package com.atlassian.crowd.directory;

import com.atlassian.crowd.directory.hybrid.LocalGroupHandler;
import com.atlassian.crowd.directory.ldap.cache.CacheRefresher;
import com.atlassian.crowd.directory.ldap.cache.DirectoryCache;
import com.atlassian.crowd.directory.ldap.cache.DirectoryCacheFactory;
import com.atlassian.crowd.directory.ldap.cache.EventTokenChangedCacheRefresher;
import com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher;
import com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.InvalidGroupException;
import com.atlassian.crowd.exception.InvalidMembershipException;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.MembershipNotFoundException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.ReadOnlyGroupException;
import com.atlassian.crowd.exception.UserAlreadyExistsException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.manager.directory.SynchronisationMode;
import com.atlassian.crowd.manager.directory.SynchronisationStatusManager;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupTemplate;
import com.atlassian.crowd.model.group.GroupWithAttributes;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.crowd.model.user.UserWithAttributes;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.search.query.entity.EntityQuery;
import com.atlassian.crowd.search.query.membership.MembershipQuery;
import java.io.Serializable;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang.math.NumberUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/crowd/directory/DbCachingRemoteDirectory.class */
public class DbCachingRemoteDirectory implements RemoteDirectory, SynchronisableDirectory {
    private static final Logger log = Logger.getLogger(DbCachingRemoteDirectory.class);
    public static final String INTERNAL_USER_PASSWORD = "nopass";
    private final RemoteDirectory remoteDirectory;
    private final LocalGroupHandler localGroupHandler;
    private final InternalRemoteDirectory internalDirectory;
    private final DirectoryCacheFactory directoryCacheFactory;
    private final CacheRefresher cacheRefresher;

    public DbCachingRemoteDirectory(RemoteDirectory remoteDirectory, InternalRemoteDirectory internalRemoteDirectory, DirectoryCacheFactory directoryCacheFactory) {
        this.localGroupHandler = new LocalGroupHandler(internalRemoteDirectory);
        this.remoteDirectory = remoteDirectory;
        this.internalDirectory = internalRemoteDirectory;
        this.directoryCacheFactory = directoryCacheFactory;
        if (remoteDirectory instanceof MicrosoftActiveDirectory) {
            this.cacheRefresher = new UsnChangedCacheRefresher((MicrosoftActiveDirectory) remoteDirectory);
        } else if (remoteDirectory instanceof RemoteCrowdDirectory) {
            this.cacheRefresher = new EventTokenChangedCacheRefresher((RemoteCrowdDirectory) remoteDirectory);
        } else {
            this.cacheRefresher = new RemoteDirectoryCacheRefresher(remoteDirectory);
        }
        log.debug("DBCached directory created for directory [ " + remoteDirectory.getDirectoryId() + " ]");
    }

    public long getDirectoryId() {
        return this.remoteDirectory.getDirectoryId();
    }

    public void setDirectoryId(long j) {
        throw new UnsupportedOperationException("You cannot mutate the directoryID of " + getClass().getName());
    }

    public String getDescriptiveName() {
        return this.remoteDirectory.getDescriptiveName();
    }

    public void setAttributes(Map<String, String> map) {
        throw new UnsupportedOperationException("You cannot mutate the attributes of " + getClass().getName());
    }

    public User findUserByName(String str) throws UserNotFoundException, OperationFailedException {
        return this.internalDirectory.findUserByName(str);
    }

    public UserWithAttributes findUserWithAttributesByName(String str) throws UserNotFoundException, OperationFailedException {
        return this.internalDirectory.findUserWithAttributesByName(str);
    }

    public User authenticate(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        return this.remoteDirectory instanceof RemoteCrowdDirectory ? authenticateAndEnsureInternalUserExists(str, passwordCredential) : performAuthenticationAndUpdateAttributes(str, passwordCredential);
    }

    private User performAuthenticationAndUpdateAttributes(String str, PasswordCredential passwordCredential) throws UserNotFoundException, ExpiredCredentialException, InactiveAccountException, OperationFailedException, InvalidAuthenticationException {
        HashMap hashMap = new HashMap();
        try {
            User authenticateAndEnsureInternalUserExists = authenticateAndEnsureInternalUserExists(str, passwordCredential);
            if (!this.remoteDirectory.supportsInactiveAccounts() && !this.internalDirectory.findUserByName(str).isActive()) {
                throw new InactiveAccountException(str);
            }
            hashMap.put("invalidPasswordAttempts", Collections.singleton(Long.toString(0L)));
            hashMap.put("lastAuthenticated", Collections.singleton(Long.toString(System.currentTimeMillis())));
            storeUserAttributes(str, hashMap);
            return authenticateAndEnsureInternalUserExists;
        } catch (InvalidAuthenticationException e) {
            hashMap.put("invalidPasswordAttempts", Collections.singleton(Long.toString(NumberUtils.toLong(findUserWithAttributesByName(str).getValue("invalidPasswordAttempts"), 0L) + 1)));
            storeUserAttributes(str, hashMap);
            throw e;
        }
    }

    private User authenticateAndEnsureInternalUserExists(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        User authenticate = this.remoteDirectory.authenticate(str, passwordCredential);
        try {
            this.internalDirectory.findUserByName(authenticate.getName());
        } catch (UserNotFoundException e) {
            try {
                addInternalUser(authenticate);
                Iterator it = this.remoteDirectory.searchGroupRelationships(QueryBuilder.queryFor(String.class, EntityDescriptor.group()).parentsOf(EntityDescriptor.user()).withName(authenticate.getName()).returningAtMost(-1)).iterator();
                while (it.hasNext()) {
                    try {
                        this.internalDirectory.addUserToGroup(authenticate.getName(), (String) it.next());
                    } catch (GroupNotFoundException e2) {
                    } catch (ReadOnlyGroupException e3) {
                        throw new RuntimeException("Internal directory should never throw ReadOnlyGroupException", e3);
                    }
                }
            } catch (InvalidUserException e4) {
                throw new OperationFailedException(e4);
            } catch (UserAlreadyExistsException e5) {
            } catch (InvalidCredentialException e6) {
                throw new OperationFailedException(e6);
            }
        }
        return authenticate;
    }

    public User addUser(UserTemplate userTemplate, PasswordCredential passwordCredential) throws InvalidUserException, InvalidCredentialException, UserAlreadyExistsException, OperationFailedException {
        return addInternalUser(this.remoteDirectory.addUser(userTemplate, passwordCredential));
    }

    private User addInternalUser(User user) throws InvalidUserException, InvalidCredentialException, UserAlreadyExistsException, OperationFailedException {
        return this.internalDirectory.addUser(new UserTemplate(user), PasswordCredential.encrypted(INTERNAL_USER_PASSWORD));
    }

    public User updateUser(UserTemplate userTemplate) throws InvalidUserException, UserNotFoundException, OperationFailedException {
        UserTemplate userTemplate2 = new UserTemplate(this.remoteDirectory.updateUser(userTemplate));
        if (!this.remoteDirectory.supportsInactiveAccounts()) {
            userTemplate2.setActive(userTemplate.isActive());
        }
        return this.internalDirectory.updateUser(userTemplate2);
    }

    public void updateUserCredential(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InvalidCredentialException, OperationFailedException {
        this.remoteDirectory.updateUserCredential(str, passwordCredential);
    }

    public User renameUser(String str, String str2) throws UserNotFoundException, InvalidUserException {
        throw new UnsupportedOperationException("Renaming users is not supported");
    }

    public void storeUserAttributes(String str, Map<String, Set<String>> map) throws UserNotFoundException, OperationFailedException {
        this.internalDirectory.storeUserAttributes(str, map);
    }

    public void removeUserAttributes(String str, String str2) throws UserNotFoundException, OperationFailedException {
        this.internalDirectory.removeUserAttributes(str, str2);
    }

    public void removeUser(String str) throws UserNotFoundException, OperationFailedException {
        try {
            this.remoteDirectory.removeUser(str);
            this.internalDirectory.removeUser(str);
        } catch (UserNotFoundException e) {
            this.internalDirectory.removeUser(str);
            throw e;
        }
    }

    public <T> List<T> searchUsers(EntityQuery<T> entityQuery) throws OperationFailedException {
        return this.internalDirectory.searchUsers(entityQuery);
    }

    public Group findGroupByName(String str) throws GroupNotFoundException, OperationFailedException {
        return this.internalDirectory.findGroupByName(str);
    }

    public GroupWithAttributes findGroupWithAttributesByName(String str) throws GroupNotFoundException, OperationFailedException {
        return this.internalDirectory.findGroupWithAttributesByName(str);
    }

    public Group addGroup(GroupTemplate groupTemplate) throws InvalidGroupException, OperationFailedException {
        if (!this.localGroupHandler.isLocalGroupsEnabled()) {
            return this.internalDirectory.addGroup(new GroupTemplate(this.remoteDirectory.addGroup(groupTemplate)));
        }
        if (isRemoteGroup(groupTemplate.getName())) {
            throw new InvalidGroupException(groupTemplate, "Group already exists in the Remote Directory");
        }
        try {
            return this.localGroupHandler.createLocalGroup(makeGroupTemplate(groupTemplate));
        } catch (DirectoryNotFoundException e) {
            throw new OperationFailedException(e);
        }
    }

    public Group updateGroup(GroupTemplate groupTemplate) throws InvalidGroupException, GroupNotFoundException, OperationFailedException, ReadOnlyGroupException {
        if (!this.localGroupHandler.isLocalGroupsEnabled()) {
            return this.internalDirectory.updateGroup(new GroupTemplate(this.remoteDirectory.updateGroup(groupTemplate)));
        }
        if (isRemoteGroup(groupTemplate.getName())) {
            throw new ReadOnlyGroupException(groupTemplate.getName());
        }
        return this.localGroupHandler.updateLocalGroup(makeGroupTemplate(groupTemplate));
    }

    public Group renameGroup(String str, String str2) throws GroupNotFoundException, InvalidGroupException {
        throw new UnsupportedOperationException("Renaming groups is not supported");
    }

    public void storeGroupAttributes(String str, Map<String, Set<String>> map) throws GroupNotFoundException, OperationFailedException {
        this.internalDirectory.storeGroupAttributes(str, map);
    }

    public void removeGroupAttributes(String str, String str2) throws GroupNotFoundException, OperationFailedException {
        this.internalDirectory.removeGroupAttributes(str, str2);
    }

    public void removeGroup(String str) throws GroupNotFoundException, OperationFailedException, ReadOnlyGroupException {
        if (this.localGroupHandler.isLocalGroupsEnabled()) {
            if (isRemoteGroup(str)) {
                throw new ReadOnlyGroupException(str);
            }
            this.internalDirectory.removeGroup(str);
        } else {
            try {
                this.remoteDirectory.removeGroup(str);
                this.internalDirectory.removeGroup(str);
            } catch (GroupNotFoundException e) {
                this.internalDirectory.removeGroup(str);
                throw e;
            }
        }
    }

    private boolean isRemoteGroup(String str) throws OperationFailedException {
        try {
            this.remoteDirectory.findGroupByName(str);
            return true;
        } catch (GroupNotFoundException e) {
            return false;
        }
    }

    public <T> List<T> searchGroups(EntityQuery<T> entityQuery) throws OperationFailedException {
        return this.internalDirectory.searchGroups(entityQuery);
    }

    public boolean isUserDirectGroupMember(String str, String str2) throws OperationFailedException {
        return this.internalDirectory.isUserDirectGroupMember(str, str2);
    }

    public boolean isGroupDirectGroupMember(String str, String str2) throws OperationFailedException {
        return this.internalDirectory.isGroupDirectGroupMember(str, str2);
    }

    public void addUserToGroup(String str, String str2) throws GroupNotFoundException, UserNotFoundException, OperationFailedException, ReadOnlyGroupException {
        if (!this.localGroupHandler.isLocalGroupsEnabled()) {
            this.remoteDirectory.addUserToGroup(str, str2);
            this.internalDirectory.addUserToGroup(str, str2);
        } else {
            if (isRemoteGroup(str2)) {
                throw new ReadOnlyGroupException(str2);
            }
            this.localGroupHandler.addUserToLocalGroup(str, str2);
        }
    }

    public void addGroupToGroup(String str, String str2) throws GroupNotFoundException, InvalidMembershipException, OperationFailedException, ReadOnlyGroupException {
        if (!this.localGroupHandler.isLocalGroupsEnabled()) {
            this.remoteDirectory.addGroupToGroup(str, str2);
            this.internalDirectory.addGroupToGroup(str, str2);
        } else {
            if (isRemoteGroup(str2)) {
                throw new ReadOnlyGroupException(str2);
            }
            if (isRemoteGroup(str)) {
                throw new ReadOnlyGroupException(str);
            }
            this.localGroupHandler.addLocalGroupToLocalGroup(str, str2);
        }
    }

    public void removeUserFromGroup(String str, String str2) throws GroupNotFoundException, UserNotFoundException, MembershipNotFoundException, OperationFailedException, ReadOnlyGroupException {
        if (!this.localGroupHandler.isLocalGroupsEnabled()) {
            this.remoteDirectory.removeUserFromGroup(str, str2);
            this.internalDirectory.removeUserFromGroup(str, str2);
        } else {
            if (isRemoteGroup(str2)) {
                throw new ReadOnlyGroupException(str2);
            }
            this.localGroupHandler.removeUserFromLocalGroup(str, str2);
        }
    }

    public void removeGroupFromGroup(String str, String str2) throws GroupNotFoundException, InvalidMembershipException, MembershipNotFoundException, OperationFailedException, ReadOnlyGroupException {
        if (!this.localGroupHandler.isLocalGroupsEnabled()) {
            this.remoteDirectory.removeGroupFromGroup(str, str2);
            this.internalDirectory.removeGroupFromGroup(str, str2);
        } else {
            if (isRemoteGroup(str2)) {
                throw new ReadOnlyGroupException(str2);
            }
            if (isRemoteGroup(str)) {
                throw new ReadOnlyGroupException(str);
            }
            this.localGroupHandler.removeLocalGroupFromLocalGroup(str, str2);
        }
    }

    public <T> List<T> searchGroupRelationships(MembershipQuery<T> membershipQuery) throws OperationFailedException {
        return this.internalDirectory.searchGroupRelationships(membershipQuery);
    }

    public void testConnection() throws OperationFailedException {
        this.remoteDirectory.testConnection();
    }

    public boolean supportsInactiveAccounts() {
        return this.internalDirectory.supportsInactiveAccounts();
    }

    public boolean supportsNestedGroups() {
        return this.remoteDirectory.supportsNestedGroups();
    }

    public boolean isRolesDisabled() {
        return this.remoteDirectory.isRolesDisabled();
    }

    public Set<String> getValues(String str) {
        return this.remoteDirectory.getValues(str);
    }

    public String getValue(String str) {
        return this.remoteDirectory.getValue(str);
    }

    public boolean isEmpty() {
        return this.remoteDirectory.isEmpty();
    }

    public Set<String> getKeys() {
        return this.remoteDirectory.getKeys();
    }

    public void synchroniseCache(SynchronisationMode synchronisationMode, SynchronisationStatusManager synchronisationStatusManager) throws OperationFailedException {
        TimerStack.push();
        try {
            log.info("synchronisation for directory [ " + getDirectoryId() + " ] starting");
            DirectoryCache createDirectoryCache = this.directoryCacheFactory.createDirectoryCache(this.remoteDirectory, this.internalDirectory);
            if (synchronisationMode == SynchronisationMode.INCREMENTAL) {
                synchronisationStatusManager.syncStatus(getDirectoryId(), "directory.caching.sync.incremental", new Serializable[0]);
                if (this.cacheRefresher.synchroniseChanges(createDirectoryCache)) {
                    log.info(TimerStack.pop("delta synchronisation complete in [ {0} ]"));
                    return;
                }
            }
            synchronisationStatusManager.syncStatus(getDirectoryId(), "directory.caching.sync.full", new Serializable[0]);
            this.cacheRefresher.synchroniseAll(createDirectoryCache);
            log.info(TimerStack.pop("full synchronisation complete in [ {0} ]"));
        } catch (Throwable th) {
            log.info(TimerStack.pop("delta synchronisation complete in [ {0} ]"));
            throw th;
        }
    }

    private GroupTemplate makeGroupTemplate(Group group) {
        GroupTemplate groupTemplate = new GroupTemplate(group);
        groupTemplate.setDescription(group.getDescription());
        return groupTemplate;
    }
}
