package com.atlassian.crowd.directory;

import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.crowd.embedded.spi.DirectoryDao;
import com.atlassian.crowd.embedded.spi.GroupDao;
import com.atlassian.crowd.embedded.spi.LocalServiceDeskUserFeatureControl;
import com.atlassian.crowd.embedded.spi.MembershipDao;
import com.atlassian.crowd.embedded.spi.ProductPermissionDao;
import com.atlassian.crowd.embedded.spi.UserDao;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.InvalidGroupException;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserAlreadyExistsException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupTemplate;
import com.atlassian.crowd.model.user.TimestampedUser;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.crowd.model.user.UserTemplateWithCredentialAndAttributes;
import com.atlassian.crowd.password.factory.PasswordEncoderFactory;
import com.atlassian.crowd.util.BatchResult;
import com.google.common.annotations.VisibleForTesting;
import java.util.Collection;
import java.util.ConcurrentModificationException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.Validate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/directory/CachingDirectory.class */
public class CachingDirectory extends AbstractInternalDirectory {
    private static final Logger logger = LoggerFactory.getLogger(InternalDirectory.class);
    private final LocalServiceDeskUserFeatureControl localServiceDeskUserFeatureControl;

    public CachingDirectory(InternalDirectoryUtils internalDirectoryUtils, PasswordEncoderFactory passwordEncoderFactory, DirectoryDao directoryDao, UserDao userDao, GroupDao groupDao, MembershipDao membershipDao, ProductPermissionDao productPermissionDao, PasswordConstraintsLoader passwordConstraintsLoader, LocalServiceDeskUserFeatureControl localServiceDeskUserFeatureControl) {
        super(internalDirectoryUtils, passwordEncoderFactory, directoryDao, userDao, groupDao, membershipDao, productPermissionDao, passwordConstraintsLoader);
        this.localServiceDeskUserFeatureControl = localServiceDeskUserFeatureControl;
    }

    @Override // com.atlassian.crowd.directory.AbstractInternalDirectory
    public User addUser(UserTemplate userTemplate, PasswordCredential passwordCredential) throws InvalidCredentialException, InvalidUserException, UserAlreadyExistsException, OperationFailedException {
        this.internalDirectoryUtils.validateDirectoryForEntity(userTemplate, Long.valueOf(this.directoryId));
        PasswordCredential passwordCredential2 = passwordCredential;
        boolean z = false;
        if (isLocalServiceDeskUserManagementActive()) {
            if (userTemplate.isLocalServiceDeskUser()) {
                if (passwordCredential != null && !passwordCredential.isEncryptedCredential()) {
                    this.internalDirectoryUtils.validateCredential(userTemplate, passwordCredential, getPasswordConstraints(), getValue(AbstractInternalDirectory.ATTRIBUTE_PASSWORD_COMPLEXITY_MESSAGE));
                    passwordCredential2 = encryptedCredential(passwordCredential);
                }
                z = true;
                if (userTemplate.getExternalId() == null) {
                    userTemplate.setExternalId(InternalDirectory.generateUniqueIdentifier());
                }
            }
            User handleAddUserLocalUserConflictsAndElevateLocalUserIfPossible = handleAddUserLocalUserConflictsAndElevateLocalUserIfPossible(userTemplate);
            if (handleAddUserLocalUserConflictsAndElevateLocalUserIfPossible != null) {
                return handleAddUserLocalUserConflictsAndElevateLocalUserIfPossible;
            }
        }
        try {
            User add = this.userDao.add(userTemplate, passwordCredential2);
            if (z) {
                try {
                    this.userDao.storeAttributes(add, calculatePostPasswordUpdateAttributes());
                } catch (UserNotFoundException e) {
                    throw new OperationFailedException(e);
                }
            }
            return add;
        } catch (IllegalArgumentException e2) {
            throw new InvalidUserException(userTemplate, e2.getMessage(), e2);
        } catch (DirectoryNotFoundException e3) {
            throw new OperationFailedException(e3);
        }
    }

    public User addOrUpdate(UserTemplate userTemplate, PasswordCredential passwordCredential) throws OperationFailedException, InvalidUserException, InvalidCredentialException {
        User handleAddUserLocalUserConflictsAndElevateLocalUserIfPossible;
        this.internalDirectoryUtils.validateDirectoryForEntity(userTemplate, Long.valueOf(this.directoryId));
        if (isLocalServiceDeskUserManagementActive() && (handleAddUserLocalUserConflictsAndElevateLocalUserIfPossible = handleAddUserLocalUserConflictsAndElevateLocalUserIfPossible(userTemplate)) != null) {
            return handleAddUserLocalUserConflictsAndElevateLocalUserIfPossible;
        }
        try {
            return this.userDao.addOrUpdate(userTemplate, passwordCredential);
        } catch (DirectoryNotFoundException e) {
            throw new OperationFailedException(e);
        } catch (IllegalArgumentException e2) {
            throw new InvalidUserException(userTemplate, e2.getMessage(), e2);
        }
    }

    @Override // com.atlassian.crowd.directory.AbstractInternalDirectory
    public Group addLocalGroup(GroupTemplate groupTemplate) throws InvalidGroupException, OperationFailedException {
        this.internalDirectoryUtils.validateDirectoryForEntity(groupTemplate, Long.valueOf(this.directoryId));
        this.internalDirectoryUtils.validateGroupName(groupTemplate, groupTemplate.getName());
        try {
            return this.groupDao.addLocal(groupTemplate);
        } catch (IllegalArgumentException e) {
            throw new InvalidGroupException(groupTemplate, e.getMessage(), e);
        } catch (DirectoryNotFoundException e2) {
            throw new OperationFailedException(e2.getMessage(), e2);
        }
    }

    public BatchResult<User> addAllUsers(Set<UserTemplateWithCredentialAndAttributes> set) {
        Iterator<UserTemplateWithCredentialAndAttributes> it = set.iterator();
        while (it.hasNext()) {
            this.internalDirectoryUtils.validateDirectoryForEntity((UserTemplateWithCredentialAndAttributes) it.next(), Long.valueOf(this.directoryId));
        }
        return isLocalServiceDeskUserManagementActive() ? addOrElevateAll(set) : this.userDao.addAll(set);
    }

    @VisibleForTesting
    BatchResult<User> addOrElevateAll(Set<UserTemplateWithCredentialAndAttributes> set) {
        BatchResult<User> batchResult = new BatchResult<>(set.size());
        HashSet hashSet = new HashSet();
        for (UserTemplateWithCredentialAndAttributes userTemplateWithCredentialAndAttributes : set) {
            try {
                User handleAddUserLocalUserConflictsAndElevateLocalUserIfPossible = handleAddUserLocalUserConflictsAndElevateLocalUserIfPossible(userTemplateWithCredentialAndAttributes);
                if (handleAddUserLocalUserConflictsAndElevateLocalUserIfPossible != null) {
                    batchResult.addSuccess(handleAddUserLocalUserConflictsAndElevateLocalUserIfPossible);
                } else {
                    hashSet.add(userTemplateWithCredentialAndAttributes);
                }
            } catch (InvalidUserException e) {
                logger.error("Could not elevate user user <" + userTemplateWithCredentialAndAttributes.getName() + ">: " + e.getMessage());
                batchResult.addFailure(userTemplateWithCredentialAndAttributes);
            }
        }
        if (!hashSet.isEmpty()) {
            BatchResult addAll = this.userDao.addAll(set);
            batchResult.addSuccesses(addAll.getSuccessfulEntities());
            batchResult.addFailures(addAll.getFailedEntities());
        }
        return batchResult;
    }

    public BatchResult<Group> addAllGroups(Set<GroupTemplate> set) {
        Iterator<GroupTemplate> it = set.iterator();
        while (it.hasNext()) {
            Group group = (GroupTemplate) it.next();
            this.internalDirectoryUtils.validateDirectoryForEntity(group, Long.valueOf(this.directoryId));
            this.internalDirectoryUtils.validateGroupName(group, group.getName());
        }
        try {
            return this.groupDao.addAll(set);
        } catch (DirectoryNotFoundException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public BatchResult<String> addAllUsersToGroup(Set<String> set, String str) throws GroupNotFoundException {
        Validate.notNull(set, "userNames cannot be null", new Object[0]);
        Validate.notEmpty(str, "groupName cannot be null or empty", new Object[0]);
        return this.membershipDao.addAllUsersToGroup(getDirectoryId(), set, str);
    }

    public User updateUser(UserTemplate userTemplate) throws InvalidUserException, UserNotFoundException {
        this.internalDirectoryUtils.validateDirectoryForEntity(userTemplate, Long.valueOf(this.directoryId));
        if (isLocalServiceDeskUserManagementActive()) {
            handleUpdateUserLocalUserConflicts(userTemplate);
        }
        try {
            return this.userDao.update(userTemplate);
        } catch (IllegalArgumentException e) {
            throw new InvalidUserException(userTemplate, e.getMessage(), e);
        }
    }

    @VisibleForTesting
    User handleAddUserLocalUserConflictsAndElevateLocalUserIfPossible(UserTemplate userTemplate) throws InvalidUserException {
        if (userTemplate.isLocalServiceDeskUser()) {
            return null;
        }
        User findAndElevateLocalUserForRemoteUserToAdd = findAndElevateLocalUserForRemoteUserToAdd(userTemplate);
        if (findAndElevateLocalUserForRemoteUserToAdd != null) {
            return findAndElevateLocalUserForRemoteUserToAdd;
        }
        checkAndResolveLocalUserUsernameConflict(userTemplate.getName());
        if (StringUtils.isNotEmpty(userTemplate.getExternalId())) {
            checkAndResolveLocalUserExternalIdConflict(userTemplate.getExternalId());
        }
        if (!StringUtils.isNotEmpty(userTemplate.getEmailAddress())) {
            return null;
        }
        checkAndResolveLocalUserEmailConflicts(userTemplate.getEmailAddress());
        return null;
    }

    @VisibleForTesting
    void handleUpdateUserLocalUserConflicts(UserTemplate userTemplate) throws UserNotFoundException {
        if (userTemplate.isLocalServiceDeskUser()) {
            return;
        }
        TimestampedUser findByName = this.userDao.findByName(userTemplate.getDirectoryId(), userTemplate.getName());
        if (StringUtils.isNotEmpty(userTemplate.getExternalId()) && !StringUtils.equals(findByName.getExternalId(), userTemplate.getExternalId())) {
            checkAndResolveLocalUserExternalIdConflict(userTemplate.getExternalId());
        }
        if (!StringUtils.isNotEmpty(userTemplate.getEmailAddress()) || IdentifierUtils.equalsInLowerCase(findByName.getEmailAddress(), userTemplate.getEmailAddress())) {
            return;
        }
        checkAndResolveLocalUserEmailConflicts(userTemplate.getEmailAddress());
    }

    @VisibleForTesting
    void checkAndResolveLocalUserUsernameConflict(String str) {
        try {
            TimestampedUser findUserByName = m5findUserByName(str);
            if (findUserByName.isLocalServiceDeskUser()) {
                String findVacantUsernameForLocalUser = findVacantUsernameForLocalUser(findUserByName);
                try {
                    this.userDao.rename(findUserByName, findVacantUsernameForLocalUser);
                } catch (UserNotFoundException | UserAlreadyExistsException e) {
                    throw new ConcurrentModificationException("Unable to rename local user from " + findUserByName.getName() + " to " + findVacantUsernameForLocalUser, e);
                }
            }
        } catch (UserNotFoundException e2) {
        }
    }

    @VisibleForTesting
    void checkAndResolveLocalUserExternalIdConflict(String str) {
        if (StringUtils.isEmpty(str)) {
            return;
        }
        try {
            TimestampedUser findUserByExternalId = m3findUserByExternalId(str);
            if (findUserByExternalId.isLocalServiceDeskUser()) {
                try {
                    UserTemplate userTemplate = new UserTemplate(findUserByExternalId);
                    userTemplate.setExternalId(InternalDirectory.generateUniqueIdentifier());
                    this.userDao.update(userTemplate);
                } catch (UserNotFoundException e) {
                    logger.warn("Unable to update local user with conflicting externalId [ {} ]", findUserByExternalId.getName());
                }
            }
        } catch (UserNotFoundException e2) {
        }
    }

    @VisibleForTesting
    void checkAndResolveLocalUserEmailConflicts(String str) {
        for (User user : (List) findUsersByEmail(str).stream().filter((v0) -> {
            return v0.isLocalServiceDeskUser();
        }).filter((v0) -> {
            return v0.isActive();
        }).collect(Collectors.toList())) {
            try {
                UserTemplate userTemplate = new UserTemplate(user);
                userTemplate.setActive(false);
                this.userDao.update(userTemplate);
            } catch (UserNotFoundException e) {
                logger.warn("Unable to deactivate local user with conflicting email [ {} ]", user.getName());
            }
        }
    }

    @VisibleForTesting
    User findAndElevateLocalUserForRemoteUserToAdd(UserTemplate userTemplate) throws InvalidUserException {
        if (userTemplate.isLocalServiceDeskUser()) {
            throw new IllegalArgumentException("User to add must not be local");
        }
        User findUserToElevate = findUserToElevate(userTemplate.getEmailAddress());
        if (findUserToElevate == null) {
            return null;
        }
        if (StringUtils.isNotEmpty(userTemplate.getExternalId())) {
            checkAndResolveLocalUserExternalIdConflict(userTemplate.getExternalId());
        }
        if (!StringUtils.equals(userTemplate.getName(), findUserToElevate.getName())) {
            try {
                forceRenameUser(findUserToElevate, userTemplate.getName());
            } catch (UserNotFoundException e) {
                throw new ConcurrentModificationException("Unable to rename local user for the purpose of merging it with a new remote user to add", e);
            }
        }
        try {
            return this.userDao.update(userTemplate);
        } catch (IllegalArgumentException e2) {
            throw new InvalidUserException(userTemplate, e2.getMessage(), e2);
        } catch (UserNotFoundException e3) {
            throw new ConcurrentModificationException("Failed to update local user with remote user details", e3);
        }
    }

    @VisibleForTesting
    User findUserToElevate(String str) {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        Collection<User> findUsersByEmail = findUsersByEmail(str);
        if (findUsersByEmail.isEmpty()) {
            return null;
        }
        if (findUsersByEmail.size() > 1) {
            logger.warn("More than one local user found for email {}, unable to elevate");
            return null;
        }
        User next = findUsersByEmail.iterator().next();
        if (next.isLocalServiceDeskUser()) {
            return next;
        }
        return null;
    }

    private boolean isLocalServiceDeskUserManagementActive() {
        return this.localServiceDeskUserFeatureControl.isLocalServiceDeskUserManagementActive();
    }
}
