
    }

    protected DeltaQueryResult<UserWithAttributes> getUsersFromDeltaQuery() throws OperationFailedException {
        return this.azureAdDirectory.performUsersDeltaQuery();
    }

    protected DeltaQueryResult<UserWithAttributes> getUserChangesFromDeltaQuery(String str) throws OperationFailedException {
        return this.azureAdDirectory.fetchUserChanges(str);
    }

    public CacheSynchronisationResult synchroniseChanges(DirectoryCache directoryCache, @Nullable String str) throws OperationFailedException {
        Optional<DeltaQuerySyncTokenHolder> extractSyncToken = extractSyncToken(str);
        if (!extractSyncToken.isPresent()) {
            return CacheSynchronisationResult.FAILURE;
        }
        DeltaQuerySyncTokenHolder deltaQuerySyncTokenHolder = extractSyncToken.get();
        BackgroundQueriesProcessor backgroundQueriesProcessor = new BackgroundQueriesProcessor("DeltaQueryCacheRefresher-" + this.azureAdDirectory.getDirectoryId(), () -> {
            return getUserChangesFromDeltaQuery(deltaQuerySyncTokenHolder.getUsersDeltaQuerySyncToken());
        }, () -> {
            return this.azureAdDirectory.fetchGroupChanges(deltaQuerySyncTokenHolder.getGroupsDeltaQuerySyncToken());
        });
        Throwable th = null;
        try {
            try {
                Date date = new Date();
                DeltaQueryResult<UserWithAttributes> synchroniseUserChanges = synchroniseUserChanges(directoryCache, backgroundQueriesProcessor.getUsers(), date);
                DeltaQueryResult<GroupWithMembershipChanges> synchroniseGroupChanges = synchroniseGroupChanges(directoryCache, backgroundQueriesProcessor.getGroups(), date);
                synchroniseMembershipChanges(directoryCache, synchroniseUserChanges, synchroniseGroupChanges.getChangedEntities());
                CacheSynchronisationResult cacheSynchronisationResult = new CacheSynchronisationResult(true, new DeltaQuerySyncTokenHolder(synchroniseUserChanges.getSyncToken().orElse(null), synchroniseGroupChanges.getSyncToken().orElse(null)).serialize());
                if (backgroundQueriesProcessor != null) {
                    if (0 != 0) {
                        try {
                            backgroundQueriesProcessor.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        backgroundQueriesProcessor.close();
                    }
                }
                return cacheSynchronisationResult;
            } finally {
            }
        } catch (Throwable th3) {
            if (backgroundQueriesProcessor != null) {
                if (th != null) {
                    try {
                        backgroundQueriesProcessor.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    backgroundQueriesProcessor.close();
                }
            }
            throw th3;
        }
    }

    protected Optional<DeltaQuerySyncTokenHolder> extractSyncToken(String str) {
        if (!Strings.isNullOrEmpty(str)) {
            return Optional.of(str).map(DeltaQuerySyncTokenHolder::deserialize).filter(this::isValidToken);
        }
        log.info("Synchronisation token not present, full sync of directory [{}] is necessary before incremental sync is possible.", Long.valueOf(this.azureAdDirectory.getDirectoryId()));
        return Optional.empty();
    }

    protected boolean isValidToken(DeltaQuerySyncTokenHolder deltaQuerySyncTokenHolder) {
        if (Strings.isNullOrEmpty(deltaQuerySyncTokenHolder.getGroupsDeltaQuerySyncToken())) {
            log.info("Groups delta token not present, falling back to full sync of directory [{}].", Long.valueOf(this.azureAdDirectory.getDirectoryId()));
            return false;
        }
        if (!Strings.isNullOrEmpty(deltaQuerySyncTokenHolder.getUsersDeltaQuerySyncToken())) {
            return true;
        }
        log.info("Users delta token not present, falling back to full sync of directory [{}].", Long.valueOf(this.azureAdDirectory.getDirectoryId()));
        return false;
    }

    private void synchroniseAllMemberships(DirectoryCache directoryCache, DeltaQueryResult<UserWithAttributes> deltaQueryResult, Collection<GroupWithMembershipChanges> collection) throws OperationFailedException {
        IdToNameResolver usersResolver = usersResolver(deltaQueryResult, directoryCache);
        IdToNameResolver groupResolver = groupResolver(collection, directoryCache);
        for (GroupWithMembershipChanges groupWithMembershipChanges : collection) {
            log.debug("Synchronising memberships for group {}", groupWithMembershipChanges.getName());
            if (this.azureAdDirectory.supportsNestedGroups()) {
                directoryCache.syncGroupMembersForGroup(groupWithMembershipChanges, groupResolver.getNames(groupWithMembershipChanges.getGroupChildrenIdsToAdd(), true));
            }
            directoryCache.syncUserMembersForGroup(groupWithMembershipChanges, usersResolver.getNames(groupWithMembershipChanges.getUserChildrenIdsToAdd(), true));
        }
    }

    protected void synchroniseMembershipChanges(DirectoryCache directoryCache, DeltaQueryResult<UserWithAttributes> deltaQueryResult, Collection<GroupWithMembershipChanges> collection) throws OperationFailedException {
        IdToNameResolver usersResolver = usersResolver(deltaQueryResult, directoryCache);
        IdToNameResolver groupResolver = groupResolver(collection, directoryCache);
        for (GroupWithMembershipChanges groupWithMembershipChanges : collection) {
            if (this.azureAdDirectory.supportsNestedGroups()) {
                directoryCache.addGroupMembersForGroup(groupWithMembershipChanges, groupResolver.getNames(groupWithMembershipChanges.getGroupChildrenIdsToAdd(), true));
                directoryCache.deleteGroupMembersForGroup(groupWithMembershipChanges, groupResolver.getNames(groupWithMembershipChanges.getGroupChildrenIdsToDelete(), false));
            }
            directoryCache.addUserMembersForGroup(groupWithMembershipChanges, usersResolver.getNames(groupWithMembershipChanges.getUserChildrenIdsToAdd(), true));
            directoryCache.deleteUserMembersForGroup(groupWithMembershipChanges, usersResolver.getNames(groupWithMembershipChanges.getUserChildrenIdsToDelete(), false));
        }
    }

    protected Set<String> getNames(Map<String, String> map, Set<String> set, IdToNameProvider idToNameProvider, boolean z, String str) throws OperationFailedException {
        Sets.SetView difference = Sets.difference(set, map.keySet());
        if (!difference.isEmpty()) {
            log.debug("Azure AD reported memberships on {}s that were not modified: {}, trying to resolve them from directory cache", str, difference);
            map.putAll(idToNameProvider.getIdToNames(difference));
            if (z && !difference.isEmpty()) {
                throw new OperationFailedException("Azure AD reported new memberships on " + str + "s that were not returned during " + str + " sync. " + StringUtils.capitalize(str) + "s in question: " + difference);
            }
        }
        Stream<String> stream = set.stream();
        map.getClass();
        return (Set) stream.map((v1) -> {
            return r1.get(v1);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet());
    }

    protected <T> Map<String, String> mapIdToUniqueNames(Collection<T> collection, Function<T, String> function, Function<T, String> function2, String str) {
        ThrowingMapMergeOperatorUtil.mapUniqueNamesToIds(collection, function2, function, str);
        return (Map) collection.stream().collect(Collectors.toMap(function, function2));
    }

    protected IdToNameResolver usersResolver(DeltaQueryResult<UserWithAttributes> deltaQueryResult, DirectoryCache directoryCache) {
        Map<String, String> mapIdToUniqueNames = mapIdToUniqueNames(deltaQueryResult.getChangedEntities(), (v0) -> {
            return v0.getExternalId();
        }, (v0) -> {
            return v0.getName();
        }, AzureAdRestClient.USER_SUFFIX);
        return (set, z) -> {
            ImmutableSet immutableCopy = Sets.difference(set, deltaQueryResult.getNamelessEntities()).immutableCopy();
            directoryCache.getClass();
            return getNames(mapIdToUniqueNames, immutableCopy, directoryCache::findUsersByExternalIds, z, AzureAdRestClient.USER_SUFFIX);
        };
    }

    protected IdToNameResolver groupResolver(Collection<GroupWithMembershipChanges> collection, DirectoryCache directoryCache) {
        Map<String, String> mapIdToUniqueNames = mapIdToUniqueNames(collection, (v0) -> {
            return v0.getExternalId();
        }, (v0) -> {
            return v0.getName();
        }, AzureAdRestClient.GROUP_SUFFIX);
        return (set, z) -> {
            directoryCache.getClass();
            return getNames(mapIdToUniqueNames, set, directoryCache::findGroupsByExternalIds, z, AzureAdRestClient.GROUP_SUFFIX);
        };
    }

    protected DeltaQueryResult<UserWithAttributes> synchroniseUserChanges(DirectoryCache directoryCache, DeltaQueryResult<UserWithAttributes> deltaQueryResult, Date date) throws OperationFailedException {
        handleNamelessEntities(deltaQueryResult, AzureAdRestClient.GRAPH_USERS_ENDPOINT_SUFFIX);
        directoryCache.deleteCachedUsersByGuid(deltaQueryResult.getDeletedEntities());
        directoryCache.addOrUpdateCachedUsers(deltaQueryResult.getChangedEntities(), date);
        return deltaQueryResult;
    }

    protected DeltaQueryResult<GroupWithMembershipChanges> synchroniseGroupChanges(DirectoryCache directoryCache, DeltaQueryResult<GroupWithMembershipChanges> deltaQueryResult, Date date) throws OperationFailedException {
        handleNamelessEntities(deltaQueryResult, AzureAdRestClient.GRAPH_GROUPS_ENDPOINT_SUFFIX);
        checkNoRenamedGroups(directoryCache, deltaQueryResult);
        checkNoReaddedGroups(directoryCache, deltaQueryResult);
        directoryCache.deleteCachedGroupsByGuids(deltaQueryResult.getDeletedEntities());
        directoryCache.addOrUpdateCachedGroups(deltaQueryResult.getChangedEntities(), date);
        return deltaQueryResult;
    }

    protected void checkNoRenamedGroups(DirectoryCache directoryCache, DeltaQueryResult<GroupWithMembershipChanges> deltaQueryResult) throws OperationFailedException {
        Map map = (Map) deltaQueryResult.getChangedEntities().stream().collect(Collectors.toMap((v0) -> {
            return v0.getExternalId();
        }, (v0) -> {
            return v0.getName();
        }));
        Set set = (Set) directoryCache.findGroupsByExternalIds(map.keySet()).entrySet().stream().filter(entry -> {
            String str = (String) map.get(entry.getKey());
            return str != null && EqualityUtil.different(str, (String) entry.getValue());
        }).collect(Collectors.toSet());
        if (set.isEmpty()) {
            return;
        }
        log.info("Cannot proceed with incremental synchronisation due to groups with known external ids but unknownnames, falling back to full synchronisation. Groups in question: [{}]", set);
        throw new OperationFailedException("Cannot proceed with incremental synchronisation due to renamed groups, falling back to full synchronisation.");
    }

    protected void checkNoReaddedGroups(DirectoryCache directoryCache, DeltaQueryResult<GroupWithMembershipChanges> deltaQueryResult) throws OperationFailedException {
        Map<String, String> mapUniqueNamesToIds = ThrowingMapMergeOperatorUtil.mapUniqueNamesToIds(deltaQueryResult.getChangedEntities(), (v0) -> {
            return v0.getName();
        }, (v0) -> {
            return v0.getExternalId();
        }, AzureAdRestClient.GROUP_SUFFIX);
        Set set = (Set) directoryCache.findGroupsExternalIdsByNames(mapUniqueNamesToIds.keySet()).entrySet().stream().filter(entry -> {
            String str = (String) mapUniqueNamesToIds.get(entry.getKey());
            return (str == null || !EqualityUtil.different(str, (String) entry.getValue()) || deltaQueryResult.getDeletedEntities().contains(entry.getValue())) ? false : true;
        }).collect(Collectors.toSet());
        if (set.isEmpty()) {
            return;
        }
        log.info("Cannot proceed with incremental synchronisation due to groups readded with known names/duplicates, falling back to full synchronisation. Groups in question: [{}]", set);
        throw new OperationFailedException("Cannot proceed with incremental synchronisation due to readded/duplicate groups, falling back to full synchronisation.");
    }

    private DeltaQueryResult<UserWithAttributes> synchroniseAllUsers(DirectoryCache directoryCache, DeltaQueryResult<UserWithAttributes> deltaQueryResult, Date date) throws OperationFailedException {
        handleNamelessEntities(deltaQueryResult, AzureAdRestClient.GRAPH_USERS_ENDPOINT_SUFFIX);
        directoryCache.deleteCachedUsersNotIn(deltaQueryResult.getChangedEntities(), date);
        directoryCache.addOrUpdateCachedUsers(deltaQueryResult.getChangedEntities(), date);
        return deltaQueryResult;
    }

    private PartialSynchronisationResult<GroupWithMembershipChanges> synchroniseAllGroups(DirectoryCache directoryCache, DeltaQueryResult<GroupWithMembershipChanges> deltaQueryResult, Date date) throws OperationFailedException {
        handleNamelessEntities(deltaQueryResult, AzureAdRestClient.GRAPH_GROUPS_ENDPOINT_SUFFIX);
        directoryCache.deleteCachedGroupsNotInByExternalId(deltaQueryResult.getChangedEntities(), date);
        directoryCache.addOrUpdateCachedGroups(deltaQueryResult.getChangedEntities(), date);
        return new PartialSynchronisationResult<>(deltaQueryResult.getChangedEntities(), deltaQueryResult.getSyncToken().orElse(null));
    }

    protected <T> void handleNamelessEntities(DeltaQueryResult<T> deltaQueryResult, String str) {
        Sets.SetView difference = Sets.difference(deltaQueryResult.getNamelessEntities(), deltaQueryResult.getDeletedEntities());
        if (difference.isEmpty()) {
            return;
        }
        log.warn("Azure AD returned the following {} without ids: {}", str, difference);
    }
}
