package com.atlassian.crowd.manager.application;

import com.atlassian.crowd.directory.DirectoryProperties;
import com.atlassian.crowd.directory.loader.DirectoryInstanceLoader;
import com.atlassian.crowd.embedded.api.Directories;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.OperationType;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.embedded.api.UserCapabilities;
import com.atlassian.crowd.embedded.api.UserComparator;
import com.atlassian.crowd.embedded.impl.DirectoryUserCapabilities;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.crowd.event.EventStore;
import com.atlassian.crowd.event.EventTokenExpiredException;
import com.atlassian.crowd.event.Events;
import com.atlassian.crowd.event.IncrementalSynchronisationNotAvailableException;
import com.atlassian.crowd.event.user.UserAuthenticatedEvent;
import com.atlassian.crowd.event.user.UserAuthenticationFailedInvalidAuthenticationEvent;
import com.atlassian.crowd.exception.ApplicationPermissionException;
import com.atlassian.crowd.exception.BulkAddFailedException;
import com.atlassian.crowd.exception.DirectoryInstantiationException;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.InvalidGroupException;
import com.atlassian.crowd.exception.InvalidMembershipException;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.MembershipAlreadyExistsException;
import com.atlassian.crowd.exception.MembershipNotFoundException;
import com.atlassian.crowd.exception.NestedGroupsNotSupportedException;
import com.atlassian.crowd.exception.ObjectNotFoundException;
import com.atlassian.crowd.exception.ReadOnlyGroupException;
import com.atlassian.crowd.exception.UserAlreadyExistsException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.exception.WebhookNotFoundException;
import com.atlassian.crowd.exception.runtime.OperationFailedException;
import com.atlassian.crowd.manager.directory.BulkAddResult;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.crowd.manager.directory.DirectoryPermissionException;
import com.atlassian.crowd.manager.permission.PermissionManager;
import com.atlassian.crowd.manager.webhook.InvalidWebhookEndpointException;
import com.atlassian.crowd.manager.webhook.WebhookRegistry;
import com.atlassian.crowd.model.DirectoryEntities;
import com.atlassian.crowd.model.DirectoryEntity;
import com.atlassian.crowd.model.InternalAttributesHelper;
import com.atlassian.crowd.model.NameComparator;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.model.application.DirectoryMapping;
import com.atlassian.crowd.model.application.GroupMapping;
import com.atlassian.crowd.model.event.GroupEvent;
import com.atlassian.crowd.model.event.GroupMembershipEvent;
import com.atlassian.crowd.model.event.Operation;
import com.atlassian.crowd.model.event.OperationEvent;
import com.atlassian.crowd.model.event.UserEvent;
import com.atlassian.crowd.model.event.UserMembershipEvent;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupTemplate;
import com.atlassian.crowd.model.group.GroupType;
import com.atlassian.crowd.model.group.GroupWithAttributes;
import com.atlassian.crowd.model.group.InternalGroup;
import com.atlassian.crowd.model.group.InternalGroupWithAttributes;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.crowd.model.user.UserTemplateWithCredentialAndAttributes;
import com.atlassian.crowd.model.user.UserWithAttributes;
import com.atlassian.crowd.model.webhook.Webhook;
import com.atlassian.crowd.model.webhook.WebhookTemplate;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.search.query.QueryUtils;
import com.atlassian.crowd.search.query.entity.EntityQuery;
import com.atlassian.crowd.search.query.membership.MembershipQuery;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.fugue.Pair;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import cz.vutbr.web.csskit.OutputUtil;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.ConcurrentModificationException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Nullable;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.transaction.annotation.Transactional;

@Transactional
/* loaded from: input_file:WEB-INF/lib/crowd-core-2.8.3.jar:com/atlassian/crowd/manager/application/ApplicationServiceGeneric.class */
public class ApplicationServiceGeneric implements ApplicationService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ApplicationServiceGeneric.class);
    private static final Pattern USER_KEY_PATTERN = Pattern.compile("(\\d+):(.+)");
    private static final Set<OperationType> UPDATE_GROUP_PERMISSION = ImmutableSet.of(OperationType.UPDATE_GROUP);
    private static final Set<OperationType> CREATE_AND_UPDATE_GROUP_PERMISSIONS = ImmutableSet.of(OperationType.CREATE_GROUP, OperationType.UPDATE_GROUP);
    private final DirectoryManager directoryManager;
    private final PermissionManager permissionManager;
    private final DirectoryInstanceLoader directoryInstanceLoader;
    private final EventPublisher eventPublisher;
    private final EventStore eventStore;
    private final WebhookRegistry webhookRegistry;
    private final Predicate<Directory> supportsNestedGroups = new Predicate<Directory>() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.1
        @Override // com.google.common.base.Predicate
        public boolean apply(Directory directory) {
            try {
                return ApplicationServiceGeneric.this.directoryManager.supportsNestedGroups(directory.getId().longValue());
            } catch (DirectoryInstantiationException e) {
                throw new OperationFailedException(e);
            } catch (DirectoryNotFoundException e2) {
                throw ApplicationServiceGeneric.concurrentModificationExceptionForDirectoryAccess(e2);
            }
        }
    };
    private final InternalAttributesHelper attributesHelper = new InternalAttributesHelper();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/crowd-core-2.8.3.jar:com/atlassian/crowd/manager/application/ApplicationServiceGeneric$DirectoryAndGroup.class */
    public static class DirectoryAndGroup {
        final Directory directory;
        final Group group;

        DirectoryAndGroup(Directory directory, Group group) {
            this.directory = directory;
            this.group = group;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/crowd-core-2.8.3.jar:com/atlassian/crowd/manager/application/ApplicationServiceGeneric$DirectoryPredicate.class */
    private abstract class DirectoryPredicate implements Predicate<Directory> {
        private DirectoryPredicate() {
        }

        @Override // com.google.common.base.Predicate
        public final boolean apply(Directory directory) {
            try {
                return fallibleCheckForEntity(directory);
            } catch (DirectoryNotFoundException e) {
                throw ApplicationServiceGeneric.concurrentModificationExceptionForDirectoryAccess(e);
            } catch (ObjectNotFoundException e2) {
                return false;
            } catch (com.atlassian.crowd.exception.OperationFailedException e3) {
                throw new OperationFailedException(errorMessage(directory), e3);
            }
        }

        protected abstract boolean fallibleCheckForEntity(Directory directory) throws ObjectNotFoundException, com.atlassian.crowd.exception.OperationFailedException, DirectoryNotFoundException;

        protected abstract String errorMessage(Directory directory);
    }

    /* loaded from: input_file:WEB-INF/lib/crowd-core-2.8.3.jar:com/atlassian/crowd/manager/application/ApplicationServiceGeneric$LightweightDirectoryEntity.class */
    private static abstract class LightweightDirectoryEntity implements DirectoryEntity {
        private final long directoryId;
        private final String name;

        LightweightDirectoryEntity(long j, String str) {
            this.directoryId = j;
            this.name = (String) Preconditions.checkNotNull(str);
        }

        @Override // com.atlassian.crowd.model.DirectoryEntity
        public long getDirectoryId() {
            return this.directoryId;
        }

        @Override // com.atlassian.crowd.model.DirectoryEntity
        public String getName() {
            return this.name;
        }

        @Override // com.atlassian.crowd.model.DirectoryEntity
        public int hashCode() {
            return (31 * (31 + ((int) (this.directoryId ^ (this.directoryId >>> 32))))) + IdentifierUtils.toLowerCase(this.name).hashCode();
        }

        @Override // com.atlassian.crowd.model.DirectoryEntity
        public boolean equals(Object obj) {
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            LightweightDirectoryEntity lightweightDirectoryEntity = (LightweightDirectoryEntity) obj;
            return this.directoryId == lightweightDirectoryEntity.directoryId && IdentifierUtils.equalsInLowerCase(this.name, lightweightDirectoryEntity.name);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/crowd-core-2.8.3.jar:com/atlassian/crowd/manager/application/ApplicationServiceGeneric$LightweightGroup.class */
    public static class LightweightGroup extends LightweightDirectoryEntity {
        LightweightGroup(long j, String str) {
            super(j, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/crowd-core-2.8.3.jar:com/atlassian/crowd/manager/application/ApplicationServiceGeneric$LightweightUser.class */
    public static class LightweightUser extends LightweightDirectoryEntity {
        LightweightUser(long j, String str) {
            super(j, str);
        }
    }

    public ApplicationServiceGeneric(DirectoryManager directoryManager, PermissionManager permissionManager, DirectoryInstanceLoader directoryInstanceLoader, EventPublisher eventPublisher, EventStore eventStore, WebhookRegistry webhookRegistry) {
        this.directoryInstanceLoader = directoryInstanceLoader;
        this.directoryManager = (DirectoryManager) Preconditions.checkNotNull(directoryManager);
        this.permissionManager = (PermissionManager) Preconditions.checkNotNull(permissionManager);
        this.eventPublisher = eventPublisher;
        this.eventStore = eventStore;
        this.webhookRegistry = webhookRegistry;
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public User authenticateUser(Application application, String str, PasswordCredential passwordCredential) throws com.atlassian.crowd.exception.OperationFailedException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, UserNotFoundException {
        if (application.getDirectoryMappings() == null || application.getDirectoryMappings().isEmpty()) {
            throw new InvalidAuthenticationException("Unable to authenticate user as there are no directories mapped to the application " + application.getName());
        }
        com.atlassian.crowd.exception.OperationFailedException operationFailedException = null;
        for (Directory directory : getActiveDirectories(application)) {
            try {
                User authenticateUser = this.directoryManager.authenticateUser(directory.getId().longValue(), str, passwordCredential);
                this.eventPublisher.publish(new UserAuthenticatedEvent(this, directory, application, authenticateUser));
                return authenticateUser;
            } catch (DirectoryNotFoundException e) {
                throw concurrentModificationExceptionForDirectoryIteration(e);
            } catch (InvalidAuthenticationException e2) {
                this.eventPublisher.publish(new UserAuthenticationFailedInvalidAuthenticationEvent(this, directory, str));
                throw e2;
            } catch (com.atlassian.crowd.exception.OperationFailedException e3) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Failed to authenticate against '" + directory.getName() + "'", (Throwable) e3);
                }
                logger.error("Directory '" + directory.getName() + "' is not functional during authentication of '" + str + "'. Skipped.");
                if (operationFailedException == null) {
                    operationFailedException = e3;
                }
            } catch (UserNotFoundException e4) {
            }
        }
        if (operationFailedException != null) {
            throw operationFailedException;
        }
        throw new UserNotFoundException(str);
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public boolean isUserAuthorised(Application application, String str) {
        try {
            return isAllowedToAuthenticate(str, fastFailingFindUser(application, str).getDirectoryId(), application);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
            logger.error(e2.getMessage(), (Throwable) e2);
            return false;
        } catch (UserNotFoundException e3) {
            return false;
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public void addAllUsers(Application application, Collection<UserTemplateWithCredentialAndAttributes> collection) throws ApplicationPermissionException, com.atlassian.crowd.exception.OperationFailedException, BulkAddFailedException {
        logger.debug("Adding users for application {}", application);
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Directory findFirstDirectoryWithCreateUserPermission = findFirstDirectoryWithCreateUserPermission(application);
        if (findFirstDirectoryWithCreateUserPermission == null) {
            throw new ApplicationPermissionException("Application '" + application.getName() + "' has no directories that allow adding of users.");
        }
        try {
            Iterator<UserTemplateWithCredentialAndAttributes> it2 = collection.iterator();
            while (it2.hasNext()) {
                it2.next().setDirectoryId(findFirstDirectoryWithCreateUserPermission.getId().longValue());
            }
            BulkAddResult<User> addAllUsers = this.directoryManager.addAllUsers(findFirstDirectoryWithCreateUserPermission.getId().longValue(), collection, false);
            Iterator<User> it3 = addAllUsers.getExistingEntities().iterator();
            while (it3.hasNext()) {
                hashSet2.add(it3.next().getName());
            }
            Iterator<User> it4 = addAllUsers.getFailedEntities().iterator();
            while (it4.hasNext()) {
                hashSet.add(it4.next().getName());
            }
            if (hashSet.size() > 0 || hashSet2.size() > 0) {
                throw new BulkAddFailedException(hashSet, hashSet2);
            }
        } catch (DirectoryNotFoundException e) {
            throw new com.atlassian.crowd.exception.OperationFailedException("Directory Not Found when trying to add users to directory '" + findFirstDirectoryWithCreateUserPermission.getName() + "'.", e);
        } catch (DirectoryPermissionException e2) {
            throw new ApplicationPermissionException("Permission Exception when trying to add users to directory '" + findFirstDirectoryWithCreateUserPermission.getName() + "'. " + e2.getMessage(), e2);
        }
    }

    private Directory findFirstDirectoryWithCreateUserPermission(Application application) {
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, OperationType.CREATE_USER)) {
                return directory;
            }
        }
        return null;
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public User findUserByName(Application application, String str) throws UserNotFoundException {
        for (Directory directory : getActiveDirectories(application)) {
            try {
                User findUserByName = this.directoryManager.findUserByName(directory.getId().longValue(), str);
                logger.debug("Located user '{}' in directory {} '{}'", findUserByName.getName(), directory.getId(), directory.getName());
                return findUserByName;
            } catch (DirectoryNotFoundException e) {
                logger.debug("Directory {} '{}' was active at the start of the loop, but can no longer be found", directory.getId(), directory.getName());
                throw concurrentModificationExceptionForDirectoryIteration(e);
            } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
                logger.error(e2.getMessage(), (Throwable) e2);
            } catch (UserNotFoundException e3) {
            }
        }
        throw new UserNotFoundException(str);
    }

    @VisibleForTesting
    static Pair<Long, String> directoryIdAndExternalIdFromKey(String str) {
        Matcher matcher = USER_KEY_PATTERN.matcher(str);
        if (matcher.matches()) {
            return Pair.pair(Long.valueOf(Long.parseLong(matcher.group(1))), matcher.group(2));
        }
        throw new IllegalArgumentException("Invalid user key");
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public User findUserByKey(Application application, String str) throws UserNotFoundException {
        Pair<Long, String> directoryIdAndExternalIdFromKey = directoryIdAndExternalIdFromKey(str);
        long longValue = directoryIdAndExternalIdFromKey.left().longValue();
        String right = directoryIdAndExternalIdFromKey.right();
        if (!Iterables.any(getActiveDirectories(application), Directories.directoryWithIdPredicate(longValue))) {
            logger.debug("Cannot look up in directory {} because it is not mapped to the application", Long.valueOf(longValue));
            throw new UserNotFoundException(right);
        }
        try {
            return checkCanonicalUser(this.directoryManager.findUserByExternalId(longValue, right), application);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
            throw new UserNotFoundException(right, e2);
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public UserWithAttributes findUserWithAttributesByKey(Application application, String str) throws UserNotFoundException {
        Pair<Long, String> directoryIdAndExternalIdFromKey = directoryIdAndExternalIdFromKey(str);
        long longValue = directoryIdAndExternalIdFromKey.left().longValue();
        String right = directoryIdAndExternalIdFromKey.right();
        if (!Iterables.any(getActiveDirectories(application), Directories.directoryWithIdPredicate(longValue))) {
            logger.debug("Cannot look up in directory {} because it is not mapped to the application", Long.valueOf(longValue));
            throw new UserNotFoundException(right);
        }
        try {
            return (UserWithAttributes) checkCanonicalUser(this.directoryManager.findUserWithAttributesByExternalId(longValue, right), application);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
            throw new UserNotFoundException(right, e2);
        }
    }

    private <T extends User> T checkCanonicalUser(T t, Application application) throws UserNotFoundException {
        if (isCanonical(application, t)) {
            return t;
        }
        logger.debug("Skipping user {} from directory {} because it is shadowed by another user", t.getName(), Long.valueOf(t.getDirectoryId()));
        throw new UserNotFoundException(t.getExternalId());
    }

    private User fastFailingFindUser(Application application, String str) throws UserNotFoundException, com.atlassian.crowd.exception.OperationFailedException {
        Iterator<Directory> it2 = getActiveDirectories(application).iterator();
        while (it2.hasNext()) {
            try {
                return this.directoryManager.findUserByName(it2.next().getId().longValue(), str);
            } catch (DirectoryNotFoundException e) {
                throw concurrentModificationExceptionForDirectoryIteration(e);
            } catch (UserNotFoundException e2) {
            }
        }
        throw new UserNotFoundException(str);
    }

    private Group fastFailingFindGroup(Application application, String str) throws GroupNotFoundException, com.atlassian.crowd.exception.OperationFailedException {
        Iterator<Directory> it2 = getActiveDirectories(application).iterator();
        while (it2.hasNext()) {
            try {
                return this.directoryManager.findGroupByName(it2.next().getId().longValue(), str);
            } catch (DirectoryNotFoundException e) {
                throw concurrentModificationExceptionForDirectoryIteration(e);
            } catch (GroupNotFoundException e2) {
            }
        }
        throw new GroupNotFoundException(str);
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public UserWithAttributes findUserWithAttributesByName(Application application, String str) throws UserNotFoundException {
        Iterator<Directory> it2 = getActiveDirectories(application).iterator();
        while (it2.hasNext()) {
            try {
                return this.directoryManager.findUserWithAttributesByName(it2.next().getId().longValue(), str);
            } catch (DirectoryNotFoundException e) {
                throw concurrentModificationExceptionForDirectoryIteration(e);
            } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
                logger.error(e2.getMessage(), (Throwable) e2);
            } catch (UserNotFoundException e3) {
            }
        }
        throw new UserNotFoundException(str);
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public User addUser(Application application, UserTemplate userTemplate, PasswordCredential passwordCredential) throws InvalidUserException, com.atlassian.crowd.exception.OperationFailedException, InvalidCredentialException, ApplicationPermissionException {
        if (IdentifierUtils.hasLeadingOrTrailingWhitespace(userTemplate.getName())) {
            throw new InvalidUserException(userTemplate, "User name may not contain leading or trailing whitespace");
        }
        logger.debug("Adding user <{}> for application <{}>", userTemplate.getName(), application.getName());
        try {
            fastFailingFindUser(application, userTemplate.getName());
            throw new InvalidUserException(userTemplate, "User already exists");
        } catch (UserNotFoundException e) {
            Directory findFirstDirectoryWithCreateUserPermission = findFirstDirectoryWithCreateUserPermission(application);
            if (findFirstDirectoryWithCreateUserPermission == null) {
                throw new ApplicationPermissionException("Application '" + application.getName() + "' has no directories that allow adding of users.");
            }
            try {
                userTemplate.setDirectoryId(findFirstDirectoryWithCreateUserPermission.getId().longValue());
                User addUser = this.directoryManager.addUser(findFirstDirectoryWithCreateUserPermission.getId().longValue(), userTemplate, passwordCredential);
                logger.debug("User '{}' was added to directory '{}'.", userTemplate.getName(), findFirstDirectoryWithCreateUserPermission.getName(), userTemplate.getName());
                return addUser;
            } catch (DirectoryNotFoundException e2) {
                throw new com.atlassian.crowd.exception.OperationFailedException("Directory not found when trying to add user '" + userTemplate.getName() + "' to directory '" + findFirstDirectoryWithCreateUserPermission.getName() + "'.", e2);
            } catch (UserAlreadyExistsException e3) {
                throw new com.atlassian.crowd.exception.OperationFailedException("User " + userTemplate.getName() + " already exists.");
            } catch (DirectoryPermissionException e4) {
                throw new ApplicationPermissionException("Permission Exception when trying to add user '" + userTemplate.getName() + "' to directory '" + findFirstDirectoryWithCreateUserPermission.getName() + "'. " + e4.getMessage(), e4);
            }
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public User updateUser(Application application, UserTemplate userTemplate) throws InvalidUserException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, UserNotFoundException {
        logger.debug("Updating user <{}> for application <{}>", userTemplate.getName(), application.getName());
        User fastFailingFindUser = fastFailingFindUser(application, userTemplate.getName());
        if (StringUtils.isBlank(userTemplate.getExternalId())) {
            userTemplate.setExternalId(fastFailingFindUser.getExternalId());
        }
        if (userTemplate.getDirectoryId() <= 0) {
            userTemplate.setDirectoryId(fastFailingFindUser.getDirectoryId());
        } else if (userTemplate.getDirectoryId() != fastFailingFindUser.getDirectoryId()) {
            throw new InvalidUserException(userTemplate, "Attempted to update user '" + userTemplate.getName() + "' with invalid directory ID " + userTemplate.getDirectoryId() + ", we expected ID " + fastFailingFindUser.getDirectoryId() + ".");
        }
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER)) {
            throw new ApplicationPermissionException("Cannot update user '" + userTemplate.getName() + "' because directory '" + findDirectoryById.getName() + "' does not allow updates.");
        }
        try {
            return this.directoryManager.updateUser(findDirectoryById.getId().longValue(), userTemplate);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (DirectoryPermissionException e2) {
            throw new ApplicationPermissionException("Permission Exception when trying to update user '" + userTemplate.getName() + "' in directory '" + findDirectoryById.getName() + "'.", e2);
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public User renameUser(Application application, String str, String str2) throws UserNotFoundException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, InvalidUserException {
        logger.debug("Renaming user <{}> to <{}> for application <{}>", str, str2, application.getName());
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser(application, str).getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER)) {
            throw new ApplicationPermissionException("Cannot rename user '" + str + "' because directory '" + findDirectoryById.getName() + "' does not allow updates.");
        }
        try {
            return this.directoryManager.renameUser(findDirectoryById.getId().longValue(), str, str2);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (UserAlreadyExistsException e2) {
            throw new com.atlassian.crowd.exception.OperationFailedException("User " + str2 + " already exists.");
        } catch (DirectoryPermissionException e3) {
            throw new ApplicationPermissionException("Permission Exception when trying to rename user '" + str + "' in directory '" + findDirectoryById.getName() + "'.", e3);
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public void updateUserCredential(Application application, String str, PasswordCredential passwordCredential) throws com.atlassian.crowd.exception.OperationFailedException, InvalidCredentialException, ApplicationPermissionException, UserNotFoundException {
        User fastFailingFindUser = fastFailingFindUser(application, str);
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER)) {
            throw new ApplicationPermissionException("Not allowed to update user '" + fastFailingFindUser.getName() + "' in directory '" + findDirectoryById.getName() + "'.");
        }
        try {
            this.directoryManager.updateUserCredential(fastFailingFindUser.getDirectoryId(), str, passwordCredential);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (DirectoryPermissionException e2) {
            throw new ApplicationPermissionException(e2);
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public void storeUserAttributes(Application application, String str, Map<String, Set<String>> map) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, UserNotFoundException {
        logger.debug("Storing user attributes for user <{}> and application <{}>", str, application.getName());
        User fastFailingFindUser = fastFailingFindUser(application, str);
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER_ATTRIBUTE)) {
            throw new ApplicationPermissionException("Not allowed to update user attributes '" + fastFailingFindUser.getName() + "' in directory '" + findDirectoryById.getName() + "'.");
        }
        try {
            this.directoryManager.storeUserAttributes(findDirectoryById.getId().longValue(), str, map);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (DirectoryPermissionException e2) {
            throw new ApplicationPermissionException(e2);
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public void removeUserAttributes(Application application, String str, String str2) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, UserNotFoundException {
        logger.debug("Removing user attributes for user <{}> and application <{}>", str, application.getName());
        User fastFailingFindUser = fastFailingFindUser(application, str);
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER_ATTRIBUTE)) {
            throw new ApplicationPermissionException("Not allowed to update user attributes '" + fastFailingFindUser.getName() + "' in directory '" + findDirectoryById.getName() + "'.");
        }
        try {
            this.directoryManager.removeUserAttributes(findDirectoryById.getId().longValue(), str, str2);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (DirectoryPermissionException e2) {
            throw new ApplicationPermissionException(e2);
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public void removeUser(Application application, String str) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, UserNotFoundException {
        User fastFailingFindUser = fastFailingFindUser(application, str);
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.DELETE_USER)) {
            throw new ApplicationPermissionException("Not allowed to delete user '" + fastFailingFindUser.getName() + "' from directory '" + findDirectoryById.getName() + "'.");
        }
        try {
            this.directoryManager.removeUser(findDirectoryById.getId().longValue(), str);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (DirectoryPermissionException e2) {
            throw new ApplicationPermissionException(e2);
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public <T> List<T> searchUsers(Application application, EntityQuery<T> entityQuery) {
        return searchUsers(application, entityQuery, getAggregatingAndSortingComparatorFor(entityQuery.getReturnType()));
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public List<User> searchUsersAllowingDuplicateNames(Application application, EntityQuery<User> entityQuery) {
        return searchUsers(application, entityQuery, UserComparator.KEY_MAKER);
    }

    private <T, K extends Comparable<? super K>> List<T> searchUsers(Application application, EntityQuery<T> entityQuery, Function<? super T, K> function) {
        QueryUtils.checkAssignableFrom(entityQuery.getReturnType(), String.class, User.class);
        ResultsAggregator with = ResultsAggregator.with(function, entityQuery);
        Iterator<Directory> it2 = getActiveDirectories(application).iterator();
        while (it2.hasNext()) {
            try {
                with.addAll(this.directoryManager.searchUsers(it2.next().getId().longValue(), QueryBuilder.queryFor(entityQuery.getReturnType(), entityQuery.getEntityDescriptor(), entityQuery.getSearchRestriction(), 0, -1)));
            } catch (DirectoryNotFoundException e) {
            } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
                logger.error(e2.getMessage(), (Throwable) e2);
            }
        }
        return with.constrainResults();
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public Group findGroupByName(Application application, String str) throws GroupNotFoundException {
        Iterator<Directory> it2 = getActiveDirectories(application).iterator();
        while (it2.hasNext()) {
            try {
                return this.directoryManager.findGroupByName(it2.next().getId().longValue(), str);
            } catch (DirectoryNotFoundException e) {
                throw concurrentModificationExceptionForDirectoryIteration(e);
            } catch (GroupNotFoundException e2) {
            } catch (com.atlassian.crowd.exception.OperationFailedException e3) {
                logger.error(e3.getMessage(), (Throwable) e3);
            }
        }
        throw new GroupNotFoundException(str);
    }

    private Group getGroup(Application application, String str) throws com.atlassian.crowd.exception.OperationFailedException, GroupNotFoundException {
        Iterator<Directory> it2 = getActiveDirectories(application).iterator();
        while (it2.hasNext()) {
            try {
                return this.directoryManager.findGroupByName(it2.next().getId().longValue(), str);
            } catch (DirectoryNotFoundException e) {
                throw concurrentModificationExceptionForDirectoryIteration(e);
            } catch (GroupNotFoundException e2) {
            }
        }
        throw new GroupNotFoundException(str);
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public GroupWithAttributes findGroupWithAttributesByName(Application application, String str) throws GroupNotFoundException {
        Iterator<Directory> it2 = getActiveDirectories(application).iterator();
        while (it2.hasNext()) {
            try {
                return this.directoryManager.findGroupWithAttributesByName(it2.next().getId().longValue(), str);
            } catch (DirectoryNotFoundException e) {
                throw concurrentModificationExceptionForDirectoryIteration(e);
            } catch (GroupNotFoundException e2) {
            } catch (com.atlassian.crowd.exception.OperationFailedException e3) {
                logger.error(e3.getMessage(), (Throwable) e3);
            }
        }
        throw new GroupNotFoundException(str);
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public Group addGroup(Application application, GroupTemplate groupTemplate) throws InvalidGroupException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException {
        if (IdentifierUtils.hasLeadingOrTrailingWhitespace(groupTemplate.getName())) {
            throw new InvalidGroupException(groupTemplate, "Group name may not contain leading or trailing whitespace");
        }
        logger.debug("Adding group <{}> for application <{}>", groupTemplate.getName(), application.getName());
        try {
            getGroup(application, groupTemplate.getName());
            throw new InvalidGroupException(groupTemplate, "Group already exists");
        } catch (GroupNotFoundException e) {
            OperationType createOperationType = getCreateOperationType(groupTemplate);
            for (Directory directory : getActiveDirectories(application)) {
                if (this.permissionManager.hasPermission(application, directory, createOperationType)) {
                    try {
                        groupTemplate.setDirectoryId(directory.getId().longValue());
                        this.directoryManager.addGroup(directory.getId().longValue(), groupTemplate);
                    } catch (DirectoryNotFoundException e2) {
                        logger.error(e2.getMessage(), (Throwable) e2);
                    } catch (DirectoryPermissionException e3) {
                        logger.info("Could not add group <{}> to directory <{}>", groupTemplate.getName(), directory.getName());
                        logger.info(e3.getMessage());
                    }
                }
            }
            try {
                return getGroup(application, groupTemplate.getName());
            } catch (GroupNotFoundException e4) {
                throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow adding of groups");
            }
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public Group updateGroup(Application application, GroupTemplate groupTemplate) throws InvalidGroupException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, GroupNotFoundException {
        logger.debug("Updating group <{}> for application <{}>", groupTemplate.getName(), application.getName());
        OperationType updateOperationType = getUpdateOperationType(getGroup(application, groupTemplate.getName()));
        boolean z = false;
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, updateOperationType)) {
                try {
                    groupTemplate.setDirectoryId(directory.getId().longValue());
                    this.directoryManager.updateGroup(directory.getId().longValue(), groupTemplate);
                    z = true;
                } catch (DirectoryNotFoundException e) {
                    throw concurrentModificationExceptionForDirectoryIteration(e);
                } catch (GroupNotFoundException e2) {
                } catch (ReadOnlyGroupException e3) {
                    logger.info("Could not update group <{}> to directory <{}> because the group is read-only.", groupTemplate.getName(), directory.getName(), e3);
                } catch (DirectoryPermissionException e4) {
                    logger.info("Could not update group <{}> to directory <{}>", groupTemplate.getName(), directory.getName());
                    logger.info(e4.getMessage());
                }
            }
        }
        if (z) {
            return getGroup(application, groupTemplate.getName());
        }
        throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group modifications");
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public void storeGroupAttributes(Application application, String str, Map<String, Set<String>> map) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, GroupNotFoundException {
        logger.debug("Storing group attributes for group <{}> and application <{}>", str, application.getName());
        OperationType updateAttributeOperationType = getUpdateAttributeOperationType(getGroup(application, str));
        boolean z = false;
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, updateAttributeOperationType)) {
                try {
                    this.directoryManager.storeGroupAttributes(directory.getId().longValue(), str, map);
                    z = true;
                } catch (DirectoryNotFoundException e) {
                    throw concurrentModificationExceptionForDirectoryIteration(e);
                } catch (GroupNotFoundException e2) {
                } catch (DirectoryPermissionException e3) {
                    logger.info("Could not update group <{}> to directory <{}>", str, directory.getName());
                    logger.info(e3.getMessage());
                }
            }
        }
        if (!z) {
            throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group attribute modifications");
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public void removeGroupAttributes(Application application, String str, String str2) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, GroupNotFoundException {
        logger.debug("Removing group attributes for group <{}> and application <{}>", str, application.getName());
        boolean z = false;
        OperationType updateAttributeOperationType = getUpdateAttributeOperationType(getGroup(application, str));
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, updateAttributeOperationType)) {
                try {
                    this.directoryManager.removeGroupAttributes(directory.getId().longValue(), str, str2);
                    z = true;
                } catch (DirectoryNotFoundException e) {
                    throw concurrentModificationExceptionForDirectoryIteration(e);
                } catch (GroupNotFoundException e2) {
                } catch (DirectoryPermissionException e3) {
                    logger.info("Could not update group <{}> to directory <{}>", str, directory.getName());
                    logger.info(e3.getMessage());
                }
            }
        }
        if (!z) {
            throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group attribute modifications");
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public void removeGroup(Application application, String str) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, GroupNotFoundException {
        boolean z = false;
        OperationType deleteOperationType = getDeleteOperationType(getGroup(application, str));
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, deleteOperationType)) {
                try {
                    this.directoryManager.removeGroup(directory.getId().longValue(), str);
                    z = true;
                } catch (DirectoryNotFoundException e) {
                    throw concurrentModificationExceptionForDirectoryIteration(e);
                } catch (GroupNotFoundException e2) {
                } catch (ReadOnlyGroupException e3) {
                    logger.info("Could not update group <{}> to directory <{}> because the group is read-only.", str, directory.getName(), e3);
                } catch (DirectoryPermissionException e4) {
                    logger.info("Could not remove group <{}> from directory <{}>", str, directory.getName());
                }
            }
        }
        if (!z) {
            throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group removal");
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public <T> List<T> searchGroups(Application application, EntityQuery<T> entityQuery) {
        QueryUtils.checkAssignableFrom(entityQuery.getReturnType(), String.class, Group.class);
        ResultsAggregator with = ResultsAggregator.with(getAggregatingAndSortingComparatorFor(entityQuery.getReturnType()), entityQuery);
        Iterator<Directory> it2 = getActiveDirectories(application).iterator();
        while (it2.hasNext()) {
            try {
                List<T> searchGroups = this.directoryManager.searchGroups(it2.next().getId().longValue(), QueryBuilder.queryFor(entityQuery.getReturnType(), entityQuery.getEntityDescriptor(), entityQuery.getSearchRestriction(), 0, -1));
                if (GroupWithAttributes.class.isAssignableFrom(entityQuery.getReturnType())) {
                    with.addAll(Lists.transform(searchGroups, new Function<T, T>() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.2
                        /* JADX WARN: Multi-variable type inference failed */
                        @Override // com.google.common.base.Function
                        public T apply(T t) {
                            return t instanceof InternalGroup ? (T) new InternalGroupWithAttributes((InternalGroup) t, ApplicationServiceGeneric.this.attributesHelper.attributesListToMap(((InternalGroup) t).getAttributes())) : t;
                        }
                    }));
                } else {
                    with.addAll(searchGroups);
                }
            } catch (DirectoryNotFoundException e) {
            } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
                logger.error(e2.getMessage(), (Throwable) e2);
            }
        }
        return with.constrainResults();
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public void addUserToGroup(Application application, String str, String str2) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, UserNotFoundException, GroupNotFoundException, MembershipAlreadyExistsException {
        Directory findDirectoryToAddUserToGroupAggregating = application.isMembershipAggregationEnabled() ? findDirectoryToAddUserToGroupAggregating(application, str, str2) : findDirectoryToAddUserToGroupNonAggregating(application, str, str2);
        try {
            this.directoryManager.addUserToGroup(findDirectoryToAddUserToGroupAggregating.getId().longValue(), str, str2);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (ReadOnlyGroupException e2) {
            throw new ApplicationPermissionException(String.format("Could not add user %s to group %s in directory %s because the directory or group is read-only.", str, str2, findDirectoryToAddUserToGroupAggregating.getName()));
        } catch (DirectoryPermissionException e3) {
            throw new ApplicationPermissionException("Permission Exception when trying to update group '" + str2 + "' in directory '" + findDirectoryToAddUserToGroupAggregating.getName() + "'.", e3);
        }
    }

    private Directory findDirectoryToAddUserToGroupNonAggregating(Application application, String str, String str2) throws UserNotFoundException, com.atlassian.crowd.exception.OperationFailedException, GroupNotFoundException, ApplicationPermissionException {
        long directoryId = fastFailingFindUser(application, str).getDirectoryId();
        try {
            try {
                this.directoryManager.findGroupByName(directoryId, str2);
            } catch (GroupNotFoundException e) {
                Group fastFailingFindGroup = fastFailingFindGroup(application, str2);
                try {
                    this.directoryManager.addGroup(directoryId, new GroupTemplate(fastFailingFindGroup).withDirectoryId(directoryId));
                } catch (InvalidGroupException e2) {
                    throw new GroupNotFoundException(String.format("Unable to create group %s in directory %d in order to add membership of user %s (group %s found in directory %d)", fastFailingFindGroup.getName(), Long.valueOf(directoryId), str, fastFailingFindGroup.getName(), Long.valueOf(directoryId)), e2);
                } catch (DirectoryPermissionException e3) {
                    throw new ApplicationPermissionException(e3);
                }
            }
            Directory findDirectoryById = findDirectoryById(directoryId);
            if (hasPermissions(application, UPDATE_GROUP_PERMISSION).apply(findDirectoryById)) {
                return findDirectoryById;
            }
            throw new ApplicationPermissionException("Cannot update group '" + str2 + "' because directory '" + findDirectoryById.getName() + "' does not allow updates.");
        } catch (DirectoryNotFoundException e4) {
            throw concurrentModificationExceptionForDirectoryAccess(e4);
        }
    }

    private Directory findDirectoryToAddUserToGroupAggregating(Application application, String str, String str2) throws UserNotFoundException, MembershipAlreadyExistsException, GroupNotFoundException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException {
        Directory directoryWithPermissions;
        ImmutableList copyOf = ImmutableList.copyOf(Iterables.filter(getActiveDirectories(application), containsUser(str)));
        if (copyOf.isEmpty()) {
            throw new UserNotFoundException(str);
        }
        ImmutableList copyOf2 = ImmutableList.copyOf(Iterables.filter(copyOf, containsGroup(str2)));
        if (Iterables.any(copyOf2, containsUserDirectMembershipInGroup(str, str2))) {
            throw new MembershipAlreadyExistsException(str, str2);
        }
        Directory directoryWithPermissions2 = directoryWithPermissions(application, copyOf2, UPDATE_GROUP_PERMISSION);
        if (directoryWithPermissions2 != null) {
            directoryWithPermissions = directoryWithPermissions2;
        } else {
            directoryWithPermissions = directoryWithPermissions(application, copyOf, CREATE_AND_UPDATE_GROUP_PERMISSIONS);
            if (directoryWithPermissions != null) {
                try {
                    this.directoryManager.addGroup(directoryWithPermissions.getId().longValue(), new GroupTemplate(fastFailingFindGroup(application, str2)).withDirectoryId(directoryWithPermissions.getId().longValue()));
                } catch (DirectoryNotFoundException e) {
                    throw concurrentModificationExceptionForDirectoryAccess(e);
                } catch (InvalidGroupException e2) {
                    throw new com.atlassian.crowd.exception.OperationFailedException(e2);
                } catch (DirectoryPermissionException e3) {
                    throw new ApplicationPermissionException(e3);
                }
            }
        }
        if (directoryWithPermissions == null) {
            throw new ApplicationPermissionException("Did not have update groups permission in any of the directories " + copyOf2);
        }
        return directoryWithPermissions;
    }

    @Nullable
    private Directory directoryWithPermissionsAnd(Application application, Collection<Directory> collection, Set<OperationType> set, Predicate<Directory> predicate) {
        return (Directory) Iterables.find(collection, Predicates.and(hasPermissions(application, set), predicate), null);
    }

    @Nullable
    private Directory directoryWithPermissions(Application application, Collection<Directory> collection, Set<OperationType> set) {
        return directoryWithPermissionsAnd(application, collection, set, Predicates.alwaysTrue());
    }

    private Predicate<Directory> hasPermissions(final Application application, final Set<OperationType> set) {
        return new Predicate<Directory>() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.3
            @Override // com.google.common.base.Predicate
            public boolean apply(final Directory directory) {
                return Iterables.all(set, new Predicate<OperationType>() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.3.1
                    @Override // com.google.common.base.Predicate
                    public boolean apply(OperationType operationType) {
                        return ApplicationServiceGeneric.this.permissionManager.hasPermission(application, directory, operationType);
                    }
                });
            }
        };
    }

    private Predicate<Directory> containsUserDirectMembershipInGroup(final String str, final String str2) {
        return new DirectoryPredicate() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.4
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected boolean fallibleCheckForEntity(Directory directory) throws DirectoryNotFoundException, com.atlassian.crowd.exception.OperationFailedException {
                return ApplicationServiceGeneric.this.directoryManager.isUserDirectGroupMember(directory.getId().longValue(), str, str2);
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected String errorMessage(Directory directory) {
                return String.format("Failed to determine if user %s is a member of group %s in directory %d", str, str2, directory.getId());
            }
        };
    }

    private Predicate<Directory> containsUserNestedMembershipInGroup(final String str, final String str2) {
        return new DirectoryPredicate() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.5
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected boolean fallibleCheckForEntity(Directory directory) throws DirectoryNotFoundException, com.atlassian.crowd.exception.OperationFailedException {
                return ApplicationServiceGeneric.this.directoryManager.isUserNestedGroupMember(directory.getId().longValue(), str, str2);
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected String errorMessage(Directory directory) {
                return String.format("Failed to determine if user %s is a nested member of group %s in directory %d", str, str2, directory.getId());
            }
        };
    }

    private Predicate<Directory> containsGroupDirectMembershipInGroup(final String str, final String str2) {
        return new DirectoryPredicate() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.6
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected boolean fallibleCheckForEntity(Directory directory) throws DirectoryNotFoundException, com.atlassian.crowd.exception.OperationFailedException {
                return ApplicationServiceGeneric.this.directoryManager.isGroupDirectGroupMember(directory.getId().longValue(), str, str2);
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected String errorMessage(Directory directory) {
                return String.format("Failed to determine if child group %s is a member of parent group %s in directory %d", str, str2, directory.getId());
            }
        };
    }

    private Predicate<Directory> containsGroupNestedMembershipInGroup(final String str, final String str2) {
        return new DirectoryPredicate() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.7
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected boolean fallibleCheckForEntity(Directory directory) throws DirectoryNotFoundException, com.atlassian.crowd.exception.OperationFailedException {
                return ApplicationServiceGeneric.this.directoryManager.isGroupNestedGroupMember(directory.getId().longValue(), str, str2);
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected String errorMessage(Directory directory) {
                return String.format("Failed to determine if child group %s is a nested member of parent group %s in directory %d", str, str2, directory.getId());
            }
        };
    }

    private Predicate<Directory> containsGroup(final String str) {
        return new DirectoryPredicate() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.8
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected boolean fallibleCheckForEntity(Directory directory) throws DirectoryNotFoundException, com.atlassian.crowd.exception.OperationFailedException, GroupNotFoundException {
                ApplicationServiceGeneric.this.directoryManager.findGroupByName(directory.getId().longValue(), str);
                return true;
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected String errorMessage(Directory directory) {
                return String.format("Failed to determine if group %s exists in directory %d", str, directory.getId());
            }
        };
    }

    private Predicate<Directory> containsUser(final String str) {
        return new DirectoryPredicate() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.9
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected boolean fallibleCheckForEntity(Directory directory) throws DirectoryNotFoundException, com.atlassian.crowd.exception.OperationFailedException, UserNotFoundException {
                ApplicationServiceGeneric.this.directoryManager.findUserByName(directory.getId().longValue(), str);
                return true;
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected String errorMessage(Directory directory) {
                return String.format("Failed to determine if user %s exists in directory %d", str, directory.getId());
            }
        };
    }

    private Directory findDirectoryById(long j) throws ConcurrentModificationException {
        try {
            return this.directoryManager.findDirectoryById(j);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public void addGroupToGroup(Application application, String str, String str2) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, GroupNotFoundException, InvalidMembershipException, MembershipAlreadyExistsException {
        if (IdentifierUtils.equalsInLowerCase(str, str2)) {
            throw new InvalidMembershipException("Cannot add a group to itself.");
        }
        if (isGroupNestedGroupMember(application, str2, str)) {
            throw new InvalidMembershipException("Cannot add child group '" + str + "' to parent group '" + str2 + "' - this would cause a circular dependency.");
        }
        DirectoryAndGroup findDirectoryAndGroupForAddGroupToGroupAggregating = application.isMembershipAggregationEnabled() ? findDirectoryAndGroupForAddGroupToGroupAggregating(application, str, str2) : findDirectoryAndGroupForAddGroupToGroupNonAggregating(application, str, str2);
        Directory directory = findDirectoryAndGroupForAddGroupToGroupAggregating.directory;
        Group group = findDirectoryAndGroupForAddGroupToGroupAggregating.group;
        try {
            Group findGroupByName = this.directoryManager.findGroupByName(directory.getId().longValue(), str);
            Group findGroupByName2 = group != null ? group : this.directoryManager.findGroupByName(directory.getId().longValue(), str2);
            if (findGroupByName.getType() != findGroupByName2.getType()) {
                throw new InvalidMembershipException("Cannot add group of type " + findGroupByName.getType().name() + " to group of type " + findGroupByName2.getType().name());
            }
            this.directoryManager.addGroupToGroup(directory.getId().longValue(), str, str2);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (NestedGroupsNotSupportedException e2) {
            throw new InvalidMembershipException(e2);
        } catch (ReadOnlyGroupException e3) {
            throw new ApplicationPermissionException(String.format("Could not add child group %s to parent group %s in directory %s because the directory or group is read-only.", str, str2, directory.getName()));
        } catch (DirectoryPermissionException e4) {
            throw new ApplicationPermissionException("Permission Exception when trying to update group '" + str2 + "' in directory '" + directory.getName() + "'.", e4);
        }
    }

    private DirectoryAndGroup findDirectoryAndGroupForAddGroupToGroupNonAggregating(Application application, String str, String str2) throws GroupNotFoundException, com.atlassian.crowd.exception.OperationFailedException, InvalidMembershipException, ApplicationPermissionException {
        Group group = null;
        long directoryId = fastFailingFindGroup(application, str).getDirectoryId();
        Directory findDirectoryById = findDirectoryById(directoryId);
        try {
            if (!this.directoryManager.supportsNestedGroups(directoryId)) {
                throw new InvalidMembershipException("Nested directories are not supported by directory " + findDirectoryById.getName());
            }
            try {
                this.directoryManager.findGroupByName(directoryId, str2);
            } catch (GroupNotFoundException e) {
                group = this.directoryManager.addGroup(findDirectoryById.getId().longValue(), new GroupTemplate(fastFailingFindGroup(application, str2)).withDirectoryId(findDirectoryById.getId().longValue()));
            }
            if (hasPermissions(application, UPDATE_GROUP_PERMISSION).apply(findDirectoryById)) {
                return new DirectoryAndGroup(findDirectoryById, group);
            }
            throw new ApplicationPermissionException("Cannot update group '" + str2 + "' because directory '" + findDirectoryById.getName() + "' does not allow updates.");
        } catch (DirectoryNotFoundException e2) {
            throw concurrentModificationExceptionForDirectoryAccess(e2);
        } catch (InvalidGroupException e3) {
            throw new com.atlassian.crowd.exception.OperationFailedException(e3);
        } catch (DirectoryPermissionException e4) {
            throw new ApplicationPermissionException(String.format("Parent group %s could not be added to directory %d where the canonical instance of %s was found.", str2, Long.valueOf(directoryId), str));
        }
    }

    private DirectoryAndGroup findDirectoryAndGroupForAddGroupToGroupAggregating(Application application, String str, String str2) throws GroupNotFoundException, MembershipAlreadyExistsException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException {
        Directory directoryWithPermissionsAnd;
        Group group;
        ImmutableList copyOf = ImmutableList.copyOf(Iterables.filter(getActiveDirectories(application), containsGroup(str)));
        if (copyOf.isEmpty()) {
            throw new GroupNotFoundException(str);
        }
        ImmutableList copyOf2 = ImmutableList.copyOf(Iterables.filter(copyOf, containsGroup(str2)));
        if (Iterables.any(copyOf2, containsGroupDirectMembershipInGroup(str, str2))) {
            throw new MembershipAlreadyExistsException(str, str2);
        }
        Directory directoryWithPermissionsAnd2 = directoryWithPermissionsAnd(application, copyOf2, UPDATE_GROUP_PERMISSION, this.supportsNestedGroups);
        if (directoryWithPermissionsAnd2 != null) {
            directoryWithPermissionsAnd = directoryWithPermissionsAnd2;
            group = null;
        } else {
            directoryWithPermissionsAnd = directoryWithPermissionsAnd(application, copyOf, CREATE_AND_UPDATE_GROUP_PERMISSIONS, this.supportsNestedGroups);
            if (directoryWithPermissionsAnd != null) {
                try {
                    group = this.directoryManager.addGroup(directoryWithPermissionsAnd.getId().longValue(), new GroupTemplate(fastFailingFindGroup(application, str2)).withDirectoryId(directoryWithPermissionsAnd.getId().longValue()));
                } catch (DirectoryNotFoundException e) {
                    throw concurrentModificationExceptionForDirectoryAccess(e);
                } catch (InvalidGroupException e2) {
                    throw new com.atlassian.crowd.exception.OperationFailedException(e2);
                } catch (DirectoryPermissionException e3) {
                    throw new ApplicationPermissionException(e3);
                }
            } else {
                group = null;
            }
        }
        if (directoryWithPermissionsAnd == null) {
            throw new ApplicationPermissionException(String.format("Could not find a directory in which it is possible to add %s to %s", str, str2));
        }
        return new DirectoryAndGroup(directoryWithPermissionsAnd, group);
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public void removeUserFromGroup(Application application, String str, String str2) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, MembershipNotFoundException, UserNotFoundException, GroupNotFoundException {
        if (application.isMembershipAggregationEnabled()) {
            removeUserFromGroupAggregating(application, str, str2);
        } else {
            removeUserFromGroupNonAggregating(application, str, str2);
        }
    }

    private void removeUserFromGroupNonAggregating(Application application, String str, String str2) throws UserNotFoundException, com.atlassian.crowd.exception.OperationFailedException, GroupNotFoundException, MembershipNotFoundException, ApplicationPermissionException {
        User fastFailingFindUser = fastFailingFindUser(application, str);
        try {
            this.directoryManager.findGroupByName(fastFailingFindUser.getDirectoryId(), str2);
            if (!isUserDirectGroupMember(application, str, str2)) {
                throw new MembershipNotFoundException(str, str2);
            }
            Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
            if (!hasPermissions(application, UPDATE_GROUP_PERMISSION).apply(findDirectoryById)) {
                throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group modifications");
            }
            try {
                this.directoryManager.removeUserFromGroup(findDirectoryById.getId().longValue(), str, str2);
            } catch (DirectoryNotFoundException e) {
                throw concurrentModificationExceptionForDirectoryAccess(e);
            } catch (ReadOnlyGroupException e2) {
                throw new ApplicationPermissionException(String.format("Could not remove user %s from group %s in directory %s because the directory or group is read-only.", str, str2, findDirectoryById.getName()));
            } catch (DirectoryPermissionException e3) {
                throw new ApplicationPermissionException(e3);
            }
        } catch (DirectoryNotFoundException e4) {
            throw concurrentModificationExceptionForDirectoryAccess(e4);
        }
    }

    private void removeUserFromGroupAggregating(Application application, String str, String str2) throws UserNotFoundException, GroupNotFoundException, MembershipNotFoundException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException {
        Collection<Directory> activeDirectories = getActiveDirectories(application);
        ImmutableList copyOf = ImmutableList.copyOf(Iterables.filter(activeDirectories, containsUserDirectMembershipInGroup(str, str2)));
        if (copyOf.isEmpty()) {
            if (!Iterables.any(activeDirectories, containsUser(str))) {
                throw new UserNotFoundException(str);
            }
            if (!Iterables.any(activeDirectories, containsGroup(str2))) {
                throw new GroupNotFoundException(str2);
            }
            throw new MembershipNotFoundException(str, str2);
        }
        if (!Iterables.all(copyOf, hasPermissions(application, UPDATE_GROUP_PERMISSION))) {
            throw new ApplicationPermissionException(String.format("At least one directory containing %s as a member of %s does not have write permission", str, str2));
        }
        Iterator<E> it2 = copyOf.iterator();
        while (it2.hasNext()) {
            try {
                this.directoryManager.removeUserFromGroup(((Directory) it2.next()).getId().longValue(), str, str2);
            } catch (DirectoryNotFoundException e) {
            } catch (ReadOnlyGroupException e2) {
                throw new ApplicationPermissionException(e2);
            } catch (DirectoryPermissionException e3) {
                throw new ApplicationPermissionException(e3);
            }
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public void removeGroupFromGroup(Application application, String str, String str2) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, MembershipNotFoundException, GroupNotFoundException {
        if (application.isMembershipAggregationEnabled()) {
            removeGroupFromGroupAggregating(application, str, str2);
        } else {
            removeGroupFromGroupNonAggregating(application, str, str2);
        }
    }

    private void removeGroupFromGroupNonAggregating(Application application, String str, String str2) throws GroupNotFoundException, com.atlassian.crowd.exception.OperationFailedException, MembershipNotFoundException, ApplicationPermissionException {
        Group fastFailingFindGroup = fastFailingFindGroup(application, str);
        try {
            this.directoryManager.findGroupByName(fastFailingFindGroup.getDirectoryId(), str2);
            if (!isGroupDirectGroupMember(application, str, str2)) {
                throw new MembershipNotFoundException(str, str2);
            }
            Directory findDirectoryById = findDirectoryById(fastFailingFindGroup.getDirectoryId());
            if (!hasPermissions(application, UPDATE_GROUP_PERMISSION).apply(findDirectoryById)) {
                throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group modifications");
            }
            try {
                this.directoryManager.removeGroupFromGroup(findDirectoryById.getId().longValue(), str, str2);
            } catch (DirectoryNotFoundException e) {
                throw concurrentModificationExceptionForDirectoryAccess(e);
            } catch (InvalidMembershipException e2) {
                throw new com.atlassian.crowd.exception.OperationFailedException(String.format("Cannot remove group %s from %s because they have different types", str, str2), e2);
            } catch (ReadOnlyGroupException e3) {
                throw new ApplicationPermissionException(String.format("Could not remove child group %s from parent group %s in directory %s because the directory or group is read-only.", str, str2, findDirectoryById.getName()), e3);
            } catch (DirectoryPermissionException e4) {
                throw new ApplicationPermissionException(e4);
            }
        } catch (DirectoryNotFoundException e5) {
            throw concurrentModificationExceptionForDirectoryAccess(e5);
        }
    }

    private void removeGroupFromGroupAggregating(Application application, String str, String str2) throws GroupNotFoundException, MembershipNotFoundException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException {
        Collection<Directory> activeDirectories = getActiveDirectories(application);
        ImmutableList copyOf = ImmutableList.copyOf(Iterables.filter(activeDirectories, containsGroupDirectMembershipInGroup(str, str2)));
        if (copyOf.isEmpty()) {
            if (!Iterables.any(activeDirectories, containsGroup(str))) {
                throw new GroupNotFoundException(str);
            }
            if (!Iterables.any(activeDirectories, containsGroup(str2))) {
                throw new GroupNotFoundException(str2);
            }
            throw new MembershipNotFoundException(str, str2);
        }
        if (!Iterables.all(copyOf, hasPermissions(application, UPDATE_GROUP_PERMISSION))) {
            throw new ApplicationPermissionException(String.format("At least one directory containing %s as a member of %s does not have write permission", str, str2));
        }
        Iterator<E> it2 = copyOf.iterator();
        while (it2.hasNext()) {
            try {
                this.directoryManager.removeGroupFromGroup(((Directory) it2.next()).getId().longValue(), str, str2);
            } catch (DirectoryNotFoundException e) {
            } catch (InvalidMembershipException e2) {
                throw new com.atlassian.crowd.exception.OperationFailedException(String.format("Cannot remove group %s from %s because they have different types", str, str2), e2);
            } catch (ReadOnlyGroupException e3) {
                throw new ApplicationPermissionException(e3);
            } catch (DirectoryPermissionException e4) {
                throw new ApplicationPermissionException(e4);
            }
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public boolean isUserDirectGroupMember(Application application, String str, String str2) {
        if (application.isMembershipAggregationEnabled()) {
            return Iterables.any(getActiveDirectories(application), containsUserDirectMembershipInGroup(str, str2));
        }
        try {
            return this.directoryManager.isUserDirectGroupMember(findUserByName(application, str).getDirectoryId(), str, str2);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryIteration(e);
        } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
            logger.error(e2.getMessage(), (Throwable) e2);
            return false;
        } catch (UserNotFoundException e3) {
            return false;
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public boolean isGroupDirectGroupMember(Application application, String str, String str2) {
        if (application.isMembershipAggregationEnabled()) {
            return Iterables.any(getActiveDirectories(application), containsGroupDirectMembershipInGroup(str, str2));
        }
        try {
            return this.directoryManager.isGroupDirectGroupMember(findGroupByName(application, str).getDirectoryId(), str, str2);
        } catch (DirectoryNotFoundException e) {
            throw new ConcurrentModificationException("Directory mapping was removed while determining if the group is a direct group member: " + e.getMessage());
        } catch (GroupNotFoundException e2) {
            return false;
        } catch (com.atlassian.crowd.exception.OperationFailedException e3) {
            logger.error(e3.getMessage(), (Throwable) e3);
            return false;
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public boolean isUserNestedGroupMember(Application application, String str, String str2) {
        if (application.isMembershipAggregationEnabled()) {
            return Iterables.any(getActiveDirectories(application), containsUserNestedMembershipInGroup(str, str2));
        }
        try {
            return this.directoryManager.isUserNestedGroupMember(findUserByName(application, str).getDirectoryId(), str, str2);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
            logger.error(e2.getMessage(), (Throwable) e2);
            return false;
        } catch (UserNotFoundException e3) {
            return false;
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public boolean isGroupNestedGroupMember(Application application, String str, String str2) {
        if (application.isMembershipAggregationEnabled()) {
            return Iterables.any(getActiveDirectories(application), containsGroupNestedMembershipInGroup(str, str2));
        }
        try {
            return this.directoryManager.isGroupNestedGroupMember(findGroupByName(application, str).getDirectoryId(), str, str2);
        } catch (DirectoryNotFoundException e) {
            throw new ConcurrentModificationException("Directory mapping was removed while determining if the group is a nested group member: " + e.getMessage());
        } catch (GroupNotFoundException e2) {
            return false;
        } catch (com.atlassian.crowd.exception.OperationFailedException e3) {
            logger.error(e3.getMessage(), (Throwable) e3);
            return false;
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public <T> List<T> searchDirectGroupRelationships(Application application, MembershipQuery<T> membershipQuery) {
        QueryUtils.checkAssignableFrom(membershipQuery.getReturnType(), String.class, Group.class, User.class);
        ResultsAggregator with = ResultsAggregator.with(getAggregatingAndSortingComparatorFor(membershipQuery.getReturnType()), membershipQuery);
        if (application.isMembershipAggregationEnabled()) {
            Iterator<Directory> it2 = getActiveDirectories(application).iterator();
            while (it2.hasNext()) {
                with.addAll(doDirectDirectoryMembershipQuery(membershipQuery, it2.next().getId()));
            }
        } else if (membershipQuery.isFindChildren()) {
            for (Directory directory : getActiveDirectories(application)) {
                if (membershipQuery.getReturnType() == User.class || membershipQuery.getReturnType() == Group.class) {
                    with.addAll(Iterables.filter(doDirectDirectoryMembershipQuery(membershipQuery, directory.getId()), isCanonicalEntity(application)));
                } else if (membershipQuery.getReturnType() == String.class && membershipQuery.getEntityToReturn().equals(EntityDescriptor.user())) {
                    with.addAll(Iterables.transform(Iterables.filter(usersInDirectory(directory.getId().longValue(), doDirectDirectoryMembershipQuery(membershipQuery, directory.getId())), isCanonicalEntity(application)), DirectoryEntities.NAME_FUNCTION));
                } else {
                    if (membershipQuery.getReturnType() != String.class || !membershipQuery.getEntityToReturn().equals(EntityDescriptor.group())) {
                        throw new IllegalArgumentException("Unsupported query return type or entity: " + membershipQuery.toString());
                    }
                    with.addAll(Iterables.transform(Iterables.filter(groupsInDirectory(directory.getId().longValue(), doDirectDirectoryMembershipQuery(membershipQuery, directory.getId())), isCanonicalEntity(application)), DirectoryEntities.NAME_FUNCTION));
                }
            }
        } else {
            try {
                with.addAll(doDirectDirectoryMembershipQuery(membershipQuery, Long.valueOf(findEntityByName(application, membershipQuery.getEntityNameToMatch(), membershipQuery.getEntityToMatch()).getDirectoryId())));
            } catch (ObjectNotFoundException e) {
            }
        }
        return with.constrainResults();
    }

    private static Iterable<DirectoryEntity> usersInDirectory(final long j, Iterable<String> iterable) {
        return Iterables.transform(iterable, new Function<String, DirectoryEntity>() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.10
            @Override // com.google.common.base.Function
            public DirectoryEntity apply(String str) {
                return new LightweightUser(j, str);
            }
        });
    }

    private static Iterable<DirectoryEntity> groupsInDirectory(final long j, Iterable<String> iterable) {
        return Iterables.transform(iterable, new Function<String, DirectoryEntity>() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.11
            @Override // com.google.common.base.Function
            public DirectoryEntity apply(String str) {
                return new LightweightGroup(j, str);
            }
        });
    }

    private <T extends DirectoryEntity> Predicate<T> isCanonicalEntity(final Application application) {
        return (Predicate<T>) new Predicate<T>() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.12
            /* JADX WARN: Incorrect types in method signature: (TT;)Z */
            @Override // com.google.common.base.Predicate
            public boolean apply(DirectoryEntity directoryEntity) {
                return ApplicationServiceGeneric.this.isCanonical(application, directoryEntity);
            }
        };
    }

    private <T> List<T> doDirectDirectoryMembershipQuery(MembershipQuery<T> membershipQuery, Long l) {
        try {
            return this.directoryManager.searchDirectGroupRelationships(l.longValue(), QueryBuilder.createMembershipQuery(-1, 0, membershipQuery.isFindChildren(), membershipQuery.getEntityToReturn(), membershipQuery.getReturnType(), membershipQuery.getEntityToMatch(), membershipQuery.getEntityNameToMatch()));
        } catch (DirectoryNotFoundException e) {
            return Collections.emptyList();
        } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
            logger.error(e2.getMessage(), (Throwable) e2);
            return Collections.emptyList();
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public <T> List<T> searchNestedGroupRelationships(Application application, MembershipQuery<T> membershipQuery) {
        QueryUtils.checkAssignableFrom(membershipQuery.getReturnType(), String.class, Group.class, User.class);
        ResultsAggregator with = ResultsAggregator.with(getAggregatingAndSortingComparatorFor(membershipQuery.getReturnType()), membershipQuery);
        if (application.isMembershipAggregationEnabled()) {
            Iterator<Directory> it2 = getActiveDirectories(application).iterator();
            while (it2.hasNext()) {
                with.addAll(doNestedDirectoryMembershipQuery(membershipQuery, it2.next().getId()));
            }
        } else if (membershipQuery.isFindChildren()) {
            for (Directory directory : getActiveDirectories(application)) {
                if (membershipQuery.getReturnType() == User.class || membershipQuery.getReturnType() == Group.class) {
                    with.addAll(Iterables.filter(doNestedDirectoryMembershipQuery(membershipQuery, directory.getId()), isCanonicalEntity(application)));
                } else if (membershipQuery.getReturnType() == String.class && membershipQuery.getEntityToReturn().equals(EntityDescriptor.user())) {
                    with.addAll(Iterables.transform(Iterables.filter(doNestedDirectoryMembershipQuery(new MembershipQuery<>(membershipQuery, User.class), directory.getId()), isCanonicalEntity(application)), DirectoryEntities.NAME_FUNCTION));
                } else {
                    if (membershipQuery.getReturnType() != String.class || !membershipQuery.getEntityToReturn().equals(EntityDescriptor.group())) {
                        throw new IllegalArgumentException("Unsupported query return type or entity: " + membershipQuery.toString());
                    }
                    with.addAll(Iterables.transform(Iterables.filter(doNestedDirectoryMembershipQuery(new MembershipQuery<>(membershipQuery, Group.class), directory.getId()), isCanonicalEntity(application)), DirectoryEntities.NAME_FUNCTION));
                }
            }
        } else {
            try {
                with.addAll(doNestedDirectoryMembershipQuery(membershipQuery, Long.valueOf(findEntityByName(application, membershipQuery.getEntityNameToMatch(), membershipQuery.getEntityToMatch()).getDirectoryId())));
            } catch (ObjectNotFoundException e) {
            }
        }
        return with.constrainResults();
    }

    private DirectoryEntity findEntityByName(Application application, String str, EntityDescriptor entityDescriptor) throws ObjectNotFoundException {
        if (entityDescriptor == EntityDescriptor.user()) {
            return findUserByName(application, str);
        }
        if (entityDescriptor == EntityDescriptor.group()) {
            return findGroupByName(application, str);
        }
        throw new IllegalArgumentException("Expected a User or Group");
    }

    <T extends DirectoryEntity> boolean isCanonical(Application application, @Nullable T t) {
        Group findUserByName;
        if (t == null) {
            return true;
        }
        Directory directory = (Directory) Iterables.getFirst(getActiveDirectories(application), null);
        if (directory == null) {
            return false;
        }
        if (directory.getId().equals(Long.valueOf(t.getDirectoryId()))) {
            return true;
        }
        try {
            if ((t instanceof User) || (t instanceof LightweightUser)) {
                findUserByName = findUserByName(application, t.getName());
            } else {
                if (!(t instanceof Group) && !(t instanceof LightweightGroup)) {
                    throw new IllegalArgumentException("Entity must be an instance of User or Group (was " + t.getClass().getName() + OutputUtil.FUNCTION_CLOSING);
                }
                findUserByName = findGroupByName(application, t.getName());
            }
            return t.getDirectoryId() == findUserByName.getDirectoryId();
        } catch (GroupNotFoundException e) {
            return false;
        } catch (UserNotFoundException e2) {
            return false;
        }
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public String getCurrentEventToken(Application application) throws IncrementalSynchronisationNotAvailableException {
        assertIncrementalSynchronisationIsAvailable(ImmutableList.copyOf((Collection) getActiveDirectories(application)));
        return this.eventStore.getCurrentEventToken();
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public Events getNewEvents(Application application, String str) throws EventTokenExpiredException, com.atlassian.crowd.exception.OperationFailedException {
        Events newEvents = this.eventStore.getNewEvents(str);
        ArrayList arrayList = new ArrayList();
        if (!Iterables.isEmpty(newEvents.getEvents())) {
            ImmutableList copyOf = ImmutableList.copyOf((Collection) getActiveDirectories(application));
            for (OperationEvent operationEvent : newEvents.getEvents()) {
                if (operationEvent.getDirectory() == null) {
                    arrayList.add(operationEvent);
                } else {
                    int indexOf = Iterables.indexOf(copyOf, Directories.directoryWithIdPredicate(operationEvent.getDirectory().getId().longValue()));
                    if (indexOf == -1) {
                        continue;
                    } else if (operationEvent instanceof UserEvent) {
                        arrayList.addAll(processUserEvent(copyOf, indexOf, (UserEvent) operationEvent));
                    } else if (operationEvent instanceof GroupEvent) {
                        arrayList.addAll(processGroupEvent(copyOf, indexOf, (GroupEvent) operationEvent));
                    } else if (operationEvent instanceof UserMembershipEvent) {
                        arrayList.addAll(processUserMembershipEvent(copyOf, (UserMembershipEvent) operationEvent));
                    } else {
                        if (!(operationEvent instanceof GroupMembershipEvent)) {
                            throw new IllegalArgumentException("Event type " + operationEvent.getClass() + " not supported.");
                        }
                        arrayList.addAll(processGroupMembershipEvent(copyOf, (GroupMembershipEvent) operationEvent));
                    }
                }
            }
        }
        return new Events(arrayList, newEvents.getNewEventToken());
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public Webhook findWebhookById(Application application, long j) throws WebhookNotFoundException, ApplicationPermissionException {
        Webhook findById = this.webhookRegistry.findById(j);
        if (application.getId().equals(findById.getApplication().getId())) {
            return findById;
        }
        throw new ApplicationPermissionException("Application does not own Webhook");
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public Webhook registerWebhook(Application application, String str, @Nullable String str2) throws InvalidWebhookEndpointException {
        ensureWebhookEndpointUrlIsValid(str);
        return this.webhookRegistry.add(new WebhookTemplate(application, str, str2));
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public void unregisterWebhook(Application application, long j) throws ApplicationPermissionException, WebhookNotFoundException {
        Webhook findById = this.webhookRegistry.findById(j);
        if (!application.getId().equals(findById.getApplication().getId())) {
            throw new ApplicationPermissionException("Application does not own Webhook");
        }
        this.webhookRegistry.remove(findById);
    }

    @Override // com.atlassian.crowd.manager.application.ApplicationService
    public UserCapabilities getCapabilitiesForNewUsers(Application application) {
        Directory findFirstDirectoryWithCreateUserPermission = findFirstDirectoryWithCreateUserPermission(application);
        return findFirstDirectoryWithCreateUserPermission == null ? DirectoryUserCapabilities.none() : DirectoryUserCapabilities.fromDirectory(findFirstDirectoryWithCreateUserPermission);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<Directory> getActiveDirectories(Application application) {
        return ImmutableList.copyOf(Iterables.filter(Iterables.transform(application.getDirectoryMappings(), DirectoryMapping.DIRECTORY_FROM_MAPPING), Directories.ACTIVE_FILTER));
    }

    private static void ensureWebhookEndpointUrlIsValid(String str) throws InvalidWebhookEndpointException {
        try {
            URI uri = new URI(str);
            if (!uri.isAbsolute()) {
                throw new InvalidWebhookEndpointException(str, "because the url is not absolute");
            }
            if (!"http".equalsIgnoreCase(uri.getScheme()) && !"https".equalsIgnoreCase(uri.getScheme())) {
                throw new InvalidWebhookEndpointException(str, "because the url scheme is not http or https");
            }
        } catch (URISyntaxException e) {
            throw new InvalidWebhookEndpointException(str, e);
        }
    }

    private static <T> Function<T, String> getAggregatingAndSortingComparatorFor(Class<T> cls) {
        if (!String.class.isAssignableFrom(cls) && !User.class.isAssignableFrom(cls) && !Group.class.isAssignableFrom(cls)) {
            throw new IllegalArgumentException("Cannot find normaliser for type: " + cls.getCanonicalName());
        }
        return NameComparator.normaliserOf(cls);
    }

    private void assertIncrementalSynchronisationIsAvailable(List<Directory> list) throws IncrementalSynchronisationNotAvailableException {
        for (Directory directory : list) {
            if (BooleanUtils.isFalse(BooleanUtils.toBooleanObject(directory.getValue(DirectoryProperties.CACHE_ENABLED)))) {
                throw new IncrementalSynchronisationNotAvailableException("Directory '" + directory.getName() + "' is not cached and so cannot be incrementally synchronised");
            }
        }
    }

    private List<? extends OperationEvent> processUserEvent(List<Directory> list, int i, UserEvent userEvent) throws com.atlassian.crowd.exception.OperationFailedException {
        ImmutableList of;
        String name = userEvent.getUser().getName();
        if (findUser(list.subList(0, i), name) != null) {
            of = userEvent.getOperation() == Operation.DELETED ? ImmutableList.of(new UserMembershipEvent(Operation.UPDATED, (Directory) null, name, getParentGroupNames(list, EntityDescriptor.user(), name))) : ImmutableList.of();
        } else if (userEvent.getOperation() == Operation.CREATED) {
            of = findUser(list.subList(i + 1, list.size()), name) != null ? ImmutableList.of(new UserEvent(Operation.UPDATED, null, userEvent.getUser(), userEvent.getStoredAttributes(), userEvent.getDeletedAttributes())) : ImmutableList.of(userEvent);
        } else if (userEvent.getOperation() == Operation.DELETED) {
            User findUser = findUser(list.subList(i + 1, list.size()), name);
            of = findUser != null ? ImmutableList.of((UserMembershipEvent) new UserEvent(Operation.UPDATED, null, findUser, null, null), new UserMembershipEvent(Operation.UPDATED, (Directory) null, name, getParentGroupNames(list, EntityDescriptor.user(), name))) : ImmutableList.of(userEvent);
        } else {
            of = ImmutableList.of(userEvent);
        }
        return of;
    }

    private List<? extends OperationEvent> processGroupEvent(List<Directory> list, int i, GroupEvent groupEvent) throws com.atlassian.crowd.exception.OperationFailedException {
        ImmutableList of;
        String name = groupEvent.getGroup().getName();
        if (findGroup(list.subList(0, i), name) != null) {
            of = groupEvent.getOperation() == Operation.DELETED ? ImmutableList.of(new GroupMembershipEvent(Operation.UPDATED, null, name, getParentGroupNames(list, EntityDescriptor.group(GroupType.GROUP), name), getChildGroupNames(list, name))) : ImmutableList.of();
        } else if (groupEvent.getOperation() == Operation.CREATED) {
            of = findGroup(list.subList(i + 1, list.size()), name) != null ? ImmutableList.of(new GroupEvent(Operation.UPDATED, null, groupEvent.getGroup(), groupEvent.getStoredAttributes(), groupEvent.getDeletedAttributes())) : ImmutableList.of(groupEvent);
        } else if (groupEvent.getOperation() == Operation.DELETED) {
            Group findGroup = findGroup(list.subList(i + 1, list.size()), name);
            of = findGroup != null ? ImmutableList.of((GroupMembershipEvent) new GroupEvent(Operation.UPDATED, null, findGroup, null, null), new GroupMembershipEvent(Operation.UPDATED, null, name, getParentGroupNames(list, EntityDescriptor.group(GroupType.GROUP), name), getChildGroupNames(list, name))) : ImmutableList.of(groupEvent);
        } else {
            of = ImmutableList.of(groupEvent);
        }
        return of;
    }

    private List<OperationEvent> processUserMembershipEvent(List<Directory> list, UserMembershipEvent userMembershipEvent) throws com.atlassian.crowd.exception.OperationFailedException {
        UserMembershipEvent userMembershipEvent2;
        if (userMembershipEvent.getOperation() == Operation.DELETED) {
            String childUsername = userMembershipEvent.getChildUsername();
            userMembershipEvent2 = new UserMembershipEvent(Operation.DELETED, userMembershipEvent.getDirectory(), childUsername, Sets.difference(toLowerCaseIdentifiers(userMembershipEvent.getParentGroupNames()), toLowerCaseIdentifiers(getParentGroupNames(list, EntityDescriptor.user(), childUsername))));
        } else {
            userMembershipEvent2 = userMembershipEvent;
        }
        return ImmutableList.of(userMembershipEvent2);
    }

    private List<OperationEvent> processGroupMembershipEvent(List<Directory> list, GroupMembershipEvent groupMembershipEvent) throws com.atlassian.crowd.exception.OperationFailedException {
        GroupMembershipEvent groupMembershipEvent2;
        if (groupMembershipEvent.getOperation() == Operation.DELETED) {
            String groupName = groupMembershipEvent.getGroupName();
            groupMembershipEvent2 = new GroupMembershipEvent(Operation.DELETED, groupMembershipEvent.getDirectory(), groupName, Sets.difference(toLowerCaseIdentifiers(groupMembershipEvent.getParentGroupNames()), toLowerCaseIdentifiers(getParentGroupNames(list, EntityDescriptor.group(), groupName))), Sets.difference(toLowerCaseIdentifiers(groupMembershipEvent.getChildGroupNames()), toLowerCaseIdentifiers(getChildGroupNames(list, groupName))));
        } else {
            groupMembershipEvent2 = groupMembershipEvent;
        }
        return ImmutableList.of(groupMembershipEvent2);
    }

    private Set<String> getParentGroupNames(List<Directory> list, EntityDescriptor entityDescriptor, String str) throws com.atlassian.crowd.exception.OperationFailedException {
        HashSet hashSet = new HashSet();
        Iterator<Directory> it2 = list.iterator();
        while (it2.hasNext()) {
            try {
                hashSet.addAll(this.directoryManager.searchDirectGroupRelationships(it2.next().getId().longValue(), QueryBuilder.queryFor(String.class, EntityDescriptor.group(GroupType.GROUP)).parentsOf(entityDescriptor).withName(str).returningAtMost(-1)));
            } catch (DirectoryNotFoundException e) {
                throw new com.atlassian.crowd.exception.OperationFailedException("Directory has been removed", e);
            }
        }
        return hashSet;
    }

    private Set<String> getChildGroupNames(List<Directory> list, String str) throws com.atlassian.crowd.exception.OperationFailedException {
        HashSet hashSet = new HashSet();
        Iterator<Directory> it2 = list.iterator();
        while (it2.hasNext()) {
            try {
                hashSet.addAll(this.directoryManager.searchDirectGroupRelationships(it2.next().getId().longValue(), QueryBuilder.queryFor(String.class, EntityDescriptor.group(GroupType.GROUP)).childrenOf(EntityDescriptor.group(GroupType.GROUP)).withName(str).returningAtMost(-1)));
            } catch (DirectoryNotFoundException e) {
                throw new com.atlassian.crowd.exception.OperationFailedException("Directory has been removed", e);
            }
        }
        return hashSet;
    }

    private User findUser(Iterable<Directory> iterable, String str) throws com.atlassian.crowd.exception.OperationFailedException {
        try {
            Iterator<Directory> it2 = iterable.iterator();
            while (it2.hasNext()) {
                try {
                    return this.directoryManager.findUserByName(it2.next().getId().longValue(), str);
                } catch (UserNotFoundException e) {
                }
            }
            return null;
        } catch (DirectoryNotFoundException e2) {
            throw new ConcurrentModificationException("Directory was removed in the middle of this operation");
        }
    }

    private Group findGroup(Iterable<Directory> iterable, String str) throws com.atlassian.crowd.exception.OperationFailedException {
        try {
            Iterator<Directory> it2 = iterable.iterator();
            while (it2.hasNext()) {
                try {
                    return this.directoryManager.findGroupByName(it2.next().getId().longValue(), str);
                } catch (GroupNotFoundException e) {
                }
            }
            return null;
        } catch (DirectoryNotFoundException e2) {
            throw new ConcurrentModificationException("Directory was removed in the middle of this operation");
        }
    }

    private <T> List<T> doNestedDirectoryMembershipQuery(MembershipQuery<T> membershipQuery, Long l) {
        try {
            return this.directoryManager.searchNestedGroupRelationships(l.longValue(), QueryBuilder.createMembershipQuery(-1, 0, membershipQuery.isFindChildren(), membershipQuery.getEntityToReturn(), membershipQuery.getReturnType(), membershipQuery.getEntityToMatch(), membershipQuery.getEntityNameToMatch()));
        } catch (DirectoryNotFoundException e) {
            return Collections.emptyList();
        } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
            logger.error(e2.getMessage(), (Throwable) e2);
            return Collections.emptyList();
        }
    }

    private OperationType getCreateOperationType(Group group) {
        switch (group.getType()) {
            case GROUP:
                return OperationType.CREATE_GROUP;
            default:
                throw new UnsupportedOperationException();
        }
    }

    private OperationType getUpdateOperationType(Group group) {
        switch (group.getType()) {
            case GROUP:
                return OperationType.UPDATE_GROUP;
            default:
                throw new UnsupportedOperationException();
        }
    }

    private OperationType getUpdateAttributeOperationType(Group group) {
        switch (group.getType()) {
            case GROUP:
                return OperationType.UPDATE_GROUP_ATTRIBUTE;
            default:
                throw new UnsupportedOperationException();
        }
    }

    private OperationType getDeleteOperationType(Group group) {
        switch (group.getType()) {
            case GROUP:
                return OperationType.DELETE_GROUP;
            default:
                throw new UnsupportedOperationException();
        }
    }

    private boolean isAllowedToAuthenticate(String str, long j, Application application) throws com.atlassian.crowd.exception.OperationFailedException, DirectoryNotFoundException {
        if (!application.isActive()) {
            logger.debug("User does not have access to application '{}' as the application is inactive", application.getName());
            return false;
        }
        DirectoryMapping directoryMapping = application.getDirectoryMapping(j);
        if (directoryMapping != null) {
            if (directoryMapping.isAllowAllToAuthenticate()) {
                return true;
            }
            Iterator<GroupMapping> it2 = directoryMapping.getAuthorisedGroups().iterator();
            while (it2.hasNext()) {
                if (this.directoryManager.isUserNestedGroupMember(j, str, it2.next().getGroupName())) {
                    return true;
                }
            }
        }
        logger.debug("User does not have access to application '{}' as the directory is not allow all to authenticate and the user is not a member of any of the authorised groups", application.getName());
        return false;
    }

    private Set<String> toLowerCaseIdentifiers(Iterable<String> iterable) {
        return ImmutableSet.copyOf(Iterables.transform(iterable, IdentifierUtils.TO_LOWER_CASE));
    }

    private static ConcurrentModificationException concurrentModificationExceptionForDirectoryIteration(DirectoryNotFoundException directoryNotFoundException) {
        ConcurrentModificationException concurrentModificationException = new ConcurrentModificationException("Directory mapping was removed while iterating through directories");
        concurrentModificationException.initCause(directoryNotFoundException);
        return concurrentModificationException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ConcurrentModificationException concurrentModificationExceptionForDirectoryAccess(DirectoryNotFoundException directoryNotFoundException) {
        ConcurrentModificationException concurrentModificationException = new ConcurrentModificationException("Directory mapping was removed while accessing the directory");
        concurrentModificationException.initCause(directoryNotFoundException);
        return concurrentModificationException;
    }
}
