package com.atlassian.jira.user.util;

import com.atlassian.applinks.api.auth.oauth.ConsumerTokenService;
import com.atlassian.crowd.embedded.api.CrowdDirectoryService;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.DirectoryType;
import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.crowd.embedded.api.OperationType;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.crowd.embedded.impl.ImmutableUser;
import com.atlassian.crowd.exception.CrowdException;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.OperationNotPermittedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.exception.runtime.OperationFailedException;
import com.atlassian.crowd.manager.application.ApplicationManager;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.crowd.manager.directory.DirectoryPermissionException;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.model.group.GroupType;
import com.atlassian.crowd.search.query.entity.GroupQuery;
import com.atlassian.crowd.search.query.entity.UserQuery;
import com.atlassian.crowd.search.query.entity.restriction.NullRestrictionImpl;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.config.properties.ApplicationProperties;
import com.atlassian.jira.security.type.SingleUser;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.DelegatingApplicationUser;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.util.dbc.Assertions;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/jira/user/util/DefaultUserManager.class */
public class DefaultUserManager implements UserManager {
    private static final Logger log = Logger.getLogger(DefaultUserManager.class);
    private static final UserQuery<User> QUERY_ALL_USERS = new UserQuery<>(User.class, NullRestrictionImpl.INSTANCE, 0, -1);
    private final CrowdService crowdService;
    private final CrowdDirectoryService crowdDirectoryService;
    private final DirectoryManager directoryManager;
    private final UserKeyStore userKeyStore;
    private final ApplicationManager applicationManager;
    private final ApplicationProperties applicationProperties;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/jira/user/util/DefaultUserManager$IsExternalApplication.class */
    public static class IsExternalApplication implements Predicate<Application> {
        IsExternalApplication() {
        }

        public boolean apply(Application application) {
            return !application.isPermanent();
        }
    }

    public DefaultUserManager(CrowdService crowdService, CrowdDirectoryService crowdDirectoryService, DirectoryManager directoryManager, UserKeyStore userKeyStore, ApplicationManager applicationManager, ApplicationProperties applicationProperties) {
        this.crowdService = crowdService;
        this.crowdDirectoryService = crowdDirectoryService;
        this.directoryManager = directoryManager;
        this.userKeyStore = userKeyStore;
        this.applicationManager = applicationManager;
        this.applicationProperties = applicationProperties;
    }

    public int getTotalUserCount() {
        return getAllUsersFromCrowd().size();
    }

    @Nonnull
    public Collection<User> getUsers() {
        return getAllUsersFromCrowd();
    }

    @Nonnull
    public Collection<ApplicationUser> getAllApplicationUsers() {
        Collection<User> allUsersFromCrowd = getAllUsersFromCrowd();
        ArrayList arrayList = new ArrayList(allUsersFromCrowd.size());
        for (User user : allUsersFromCrowd) {
            arrayList.add(new DelegatingApplicationUser(this.userKeyStore.getKeyForUsername(user.getName()), user));
        }
        return arrayList;
    }

    @Nonnull
    private List<User> getAllUsersFromDirectory(@Nonnull Directory directory, boolean z) {
        try {
            return this.directoryManager.searchUsers(directory.getId().longValue(), QUERY_ALL_USERS);
        } catch (DirectoryNotFoundException e) {
            if (z) {
                throw new OperationFailedException(e);
            }
            return ImmutableList.of();
        } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
            throw new OperationFailedException(e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v16, types: [java.util.Collection] */
    @Nonnull
    private Collection<User> getAllUsersFromCrowd() {
        List<User> values;
        long currentTimeMillis = System.currentTimeMillis();
        LinkedList linkedList = new LinkedList();
        for (Directory directory : this.crowdDirectoryService.findAllDirectories()) {
            if (directory.isActive()) {
                linkedList.addFirst(directory);
            }
        }
        if (linkedList.size() == 1) {
            values = getAllUsersFromDirectory((Directory) linkedList.getFirst(), true);
        } else {
            HashMap hashMap = new HashMap();
            Iterator it = linkedList.iterator();
            while (it.hasNext()) {
                for (User user : getAllUsersFromDirectory((Directory) it.next(), false)) {
                    hashMap.put(IdentifierUtils.toLowerCase(user.getName()), user);
                }
            }
            values = hashMap.values();
        }
        if (log.isDebugEnabled()) {
            log.info("Found " + values.size() + " users in " + (System.currentTimeMillis() - currentTimeMillis) + "ms.");
        }
        return values;
    }

    @Nonnull
    public Set<User> getAllUsers() {
        return Sets.newHashSet(getAllUsersFromCrowd());
    }

    private User getCrowdUser(String str) {
        if (str == null) {
            return null;
        }
        return this.crowdService.getUser(str);
    }

    public User getUser(String str) {
        return getUserObject(str);
    }

    public User getUserObject(@Nullable String str) {
        return getCrowdUser(str);
    }

    public User findUserInDirectory(String str, Long l) {
        try {
            return this.directoryManager.findUserByName(l.longValue(), str);
        } catch (com.atlassian.crowd.exception.OperationFailedException e) {
            throw new OperationFailedException(e);
        } catch (DirectoryNotFoundException e2) {
            throw new IllegalArgumentException((Throwable) e2);
        } catch (UserNotFoundException e3) {
            return null;
        }
    }

    public User getUserEvenWhenUnknown(String str) {
        if (str == null) {
            return null;
        }
        User crowdUser = getCrowdUser(str);
        return crowdUser != null ? crowdUser : unknownUser(str);
    }

    public ApplicationUser getUserByKey(String str) {
        User crowdUser;
        String usernameForKey = this.userKeyStore.getUsernameForKey(str);
        if (usernameForKey == null || (crowdUser = getCrowdUser(usernameForKey)) == null) {
            return null;
        }
        return new DelegatingApplicationUser(str, crowdUser);
    }

    public ApplicationUser getUserByName(String str) {
        User crowdUser = getCrowdUser(str);
        if (crowdUser == null) {
            return null;
        }
        String keyForUsername = this.userKeyStore.getKeyForUsername(str);
        if (keyForUsername == null) {
            throw new IllegalStateException("User '" + str + "' exists but has no unique key mapping.");
        }
        return new DelegatingApplicationUser(keyForUsername, crowdUser);
    }

    public ApplicationUser getUserByKeyEvenWhenUnknown(@Nullable String str) {
        if (str == null) {
            return null;
        }
        String usernameForKey = this.userKeyStore.getUsernameForKey(str);
        if (usernameForKey == null) {
            return unknownApplicationUser(str, str);
        }
        User user = getUser(usernameForKey);
        return user == null ? unknownApplicationUser(str, usernameForKey) : new DelegatingApplicationUser(str, user);
    }

    public ApplicationUser getUserByNameEvenWhenUnknown(@Nullable String str) {
        if (str == null) {
            return null;
        }
        User crowdUser = getCrowdUser(str);
        String keyForUsername = this.userKeyStore.getKeyForUsername(str);
        if (crowdUser == null) {
            if (keyForUsername == null) {
                keyForUsername = IdentifierUtils.toLowerCase(str);
            }
            return unknownApplicationUser(keyForUsername, str);
        }
        if (keyForUsername == null) {
            throw new IllegalStateException("User '" + str + "' exists but has no unique key mapping.");
        }
        return new DelegatingApplicationUser(keyForUsername, crowdUser);
    }

    public boolean canUpdateUser(User user) {
        if (user == null) {
            return false;
        }
        return userDirectoryAllowsUpdateUser(user);
    }

    public boolean canUpdateUser(ApplicationUser applicationUser) {
        return userDirectoryAllowsUpdateUser(applicationUser.getDirectoryUser());
    }

    public boolean canRenameUser(ApplicationUser applicationUser) {
        return userDirectoryAllowsRenameUser(applicationUser.getDirectoryUser()) && isJaacsUnusedOrRenameAllowedAnyway();
    }

    @VisibleForTesting
    boolean isJaacsUnusedOrRenameAllowedAnyway() {
        return this.applicationProperties.getOption("jira.option.user.crowd.allow.rename") || !Iterables.any(this.applicationManager.findAll(), new IsExternalApplication());
    }

    public void updateUser(User user) {
        try {
            ImmutableUser.Builder newUser = ImmutableUser.newUser(user);
            newUser.emailAddress(StringUtils.trim(user.getEmailAddress()));
            this.crowdService.updateUser(newUser.toUser());
            ComponentAccessor.getUserUtil().clearActiveUserCount();
        } catch (OperationNotPermittedException e) {
            throw new OperationFailedException(e);
        } catch (InvalidUserException e2) {
            throw new OperationFailedException(e2);
        }
    }

    private void handleDeletedUserEviction(String str) {
        if (this.userKeyStore.getKeyForUsername(str) == null) {
            return;
        }
        int i = 1;
        String str2 = str + "#1";
        while (true) {
            String str3 = str2;
            if (this.userKeyStore.getKeyForUsername(str3) == null) {
                this.userKeyStore.renameUser(str, str3);
                return;
            } else {
                if (i == Integer.MAX_VALUE) {
                    throw new IllegalStateException("Deleted user eviction namespace exhausted");
                }
                i++;
                str2 = str + '#' + i;
            }
        }
    }

    private void handleRenamedUser(ApplicationUser applicationUser) {
        String lowerCase = IdentifierUtils.toLowerCase(applicationUser.getUsername());
        String usernameForKey = this.userKeyStore.getUsernameForKey(applicationUser.getKey());
        if (lowerCase.equals(usernameForKey)) {
            return;
        }
        if (getCrowdUser(lowerCase) != null) {
            throw new IllegalArgumentException("Cannot rename: user with username '" + lowerCase + "' already exists.");
        }
        handleDeletedUserEviction(lowerCase);
        try {
            this.directoryManager.renameUser(applicationUser.getDirectoryId(), usernameForKey, applicationUser.getUsername());
            if (this.crowdService.getUser(usernameForKey) != null) {
                this.userKeyStore.ensureUniqueKeyForNewUser(usernameForKey);
            }
            clearConsumerTokens(usernameForKey);
        } catch (DirectoryPermissionException e) {
            throw new OperationFailedException(e);
        } catch (CrowdException e2) {
            throw new OperationFailedException(e2);
        }
    }

    private void clearConsumerTokens(String str) {
        ConsumerTokenService consumerTokenService = (ConsumerTokenService) ComponentAccessor.getOSGiComponentInstanceOfType(ConsumerTokenService.class);
        if (consumerTokenService != null) {
            consumerTokenService.removeAllTokensForUsername(str);
        } else if (log.isDebugEnabled()) {
            log.debug("Unable to clear consumer tokens for '" + str + "' because the service could not be located.  Maybe applinks is offline?");
        }
    }

    public void updateUser(ApplicationUser applicationUser) {
        handleRenamedUser(applicationUser);
        try {
            this.crowdService.updateUser(applicationUser.getDirectoryUser());
            ComponentAccessor.getUserUtil().clearActiveUserCount();
        } catch (InvalidUserException e) {
            throw new OperationFailedException(e);
        } catch (OperationNotPermittedException e2) {
            throw new OperationFailedException(e2);
        }
    }

    public boolean canUpdateUserPassword(User user) {
        if (userDirectoryAllowsUpdateUser(user)) {
            return canDirectoryUpdateUserPassword(this.crowdDirectoryService.findDirectoryById(user.getDirectoryId()));
        }
        return false;
    }

    private boolean userDirectoryAllowsUpdateUser(User user) {
        Directory findDirectoryById;
        if (user == null || (findDirectoryById = this.crowdDirectoryService.findDirectoryById(user.getDirectoryId())) == null) {
            return false;
        }
        return findDirectoryById.getAllowedOperations().contains(OperationType.UPDATE_USER);
    }

    private boolean userDirectoryAllowsRenameUser(User user) {
        Directory findDirectoryById;
        if (user == null || (findDirectoryById = this.crowdDirectoryService.findDirectoryById(user.getDirectoryId())) == null || !findDirectoryById.getAllowedOperations().contains(OperationType.UPDATE_USER)) {
            return false;
        }
        DirectoryType type = findDirectoryById.getType();
        return type == DirectoryType.INTERNAL || type == DirectoryType.DELEGATING;
    }

    public boolean canUpdateGroupMembershipForUser(User user) {
        Directory findDirectoryById;
        if (user == null || (findDirectoryById = this.crowdDirectoryService.findDirectoryById(user.getDirectoryId())) == null) {
            return false;
        }
        return findDirectoryById.getAllowedOperations().contains(OperationType.UPDATE_GROUP);
    }

    public Collection<Group> getGroups() {
        Iterable search = this.crowdService.search(new GroupQuery(Group.class, GroupType.GROUP, NullRestrictionImpl.INSTANCE, 0, -1));
        if (search instanceof Collection) {
            return (Collection) search;
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Iterator it = search.iterator();
        while (it.hasNext()) {
            linkedHashSet.add((Group) it.next());
        }
        return linkedHashSet;
    }

    public Set<Group> getAllGroups() {
        Collection<Group> groups = getGroups();
        return groups instanceof Set ? (Set) groups : new LinkedHashSet(groups);
    }

    private Group getCrowdGroup(String str) {
        if (str == null) {
            return null;
        }
        return this.crowdService.getGroup(str);
    }

    public Group getGroup(String str) {
        return getCrowdGroup(str);
    }

    public Group getGroupObject(@Nullable String str) {
        return getCrowdGroup(str);
    }

    @Nonnull
    public List<Directory> getWritableDirectories() {
        List<Directory> findAllDirectories = this.crowdDirectoryService.findAllDirectories();
        ArrayList arrayList = new ArrayList(findAllDirectories.size());
        for (Directory directory : findAllDirectories) {
            if (directory.getAllowedOperations().contains(OperationType.CREATE_USER) && directory.isActive()) {
                arrayList.add(directory);
            }
        }
        return arrayList;
    }

    public boolean hasWritableDirectory() {
        return getWritableDirectories().size() > 0;
    }

    public boolean hasPasswordWritableDirectory() {
        Iterator<Directory> it = getWritableDirectories().iterator();
        while (it.hasNext()) {
            if (canDirectoryUpdateUserPassword(it.next())) {
                return true;
            }
        }
        return false;
    }

    public boolean hasGroupWritableDirectory() {
        for (Directory directory : this.crowdDirectoryService.findAllDirectories()) {
            if (directory.isActive() && directory.getAllowedOperations().contains(OperationType.CREATE_GROUP)) {
                return true;
            }
        }
        return false;
    }

    public Directory getDirectory(Long l) {
        return this.crowdDirectoryService.findDirectoryById(l.longValue());
    }

    public boolean isUserExisting(ApplicationUser applicationUser) {
        return (applicationUser == null || applicationUser.getDirectoryId() == -1) ? false : true;
    }

    public boolean canDirectoryUpdateUserPassword(Directory directory) {
        if (directory == null || directory.getType() == DirectoryType.DELEGATING) {
            return false;
        }
        return directory.getAllowedOperations().contains(OperationType.UPDATE_USER);
    }

    @Nonnull
    public UserManager.UserState getUserState(@Nullable User user) {
        return user == null ? UserManager.UserState.INVALID_USER : getUserState(((User) Assertions.notNull(SingleUser.DESC, user)).getName(), user.getDirectoryId());
    }

    @Nonnull
    public UserManager.UserState getUserState(@Nullable ApplicationUser applicationUser) {
        return applicationUser == null ? UserManager.UserState.INVALID_USER : getUserState(((ApplicationUser) Assertions.notNull(SingleUser.DESC, applicationUser)).getUsername(), applicationUser.getDirectoryId());
    }

    @Nonnull
    public UserManager.UserState getUserState(@Nonnull String str, long j) {
        Assertions.notNull("username", str);
        if (j == -1) {
            return UserManager.UserState.INVALID_USER;
        }
        boolean z = false;
        boolean z2 = false;
        for (Directory directory : this.crowdDirectoryService.findAllDirectories()) {
            if (j == directory.getId().longValue()) {
                if (!isUserInDirectory(str, directory)) {
                    return UserManager.UserState.INVALID_USER;
                }
                if (z2) {
                    return UserManager.UserState.SHADOW_USER;
                }
                z = true;
            } else if (!z2 && isUserInDirectory(str, directory)) {
                if (z) {
                    return UserManager.UserState.NORMAL_USER_WITH_SHADOW;
                }
                z2 = true;
            }
        }
        return z ? UserManager.UserState.NORMAL_USER : UserManager.UserState.INVALID_USER;
    }

    private boolean isUserInDirectory(String str, Directory directory) {
        return directory.isActive() && findUserInDirectory(str, directory.getId()) != null;
    }

    private User unknownUser(String str) {
        return new ImmutableUser(-1L, str, str, "?", false);
    }

    private ApplicationUser unknownApplicationUser(String str, String str2) {
        return new DelegatingApplicationUser(str, unknownUser(str2));
    }
}
