package com.atlassian.crowd.directory.ldap.cache;

import com.atlassian.crowd.directory.MicrosoftActiveDirectory;
import com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.model.Tombstone;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupType;
import com.atlassian.crowd.model.group.LDAPGroupWithAttributes;
import com.atlassian.crowd.model.group.Membership;
import com.atlassian.crowd.model.user.LDAPUserWithAttributes;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.fugue.Pair;
import com.atlassian.util.concurrent.ThreadFactories;
import com.google.common.base.Function;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import javax.naming.InvalidNameException;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/directory/ldap/cache/UsnChangedCacheRefresher.class */
public class UsnChangedCacheRefresher extends AbstractCacheRefresher implements CacheRefresher {
    private static final long UNINITIALISED = -1;
    public static final String PROPERTY_USE_LEGACY_AD_INCREMENTAL_SYNC = "crowd.use.legacy.ad.incremental.sync";
    private final MicrosoftActiveDirectory activeDirectory;
    private volatile long highestCommittedUSN;
    final LDAPEntityNameMap<LDAPUserWithAttributes> userMap;
    private final LDAPEntityNameMap<LDAPGroupWithAttributes> groupMap;
    private Future<List<LDAPUserWithAttributes>> userListFuture;
    private Future<List<LDAPGroupWithAttributes>> groupListFuture;
    private final boolean useLegacyADIncrementalSync;
    private static final Logger log = LoggerFactory.getLogger(UsnChangedCacheRefresher.class);
    public static final Function<Tombstone, String> TOMBSTONE_TO_GUID_FUNCTION = new Function<Tombstone, String>() { // from class: com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.1
        public String apply(Tombstone tombstone) {
            return tombstone.getObjectGUID();
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/crowd/directory/ldap/cache/UsnChangedCacheRefresher$GuidToUserFunction.class */
    public static class GuidToUserFunction implements Function<String, LDAPUserWithAttributes> {
        private final MicrosoftActiveDirectory activeDirectory;
        private final Map<String, LDAPUserWithAttributes> userCache;

        GuidToUserFunction(MicrosoftActiveDirectory microsoftActiveDirectory, Map<String, LDAPUserWithAttributes> map) {
            this.activeDirectory = microsoftActiveDirectory;
            this.userCache = map;
        }

        public LDAPUserWithAttributes apply(String str) {
            try {
                LDAPUserWithAttributes lDAPUserWithAttributes = this.userCache.get(str);
                return lDAPUserWithAttributes != null ? lDAPUserWithAttributes : this.activeDirectory.m11findUserByExternalId(str);
            } catch (UserNotFoundException e) {
                UsnChangedCacheRefresher.log.warn("User with objectGUID '{}' not found in ActiveDirectory", str);
                throw new UsnChangedCacheRefresherIncSyncException("Problems while looking up users by objectGUID in ActiveDirectory detected, falling back to a full sync.");
            } catch (OperationFailedException e2) {
                UsnChangedCacheRefresher.log.warn("Failed to fetch user by objectGUID '{}' from ActiveDirectory", str, e2);
                throw new UsnChangedCacheRefresherIncSyncException("Problems while looking up users by objectGUID in ActiveDirectory detected, falling back to a full sync.");
            }
        }
    }

    public UsnChangedCacheRefresher(MicrosoftActiveDirectory microsoftActiveDirectory) {
        super(microsoftActiveDirectory);
        this.highestCommittedUSN = UNINITIALISED;
        this.userMap = new LDAPEntityNameMap<>();
        this.groupMap = new LDAPEntityNameMap<>();
        this.useLegacyADIncrementalSync = Boolean.valueOf(System.getProperty(PROPERTY_USE_LEGACY_AD_INCREMENTAL_SYNC, "false")).booleanValue();
        this.activeDirectory = microsoftActiveDirectory;
    }

    @Override // com.atlassian.crowd.directory.ldap.cache.CacheRefresher
    public boolean synchroniseChanges(DirectoryCache directoryCache) throws OperationFailedException {
        if (!isIncrementalSyncEnabled()) {
            return false;
        }
        if (this.highestCommittedUSN == UNINITIALISED) {
            log.info("After restarting, full sync of directory [{}] is necessary before incremental sync is possible.", Long.valueOf(this.activeDirectory.getDirectoryId()));
            return false;
        }
        if (getCqlUserFilter() != null) {
            throw new OperationFailedException("Incremental sync with a configured CQL user filter is not supported");
        }
        long fetchHighestCommittedUSN = this.activeDirectory.fetchHighestCommittedUSN();
        synchroniseUserChanges(directoryCache);
        synchroniseGroupChanges(directoryCache);
        this.highestCommittedUSN = fetchHighestCommittedUSN;
        return true;
    }

    @Override // com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher, com.atlassian.crowd.directory.ldap.cache.CacheRefresher
    public void synchroniseAll(DirectoryCache directoryCache) throws OperationFailedException {
        ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(3, ThreadFactories.namedThreadFactory("CrowdUsnChangedCacheRefresher"));
        try {
            this.userListFuture = newFixedThreadPool.submit(new Callable<List<LDAPUserWithAttributes>>() { // from class: com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public List<LDAPUserWithAttributes> call() throws Exception {
                    long currentTimeMillis = System.currentTimeMillis();
                    UsnChangedCacheRefresher.log.debug("loading remote users");
                    List<LDAPUserWithAttributes> searchUsers = UsnChangedCacheRefresher.this.activeDirectory.searchUsers(QueryBuilder.queryFor(LDAPUserWithAttributes.class, EntityDescriptor.user()).returningAtMost(-1));
                    UsnChangedCacheRefresher.log.info("found [ " + searchUsers.size() + " ] remote users in [ " + (System.currentTimeMillis() - currentTimeMillis) + "ms ]");
                    return searchUsers;
                }
            });
            this.groupListFuture = newFixedThreadPool.submit(new Callable<List<LDAPGroupWithAttributes>>() { // from class: com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public List<LDAPGroupWithAttributes> call() throws Exception {
                    long currentTimeMillis = System.currentTimeMillis();
                    UsnChangedCacheRefresher.log.debug("loading remote groups");
                    List<LDAPGroupWithAttributes> searchGroups = UsnChangedCacheRefresher.this.activeDirectory.searchGroups(QueryBuilder.queryFor(LDAPGroupWithAttributes.class, EntityDescriptor.group(GroupType.GROUP)).returningAtMost(-1));
                    UsnChangedCacheRefresher.log.info("found [ " + searchGroups.size() + " ] remote groups in [ " + (System.currentTimeMillis() - currentTimeMillis) + "ms ]");
                    return searchGroups;
                }
            });
            long fetchHighestCommittedUSN = this.activeDirectory.fetchHighestCommittedUSN();
            super.synchroniseAll(directoryCache);
            this.highestCommittedUSN = fetchHighestCommittedUSN;
            newFixedThreadPool.shutdown();
            this.userListFuture = null;
            this.groupListFuture = null;
        } catch (Throwable th) {
            newFixedThreadPool.shutdown();
            this.userListFuture = null;
            this.groupListFuture = null;
            throw th;
        }
    }

    @Override // com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher
    protected void synchroniseAllUsers(DirectoryCache directoryCache) throws OperationFailedException {
        this.userMap.clear();
        Date date = new Date();
        try {
            List<LDAPUserWithAttributes> list = this.userListFuture.get();
            this.userMap.putAll(list);
            directoryCache.deleteCachedUsersNotIn(list, date);
            directoryCache.addOrUpdateCachedUsers(list, date);
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new OperationFailedException("background query interrupted", e);
        } catch (ExecutionException e2) {
            throw new OperationFailedException(e2);
        }
    }

    @Override // com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher
    protected List<? extends Group> synchroniseAllGroups(DirectoryCache directoryCache) throws OperationFailedException {
        this.groupMap.clear();
        Date date = new Date();
        try {
            List<? extends Group> unmodifiableList = Collections.unmodifiableList(filterOutDuplicateGroups(this.groupListFuture.get()));
            this.groupMap.putAll(unmodifiableList);
            directoryCache.deleteCachedGroupsNotIn(GroupType.GROUP, unmodifiableList, date);
            directoryCache.addOrUpdateCachedGroups(unmodifiableList, date);
            return unmodifiableList;
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new OperationFailedException("background query interrupted", e);
        } catch (ExecutionException e2) {
            throw new OperationFailedException(e2);
        }
    }

    private void synchroniseUserChangesUsn(DirectoryCache directoryCache) throws OperationFailedException {
        long currentTimeMillis = System.currentTimeMillis();
        log.debug("loading changed remote users");
        List<LDAPUserWithAttributes> findAddedOrUpdatedUsersSince = this.activeDirectory.findAddedOrUpdatedUsersSince(this.highestCommittedUSN);
        List<Tombstone> findUserTombstonesSince = this.activeDirectory.findUserTombstonesSince(this.highestCommittedUSN);
        this.userMap.putAll(findAddedOrUpdatedUsersSince);
        log.info("found [ {} ] changed remote users in [ {}ms ]", Integer.valueOf(findAddedOrUpdatedUsersSince.size() + findUserTombstonesSince.size()), Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        long currentTimeMillis2 = System.currentTimeMillis();
        ImmutableSet copyOf = ImmutableSet.copyOf(Iterables.transform(findUserTombstonesSince, TOMBSTONE_TO_GUID_FUNCTION));
        log.info("scanned and compared [ {} ] users for delete in DB cache in [ {}ms ]", Integer.valueOf(findUserTombstonesSince.size()), Long.valueOf(System.currentTimeMillis() - currentTimeMillis2));
        directoryCache.deleteCachedUsersByGuid(copyOf);
        this.userMap.removeAllByGuid(copyOf);
        directoryCache.addOrUpdateCachedUsers(findAddedOrUpdatedUsersSince, null);
    }

    private Pair<? extends Set<String>, ? extends Set<String>> validateAndReturnGuidsToAddAndDelete(DirectoryCache directoryCache) throws OperationFailedException {
        if (!this.activeDirectory.isExternalIdConfigured()) {
            throw new UsnChangedCacheRefresherIncSyncException("externalId attribute is not configured in directory.");
        }
        log.debug("loading changed users");
        ImmutableSet copyOf = ImmutableSet.copyOf(directoryCache.getAllUserGuids());
        if (copyOf.size() != directoryCache.getUserCount()) {
            throw new UsnChangedCacheRefresherIncSyncException("Cache returned different number of guids and users (possible reason is overlapping guids in cache, most likely null/empty values).");
        }
        if (copyOf.contains("")) {
            throw new UsnChangedCacheRefresherIncSyncException("Empty guids returned from cache. Falling back to a full sync in order to populate the guids");
        }
        Set<String> findAllUserGuids = this.activeDirectory.findAllUserGuids();
        if (findAllUserGuids.contains("")) {
            throw new UsnChangedCacheRefresherIncSyncException("Empty guids returned from AD. Possible reasons are externalId attribute value in directory configuration or AD server configuration.");
        }
        return Pair.pair(Sets.difference(findAllUserGuids, copyOf), Sets.difference(copyOf, findAllUserGuids));
    }

    private void synchroniseUserChangesGuid(DirectoryCache directoryCache) throws OperationFailedException {
        long currentTimeMillis = System.currentTimeMillis();
        Pair<? extends Set<String>, ? extends Set<String>> validateAndReturnGuidsToAddAndDelete = validateAndReturnGuidsToAddAndDelete(directoryCache);
        Set set = (Set) validateAndReturnGuidsToAddAndDelete.left();
        Set<String> set2 = (Set) validateAndReturnGuidsToAddAndDelete.right();
        ImmutableMap.Builder builder = ImmutableMap.builder();
        ImmutableList.Builder builder2 = ImmutableList.builder();
        for (LDAPUserWithAttributes lDAPUserWithAttributes : this.activeDirectory.findAddedOrUpdatedUsersSince(this.highestCommittedUSN)) {
            String externalId = lDAPUserWithAttributes.getExternalId();
            if (StringUtils.isEmpty(externalId)) {
                throw new UsnChangedCacheRefresherIncSyncException("A null or empty guid retrieved from AD.");
            }
            if (set.contains(externalId)) {
                builder.put(externalId, lDAPUserWithAttributes);
            } else {
                builder2.add(lDAPUserWithAttributes);
            }
        }
        ImmutableMap build = builder.build();
        ImmutableList build2 = builder2.build();
        log.info("scanned and compared [ {} ] users to delete, [ {} ] users to add, [ {} ] users to update in DB cache in [ {}ms ]", new Object[]{Integer.valueOf(set2.size()), Integer.valueOf(set.size()), Integer.valueOf(build2.size()), Long.valueOf(System.currentTimeMillis() - currentTimeMillis)});
        directoryCache.deleteCachedUsersByGuid(set2);
        this.userMap.removeAllByGuid(set2);
        directoryCache.addOrUpdateCachedUsers(build2, null);
        this.userMap.putAll(build2);
        ArrayList newArrayList = Lists.newArrayList(Iterables.transform(set, getGuidToUserFunction(build)));
        directoryCache.addOrUpdateCachedUsers(newArrayList, null);
        this.userMap.putAll(newArrayList);
    }

    void synchroniseUserChanges(DirectoryCache directoryCache) throws OperationFailedException {
        if (this.useLegacyADIncrementalSync) {
            synchroniseUserChangesUsn(directoryCache);
        } else {
            synchroniseUserChangesGuid(directoryCache);
        }
    }

    private void synchroniseGroupChanges(DirectoryCache directoryCache) throws OperationFailedException {
        long currentTimeMillis = System.currentTimeMillis();
        log.debug("loading changed remote groups");
        List<? extends Group> filterOutDuplicateGroups = filterOutDuplicateGroups(this.activeDirectory.findAddedOrUpdatedGroupsSince(this.highestCommittedUSN));
        List<Tombstone> findGroupTombstonesSince = this.activeDirectory.findGroupTombstonesSince(this.highestCommittedUSN);
        log.info("found [ " + (filterOutDuplicateGroups.size() + findGroupTombstonesSince.size()) + " ] changed remote groups in [ " + (System.currentTimeMillis() - currentTimeMillis) + "ms ]");
        this.groupMap.putAll(filterOutDuplicateGroups);
        directoryCache.addOrUpdateCachedGroups(filterOutDuplicateGroups, null);
        synchroniseMemberships(filterOutDuplicateGroups, directoryCache);
        long currentTimeMillis2 = System.currentTimeMillis();
        HashSet hashSet = new HashSet();
        Iterator<Tombstone> it = findGroupTombstonesSince.iterator();
        while (it.hasNext()) {
            String byGuid = this.groupMap.getByGuid(it.next().getObjectGUID());
            if (byGuid != null) {
                hashSet.add(byGuid);
            }
        }
        log.info("scanned and compared [ " + findGroupTombstonesSince.size() + " ] groups for delete in DB cache in [ " + (System.currentTimeMillis() - currentTimeMillis2) + "ms ]");
        directoryCache.deleteCachedGroups(hashSet);
    }

    @Override // com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher
    Iterable<Membership> getMemberships(Iterable<String> iterable) throws OperationFailedException {
        try {
            return new RFC4519DirectoryMembershipsIterable(this.activeDirectory, this.userMap.toLdapNameKeyedMap(), this.groupMap.toLdapNameKeyedMap(), ImmutableSet.copyOf(iterable));
        } catch (InvalidNameException e) {
            throw new OperationFailedException("Failed to get directory memberships due to invalid DN", e);
        }
    }

    private Function<String, LDAPUserWithAttributes> getGuidToUserFunction(Map<String, LDAPUserWithAttributes> map) {
        return new GuidToUserFunction(this.activeDirectory, map);
    }
}
