package com.atlassian.jira.application;

import com.atlassian.application.api.ApplicationKey;
import com.atlassian.application.api.ApplicationManager;
import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.crowd.exception.CrowdException;
import com.atlassian.crowd.exception.OperationNotPermittedException;
import com.atlassian.crowd.exception.embedded.InvalidGroupException;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.fugue.Option;
import com.atlassian.jira.config.group.GroupConfigurationIdentifier;
import com.atlassian.jira.license.JiraLicenseManager;
import com.atlassian.jira.license.LicenseChangedEvent;
import com.atlassian.jira.license.LicenseDetails;
import com.atlassian.jira.message.MessageUtil;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.permission.GlobalPermissionType;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.security.groups.GroupManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.util.dbc.Assertions;
import com.atlassian.jira.util.johnson.JohnsonEventType;
import com.atlassian.jira.util.johnson.JohnsonProvider;
import com.atlassian.johnson.event.EventPredicates;
import com.google.common.base.Supplier;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import javax.annotation.Nullable;
import javax.annotation.ParametersAreNonnullByDefault;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ParametersAreNonnullByDefault
/* loaded from: input_file:com/atlassian/jira/application/ApplicationConfigurationHelper.class */
public class ApplicationConfigurationHelper {
    private static final Logger log = LoggerFactory.getLogger(ApplicationConfigurationHelper.class);
    private final ApplicationManager applicationManager;
    private final GroupManager groupManager;
    private final ApplicationRoleManager applicationRoleManager;
    private final GlobalPermissionManager globalPermissionManager;
    private final UserManager userManager;
    private final ApplicationRoleStore applicationRoleStore;
    private final MessageUtil.Factory messageUtilFactory;
    private final GroupConfigurationIdentifier groupConfigurationIdentifier;
    private final Supplier<Set<GlobalPermissionType>> globalPermissionTypeSupplier = new DefaultGlobalPermissionsSupplier();
    private final EventPublisher eventPublisher;
    private final JiraAuthenticationContext authenticationContext;
    private final JiraLicenseManager licenseManager;
    private final JohnsonProvider johnsonProvider;

    /* loaded from: input_file:com/atlassian/jira/application/ApplicationConfigurationHelper$DefaultGlobalPermissionsSupplier.class */
    private class DefaultGlobalPermissionsSupplier implements Supplier<Set<GlobalPermissionType>> {
        private DefaultGlobalPermissionsSupplier() {
        }

        /* renamed from: get, reason: merged with bridge method [inline-methods] */
        public Set<GlobalPermissionType> m21get() {
            Stream stream = GlobalPermissionKey.DEFAULT_APP_GLOBAL_PERMISSIONS.stream();
            GlobalPermissionManager globalPermissionManager = ApplicationConfigurationHelper.this.globalPermissionManager;
            globalPermissionManager.getClass();
            return (Set) stream.map(globalPermissionManager::getGlobalPermission).map((v0) -> {
                return v0.getOrNull();
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.toSet());
        }
    }

    public ApplicationConfigurationHelper(ApplicationManager applicationManager, GroupManager groupManager, ApplicationRoleManager applicationRoleManager, GlobalPermissionManager globalPermissionManager, UserManager userManager, ApplicationRoleStore applicationRoleStore, MessageUtil.Factory factory, GroupConfigurationIdentifier groupConfigurationIdentifier, EventPublisher eventPublisher, JiraAuthenticationContext jiraAuthenticationContext, JiraLicenseManager jiraLicenseManager, JohnsonProvider johnsonProvider) {
        this.applicationRoleManager = (ApplicationRoleManager) Assertions.notNull("applicationRoleManager", applicationRoleManager);
        this.groupManager = (GroupManager) Assertions.notNull("groupManager", groupManager);
        this.applicationManager = (ApplicationManager) Assertions.notNull("applicationManager", applicationManager);
        this.globalPermissionManager = (GlobalPermissionManager) Assertions.notNull("globalPermissionManager", globalPermissionManager);
        this.userManager = (UserManager) Assertions.notNull("userManager", userManager);
        this.applicationRoleStore = (ApplicationRoleStore) Assertions.notNull("applicationRoleStore", applicationRoleStore);
        this.messageUtilFactory = (MessageUtil.Factory) Assertions.notNull("messageUtilFactory", factory);
        this.groupConfigurationIdentifier = (GroupConfigurationIdentifier) Assertions.notNull("groupConfigurationIdentifier", groupConfigurationIdentifier);
        this.eventPublisher = (EventPublisher) Assertions.notNull("eventPublisher", eventPublisher);
        this.authenticationContext = (JiraAuthenticationContext) Assertions.notNull("authenticationContext", jiraAuthenticationContext);
        this.licenseManager = (JiraLicenseManager) Assertions.notNull("jiraLicenseManager", jiraLicenseManager);
        this.johnsonProvider = (JohnsonProvider) Assertions.notNull("jiraLicenseManager", johnsonProvider);
    }

    public Optional<String> validateApplicationForConfiguration(ApplicationKey applicationKey, @Nullable ApplicationUser applicationUser) {
        Assertions.notNull("applicationKey", applicationKey);
        MessageUtil newInstance = applicationUser != null ? this.messageUtilFactory.getNewInstance(applicationUser) : this.messageUtilFactory.getNewInstance();
        if (noConfigPermission(applicationUser)) {
            return Optional.of(newInstance.getText("application.installation.configuration.not.admin"));
        }
        if (doesApplicationHaveActiveDefaultGroupConfigured(applicationKey)) {
            return Optional.empty();
        }
        String orElse = getAvailableDefaultGroupName(applicationKey).orElse(getDefaultGroupName(applicationKey));
        String applicationDisplayName = getApplicationDisplayName(applicationKey);
        return this.groupManager.groupExists(orElse) ? Optional.of(newInstance.getText("application.installation.configuration.group.exist", orElse, applicationDisplayName, newInstance.getAnchorTagWithInternalLink("app_access_local"))) : this.groupConfigurationIdentifier.groupHasExistingConfiguration(orElse) ? Optional.of(newInstance.getText("application.installation.configuration.group.config.exist", orElse, applicationDisplayName, newInstance.getAnchorTagWithInternalLink("app_access_local"))) : !this.userManager.hasGroupWritableDirectory() ? Optional.of(newInstance.getText("application.installation.configuration.use.to.app", newInstance.getUrl("user-app-access").getUrl(), applicationDisplayName)) : Optional.empty();
    }

    public void configureApplicationsForSetup(Collection<Group> collection, boolean z) {
        Assertions.notNull("additionalGroups", collection);
        Set<ApplicationKey> set = (Set) StreamSupport.stream(this.licenseManager.getLicenses().spliterator(), false).flatMap(licenseDetails -> {
            return configureApplicationForLicense(licenseDetails, Optional.empty()).stream();
        }).collect(Collectors.toSet());
        this.applicationRoleManager.getRoles().forEach(applicationRole -> {
            addGroupsToRole(applicationRole, Optional.empty(), Sets.newHashSet(collection), true);
        });
        configureAdminGroupsForGlobalPermissions();
        if (z) {
            publishAppConfigEvent(set);
        }
    }

    public void configureApplicationsForImport(LicenseDetails licenseDetails) {
        publishAppConfigEvent(configureApplicationForLicense(licenseDetails, Optional.empty()));
    }

    public void setupAdminForDefaultApplications(ApplicationUser applicationUser) {
        Assertions.notNull("user", applicationUser);
        this.applicationRoleManager.getRoles().forEach(applicationRole -> {
            applicationRole.getDefaultGroups().forEach(group -> {
                addUserToGroup(applicationUser, group);
            });
        });
    }

    public void configureLicense(LicenseChangedEvent licenseChangedEvent) {
        if (isImportInProgress()) {
            return;
        }
        if (licenseChangedEvent.getNewLicenseDetails().isDefined()) {
            configureApplicationForLicense((LicenseDetails) licenseChangedEvent.getNewLicenseDetails().get(), Optional.ofNullable(this.authenticationContext.getLoggedInUser()));
        }
        publishAppConfigEventForLicense(licenseChangedEvent);
    }

    private boolean isImportInProgress() {
        if (!this.johnsonProvider.getContainer().hasEvent(EventPredicates.type(JohnsonEventType.IMPORT.eventType()))) {
            return false;
        }
        log.info("Received new license while import in progress, skipping application configuration.");
        return true;
    }

    private void publishAppConfigEventForLicense(LicenseChangedEvent licenseChangedEvent) {
        HashSet newHashSet = Sets.newHashSet();
        if (licenseChangedEvent.getNewLicenseDetails().isDefined()) {
            newHashSet.addAll(((LicenseDetails) licenseChangedEvent.getNewLicenseDetails().get()).getLicensedApplications().getKeys());
        }
        if (licenseChangedEvent.getPreviousLicenseDetails().isDefined()) {
            newHashSet.addAll(((LicenseDetails) licenseChangedEvent.getPreviousLicenseDetails().get()).getLicensedApplications().getKeys());
        }
        publishAppConfigEvent(newHashSet);
    }

    private Set<ApplicationKey> configureApplicationForLicense(LicenseDetails licenseDetails, Optional<ApplicationUser> optional) {
        Assertions.notNull("licenseDetails", licenseDetails);
        if (!this.userManager.hasGroupWritableDirectory()) {
            log.warn("There are no writable directories to create the default group for the new license.");
            return Collections.emptySet();
        }
        HashSet newHashSet = Sets.newHashSet();
        for (ApplicationKey applicationKey : licenseDetails.getLicensedApplications().getKeys()) {
            if (doesApplicationHaveActiveDefaultGroupConfigured(applicationKey)) {
                log.info("Application already configured for {}.", applicationKey.toString());
            } else if (configureApplicationWithDefaultGroup(applicationKey, optional)) {
                newHashSet.add(applicationKey);
            } else {
                log.info("Unable to perform application configuration for {}.", applicationKey.toString());
            }
        }
        return newHashSet;
    }

    private boolean configureApplicationWithDefaultGroup(ApplicationKey applicationKey, Optional<ApplicationUser> optional) {
        Group orCreateGroup;
        log.info("Attempting to perform application configuration for {}.", applicationKey.toString());
        Option role = this.applicationRoleManager.getRole(applicationKey);
        if (!role.isDefined()) {
            return false;
        }
        Optional<String> availableDefaultGroupName = getAvailableDefaultGroupName(applicationKey);
        if (!availableDefaultGroupName.isPresent() || (orCreateGroup = getOrCreateGroup(availableDefaultGroupName.get())) == null) {
            return false;
        }
        if (this.applicationRoleStore.get(applicationKey).getDefaultGroups().stream().anyMatch(str -> {
            return str.equals(toGroupName(orCreateGroup.getName()));
        })) {
            log.info("Application already {} already configured with group {}.", applicationKey.toString(), orCreateGroup.getName());
            return false;
        }
        addGroupsToRole((ApplicationRole) role.get(), Optional.of(orCreateGroup), Collections.emptySet(), false);
        configureGroupForGlobalPermissions(orCreateGroup);
        optional.ifPresent(applicationUser -> {
            addUserToGroup(applicationUser, orCreateGroup);
        });
        log.info("Application configured for {}.", applicationKey.toString());
        return true;
    }

    private void configureGroupForGlobalPermissions(Group group) {
        ((Set) this.globalPermissionTypeSupplier.get()).forEach(globalPermissionType -> {
            addPermissionToGroupIfItHasNotBeenGrantedYet(globalPermissionType, group);
        });
    }

    private void addPermissionToGroupIfItHasNotBeenGrantedYet(GlobalPermissionType globalPermissionType, Group group) {
        if (this.globalPermissionManager.getGroupsWithPermission(globalPermissionType.getGlobalPermissionKey()).contains(group)) {
            return;
        }
        this.globalPermissionManager.addPermission(globalPermissionType, toGroupName(group.getName()));
    }

    private void configureAdminGroupsForGlobalPermissions() {
        this.globalPermissionManager.getGroupsWithPermission(GlobalPermissionKey.ADMINISTER).forEach(group -> {
            configureGroupForGlobalPermissions(group);
        });
    }

    private void publishAppConfigEvent(Set<ApplicationKey> set) {
        if (set.isEmpty()) {
            return;
        }
        this.eventPublisher.publish(new ApplicationConfigurationEvent(set));
    }

    private ApplicationRole addGroupsToRole(ApplicationRole applicationRole, Optional<Group> optional, Set<Group> set, boolean z) {
        HashSet newHashSet = Sets.newHashSet(applicationRole.getGroups());
        newHashSet.addAll(set);
        newHashSet.getClass();
        optional.ifPresent((v1) -> {
            r1.add(v1);
        });
        HashSet newHashSet2 = Sets.newHashSet(applicationRole.getDefaultGroups());
        newHashSet2.getClass();
        optional.ifPresent((v1) -> {
            r1.add(v1);
        });
        return this.applicationRoleManager.setRole(applicationRole.withGroups(newHashSet, newHashSet2).withSelectedByDefault(z || applicationRole.isSelectedByDefault()));
    }

    private boolean noConfigPermission(@Nullable ApplicationUser applicationUser) {
        return (applicationUser == null || this.globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, applicationUser)) ? false : true;
    }

    private String getApplicationDisplayName(ApplicationKey applicationKey) {
        return (String) this.applicationManager.getApplication(applicationKey).map((v0) -> {
            return v0.getName();
        }).getOrElse(this.applicationRoleManager.getRole(applicationKey).map((v0) -> {
            return v0.getName();
        }).getOrElse(applicationKey.toString()));
    }

    private Optional<String> getAvailableDefaultGroupName(ApplicationKey applicationKey) {
        String defaultGroupName = getDefaultGroupName(applicationKey);
        if (isGroupNameAvailable(defaultGroupName)) {
            return Optional.of(defaultGroupName);
        }
        for (int i = 1; i <= 5; i++) {
            String format = String.format("%s-%d", defaultGroupName, Integer.valueOf(i));
            if (isGroupNameAvailable(format)) {
                return Optional.of(format);
            }
        }
        String dateTime = new DateTime().toString(DateTimeFormat.forPattern("yyyyMMdd"));
        for (int i2 = 1; i2 <= 999; i2++) {
            String format2 = String.format("%s-%s-%s-%d", defaultGroupName, "auto", dateTime, Integer.valueOf(i2));
            if (isGroupNameAvailable(format2)) {
                return Optional.of(format2);
            }
        }
        log.warn(String.format("The default group name [%s] for [%2$s] already exist. Unable to provide an unused group name for [%2$s].", defaultGroupName, getApplicationDisplayName(applicationKey)));
        return Optional.empty();
    }

    private boolean isGroupNameAvailable(String str) {
        return (this.groupManager.groupExists(str) || this.groupConfigurationIdentifier.groupHasExistingConfiguration(str)) ? false : true;
    }

    private String getDefaultGroupName(ApplicationKey applicationKey) {
        return toGroupName((String) this.applicationManager.getApplication(applicationKey).map((v0) -> {
            return v0.getDefaultGroup();
        }).getOrElse(() -> {
            return String.format("%s-users", applicationKey.value());
        }));
    }

    private String toGroupName(String str) {
        return IdentifierUtils.toLowerCase(str);
    }

    private boolean doesApplicationHaveActiveDefaultGroupConfigured(ApplicationKey applicationKey) {
        Stream<String> stream = this.applicationRoleStore.get(applicationKey).getDefaultGroups().stream();
        GroupManager groupManager = this.groupManager;
        groupManager.getClass();
        return stream.anyMatch(groupManager::groupExists);
    }

    private Group getOrCreateGroup(String str) {
        Group group = this.groupManager.getGroup(str);
        if (group != null) {
            return group;
        }
        try {
            return this.groupManager.createGroup(str);
        } catch (InvalidGroupException e) {
            if ("Group already exists".equals(e.getMessage())) {
                return e.getGroup();
            }
            log.warn("Unable to create group during application configuration.", e);
            return null;
        } catch (OperationNotPermittedException e2) {
            log.warn("Unable to create group during application configuration.", e2);
            return null;
        }
    }

    private void addUserToGroup(ApplicationUser applicationUser, Group group) {
        if (this.groupManager.isUserInGroup(applicationUser, group)) {
            return;
        }
        try {
            this.groupManager.addUserToGroup(applicationUser, group);
        } catch (CrowdException e) {
            log.warn("Unable to add user to group during application configuration.", e);
        }
    }
}
