package com.atlassian.plugins.authentication.sso.web.usercontext.impl.jit;

import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.embedded.impl.IdentifierSet;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InvalidGroupException;
import com.atlassian.crowd.exception.MembershipAlreadyExistsException;
import com.atlassian.crowd.exception.MembershipNotFoundException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.ReadOnlyGroupException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.crowd.manager.directory.DirectoryPermissionException;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupTemplate;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import java.util.ConcurrentModificationException;
import javax.inject.Inject;
import javax.inject.Named;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:com/atlassian/plugins/authentication/sso/web/usercontext/impl/jit/GroupProvisioningService.class */
public class GroupProvisioningService {
    private static final Logger log = LoggerFactory.getLogger(GroupProvisioningService.class);
    private final DirectoryManager directoryManager;

    @Inject
    public GroupProvisioningService(@ComponentImport DirectoryManager directoryManager) {
        this.directoryManager = directoryManager;
    }

    public void updateUserGroups(JitCrowdUser jitCrowdUser, IdentifierSet identifierSet, Directory directory) {
        IdentifierSet userGroups = getUserGroups(jitCrowdUser);
        IdentifierSet difference = IdentifierSet.difference(userGroups, identifierSet);
        IdentifierSet difference2 = IdentifierSet.difference(identifierSet, userGroups);
        log.debug("Updating groups for JIT user [{}]: removing from [{}], adding to [{}]", new Object[]{jitCrowdUser.getName(), difference, difference2});
        removeUserFromGroups(jitCrowdUser, difference);
        addUserToGroups(jitCrowdUser, difference2, directory);
    }

    private IdentifierSet getUserGroups(JitCrowdUser jitCrowdUser) {
        try {
            return new IdentifierSet(this.directoryManager.searchDirectGroupRelationships(jitCrowdUser.getDirectoryId(), QueryBuilder.queryFor(String.class, EntityDescriptor.group()).parentsOf(EntityDescriptor.user()).withName(jitCrowdUser.getName()).returningAtMost(-1)));
        } catch (DirectoryNotFoundException e) {
            throw new ConcurrentModificationException((Throwable) e);
        } catch (OperationFailedException e2) {
            throw new JitException((Throwable) e2);
        }
    }

    private void removeUserFromGroups(User user, IdentifierSet identifierSet) {
        identifierSet.forEach(str -> {
            try {
                log.debug("Removing user [{}] from group [{}]", user.getName(), str);
                this.directoryManager.removeUserFromGroup(user.getDirectoryId(), user.getName(), str);
            } catch (DirectoryPermissionException | OperationFailedException | ReadOnlyGroupException e) {
                log.error("Removing user [{}] from group [{}] failed", new Object[]{user.getName(), str, e});
                throw new JitException((Throwable) e);
            } catch (MembershipNotFoundException e2) {
                log.debug("Cannot remove user [{}] from group [{}] as user is not a member of that group", new Object[]{user.getName(), str, e2});
            } catch (GroupNotFoundException e3) {
                throw new com.atlassian.crowd.exception.runtime.GroupNotFoundException(e3.getGroupName(), e3.getCause());
            } catch (DirectoryNotFoundException e4) {
                log.error("Removing user [{}] from group [{}] failed as the directory does not exist", new Object[]{user, str, e4});
                throw new ConcurrentModificationException((Throwable) e4);
            } catch (UserNotFoundException e5) {
                throw new com.atlassian.crowd.exception.runtime.UserNotFoundException(user.getName(), e5.getCause());
            }
        });
    }

    private void addUserToGroups(User user, IdentifierSet identifierSet, Directory directory) {
        identifierSet.forEach(str -> {
            Group group = getGroup(user.getDirectoryId(), str);
            if (group == null) {
                group = provisionGroup(str, directory);
            }
            try {
                log.debug("Adding user [{}] to group [{}]", user.getName(), group.getName());
                this.directoryManager.addUserToGroup(user.getDirectoryId(), user.getName(), group.getName());
            } catch (UserNotFoundException e) {
                throw new com.atlassian.crowd.exception.runtime.UserNotFoundException(user.getName(), e.getCause());
            } catch (DirectoryNotFoundException e2) {
                log.error("Adding user [{}] to group [{}] failed as the directory does not exist", new Object[]{user, str, e2});
                throw new ConcurrentModificationException((Throwable) e2);
            } catch (GroupNotFoundException e3) {
                throw new com.atlassian.crowd.exception.runtime.GroupNotFoundException(str, e3.getCause());
            } catch (MembershipAlreadyExistsException e4) {
                log.info("User [{}] is already a member of group [{}]", user.getName(), str);
            } catch (DirectoryPermissionException | OperationFailedException | ReadOnlyGroupException e5) {
                log.error("Adding user [{}] to group [{}] failed", new Object[]{user, str, e5});
                throw new JitException((Throwable) e5);
            }
        });
    }

    @Nullable
    private Group getGroup(long j, String str) {
        try {
            return this.directoryManager.findGroupByName(j, str);
        } catch (OperationFailedException e) {
            log.error("Creating group [{}] failed", str);
            throw new JitException((Throwable) e);
        } catch (GroupNotFoundException e2) {
            return null;
        } catch (DirectoryNotFoundException e3) {
            log.error("Could not find directory [{}] in which group [{}] should be created", Long.valueOf(j), str);
            throw new ConcurrentModificationException((Throwable) e3);
        }
    }

    private Group provisionGroup(String str, Directory directory) {
        try {
            log.debug("JIT provisioning group [{}]", str);
            return this.directoryManager.addGroup(directory.getId().longValue(), new GroupTemplate(str, directory.getId().longValue()));
        } catch (InvalidGroupException | OperationFailedException | DirectoryPermissionException e) {
            log.error("Adding group [{}] failed", str, e);
            throw new JitException((Throwable) e);
        } catch (DirectoryNotFoundException e2) {
            log.error("Adding group [{}] failed as the directory does not exist", str, e2);
            throw new ConcurrentModificationException((Throwable) e2);
        }
    }
}
