package com.atlassian.crowd.manager.application;

import com.atlassian.crowd.directory.RemoteDirectory;
import com.atlassian.crowd.directory.loader.DirectoryInstanceLoader;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.OperationType;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.event.user.UserAuthenticationFailedInvalidAuthenticationEvent;
import com.atlassian.crowd.exception.ApplicationPermissionException;
import com.atlassian.crowd.exception.BulkAddFailedException;
import com.atlassian.crowd.exception.DirectoryInstantiationException;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.InvalidEmailAddressException;
import com.atlassian.crowd.exception.InvalidGroupException;
import com.atlassian.crowd.exception.InvalidMembershipException;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.MembershipNotFoundException;
import com.atlassian.crowd.exception.NestedGroupsNotSupportedException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.ReadOnlyGroupException;
import com.atlassian.crowd.exception.UserAlreadyExistsException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.manager.directory.BulkAddResult;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.crowd.manager.directory.DirectoryPermissionException;
import com.atlassian.crowd.manager.permission.PermissionManager;
import com.atlassian.crowd.model.EntityComparator;
import com.atlassian.crowd.model.NameComparator;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.model.application.DirectoryMapping;
import com.atlassian.crowd.model.application.GroupMapping;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupTemplate;
import com.atlassian.crowd.model.group.GroupType;
import com.atlassian.crowd.model.group.GroupWithAttributes;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.crowd.model.user.UserTemplateWithCredentialAndAttributes;
import com.atlassian.crowd.model.user.UserWithAttributes;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.search.query.QueryUtils;
import com.atlassian.crowd.search.query.entity.EntityQuery;
import com.atlassian.crowd.search.query.membership.MembershipQuery;
import com.atlassian.crowd.search.util.SearchResultsUtil;
import com.atlassian.event.api.EventPublisher;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.collect.Iterables;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Comparator;
import java.util.ConcurrentModificationException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.helpers.MessageFormatter;

/* loaded from: input_file:com/atlassian/crowd/manager/application/ApplicationServiceGeneric.class */
public class ApplicationServiceGeneric implements ApplicationService {
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private final DirectoryManager directoryManager;
    private final PermissionManager permissionManager;
    private final DirectoryInstanceLoader directoryInstanceLoader;
    private final EventPublisher eventPublisher;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.atlassian.crowd.manager.application.ApplicationServiceGeneric$1, reason: invalid class name */
    /* loaded from: input_file:com/atlassian/crowd/manager/application/ApplicationServiceGeneric$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$atlassian$crowd$model$group$GroupType = new int[GroupType.values().length];

        static {
            try {
                $SwitchMap$com$atlassian$crowd$model$group$GroupType[GroupType.GROUP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$atlassian$crowd$model$group$GroupType[GroupType.LEGACY_ROLE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/crowd/manager/application/ApplicationServiceGeneric$ActiveDirectorFilter.class */
    public enum ActiveDirectorFilter implements Predicate<Directory> {
        INSTANCE;

        public boolean apply(Directory directory) {
            return directory.isActive();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/crowd/manager/application/ApplicationServiceGeneric$DirectoryResolver.class */
    public enum DirectoryResolver implements Function<DirectoryMapping, Directory> {
        INSTANCE;

        public Directory apply(DirectoryMapping directoryMapping) {
            return directoryMapping.getDirectory();
        }
    }

    public ApplicationServiceGeneric(DirectoryManager directoryManager, PermissionManager permissionManager, DirectoryInstanceLoader directoryInstanceLoader, EventPublisher eventPublisher) {
        this.directoryInstanceLoader = directoryInstanceLoader;
        this.directoryManager = (DirectoryManager) Preconditions.checkNotNull(directoryManager);
        this.permissionManager = (PermissionManager) Preconditions.checkNotNull(permissionManager);
        this.eventPublisher = eventPublisher;
    }

    public User authenticateUser(Application application, String str, PasswordCredential passwordCredential) throws OperationFailedException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException {
        if (application.getDirectoryMappings() == null || application.getDirectoryMappings().isEmpty()) {
            throw new InvalidAuthenticationException("Unable to authenticate user as there are no directories mapped to the application " + application.getName());
        }
        for (Directory directory : getActiveDirectories(application)) {
            try {
                return this.directoryManager.authenticateUser(directory.getId().longValue(), str, passwordCredential);
            } catch (UserNotFoundException e) {
            } catch (DirectoryNotFoundException e2) {
                throw new ConcurrentModificationException("Directory mapping was removed while iterating through directories: " + e2.getMessage());
            } catch (InvalidAuthenticationException e3) {
                this.eventPublisher.publish(new UserAuthenticationFailedInvalidAuthenticationEvent(this, directory, str));
                throw e3;
            }
        }
        throw new InvalidAuthenticationException("User with username <" + str + "> does not exist in any of the assigned directories of application <" + application.getName() + ">");
    }

    public boolean isUserAuthorised(Application application, String str) {
        try {
            return isAllowedToAuthenticate(str, fastFailingFindUser(application, str).getDirectoryId(), application);
        } catch (UserNotFoundException e) {
            return false;
        } catch (DirectoryNotFoundException e2) {
            throw new ConcurrentModificationException("Directory mapping removed while determining if the user is authorised to authenticate with an application");
        } catch (OperationFailedException e3) {
            this.logger.error(e3.getMessage(), e3);
            return false;
        }
    }

    public void addAllUsers(Application application, Collection<UserTemplateWithCredentialAndAttributes> collection) throws ApplicationPermissionException, OperationFailedException, BulkAddFailedException {
        this.logger.debug("Adding users for application {}", application);
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Directory findFirstDirectoryWithCreateUserPermission = findFirstDirectoryWithCreateUserPermission(application);
        if (findFirstDirectoryWithCreateUserPermission == null) {
            throw new ApplicationPermissionException("Application '" + application.getName() + "' has no directories that allow adding of users.");
        }
        try {
            Iterator<UserTemplateWithCredentialAndAttributes> it = collection.iterator();
            while (it.hasNext()) {
                it.next().setDirectoryId(findFirstDirectoryWithCreateUserPermission.getId().longValue());
            }
            BulkAddResult addAllUsers = this.directoryManager.addAllUsers(findFirstDirectoryWithCreateUserPermission.getId().longValue(), collection, false);
            Iterator it2 = addAllUsers.getExistingEntities().iterator();
            while (it2.hasNext()) {
                hashSet2.add(((User) it2.next()).getName());
            }
            Iterator it3 = addAllUsers.getFailedEntities().iterator();
            while (it3.hasNext()) {
                hashSet.add(((User) it3.next()).getName());
            }
            if (hashSet.size() > 0 || hashSet2.size() > 0) {
                throw new BulkAddFailedException(hashSet, hashSet2);
            }
        } catch (DirectoryNotFoundException e) {
            throw new OperationFailedException("Directory Not Found when trying to add users to directory '" + findFirstDirectoryWithCreateUserPermission.getName() + "'.", e);
        } catch (DirectoryPermissionException e2) {
            throw new ApplicationPermissionException("Permission Exception when trying to add users to directory '" + findFirstDirectoryWithCreateUserPermission.getName() + "'. " + e2.getMessage(), e2);
        }
    }

    private Directory findFirstDirectoryWithCreateUserPermission(Application application) {
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, OperationType.CREATE_USER)) {
                return directory;
            }
        }
        return null;
    }

    public User findUserByName(Application application, String str) throws UserNotFoundException {
        Iterator<Directory> it = getActiveDirectories(application).iterator();
        while (it.hasNext()) {
            try {
                return this.directoryManager.findUserByName(it.next().getId().longValue(), str);
            } catch (DirectoryNotFoundException e) {
                throw new ConcurrentModificationException("Directory mapping was removed while iterating through directories: " + e.getMessage());
            } catch (OperationFailedException e2) {
                this.logger.error(e2.getMessage(), e2);
            } catch (UserNotFoundException e3) {
            }
        }
        throw new UserNotFoundException(str);
    }

    private User fastFailingFindUser(Application application, String str) throws UserNotFoundException, OperationFailedException {
        Iterator<Directory> it = getActiveDirectories(application).iterator();
        while (it.hasNext()) {
            try {
                return this.directoryManager.findUserByName(it.next().getId().longValue(), str);
            } catch (UserNotFoundException e) {
            } catch (DirectoryNotFoundException e2) {
                throw new ConcurrentModificationException("Directory mapping was removed while iterating through directories: " + e2.getMessage());
            }
        }
        throw new UserNotFoundException(str);
    }

    public UserWithAttributes findUserWithAttributesByName(Application application, String str) throws UserNotFoundException {
        Iterator<Directory> it = getActiveDirectories(application).iterator();
        while (it.hasNext()) {
            try {
                return this.directoryManager.findUserWithAttributesByName(it.next().getId().longValue(), str);
            } catch (OperationFailedException e) {
                this.logger.error(e.getMessage(), e);
            } catch (DirectoryNotFoundException e2) {
                throw new ConcurrentModificationException("Directory mapping was removed while iterating through directories: " + e2.getMessage());
            } catch (UserNotFoundException e3) {
            }
        }
        throw new UserNotFoundException(str);
    }

    public User addUser(Application application, UserTemplate userTemplate, PasswordCredential passwordCredential) throws InvalidUserException, OperationFailedException, InvalidCredentialException, ApplicationPermissionException {
        this.logger.debug("Adding user <{}> for application <{}>", userTemplate.getName(), application.getName());
        try {
            fastFailingFindUser(application, userTemplate.getName());
            throw new InvalidUserException(userTemplate, "User already exists");
        } catch (UserNotFoundException e) {
            Directory findFirstDirectoryWithCreateUserPermission = findFirstDirectoryWithCreateUserPermission(application);
            if (findFirstDirectoryWithCreateUserPermission == null) {
                throw new ApplicationPermissionException("Application '" + application.getName() + "' has no directories that allow adding of users.");
            }
            try {
                userTemplate.setDirectoryId(findFirstDirectoryWithCreateUserPermission.getId().longValue());
                User addUser = this.directoryManager.addUser(findFirstDirectoryWithCreateUserPermission.getId().longValue(), userTemplate, passwordCredential);
                this.logger.debug("User '{}' was added to directory '{}'.", new Object[]{userTemplate.getName(), findFirstDirectoryWithCreateUserPermission.getName(), userTemplate.getName()});
                return addUser;
            } catch (UserAlreadyExistsException e2) {
                throw new OperationFailedException("User " + userTemplate.getName() + " already exists.");
            } catch (DirectoryNotFoundException e3) {
                throw new OperationFailedException("Directory not found when trying to add user '" + userTemplate.getName() + "' to directory '" + findFirstDirectoryWithCreateUserPermission.getName() + "'.", e3);
            } catch (DirectoryPermissionException e4) {
                throw new ApplicationPermissionException("Permission Exception when trying to add user '" + userTemplate.getName() + "' to directory '" + findFirstDirectoryWithCreateUserPermission.getName() + "'. " + e4.getMessage(), e4);
            }
        }
    }

    public User updateUser(Application application, UserTemplate userTemplate) throws InvalidUserException, OperationFailedException, ApplicationPermissionException, UserNotFoundException {
        this.logger.debug("Updating user <{}> for application <{}>", userTemplate.getName(), application.getName());
        User fastFailingFindUser = fastFailingFindUser(application, userTemplate.getName());
        if (userTemplate.getDirectoryId() <= 0) {
            userTemplate.setDirectoryId(fastFailingFindUser.getDirectoryId());
        } else if (userTemplate.getDirectoryId() != fastFailingFindUser.getDirectoryId()) {
            throw new InvalidUserException(userTemplate, "Attempted to update user '" + userTemplate.getName() + "' with invalid directory ID " + userTemplate.getDirectoryId() + ", we expected ID " + fastFailingFindUser.getDirectoryId() + ".");
        }
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER)) {
            throw new ApplicationPermissionException("Cannot update user '" + userTemplate.getName() + "' because directory '" + findDirectoryById.getName() + "' does not allow updates.");
        }
        try {
            return this.directoryManager.updateUser(findDirectoryById.getId().longValue(), userTemplate);
        } catch (DirectoryPermissionException e) {
            throw new ApplicationPermissionException("Permission Exception when trying to update user '" + userTemplate.getName() + "' in directory '" + findDirectoryById.getName() + "'.", e);
        } catch (DirectoryNotFoundException e2) {
            throw new ConcurrentModificationException("Directory mapping was removed while updating user: " + e2.getMessage());
        }
    }

    public void updateUserCredential(Application application, String str, PasswordCredential passwordCredential) throws OperationFailedException, InvalidCredentialException, ApplicationPermissionException, UserNotFoundException {
        User fastFailingFindUser = fastFailingFindUser(application, str);
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER)) {
            throw new ApplicationPermissionException("Not allowed to update user '" + fastFailingFindUser.getName() + "' in directory '" + findDirectoryById.getName() + "'.");
        }
        try {
            this.directoryManager.updateUserCredential(fastFailingFindUser.getDirectoryId(), str, passwordCredential);
        } catch (DirectoryPermissionException e) {
            throw new ApplicationPermissionException(e);
        } catch (DirectoryNotFoundException e2) {
            throw new ConcurrentModificationException("Directory mapping was removed while updating user credential: " + e2.getMessage());
        }
    }

    public void resetUserCredential(Application application, String str) throws OperationFailedException, InvalidCredentialException, ApplicationPermissionException, InvalidEmailAddressException, UserNotFoundException {
        User fastFailingFindUser = fastFailingFindUser(application, str);
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER)) {
            throw new ApplicationPermissionException("Not allowed to update user '" + fastFailingFindUser.getName() + "' in directory '" + findDirectoryById.getName() + "'.");
        }
        try {
            this.directoryManager.resetPassword(fastFailingFindUser.getDirectoryId(), str);
        } catch (DirectoryPermissionException e) {
            throw new ApplicationPermissionException(e);
        } catch (DirectoryNotFoundException e2) {
            throw new ConcurrentModificationException("Directory mapping was removed while resetting the user credential: " + e2.getMessage());
        }
    }

    public void storeUserAttributes(Application application, String str, Map<String, Set<String>> map) throws OperationFailedException, ApplicationPermissionException, UserNotFoundException {
        this.logger.debug("Storing user attributes for user <{}> and application <{}>", str, application.getName());
        User fastFailingFindUser = fastFailingFindUser(application, str);
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER_ATTRIBUTE)) {
            throw new ApplicationPermissionException("Not allowed to update user attributes '" + fastFailingFindUser.getName() + "' in directory '" + findDirectoryById.getName() + "'.");
        }
        try {
            this.directoryManager.storeUserAttributes(findDirectoryById.getId().longValue(), str, map);
        } catch (DirectoryNotFoundException e) {
            throw new ConcurrentModificationException("Directory mapping was removed while storing the user attributes: " + e.getMessage());
        } catch (DirectoryPermissionException e2) {
            throw new ApplicationPermissionException(e2);
        }
    }

    public void removeUserAttributes(Application application, String str, String str2) throws OperationFailedException, ApplicationPermissionException, UserNotFoundException {
        this.logger.debug("Removing user attributes for user <{}> and application <{}>", str, application.getName());
        User fastFailingFindUser = fastFailingFindUser(application, str);
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER_ATTRIBUTE)) {
            throw new ApplicationPermissionException("Not allowed to update user attributes '" + fastFailingFindUser.getName() + "' in directory '" + findDirectoryById.getName() + "'.");
        }
        try {
            this.directoryManager.removeUserAttributes(findDirectoryById.getId().longValue(), str, str2);
        } catch (DirectoryNotFoundException e) {
            throw new ConcurrentModificationException("Directory mapping was removed while removing the user attributes: " + e.getMessage());
        } catch (DirectoryPermissionException e2) {
            throw new ApplicationPermissionException(e2);
        }
    }

    public void removeUser(Application application, String str) throws OperationFailedException, ApplicationPermissionException, UserNotFoundException {
        User fastFailingFindUser = fastFailingFindUser(application, str);
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.DELETE_USER)) {
            throw new ApplicationPermissionException("Not allowed to delete user '" + fastFailingFindUser.getName() + "' from directory '" + findDirectoryById.getName() + "'.");
        }
        try {
            this.directoryManager.removeUser(findDirectoryById.getId().longValue(), str);
        } catch (DirectoryPermissionException e) {
            throw new ApplicationPermissionException(e);
        } catch (DirectoryNotFoundException e2) {
            throw new ConcurrentModificationException("Directory mapping was removed while removing the user: " + e2.getMessage());
        }
    }

    public <T> List<T> searchUsers(Application application, EntityQuery<T> entityQuery) {
        return searchUsers(application, entityQuery, getAggregatingAndSortingComparatorFor(entityQuery.getReturnType()));
    }

    public List<User> searchUsersAllowingDuplicateNames(Application application, EntityQuery<User> entityQuery) {
        return searchUsers(application, entityQuery, EntityComparator.of(User.class));
    }

    private <T> List<T> searchUsers(Application application, EntityQuery<T> entityQuery, Comparator<? super T> comparator) {
        boolean z = entityQuery.getMaxResults() == -1;
        QueryUtils.checkAssignableFrom(entityQuery.getReturnType(), new Class[]{String.class, User.class});
        TreeSet treeSet = new TreeSet(comparator);
        int startIndex = entityQuery.getStartIndex() + entityQuery.getMaxResults();
        if (z) {
            startIndex = -1;
        }
        Iterator<Directory> it = getActiveDirectories(application).iterator();
        while (it.hasNext()) {
            try {
                treeSet.addAll(this.directoryManager.searchUsers(it.next().getId().longValue(), QueryBuilder.queryFor(entityQuery.getReturnType(), entityQuery.getEntityDescriptor(), entityQuery.getSearchRestriction(), 0, startIndex)));
                if (!z && treeSet.size() >= entityQuery.getMaxResults()) {
                    break;
                }
            } catch (DirectoryNotFoundException e) {
            } catch (OperationFailedException e2) {
                this.logger.error(e2.getMessage(), e2);
            }
        }
        return SearchResultsUtil.constrainResults(new ArrayList(treeSet), entityQuery.getStartIndex(), entityQuery.getMaxResults());
    }

    public Group findGroupByName(Application application, String str) throws GroupNotFoundException {
        Iterator<Directory> it = getActiveDirectories(application).iterator();
        while (it.hasNext()) {
            try {
                return this.directoryManager.findGroupByName(it.next().getId().longValue(), str);
            } catch (DirectoryNotFoundException e) {
                throw new ConcurrentModificationException("Directory mapping was removed while iterating through directories: " + e.getMessage());
            } catch (OperationFailedException e2) {
                this.logger.error(e2.getMessage(), e2);
            } catch (GroupNotFoundException e3) {
            }
        }
        throw new GroupNotFoundException(str);
    }

    private Group getGroup(Application application, String str) throws OperationFailedException, GroupNotFoundException {
        Iterator<Directory> it = getActiveDirectories(application).iterator();
        while (it.hasNext()) {
            try {
                return this.directoryManager.findGroupByName(it.next().getId().longValue(), str);
            } catch (GroupNotFoundException e) {
            } catch (DirectoryNotFoundException e2) {
                throw new ConcurrentModificationException("Directory mapping was removed while iterating through directories: " + e2.getMessage());
            }
        }
        throw new GroupNotFoundException(str);
    }

    public GroupWithAttributes findGroupWithAttributesByName(Application application, String str) throws GroupNotFoundException {
        Iterator<Directory> it = getActiveDirectories(application).iterator();
        while (it.hasNext()) {
            try {
                return this.directoryManager.findGroupWithAttributesByName(it.next().getId().longValue(), str);
            } catch (OperationFailedException e) {
                this.logger.error(e.getMessage(), e);
            } catch (DirectoryNotFoundException e2) {
                throw new ConcurrentModificationException("Directory mapping was removed while iterating through directories: " + e2.getMessage());
            } catch (GroupNotFoundException e3) {
            }
        }
        throw new GroupNotFoundException(str);
    }

    public Group addGroup(Application application, GroupTemplate groupTemplate) throws InvalidGroupException, OperationFailedException, ApplicationPermissionException {
        this.logger.debug("Adding group <{}> for application <{}>", groupTemplate.getName(), application.getName());
        try {
            getGroup(application, groupTemplate.getName());
            throw new InvalidGroupException(groupTemplate, "Group already exists");
        } catch (GroupNotFoundException e) {
            OperationType createOperationType = getCreateOperationType(groupTemplate);
            for (Directory directory : getActiveDirectories(application)) {
                if (this.permissionManager.hasPermission(application, directory, createOperationType)) {
                    try {
                        groupTemplate.setDirectoryId(directory.getId().longValue());
                        this.directoryManager.addGroup(directory.getId().longValue(), groupTemplate);
                    } catch (DirectoryNotFoundException e2) {
                        this.logger.error(e2.getMessage(), e2);
                    } catch (DirectoryPermissionException e3) {
                        this.logger.info("Could not add group <{}> to directory <{}>", groupTemplate.getName(), directory.getName());
                        this.logger.info(e3.getMessage());
                    }
                }
            }
            try {
                return getGroup(application, groupTemplate.getName());
            } catch (GroupNotFoundException e4) {
                throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow adding of groups");
            }
        }
    }

    public Group updateGroup(Application application, GroupTemplate groupTemplate) throws InvalidGroupException, OperationFailedException, ApplicationPermissionException, GroupNotFoundException {
        this.logger.debug("Updating group <{}> for application <{}>", groupTemplate.getName(), application.getName());
        OperationType updateOperationType = getUpdateOperationType(getGroup(application, groupTemplate.getName()));
        boolean z = false;
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, updateOperationType)) {
                try {
                    groupTemplate.setDirectoryId(directory.getId().longValue());
                    this.directoryManager.updateGroup(directory.getId().longValue(), groupTemplate);
                    z = true;
                } catch (ReadOnlyGroupException e) {
                    if (this.logger.isInfoEnabled()) {
                        this.logger.info(MessageFormatter.format("Could not update group <{}> to directory <{}> because the group is read-only.", groupTemplate.getName(), directory.getName()), e);
                    }
                } catch (DirectoryNotFoundException e2) {
                    throw new ConcurrentModificationException("Directory mapping was removed while iterating through directories: " + e2.getMessage());
                } catch (DirectoryPermissionException e3) {
                    this.logger.info("Could not update group <{}> to directory <{}>", groupTemplate.getName(), directory.getName());
                    this.logger.info(e3.getMessage());
                } catch (GroupNotFoundException e4) {
                }
            }
        }
        if (z) {
            return getGroup(application, groupTemplate.getName());
        }
        throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group modifications");
    }

    public void storeGroupAttributes(Application application, String str, Map<String, Set<String>> map) throws OperationFailedException, ApplicationPermissionException, GroupNotFoundException {
        this.logger.debug("Storing group attributes for group <{}> and application <{}>", str, application.getName());
        OperationType updateAttributeOperationType = getUpdateAttributeOperationType(getGroup(application, str));
        boolean z = false;
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, updateAttributeOperationType)) {
                try {
                    this.directoryManager.storeGroupAttributes(directory.getId().longValue(), str, map);
                    z = true;
                } catch (GroupNotFoundException e) {
                } catch (DirectoryNotFoundException e2) {
                    throw new ConcurrentModificationException("Directory mapping was removed while iterating through directories: " + e2.getMessage());
                } catch (DirectoryPermissionException e3) {
                    this.logger.info("Could not update group <{}> to directory <{}>", str, directory.getName());
                    this.logger.info(e3.getMessage());
                }
            }
        }
        if (!z) {
            throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group attribute modifications");
        }
    }

    public void removeGroupAttributes(Application application, String str, String str2) throws OperationFailedException, ApplicationPermissionException, GroupNotFoundException {
        this.logger.debug("Removing group attributes for group <{}> and application <{}>", str, application.getName());
        boolean z = false;
        OperationType updateAttributeOperationType = getUpdateAttributeOperationType(getGroup(application, str));
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, updateAttributeOperationType)) {
                try {
                    this.directoryManager.removeGroupAttributes(directory.getId().longValue(), str, str2);
                    z = true;
                } catch (GroupNotFoundException e) {
                } catch (DirectoryNotFoundException e2) {
                    throw new ConcurrentModificationException("Directory mapping was removed while iterating through directories: " + e2.getMessage());
                } catch (DirectoryPermissionException e3) {
                    this.logger.info("Could not update group <{}> to directory <{}>", str, directory.getName());
                    this.logger.info(e3.getMessage());
                }
            }
        }
        if (!z) {
            throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group attribute modifications");
        }
    }

    public void removeGroup(Application application, String str) throws OperationFailedException, ApplicationPermissionException, GroupNotFoundException {
        boolean z = false;
        OperationType deleteOperationType = getDeleteOperationType(getGroup(application, str));
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, deleteOperationType)) {
                try {
                    this.directoryManager.removeGroup(directory.getId().longValue(), str);
                    z = true;
                } catch (ReadOnlyGroupException e) {
                    if (this.logger.isInfoEnabled()) {
                        this.logger.info(MessageFormatter.format("Could not update group <{}> to directory <{}> because the group is read-only.", str, directory.getName()), e);
                    }
                } catch (DirectoryNotFoundException e2) {
                    throw new ConcurrentModificationException("Directory mapping was removed while iterating through directories: " + e2.getMessage());
                } catch (DirectoryPermissionException e3) {
                    this.logger.info("Could not remove group <{}> from directory <{}>", str, directory.getName());
                } catch (GroupNotFoundException e4) {
                }
            }
        }
        if (!z) {
            throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group removal");
        }
    }

    public <T> List<T> searchGroups(Application application, EntityQuery<T> entityQuery) {
        QueryUtils.checkAssignableFrom(entityQuery.getReturnType(), new Class[]{String.class, Group.class});
        TreeSet treeSet = new TreeSet(getAggregatingAndSortingComparatorFor(entityQuery.getReturnType()));
        int startIndex = entityQuery.getStartIndex() + entityQuery.getMaxResults();
        boolean z = entityQuery.getMaxResults() == -1;
        if (z) {
            startIndex = -1;
        }
        Iterator<Directory> it = getActiveDirectories(application).iterator();
        while (it.hasNext()) {
            try {
                treeSet.addAll(this.directoryManager.searchGroups(it.next().getId().longValue(), QueryBuilder.queryFor(entityQuery.getReturnType(), entityQuery.getEntityDescriptor(), entityQuery.getSearchRestriction(), 0, startIndex)));
                if (!z && treeSet.size() >= entityQuery.getMaxResults()) {
                    break;
                }
            } catch (OperationFailedException e) {
                this.logger.error(e.getMessage(), e);
            } catch (DirectoryNotFoundException e2) {
            }
        }
        return SearchResultsUtil.constrainResults(new ArrayList(treeSet), entityQuery.getStartIndex(), entityQuery.getMaxResults());
    }

    public void addUserToGroup(Application application, String str, String str2) throws OperationFailedException, ApplicationPermissionException, UserNotFoundException, GroupNotFoundException {
        User fastFailingFindUser = fastFailingFindUser(application, str);
        try {
            OperationType updateOperationType = getUpdateOperationType(ensureGroupExistsInDirectory(fastFailingFindUser.getDirectoryId(), str2, application));
            Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
            if (!this.permissionManager.hasPermission(application, findDirectoryById, updateOperationType)) {
                throw new ApplicationPermissionException("Cannot update group '" + str2 + "' because directory '" + findDirectoryById.getName() + "' does not allow updates.");
            }
            try {
                this.directoryManager.addUserToGroup(findDirectoryById.getId().longValue(), str, str2);
            } catch (DirectoryNotFoundException e) {
                throw new ConcurrentModificationException("Directory mapping was removed while adding user to a group: " + e.getMessage());
            } catch (DirectoryPermissionException e2) {
                throw new ApplicationPermissionException("Permission Exception when trying to update group '" + str2 + "' in directory '" + findDirectoryById.getName() + "'.", e2);
            } catch (ReadOnlyGroupException e3) {
                throw new ApplicationPermissionException(String.format("Could not add user %s to group %s in directory %s because the directory or group is read-only.", str, str2, findDirectoryById.getName()));
            }
        } catch (DirectoryNotFoundException e4) {
            throw new ConcurrentModificationException("Directory mapping was removed while adding user to a group: " + e4.getMessage());
        }
    }

    private Directory findDirectoryById(long j) throws ConcurrentModificationException {
        try {
            return this.directoryManager.findDirectoryById(j);
        } catch (DirectoryNotFoundException e) {
            throw new ConcurrentModificationException("Directory mapping was removed while iterating through directories: " + e.getMessage());
        }
    }

    private Group ensureGroupExistsInDirectory(long j, String str, Application application) throws GroupNotFoundException, ApplicationPermissionException, OperationFailedException, DirectoryNotFoundException {
        try {
            return this.directoryManager.findGroupByName(j, str);
        } catch (GroupNotFoundException e) {
            Group findGroupByName = findGroupByName(application, str);
            try {
                this.logger.info("Creating group '{}' in directory {} so membership can be added", str, Long.valueOf(j));
                return this.directoryManager.addGroup(j, new GroupTemplate(str, j, findGroupByName.getType()));
            } catch (InvalidGroupException e2) {
                throw new OperationFailedException(e2.getMessage(), e2);
            } catch (DirectoryPermissionException e3) {
                throw new ApplicationPermissionException("Group '" + str + "' does not exist in the directory of the user and cannot be added.");
            }
        }
    }

    public void addGroupToGroup(Application application, String str, String str2) throws OperationFailedException, ApplicationPermissionException, GroupNotFoundException, InvalidMembershipException {
        Group group = getGroup(application, str2);
        Group group2 = getGroup(application, str);
        if (group.getType() != group2.getType()) {
            throw new InvalidMembershipException("Cannot add group of type " + group2.getType().name() + " to group of type " + group.getType().name());
        }
        if (str.equals(str2)) {
            throw new InvalidMembershipException("Cannot add a group to itself.");
        }
        if (isGroupNestedGroupMember(application, str2, str)) {
            throw new InvalidMembershipException("Cannot add child group '" + str + "' to parent group '" + str2 + "' - this would cause a circular dependency.");
        }
        OperationType updateOperationType = getUpdateOperationType(group);
        boolean z = false;
        boolean z2 = false;
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, updateOperationType)) {
                z = true;
                try {
                    this.directoryManager.addGroupToGroup(directory.getId().longValue(), str, str2);
                    z2 = true;
                } catch (NestedGroupsNotSupportedException e) {
                    this.logger.debug("Could not add child group <{}> to parent group <{}> in directory <{}> - Nested Groups not supported.", new Object[]{group2, group, directory.getName()});
                } catch (DirectoryPermissionException e2) {
                    this.logger.warn("Could not add child group <{}> to parent group <{}> in directory <{}> - unexpected DirectoryPermissionException", new Object[]{group2, group, directory.getName()});
                } catch (InvalidMembershipException e3) {
                    this.logger.info("Could not add child group <{}> to parent group <{}> in directory <{}>: {}", new Object[]{group2, group, directory.getName(), e3.getMessage()});
                } catch (ReadOnlyGroupException e4) {
                    this.logger.info(e4.getMessage(), e4);
                } catch (DirectoryNotFoundException e5) {
                    throw new ConcurrentModificationException("Directory mapping was removed while iterating through directories: " + e5.getMessage());
                } catch (GroupNotFoundException e6) {
                }
            }
        }
        if (z2) {
            return;
        }
        if (!z) {
            throw new ApplicationPermissionException("Application '" + application.getName() + "' does not allow group modifications.");
        }
        throw new ApplicationPermissionException("Could not add child group '" + str + "' to parent group '" + str + "'.");
    }

    public void removeUserFromGroup(Application application, String str, String str2) throws OperationFailedException, ApplicationPermissionException, MembershipNotFoundException, UserNotFoundException, GroupNotFoundException {
        User fastFailingFindUser = fastFailingFindUser(application, str);
        try {
            OperationType updateOperationType = getUpdateOperationType(this.directoryManager.findGroupByName(fastFailingFindUser.getDirectoryId(), str2));
            if (!isUserDirectGroupMember(application, str, str2)) {
                throw new MembershipNotFoundException(str, str2);
            }
            Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
            if (!this.permissionManager.hasPermission(application, findDirectoryById, updateOperationType)) {
                throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group modifications");
            }
            try {
                this.directoryManager.removeUserFromGroup(findDirectoryById.getId().longValue(), str, str2);
            } catch (DirectoryPermissionException e) {
                throw new ConcurrentModificationException("Directory permissions changed while processing directory: " + e.getMessage());
            } catch (ReadOnlyGroupException e2) {
                throw new ApplicationPermissionException(String.format("Could not add user %s to group %s in directory %s because the directory or group is read-only.", str, str2, findDirectoryById.getName()));
            } catch (DirectoryNotFoundException e3) {
                throw new ConcurrentModificationException("Directory mapping was removed while processing directory: " + e3.getMessage());
            }
        } catch (DirectoryNotFoundException e4) {
            throw new ConcurrentModificationException("Directory was removed while processing directory: " + e4.getMessage());
        }
    }

    public void removeGroupFromGroup(Application application, String str, String str2) throws OperationFailedException, ApplicationPermissionException, MembershipNotFoundException, GroupNotFoundException {
        boolean z = false;
        if (!isGroupDirectGroupMember(application, str, str2)) {
            throw new MembershipNotFoundException(str, str2);
        }
        OperationType updateOperationType = getUpdateOperationType(getGroup(application, str2));
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, updateOperationType) && getDirectoryImplementation(directory).supportsNestedGroups()) {
                try {
                    this.directoryManager.removeGroupFromGroup(directory.getId().longValue(), str, str2);
                    z = true;
                } catch (DirectoryPermissionException e) {
                    this.logger.info("Could not remove child group <{}> to parent group <{}> from directory <{}>", new Object[]{str, str2, directory.getName()});
                } catch (InvalidMembershipException e2) {
                    this.logger.info("Could not remove child group <{}> from parent group <{}> from directory <{}>: {}", new Object[]{str, str2, directory.getName(), e2.getMessage()});
                } catch (GroupNotFoundException e3) {
                    z = true;
                } catch (ReadOnlyGroupException e4) {
                    this.logger.info(e4.getMessage(), e4);
                } catch (DirectoryNotFoundException e5) {
                    throw new ConcurrentModificationException("Directory mapping was removed while iterating through directories: " + e5.getMessage());
                }
            }
        }
        if (!z) {
            throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group modifications");
        }
    }

    public boolean isUserDirectGroupMember(Application application, String str, String str2) {
        try {
            return this.directoryManager.isUserDirectGroupMember(findUserByName(application, str).getDirectoryId(), str, str2);
        } catch (OperationFailedException e) {
            this.logger.error(e.getMessage(), e);
            return false;
        } catch (DirectoryNotFoundException e2) {
            throw new ConcurrentModificationException("Directory mapping was removed while determining if the user is a direct group member: " + e2.getMessage());
        } catch (UserNotFoundException e3) {
            return false;
        }
    }

    public boolean isGroupDirectGroupMember(Application application, String str, String str2) {
        Iterator<Directory> it = getActiveDirectories(application).iterator();
        while (it.hasNext()) {
            try {
            } catch (OperationFailedException e) {
                this.logger.error(e.getMessage(), e);
            } catch (DirectoryNotFoundException e2) {
            }
            if (this.directoryManager.isGroupDirectGroupMember(it.next().getId().longValue(), str, str2)) {
                return true;
            }
        }
        return false;
    }

    public boolean isUserNestedGroupMember(Application application, String str, String str2) {
        try {
            return this.directoryManager.isUserNestedGroupMember(findUserByName(application, str).getDirectoryId(), str, str2);
        } catch (OperationFailedException e) {
            this.logger.error(e.getMessage(), e);
            return false;
        } catch (DirectoryNotFoundException e2) {
            throw new ConcurrentModificationException("Directory mapping was removed while determining if user is a nested group member: " + e2.getMessage());
        } catch (UserNotFoundException e3) {
            return false;
        }
    }

    public boolean isGroupNestedGroupMember(Application application, String str, String str2) {
        Iterator<Directory> it = getActiveDirectories(application).iterator();
        while (it.hasNext()) {
            try {
            } catch (OperationFailedException e) {
                this.logger.error(e.getMessage(), e);
            } catch (DirectoryNotFoundException e2) {
            }
            if (this.directoryManager.isGroupNestedGroupMember(it.next().getId().longValue(), str, str2)) {
                return true;
            }
        }
        return false;
    }

    public <T> List<T> searchDirectGroupRelationships(Application application, MembershipQuery<T> membershipQuery) {
        QueryUtils.checkAssignableFrom(membershipQuery.getReturnType(), new Class[]{String.class, Group.class, User.class});
        TreeSet treeSet = new TreeSet(getAggregatingAndSortingComparatorFor(membershipQuery.getReturnType()));
        int startIndex = membershipQuery.getStartIndex() + membershipQuery.getMaxResults();
        if (membershipQuery.getMaxResults() == -1) {
            startIndex = -1;
        }
        if (!membershipQuery.getEntityToMatch().equals(EntityDescriptor.user())) {
            Iterator<Directory> it = getActiveDirectories(application).iterator();
            while (it.hasNext()) {
                treeSet.addAll(doDirectDirectoryMembershipQuery(membershipQuery, startIndex, it.next().getId()));
                if (membershipQuery.getMaxResults() != -1 && treeSet.size() >= membershipQuery.getMaxResults()) {
                    break;
                }
            }
        } else {
            try {
                treeSet.addAll(doDirectDirectoryMembershipQuery(membershipQuery, startIndex, Long.valueOf(findUserByName(application, membershipQuery.getEntityNameToMatch()).getDirectoryId())));
            } catch (UserNotFoundException e) {
            }
        }
        return SearchResultsUtil.constrainResults(new ArrayList(treeSet), membershipQuery.getStartIndex(), membershipQuery.getMaxResults());
    }

    private <T> List<T> doDirectDirectoryMembershipQuery(MembershipQuery<T> membershipQuery, int i, Long l) {
        try {
            return this.directoryManager.searchDirectGroupRelationships(l.longValue(), QueryBuilder.createMembershipQuery(i, 0, membershipQuery.isFindChildren(), membershipQuery.getEntityToReturn(), membershipQuery.getReturnType(), membershipQuery.getEntityToMatch(), membershipQuery.getEntityNameToMatch()));
        } catch (OperationFailedException e) {
            this.logger.error(e.getMessage(), e);
            return new ArrayList();
        } catch (DirectoryNotFoundException e2) {
            return new ArrayList();
        }
    }

    public <T> List<T> searchNestedGroupRelationships(Application application, MembershipQuery<T> membershipQuery) {
        QueryUtils.checkAssignableFrom(membershipQuery.getReturnType(), new Class[]{String.class, Group.class, User.class});
        TreeSet treeSet = new TreeSet(getAggregatingAndSortingComparatorFor(membershipQuery.getReturnType()));
        int startIndex = membershipQuery.getStartIndex() + membershipQuery.getMaxResults();
        if (membershipQuery.getMaxResults() == -1) {
            startIndex = -1;
        }
        if (!membershipQuery.getEntityToMatch().equals(EntityDescriptor.user())) {
            Iterator<Directory> it = getActiveDirectories(application).iterator();
            while (it.hasNext()) {
                treeSet.addAll(doNestedDirectoryMembershipQuery(membershipQuery, startIndex, it.next().getId()));
                if (membershipQuery.getMaxResults() != -1 && treeSet.size() >= membershipQuery.getMaxResults()) {
                    break;
                }
            }
        } else {
            try {
                treeSet.addAll(doNestedDirectoryMembershipQuery(membershipQuery, startIndex, Long.valueOf(findUserByName(application, membershipQuery.getEntityNameToMatch()).getDirectoryId())));
            } catch (UserNotFoundException e) {
            }
        }
        return SearchResultsUtil.constrainResults(new ArrayList(treeSet), membershipQuery.getStartIndex(), membershipQuery.getMaxResults());
    }

    private <T> List<T> doNestedDirectoryMembershipQuery(MembershipQuery<T> membershipQuery, int i, Long l) {
        try {
            return this.directoryManager.searchNestedGroupRelationships(l.longValue(), QueryBuilder.createMembershipQuery(i, 0, membershipQuery.isFindChildren(), membershipQuery.getEntityToReturn(), membershipQuery.getReturnType(), membershipQuery.getEntityToMatch(), membershipQuery.getEntityNameToMatch()));
        } catch (OperationFailedException e) {
            this.logger.error(e.getMessage(), e);
            return new ArrayList();
        } catch (DirectoryNotFoundException e2) {
            return new ArrayList();
        }
    }

    private OperationType getCreateOperationType(Group group) {
        switch (AnonymousClass1.$SwitchMap$com$atlassian$crowd$model$group$GroupType[group.getType().ordinal()]) {
            case 1:
                return OperationType.CREATE_GROUP;
            case 2:
                return OperationType.CREATE_ROLE;
            default:
                throw new UnsupportedOperationException();
        }
    }

    private OperationType getUpdateOperationType(Group group) {
        switch (AnonymousClass1.$SwitchMap$com$atlassian$crowd$model$group$GroupType[group.getType().ordinal()]) {
            case 1:
                return OperationType.UPDATE_GROUP;
            case 2:
                return OperationType.UPDATE_ROLE;
            default:
                throw new UnsupportedOperationException();
        }
    }

    private OperationType getUpdateAttributeOperationType(Group group) {
        switch (AnonymousClass1.$SwitchMap$com$atlassian$crowd$model$group$GroupType[group.getType().ordinal()]) {
            case 1:
                return OperationType.UPDATE_GROUP_ATTRIBUTE;
            case 2:
                return OperationType.UPDATE_ROLE_ATTRIBUTE;
            default:
                throw new UnsupportedOperationException();
        }
    }

    private OperationType getDeleteOperationType(Group group) {
        switch (AnonymousClass1.$SwitchMap$com$atlassian$crowd$model$group$GroupType[group.getType().ordinal()]) {
            case 1:
                return OperationType.DELETE_GROUP;
            case 2:
                return OperationType.DELETE_ROLE;
            default:
                throw new UnsupportedOperationException();
        }
    }

    private RemoteDirectory getDirectoryImplementation(Directory directory) throws DirectoryInstantiationException {
        return this.directoryInstanceLoader.getDirectory(directory);
    }

    private Iterable<Directory> getActiveDirectories(Application application) {
        return Iterables.filter(Iterables.transform(application.getDirectoryMappings(), DirectoryResolver.INSTANCE), ActiveDirectorFilter.INSTANCE);
    }

    private <T> Comparator<T> getAggregatingAndSortingComparatorFor(Class<T> cls) {
        if (!String.class.isAssignableFrom(cls) && !User.class.isAssignableFrom(cls) && !Group.class.isAssignableFrom(cls)) {
            throw new IllegalArgumentException("Cannot find comparator for type: " + cls.getCanonicalName());
        }
        return NameComparator.of(cls);
    }

    private boolean isAllowedToAuthenticate(String str, long j, Application application) throws OperationFailedException, DirectoryNotFoundException {
        if (!application.isActive()) {
            this.logger.debug("User does not have access to application '{}' as the application is inactive", application.getName());
            return false;
        }
        DirectoryMapping directoryMapping = application.getDirectoryMapping(j);
        if (directoryMapping != null) {
            if (directoryMapping.isAllowAllToAuthenticate()) {
                return true;
            }
            Iterator it = directoryMapping.getAuthorisedGroups().iterator();
            while (it.hasNext()) {
                if (this.directoryManager.isUserNestedGroupMember(j, str, ((GroupMapping) it.next()).getGroupName())) {
                    return true;
                }
            }
        }
        this.logger.debug("User does not have access to application '{}' as the directory is not allow all to authenticate and the user is not a member of any of the authorised groups", application.getName());
        return false;
    }
}
