package com.atlassian.jira.user.anonymize.handlers.anonymize;

import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.event.user.UserEditedEvent;
import com.atlassian.crowd.event.user.UserEmailChangedEvent;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.OperationNotPermittedException;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.avatar.Avatar;
import com.atlassian.jira.avatar.AvatarManager;
import com.atlassian.jira.bc.ServiceResult;
import com.atlassian.jira.bc.ServiceResultImpl;
import com.atlassian.jira.crowd.embedded.ofbiz.ExtendedUserDao;
import com.atlassian.jira.crowd.embedded.ofbiz.UserNotFoundException;
import com.atlassian.jira.entity.property.EntityPropertyType;
import com.atlassian.jira.entity.property.JsonEntityPropertyManager;
import com.atlassian.jira.icon.IconType;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.task.context.Context;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.UserHistoryStore;
import com.atlassian.jira.user.UserPropertyManager;
import com.atlassian.jira.user.anonymize.AffectedEntity;
import com.atlassian.jira.user.anonymize.AffectedEntityLink;
import com.atlassian.jira.user.anonymize.AffectedEntityType;
import com.atlassian.jira.user.anonymize.ContextUtil;
import com.atlassian.jira.user.anonymize.Retry;
import com.atlassian.jira.user.anonymize.UserAnonymizationHandler;
import com.atlassian.jira.user.anonymize.UserAnonymizationParameter;
import com.atlassian.jira.user.util.UserKeyStore;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.util.BaseUrl;
import com.atlassian.jira.util.ErrorCollection;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.jira.util.SimpleErrorCollection;
import com.atlassian.jira.util.SimpleWarningCollection;
import com.atlassian.jira.util.WarningCollection;
import com.atlassian.seraph.spi.rememberme.RememberMeTokenDao;
import com.google.common.collect.ImmutableList;
import java.net.URLEncoder;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Collection;
import java.util.Iterator;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.codec.digest.DigestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/user/anonymize/handlers/anonymize/UserProfileAnonymizationHandler.class */
public class UserProfileAnonymizationHandler implements UserAnonymizationHandler {
    private static final Logger LOG = LoggerFactory.getLogger(UserProfileAnonymizationHandler.class);
    private static final int MAX_RETRIES = 1;
    private final JiraAuthenticationContext jiraAuthenticationContext;
    private final UserManager userManager;
    private final UserKeyStore userKeyStore;
    private final CrowdService crowdService;
    private final AvatarManager avatarManager;
    private final RememberMeTokenDao rememberMeTokenDao;
    private final UserPropertyManager userPropertyManager;
    private final JsonEntityPropertyManager jsonEntityPropertyManager;
    private final UserHistoryStore userHistoryStore;
    private final I18nHelper i18n;
    private final BaseUrl baseUrl;
    private final ExtendedUserDao extendedUserDao;
    private final EventPublisher eventPublisher;

    public UserProfileAnonymizationHandler(JiraAuthenticationContext jiraAuthenticationContext, UserManager userManager, UserKeyStore userKeyStore, CrowdService crowdService, AvatarManager avatarManager, RememberMeTokenDao rememberMeTokenDao, UserPropertyManager userPropertyManager, JsonEntityPropertyManager jsonEntityPropertyManager, UserHistoryStore userHistoryStore, I18nHelper i18nHelper, BaseUrl baseUrl, ExtendedUserDao extendedUserDao, EventPublisher eventPublisher) {
        this.jiraAuthenticationContext = jiraAuthenticationContext;
        this.userManager = userManager;
        this.userKeyStore = userKeyStore;
        this.crowdService = crowdService;
        this.avatarManager = avatarManager;
        this.rememberMeTokenDao = rememberMeTokenDao;
        this.userPropertyManager = userPropertyManager;
        this.jsonEntityPropertyManager = jsonEntityPropertyManager;
        this.userHistoryStore = userHistoryStore;
        this.i18n = i18nHelper;
        this.baseUrl = baseUrl;
        this.extendedUserDao = extendedUserDao;
        this.eventPublisher = eventPublisher;
    }

    @Nonnull
    public Collection<AffectedEntity> getAffectedEntities(@Nonnull UserAnonymizationParameter userAnonymizationParameter) {
        Optional ofNullable = Optional.ofNullable(this.userManager.getUserByKey(userAnonymizationParameter.getUserKey()));
        return ofNullable.isPresent() ? ImmutableList.of(AffectedEntity.newBuilder(AffectedEntityType.ANONYMIZE).descriptionKey("user.profile").numberOfOccurrences(1L).link(getUserProfileLink((ApplicationUser) ofNullable.get())).build()) : ImmutableList.of();
    }

    @Nullable
    private AffectedEntityLink getUserProfileLink(@Nonnull ApplicationUser applicationUser) {
        return (AffectedEntityLink) encodeUserName(applicationUser).map(str -> {
            return this.baseUrl.resolveAddress("/secure/ViewProfile.jspa?name=" + str);
        }).map(uri -> {
            return new AffectedEntityLink(uri, "user.profile");
        }).orElse(null);
    }

    @Nonnull
    private Optional<String> encodeUserName(@Nonnull ApplicationUser applicationUser) {
        try {
            return Optional.of(URLEncoder.encode(applicationUser.getName(), StandardCharsets.UTF_8.name()));
        } catch (Exception e) {
            LOG.warn("Unable to encode a user name", e);
            return Optional.empty();
        }
    }

    @Nonnull
    public ServiceResult update(@Nonnull UserAnonymizationParameter userAnonymizationParameter) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        SimpleWarningCollection simpleWarningCollection = new SimpleWarningCollection();
        Context context = userAnonymizationParameter.getContext();
        int numberOfTasks = getNumberOfTasks(userAnonymizationParameter);
        try {
            try {
                ApplicationUser userByKeyEvenWhenUnknown = this.userManager.getUserByKeyEvenWhenUnknown(userAnonymizationParameter.getUserKey());
                boolean isUserDeleted = this.userManager.isUserDeleted(userByKeyEvenWhenUnknown);
                boolean isUserExisting = this.userManager.isUserExisting(userByKeyEvenWhenUnknown);
                if (userByKeyEvenWhenUnknown == null || (!isUserExisting && !isUserDeleted)) {
                    simpleErrorCollection.addErrorMessage(this.i18n.getText("admin.errors.user.anonymize.user.does.not.exist", userAnonymizationParameter.getUserKey()));
                } else {
                    if (isUserExisting) {
                        retryOnException(simpleErrorCollection, simpleWarningCollection, () -> {
                            updateCrowdUser(simpleErrorCollection, userByKeyEvenWhenUnknown);
                        });
                    }
                    retryOnException(simpleErrorCollection, simpleWarningCollection, () -> {
                        removeAvatars(userByKeyEvenWhenUnknown);
                    });
                    retryOnException(simpleErrorCollection, simpleWarningCollection, () -> {
                        removeRememberMeTokens(userByKeyEvenWhenUnknown);
                    });
                    retryOnException(simpleErrorCollection, simpleWarningCollection, () -> {
                        removeUserPreferences(userByKeyEvenWhenUnknown);
                    });
                    retryOnException(simpleErrorCollection, simpleWarningCollection, () -> {
                        removeProperties(userByKeyEvenWhenUnknown);
                    });
                    retryOnException(simpleErrorCollection, simpleWarningCollection, () -> {
                        removeHistory(userByKeyEvenWhenUnknown);
                    });
                }
                ContextUtil.updateProgress(context, numberOfTasks);
            } catch (Exception e) {
                LOG.error("Exception during profile anonymization handler processing", e);
                simpleErrorCollection.addErrorMessage(this.jiraAuthenticationContext.getI18nHelper().getText("change.handler.processing.exception", e.getMessage()));
                ContextUtil.updateProgress(context, numberOfTasks);
            }
            return new ServiceResultImpl(simpleErrorCollection, simpleWarningCollection);
        } catch (Throwable th) {
            ContextUtil.updateProgress(context, numberOfTasks);
            throw th;
        }
    }

    private void updateCrowdUser(ErrorCollection errorCollection, ApplicationUser applicationUser) {
        UserTemplate userTemplate = new UserTemplate(applicationUser.getDirectoryUser());
        User userTemplate2 = new UserTemplate(userTemplate);
        userTemplate2.setEmailAddress(this.userKeyStore.getKeyFromId(applicationUser.getId().longValue()) + "@jira.invalid");
        userTemplate2.setDisplayName(displayName(applicationUser));
        userTemplate2.setFirstName((String) null);
        userTemplate2.setLastName((String) null);
        try {
            if (this.extendedUserDao.isDeletedExternally(applicationUser.getDirectoryId(), applicationUser.getUsername())) {
                LOG.info("User deleted externally. Falling back to DB update.");
                User update = this.extendedUserDao.update(userTemplate2, false);
                Directory directory = this.userManager.getDirectory(Long.valueOf(applicationUser.getDirectoryId()));
                if (directory != null) {
                    this.eventPublisher.publish(new UserEditedEvent(this, directory, update, userTemplate));
                    String emailAddress = userTemplate.getEmailAddress();
                    if (!Objects.equals(emailAddress, update.getEmailAddress())) {
                        this.eventPublisher.publish(new UserEmailChangedEvent(this, directory, update, emailAddress));
                    }
                }
            } else {
                this.crowdService.updateUser(userTemplate2);
            }
        } catch (InvalidUserException | OperationNotPermittedException | UserNotFoundException e) {
            LOG.error("Error while updating Crowd user", e);
            errorCollection.addErrorMessage(this.i18n.getText("admin.errors.user.anonymize.user.does.not.exist", userTemplate2.getName()));
        }
    }

    private String displayName(ApplicationUser applicationUser) {
        return "user-" + DigestUtils.sha256Hex(ByteBuffer.allocate(8).putLong(applicationUser.getId().longValue()).array()).substring(0, 5);
    }

    private void removeAvatars(ApplicationUser applicationUser) {
        Iterator it = this.avatarManager.getCustomAvatarsForOwner(IconType.USER_ICON_TYPE, applicationUser.getKey()).iterator();
        while (it.hasNext()) {
            this.avatarManager.delete(((Avatar) it.next()).getId());
        }
    }

    private void removeRememberMeTokens(ApplicationUser applicationUser) {
        this.rememberMeTokenDao.removeAllForUser(applicationUser.getName());
    }

    private void removeUserPreferences(ApplicationUser applicationUser) {
        this.userPropertyManager.getPropertySet(applicationUser).remove();
    }

    private void removeProperties(ApplicationUser applicationUser) {
        this.jsonEntityPropertyManager.deleteByEntity(EntityPropertyType.USER_PROPERTY.getDbEntityName(), applicationUser.getId());
    }

    private void removeHistory(ApplicationUser applicationUser) {
        this.userHistoryStore.removeHistoryForUser(applicationUser);
    }

    private void retryOnException(ErrorCollection errorCollection, WarningCollection warningCollection, Runnable runnable) {
        Retry.from(runnable).onException(exc -> {
            LOG.error("Encountered error when updating user profile", exc);
        }).onFail(exc2 -> {
            errorCollection.addErrorMessage(this.i18n.getText("admin.errors.user.anonymize.retry.failed", 1));
        }).onSuccess(num -> {
            if (num.intValue() > 0) {
                warningCollection.addWarning(this.i18n.getText("admin.errors.user.anonymize.retry.warning", num));
            }
        }).executeTimes(1);
    }
}
