package com.atlassian.jira.user.anonymize;

import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.crowd.embedded.ofbiz.ExtendedUserDao;
import com.atlassian.jira.event.user.anonymize.UserAnonymizationPrevalidateEvent;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.task.context.Context;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.anonymize.AnonymizeUserService;
import com.atlassian.jira.user.anonymize.operations.AnonymizeOperationStep;
import com.atlassian.jira.user.anonymize.operations.AnonymizeOperationSteps;
import com.atlassian.jira.user.util.UserKeyStore;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.jira.util.SimpleErrorCollection;
import com.google.common.base.Preconditions;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/user/anonymize/DefaultAnonymizeUserService.class */
public class DefaultAnonymizeUserService implements AnonymizeUserService {
    private static final Logger log = LoggerFactory.getLogger(DefaultAnonymizeUserService.class);
    private final UserManager userManager;
    private final I18nHelper.BeanFactory i18nBeanFactory;
    private final GlobalPermissionManager globalPermissionManager;
    private final UserKeyStore userKeyStore;
    private final ExtendedUserDao ofBizUserDao;
    private final AnonymizeOperationSteps anonymizeOperationSteps;
    private final EventPublisher eventPublisher;

    public DefaultAnonymizeUserService(UserManager userManager, I18nHelper.BeanFactory beanFactory, GlobalPermissionManager globalPermissionManager, UserKeyStore userKeyStore, ExtendedUserDao extendedUserDao, AnonymizeOperationSteps anonymizeOperationSteps, EventPublisher eventPublisher) {
        this.userManager = userManager;
        this.i18nBeanFactory = beanFactory;
        this.globalPermissionManager = globalPermissionManager;
        this.userKeyStore = userKeyStore;
        this.ofBizUserDao = extendedUserDao;
        this.anonymizeOperationSteps = anonymizeOperationSteps;
        this.eventPublisher = eventPublisher;
    }

    @Override // com.atlassian.jira.user.anonymize.AnonymizeUserService
    @Nonnull
    public AnonymizeUserService.AnonymizeValidationResult preValidateAnonymize(@Nonnull AnonymizeUserService.AnonymizeUserRequest anonymizeUserRequest) {
        log.debug("Publishing userAnonymizationPrevalidateEvent");
        this.eventPublisher.publish(new UserAnonymizationPrevalidateEvent(anonymizeUserRequest.getUserKey()));
        log.debug("Published userAnonymizationPrevalidateEvent");
        return validate(anonymizeUserRequest, true);
    }

    @Override // com.atlassian.jira.user.anonymize.AnonymizeUserService
    @Nonnull
    public AnonymizeUserService.AnonymizeValidationResult validateAnonymize(@Nonnull AnonymizeUserService.AnonymizeUserRequest anonymizeUserRequest) {
        return validate(anonymizeUserRequest, false);
    }

    private AnonymizeUserService.AnonymizeValidationResult validate(AnonymizeUserService.AnonymizeUserRequest anonymizeUserRequest, boolean z) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        ApplicationUser executor = anonymizeUserRequest.getExecutor();
        I18nHelper beanFactory = this.i18nBeanFactory.getInstance(executor);
        AnonymizeUserService.OperationsReport operationsReport = new AnonymizeUserService.OperationsReport();
        if (!isAdministrator(executor)) {
            simpleErrorCollection.addErrorMessage(beanFactory.getText("admin.errors.user.anonymize.no.permission"));
            return new AnonymizeUserService.AnonymizeValidationResult(simpleErrorCollection, anonymizeUserRequest, null, new AnonymizeUserService.OperationsReport(), operationsReport);
        }
        String userKey = anonymizeUserRequest.getUserKey();
        ApplicationUser userByKeyEvenWhenUnknown = this.userManager.getUserByKeyEvenWhenUnknown(userKey);
        if (!isSysAdmin(executor) && isSysAdmin(userByKeyEvenWhenUnknown)) {
            simpleErrorCollection.addErrorMessage(beanFactory.getText("admin.errors.user.anonymize.must.be.sysadmin.to.edit.sysadmin"));
            return new AnonymizeUserService.AnonymizeValidationResult(simpleErrorCollection, anonymizeUserRequest, null, new AnonymizeUserService.OperationsReport(), operationsReport);
        }
        if (executor.getKey().equals(anonymizeUserRequest.getUserKey())) {
            simpleErrorCollection.addErrorMessage(beanFactory.getText("admin.errors.user.anonymize.yourself"));
            return new AnonymizeUserService.AnonymizeValidationResult(simpleErrorCollection, anonymizeUserRequest, null, new AnonymizeUserService.OperationsReport(), operationsReport);
        }
        AnonymizeUserService.AnonymizeProcessData.Builder newBuilder = AnonymizeUserService.AnonymizeProcessData.newBuilder(anonymizeUserRequest);
        newBuilder.user(userByKeyEvenWhenUnknown);
        AnonymizeUserService.UserState userState = newBuilder.build().getUserState();
        if (userState == AnonymizeUserService.UserState.NOT_FOUND) {
            simpleErrorCollection.addErrorMessage(beanFactory.getText("admin.errors.user.anonymize.user.does.not.exist", userKey));
            return new AnonymizeUserService.AnonymizeValidationResult(simpleErrorCollection, anonymizeUserRequest, null, new AnonymizeUserService.OperationsReport(), operationsReport);
        }
        if (userState == AnonymizeUserService.UserState.PRESENT && this.userManager.getUserState(userByKeyEvenWhenUnknown).isInMultipleDirectories()) {
            simpleErrorCollection.addErrorMessage(beanFactory.getText("admin.errors.user.anonymize.multiple.directories"));
            return new AnonymizeUserService.AnonymizeValidationResult(simpleErrorCollection, anonymizeUserRequest, null, new AnonymizeUserService.OperationsReport(), operationsReport);
        }
        boolean isSystemKey = this.userKeyStore.isSystemKey(userByKeyEvenWhenUnknown.getKey());
        boolean isSystemKey2 = this.userKeyStore.isSystemKey(userByKeyEvenWhenUnknown.getUsername());
        if (isSystemKey) {
            log.info("User key is already anonymized ({}), not need to change it", userByKeyEvenWhenUnknown.getKey());
        } else {
            Optional<String> uniqueAnonymizedKey = getUniqueAnonymizedKey(userByKeyEvenWhenUnknown);
            if (!uniqueAnonymizedKey.isPresent()) {
                simpleErrorCollection.addErrorMessage(beanFactory.getText("admin.errors.user.anonymize.cant.generate.userkey", userKey));
                return new AnonymizeUserService.AnonymizeValidationResult(simpleErrorCollection, anonymizeUserRequest, null, new AnonymizeUserService.OperationsReport(), operationsReport);
            }
            String str = uniqueAnonymizedKey.get();
            newBuilder.newUserKey(str);
            log.info("User key is not anonymized ({}), should anonymize to ({})", userKey, str);
        }
        if (!isSystemKey2) {
            Optional<String> uniqueUsernameFromId = this.userKeyStore.getUniqueUsernameFromId(userByKeyEvenWhenUnknown.getId().longValue());
            if (!uniqueUsernameFromId.isPresent()) {
                simpleErrorCollection.addErrorMessage(beanFactory.getText("admin.errors.user.anonymize.cant.generate.username", userByKeyEvenWhenUnknown.getUsername()));
                return new AnonymizeUserService.AnonymizeValidationResult(simpleErrorCollection, anonymizeUserRequest, null, new AnonymizeUserService.OperationsReport(), operationsReport);
            }
            String str2 = uniqueUsernameFromId.get();
            log.info("Username is not anonymized ({}), should rename to ({})", userByKeyEvenWhenUnknown.getUsername(), str2);
            newBuilder.newUserName(str2);
        }
        newBuilder.userDeletedExternally(this.ofBizUserDao.isDeletedExternally(userByKeyEvenWhenUnknown.getDirectoryId(), userByKeyEvenWhenUnknown.getUsername()));
        newBuilder.userKeyAlreadyAnonymized(isSystemKey);
        newBuilder.userNameAlreadyAnonymized(isSystemKey2);
        AnonymizeUserService.OperationsReport<Collection<AffectedEntity>> affectedEntities = getAffectedEntities(newBuilder.build());
        if (!affectedEntities.isValid()) {
            return new AnonymizeUserService.AnonymizeValidationResult(simpleErrorCollection, anonymizeUserRequest, null, affectedEntities, operationsReport);
        }
        newBuilder.affectedEntities((Collection) affectedEntities.getReports().stream().map((v0) -> {
            return v0.getResult();
        }).map((v0) -> {
            return v0.get();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toList()));
        AnonymizeUserService.AnonymizeProcessData build = newBuilder.build();
        Iterator<AnonymizeUserService.AnonymizeOperation> it = build.getOperationsWeWouldLikeToPerform(z).iterator();
        while (it.hasNext()) {
            AnonymizeOperationStep step = this.anonymizeOperationSteps.getStep(it.next());
            if (step != null) {
                operationsReport.putReport(new AnonymizeUserService.SingleOperationReport(step.getAnonymizeOperation(), new ServiceOutcomeWithWarnings(null, step.validate(build, beanFactory, z).getErrorCollection(), new HashMap())));
            }
        }
        return new AnonymizeUserService.AnonymizeValidationResult(simpleErrorCollection, anonymizeUserRequest, build, affectedEntities, operationsReport);
    }

    private AnonymizeUserService.OperationsReport<Collection<AffectedEntity>> getAffectedEntities(AnonymizeUserService.AnonymizeProcessData anonymizeProcessData) {
        AnonymizeUserService.OperationsReport<Collection<AffectedEntity>> operationsReport = new AnonymizeUserService.OperationsReport<>();
        for (AnonymizeUserService.AnonymizeOperation anonymizeOperation : anonymizeProcessData.getOperationsWeWouldLikeToPerform(true)) {
            AnonymizeOperationStep step = this.anonymizeOperationSteps.getStep(anonymizeOperation);
            if (step != null) {
                operationsReport.putReport(new AnonymizeUserService.SingleOperationReport<>(anonymizeOperation, step.getAffectedEntities(anonymizeProcessData)));
            }
        }
        return operationsReport;
    }

    private Optional<String> getUniqueAnonymizedKey(ApplicationUser applicationUser) {
        return this.userKeyStore.getUniqueKeyFromId(applicationUser.getId().longValue());
    }

    @Override // com.atlassian.jira.user.anonymize.AnonymizeUserService
    @Nonnull
    public AnonymizeUserService.AnonymizePerformResult perform(@Nonnull AnonymizeUserService.AnonymizeValidationResult anonymizeValidationResult, @Nonnull Context context) {
        Preconditions.checkArgument(anonymizeValidationResult.isValid());
        AnonymizeUserService.AnonymizeUserRequest request = anonymizeValidationResult.getRequest();
        log.debug("Publishing userAnonymizationStartedEvent");
        this.eventPublisher.publish(anonymizeValidationResult.getProcessData().getUserAnonymizationStartedEvent());
        log.debug("Published userAnonymizationStartedEvent");
        AnonymizeUserService.OperationsReport<Void> operationsReport = new AnonymizeUserService.OperationsReport<>();
        AnonymizeUserService.AnonymizePerformResult anonymizePerformResult = new AnonymizeUserService.AnonymizePerformResult(request, anonymizeValidationResult.getProcessData(), operationsReport);
        Iterator<AnonymizeOperationStep> it = this.anonymizeOperationSteps.getStepsBlockingAnonymizationProcessOnFail().iterator();
        while (it.hasNext()) {
            Optional<AnonymizeUserService.SingleOperationReport<Void>> performOperation = it.next().performOperation(operationsReport, anonymizeValidationResult, context);
            operationsReport.getClass();
            performOperation.ifPresent(operationsReport::putReport);
            if (!operationsReport.isValid()) {
                return anonymizePerformResult;
            }
        }
        this.anonymizeOperationSteps.getStepsNotBlockingAnonymizationProcessOnFail().stream().map(anonymizeOperationStep -> {
            return anonymizeOperationStep.performOperation(operationsReport, anonymizeValidationResult, context);
        }).forEach(optional -> {
            operationsReport.getClass();
            optional.ifPresent(operationsReport::putReport);
        });
        log.debug("Publishing userAnonymizationFinishedEvent");
        this.eventPublisher.publish(anonymizeValidationResult.getProcessData().getUserAnonymizationFinishedEvent());
        log.debug("Published userAnonymizationFinishedEvent");
        return anonymizePerformResult;
    }

    @Override // com.atlassian.jira.user.anonymize.AnonymizeUserService
    public int getStepCount(@Nonnull AnonymizeUserService.AnonymizeValidationResult anonymizeValidationResult) {
        if (anonymizeValidationResult.isValid()) {
            return Stream.concat(this.anonymizeOperationSteps.getStepsBlockingAnonymizationProcessOnFail().stream(), this.anonymizeOperationSteps.getStepsNotBlockingAnonymizationProcessOnFail().stream()).mapToInt(anonymizeOperationStep -> {
                return anonymizeOperationStep.getNumberOfTasks(anonymizeValidationResult);
            }).sum();
        }
        return 0;
    }

    private boolean isAdministrator(@Nullable ApplicationUser applicationUser) {
        return this.globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, applicationUser);
    }

    private boolean isSysAdmin(@Nullable ApplicationUser applicationUser) {
        return this.globalPermissionManager.hasPermission(GlobalPermissionKey.SYSTEM_ADMIN, applicationUser);
    }
}
