package com.atlassian.plugin.connect.crowd.usermanagement;

import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.exception.ApplicationNotFoundException;
import com.atlassian.crowd.exception.ApplicationPermissionException;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.plugin.connect.api.lifecycle.ConnectAddonDisableException;
import com.atlassian.plugin.connect.api.lifecycle.ConnectAddonInitException;
import com.atlassian.plugin.connect.crowd.spi.CrowdAddonUserProvisioningService;
import com.atlassian.plugin.connect.crowd.usermanagement.ConnectAddonUserUtil;
import com.atlassian.plugin.connect.modules.beans.ConnectAddonBean;
import com.atlassian.plugin.connect.modules.beans.nested.ScopeName;
import com.atlassian.plugin.connect.spi.HostProperties;
import com.atlassian.plugin.connect.spi.auth.user.ConnectUserService;
import com.atlassian.plugin.spring.scanner.annotation.component.ConfluenceComponent;
import com.atlassian.plugin.spring.scanner.annotation.component.JiraComponent;
import com.atlassian.plugin.spring.scanner.annotation.export.ExportAsDevService;
import com.google.common.base.Preconditions;
import java.util.Optional;
import java.util.Set;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

@ConfluenceComponent
@JiraComponent
@ExportAsDevService
/* loaded from: input_file:com/atlassian/plugin/connect/crowd/usermanagement/CrowdAddonUserService.class */
public class CrowdAddonUserService implements ConnectUserService {
    private final CrowdAddonUserProvisioningService crowdAddonUserProvisioningService;
    private final ConnectAddonUserGroupProvisioningService connectAddonUserGroupProvisioningService;
    private final ConnectCrowdService connectCrowdService;
    private final HostProperties hostProperties;
    public static final PasswordCredential PREVENT_LOGIN = PasswordCredential.NONE;
    private static final Logger log = LoggerFactory.getLogger(CrowdAddonUserService.class);

    @Autowired
    public CrowdAddonUserService(CrowdAddonUserProvisioningService crowdAddonUserProvisioningService, ConnectAddonUserGroupProvisioningService connectAddonUserGroupProvisioningService, ConnectCrowdService connectCrowdService, HostProperties hostProperties) {
        this.connectCrowdService = connectCrowdService;
        this.hostProperties = hostProperties;
        this.crowdAddonUserProvisioningService = (CrowdAddonUserProvisioningService) Preconditions.checkNotNull(crowdAddonUserProvisioningService);
        this.connectAddonUserGroupProvisioningService = (ConnectAddonUserGroupProvisioningService) Preconditions.checkNotNull(connectAddonUserGroupProvisioningService);
    }

    public Optional<String> getAddonUserNameIfExists(@Nonnull String str) {
        String usernameForAddon = ConnectAddonUserUtil.usernameForAddon((String) Preconditions.checkNotNull(str));
        return this.connectCrowdService.doesUserExist(usernameForAddon) ? Optional.of(usernameForAddon) : Optional.empty();
    }

    @Nonnull
    public String getOrCreateAddonUserName(@Nonnull String str, @Nonnull String str2) throws ConnectAddonInitException {
        try {
            return createOrEnableAddonUser(ConnectAddonUserUtil.usernameForAddon((String) Preconditions.checkNotNull(str)), (String) Preconditions.checkNotNull(str2));
        } catch (ApplicationPermissionException | UserNotFoundException | GroupNotFoundException | ApplicationNotFoundException | OperationFailedException | InvalidAuthenticationException e) {
            throw new ConnectAddonInitException(e);
        }
    }

    public void disableAddonUser(@Nonnull String str) throws ConnectAddonDisableException {
        this.connectCrowdService.disableUser(ConnectAddonUserUtil.usernameForAddon(str));
    }

    public boolean isActive(@Nonnull String str) {
        return this.connectCrowdService.isUserActive(str);
    }

    @Nonnull
    public String provisionAddonUserWithScopes(@Nonnull ConnectAddonBean connectAddonBean, @Nonnull Set<ScopeName> set, @Nonnull Set<ScopeName> set2) throws ConnectAddonInitException {
        String orCreateAddonUserName = getOrCreateAddonUserName((String) Preconditions.checkNotNull(connectAddonBean.getKey()), (String) Preconditions.checkNotNull(connectAddonBean.getName()));
        this.crowdAddonUserProvisioningService.provisionAddonUserForScopes(orCreateAddonUserName, set, set2);
        return orCreateAddonUserName;
    }

    private String createOrEnableAddonUser(String str, String str2) throws ApplicationNotFoundException, OperationFailedException, ApplicationPermissionException, UserNotFoundException, GroupNotFoundException, InvalidAuthenticationException {
        this.connectAddonUserGroupProvisioningService.ensureGroupExists(ConnectAddonUserUtil.Constants.ADDON_USER_GROUP_KEY);
        UserCreationResult createOrEnableUser = this.connectCrowdService.createOrEnableUser(str, str2, ConnectAddonUserUtil.Constants.ADDON_USER_EMAIL_ADDRESS, PREVENT_LOGIN, ConnectAddonUserUtil.buildConnectAddonUserAttribute(this.hostProperties.getKey()));
        User user = createOrEnableUser.getUser();
        if (!createOrEnableUser.isNewlyCreated()) {
            this.connectCrowdService.invalidateSessions(user.getName());
        }
        this.connectAddonUserGroupProvisioningService.ensureUserIsInGroup(user.getName(), ConnectAddonUserUtil.Constants.ADDON_USER_GROUP_KEY);
        if (createOrEnableUser.isNewlyCreated()) {
            addNewUserToRequiredGroups(user);
        }
        return user.getName();
    }

    private void addNewUserToRequiredGroups(User user) throws ApplicationNotFoundException, UserNotFoundException, ApplicationPermissionException, OperationFailedException, InvalidAuthenticationException {
        String name = user.getName();
        for (String str : this.crowdAddonUserProvisioningService.getDefaultProductGroupsAlwaysExpected()) {
            try {
                this.connectAddonUserGroupProvisioningService.ensureUserIsInGroup(name, str);
            } catch (GroupNotFoundException e) {
                log.error(String.format("Could not make user '%s' a member of group '%s' because that group does not exist! The user needs to be a member of this group, otherwise the add-on will not function correctly. Please check with an instance administrator that this group exists and that it is not read-only.", name, str));
            }
        }
        int i = 0;
        String format = String.format("Could not make user '%s' a member of one of groups ", name);
        for (String str2 : this.crowdAddonUserProvisioningService.getDefaultProductGroupsOneOrMoreExpected()) {
            try {
                this.connectAddonUserGroupProvisioningService.ensureUserIsInGroup(name, str2);
                i++;
            } catch (GroupNotFoundException e2) {
                format = format + String.format("%s, ", str2);
            }
        }
        if (i != 0 || this.crowdAddonUserProvisioningService.getDefaultProductGroupsOneOrMoreExpected().size() <= 0) {
            return;
        }
        log.error(format + "because none of those groups exist!We expect at least one of these groups to exist - exactly which one should exist depends on the version of the instance.The user needs to be a member of one of these groups for basic access, otherwise the add-on will not function correctly.Please check with an instance administrator that at least one of these groups exists and that it is not read-only.");
    }
}
