package com.atlassian.plugins.authentication.sso.web.usercontext.impl.jit;

import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.OperationType;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.atlassian.plugins.authentication.sso.web.usercontext.PrincipalResolver;
import com.atlassian.plugins.authentication.sso.web.usercontext.impl.jit.mapping.JitUserData;
import com.google.common.collect.ImmutableSet;
import java.util.List;
import java.util.Optional;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:com/atlassian/plugins/authentication/sso/web/usercontext/impl/jit/ProvisioningService.class */
public class ProvisioningService {
    private static final ImmutableSet<OperationType> REQUIRED_PERMISSIONS = ImmutableSet.of(OperationType.CREATE_USER, OperationType.CREATE_GROUP);
    private static final Logger log = LoggerFactory.getLogger(ProvisioningService.class);
    private final PrincipalResolver principalResolver;
    private final EventPublisher eventPublisher;
    private final JitDirectoriesFinder jitDirectoriesFinder;
    private final JitUserFinder jitUserFinder;
    private final UserProvisioningService userProvisioningService;
    private final GroupProvisioningService groupProvisioningService;

    /* loaded from: input_file:com/atlassian/plugins/authentication/sso/web/usercontext/impl/jit/ProvisioningService$DarkFeature.class */
    public interface DarkFeature {
        public static final String DISABLE_LICENSE_CHECK = "atlassian.authentication.sso.jit.disable.license.check";
    }

    @Inject
    public ProvisioningService(PrincipalResolver principalResolver, @ComponentImport EventPublisher eventPublisher, JitDirectoriesFinder jitDirectoriesFinder, JitUserFinder jitUserFinder, UserProvisioningService userProvisioningService, GroupProvisioningService groupProvisioningService) {
        this.principalResolver = principalResolver;
        this.eventPublisher = eventPublisher;
        this.jitDirectoriesFinder = jitDirectoriesFinder;
        this.jitUserFinder = jitUserFinder;
        this.userProvisioningService = userProvisioningService;
        this.groupProvisioningService = groupProvisioningService;
    }

    public void handleJustInTimeProvisioning(JitUserData jitUserData, HttpServletRequest httpServletRequest) {
        List<Directory> findAllActiveInternalDirectories = this.jitDirectoriesFinder.findAllActiveInternalDirectories();
        Optional<JitCrowdUser> findUserInternally = this.jitUserFinder.findUserInternally(jitUserData, findAllActiveInternalDirectories);
        Directory findJitDirectory = findJitDirectory(findAllActiveInternalDirectories);
        if (!findUserInternally.isPresent() && !this.principalResolver.resolvePrincipal(jitUserData.getUsername(), httpServletRequest).isPresent()) {
            log.debug("User {} not found in the application, provisioning the user", jitUserData.getUsername());
            findUserInternally = Optional.of(this.userProvisioningService.provisionUser(jitUserData, findJitDirectory));
            findUserInternally.ifPresent(jitCrowdUser -> {
                this.eventPublisher.publish(new UserProvisionedEvent());
            });
        }
        if (findUserInternally.isPresent()) {
            log.debug("User {} already exists in the application, updating user details", jitUserData.getUsername());
            this.groupProvisioningService.updateUserGroups(this.userProvisioningService.updateUser(jitUserData, findUserInternally.get()), jitUserData.getGroups(), findJitDirectory);
        }
    }

    private Directory findJitDirectory(List<Directory> list) {
        return list.stream().filter(directory -> {
            return directory.getAllowedOperations().containsAll(REQUIRED_PERMISSIONS);
        }).findFirst().orElseThrow(() -> {
            return new JitException(String.format("JIT provisioning of group failed as there is no active internal directory with %s permissions", REQUIRED_PERMISSIONS));
        });
    }
}
