package com.atlassian.troubleshooting.confluence.healthcheck.directory.internal;

import com.atlassian.confluence.user.ConfluenceAuthenticator;
import com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator;
import com.atlassian.crowd.embedded.api.CrowdDirectoryService;
import com.atlassian.crowd.embedded.api.DirectoryType;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.atlassian.seraph.auth.Authenticator;
import com.atlassian.troubleshooting.api.healthcheck.SupportHealthCheck;
import com.atlassian.troubleshooting.api.healthcheck.SupportHealthStatus;
import com.atlassian.troubleshooting.confluence.healthcheck.analytics.InternalAdminCheckFallbackEvent;
import com.atlassian.troubleshooting.confluence.healthcheck.util.SessionWrapper;
import com.atlassian.troubleshooting.healthcheck.SupportHealthStatusBuilder;
import java.io.Serializable;
import java.util.Arrays;
import java.util.List;
import net.sf.hibernate.HibernateException;
import net.sf.hibernate.Query;
import net.sf.hibernate.Session;
import net.sf.hibernate.SessionFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/atlassian/troubleshooting/confluence/healthcheck/directory/internal/InternalAdminCheck.class */
public class InternalAdminCheck implements SupportHealthCheck {
    private static final char ACTIVE = 'T';
    private final CrowdDirectoryService crowdDirectoryService;
    private final SessionFactory sessionFactory;
    private final SupportHealthStatusBuilder supportHealthStatusBuilder;
    private final InternalAdminCheckFallback internalAdminCheckFallback;
    private final EventPublisher eventPublisher;
    private final AuthenticatorProvider authenticatorProvider;
    private static final Logger LOGGER = LoggerFactory.getLogger(InternalAdminCheck.class);
    private static final List<String> ADMINISTRATOR_PERM_TYPES = Arrays.asList("ADMINISTRATECONFLUENCE", "SYSTEMADMINISTRATOR");

    @Autowired
    public InternalAdminCheck(@ComponentImport CrowdDirectoryService crowdDirectoryService, SupportHealthStatusBuilder supportHealthStatusBuilder, InternalAdminCheckFallback internalAdminCheckFallback, AuthenticatorProvider authenticatorProvider, @ComponentImport SessionFactory sessionFactory, @ComponentImport EventPublisher eventPublisher) {
        this.supportHealthStatusBuilder = supportHealthStatusBuilder;
        this.crowdDirectoryService = crowdDirectoryService;
        this.sessionFactory = sessionFactory;
        this.internalAdminCheckFallback = internalAdminCheckFallback;
        this.eventPublisher = eventPublisher;
        this.authenticatorProvider = authenticatorProvider;
    }

    @Override // com.atlassian.troubleshooting.api.healthcheck.SupportHealthCheck
    public SupportHealthStatus check() {
        Authenticator authenticator = this.authenticatorProvider.getAuthenticator();
        if (authenticator instanceof ConfluenceCrowdSSOAuthenticator) {
            return this.supportHealthStatusBuilder.ok(this, "confluence.healthcheck.directory.internal.sso.present", new Serializable[0]);
        }
        if (!(authenticator instanceof ConfluenceAuthenticator)) {
            return this.supportHealthStatusBuilder.ok(this, "confluence.healthcheck.directory.internal.custom.authenticator", new Serializable[0]);
        }
        if (!this.crowdDirectoryService.findAllDirectories().stream().anyMatch(directory -> {
            return directory.getType() == DirectoryType.INTERNAL && directory.isActive();
        })) {
            return this.supportHealthStatusBuilder.major(this, "confluence.healthcheck.directory.internal.has.internal.dir.fail", new Serializable[0]);
        }
        try {
            SessionWrapper sessionWrapper = new SessionWrapper(this.sessionFactory.openSession());
            Throwable th = null;
            try {
                if (countUsersInAdminGroupQuery(sessionWrapper.getSession()) != 0 || countUsersWithAdminPermissionQuery(sessionWrapper.getSession()) != 0) {
                    if (sessionWrapper != null) {
                        if (0 != 0) {
                            try {
                                sessionWrapper.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            sessionWrapper.close();
                        }
                    }
                    return this.supportHealthStatusBuilder.ok(this, "confluence.healthcheck.directory.internal.admin.ok", new Serializable[0]);
                }
                SupportHealthStatus major = this.supportHealthStatusBuilder.major(this, "confluence.healthcheck.directory.internal.admin.fail", new Serializable[0]);
                if (sessionWrapper != null) {
                    if (0 != 0) {
                        try {
                            sessionWrapper.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        sessionWrapper.close();
                    }
                }
                return major;
            } finally {
            }
        } catch (Exception e) {
            LOGGER.error("An error occurred when performing the Internal Administrator User health check, we're going to try to fallback: ", e);
            this.eventPublisher.publish(new InternalAdminCheckFallbackEvent());
            return this.internalAdminCheckFallback.check();
        }
        LOGGER.error("An error occurred when performing the Internal Administrator User health check, we're going to try to fallback: ", e);
        this.eventPublisher.publish(new InternalAdminCheckFallbackEvent());
        return this.internalAdminCheckFallback.check();
    }

    private int countUsersInAdminGroupQuery(Session session) throws HibernateException {
        Query createQuery = session.createQuery("select count(distinct cu.name) from HibernateMembership cm left join cm.userMember as cu left join cm.parentGroup as cg left join cu.directory as cd where cg.lowerName in (select sp.group from SpacePermission sp where sp.type in (:permType)) and cu.active = :active and cg.active = :active and cd.type = :directoryType");
        createQuery.setParameterList("permType", ADMINISTRATOR_PERM_TYPES);
        createQuery.setCharacter("active", 'T');
        createQuery.setParameter("directoryType", DirectoryType.INTERNAL.name());
        return ((Integer) createQuery.uniqueResult()).intValue();
    }

    private int countUsersWithAdminPermissionQuery(Session session) throws HibernateException {
        Query createQuery = session.createQuery("select count(distinct cu.name) from InternalUser cu left join cu.directory as cd where cu.name in(select um.name from SpacePermission sp left join sp.userSubject as um where sp.type in (:permType)) and cu.active = :active and cd.type = :directoryType");
        createQuery.setParameterList("permType", ADMINISTRATOR_PERM_TYPES);
        createQuery.setCharacter("active", 'T');
        createQuery.setParameter("directoryType", DirectoryType.INTERNAL.name());
        return ((Integer) createQuery.uniqueResult()).intValue();
    }
}
