package com.atlassian.crowd.directory.ldap.cache;

import com.atlassian.crowd.directory.MicrosoftActiveDirectory;
import com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable;
import com.atlassian.crowd.directory.ldap.CacheSynchronisationResult;
import com.atlassian.crowd.directory.ldap.mapper.attribute.user.MemberOfOverlayMapper;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.model.DirectoryEntities;
import com.atlassian.crowd.model.Tombstone;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupType;
import com.atlassian.crowd.model.group.GroupWithAttributes;
import com.atlassian.crowd.model.group.LDAPGroupWithAttributes;
import com.atlassian.crowd.model.group.Membership;
import com.atlassian.crowd.model.user.LDAPUserWithAttributes;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.model.user.UserWithAttributes;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.fugue.Pair;
import com.atlassian.util.concurrent.ThreadFactories;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import javax.naming.InvalidNameException;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/crowd-ldap-2.12.1.jar:com/atlassian/crowd/directory/ldap/cache/UsnChangedCacheRefresher.class */
public class UsnChangedCacheRefresher extends AbstractCacheRefresher<LDAPGroupWithAttributes> implements CacheRefresher {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) UsnChangedCacheRefresher.class);
    private static final long UNINITIALISED = -1;
    public static final String PROPERTY_USE_LEGACY_AD_INCREMENTAL_SYNC = "crowd.use.legacy.ad.incremental.sync";
    private final MicrosoftActiveDirectory activeDirectory;
    final LDAPEntityNameMap<LDAPUserWithAttributes> userMap;
    private final LDAPEntityNameMap<LDAPGroupWithAttributes> groupMap;
    private Future<List<LDAPUserWithAttributes>> userListFuture;
    private Future<List<LDAPGroupWithAttributes>> groupListFuture;
    private Set<String> groupsDnsToUpdate;
    private Set<String> primaryGroupSids;
    private final boolean useLegacyADIncrementalSync;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/crowd-ldap-2.12.1.jar:com/atlassian/crowd/directory/ldap/cache/UsnChangedCacheRefresher$GuidToUserFunction.class */
    public static class GuidToUserFunction implements Function<String, LDAPUserWithAttributes> {
        private final MicrosoftActiveDirectory activeDirectory;
        private final Map<String, LDAPUserWithAttributes> userCache;

        GuidToUserFunction(MicrosoftActiveDirectory microsoftActiveDirectory, Map<String, LDAPUserWithAttributes> map) {
            this.activeDirectory = microsoftActiveDirectory;
            this.userCache = map;
        }

        @Override // java.util.function.Function
        public LDAPUserWithAttributes apply(String str) {
            try {
                LDAPUserWithAttributes lDAPUserWithAttributes = this.userCache.get(str);
                return lDAPUserWithAttributes != null ? lDAPUserWithAttributes : this.activeDirectory.findUserByExternalId(str);
            } catch (OperationFailedException e) {
                UsnChangedCacheRefresher.log.warn("Failed to fetch user by objectGUID '{}' from ActiveDirectory", str, e);
                throw new UsnChangedCacheRefresherIncSyncException("Problems while looking up users by objectGUID in ActiveDirectory detected, falling back to a full sync.");
            } catch (UserNotFoundException e2) {
                UsnChangedCacheRefresher.log.warn("User with objectGUID '{}' not found in ActiveDirectory", str);
                throw new UsnChangedCacheRefresherIncSyncException("Problems while looking up users by objectGUID in ActiveDirectory detected, falling back to a full sync.");
            }
        }
    }

    public UsnChangedCacheRefresher(MicrosoftActiveDirectory microsoftActiveDirectory) {
        super(microsoftActiveDirectory);
        this.userMap = new LDAPEntityNameMap<>();
        this.groupMap = new LDAPEntityNameMap<>();
        this.groupsDnsToUpdate = new HashSet();
        this.primaryGroupSids = new HashSet();
        this.useLegacyADIncrementalSync = Boolean.valueOf(System.getProperty(PROPERTY_USE_LEGACY_AD_INCREMENTAL_SYNC, "false")).booleanValue();
        this.activeDirectory = microsoftActiveDirectory;
    }

    @Override // com.atlassian.crowd.directory.ldap.cache.CacheRefresher
    public CacheSynchronisationResult synchroniseChanges(DirectoryCache directoryCache, @Nullable String str) throws OperationFailedException {
        if (!isIncrementalSyncEnabled()) {
            return CacheSynchronisationResult.FAILURE;
        }
        long longValue = ((Long) Optional.ofNullable(Strings.emptyToNull(str)).map(Long::parseLong).orElse(-1L)).longValue();
        if (longValue == -1) {
            log.info("Synchronisation token not present, full sync of directory [{}] is necessary before incremental sync is possible.", Long.valueOf(this.activeDirectory.getDirectoryId()));
            return CacheSynchronisationResult.FAILURE;
        }
        long fetchHighestCommittedUSN = this.activeDirectory.fetchHighestCommittedUSN();
        synchroniseUserChanges(directoryCache, Long.valueOf(longValue));
        synchroniseGroupChanges(directoryCache, longValue);
        return new CacheSynchronisationResult(true, String.valueOf(fetchHighestCommittedUSN));
    }

    @Override // com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher, com.atlassian.crowd.directory.ldap.cache.CacheRefresher
    public CacheSynchronisationResult synchroniseAll(DirectoryCache directoryCache) throws OperationFailedException {
        ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(3, ThreadFactories.namedThreadFactory("CrowdUsnChangedCacheRefresher"));
        try {
            this.userListFuture = newFixedThreadPool.submit(() -> {
                long currentTimeMillis = System.currentTimeMillis();
                log.debug("loading remote users");
                List searchUsers = isUserAttributeSynchronisationEnabled() ? this.activeDirectory.searchUsers(QueryBuilder.queryFor(UserWithAttributes.class, EntityDescriptor.user()).returningAtMost(-1)) : this.activeDirectory.searchUsers(QueryBuilder.queryFor(User.class, EntityDescriptor.user()).returningAtMost(-1));
                log.info("found [ {} ] remote users in [ {}ms ]", Integer.valueOf(searchUsers.size()), Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                return searchUsers;
            });
            this.groupListFuture = newFixedThreadPool.submit(() -> {
                long currentTimeMillis = System.currentTimeMillis();
                log.debug("loading remote groups");
                List searchGroups = isGroupAttributeSynchronisationEnabled() ? this.activeDirectory.searchGroups(QueryBuilder.queryFor(GroupWithAttributes.class, EntityDescriptor.group(GroupType.GROUP)).returningAtMost(-1)) : this.activeDirectory.searchGroups(QueryBuilder.queryFor(Group.class, EntityDescriptor.group(GroupType.GROUP)).returningAtMost(-1));
                log.info("found [ " + searchGroups.size() + " ] remote groups in [ " + (System.currentTimeMillis() - currentTimeMillis) + "ms ]");
                return searchGroups;
            });
            super.synchroniseAll(directoryCache);
            CacheSynchronisationResult cacheSynchronisationResult = new CacheSynchronisationResult(true, String.valueOf(this.activeDirectory.fetchHighestCommittedUSN()));
            newFixedThreadPool.shutdown();
            this.userListFuture = null;
            this.groupListFuture = null;
            return cacheSynchronisationResult;
        } catch (Throwable th) {
            newFixedThreadPool.shutdown();
            this.userListFuture = null;
            this.groupListFuture = null;
            throw th;
        }
    }

    @Override // com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher
    protected List<? extends UserWithAttributes> synchroniseAllUsers(DirectoryCache directoryCache) throws OperationFailedException {
        Date date = new Date();
        try {
            List<LDAPUserWithAttributes> list = this.userListFuture.get();
            this.userMap.putAll(list);
            directoryCache.deleteCachedUsersNotIn(list, date);
            directoryCache.addOrUpdateCachedUsers(list, date);
            return list;
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new OperationFailedException("background query interrupted", e);
        } catch (ExecutionException e2) {
            throw new OperationFailedException(e2);
        }
    }

    @Override // com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher
    protected List<LDAPGroupWithAttributes> synchroniseAllGroups(DirectoryCache directoryCache) throws OperationFailedException {
        Date date = new Date();
        try {
            List<LDAPGroupWithAttributes> unmodifiableList = Collections.unmodifiableList(DirectoryEntities.filterOutDuplicates(this.groupListFuture.get()));
            this.groupMap.putAll(unmodifiableList);
            directoryCache.deleteCachedGroupsNotIn(GroupType.GROUP, unmodifiableList, date);
            directoryCache.addOrUpdateCachedGroups(unmodifiableList, date);
            return unmodifiableList;
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new OperationFailedException("background query interrupted", e);
        } catch (ExecutionException e2) {
            throw new OperationFailedException(e2);
        }
    }

    private void synchroniseUserChangesUsn(DirectoryCache directoryCache, long j) throws OperationFailedException {
        long currentTimeMillis = System.currentTimeMillis();
        log.debug("loading changed remote users");
        List<LDAPUserWithAttributes> findAddedOrUpdatedUsersSince = this.activeDirectory.findAddedOrUpdatedUsersSince(j);
        List<Tombstone> findUserTombstonesSince = this.activeDirectory.findUserTombstonesSince(j);
        this.userMap.putAll(findAddedOrUpdatedUsersSince);
        log.info("found [ {} ] changed, [ {} ] deleted remote users in [ {}ms ]", Integer.valueOf(findAddedOrUpdatedUsersSince.size()), Integer.valueOf(findUserTombstonesSince.size()), Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        ImmutableSet copyOf = ImmutableSet.copyOf(Iterables.transform(findUserTombstonesSince, (v0) -> {
            return v0.getObjectGUID();
        }));
        directoryCache.deleteCachedUsersByGuid(copyOf);
        this.userMap.removeAllByGuid(copyOf);
        directoryCache.addOrUpdateCachedUsers(findAddedOrUpdatedUsersSince, null);
    }

    private Pair<? extends Set<String>, ? extends Set<String>> validateAndReturnGuidsToAddAndDelete(DirectoryCache directoryCache) throws OperationFailedException {
        if (!this.activeDirectory.isExternalIdConfigured()) {
            throw new UsnChangedCacheRefresherIncSyncException("externalId attribute is not configured in directory.");
        }
        log.debug("loading changed users");
        ImmutableSet copyOf = ImmutableSet.copyOf((Collection) directoryCache.getAllUserGuids());
        if (copyOf.size() != directoryCache.getUserCount()) {
            throw new UsnChangedCacheRefresherIncSyncException("Cache returned different number of guids and users (possible reason is overlapping guids in cache, most likely null/empty values).");
        }
        if (copyOf.contains("")) {
            throw new UsnChangedCacheRefresherIncSyncException("Empty guids returned from cache. Falling back to a full sync in order to populate the guids");
        }
        Set<String> findAllUserGuids = this.activeDirectory.findAllUserGuids();
        log.info("Found [ {} ] user GUIDs in cache, [ {} ] user GUIDs in remote directory", Integer.valueOf(copyOf.size()), Integer.valueOf(findAllUserGuids.size()));
        if (findAllUserGuids.contains("")) {
            throw new UsnChangedCacheRefresherIncSyncException("Empty guids returned from AD. Possible reasons are externalId attribute value in directory configuration or AD server configuration.");
        }
        return Pair.pair(Sets.difference(findAllUserGuids, copyOf), Sets.difference(copyOf, findAllUserGuids));
    }

    private void synchroniseUserChangesGuid(DirectoryCache directoryCache, Long l) throws OperationFailedException {
        long currentTimeMillis = System.currentTimeMillis();
        Pair<? extends Set<String>, ? extends Set<String>> validateAndReturnGuidsToAddAndDelete = validateAndReturnGuidsToAddAndDelete(directoryCache);
        Set<String> left = validateAndReturnGuidsToAddAndDelete.left();
        Set<String> right = validateAndReturnGuidsToAddAndDelete.right();
        ImmutableMap.Builder builder = ImmutableMap.builder();
        ImmutableList.Builder builder2 = ImmutableList.builder();
        for (LDAPUserWithAttributes lDAPUserWithAttributes : this.activeDirectory.findAddedOrUpdatedUsersSince(l.longValue())) {
            String externalId = lDAPUserWithAttributes.getExternalId();
            if (StringUtils.isEmpty(externalId)) {
                throw new UsnChangedCacheRefresherIncSyncException("A null or empty guid retrieved from AD.");
            }
            if (left.contains(externalId)) {
                builder.put(externalId, lDAPUserWithAttributes);
            } else {
                builder2.add((ImmutableList.Builder) lDAPUserWithAttributes);
            }
        }
        ImmutableMap build = builder.build();
        ImmutableList build2 = builder2.build();
        log.info("scanned and compared [ {} ] users to delete, [ {} ] users to add, [ {} ] users to update in DB cache in [ {}ms ]", Integer.valueOf(right.size()), Integer.valueOf(left.size()), Integer.valueOf(build2.size()), Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        directoryCache.deleteCachedUsersByGuid(right);
        this.userMap.removeAllByGuid(right);
        directoryCache.addOrUpdateCachedUsers(build2, null);
        this.userMap.putAll(build2);
        List<? extends User> list = (List) left.stream().map(getGuidToUserFunction(build)).collect(Collectors.toList());
        directoryCache.addOrUpdateCachedUsers(list, null);
        this.userMap.putAll(list);
        Iterator<? extends User> it = list.iterator();
        while (it.hasNext()) {
            LDAPUserWithAttributes lDAPUserWithAttributes2 = (LDAPUserWithAttributes) it.next();
            Set<String> values = lDAPUserWithAttributes2.getValues(MemberOfOverlayMapper.ATTRIBUTE_KEY);
            if (values != null && values.size() > 0) {
                this.groupsDnsToUpdate.addAll(values);
            }
            if (this.activeDirectory.getLdapPropertiesMapper().isPrimaryGroupSupported()) {
                this.activeDirectory.getPrimaryGroupSIDOfUser(lDAPUserWithAttributes2).ifPresent(str -> {
                    this.primaryGroupSids.add(str);
                });
            }
        }
    }

    void synchroniseUserChanges(DirectoryCache directoryCache, Long l) throws OperationFailedException {
        if (this.useLegacyADIncrementalSync) {
            synchroniseUserChangesUsn(directoryCache, l.longValue());
        } else {
            synchroniseUserChangesGuid(directoryCache, l);
        }
    }

    private void synchroniseGroupChanges(DirectoryCache directoryCache, long j) throws OperationFailedException {
        long currentTimeMillis = System.currentTimeMillis();
        log.debug("loading changed remote groups");
        List<LDAPGroupWithAttributes> findAddedOrUpdatedGroupsSince = this.activeDirectory.findAddedOrUpdatedGroupsSince(j);
        ArrayList arrayList = new ArrayList(DirectoryEntities.filterOutDuplicates(findAddedOrUpdatedGroupsSince));
        HashSet hashSet = new HashSet(this.activeDirectory.searchGroupsByDns(this.groupsDnsToUpdate));
        hashSet.addAll(this.activeDirectory.searchGroupsBySids(this.primaryGroupSids));
        hashSet.removeAll(findAddedOrUpdatedGroupsSince);
        arrayList.addAll(hashSet);
        List<Tombstone> findGroupTombstonesSince = this.activeDirectory.findGroupTombstonesSince(j);
        log.info("found [ {} ] changed remote groups in [ {}ms ]", Integer.valueOf(arrayList.size() + findGroupTombstonesSince.size()), Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        this.groupMap.putAll(arrayList);
        directoryCache.addOrUpdateCachedGroups(arrayList, null);
        synchroniseMemberships(arrayList, directoryCache);
        long currentTimeMillis2 = System.currentTimeMillis();
        directoryCache.deleteCachedGroupsByGuids((Set) findGroupTombstonesSince.stream().map((v0) -> {
            return v0.getObjectGUID();
        }).collect(Collectors.toSet()));
        log.info("Deleted [ {} ] groups for in DB cache in [ {}ms ]", Integer.valueOf(findGroupTombstonesSince.size()), Long.valueOf(System.currentTimeMillis() - currentTimeMillis2));
    }

    @Override // com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher
    Iterable<Membership> getMemberships(Collection<LDAPGroupWithAttributes> collection) throws OperationFailedException {
        try {
            return new RFC4519DirectoryMembershipsIterable(this.activeDirectory, collection, this.userMap.toLdapNameKeyedMap(), this.groupMap.toLdapNameKeyedMap());
        } catch (InvalidNameException e) {
            throw new OperationFailedException("Failed to get directory memberships due to invalid DN", e);
        }
    }

    private Function<String, LDAPUserWithAttributes> getGuidToUserFunction(Map<String, LDAPUserWithAttributes> map) {
        return new GuidToUserFunction(this.activeDirectory, map);
    }
}
