package com.atlassian.labs.crowd.directory.pruning.jobs;

import com.atlassian.beehive.ClusterLock;
import com.atlassian.beehive.ClusterLockService;
import com.atlassian.crowd.directory.RemoteDirectory;
import com.atlassian.crowd.directory.loader.DirectoryInstanceLoader;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.labs.crowd.directory.pruning.event.PruningJobRunEvent;
import com.atlassian.labs.crowd.directory.pruning.util.DirectoryAttributes;
import com.atlassian.labs.crowd.directory.pruning.util.NullExternalIdPruningConfiguration;
import com.atlassian.labs.crowd.directory.pruning.util.PluginData;
import com.atlassian.labs.crowd.directory.pruning.util.Queries;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.atlassian.sal.api.transaction.TransactionTemplate;
import com.atlassian.scheduler.JobRunner;
import com.atlassian.scheduler.JobRunnerRequest;
import com.atlassian.scheduler.JobRunnerResponse;
import com.atlassian.scheduler.SchedulerService;
import com.atlassian.scheduler.SchedulerServiceException;
import com.atlassian.scheduler.config.JobConfig;
import com.atlassian.scheduler.config.JobId;
import com.atlassian.scheduler.config.JobRunnerKey;
import com.atlassian.scheduler.config.RunMode;
import com.atlassian.scheduler.config.Schedule;
import com.google.common.base.Strings;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import javax.inject.Inject;
import javax.inject.Named;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:com/atlassian/labs/crowd/directory/pruning/jobs/DelegatedDirectoryPruningJob.class */
public class DelegatedDirectoryPruningJob implements JobRunner {
    private static final String PRUNING_JOB_ID = "delegatedDirCleanupJob";
    private final SchedulerService schedulerService;
    private final DirectoryManager directoryManager;
    private final DirectoryInstanceLoader directoryInstanceLoader;
    private final TransactionTemplate transactionTemplate;
    private final ClusterLockService clusterLockService;
    private final EventPublisher eventPublisher;
    private final PruningJobStatusService pruningJobStatusService;
    private final int batchSize;
    public static final JobRunnerKey PRUNING_JOBRUNNER_KEY = JobRunnerKey.of(DelegatedDirectoryPruningJob.class.getCanonicalName());
    private static final Logger log = LoggerFactory.getLogger(DelegatedDirectoryPruningJob.class);
    private static final String COLLECTION_SCHEDULE = System.getProperty("atlassian.delegated.dir.pruning.schedule", "0 0 3 * * ?");
    static final String LOCK_PREFIX = Directory.class.getName() + PluginData.SEPARATOR;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/labs/crowd/directory/pruning/jobs/DelegatedDirectoryPruningJob$PruningResults.class */
    public static class PruningResults {
        private long usersDeactivated;
        private boolean error;
        private long usersDeleted;

        PruningResults() {
        }

        public void incrementDeactivatedUsers() {
            this.usersDeactivated++;
        }

        public void incrementDeletedUsers() {
            this.usersDeleted++;
        }

        public long getUsersDeactivated() {
            return this.usersDeactivated;
        }

        public long getUsersDeleted() {
            return this.usersDeleted;
        }

        public boolean isError() {
            return this.error;
        }

        public void setError(boolean z) {
            this.error = z;
        }
    }

    @Inject
    public DelegatedDirectoryPruningJob(@ComponentImport SchedulerService schedulerService, @ComponentImport DirectoryManager directoryManager, @ComponentImport DirectoryInstanceLoader directoryInstanceLoader, @ComponentImport TransactionTemplate transactionTemplate, @ComponentImport ClusterLockService clusterLockService, @ComponentImport EventPublisher eventPublisher, PruningJobStatusService pruningJobStatusService) {
        this(schedulerService, directoryManager, directoryInstanceLoader, transactionTemplate, clusterLockService, eventPublisher, pruningJobStatusService, 1000);
    }

    DelegatedDirectoryPruningJob(@ComponentImport SchedulerService schedulerService, @ComponentImport DirectoryManager directoryManager, @ComponentImport DirectoryInstanceLoader directoryInstanceLoader, @ComponentImport TransactionTemplate transactionTemplate, @ComponentImport ClusterLockService clusterLockService, @ComponentImport EventPublisher eventPublisher, PruningJobStatusService pruningJobStatusService, int i) {
        this.schedulerService = schedulerService;
        this.directoryManager = directoryManager;
        this.directoryInstanceLoader = directoryInstanceLoader;
        this.transactionTemplate = transactionTemplate;
        this.clusterLockService = clusterLockService;
        this.eventPublisher = eventPublisher;
        this.pruningJobStatusService = pruningJobStatusService;
        this.batchSize = i;
    }

    @PostConstruct
    public void registerPruningJob() throws SchedulerServiceException {
        this.schedulerService.registerJobRunner(PRUNING_JOBRUNNER_KEY, this);
        this.schedulerService.scheduleJob(JobId.of(PRUNING_JOB_ID), JobConfig.forJobRunnerKey(PRUNING_JOBRUNNER_KEY).withRunMode(RunMode.RUN_ONCE_PER_CLUSTER).withSchedule(Schedule.forCronExpression(COLLECTION_SCHEDULE)));
    }

    @PreDestroy
    public void onDestroy() {
        this.schedulerService.unregisterJobRunner(PRUNING_JOBRUNNER_KEY);
    }

    @Nullable
    public JobRunnerResponse runJob(JobRunnerRequest jobRunnerRequest) {
        this.pruningJobStatusService.setPruningRunning(true);
        PruningResults pruningResults = new PruningResults();
        try {
            try {
                this.transactionTemplate.execute(() -> {
                    findAllDelegatingDirectoriesWithPruningEnabled().forEach(directory -> {
                        deleteUsersNotInRemoteDirectory(directory, pruningResults);
                    });
                    return null;
                });
                this.pruningJobStatusService.setPruningRunning(false);
                this.eventPublisher.publish(new PruningJobRunEvent(pruningResults.getUsersDeactivated(), pruningResults.getUsersDeleted(), pruningResults.isError()));
                return JobRunnerResponse.success();
            } catch (Exception e) {
                pruningResults.setError(true);
                throw e;
            }
        } catch (Throwable th) {
            this.pruningJobStatusService.setPruningRunning(false);
            this.eventPublisher.publish(new PruningJobRunEvent(pruningResults.getUsersDeactivated(), pruningResults.getUsersDeleted(), pruningResults.isError()));
            throw th;
        }
    }

    private List<Directory> findAllDelegatingDirectoriesWithPruningEnabled() {
        return (List) this.directoryManager.searchDirectories(Queries.ALL_DELEGATING_DIRECTORIES_QUERY).stream().filter(directory -> {
            return Boolean.parseBoolean((String) directory.getAttributes().get(DirectoryAttributes.PRUNING_ENABLED_ATTRIBUTE_NAME));
        }).collect(Collectors.toList());
    }

    private void deleteUsersNotInRemoteDirectory(Directory directory, PruningResults pruningResults) {
        List<User> fetchUsersBatch;
        ClusterLock lockForName = this.clusterLockService.getLockForName(LOCK_PREFIX + PluginData.SEPARATOR + directory.getId());
        if (lockForName.tryLock()) {
            log.info("Pruning users for directory '{}'", directory.getName());
            try {
                RemoteDirectory createInternalDirectory = createInternalDirectory(directory);
                RemoteDirectory authoritativeDirectory = createInternalDirectory.getAuthoritativeDirectory();
                boolean parseBoolean = Boolean.parseBoolean((String) directory.getAttributes().get(DirectoryAttributes.HARD_DELETE_ENABLED_ATTRIBUTE_NAME));
                if (parseBoolean) {
                    log.info("User deletion while pruning is enabled for directory '{}', users not present in remote directory will be deleted", directory.getName());
                } else {
                    log.info("User deletion while pruning is disabled for directory '{}', users not present in remote directory will be deactivated", directory.getName());
                }
                Map<String, String> attributes = directory.getAttributes();
                int i = 0;
                do {
                    fetchUsersBatch = fetchUsersBatch(createInternalDirectory, i);
                    long processBatch = processBatch(attributes, createInternalDirectory, authoritativeDirectory, Collections.unmodifiableList(fetchUsersBatch), parseBoolean, pruningResults);
                    log.debug("Removed {} users from batch", Long.valueOf(processBatch));
                    i = (int) (i + (fetchUsersBatch.size() - processBatch));
                } while (fetchUsersBatch.size() == this.batchSize);
            } finally {
                lockForName.unlock();
            }
        }
    }

    private void safeDeactivateUser(RemoteDirectory remoteDirectory, User user, PruningResults pruningResults) {
        log.debug("Deactivating user '{}'", user.getName());
        if (!user.isActive()) {
            log.debug("User '{}' is already inactive in Crowd, skipping", user.getName());
            return;
        }
        log.debug("User '{}' is active in Crowd, proceeding with deactivation", user.getName());
        try {
            UserTemplate userTemplate = new UserTemplate(user);
            userTemplate.setActive(false);
            remoteDirectory.updateUser(userTemplate);
            pruningResults.incrementDeactivatedUsers();
        } catch (InvalidUserException | UserNotFoundException | OperationFailedException e) {
            log.warn("Could not deactivate user '{}'", user.getName(), e);
        }
    }

    private RemoteDirectory createInternalDirectory(Directory directory) {
        try {
            return this.directoryInstanceLoader.getDirectory(directory);
        } catch (OperationFailedException e) {
            log.error("Could not create internal directory from directory {}", directory.getId(), e);
            throw new RuntimeException((Throwable) e);
        }
    }

    private List<User> fetchUsersBatch(RemoteDirectory remoteDirectory, int i) {
        try {
            return remoteDirectory.searchUsers(QueryBuilder.queryFor(User.class, EntityDescriptor.user()).startingAt(i).returningAtMost(this.batchSize));
        } catch (OperationFailedException e) {
            log.error("Could fetch users from directory {}", Long.valueOf(remoteDirectory.getDirectoryId()), e);
            throw new RuntimeException((Throwable) e);
        }
    }

    private long processBatch(Map<String, String> map, RemoteDirectory remoteDirectory, RemoteDirectory remoteDirectory2, List<User> list, boolean z, PruningResults pruningResults) {
        try {
            Map map2 = (Map) list.stream().collect(Collectors.partitioningBy(user -> {
                return Strings.isNullOrEmpty(user.getExternalId());
            }));
            List<User> list2 = (List) map2.getOrDefault(true, Collections.emptyList());
            List<User> list3 = (List) map2.getOrDefault(false, Collections.emptyList());
            long j = 0;
            if (!list2.isEmpty()) {
                j = 0 + processUsersWithNullExternalId(map, remoteDirectory, list2, pruningResults);
            }
            return j + processUsersWithNonNullExternalId(remoteDirectory, remoteDirectory2, z, list3, pruningResults);
        } catch (OperationFailedException e) {
            log.error("Could not fetch users from directory {}", Long.valueOf(remoteDirectory.getDirectoryId()), e);
            throw new RuntimeException((Throwable) e);
        }
    }

    private long processUsersWithNonNullExternalId(RemoteDirectory remoteDirectory, RemoteDirectory remoteDirectory2, boolean z, List<User> list, PruningResults pruningResults) throws OperationFailedException {
        Map map = (Map) loadUsersByExternalIds(remoteDirectory2, list).stream().collect(Collectors.toMap((v0) -> {
            return v0.getExternalId();
        }, Function.identity()));
        return ((Map) list.stream().collect(Collectors.toMap((v0) -> {
            return v0.getExternalId();
        }, Function.identity()))).entrySet().stream().filter(entry -> {
            return handleUser(remoteDirectory, (User) entry.getValue(), (User) map.get(entry.getKey()), z, pruningResults);
        }).count();
    }

    private boolean handleUser(RemoteDirectory remoteDirectory, @Nonnull User user, @Nullable User user2, boolean z, PruningResults pruningResults) {
        if (user2 == null && z) {
            return safeDeleteUser(remoteDirectory, user, pruningResults);
        }
        if (!user.isActive()) {
            return false;
        }
        if (user2 != null && user2.isActive()) {
            return false;
        }
        safeDeactivateUser(remoteDirectory, user, pruningResults);
        return false;
    }

    private long processUsersWithNullExternalId(Map<String, String> map, RemoteDirectory remoteDirectory, List<User> list, PruningResults pruningResults) {
        NullExternalIdPruningConfiguration valueOf = NullExternalIdPruningConfiguration.valueOf(map.getOrDefault(DirectoryAttributes.PRUNING_CONFIG_FOR_NULL_EXTERNAL_ID_ATTRIBUTE_NAME, NullExternalIdPruningConfiguration.DO_NOTHING.toString()));
        if (NullExternalIdPruningConfiguration.DEACTIVATE.equals(valueOf)) {
            log.info("Users with a Null ExternalID for directory '{}' will be deactivated", remoteDirectory.getDescriptiveName());
            list.forEach(user -> {
                safeDeactivateUser(remoteDirectory, user, pruningResults);
            });
            return 0L;
        }
        if (NullExternalIdPruningConfiguration.DELETE.equals(valueOf)) {
            log.info("Users with a Null ExternalID for directory '{}' will be deleted", remoteDirectory.getDescriptiveName());
            return list.stream().filter(user2 -> {
                return safeDeleteUser(remoteDirectory, user2, pruningResults);
            }).count();
        }
        log.info("Users with a Null ExternalID for directory '{}' will be excluded from pruning", remoteDirectory.getDescriptiveName());
        return 0L;
    }

    private List<User> loadUsersByExternalIds(RemoteDirectory remoteDirectory, List<User> list) throws OperationFailedException {
        return list.isEmpty() ? Collections.emptyList() : remoteDirectory.searchUsers(Queries.usersByExternalIdQuery(list));
    }

    private boolean safeDeleteUser(RemoteDirectory remoteDirectory, User user, PruningResults pruningResults) {
        try {
            log.debug("Deleting user '{}'", user.getName());
            remoteDirectory.removeUser(user.getName());
            pruningResults.incrementDeletedUsers();
            return true;
        } catch (UserNotFoundException | OperationFailedException e) {
            log.warn("Could not delete user '{}'", user.getName(), e);
            return false;
        }
    }
}
