package com.atlassian.jira.user.util;

import com.atlassian.applinks.api.auth.oauth.ConsumerTokenService;
import com.atlassian.crowd.embedded.api.CrowdDirectoryService;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.DirectoryType;
import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.crowd.embedded.api.OperationType;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.crowd.embedded.impl.ImmutableUser;
import com.atlassian.crowd.exception.CrowdException;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.OperationNotPermittedException;
import com.atlassian.crowd.exception.UserAlreadyExistsException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.exception.runtime.OperationFailedException;
import com.atlassian.crowd.manager.application.ApplicationManager;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.crowd.manager.directory.DirectoryPermissionException;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.model.group.GroupType;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.crowd.search.query.entity.GroupQuery;
import com.atlassian.crowd.search.query.entity.UserQuery;
import com.atlassian.crowd.search.query.entity.restriction.NullRestrictionImpl;
import com.atlassian.crowd.util.SecureRandomStringUtils;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.config.properties.ApplicationProperties;
import com.atlassian.jira.crowd.embedded.ofbiz.ExtendedUserDao;
import com.atlassian.jira.crowd.embedded.ofbiz.UserOrGroupStub;
import com.atlassian.jira.exception.CreateException;
import com.atlassian.jira.exception.PermissionException;
import com.atlassian.jira.license.LicenseCountService;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.ApplicationUserEntity;
import com.atlassian.jira.user.ApplicationUsers;
import com.atlassian.jira.user.DelegatingApplicationUser;
import com.atlassian.jira.user.UserDetails;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.util.dbc.Assertions;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Supplier;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/user/util/DefaultUserManager.class */
public class DefaultUserManager implements UserManager {
    private static final Logger log = LoggerFactory.getLogger(DefaultUserManager.class);
    private static final UserQuery<User> QUERY_ALL_USERS = new UserQuery<>(User.class, NullRestrictionImpl.INSTANCE, 0, -1);
    private final CrowdService crowdService;
    private final CrowdDirectoryService crowdDirectoryService;
    private final DirectoryManager directoryManager;
    private final UserKeyStore userKeyStore;
    private final ApplicationManager applicationManager;
    private final ApplicationProperties applicationProperties;
    private final ExtendedUserDao userDao;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/jira/user/util/DefaultUserManager$IsExternalApplication.class */
    public static class IsExternalApplication implements Predicate<Application> {
        IsExternalApplication() {
        }

        public boolean apply(Application application) {
            return !application.isPermanent();
        }
    }

    public DefaultUserManager(CrowdService crowdService, CrowdDirectoryService crowdDirectoryService, DirectoryManager directoryManager, UserKeyStore userKeyStore, ApplicationManager applicationManager, ApplicationProperties applicationProperties, ExtendedUserDao extendedUserDao) {
        this.crowdService = crowdService;
        this.crowdDirectoryService = crowdDirectoryService;
        this.directoryManager = directoryManager;
        this.userKeyStore = userKeyStore;
        this.applicationManager = applicationManager;
        this.applicationProperties = applicationProperties;
        this.userDao = extendedUserDao;
    }

    public int getTotalUserCount() {
        if (this.userDao.useFullCache()) {
            return getAllUsersFromCrowd().size();
        }
        List findAllDirectories = this.crowdDirectoryService.findAllDirectories();
        HashSet hashSet = new HashSet();
        Iterator it = findAllDirectories.iterator();
        while (it.hasNext()) {
            hashSet.add(((Directory) it.next()).getId());
        }
        try {
            return (int) this.userDao.getUniqueUserCount(hashSet);
        } catch (DirectoryNotFoundException e) {
            throw new OperationFailedException(e);
        }
    }

    @Nonnull
    public Collection<ApplicationUser> getUsers() {
        return getAllApplicationUsers();
    }

    @Nonnull
    public Collection<ApplicationUser> getAllApplicationUsers() {
        Collection<User> allUsersFromCrowd = getAllUsersFromCrowd();
        ArrayList arrayList = new ArrayList(allUsersFromCrowd.size());
        Iterator<User> it = allUsersFromCrowd.iterator();
        while (it.hasNext()) {
            Optional<DelegatingApplicationUser> applicationUser = toApplicationUser(it.next());
            arrayList.getClass();
            applicationUser.ifPresent((v1) -> {
                r1.add(v1);
            });
        }
        return arrayList;
    }

    private Optional<DelegatingApplicationUser> toApplicationUser(User user) {
        return Optional.ofNullable(user).flatMap(user2 -> {
            return this.userKeyStore.getUserForUsername(user2.getName());
        }).map(applicationUserEntity -> {
            return new DelegatingApplicationUser(applicationUserEntity.getId(), applicationUserEntity.getKey(), user);
        });
    }

    @Nonnull
    private List<User> getAllUsersFromDirectory(@Nonnull Directory directory, boolean z) {
        try {
            return this.directoryManager.searchUsers(directory.getId().longValue(), QUERY_ALL_USERS);
        } catch (DirectoryNotFoundException e) {
            if (z) {
                throw new OperationFailedException(e);
            }
            return ImmutableList.of();
        } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
            throw new OperationFailedException(e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v23, types: [java.util.Collection] */
    @Nonnull
    private Collection<User> getAllUsersFromCrowd() {
        List<User> allUsersFromDirectory;
        long currentTimeMillis = System.currentTimeMillis();
        ArrayList<Directory> newArrayList = Lists.newArrayList(this.crowdDirectoryService.findAllDirectories());
        if (newArrayList.size() > 1) {
            HashMap hashMap = new HashMap();
            Collections.reverse(newArrayList);
            for (Directory directory : newArrayList) {
                if (directory.isActive()) {
                    Iterator<User> it = getAllUsersFromDirectory(directory, false).iterator();
                    while (it.hasNext()) {
                        UserOrGroupStub userOrGroupStub = (User) it.next();
                        hashMap.put(userOrGroupStub instanceof UserOrGroupStub ? userOrGroupStub.getLowerName() : IdentifierUtils.toLowerCase(userOrGroupStub.getName()), userOrGroupStub);
                    }
                }
            }
            allUsersFromDirectory = hashMap.values();
        } else {
            allUsersFromDirectory = newArrayList.size() == 1 ? getAllUsersFromDirectory((Directory) newArrayList.get(0), true) : Collections.emptyList();
        }
        if (log.isDebugEnabled()) {
            log.info("Found " + allUsersFromDirectory.size() + " users in " + (System.currentTimeMillis() - currentTimeMillis) + "ms.");
        }
        return allUsersFromDirectory;
    }

    @Nonnull
    public Set<ApplicationUser> getAllUsers() {
        return Sets.newHashSet(getAllApplicationUsers());
    }

    private User getCrowdUser(String str) {
        if (str == null) {
            return null;
        }
        return this.crowdService.getUser(str);
    }

    public ApplicationUser getUser(String str) {
        return getUserObject(str);
    }

    public ApplicationUser getUserObject(@Nullable String str) {
        return getUserByName(str);
    }

    public ApplicationUser findUserInDirectory(String str, Long l) {
        try {
            return toApplicationUser((User) this.directoryManager.findUserByName(l.longValue(), str)).orElse(null);
        } catch (com.atlassian.crowd.exception.OperationFailedException e) {
            throw new OperationFailedException(e);
        } catch (UserNotFoundException e2) {
            return null;
        } catch (DirectoryNotFoundException e3) {
            throw new IllegalArgumentException((Throwable) e3);
        }
    }

    public ApplicationUser getUserEvenWhenUnknown(String str) {
        if (str == null) {
            return null;
        }
        User crowdUser = getCrowdUser(str);
        return ApplicationUsers.from(crowdUser != null ? crowdUser : unknownUser(str));
    }

    public Optional<ApplicationUser> getUserById(Long l) {
        return this.userKeyStore.getUserForId(l).flatMap(this::toApplicationUser);
    }

    public ApplicationUser getUserByKey(String str) {
        return (ApplicationUser) this.userKeyStore.getUserForKey(str).flatMap(this::toApplicationUser).orElse(null);
    }

    public ApplicationUser getUserByName(String str) {
        return (ApplicationUser) this.userKeyStore.getUserForUsername(str).flatMap(this::toApplicationUser).orElse(null);
    }

    public ApplicationUser getUserByKeyEvenWhenUnknown(@Nullable String str) {
        UserKeyStore userKeyStore = this.userKeyStore;
        userKeyStore.getClass();
        return getApplicationUserEvenWhenUnknown(str, userKeyStore::getUserForKey, () -> {
            return unknownApplicationUser(-1L, str, str);
        });
    }

    public ApplicationUser getUserByNameEvenWhenUnknown(@Nullable String str) {
        UserKeyStore userKeyStore = this.userKeyStore;
        userKeyStore.getClass();
        return getApplicationUserEvenWhenUnknown(str, userKeyStore::getUserForUsername, () -> {
            return unknownApplicationUser(-1L, IdentifierUtils.toLowerCase(str), str);
        });
    }

    private ApplicationUser getApplicationUserEvenWhenUnknown(String str, Function<String, Optional<ApplicationUserEntity>> function, Supplier<ApplicationUser> supplier) {
        if (str == null) {
            return null;
        }
        return (ApplicationUser) function.apply(str).map(applicationUserEntity -> {
            ApplicationUser user = getUser(applicationUserEntity.getUsername());
            return user == null ? unknownApplicationUser(applicationUserEntity.getId(), applicationUserEntity.getKey(), applicationUserEntity.getUsername()) : user;
        }).orElseGet(supplier);
    }

    private Optional<ApplicationUser> toApplicationUser(ApplicationUserEntity applicationUserEntity) {
        User crowdUser = getCrowdUser(applicationUserEntity.getUsername());
        return crowdUser != null ? Optional.ofNullable(new DelegatingApplicationUser(applicationUserEntity.getId(), applicationUserEntity.getKey(), crowdUser)) : Optional.empty();
    }

    public boolean canUpdateUser(ApplicationUser applicationUser) {
        if (applicationUser == null) {
            return false;
        }
        return userDirectoryAllowsUpdateUser(applicationUser);
    }

    public boolean userCanUpdateOwnDetails(@Nonnull ApplicationUser applicationUser) {
        return canUpdateUser(applicationUser) && !this.applicationProperties.getOption("jira.option.user.externalmanagement");
    }

    public boolean canRenameUser(ApplicationUser applicationUser) {
        return userDirectoryAllowsRenameUser(applicationUser) && isJaacsUnusedOrRenameAllowedAnyway();
    }

    @VisibleForTesting
    boolean isJaacsUnusedOrRenameAllowedAnyway() {
        return this.applicationProperties.getOption("jira.option.user.crowd.allow.rename") || !Iterables.any(this.applicationManager.findAll(), new IsExternalApplication());
    }

    private void handleDeletedUserEviction(String str) {
        if (this.userKeyStore.getKeyForUsername(str) == null) {
            return;
        }
        int i = 1;
        String str2 = str + "#1";
        while (true) {
            String str3 = str2;
            if (this.userKeyStore.getKeyForUsername(str3) == null) {
                this.userKeyStore.renameUser(str, str3);
                return;
            } else {
                if (i == Integer.MAX_VALUE) {
                    throw new IllegalStateException("Deleted user eviction namespace exhausted");
                }
                i++;
                str2 = str + '#' + i;
            }
        }
    }

    private void handleRenamedUser(ApplicationUser applicationUser) {
        String lowerCase = IdentifierUtils.toLowerCase(applicationUser.getUsername());
        String usernameForKey = this.userKeyStore.getUsernameForKey(applicationUser.getKey());
        if (lowerCase.equals(usernameForKey)) {
            return;
        }
        if (getCrowdUser(lowerCase) != null) {
            throw new IllegalArgumentException("Cannot rename: user with username '" + lowerCase + "' already exists.");
        }
        handleDeletedUserEviction(lowerCase);
        try {
            this.directoryManager.renameUser(applicationUser.getDirectoryId(), usernameForKey, applicationUser.getUsername());
            if (this.crowdService.getUser(usernameForKey) != null) {
                this.userKeyStore.ensureUniqueKeyForNewUser(usernameForKey);
            }
            clearConsumerTokens(usernameForKey);
        } catch (DirectoryPermissionException e) {
            throw new OperationFailedException(e);
        } catch (CrowdException e2) {
            throw new OperationFailedException(e2);
        }
    }

    private void clearConsumerTokens(String str) {
        ConsumerTokenService consumerTokenService = (ConsumerTokenService) ComponentAccessor.getOSGiComponentInstanceOfType(ConsumerTokenService.class);
        if (consumerTokenService != null) {
            consumerTokenService.removeAllTokensForUsername(str);
        } else if (log.isDebugEnabled()) {
            log.debug("Unable to clear consumer tokens for '" + str + "' because the service could not be located.  Maybe applinks is offline?");
        }
    }

    public void updateUser(ApplicationUser applicationUser) {
        handleRenamedUser(applicationUser);
        try {
            this.crowdService.updateUser(ImmutableUser.newUser(applicationUser.getDirectoryUser()).emailAddress(StringUtils.trim(applicationUser.getEmailAddress())).name(applicationUser.getUsername()).toUser());
            ((LicenseCountService) ComponentAccessor.getComponent(LicenseCountService.class)).flushBillableUsersCache();
        } catch (InvalidUserException | OperationNotPermittedException e) {
            throw new OperationFailedException(e);
        }
    }

    public boolean canUpdateUserPassword(ApplicationUser applicationUser) {
        if (userDirectoryAllowsUpdateUser(applicationUser)) {
            return canDirectoryUpdateUserPassword(this.crowdDirectoryService.findDirectoryById(applicationUser.getDirectoryId()));
        }
        return false;
    }

    private boolean userDirectoryAllowsUpdateUser(ApplicationUser applicationUser) {
        Directory findDirectoryById;
        if (applicationUser == null || (findDirectoryById = this.crowdDirectoryService.findDirectoryById(applicationUser.getDirectoryId())) == null) {
            return false;
        }
        return findDirectoryById.getAllowedOperations().contains(OperationType.UPDATE_USER);
    }

    private boolean userDirectoryAllowsRenameUser(ApplicationUser applicationUser) {
        Directory findDirectoryById;
        if (applicationUser == null || (findDirectoryById = this.crowdDirectoryService.findDirectoryById(applicationUser.getDirectoryId())) == null || !findDirectoryById.getAllowedOperations().contains(OperationType.UPDATE_USER)) {
            return false;
        }
        DirectoryType type = findDirectoryById.getType();
        return type == DirectoryType.INTERNAL || type == DirectoryType.DELEGATING;
    }

    public boolean canUpdateGroupMembershipForUser(ApplicationUser applicationUser) {
        Directory findDirectoryById;
        if (applicationUser == null || (findDirectoryById = this.crowdDirectoryService.findDirectoryById(applicationUser.getDirectoryId())) == null) {
            return false;
        }
        return findDirectoryById.getAllowedOperations().contains(OperationType.UPDATE_GROUP);
    }

    public Collection<Group> getGroups() {
        Iterable search = this.crowdService.search(new GroupQuery(Group.class, GroupType.GROUP, NullRestrictionImpl.INSTANCE, 0, -1));
        if (search instanceof Collection) {
            return (Collection) search;
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Iterator it = search.iterator();
        while (it.hasNext()) {
            linkedHashSet.add((Group) it.next());
        }
        return linkedHashSet;
    }

    public Set<Group> getAllGroups() {
        Collection<Group> groups = getGroups();
        return groups instanceof Set ? (Set) groups : new LinkedHashSet(groups);
    }

    private Group getCrowdGroup(String str) {
        if (str == null) {
            return null;
        }
        return this.crowdService.getGroup(str);
    }

    public Group getGroup(String str) {
        return getCrowdGroup(str);
    }

    public Group getGroupObject(@Nullable String str) {
        return getCrowdGroup(str);
    }

    @Nonnull
    public List<Directory> getWritableDirectories() {
        List<Directory> findAllDirectories = this.crowdDirectoryService.findAllDirectories();
        ArrayList arrayList = new ArrayList(findAllDirectories.size());
        for (Directory directory : findAllDirectories) {
            if (directory.getAllowedOperations().contains(OperationType.CREATE_USER) && directory.isActive()) {
                arrayList.add(directory);
            }
        }
        return arrayList;
    }

    @Nonnull
    public Optional<Directory> getDefaultCreateDirectory() {
        return getWritableDirectories().stream().findFirst();
    }

    public boolean hasWritableDirectory() {
        return getWritableDirectories().size() > 0;
    }

    public boolean hasPasswordWritableDirectory() {
        Iterator<Directory> it = getWritableDirectories().iterator();
        while (it.hasNext()) {
            if (canDirectoryUpdateUserPassword(it.next())) {
                return true;
            }
        }
        return false;
    }

    public boolean hasGroupWritableDirectory() {
        for (Directory directory : this.crowdDirectoryService.findAllDirectories()) {
            if (directory.isActive() && directory.getAllowedOperations().contains(OperationType.CREATE_GROUP)) {
                return true;
            }
        }
        return false;
    }

    public Directory getDirectory(Long l) {
        return this.crowdDirectoryService.findDirectoryById(l.longValue());
    }

    public boolean isUserExisting(ApplicationUser applicationUser) {
        return (applicationUser == null || applicationUser.getDirectoryId() == -1) ? false : true;
    }

    @Nonnull
    public String generateRandomPassword() {
        return SecureRandomStringUtils.getInstance().randomAlphanumericString(26) + "ABab23";
    }

    public boolean canDirectoryUpdateUserPassword(Directory directory) {
        if (directory == null || directory.getType() == DirectoryType.DELEGATING) {
            return false;
        }
        return directory.getAllowedOperations().contains(OperationType.UPDATE_USER);
    }

    @Nonnull
    public UserManager.UserState getUserState(@Nullable ApplicationUser applicationUser) {
        return applicationUser == null ? UserManager.UserState.INVALID_USER : getUserState(((ApplicationUser) Assertions.notNull("user", applicationUser)).getUsername(), applicationUser.getDirectoryId());
    }

    @Nonnull
    public UserManager.UserState getUserState(@Nonnull String str, long j) {
        Assertions.notNull("username", str);
        if (j == -1) {
            return UserManager.UserState.INVALID_USER;
        }
        boolean z = false;
        boolean z2 = false;
        for (Directory directory : this.crowdDirectoryService.findAllDirectories()) {
            if (j == directory.getId().longValue()) {
                if (!isUserInDirectory(str, directory)) {
                    return UserManager.UserState.INVALID_USER;
                }
                if (z2) {
                    return UserManager.UserState.SHADOW_USER;
                }
                z = true;
            } else if (!z2 && isUserInDirectory(str, directory)) {
                if (z) {
                    return UserManager.UserState.NORMAL_USER_WITH_SHADOW;
                }
                z2 = true;
            }
        }
        return z ? UserManager.UserState.NORMAL_USER : UserManager.UserState.INVALID_USER;
    }

    private boolean isUserInDirectory(String str, Directory directory) {
        return directory.isActive() && findUserInDirectory(str, directory.getId()) != null;
    }

    private User unknownUser(String str) {
        return new ImmutableUser(-1L, str, str, "?", false);
    }

    private ApplicationUser unknownApplicationUser(Long l, String str, String str2) {
        return new DelegatingApplicationUser(l, str, unknownUser(str2));
    }

    @VisibleForTesting
    @Nonnull
    String generatePasswordIfEmpty(@Nullable String str) {
        return StringUtils.isEmpty(str) ? generateRandomPassword() : str;
    }

    @VisibleForTesting
    @Nonnull
    UserTemplate from(@Nonnull UserDetails userDetails) {
        Assertions.notNull("userData", userDetails);
        UserTemplate userTemplate = new UserTemplate(userDetails.getUsername());
        userTemplate.setDisplayName(userDetails.getDisplayName());
        userTemplate.setActive(true);
        userTemplate.setEmailAddress(StringUtils.trim(userDetails.getEmailAddress()));
        return userTemplate;
    }

    @Nonnull
    public ApplicationUser createUser(@Nonnull UserDetails userDetails) throws CreateException, PermissionException {
        Assertions.notNull("userData", userDetails);
        try {
            try {
                try {
                    UserTemplate from = from(userDetails);
                    String generatePasswordIfEmpty = generatePasswordIfEmpty(userDetails.getPassword());
                    if (!userDetails.getDirectoryId().isPresent()) {
                        return ApplicationUsers.from(this.crowdService.addUser(from, generatePasswordIfEmpty));
                    }
                    Long l = (Long) userDetails.getDirectoryId().get();
                    from.setDirectoryId(l.longValue());
                    return ApplicationUsers.from((User) this.directoryManager.addUser(l.longValue(), from, new PasswordCredential(generatePasswordIfEmpty)));
                } catch (com.atlassian.crowd.exception.OperationFailedException e) {
                    throw new OperationFailedException(e);
                }
            } catch (DirectoryPermissionException | OperationNotPermittedException e2) {
                throw new PermissionException(e2);
            }
        } catch (InvalidCredentialException | UserAlreadyExistsException | DirectoryNotFoundException | InvalidUserException e3) {
            throw new CreateException(e3);
        }
    }

    public Optional<UserIdentity> getUserIdentityById(Long l) {
        return this.userKeyStore.getUserForId(l).map(this::userEntityToIdentity);
    }

    public Optional<UserIdentity> getUserIdentityByKey(String str) {
        return this.userKeyStore.getUserForKey(str).map(this::userEntityToIdentity);
    }

    public Optional<UserIdentity> getUserIdentityByUsername(String str) {
        return this.userKeyStore.getUserForUsername(str).map(this::userEntityToIdentity);
    }

    private UserIdentity userEntityToIdentity(ApplicationUserEntity applicationUserEntity) {
        return UserIdentity.withId(applicationUserEntity.getId()).key(applicationUserEntity.getKey()).andUsername(applicationUserEntity.getUsername());
    }
}
