package com.atlassian.plugins.authentication.sso.web.usercontext.impl.jit;

import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserAlreadyExistsException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.crowd.manager.directory.DirectoryPermissionException;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.crowd.model.user.UserTemplateWithAttributes;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.atlassian.plugins.authentication.sso.license.ProductLicenseChecker;
import com.atlassian.plugins.authentication.sso.web.usercontext.impl.jit.ProvisioningService;
import com.atlassian.plugins.authentication.sso.web.usercontext.impl.jit.mapping.JitUserData;
import com.atlassian.sal.api.features.DarkFeatureManager;
import com.google.common.collect.ImmutableMap;
import java.util.Collections;
import java.util.ConcurrentModificationException;
import java.util.UUID;
import javax.inject.Inject;
import javax.inject.Named;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:com/atlassian/plugins/authentication/sso/web/usercontext/impl/jit/UserProvisioningService.class */
public class UserProvisioningService {
    private static final Logger log = LoggerFactory.getLogger(UserProvisioningService.class);
    private final DarkFeatureManager darkFeatureManager;
    private final ProductLicenseChecker productLicenseChecker;
    private final DirectoryManager directoryManager;

    @Inject
    public UserProvisioningService(@ComponentImport DarkFeatureManager darkFeatureManager, ProductLicenseChecker productLicenseChecker, @ComponentImport DirectoryManager directoryManager) {
        this.darkFeatureManager = darkFeatureManager;
        this.productLicenseChecker = productLicenseChecker;
        this.directoryManager = directoryManager;
    }

    public JitCrowdUser provisionUser(JitUserData jitUserData, Directory directory) {
        log.debug("Attempting to JIT provision unrecognized user [{}]", jitUserData.getUsername());
        try {
            if (!((Boolean) this.darkFeatureManager.isEnabledForAllUsers(ProvisioningService.DarkFeature.DISABLE_LICENSE_CHECK).orElse(false)).booleanValue() && !this.productLicenseChecker.areSlotsAvailable(jitUserData.getGroups())) {
                log.error("Did not provision user [{}] as license limit would have been exceeded", jitUserData.getUsername());
                throw new JitException("User could not be created due to the license’s limit.");
            }
            return new JitCrowdUser(jitUserData.getIdentityProviderId(), (User) this.directoryManager.addUser(directory.getId().longValue(), new UserTemplateWithAttributes(new JitCrowdUser(jitUserData, directory.getId().longValue())), generatePassword()));
        } catch (DirectoryNotFoundException e) {
            log.error("JIT provisioning of user [{}] failed due to missing directory", jitUserData.getUsername(), e);
            throw new ConcurrentModificationException((Throwable) e);
        } catch (InvalidUserException | InvalidCredentialException | UserAlreadyExistsException | OperationFailedException | DirectoryPermissionException e2) {
            log.error("Provisioning user [{}] by JIT failed", jitUserData.getUsername(), e2);
            throw new JitException((Throwable) e2);
        }
    }

    public JitCrowdUser updateUser(JitUserData jitUserData, JitCrowdUser jitCrowdUser) {
        log.debug("Attempting to update JIT user [{}]", jitUserData.getUsername());
        try {
            JitCrowdUser jitCrowdUser2 = jitCrowdUser;
            if (!jitUserData.getIdentityProviderId().equals(jitCrowdUser.getValue(JitCrowdUser.IDENTITY_PROVIDER_ID_ATTRIBUTE_KEY))) {
                this.directoryManager.storeUserAttributes(jitCrowdUser2.getDirectoryId(), jitCrowdUser2.getName(), ImmutableMap.of(JitCrowdUser.IDENTITY_PROVIDER_ID_ATTRIBUTE_KEY, Collections.singleton(jitUserData.getIdentityProviderId())));
            }
            if (!jitUserData.getUsername().equals(jitCrowdUser2.getName())) {
                log.debug("Renaming JIT user [{}] to [{}]", jitCrowdUser2.getName(), jitUserData.getUsername());
                jitCrowdUser2 = this.directoryManager.renameUser(jitCrowdUser2.getDirectoryId(), jitCrowdUser2.getName(), jitUserData.getUsername());
            }
            if (!jitUserData.getDisplayName().equals(jitCrowdUser2.getDisplayName()) || !jitUserData.getEmail().equals(jitCrowdUser2.getEmailAddress())) {
                UserTemplate userTemplate = new UserTemplate(jitCrowdUser2);
                userTemplate.setDisplayName(jitUserData.getDisplayName());
                userTemplate.setEmailAddress(jitUserData.getEmail());
                jitCrowdUser2 = this.directoryManager.updateUser(jitCrowdUser2.getDirectoryId(), userTemplate);
            }
            return new JitCrowdUser(jitUserData.getIdentityProviderId(), (User) jitCrowdUser2);
        } catch (DirectoryNotFoundException e) {
            log.error("The directory [{}] was not found when updating user [{}]", new Object[]{Long.valueOf(jitCrowdUser.getDirectoryId()), jitUserData.getUsername(), e});
            throw new ConcurrentModificationException((Throwable) e);
        } catch (InvalidUserException | UserNotFoundException | OperationFailedException | DirectoryPermissionException | UserAlreadyExistsException e2) {
            log.error("Updating user [{}] by JIT failed", jitUserData.getUsername());
            throw new JitException((Throwable) e2);
        }
    }

    private PasswordCredential generatePassword() {
        return new PasswordCredential(UUID.randomUUID() + "ABab23!");
    }
}
