package com.atlassian.crowd.directory;

import com.atlassian.crowd.cql.parser.CqlQueryParser;
import com.atlassian.crowd.directory.hybrid.LocalGroupHandler;
import com.atlassian.crowd.directory.ldap.cache.CacheRefresher;
import com.atlassian.crowd.directory.ldap.cache.DirectoryCacheFactory;
import com.atlassian.crowd.directory.ldap.cache.DirectoryCacheRefreshMode;
import com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher;
import com.atlassian.crowd.directory.monitor.EmailBasedDirectory;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.embedded.spi.LocalServiceDeskUserFeatureControl;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.InvalidGroupException;
import com.atlassian.crowd.exception.InvalidMembershipException;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.MembershipAlreadyExistsException;
import com.atlassian.crowd.exception.MembershipNotFoundException;
import com.atlassian.crowd.exception.ObjectNotFoundException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.ProductNotFoundException;
import com.atlassian.crowd.exception.ProductPermissionAlreadyExistsException;
import com.atlassian.crowd.exception.ReadOnlyGroupException;
import com.atlassian.crowd.exception.UserAlreadyExistsException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.manager.directory.SynchronisationMode;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupTemplate;
import com.atlassian.crowd.model.group.GroupWithAttributes;
import com.atlassian.crowd.model.group.Membership;
import com.atlassian.crowd.model.permission.ImmutableProductPermission;
import com.atlassian.crowd.model.permission.ProductPermission;
import com.atlassian.crowd.model.user.IdentityPlatformUser;
import com.atlassian.crowd.model.user.LegacyHordeUser;
import com.atlassian.crowd.model.user.TimestampedUser;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.crowd.model.user.UserWithAttributes;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.search.builder.Restriction;
import com.atlassian.crowd.search.query.entity.EntityQuery;
import com.atlassian.crowd.search.query.entity.PropertyTypeServiceImpl;
import com.atlassian.crowd.search.query.entity.restriction.constants.GroupTermKeys;
import com.atlassian.crowd.search.query.entity.restriction.constants.UserTermKeys;
import com.atlassian.crowd.search.query.membership.MembershipQuery;
import com.atlassian.crowd.util.BoundedCount;
import com.atlassian.crowd.util.TimedOperation;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/directory/DbCachingRemoteDirectory.class */
public class DbCachingRemoteDirectory implements RemoteDirectory, SynchronisableDirectory {
    private static final Logger log = LoggerFactory.getLogger(DbCachingRemoteDirectory.class);
    public static final String INTERNAL_USER_PASSWORD = "nopass";
    private static final String ATLASSIAN_ADDONS_ADMIN_GROUP = "atlassian-addons-admin";
    private final RemoteDirectory remoteDirectory;
    private final LocalGroupHandler localGroupHandler;
    private final InternalRemoteDirectory internalDirectory;
    private final DirectoryCacheFactory directoryCacheFactory;
    private final CacheRefresher cacheRefresher;
    private final LocalServiceDeskUserFeatureControl localServiceDeskUserFeatureControl;

    public DbCachingRemoteDirectory(RemoteDirectory remoteDirectory, InternalRemoteDirectory internalRemoteDirectory, DirectoryCacheFactory directoryCacheFactory, CqlQueryParser cqlQueryParser, LocalServiceDeskUserFeatureControl localServiceDeskUserFeatureControl) {
        this(remoteDirectory, internalRemoteDirectory, directoryCacheFactory, new LocalGroupHandler(internalRemoteDirectory), buildCacheRefresher(remoteDirectory, cqlQueryParser), localServiceDeskUserFeatureControl);
    }

    DbCachingRemoteDirectory(RemoteDirectory remoteDirectory, InternalRemoteDirectory internalRemoteDirectory, DirectoryCacheFactory directoryCacheFactory, CacheRefresher cacheRefresher, LocalServiceDeskUserFeatureControl localServiceDeskUserFeatureControl) {
        this(remoteDirectory, internalRemoteDirectory, directoryCacheFactory, new LocalGroupHandler(internalRemoteDirectory), cacheRefresher, localServiceDeskUserFeatureControl);
    }

    private DbCachingRemoteDirectory(RemoteDirectory remoteDirectory, InternalRemoteDirectory internalRemoteDirectory, DirectoryCacheFactory directoryCacheFactory, LocalGroupHandler localGroupHandler, CacheRefresher cacheRefresher, LocalServiceDeskUserFeatureControl localServiceDeskUserFeatureControl) {
        this.remoteDirectory = remoteDirectory;
        this.internalDirectory = internalRemoteDirectory;
        this.directoryCacheFactory = directoryCacheFactory;
        this.localGroupHandler = localGroupHandler;
        this.cacheRefresher = cacheRefresher;
        this.localServiceDeskUserFeatureControl = localServiceDeskUserFeatureControl;
        log.debug("DBCached directory created for directory [ " + remoteDirectory.getDirectoryId() + " ]");
    }

    private static CacheRefresher buildCacheRefresher(RemoteDirectory remoteDirectory, CqlQueryParser cqlQueryParser) {
        return new RemoteDirectoryCacheRefresher(remoteDirectory, cqlQueryParser, PropertyTypeServiceImpl.newInstance(UserTermKeys.ALL_USER_PROPERTIES));
    }

    public long getDirectoryId() {
        return this.remoteDirectory.getDirectoryId();
    }

    public void setDirectoryId(long j) {
        throw new UnsupportedOperationException("You cannot mutate the directoryID of " + getClass().getName());
    }

    public String getDescriptiveName() {
        return this.remoteDirectory.getDescriptiveName();
    }

    public void setAttributes(Map<String, String> map) {
        throw new UnsupportedOperationException("You cannot mutate the attributes of " + getClass().getName());
    }

    public User findUserByName(String str) throws UserNotFoundException, OperationFailedException {
        return atlassianAccountAwareUser((User) this.internalDirectory.findUserByName(str));
    }

    public UserWithAttributes findUserWithAttributesByName(String str) throws UserNotFoundException, OperationFailedException {
        return atlassianAccountAwareUser(this.internalDirectory.findUserWithAttributesByName(str));
    }

    public User findUserByExternalId(String str) throws UserNotFoundException, OperationFailedException {
        return atlassianAccountAwareUser((User) this.internalDirectory.findUserByExternalId(str));
    }

    public User findUserByAccountId(String str) throws UserNotFoundException, OperationFailedException {
        if (this.remoteDirectory instanceof IdentityPlatformRemoteDirectory) {
            return atlassianAccountAwareUser((User) this.internalDirectory.findUserByAccountId(str));
        }
        return atlassianAccountAwareUser((User) this.internalDirectory.findUserByExternalId(this.remoteDirectory.findUserByAccountId(str).getExternalId()));
    }

    public User authenticate(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        if (this.remoteDirectory instanceof RemoteCrowdDirectory) {
            return atlassianAccountAwareUser(authenticateAndUpdateInternalUser(str, passwordCredential));
        }
        if (!(this.remoteDirectory instanceof EmailBasedDirectory)) {
            return atlassianAccountAwareUser(performAuthenticationAndUpdateAttributes(str, passwordCredential));
        }
        User userToAuthenticate = getUserToAuthenticate(str);
        if (this.remoteDirectory.authenticateViaEmail(userToAuthenticate.getEmailAddress(), passwordCredential)) {
            return atlassianAccountAwareUser(userToAuthenticate);
        }
        throw new InvalidAuthenticationException("Invalid credentials");
    }

    public User authenticateWithHostname(String str, String str2, PasswordCredential passwordCredential, String str3) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        if (!(this.remoteDirectory instanceof EmailBasedDirectory)) {
            return authenticate(str2, passwordCredential);
        }
        User userToAuthenticate = getUserToAuthenticate(str2);
        if (this.remoteDirectory.authenticateViaEmailWithHostname(str, userToAuthenticate.getEmailAddress(), passwordCredential, str3)) {
            return atlassianAccountAwareUser(userToAuthenticate);
        }
        throw new InvalidAuthenticationException("Invalid credentials");
    }

    public User authenticateLocalServiceDeskUser(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        return authenticateAndUpdateLocalServiceDeskUser(str, passwordCredential);
    }

    public Iterable<Membership> getMemberships() throws OperationFailedException {
        return this.internalDirectory.getMemberships();
    }

    private User performAuthenticationAndUpdateAttributes(String str, PasswordCredential passwordCredential) throws UserNotFoundException, ExpiredCredentialException, InactiveAccountException, OperationFailedException, InvalidAuthenticationException {
        HashMap hashMap = new HashMap();
        try {
            User authenticateAndUpdateInternalUser = authenticateAndUpdateInternalUser(str, passwordCredential);
            hashMap.put("invalidPasswordAttempts", Collections.singleton(Long.toString(0L)));
            hashMap.put("lastAuthenticated", Collections.singleton(Long.toString(System.currentTimeMillis())));
            storeUserAttributes(str, hashMap);
            return authenticateAndUpdateInternalUser;
        } catch (InvalidAuthenticationException e) {
            hashMap.put("invalidPasswordAttempts", Collections.singleton(Long.toString(NumberUtils.toLong(findUserWithAttributesByName(str).getValue("invalidPasswordAttempts"), 0L) + 1)));
            storeUserAttributes(str, hashMap);
            throw e;
        }
    }

    User getUserToAuthenticate(String str) throws UserNotFoundException, OperationFailedException {
        UserWithAttributes findUserWithAttributesByName;
        try {
            findUserWithAttributesByName = this.internalDirectory.findUserWithAttributesByEmail(str);
        } catch (UserNotFoundException e) {
            findUserWithAttributesByName = findUserWithAttributesByName(str);
            if (isLocalServiceDeskUserManagementActive() && findUserWithAttributesByName.isLocalServiceDeskUser()) {
                throw e;
            }
        }
        if (isLocalServiceDeskUserManagementActive() && findUserWithAttributesByName.isLocalServiceDeskUser()) {
            throw new UserNotFoundException(str);
        }
        return findUserWithAttributesByName;
    }

    @VisibleForTesting
    protected User authenticateAndUpdateInternalUser(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        User authenticate = this.remoteDirectory.authenticate(str, passwordCredential);
        User findLocalUserByExternalIdOrName = findLocalUserByExternalIdOrName(authenticate);
        if (isLocalServiceDeskUserManagementActive() && findLocalUserByExternalIdOrName != null && findLocalUserByExternalIdOrName.isLocalServiceDeskUser()) {
            throw new OperationFailedException("Local user authentication not supported.");
        }
        try {
            if (findLocalUserByExternalIdOrName == null) {
                addOrUpdateInternalUser(authenticate);
            } else {
                if (!findLocalUserByExternalIdOrName.getName().equals(authenticate.getName())) {
                    findLocalUserByExternalIdOrName = this.internalDirectory.forceRenameUser(findLocalUserByExternalIdOrName, authenticate.getName());
                }
                updateUserAndSetActiveFlag(authenticate, findLocalUserByExternalIdOrName);
            }
            updateGroupsMembershipOnLogin(authenticate);
            return authenticate;
        } catch (InvalidUserException e) {
            throw new OperationFailedException(e);
        }
    }

    private TimestampedUser findLocalUserByExternalIdOrName(User user) {
        TimestampedUser findLocalUserByExternalId = findLocalUserByExternalId(user.getExternalId());
        if (findLocalUserByExternalId != null) {
            return findLocalUserByExternalId;
        }
        try {
            return this.internalDirectory.findUserByName(user.getName());
        } catch (UserNotFoundException e) {
            return null;
        }
    }

    private TimestampedUser findLocalUserByExternalId(String str) {
        if (str == null) {
            return null;
        }
        try {
            if (str.isEmpty()) {
                return null;
            }
            return this.internalDirectory.findUserByExternalId(str);
        } catch (UserNotFoundException e) {
            return null;
        }
    }

    @VisibleForTesting
    protected User updateUserAndSetActiveFlag(User user, User user2) throws UserNotFoundException, InvalidUserException, OperationFailedException {
        preventExternalIdDuplication(user, user2);
        return this.internalDirectory.updateUser(new UserTemplate(user));
    }

    @VisibleForTesting
    protected void updateGroupsMembershipOnLogin(User user) throws OperationFailedException, UserNotFoundException {
        MembershipQuery returningAtMost = QueryBuilder.queryFor(String.class, EntityDescriptor.group()).parentsOf(EntityDescriptor.user()).withName(user.getName()).returningAtMost(-1);
        ImmutableSet copyOf = ImmutableSet.copyOf(this.remoteDirectory.searchGroupRelationships(returningAtMost));
        ImmutableSet copyOf2 = ImmutableSet.copyOf(this.internalDirectory.searchGroupRelationships(returningAtMost));
        Sets.SetView<String> difference = Sets.difference(copyOf, copyOf2);
        Sets.SetView<String> difference2 = Sets.difference(copyOf2, copyOf);
        if (!difference2.isEmpty() && !copyOf.isEmpty()) {
            ImmutableSet<String> findAllLocalGroups = findAllLocalGroups();
            for (String str : difference2) {
                try {
                    if (!findAllLocalGroups.contains(str)) {
                        this.internalDirectory.removeUserFromGroup(user.getName(), str);
                    }
                } catch (MembershipNotFoundException e) {
                    log.debug("User " + user.getName() + " is no longer member of the group " + str);
                } catch (ReadOnlyGroupException e2) {
                    throw new RuntimeException("Failed to remove user from internal directory as group " + str + " is read only ", e2);
                } catch (GroupNotFoundException e3) {
                }
            }
        }
        for (String str2 : difference) {
            try {
                addUserToGroupInternal(user.getName(), str2);
            } catch (ReadOnlyGroupException e4) {
                throw new RuntimeException("Failed to add user from internal directory as group " + str2 + " is read only ", e4);
            } catch (GroupNotFoundException e5) {
            }
        }
    }

    private void preventExternalIdDuplication(User user, User user2) throws OperationFailedException, InvalidUserException {
        if (StringUtils.isBlank(user.getExternalId()) || user.getExternalId().equals(user2.getExternalId())) {
            return;
        }
        try {
            TimestampedUser findUserByExternalId = this.internalDirectory.findUserByExternalId(user.getExternalId());
            if (findUserByExternalId != null) {
                removeExternalId(findUserByExternalId);
                log.warn("Possible user unique id duplication, removing unique id: " + user2.getExternalId() + " for user " + user2.getName());
            }
        } catch (UserNotFoundException e) {
        }
    }

    private void removeExternalId(User user) throws UserNotFoundException, InvalidUserException, OperationFailedException {
        UserTemplate userTemplate = new UserTemplate(user);
        userTemplate.setExternalId((String) null);
        this.internalDirectory.updateUser(userTemplate);
    }

    private ImmutableSet<String> findAllLocalGroups() throws OperationFailedException {
        return !this.localGroupHandler.isLocalGroupsEnabled() ? ImmutableSet.of() : ImmutableSet.copyOf(this.internalDirectory.searchGroups(QueryBuilder.queryFor(String.class, EntityDescriptor.group()).with(Restriction.on(GroupTermKeys.LOCAL).exactlyMatching(true)).returningAtMost(-1)));
    }

    private User authenticateAndUpdateLocalServiceDeskUser(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        return !isLocalServiceDeskUserManagementActive() ? authenticateLocalServiceDeskUserAgainstHorde(str, passwordCredential) : isHordePasswordCopyingAuthenticationEnabled() ? authenticateLocalServiceDeskUserAndCopyPassword(str, passwordCredential) : this.internalDirectory.authenticateLocalServiceDeskUser(str, passwordCredential);
    }

    private User authenticateLocalServiceDeskUserAgainstHorde(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        try {
            return authenticateLocalServiceDeskUserRemoteOnly(str, this.internalDirectory.findUserWithAttributesByName(str), passwordCredential);
        } catch (UserNotFoundException | InactiveAccountException | InvalidAuthenticationException | ExpiredCredentialException e) {
            try {
                return authenticateLocalServiceDeskUserRemoteOnly(str, this.internalDirectory.findUserWithAttributesByEmail(str), passwordCredential);
            } catch (UserNotFoundException | InactiveAccountException | InvalidAuthenticationException | ExpiredCredentialException e2) {
                if (e instanceof UserNotFoundException) {
                    throw e2;
                }
                throw e;
            }
        }
    }

    private User authenticateLocalServiceDeskUserRemoteOnly(String str, UserWithAttributes userWithAttributes, PasswordCredential passwordCredential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        ensureLocalAndActiveUser(str, userWithAttributes);
        return doRemoteAuthenticationOfLocalUser(str, userWithAttributes, passwordCredential, false);
    }

    private void ensureLocalAndActiveUser(String str, UserWithAttributes userWithAttributes) throws UserNotFoundException, InactiveAccountException {
        if (!userWithAttributes.isLocalServiceDeskUser()) {
            throw new UserNotFoundException(str);
        }
        if (!userWithAttributes.isActive()) {
            throw new InactiveAccountException(str);
        }
    }

    private User authenticateLocalServiceDeskUserAndCopyPassword(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        try {
            return authenticateLocalServiceDeskUserAndCopyPassword(str, this.internalDirectory.findUserWithAttributesByName(str), passwordCredential);
        } catch (UserNotFoundException | InactiveAccountException | InvalidAuthenticationException | ExpiredCredentialException e) {
            try {
                return authenticateLocalServiceDeskUserAndCopyPassword(str, this.internalDirectory.findUserWithAttributesByEmail(str), passwordCredential);
            } catch (UserNotFoundException | InactiveAccountException | InvalidAuthenticationException | ExpiredCredentialException e2) {
                if (e instanceof UserNotFoundException) {
                    throw e2;
                }
                throw e;
            }
        }
    }

    private User authenticateLocalServiceDeskUserAndCopyPassword(String str, UserWithAttributes userWithAttributes, PasswordCredential passwordCredential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        ensureLocalAndActiveUser(str, userWithAttributes);
        if (isLocalPasswordMarkedAsRemotelySet(userWithAttributes)) {
            log.debug("Attempting remote authentication and password copy");
            return doRemoteAuthenticationOfLocalUser(str, userWithAttributes, passwordCredential, true);
        }
        log.debug("Local authentication only");
        return this.internalDirectory.authenticateLocalServiceDeskUser(str, userWithAttributes, passwordCredential);
    }

    private User doRemoteAuthenticationOfLocalUser(String str, UserWithAttributes userWithAttributes, PasswordCredential passwordCredential, boolean z) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        if (!StringUtils.equals(this.remoteDirectory.authenticate(userWithAttributes.getName(), passwordCredential).getExternalId(), userWithAttributes.getExternalId())) {
            throw new UserNotFoundException(str);
        }
        if (z) {
            try {
                this.internalDirectory.updateUserCredential(userWithAttributes.getName(), passwordCredential);
            } catch (UserNotFoundException | InvalidCredentialException | OperationFailedException e) {
                log.warn("Remote authentication succeeded, but setting local password failed");
                throw new OperationFailedException("Failed to set local password", e);
            }
        }
        return userWithAttributes;
    }

    private boolean isLocalPasswordMarkedAsRemotelySet(User user) {
        try {
            return INTERNAL_USER_PASSWORD.equals(this.internalDirectory.getCredential(user).getCredential());
        } catch (UserNotFoundException e) {
            log.debug("Failed to load credentials", e);
            return false;
        }
    }

    public User addUser(UserTemplate userTemplate, PasswordCredential passwordCredential) throws InvalidUserException, InvalidCredentialException, UserAlreadyExistsException, OperationFailedException {
        return (isLocalServiceDeskUserManagementActive() && userTemplate.isLocalServiceDeskUser()) ? addLocalServiceDeskUser(userTemplate, passwordCredential) : addRemoteUser(userTemplate, passwordCredential);
    }

    private User addRemoteUser(UserTemplate userTemplate, PasswordCredential passwordCredential) throws InvalidUserException, InvalidCredentialException, UserAlreadyExistsException, OperationFailedException {
        UserTemplate userTemplate2 = new UserTemplate(this.remoteDirectory.addUser(userTemplate, passwordCredential));
        userTemplate2.setLocalServiceDeskUser(userTemplate.isLocalServiceDeskUser());
        return addOrUpdateInternalUser(userTemplate2);
    }

    private User addLocalServiceDeskUser(UserTemplate userTemplate, PasswordCredential passwordCredential) throws InvalidUserException, InvalidCredentialException, UserAlreadyExistsException, OperationFailedException {
        validateUsernameForNewLocalUser(userTemplate);
        validateEmailForNewLocalUser(userTemplate);
        UserTemplate userTemplate2 = new UserTemplate(userTemplate);
        userTemplate2.setDirectoryId(getDirectoryId());
        return this.internalDirectory.addUser(userTemplate2, passwordCredential);
    }

    private void validateUsernameForNewLocalUser(UserTemplate userTemplate) throws UserAlreadyExistsException {
        try {
            this.internalDirectory.findUserByName(userTemplate.getName());
            log.debug("User already exists with username: {}", userTemplate.getName());
            throw new UserAlreadyExistsException(getDirectoryId(), userTemplate.getName());
        } catch (UserNotFoundException e) {
        }
    }

    private void validateEmailForNewLocalUser(UserTemplate userTemplate) throws UserAlreadyExistsException {
        Collection findUsersByEmail = this.internalDirectory.findUsersByEmail(userTemplate.getEmailAddress());
        if (findUsersByEmail.isEmpty()) {
            return;
        }
        log.debug("Users already exists with given email {}: {}", userTemplate.getEmailAddress(), findUsersByEmail.stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.joining(", ")));
        throw new UserAlreadyExistsException(getDirectoryId(), userTemplate.getName());
    }

    public User importUser(UserTemplate userTemplate, Map<String, Set<String>> map) throws OperationFailedException {
        return (isLocalServiceDeskUserManagementActive() && userTemplate.isLocalServiceDeskUser()) ? importLocalServiceDeskUser(userTemplate, map) : importRemoteUser(userTemplate, map);
    }

    private User importRemoteUser(UserTemplate userTemplate, Map<String, Set<String>> map) throws OperationFailedException {
        UserTemplate userTemplate2 = new UserTemplate(this.remoteDirectory.importUser(userTemplate, map));
        userTemplate2.setLocalServiceDeskUser(userTemplate.isLocalServiceDeskUser());
        try {
            return addOrUpdateInternalUser(userTemplate2);
        } catch (InvalidUserException e) {
            throw new OperationFailedException(e);
        }
    }

    private User importLocalServiceDeskUser(UserTemplate userTemplate, Map<String, Set<String>> map) throws OperationFailedException {
        try {
            User addLocalServiceDeskUser = addLocalServiceDeskUser(userTemplate, PasswordCredential.NONE);
            this.internalDirectory.storeUserAttributes(addLocalServiceDeskUser.getName(), map);
            return addLocalServiceDeskUser;
        } catch (InvalidCredentialException | InvalidUserException | UserNotFoundException | UserAlreadyExistsException e) {
            throw new OperationFailedException(e);
        }
    }

    public User requestAccess(UserTemplate userTemplate, Set<String> set, Set<String> set2, Optional<String> optional, Optional<String> optional2) throws OperationFailedException {
        try {
            return addOrUpdateInternalUser(this.remoteDirectory.requestAccess(userTemplate, set, set2, optional, optional2));
        } catch (InvalidUserException e) {
            throw new OperationFailedException(e);
        }
    }

    public User activateUser(String str) throws OperationFailedException {
        try {
            return addOrUpdateInternalUser(this.remoteDirectory.activateUser(str));
        } catch (InvalidUserException e) {
            throw new OperationFailedException(e);
        }
    }

    public User deactivateUser(String str) throws OperationFailedException {
        try {
            return addOrUpdateInternalUser(this.remoteDirectory.deactivateUser(str));
        } catch (InvalidUserException e) {
            throw new OperationFailedException(e);
        }
    }

    public User addConnectUser(String str, Set<String> set, boolean z) throws OperationFailedException {
        try {
            User addOrUpdateInternalUser = addOrUpdateInternalUser(this.remoteDirectory.addConnectUser(str, set, z));
            if (z) {
                try {
                    this.internalDirectory.addUserToGroup(addOrUpdateInternalUser.getName(), ATLASSIAN_ADDONS_ADMIN_GROUP);
                } catch (MembershipAlreadyExistsException e) {
                } catch (UserNotFoundException | ReadOnlyGroupException e2) {
                    throw new OperationFailedException(e2);
                } catch (GroupNotFoundException e3) {
                    throw new OperationFailedException("Cannot create connect user with admin permission", e3);
                }
                if (this.remoteDirectory.supportsProductPermissions()) {
                    Iterator<String> it = set.iterator();
                    while (it.hasNext()) {
                        try {
                            this.internalDirectory.addProductPermission(new ImmutableProductPermission(it.next(), ProductPermission.PermissionType.ADMIN, ATLASSIAN_ADDONS_ADMIN_GROUP, false));
                        } catch (GroupNotFoundException e4) {
                            throw new OperationFailedException("Cannot create connect user with admin permission", e4);
                        } catch (ProductPermissionAlreadyExistsException e5) {
                        } catch (ProductNotFoundException e6) {
                            log.warn("Requested connect user with admin permission for unknown product {}", e6.getBillingKey());
                        }
                    }
                }
            }
            return addOrUpdateInternalUser;
        } catch (InvalidUserException e7) {
            throw new OperationFailedException(e7);
        }
    }

    private User addOrUpdateInternalUser(User user) throws InvalidUserException, OperationFailedException {
        try {
            return atlassianAccountAwareUser(this.internalDirectory.addOrUpdate(new UserTemplate(user), PasswordCredential.encrypted(INTERNAL_USER_PASSWORD)));
        } catch (InvalidCredentialException e) {
            throw new OperationFailedException("Unexpected Credential Exception", e);
        }
    }

    public User updateUser(UserTemplate userTemplate) throws InvalidUserException, UserNotFoundException, OperationFailedException {
        if (!isLocalServiceDeskUserManagementActive()) {
            return updateRemoteUser(userTemplate);
        }
        TimestampedUser findUserByName = this.internalDirectory.findUserByName(userTemplate.getName());
        userTemplate.setLocalServiceDeskUser(findUserByName.isLocalServiceDeskUser());
        return userTemplate.isLocalServiceDeskUser() ? updateLocalServiceDeskUser(findUserByName, userTemplate) : updateRemoteUser(userTemplate);
    }

    private User updateRemoteUser(UserTemplate userTemplate) throws InvalidUserException, UserNotFoundException, OperationFailedException {
        UserTemplate userTemplate2 = new UserTemplate(this.remoteDirectory.updateUser(new UserTemplate(userTemplate)));
        userTemplate2.setLocalServiceDeskUser(userTemplate.isLocalServiceDeskUser());
        return atlassianAccountAwareUser(this.internalDirectory.updateUser(userTemplate2));
    }

    private User updateLocalServiceDeskUser(TimestampedUser timestampedUser, UserTemplate userTemplate) throws InvalidUserException, UserNotFoundException, OperationFailedException {
        validateEmailForLocalUserUpdate(timestampedUser, userTemplate);
        return this.internalDirectory.updateUser(userTemplate);
    }

    private void validateEmailForLocalUserUpdate(TimestampedUser timestampedUser, UserTemplate userTemplate) throws InvalidUserException {
        if (StringUtils.equals(timestampedUser.getEmailAddress(), userTemplate.getEmailAddress())) {
            return;
        }
        Collection findUsersByEmail = this.internalDirectory.findUsersByEmail(userTemplate.getEmailAddress());
        if (findUsersByEmail.isEmpty()) {
            return;
        }
        log.debug("Email address {} already in use by ", userTemplate.getEmailAddress(), findUsersByEmail.stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.joining(", ")));
        throw new InvalidUserException(timestampedUser, "New email address already in use");
    }

    public void updateUserCredential(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InvalidCredentialException, OperationFailedException {
        if (isUserManagedLocally(str)) {
            updateLocalServiceDeskUserCredential(str, passwordCredential);
        } else {
            updateRemoteUserCredential(str, passwordCredential);
        }
    }

    private void updateRemoteUserCredential(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InvalidCredentialException, OperationFailedException {
        this.remoteDirectory.updateUserCredential(str, passwordCredential);
    }

    private void updateLocalServiceDeskUserCredential(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InvalidCredentialException, OperationFailedException {
        this.internalDirectory.updateUserCredential(str, passwordCredential);
    }

    public User renameUser(String str, String str2) throws UserNotFoundException, InvalidUserException, OperationFailedException, UserAlreadyExistsException {
        return isUserManagedLocally(str) ? renameLocalServiceDeskUser(str, str2) : renameRemoteUser(str, str2);
    }

    private User renameRemoteUser(String str, String str2) throws UserNotFoundException, InvalidUserException, OperationFailedException, UserAlreadyExistsException {
        this.remoteDirectory.renameUser(str, str2);
        return atlassianAccountAwareUser(this.internalDirectory.renameUser(str, str2));
    }

    private User renameLocalServiceDeskUser(String str, String str2) throws UserNotFoundException, InvalidUserException, OperationFailedException, UserAlreadyExistsException {
        return this.internalDirectory.renameUser(str, str2);
    }

    public void storeUserAttributes(String str, Map<String, Set<String>> map) throws UserNotFoundException, OperationFailedException {
        this.internalDirectory.storeUserAttributes(str, map);
    }

    public void removeUserAttributes(String str, String str2) throws UserNotFoundException, OperationFailedException {
        this.internalDirectory.removeUserAttributes(str, str2);
    }

    public void removeUser(String str) throws UserNotFoundException, OperationFailedException {
        if (isUserManagedLocally(str)) {
            removeLocalServiceDeskUser(str);
        } else {
            removeRemoteUser(str);
        }
    }

    private void removeRemoteUser(String str) throws UserNotFoundException, OperationFailedException {
        try {
            this.remoteDirectory.removeUser(str);
            this.internalDirectory.removeUser(str);
        } catch (UserNotFoundException e) {
            this.internalDirectory.removeUser(str);
            throw e;
        }
    }

    private void removeLocalServiceDeskUser(String str) throws UserNotFoundException, OperationFailedException {
        this.internalDirectory.removeUser(str);
    }

    public <T> List<T> searchUsers(EntityQuery<T> entityQuery) throws OperationFailedException {
        return addAccountIdToUsers(this.internalDirectory.searchUsers(entityQuery));
    }

    public Group findGroupByName(String str) throws GroupNotFoundException, OperationFailedException {
        return this.internalDirectory.findGroupByName(str);
    }

    public GroupWithAttributes findGroupWithAttributesByName(String str) throws GroupNotFoundException, OperationFailedException {
        return this.internalDirectory.findGroupWithAttributesByName(str);
    }

    public Group addGroup(GroupTemplate groupTemplate) throws InvalidGroupException, OperationFailedException {
        if (this.localGroupHandler.isLocalGroupsEnabled()) {
            if (isRemoteGroup(groupTemplate.getName())) {
                throw new InvalidGroupException(groupTemplate, "Group already exists in the Remote Directory");
            }
            try {
                return this.localGroupHandler.createLocalGroup(makeGroupTemplate(groupTemplate));
            } catch (DirectoryNotFoundException e) {
                throw new OperationFailedException(e);
            }
        }
        try {
            GroupTemplate groupTemplate2 = new GroupTemplate(this.remoteDirectory.addGroup(groupTemplate));
            try {
                return this.internalDirectory.addGroup(groupTemplate2);
            } catch (InvalidGroupException e2) {
                try {
                    return this.internalDirectory.updateGroup(groupTemplate2);
                } catch (GroupNotFoundException e3) {
                    throw new OperationFailedException(e2);
                } catch (ReadOnlyGroupException e4) {
                    throw new OperationFailedException(e2);
                }
            }
        } catch (InvalidGroupException e5) {
            try {
                this.internalDirectory.addGroup(new GroupTemplate(this.remoteDirectory.findGroupByName(groupTemplate.getName())));
                throw e5;
            } catch (GroupNotFoundException e6) {
                throw e5;
            }
        }
    }

    public Group updateGroup(GroupTemplate groupTemplate) throws InvalidGroupException, GroupNotFoundException, OperationFailedException, ReadOnlyGroupException {
        if (!this.localGroupHandler.isLocalGroupsEnabled()) {
            return this.internalDirectory.updateGroup(new GroupTemplate(this.remoteDirectory.updateGroup(groupTemplate)));
        }
        if (isRemoteGroup(groupTemplate.getName())) {
            throw new ReadOnlyGroupException(groupTemplate.getName());
        }
        return this.localGroupHandler.updateLocalGroup(makeGroupTemplate(groupTemplate));
    }

    public Group renameGroup(String str, String str2) throws GroupNotFoundException, InvalidGroupException {
        throw new UnsupportedOperationException("Renaming groups is not supported");
    }

    public void storeGroupAttributes(String str, Map<String, Set<String>> map) throws GroupNotFoundException, OperationFailedException {
        this.internalDirectory.storeGroupAttributes(str, map);
    }

    public void removeGroupAttributes(String str, String str2) throws GroupNotFoundException, OperationFailedException {
        this.internalDirectory.removeGroupAttributes(str, str2);
    }

    public void removeGroup(String str) throws GroupNotFoundException, OperationFailedException, ReadOnlyGroupException {
        if (this.localGroupHandler.isLocalGroupsEnabled()) {
            if (isRemoteGroup(str)) {
                throw new ReadOnlyGroupException(str);
            }
            this.internalDirectory.removeGroup(str);
        } else {
            try {
                this.remoteDirectory.removeGroup(str);
                this.internalDirectory.removeGroup(str);
            } catch (GroupNotFoundException e) {
                this.internalDirectory.removeGroup(str);
                throw e;
            }
        }
    }

    private boolean isRemoteGroup(String str) throws OperationFailedException {
        try {
            this.remoteDirectory.findGroupByName(str);
            return true;
        } catch (GroupNotFoundException e) {
            return false;
        }
    }

    public <T> List<T> searchGroups(EntityQuery<T> entityQuery) throws OperationFailedException {
        return this.internalDirectory.searchGroups(entityQuery);
    }

    public boolean isUserDirectGroupMember(String str, String str2) throws OperationFailedException {
        return this.internalDirectory.isUserDirectGroupMember(str, str2);
    }

    public boolean isGroupDirectGroupMember(String str, String str2) throws OperationFailedException {
        return this.internalDirectory.isGroupDirectGroupMember(str, str2);
    }

    public BoundedCount countDirectMembersOfGroup(String str, int i) throws OperationFailedException {
        return this.internalDirectory.countDirectMembersOfGroup(str, i);
    }

    public void addUserToGroup(String str, String str2) throws GroupNotFoundException, UserNotFoundException, OperationFailedException, ReadOnlyGroupException, MembershipAlreadyExistsException {
        if (isUserManagedLocally(str)) {
            throw new IllegalArgumentException("Local service desk users cannot be added to groups.");
        }
        if (this.localGroupHandler.isLocalGroupsEnabled()) {
            if (isRemoteGroup(str2)) {
                throw new ReadOnlyGroupException(str2);
            }
            this.localGroupHandler.addUserToLocalGroup(str, str2);
        } else {
            try {
                this.remoteDirectory.addUserToGroup(str, str2);
                addUserToGroupInternal(str, str2);
            } catch (MembershipAlreadyExistsException e) {
                addUserToGroupInternal(str, str2);
                throw e;
            }
        }
    }

    private void addUserToGroupInternal(String str, String str2) throws GroupNotFoundException, UserNotFoundException, ReadOnlyGroupException, OperationFailedException {
        try {
            this.internalDirectory.addUserToGroup(str, str2);
        } catch (MembershipAlreadyExistsException e) {
            log.debug("User (" + str + ") is already a member of group (" + str2 + ").");
        }
    }

    public void addGroupToGroup(String str, String str2) throws GroupNotFoundException, InvalidMembershipException, OperationFailedException, ReadOnlyGroupException, MembershipAlreadyExistsException {
        if (this.localGroupHandler.isLocalGroupsEnabled()) {
            if (isRemoteGroup(str2)) {
                throw new ReadOnlyGroupException(str2);
            }
            addGroupToGroupInternal(str, str2);
        } else {
            try {
                this.remoteDirectory.addGroupToGroup(str, str2);
                addGroupToGroupInternal(str, str2);
            } catch (MembershipAlreadyExistsException e) {
                addGroupToGroupInternal(str, str2);
                throw e;
            }
        }
    }

    private void addGroupToGroupInternal(String str, String str2) throws GroupNotFoundException, InvalidMembershipException, ReadOnlyGroupException, OperationFailedException {
        try {
            this.internalDirectory.addGroupToGroup(str, str2);
        } catch (MembershipAlreadyExistsException e) {
            log.debug("Group (" + str + ") is already a member of group (" + str2 + ").");
        }
    }

    public void removeUserFromGroup(String str, String str2) throws GroupNotFoundException, UserNotFoundException, MembershipNotFoundException, OperationFailedException, ReadOnlyGroupException {
        if (this.localGroupHandler.isLocalGroupsEnabled()) {
            if (isRemoteGroup(str2)) {
                throw new ReadOnlyGroupException(str2);
            }
            this.localGroupHandler.removeUserFromLocalGroup(str, str2);
            return;
        }
        try {
            this.remoteDirectory.removeUserFromGroup(str, str2);
            this.internalDirectory.removeUserFromGroup(str, str2);
        } catch (MembershipNotFoundException e) {
            silentlyRemoveUserFromGroupInTheCache(str, str2);
            throw e;
        } catch (GroupNotFoundException e2) {
            silentlyRemoveUserFromGroupInTheCache(str, str2);
            throw e2;
        } catch (UserNotFoundException e3) {
            silentlyRemoveUserFromGroupInTheCache(str, str2);
            throw e3;
        }
    }

    private void silentlyRemoveUserFromGroupInTheCache(String str, String str2) {
        try {
            this.internalDirectory.removeUserFromGroup(str, str2);
        } catch (ObjectNotFoundException e) {
            log.debug("Ignoring exception when removing user from group in cache", e);
        } catch (OperationFailedException e2) {
            log.debug("Ignoring exception when removing user from group in cache", e2);
        } catch (ReadOnlyGroupException e3) {
            log.debug("Ignoring exception when removing user from group in cache", e3);
        }
    }

    public void removeGroupFromGroup(String str, String str2) throws GroupNotFoundException, InvalidMembershipException, MembershipNotFoundException, OperationFailedException, ReadOnlyGroupException {
        if (this.localGroupHandler.isLocalGroupsEnabled()) {
            if (isRemoteGroup(str2)) {
                throw new ReadOnlyGroupException(str2);
            }
            this.internalDirectory.removeGroupFromGroup(str, str2);
            return;
        }
        try {
            this.remoteDirectory.removeGroupFromGroup(str, str2);
            this.internalDirectory.removeGroupFromGroup(str, str2);
        } catch (MembershipNotFoundException e) {
            silentlyRemoveGroupFromGroupInTheCache(str, str2);
            throw e;
        } catch (GroupNotFoundException e2) {
            silentlyRemoveGroupFromGroupInTheCache(str, str2);
            throw e2;
        }
    }

    private void silentlyRemoveGroupFromGroupInTheCache(String str, String str2) {
        try {
            this.internalDirectory.removeGroupFromGroup(str, str2);
        } catch (InvalidMembershipException e) {
            log.debug("Ignoring exception when removing group from group in cache", e);
        } catch (OperationFailedException e2) {
            log.debug("Ignoring exception when removing group from group in cache", e2);
        } catch (ReadOnlyGroupException e3) {
            log.debug("Ignoring exception when removing group from group in cache", e3);
        } catch (ObjectNotFoundException e4) {
            log.debug("Ignoring exception when removing group from group in cache", e4);
        }
    }

    public <T> List<T> searchGroupRelationships(MembershipQuery<T> membershipQuery) throws OperationFailedException {
        return addAccountIdToUsers(this.internalDirectory.searchGroupRelationships(membershipQuery));
    }

    private <T> List<T> addAccountIdToUsers(List<T> list) {
        return (List) list.stream().map(this::addAccountIdIfUser).collect(Collectors.toList());
    }

    private <T> T addAccountIdIfUser(T t) {
        return t instanceof User ? (T) atlassianAccountAwareUser((User) t) : t;
    }

    public void testConnection() throws OperationFailedException {
        this.remoteDirectory.testConnection();
    }

    public boolean supportsNestedGroups() {
        return this.remoteDirectory.supportsNestedGroups();
    }

    public boolean supportsPasswordExpiration() {
        return this.remoteDirectory.supportsPasswordExpiration();
    }

    public boolean supportsSettingEncryptedCredential() {
        return this.remoteDirectory.supportsSettingEncryptedCredential();
    }

    public boolean isRolesDisabled() {
        return true;
    }

    public Set<String> getValues(String str) {
        return this.remoteDirectory.getValues(str);
    }

    public String getValue(String str) {
        return this.remoteDirectory.getValue(str);
    }

    public boolean isEmpty() {
        return this.remoteDirectory.isEmpty();
    }

    public Set<String> getKeys() {
        return this.remoteDirectory.getKeys();
    }

    public void synchroniseCache(SynchronisationMode synchronisationMode) throws OperationFailedException {
        long directoryId = getDirectoryId();
        SynchronisationMode synchronisationMode2 = null;
        TimedOperation timedOperation = new TimedOperation();
        try {
            log.info("Starting {} synchronisation for directory [ {} ] with description [ {} ]", new Object[]{synchronisationMode, Long.valueOf(directoryId), this.remoteDirectory.getDescriptiveName()});
            if (synchronisationMode == SynchronisationMode.INCREMENTAL) {
                log.warn("{} synchronisation for directory [ {} ] is not support in Cloud, falling back to a full synchronisation", synchronisationMode, Long.valueOf(directoryId));
            }
            doFullCacheSynchronisation();
            synchronisationMode2 = SynchronisationMode.FULL;
            String str = " synchronisation for directory [ " + directoryId + " ] with description [ " + this.remoteDirectory.getDescriptiveName() + " ]";
            if (synchronisationMode2 != null) {
                log.info(timedOperation.complete("Successful " + synchronisationMode2 + str));
            } else {
                log.info(timedOperation.complete("Failed " + str));
            }
        } catch (Throwable th) {
            String str2 = " synchronisation for directory [ " + directoryId + " ] with description [ " + this.remoteDirectory.getDescriptiveName() + " ]";
            if (synchronisationMode2 != null) {
                log.info(timedOperation.complete("Successful " + synchronisationMode2 + str2));
            } else {
                log.info(timedOperation.complete("Failed " + str2));
            }
            throw th;
        }
    }

    private void doFullCacheSynchronisation() throws OperationFailedException {
        if (isLocalServiceDeskUserManagementActive()) {
            synchroniseWithDirectoryCacheRefreshMode(DirectoryCacheRefreshMode.EXCLUDE_LOCAL_USERS);
            return;
        }
        if (this.localServiceDeskUserFeatureControl.isLocalInHordeFlagSyncActive()) {
            synchroniseWithDirectoryCacheRefreshMode(DirectoryCacheRefreshMode.SYNCHRONISE_LOCAL_USER_FLAG);
            activateLocalUserManagementModeIfRequested();
        } else if (this.localServiceDeskUserFeatureControl.isLocalInHordeFlagSyncActivationRequested()) {
            activateLocalInHordeFlagSync();
        } else if (this.localServiceDeskUserFeatureControl.isSynchroniseLocalInHordeFlagFeatureFlagEnabled()) {
            synchroniseWithDirectoryCacheRefreshMode(DirectoryCacheRefreshMode.SYNCHRONISE_LOCAL_USER_FLAG);
        } else {
            synchroniseWithDirectoryCacheRefreshMode(DirectoryCacheRefreshMode.NO_LOCAL_USER_SUPPORT);
        }
    }

    private User atlassianAccountAwareUser(User user) {
        return this.remoteDirectory instanceof IdentityPlatformRemoteDirectory ? new IdentityPlatformUser(user) : new LegacyHordeUser(user);
    }

    private UserWithAttributes atlassianAccountAwareUser(UserWithAttributes userWithAttributes) {
        return this.remoteDirectory instanceof IdentityPlatformRemoteDirectory ? new IdentityPlatformUser(userWithAttributes) : new LegacyHordeUser(userWithAttributes);
    }

    private void activateLocalUserManagementModeIfRequested() {
        if (this.localServiceDeskUserFeatureControl.isLocalServiceDeskUserManagementActivationRequested()) {
            log.info("Activating local user management mode at " + new Date());
            this.localServiceDeskUserFeatureControl.activateLocalServiceDeskUserManagement();
        }
    }

    private void activateLocalInHordeFlagSync() throws OperationFailedException {
        log.info("Activating local in horde flag synchronisation...");
        synchroniseWithDirectoryCacheRefreshMode(DirectoryCacheRefreshMode.SYNCHRONISE_LOCAL_USER_FLAG);
        this.localServiceDeskUserFeatureControl.registerLocalInHordeFlagSyncActivated();
        log.info("Local in horde flag synchronisation activated");
    }

    private void synchroniseWithDirectoryCacheRefreshMode(DirectoryCacheRefreshMode directoryCacheRefreshMode) throws OperationFailedException {
        if (directoryCacheRefreshMode != DirectoryCacheRefreshMode.NO_LOCAL_USER_SUPPORT) {
            log.info("Synchronising remote directory of type " + this.remoteDirectory.getClass().getSimpleName() + " using cache refresh mode " + directoryCacheRefreshMode.name());
        }
        this.cacheRefresher.synchroniseAll(this.directoryCacheFactory.createDirectoryCache(this.remoteDirectory, this.internalDirectory, directoryCacheRefreshMode));
    }

    private boolean isLocalServiceDeskUserManagementActive() {
        return this.localServiceDeskUserFeatureControl.isLocalServiceDeskUserManagementActive();
    }

    private boolean isHordePasswordCopyingAuthenticationEnabled() {
        return this.localServiceDeskUserFeatureControl.isHordePasswordCopyingAuthenticationEnabled();
    }

    private boolean isUserManagedLocally(String str) throws UserNotFoundException {
        if (isLocalServiceDeskUserManagementActive()) {
            return this.internalDirectory.findUserByName(str).isLocalServiceDeskUser();
        }
        return false;
    }

    public RemoteDirectory getAuthoritativeDirectory() {
        return this.remoteDirectory;
    }

    public void expireAllPasswords() throws OperationFailedException {
        this.remoteDirectory.expireAllPasswords();
    }

    public boolean supportsProductPermissions() {
        return this.internalDirectory.supportsProductPermissions();
    }

    public Set<? extends ProductPermission> getProductPermissions() throws OperationFailedException {
        return this.internalDirectory.getProductPermissions();
    }

    private static GroupTemplate makeGroupTemplate(Group group) {
        GroupTemplate groupTemplate = new GroupTemplate(group);
        groupTemplate.setDescription(group.getDescription());
        return groupTemplate;
    }

    public void removeCachedExternalIds() {
        this.internalDirectory.removeCachedExternalIds();
    }
}
