package com.atlassian.crowd.directory.cache;

import com.atlassian.crowd.directory.AzureAdDirectory;
import com.atlassian.crowd.directory.rest.mapper.DeltaQueryResult;
import com.atlassian.crowd.directory.rest.util.ThrowingMapMergeOperatorUtil;
import com.atlassian.crowd.directory.synchronisation.CacheSynchronisationResult;
import com.atlassian.crowd.directory.synchronisation.PartialSynchronisationResult;
import com.atlassian.crowd.directory.synchronisation.cache.CacheRefresher;
import com.atlassian.crowd.directory.synchronisation.cache.DirectoryCache;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.model.group.GroupTemplateWithAttributesAndMembershipChanges;
import com.atlassian.crowd.model.user.UserWithAttributes;
import com.atlassian.crowd.util.EqualityUtil;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import io.atlassian.util.concurrent.ThreadFactories;
import java.io.IOException;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import org.codehaus.jackson.map.ObjectMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/crowd-azure-ad-3.3.3-platform5-jdk11-m02.jar:com/atlassian/crowd/directory/cache/DeltaQueryCacheRefresher.class */
public class DeltaQueryCacheRefresher implements CacheRefresher {
    private final AzureAdDirectory azureAdDirectory;
    private Future<DeltaQueryResult<UserWithAttributes>> usersFuture;
    private Future<DeltaQueryResult<GroupTemplateWithAttributesAndMembershipChanges>> groupsFuture;
    private Map<String, String> userNamesToIds;
    private Map<String, String> groupNamesToIds;
    private Date syncStartDate;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DeltaQueryCacheRefresher.class);

    public DeltaQueryCacheRefresher(AzureAdDirectory azureAdDirectory) {
        this.azureAdDirectory = azureAdDirectory;
    }

    @Override // com.atlassian.crowd.directory.synchronisation.cache.CacheRefresher
    public CacheSynchronisationResult synchroniseAll(DirectoryCache directoryCache) throws OperationFailedException {
        ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(2, ThreadFactories.namedThreadFactory("DeltaQueryCacheRefresher-" + this.azureAdDirectory.getDirectoryId()));
        try {
            this.syncStartDate = new Date();
            AzureAdDirectory azureAdDirectory = this.azureAdDirectory;
            azureAdDirectory.getClass();
            this.usersFuture = newFixedThreadPool.submit(azureAdDirectory::performUsersDeltaQuery);
            AzureAdDirectory azureAdDirectory2 = this.azureAdDirectory;
            azureAdDirectory2.getClass();
            this.groupsFuture = newFixedThreadPool.submit(azureAdDirectory2::performGroupsDeltaQuery);
            this.userNamesToIds = new HashMap();
            this.groupNamesToIds = new HashMap();
            PartialSynchronisationResult<UserWithAttributes> synchroniseAllUsers = synchroniseAllUsers(directoryCache);
            PartialSynchronisationResult<GroupTemplateWithAttributesAndMembershipChanges> synchroniseAllGroups = synchroniseAllGroups(directoryCache);
            synchroniseAllMemberships(directoryCache, synchroniseAllUsers.getResults(), synchroniseAllGroups.getResults());
            newFixedThreadPool.shutdown();
            clearState();
            try {
                return new CacheSynchronisationResult(true, new ObjectMapper().writeValueAsString(new DeltaQuerySyncTokenHolder(synchroniseAllUsers.getSyncToken().get(), synchroniseAllGroups.getSyncToken().get())));
            } catch (IOException e) {
                log.error("Error occured when serializing ");
                return new CacheSynchronisationResult(true, null);
            }
        } catch (Throwable th) {
            newFixedThreadPool.shutdown();
            clearState();
            throw th;
        }
    }

    private void clearState() {
        this.usersFuture = null;
        this.groupsFuture = null;
        this.userNamesToIds = null;
        this.groupNamesToIds = null;
        this.syncStartDate = null;
    }

    @Override // com.atlassian.crowd.directory.synchronisation.cache.CacheRefresher
    public CacheSynchronisationResult synchroniseChanges(DirectoryCache directoryCache, @Nullable String str) throws OperationFailedException {
        if (Strings.isNullOrEmpty(str)) {
            log.info("Synchronisation token not present, full sync of directory [{}] is necessary before incremental sync is possible.", Long.valueOf(this.azureAdDirectory.getDirectoryId()));
            return CacheSynchronisationResult.FAILURE;
        }
        DeltaQuerySyncTokenHolder deserializeDirectorySyncToken = deserializeDirectorySyncToken(str);
        if (Strings.isNullOrEmpty(deserializeDirectorySyncToken.getGroupsDeltaQuerySyncToken())) {
            log.info("Groups delta token not present, falling back to full sync of directory [{}].", Long.valueOf(this.azureAdDirectory.getDirectoryId()));
            return CacheSynchronisationResult.FAILURE;
        }
        if (Strings.isNullOrEmpty(deserializeDirectorySyncToken.getUsersDeltaQuerySyncToken())) {
            log.info("Users delta token not present, falling back to full sync of directory [{}].", Long.valueOf(this.azureAdDirectory.getDirectoryId()));
            return CacheSynchronisationResult.FAILURE;
        }
        ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(2, ThreadFactories.namedThreadFactory("DeltaQueryCacheRefresher-" + this.azureAdDirectory.getDirectoryId()));
        try {
            try {
                this.syncStartDate = new Date();
                this.usersFuture = newFixedThreadPool.submit(() -> {
                    return this.azureAdDirectory.fetchUserChanges(deserializeDirectorySyncToken.getUsersDeltaQuerySyncToken());
                });
                this.groupsFuture = newFixedThreadPool.submit(() -> {
                    return this.azureAdDirectory.fetchGroupChanges(deserializeDirectorySyncToken.getGroupsDeltaQuerySyncToken());
                });
                this.userNamesToIds = new HashMap();
                this.groupNamesToIds = new HashMap();
                DeltaQueryResult<UserWithAttributes> synchroniseUserChanges = synchroniseUserChanges(directoryCache, this.usersFuture.get());
                DeltaQueryResult<GroupTemplateWithAttributesAndMembershipChanges> synchroniseGroupChanges = synchroniseGroupChanges(directoryCache, this.groupsFuture.get());
                synchroniseMembershipChanges(directoryCache, synchroniseUserChanges.getChangedEntities(), synchroniseGroupChanges.getChangedEntities());
                CacheSynchronisationResult cacheSynchronisationResult = new CacheSynchronisationResult(true, serializeDirectorySyncToken(synchroniseUserChanges, synchroniseGroupChanges));
                newFixedThreadPool.shutdown();
                clearState();
                return cacheSynchronisationResult;
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                throw new OperationFailedException("background query interrupted", e);
            } catch (ExecutionException e2) {
                throw new OperationFailedException(e2);
            }
        } catch (Throwable th) {
            newFixedThreadPool.shutdown();
            clearState();
            throw th;
        }
    }

    private String serializeDirectorySyncToken(DeltaQueryResult<UserWithAttributes> deltaQueryResult, DeltaQueryResult<GroupTemplateWithAttributesAndMembershipChanges> deltaQueryResult2) {
        try {
            return new ObjectMapper().writeValueAsString(new DeltaQuerySyncTokenHolder(deltaQueryResult.getSyncToken(), deltaQueryResult2.getSyncToken()));
        } catch (IOException e) {
            log.warn("Cannot serialize synchronisation token obtained from Azure AD. Users sync token: '{}', groups sync token: '{}'", deltaQueryResult.getSyncToken(), deltaQueryResult2.getSyncToken(), e);
            return null;
        }
    }

    private DeltaQuerySyncTokenHolder deserializeDirectorySyncToken(@Nullable String str) {
        try {
            return (DeltaQuerySyncTokenHolder) new ObjectMapper().readValue(str, DeltaQuerySyncTokenHolder.class);
        } catch (IOException e) {
            log.warn("Cannot perform incremental synchronisation for directory [{}] due to a malformed synchronisation token");
            throw new RuntimeException(e);
        }
    }

    private void synchroniseAllMemberships(DirectoryCache directoryCache, Collection<UserWithAttributes> collection, Collection<GroupTemplateWithAttributesAndMembershipChanges> collection2) throws OperationFailedException {
        this.userNamesToIds.putAll((Map) collection.stream().collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, (v0) -> {
            return v0.getExternalId();
        }, ThrowingMapMergeOperatorUtil.throwingMerger())));
        this.groupNamesToIds.putAll((Map) collection2.stream().collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, (v0) -> {
            return v0.getExternalId();
        }, ThrowingMapMergeOperatorUtil.duplicateMappedGroupsThrowingMerger(collection2))));
        for (GroupTemplateWithAttributesAndMembershipChanges groupTemplateWithAttributesAndMembershipChanges : collection2) {
            log.debug("Synchronising memberships for group {}", groupTemplateWithAttributesAndMembershipChanges.getName());
            if (this.azureAdDirectory.supportsNestedGroups()) {
                directoryCache.syncGroupMembersForGroup(groupTemplateWithAttributesAndMembershipChanges, resolveGroupNamesForIdsAndPopulateIdsToNamesCache(groupTemplateWithAttributesAndMembershipChanges.getGroupChildrenIdsToAdd(), directoryCache, true));
            }
            directoryCache.syncUserMembersForGroup(groupTemplateWithAttributesAndMembershipChanges, resolveUserNamesForIdsAndPopulateIdsToNamesCache(groupTemplateWithAttributesAndMembershipChanges.getUserChildrenIdsToAdd(), directoryCache, true));
        }
    }

    private void synchroniseMembershipChanges(DirectoryCache directoryCache, Collection<UserWithAttributes> collection, Collection<GroupTemplateWithAttributesAndMembershipChanges> collection2) throws OperationFailedException {
        this.userNamesToIds.putAll((Map) collection.stream().collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, (v0) -> {
            return v0.getExternalId();
        }, ThrowingMapMergeOperatorUtil.throwingMerger())));
        this.groupNamesToIds.putAll((Map) collection2.stream().collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, (v0) -> {
            return v0.getExternalId();
        }, ThrowingMapMergeOperatorUtil.duplicateMappedGroupsThrowingMerger(collection2))));
        for (GroupTemplateWithAttributesAndMembershipChanges groupTemplateWithAttributesAndMembershipChanges : collection2) {
            if (this.azureAdDirectory.supportsNestedGroups()) {
                directoryCache.addGroupMembersForGroup(groupTemplateWithAttributesAndMembershipChanges, resolveGroupNamesForIdsAndPopulateIdsToNamesCache(groupTemplateWithAttributesAndMembershipChanges.getGroupChildrenIdsToAdd(), directoryCache, true));
                directoryCache.deleteGroupMembersForGroup(groupTemplateWithAttributesAndMembershipChanges, resolveGroupNamesForIdsAndPopulateIdsToNamesCache(groupTemplateWithAttributesAndMembershipChanges.getGroupChildrenIdsToDelete(), directoryCache, false));
            }
            directoryCache.addUserMembersForGroup(groupTemplateWithAttributesAndMembershipChanges, resolveUserNamesForIdsAndPopulateIdsToNamesCache(groupTemplateWithAttributesAndMembershipChanges.getUserChildrenIdsToAdd(), directoryCache, true));
            directoryCache.deleteUserMembersForGroup(groupTemplateWithAttributesAndMembershipChanges, resolveUserNamesForIdsAndPopulateIdsToNamesCache(groupTemplateWithAttributesAndMembershipChanges.getUserChildrenIdsToDelete(), directoryCache, false));
        }
    }

    private Set<String> resolveUserNamesForIdsAndPopulateIdsToNamesCache(Set<String> set, DirectoryCache directoryCache, boolean z) throws OperationFailedException {
        Sets.SetView difference = Sets.difference(set, ImmutableSet.copyOf((Collection) this.userNamesToIds.values()));
        if (!difference.isEmpty()) {
            log.debug("Azure AD reported memberships on users that were not modified: {}, trying to resolve them from directory cache", difference);
            Map<String, String> findUsersByExternalIds = directoryCache.findUsersByExternalIds(difference);
            Sets.SetView difference2 = Sets.difference(difference, findUsersByExternalIds.keySet());
            if (z && difference2.size() > 0) {
                throw new OperationFailedException("Azure AD reported new memberships on users that were not returned during user sync. Users in question: " + difference2);
            }
            findUsersByExternalIds.forEach((str, str2) -> {
                this.userNamesToIds.put(str2, str);
            });
        }
        return (Set) this.userNamesToIds.entrySet().stream().filter(entry -> {
            return set.contains(entry.getValue());
        }).map((v0) -> {
            return v0.getKey();
        }).collect(Collectors.toSet());
    }

    private Set<String> resolveGroupNamesForIdsAndPopulateIdsToNamesCache(Set<String> set, DirectoryCache directoryCache, boolean z) throws OperationFailedException {
        Sets.SetView difference = Sets.difference(set, ImmutableSet.copyOf((Collection) this.groupNamesToIds.values()));
        if (!difference.isEmpty()) {
            log.debug("Azure AD reported memberships on groups that were not modified: {}, trying to resolve them from directory cache", difference);
            Map<String, String> findGroupsByExternalIds = directoryCache.findGroupsByExternalIds(difference);
            Sets.SetView difference2 = Sets.difference(difference, findGroupsByExternalIds.keySet());
            if (z && difference2.size() > 0) {
                throw new OperationFailedException("Azure AD reported new memberships on groups that were not returned during group sync. Groups in question: " + difference2);
            }
            findGroupsByExternalIds.forEach((str, str2) -> {
                this.groupNamesToIds.put(str2, str);
            });
        }
        return (Set) this.groupNamesToIds.entrySet().stream().filter(entry -> {
            return set.contains(entry.getValue());
        }).map((v0) -> {
            return v0.getKey();
        }).collect(Collectors.toSet());
    }

    private DeltaQueryResult<UserWithAttributes> synchroniseUserChanges(DirectoryCache directoryCache, DeltaQueryResult<UserWithAttributes> deltaQueryResult) throws OperationFailedException {
        handleNamelessEntities(deltaQueryResult, "users");
        directoryCache.deleteCachedUsersByGuid(deltaQueryResult.getDeletedEntities());
        directoryCache.addOrUpdateCachedUsers(deltaQueryResult.getChangedEntities(), this.syncStartDate);
        return deltaQueryResult;
    }

    private DeltaQueryResult<GroupTemplateWithAttributesAndMembershipChanges> synchroniseGroupChanges(DirectoryCache directoryCache, DeltaQueryResult<GroupTemplateWithAttributesAndMembershipChanges> deltaQueryResult) throws OperationFailedException {
        handleNamelessEntities(deltaQueryResult, "groups");
        checkNoRenamedGroups(directoryCache, deltaQueryResult);
        checkNoReaddedGroups(directoryCache, deltaQueryResult);
        directoryCache.deleteCachedGroupsByGuids(deltaQueryResult.getDeletedEntities());
        directoryCache.addOrUpdateCachedGroups(deltaQueryResult.getChangedEntities(), this.syncStartDate);
        return deltaQueryResult;
    }

    private void checkNoRenamedGroups(DirectoryCache directoryCache, DeltaQueryResult<GroupTemplateWithAttributesAndMembershipChanges> deltaQueryResult) throws OperationFailedException {
        Map map = (Map) deltaQueryResult.getChangedEntities().stream().collect(Collectors.toMap((v0) -> {
            return v0.getExternalId();
        }, (v0) -> {
            return v0.getName();
        }));
        Set set = (Set) directoryCache.findGroupsByExternalIds((Set) deltaQueryResult.getChangedEntities().stream().map((v0) -> {
            return v0.getExternalId();
        }).collect(Collectors.toSet())).entrySet().stream().filter(entry -> {
            String str = (String) map.get(entry.getKey());
            return str != null && EqualityUtil.different(str, (String) entry.getValue());
        }).collect(Collectors.toSet());
        if (set.isEmpty()) {
            return;
        }
        log.info("Cannot proceed with incremental synchronisation due to groups with known external ids but unknownnames, falling back to full synchronisation. Groups in question: [{}]", set);
        throw new OperationFailedException("Cannot proceed with incremental synchronisation due to renamed groups, falling back to full synchronisation.");
    }

    private void checkNoReaddedGroups(DirectoryCache directoryCache, DeltaQueryResult<GroupTemplateWithAttributesAndMembershipChanges> deltaQueryResult) throws OperationFailedException {
        Map map = (Map) deltaQueryResult.getChangedEntities().stream().collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, (v0) -> {
            return v0.getExternalId();
        }, ThrowingMapMergeOperatorUtil.duplicateMappedGroupsThrowingMerger(deltaQueryResult.getChangedEntities()), HashMap::new));
        Set set = (Set) directoryCache.findGroupsExternalIdsByNames((Set) deltaQueryResult.getChangedEntities().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet())).entrySet().stream().filter(entry -> {
            String str = (String) map.get(entry.getKey());
            return (str == null || !EqualityUtil.different(str, (String) entry.getValue()) || deltaQueryResult.getDeletedEntities().contains(entry.getValue())) ? false : true;
        }).collect(Collectors.toSet());
        if (set.isEmpty()) {
            return;
        }
        log.info("Cannot proceed with incremental synchronisation due to groups readded with known names/duplicates, falling back to full synchronisation. Groups in question: [{}]", set);
        throw new OperationFailedException("Cannot proceed with incremental synchronisation due to readded/duplicate groups, falling back to full synchronisation.");
    }

    private PartialSynchronisationResult<UserWithAttributes> synchroniseAllUsers(DirectoryCache directoryCache) throws OperationFailedException {
        try {
            DeltaQueryResult<UserWithAttributes> deltaQueryResult = this.usersFuture.get();
            handleNamelessEntities(deltaQueryResult, "users");
            directoryCache.deleteCachedUsersNotIn(deltaQueryResult.getChangedEntities(), this.syncStartDate);
            directoryCache.addOrUpdateCachedUsers(deltaQueryResult.getChangedEntities(), this.syncStartDate);
            return new PartialSynchronisationResult<>(deltaQueryResult.getChangedEntities(), deltaQueryResult.getSyncToken());
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new OperationFailedException("background query interrupted", e);
        } catch (ExecutionException e2) {
            throw new OperationFailedException(e2);
        }
    }

    private PartialSynchronisationResult<GroupTemplateWithAttributesAndMembershipChanges> synchroniseAllGroups(DirectoryCache directoryCache) throws OperationFailedException {
        try {
            DeltaQueryResult<GroupTemplateWithAttributesAndMembershipChanges> deltaQueryResult = this.groupsFuture.get();
            handleNamelessEntities(deltaQueryResult, "groups");
            directoryCache.deleteCachedGroupsNotInByExternalId(deltaQueryResult.getChangedEntities(), this.syncStartDate);
            directoryCache.addOrUpdateCachedGroups(deltaQueryResult.getChangedEntities(), this.syncStartDate);
            return new PartialSynchronisationResult<>(deltaQueryResult.getChangedEntities(), deltaQueryResult.getSyncToken());
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new OperationFailedException("background query interrupted", e);
        } catch (ExecutionException e2) {
            throw new OperationFailedException(e2);
        }
    }

    private <T> void handleNamelessEntities(DeltaQueryResult<T> deltaQueryResult, String str) {
        Sets.SetView difference = Sets.difference(deltaQueryResult.getNamelessEntities(), deltaQueryResult.getDeletedEntities());
        if (difference.size() > 0) {
            log.warn("Azure AD returned the following {} without ids: {}", str, difference);
        }
    }
}
