package com.atlassian.crowd.directory;

import com.atlassian.crowd.embedded.api.PasswordConstraint;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.crowd.embedded.spi.DirectoryDao;
import com.atlassian.crowd.embedded.spi.GroupDao;
import com.atlassian.crowd.embedded.spi.MembershipDao;
import com.atlassian.crowd.embedded.spi.ProductPermissionDao;
import com.atlassian.crowd.embedded.spi.UserDao;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.InvalidGroupException;
import com.atlassian.crowd.exception.InvalidMembershipException;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.MembershipAlreadyExistsException;
import com.atlassian.crowd.exception.MembershipNotFoundException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.OperationNotSupportedException;
import com.atlassian.crowd.exception.ProductNotFoundException;
import com.atlassian.crowd.exception.ProductPermissionAlreadyExistsException;
import com.atlassian.crowd.exception.ProductPermissionNotFoundException;
import com.atlassian.crowd.exception.UserAlreadyExistsException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupTemplate;
import com.atlassian.crowd.model.group.GroupWithAttributes;
import com.atlassian.crowd.model.group.InternalDirectoryGroup;
import com.atlassian.crowd.model.group.Membership;
import com.atlassian.crowd.model.permission.ProductPermission;
import com.atlassian.crowd.model.user.TimestampedUser;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.crowd.model.user.UserWithAttributes;
import com.atlassian.crowd.password.encoder.PasswordEncoder;
import com.atlassian.crowd.password.encoder.UpgradeablePasswordEncoder;
import com.atlassian.crowd.password.factory.PasswordEncoderFactory;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.search.builder.Restriction;
import com.atlassian.crowd.search.query.entity.EntityQuery;
import com.atlassian.crowd.search.query.entity.restriction.constants.UserTermKeys;
import com.atlassian.crowd.search.query.membership.MembershipQuery;
import com.atlassian.crowd.util.BatchResult;
import com.atlassian.crowd.util.BoundedCount;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.Validate;
import org.apache.commons.lang3.math.NumberUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/directory/AbstractInternalDirectory.class */
public abstract class AbstractInternalDirectory implements InternalRemoteDirectory {
    public static final String DESCRIPTIVE_NAME = "Crowd Internal Directory";
    public static final String ATTRIBUTE_PASSWORD_REGEX = "password_regex";
    public static final String ATTRIBUTE_PASSWORD_COMPLEXITY_MESSAGE = "password_complexity_message";
    public static final String ATTRIBUTE_PASSWORD_MAX_ATTEMPTS = "password_max_attempts";
    public static final String ATTRIBUTE_PASSWORD_HISTORY_COUNT = "password_history_count";
    public static final String ATTRIBUTE_USER_ENCRYPTION_METHOD = "user_encryption_method";
    public static final String ATTRIBUTE_PASSWORD_MAX_CHANGE_TIME = "password_max_change_time";
    public static final String ATTRIBUTE_PASSWORD_MINIMUM_LENGTH = "password_minimum_length";
    public static final String ATTRIBUTE_PASSWORD_MINIMUM_SCORE = "password_minimum_score";
    private static final Logger logger = LoggerFactory.getLogger(InternalDirectory.class);
    protected long directoryId;
    protected AttributeValuesHolder attributes;
    protected final PasswordEncoderFactory passwordEncoderFactory;
    protected final DirectoryDao directoryDao;
    protected final UserDao userDao;
    protected final GroupDao groupDao;
    protected final MembershipDao membershipDao;
    protected final ProductPermissionDao productPermissionDao;
    protected final InternalDirectoryUtils internalDirectoryUtils;
    private final PasswordConstraintsLoader passwordConstraints;

    public AbstractInternalDirectory(InternalDirectoryUtils internalDirectoryUtils, PasswordEncoderFactory passwordEncoderFactory, DirectoryDao directoryDao, UserDao userDao, GroupDao groupDao, MembershipDao membershipDao, ProductPermissionDao productPermissionDao, PasswordConstraintsLoader passwordConstraintsLoader) {
        this.internalDirectoryUtils = internalDirectoryUtils;
        this.directoryDao = directoryDao;
        this.passwordEncoderFactory = passwordEncoderFactory;
        this.membershipDao = membershipDao;
        this.groupDao = groupDao;
        this.userDao = userDao;
        this.productPermissionDao = productPermissionDao;
        this.passwordConstraints = passwordConstraintsLoader;
    }

    public long getDirectoryId() {
        return this.directoryId;
    }

    public void setDirectoryId(long j) {
        this.directoryId = j;
    }

    public void setAttributes(Map<String, String> map) {
        this.attributes = new AttributeValuesHolder(map);
    }

    public Set<String> getValues(String str) {
        return this.attributes.getValues(str);
    }

    public String getValue(String str) {
        return this.attributes.getValue(str);
    }

    public Set<String> getKeys() {
        return this.attributes.getKeys();
    }

    public boolean isEmpty() {
        return this.attributes.isEmpty();
    }

    public String getDescriptiveName() {
        return DESCRIPTIVE_NAME;
    }

    /* renamed from: findUserByName, reason: merged with bridge method [inline-methods] */
    public TimestampedUser m5findUserByName(String str) throws UserNotFoundException {
        Validate.notNull(str, "name argument cannot be null", new Object[0]);
        return this.userDao.findByName(getDirectoryId(), str);
    }

    /* renamed from: findUserByExternalId, reason: merged with bridge method [inline-methods] */
    public TimestampedUser m3findUserByExternalId(String str) throws UserNotFoundException {
        Validate.notNull(str, "externalId argument cannot be null", new Object[0]);
        return this.userDao.findByExternalId(getDirectoryId(), str);
    }

    /* renamed from: findUserByAccountId, reason: merged with bridge method [inline-methods] */
    public TimestampedUser m4findUserByAccountId(String str) throws UserNotFoundException {
        Validate.notNull(str, "accountId argument cannot be null", new Object[0]);
        return this.userDao.findByAccountId(getDirectoryId(), str);
    }

    public UserWithAttributes findUserWithAttributesByName(String str) throws UserNotFoundException {
        Validate.notNull(str, "name argument cannot be null", new Object[0]);
        return this.userDao.findByNameWithAttributes(getDirectoryId(), str);
    }

    public UserWithAttributes findUserWithAttributesByEmail(String str) throws UserNotFoundException {
        Validate.notNull(str, "email argument cannot be null", new Object[0]);
        return findUserWithAttributesByEmailImpl(str);
    }

    public User authenticate(String str, PasswordCredential passwordCredential) throws InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, UserNotFoundException {
        if (passwordCredential.isEncryptedCredential()) {
            throw new IllegalArgumentException("Cannot authenticate with encrypted credential");
        }
        UserWithAttributes findByNameWithAttributes = this.userDao.findByNameWithAttributes(getDirectoryId(), str);
        if (!findByNameWithAttributes.isActive()) {
            throw new InactiveAccountException(findByNameWithAttributes.getName());
        }
        processAuthentication(findByNameWithAttributes, passwordCredential);
        return findByNameWithAttributes;
    }

    public User authenticateLocalServiceDeskUser(String str, PasswordCredential passwordCredential) throws InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, UserNotFoundException {
        if (passwordCredential.isEncryptedCredential()) {
            throw new IllegalArgumentException("Cannot authenticate with encrypted credential");
        }
        try {
            return authenticateLocalServiceDeskUser(str, this.userDao.findByNameWithAttributes(getDirectoryId(), str), passwordCredential);
        } catch (Exception e) {
            try {
                return authenticateLocalServiceDeskUser(str, findUserWithAttributesByEmailImpl(str), passwordCredential);
            } catch (Exception e2) {
                if (e instanceof UserNotFoundException) {
                    throw e2;
                }
                throw e;
            }
        }
    }

    public User authenticateLocalServiceDeskUser(String str, UserWithAttributes userWithAttributes, PasswordCredential passwordCredential) throws InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, UserNotFoundException {
        if (!userWithAttributes.isLocalServiceDeskUser()) {
            throw new UserNotFoundException(str);
        }
        if (!userWithAttributes.isActive()) {
            throw new InactiveAccountException(userWithAttributes.getName());
        }
        processAuthentication(userWithAttributes, passwordCredential);
        return userWithAttributes;
    }

    private UserWithAttributes findUserWithAttributesByEmailImpl(String str) throws UserNotFoundException {
        if (!isPotentialEmailAddress(str)) {
            throw new UserNotFoundException(str);
        }
        List<User> searchUsersByEmail = searchUsersByEmail(str);
        if (searchUsersByEmail.isEmpty()) {
            throw new UserNotFoundException(str);
        }
        if (searchUsersByEmail.size() > 1) {
            logger.warn("Multiple users with same email address exist: " + str);
            throw new UserNotFoundException(str);
        }
        return this.userDao.findByNameWithAttributes(getDirectoryId(), searchUsersByEmail.get(0).getName());
    }

    private boolean isPotentialEmailAddress(String str) {
        return str.matches("[^@]+@[^@]+");
    }

    private List<User> searchUsersByEmail(String str) {
        return this.userDao.search(getDirectoryId(), QueryBuilder.queryFor(User.class, EntityDescriptor.user()).with(Restriction.on(UserTermKeys.EMAIL).exactlyMatching(str)).returningAtMost(-1));
    }

    private void processAuthentication(UserWithAttributes userWithAttributes, PasswordCredential passwordCredential) throws InvalidAuthenticationException, ExpiredCredentialException, UserNotFoundException {
        long processPasswordAttempts = processPasswordAttempts(userWithAttributes);
        HashMap hashMap = new HashMap();
        try {
            authenticate(userWithAttributes, passwordCredential, this.userDao.getCredential(this.directoryId, userWithAttributes.getName()), getValue(ATTRIBUTE_USER_ENCRYPTION_METHOD));
            boolean requiresPasswordChange = requiresPasswordChange(userWithAttributes);
            hashMap.put("requiresPasswordChange", Collections.singleton(Boolean.toString(requiresPasswordChange)));
            hashMap.put("invalidPasswordAttempts", Collections.singleton(Long.toString(0L)));
            hashMap.put("lastAuthenticated", Collections.singleton(Long.toString(System.currentTimeMillis())));
            this.userDao.storeAttributes(userWithAttributes, hashMap);
            if (requiresPasswordChange) {
                logger.info(userWithAttributes.getName() + ": Attempting to log in with expired passsword.");
                throw new ExpiredCredentialException("Attempting to log in with expired passsword.");
            }
        } catch (InvalidAuthenticationException e) {
            hashMap.put("invalidPasswordAttempts", Collections.singleton(Long.toString(processPasswordAttempts + 1)));
            this.userDao.storeAttributes(userWithAttributes, hashMap);
            throw e;
        }
    }

    private long processPasswordAttempts(UserWithAttributes userWithAttributes) throws InvalidAuthenticationException, UserNotFoundException {
        long currentPrincipalInvalidPasswordAttempts = currentPrincipalInvalidPasswordAttempts(userWithAttributes);
        String value = getValue(ATTRIBUTE_PASSWORD_MAX_ATTEMPTS);
        if (value != null) {
            long parseLong = Long.parseLong(value);
            if (parseLong > 0 && currentPrincipalInvalidPasswordAttempts >= parseLong) {
                HashMap hashMap = new HashMap();
                hashMap.put("requiresPasswordChange", Collections.singleton(Boolean.TRUE.toString()));
                this.userDao.storeAttributes(userWithAttributes, hashMap);
                logger.info(userWithAttributes.getName() + ": Maximum allowed invalid password attempts has been reached.");
                throw new InvalidAuthenticationException("Maximum allowed invalid password attempts has been reached");
            }
        }
        return currentPrincipalInvalidPasswordAttempts;
    }

    protected long currentPrincipalInvalidPasswordAttempts(UserWithAttributes userWithAttributes) {
        String value = userWithAttributes.getValue("invalidPasswordAttempts");
        long j = 0;
        if (value != null) {
            try {
                j = Long.parseLong(value);
            } catch (NumberFormatException e) {
            }
        }
        return j;
    }

    protected boolean requiresPasswordChange(UserWithAttributes userWithAttributes) {
        Date date;
        boolean parseBoolean = Boolean.parseBoolean(userWithAttributes.getValue("requiresPasswordChange"));
        if (parseBoolean) {
            return true;
        }
        String value = getValue(ATTRIBUTE_PASSWORD_MAX_CHANGE_TIME);
        if (value != null) {
            long parseLong = Long.parseLong(value);
            if (parseLong > 0) {
                String value2 = userWithAttributes.getValue("passwordLastChanged");
                if (value2 != null) {
                    try {
                        date = new Date(Long.parseLong(value2));
                    } catch (NumberFormatException e) {
                        date = new Date();
                    }
                } else {
                    date = new Date();
                }
                if (new Date().getTime() - date.getTime() > TimeUnit.DAYS.toMillis(parseLong)) {
                    parseBoolean = true;
                }
            }
        }
        return parseBoolean;
    }

    private void authenticate(User user, PasswordCredential passwordCredential, PasswordCredential passwordCredential2, String str) throws InvalidAuthenticationException, UserNotFoundException {
        if (PasswordCredential.NONE.equals(passwordCredential2)) {
            throw new InvalidAuthenticationException("Failed to authenticate principal, not allowed to login");
        }
        PasswordEncoder internalEncoder = this.passwordEncoderFactory.getInternalEncoder(str);
        if (!internalEncoder.isPasswordValid(passwordCredential2.getCredential(), passwordCredential.getCredential(), (Object) null)) {
            throw new InvalidAuthenticationException("Failed to authenticate principal, password was invalid");
        }
        upgradePasswordIfRequired(user, internalEncoder, passwordCredential2.getCredential(), passwordCredential.getCredential());
    }

    private void upgradePasswordIfRequired(User user, PasswordEncoder passwordEncoder, String str, String str2) throws UserNotFoundException {
        if (passwordEncoder instanceof UpgradeablePasswordEncoder) {
            UpgradeablePasswordEncoder upgradeablePasswordEncoder = (UpgradeablePasswordEncoder) passwordEncoder;
            if (upgradeablePasswordEncoder.isUpgradeRequired(str)) {
                String encodePassword = upgradeablePasswordEncoder.encodePassword(str2, (Object) null);
                this.userDao.updateCredential(user, new PasswordCredential(encodePassword, true), NumberUtils.toInt(getValue(ATTRIBUTE_PASSWORD_HISTORY_COUNT), 0));
            }
        }
    }

    public abstract User addUser(UserTemplate userTemplate, PasswordCredential passwordCredential) throws InvalidCredentialException, InvalidUserException, UserAlreadyExistsException, OperationFailedException;

    /* JADX INFO: Access modifiers changed from: protected */
    public PasswordCredential encryptedCredential(PasswordCredential passwordCredential) {
        return (passwordCredential == null || passwordCredential.isEncryptedCredential()) ? passwordCredential : PasswordCredential.encrypted(getEncoder().encodePassword(passwordCredential.getCredential(), (Object) null));
    }

    protected PasswordEncoder getEncoder() {
        return this.passwordEncoderFactory.getInternalEncoder(getValue(ATTRIBUTE_USER_ENCRYPTION_METHOD));
    }

    static String historyMatchDescription(int i) {
        switch (i) {
            case 1:
                return "the current password";
            case 2:
                return "either the current password or the previous password";
            default:
                return "either the current password or one of the previous " + (i - 1) + " passwords";
        }
    }

    public void updateUserCredential(String str, PasswordCredential passwordCredential) throws InvalidCredentialException, UserNotFoundException {
        com.atlassian.crowd.embedded.api.User findByName = this.userDao.findByName(getDirectoryId(), str);
        this.internalDirectoryUtils.validateCredential(findByName, passwordCredential, getPasswordConstraints(), getValue(ATTRIBUTE_PASSWORD_COMPLEXITY_MESSAGE));
        int i = 0;
        String value = getValue(ATTRIBUTE_PASSWORD_HISTORY_COUNT);
        if (NumberUtils.isNumber(value)) {
            i = Integer.parseInt(value);
            PasswordCredential credential = this.userDao.getCredential(this.directoryId, str);
            List<PasswordCredential> credentialHistory = this.userDao.getCredentialHistory(this.directoryId, str);
            if (i != 0 && !isUniquePassword(passwordCredential, credential, credentialHistory, i)) {
                throw new InvalidCredentialException("Unable to update password since this password matches " + historyMatchDescription(i) + ".");
            }
        }
        try {
            this.userDao.updateCredential(findByName, encryptedCredential(passwordCredential), i);
            this.userDao.storeAttributes(findByName, calculatePostPasswordUpdateAttributes());
        } catch (IllegalArgumentException e) {
            throw new InvalidCredentialException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Map<String, Set<String>> calculatePostPasswordUpdateAttributes() {
        return ImmutableMap.of("passwordLastChanged", Collections.singleton(Long.toString(System.currentTimeMillis())), "requiresPasswordChange", Collections.singleton(Boolean.FALSE.toString()), "invalidPasswordAttempts", Collections.singleton(Long.toString(0L)));
    }

    private boolean isUniquePassword(PasswordCredential passwordCredential, PasswordCredential passwordCredential2, List<PasswordCredential> list, int i) {
        Preconditions.checkArgument(!passwordCredential.isEncryptedCredential(), "The credentials should not be encrypted for the unique password check");
        String credential = passwordCredential.getCredential();
        PasswordEncoder encoder = getEncoder();
        if (passwordCredential2 != null && encoder.isPasswordValid(passwordCredential2.getCredential(), credential, (Object) null)) {
            return false;
        }
        if (i > list.size()) {
            i = list.size();
        }
        for (int size = list.size() - i; size < list.size(); size++) {
            if (encoder.isPasswordValid(list.get(size).getCredential(), credential, (Object) null)) {
                return false;
            }
        }
        return true;
    }

    public User renameUser(String str, String str2) throws InvalidUserException, UserNotFoundException, UserAlreadyExistsException {
        Validate.notEmpty(str, "oldName cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "newName cannot be null or empty", new Object[0]);
        TimestampedUser m5findUserByName = m5findUserByName(str);
        this.internalDirectoryUtils.validateUsername(str2);
        if (IdentifierUtils.equalsInLowerCase(str, str2)) {
            return this.userDao.rename(m5findUserByName, str2);
        }
        try {
            m5findUserByName(str2);
            throw new UserAlreadyExistsException(getDirectoryId(), str2);
        } catch (UserNotFoundException e) {
            return this.userDao.rename(m5findUserByName, str2);
        }
    }

    public User forceRenameUser(@Nonnull User user, @Nonnull String str) throws UserNotFoundException {
        this.internalDirectoryUtils.validateUsername(str);
        User findUserByNameOrNull = IdentifierUtils.equalsInLowerCase(user.getName(), str) ? null : findUserByNameOrNull(str);
        if (findUserByNameOrNull != null) {
            try {
                this.userDao.rename(findUserByNameOrNull, findVacantUsername(str));
            } catch (UserNotFoundException e) {
            } catch (UserAlreadyExistsException e2) {
                throw new IllegalStateException("Unable to move user " + str + " out of the way so we can rename " + user.getName(), e2);
            }
        }
        try {
            return this.userDao.rename(user, str);
        } catch (UserAlreadyExistsException e3) {
            throw new IllegalStateException("Unable to rename user " + user.getName() + " to " + str, e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Set<PasswordConstraint> getPasswordConstraints() {
        return this.passwordConstraints.getFromDirectoryAttributes(this.directoryId, this.attributes);
    }

    @Nonnull
    public Set<String> getAllUserExternalIds() throws OperationFailedException {
        try {
            return this.userDao.getAllExternalIds(getDirectoryId());
        } catch (DirectoryNotFoundException e) {
            throw new OperationFailedException(e);
        }
    }

    public long getUserCount() throws OperationFailedException {
        try {
            return this.userDao.getUserCount(getDirectoryId());
        } catch (DirectoryNotFoundException e) {
            throw new OperationFailedException(e);
        }
    }

    private User findUserByNameOrNull(String str) {
        try {
            return m5findUserByName(str);
        } catch (UserNotFoundException e) {
            return null;
        }
    }

    private String findVacantUsername(String str) {
        for (int i = 1; i <= 1000; i++) {
            String str2 = str + '#' + i;
            try {
                m5findUserByName(str2);
            } catch (UserNotFoundException e) {
                return str2;
            }
        }
        throw new IllegalStateException("Unable to find a vacant username for prefix " + str);
    }

    public void storeUserAttributes(String str, Map<String, Set<String>> map) throws UserNotFoundException {
        Validate.notNull(map, "attributes cannot be null", new Object[0]);
        this.userDao.storeAttributes(m5findUserByName(str), map);
    }

    public void removeUserAttributes(String str, String str2) throws UserNotFoundException {
        Validate.notEmpty(str, "username cannot be null or empty", new Object[0]);
        Validate.notNull(str2, "attributeName cannot be null", new Object[0]);
        this.userDao.removeAttribute(m5findUserByName(str), str2);
    }

    public void removeUser(String str) throws UserNotFoundException {
        this.userDao.remove(m5findUserByName(str));
    }

    public BatchResult<String> removeAllUsers(Set<String> set) {
        return this.userDao.removeAllUsers(getDirectoryId(), set);
    }

    public BatchResult<String> removeAllGroups(Set<String> set) {
        return this.groupDao.removeAllGroups(getDirectoryId(), set);
    }

    public <T> List<T> searchUsers(EntityQuery<T> entityQuery) {
        Validate.notNull(entityQuery, "query cannot be null", new Object[0]);
        return this.userDao.search(getDirectoryId(), entityQuery);
    }

    /* renamed from: findGroupByName, reason: merged with bridge method [inline-methods] */
    public InternalDirectoryGroup m2findGroupByName(String str) throws GroupNotFoundException {
        Validate.notNull(str, "name argument cannot be null", new Object[0]);
        return this.groupDao.findByName(getDirectoryId(), str);
    }

    public GroupWithAttributes findGroupWithAttributesByName(String str) throws GroupNotFoundException {
        Validate.notNull(str, "name argument cannot be null", new Object[0]);
        return this.groupDao.findByNameWithAttributes(getDirectoryId(), str);
    }

    public Group addGroup(GroupTemplate groupTemplate) throws InvalidGroupException, OperationFailedException {
        this.internalDirectoryUtils.validateDirectoryForEntity(groupTemplate, Long.valueOf(this.directoryId));
        this.internalDirectoryUtils.validateGroupName(groupTemplate, groupTemplate.getName());
        try {
            return groupTemplate.isLocal() ? this.groupDao.addLocal(groupTemplate) : this.groupDao.add(groupTemplate);
        } catch (IllegalArgumentException e) {
            throw new InvalidGroupException(groupTemplate, e.getMessage(), e);
        } catch (DirectoryNotFoundException e2) {
            throw new OperationFailedException(e2);
        }
    }

    public abstract Group addLocalGroup(GroupTemplate groupTemplate) throws InvalidGroupException, OperationFailedException;

    public Group updateGroup(GroupTemplate groupTemplate) throws InvalidGroupException, GroupNotFoundException {
        this.internalDirectoryUtils.validateDirectoryForEntity(groupTemplate, Long.valueOf(this.directoryId));
        try {
            return this.groupDao.update(groupTemplate);
        } catch (IllegalArgumentException e) {
            throw new InvalidGroupException(groupTemplate, e.getMessage(), e);
        }
    }

    public Group renameGroup(String str, String str2) throws InvalidGroupException, GroupNotFoundException {
        Validate.notEmpty(str, "oldName cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "newName cannot be null or empty", new Object[0]);
        Group m2findGroupByName = m2findGroupByName(str);
        this.internalDirectoryUtils.validateGroupName(m2findGroupByName, str2);
        return this.groupDao.rename(m2findGroupByName, str2);
    }

    public void storeGroupAttributes(String str, Map<String, Set<String>> map) throws GroupNotFoundException {
        Validate.notEmpty(str, "groupName cannot be null or empty", new Object[0]);
        Validate.notNull(map, "attributes cannot be null", new Object[0]);
        this.groupDao.storeAttributes(m2findGroupByName(str), map);
    }

    public void removeGroupAttributes(String str, String str2) throws GroupNotFoundException {
        Validate.notEmpty(str, "groupName cannot be null or empty", new Object[0]);
        Validate.notNull(str2, "attributeName cannot be null", new Object[0]);
        this.groupDao.removeAttribute(m2findGroupByName(str), str2);
    }

    public void removeGroup(String str) throws GroupNotFoundException {
        this.groupDao.remove(m2findGroupByName(str));
    }

    public <T> List<T> searchGroups(EntityQuery<T> entityQuery) {
        Validate.notNull(entityQuery, "query cannot be null", new Object[0]);
        return this.groupDao.search(getDirectoryId(), entityQuery);
    }

    public boolean isUserDirectGroupMember(String str, String str2) {
        Validate.notEmpty(str, "username cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "groupName cannot be null or empty", new Object[0]);
        return this.membershipDao.isUserDirectMember(getDirectoryId(), str, str2);
    }

    public boolean isGroupDirectGroupMember(String str, String str2) {
        Validate.notEmpty(str, "childGroup cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "parentGroup cannot be null or empty", new Object[0]);
        return this.membershipDao.isGroupDirectMember(getDirectoryId(), str, str2);
    }

    public void addUserToGroup(String str, String str2) throws UserNotFoundException, GroupNotFoundException, MembershipAlreadyExistsException {
        Validate.notEmpty(str, "username cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "groupName cannot be null or empty", new Object[0]);
        this.membershipDao.addUserToGroup(getDirectoryId(), str, str2);
    }

    public void addGroupToGroup(String str, String str2) throws InvalidMembershipException, GroupNotFoundException, MembershipAlreadyExistsException {
        Validate.notEmpty(str, "childGroup cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "parentGroup cannot be null or empty", new Object[0]);
        InternalDirectoryGroup m2findGroupByName = m2findGroupByName(str);
        InternalDirectoryGroup m2findGroupByName2 = m2findGroupByName(str2);
        if (!m2findGroupByName.getType().equals(m2findGroupByName2.getType())) {
            throw new InvalidMembershipException("Cannot add group of type " + m2findGroupByName.getType().name() + " to group of type " + m2findGroupByName2.getType().name());
        }
        this.membershipDao.addGroupToGroup(getDirectoryId(), str, str2);
    }

    public void removeUserFromGroup(String str, String str2) throws MembershipNotFoundException, GroupNotFoundException, UserNotFoundException {
        Validate.notEmpty(str, "username cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "groupName cannot be null or empty", new Object[0]);
        m5findUserByName(str);
        m2findGroupByName(str2);
        if (!isUserDirectGroupMember(str, str2)) {
            throw new MembershipNotFoundException(str, str2);
        }
        this.membershipDao.removeUserFromGroup(getDirectoryId(), str, str2);
    }

    public void removeGroupFromGroup(String str, String str2) throws InvalidMembershipException, MembershipNotFoundException, GroupNotFoundException {
        Validate.notEmpty(str, "childGroup cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "parentGroup cannot be null or empty", new Object[0]);
        InternalDirectoryGroup m2findGroupByName = m2findGroupByName(str);
        InternalDirectoryGroup m2findGroupByName2 = m2findGroupByName(str2);
        if (!isGroupDirectGroupMember(str, str2)) {
            throw new MembershipNotFoundException(str, str2);
        }
        if (!m2findGroupByName.getType().equals(m2findGroupByName2.getType())) {
            throw new InvalidMembershipException("Cannot remove group of type " + m2findGroupByName.getType().name() + " from group of type " + m2findGroupByName2.getType().name());
        }
        this.membershipDao.removeGroupFromGroup(getDirectoryId(), str, str2);
    }

    public BoundedCount countDirectMembersOfGroup(String str, int i) {
        return this.membershipDao.countDirectMembersOfGroup(getDirectoryId(), str, i);
    }

    public <T> List<T> searchGroupRelationships(MembershipQuery<T> membershipQuery) {
        Validate.notNull(membershipQuery, "query cannot be null", new Object[0]);
        return this.membershipDao.search(getDirectoryId(), membershipQuery);
    }

    public void testConnection() throws OperationFailedException {
    }

    public boolean supportsNestedGroups() {
        return this.attributes.getAttributeAsBoolean("useNestedGroups", false);
    }

    public boolean supportsPasswordExpiration() {
        return true;
    }

    public boolean supportsSettingEncryptedCredential() {
        return true;
    }

    public boolean isRolesDisabled() {
        return true;
    }

    public Set<? extends ProductPermission> getProductPermissions() throws OperationFailedException {
        return this.productPermissionDao.getAll();
    }

    public void addProductPermission(ProductPermission productPermission) throws OperationFailedException, GroupNotFoundException, ProductNotFoundException, ProductPermissionAlreadyExistsException {
        this.productPermissionDao.add(productPermission);
    }

    public void updateProductPermission(ProductPermission productPermission) throws OperationNotSupportedException, OperationFailedException, GroupNotFoundException, ProductPermissionNotFoundException, ProductNotFoundException {
        this.productPermissionDao.update(productPermission);
    }

    public void removeProductPermission(ProductPermission productPermission) throws OperationFailedException, GroupNotFoundException, ProductNotFoundException, ProductPermissionNotFoundException {
        this.productPermissionDao.remove(productPermission);
    }

    public Iterable<Membership> getMemberships() throws OperationFailedException {
        return new DirectoryMembershipsIterable(this);
    }

    public RemoteDirectory getAuthoritativeDirectory() {
        return this;
    }

    public void expireAllPasswords() {
        this.userDao.setAttributeForAllInDirectory(this.directoryId, "requiresPasswordChange", "true");
    }

    public PasswordCredential getCredential(User user) throws UserNotFoundException {
        return this.userDao.getCredential(this.directoryId, user.getName());
    }
}
