package com.atlassian.crowd.directory;

import com.atlassian.crowd.attribute.AttributePredicates;
import com.atlassian.crowd.directory.SynchronisableDirectoryProperties;
import com.atlassian.crowd.directory.hybrid.LocalGroupHandler;
import com.atlassian.crowd.directory.ldap.cache.CacheRefresher;
import com.atlassian.crowd.directory.ldap.cache.DirectoryCache;
import com.atlassian.crowd.directory.ldap.cache.DirectoryCacheFactory;
import com.atlassian.crowd.directory.ldap.cache.EventTokenChangedCacheRefresher;
import com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher;
import com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.InvalidGroupException;
import com.atlassian.crowd.exception.InvalidMembershipException;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.MembershipAlreadyExistsException;
import com.atlassian.crowd.exception.MembershipNotFoundException;
import com.atlassian.crowd.exception.ObjectNotFoundException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.ReadOnlyGroupException;
import com.atlassian.crowd.exception.UserAlreadyExistsException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.manager.directory.SynchronisationMode;
import com.atlassian.crowd.manager.directory.SynchronisationStatusManager;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupTemplate;
import com.atlassian.crowd.model.group.GroupWithAttributes;
import com.atlassian.crowd.model.user.TimestampedUser;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.crowd.model.user.UserTemplateWithAttributes;
import com.atlassian.crowd.model.user.UserWithAttributes;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.search.builder.Restriction;
import com.atlassian.crowd.search.query.entity.restriction.constants.GroupTermKeys;
import com.atlassian.crowd.search.query.membership.MembershipQuery;
import com.atlassian.crowd.util.TimedOperation;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.io.Serializable;
import java.util.Collections;
import java.util.ConcurrentModificationException;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/directory/DbCachingRemoteDirectory.class */
public class DbCachingRemoteDirectory extends AbstractForwardingDirectory implements RemoteDirectory, SynchronisableDirectory {
    private static final Logger log = LoggerFactory.getLogger(DbCachingRemoteDirectory.class);
    public static final String INTERNAL_USER_PASSWORD = "nopass";
    private final RemoteDirectory remoteDirectory;
    private final LocalGroupHandler localGroupHandler;
    private final InternalRemoteDirectory internalDirectory;
    private final DirectoryCacheFactory directoryCacheFactory;
    private final CacheRefresher cacheRefresher;

    public DbCachingRemoteDirectory(RemoteDirectory remoteDirectory, InternalRemoteDirectory internalRemoteDirectory, DirectoryCacheFactory directoryCacheFactory) {
        this(remoteDirectory, internalRemoteDirectory, directoryCacheFactory, new LocalGroupHandler(internalRemoteDirectory), buildCacheRefresher(remoteDirectory));
    }

    DbCachingRemoteDirectory(RemoteDirectory remoteDirectory, InternalRemoteDirectory internalRemoteDirectory, DirectoryCacheFactory directoryCacheFactory, CacheRefresher cacheRefresher) {
        this(remoteDirectory, internalRemoteDirectory, directoryCacheFactory, new LocalGroupHandler(internalRemoteDirectory), cacheRefresher);
    }

    private DbCachingRemoteDirectory(RemoteDirectory remoteDirectory, InternalRemoteDirectory internalRemoteDirectory, DirectoryCacheFactory directoryCacheFactory, LocalGroupHandler localGroupHandler, CacheRefresher cacheRefresher) {
        this.remoteDirectory = remoteDirectory;
        this.internalDirectory = internalRemoteDirectory;
        this.directoryCacheFactory = directoryCacheFactory;
        this.localGroupHandler = localGroupHandler;
        this.cacheRefresher = cacheRefresher;
        log.debug("DBCached directory created for directory [ " + remoteDirectory.getDirectoryId() + " ]");
    }

    private static CacheRefresher buildCacheRefresher(RemoteDirectory remoteDirectory) {
        if (remoteDirectory instanceof MicrosoftActiveDirectory) {
            return new UsnChangedCacheRefresher((MicrosoftActiveDirectory) remoteDirectory);
        }
        if (!(remoteDirectory instanceof RemoteCrowdDirectory)) {
            return new RemoteDirectoryCacheRefresher(remoteDirectory);
        }
        return new EventTokenChangedCacheRefresher((RemoteCrowdDirectory) remoteDirectory, new RemoteDirectoryCacheRefresher(remoteDirectory));
    }

    public long getDirectoryId() {
        return this.remoteDirectory.getDirectoryId();
    }

    public void setDirectoryId(long j) {
        throw new UnsupportedOperationException("You cannot mutate the directoryID of " + getClass().getName());
    }

    public String getDescriptiveName() {
        return this.remoteDirectory.getDescriptiveName();
    }

    public void setAttributes(Map<String, String> map) {
        throw new UnsupportedOperationException("You cannot mutate the attributes of " + getClass().getName());
    }

    public User authenticate(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        return this.remoteDirectory instanceof RemoteCrowdDirectory ? authenticateAndUpdateInternalUser(str, passwordCredential) : performAuthenticationAndUpdateAttributes(str, passwordCredential);
    }

    private User performAuthenticationAndUpdateAttributes(String str, PasswordCredential passwordCredential) throws UserNotFoundException, ExpiredCredentialException, InactiveAccountException, OperationFailedException, InvalidAuthenticationException {
        HashMap hashMap = new HashMap();
        try {
            User authenticateAndUpdateInternalUser = authenticateAndUpdateInternalUser(str, passwordCredential);
            if (!this.remoteDirectory.supportsInactiveAccounts() && !this.internalDirectory.findUserByName(str).isActive()) {
                throw new InactiveAccountException(str);
            }
            hashMap.put("invalidPasswordAttempts", Collections.singleton(Long.toString(0L)));
            hashMap.put("lastAuthenticated", Collections.singleton(Long.toString(System.currentTimeMillis())));
            storeUserAttributes(str, hashMap);
            return authenticateAndUpdateInternalUser;
        } catch (InvalidAuthenticationException e) {
            hashMap.put("invalidPasswordAttempts", Collections.singleton(Long.toString(NumberUtils.toLong(findUserWithAttributesByName(str).getValue("invalidPasswordAttempts"), 0L) + 1)));
            storeUserAttributes(str, hashMap);
            throw e;
        }
    }

    @VisibleForTesting
    protected User authenticateAndUpdateInternalUser(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        User authenticate = this.remoteDirectory.authenticate(str, passwordCredential);
        updateUserFromRemoteDirectory(authenticate);
        return authenticate;
    }

    public User updateUserFromRemoteDirectory(@Nonnull User user) throws OperationFailedException, UserNotFoundException {
        UserWithAttributes updateUserAndSetActiveFlag;
        User findLocalUserByExternalIdOrName = findLocalUserByExternalIdOrName(user);
        boolean z = findLocalUserByExternalIdOrName == null;
        try {
            if (z) {
                updateUserAndSetActiveFlag = addInternalUser(UserTemplateWithAttributes.toUserWithNoAttributes(user));
            } else {
                if (!findLocalUserByExternalIdOrName.getName().equals(user.getName())) {
                    findLocalUserByExternalIdOrName = this.internalDirectory.forceRenameUser(findLocalUserByExternalIdOrName, user.getName());
                }
                updateUserAndSetActiveFlag = updateUserAndSetActiveFlag(user, findLocalUserByExternalIdOrName);
            }
            if (shouldSyncGroupMembershipAfterUserAuthentication(z)) {
                updateGroupsMembershipOnLogin(user);
            }
            return updateUserAndSetActiveFlag;
        } catch (InvalidUserException e) {
            throw new OperationFailedException(e);
        }
    }

    private TimestampedUser findLocalUserByExternalIdOrName(User user) {
        TimestampedUser findLocalUserByExternalId = findLocalUserByExternalId(user.getExternalId());
        if (findLocalUserByExternalId != null) {
            return findLocalUserByExternalId;
        }
        try {
            return this.internalDirectory.findUserByName(user.getName());
        } catch (UserNotFoundException e) {
            return null;
        }
    }

    private TimestampedUser findLocalUserByExternalId(String str) {
        if (str == null) {
            return null;
        }
        try {
            if (str.isEmpty()) {
                return null;
            }
            return this.internalDirectory.findUserByExternalId(str);
        } catch (UserNotFoundException e) {
            return null;
        }
    }

    @VisibleForTesting
    protected User updateUserAndSetActiveFlag(User user, User user2) throws UserNotFoundException, InvalidUserException, OperationFailedException {
        preventExternalIdDuplication(user, user2);
        UserTemplate userTemplate = new UserTemplate(user);
        if (!this.remoteDirectory.supportsInactiveAccounts() || this.internalDirectory.isLocalUserStatusEnabled()) {
            userTemplate.setActive(user2.isActive());
        }
        return this.internalDirectory.updateUser(userTemplate);
    }

    @VisibleForTesting
    protected void updateGroupsMembershipOnLogin(User user) throws OperationFailedException, UserNotFoundException {
        log.debug("Updating groups on login for user {}", user.getName());
        MembershipQuery returningAtMost = QueryBuilder.queryFor(String.class, EntityDescriptor.group()).parentsOf(EntityDescriptor.user()).withName(user.getName()).returningAtMost(-1);
        ImmutableSet copyOf = ImmutableSet.copyOf(this.remoteDirectory.searchGroupRelationships(returningAtMost));
        ImmutableSet copyOf2 = ImmutableSet.copyOf(this.internalDirectory.searchGroupRelationships(returningAtMost));
        Sets.SetView<String> difference = Sets.difference(copyOf, copyOf2);
        Sets.SetView<String> difference2 = Sets.difference(copyOf2, copyOf);
        if (!difference2.isEmpty() && !copyOf.isEmpty()) {
            ImmutableSet<String> findAllLocalGroups = findAllLocalGroups();
            for (String str : difference2) {
                try {
                    if (!findAllLocalGroups.contains(str)) {
                        this.internalDirectory.removeUserFromGroup(user.getName(), str);
                    }
                } catch (ReadOnlyGroupException e) {
                    throw new RuntimeException("Failed to remove user from internal directory as group " + str + " is read only ", e);
                } catch (MembershipNotFoundException e2) {
                    log.debug("User " + user.getName() + " is no longer member of the group " + str);
                } catch (GroupNotFoundException e3) {
                    log.debug("Group {} not found when trying to remove user {} from group during auth", str, user.getName());
                }
            }
        }
        for (String str2 : difference) {
            try {
                try {
                    addUserToGroupInternal(user.getName(), str2);
                } catch (GroupNotFoundException e4) {
                    log.debug("Group {} doesn't exist during authentication of user {}, trying to create", str2, user.getName());
                    if (syncRemoteGroupToInternalDirectory(str2)) {
                        addUserToGroupInternal(user.getName(), str2);
                    }
                }
            } catch (ReadOnlyGroupException e5) {
                throw new RuntimeException("Failed to add user from internal directory as group " + str2 + " is read only ", e5);
            } catch (GroupNotFoundException e6) {
                throw new RuntimeException("Failed adding the user " + user.getName() + " as group " + str2 + " doesn't exist", e6);
            }
        }
    }

    private boolean syncRemoteGroupToInternalDirectory(String str) throws OperationFailedException {
        try {
            GroupWithAttributes findGroupWithAttributesByName = this.remoteDirectory.findGroupWithAttributesByName(str);
            try {
                GroupTemplate groupTemplate = new GroupTemplate(findGroupWithAttributesByName.getName(), this.internalDirectory.getDirectoryId());
                groupTemplate.setDescription(findGroupWithAttributesByName.getDescription());
                this.internalDirectory.addGroup(groupTemplate);
                Stream filter = findGroupWithAttributesByName.getKeys().stream().filter(AttributePredicates.SYNCING_ATTRIBUTE);
                Function identity = Function.identity();
                findGroupWithAttributesByName.getClass();
                Map map = (Map) filter.collect(Collectors.toMap(identity, findGroupWithAttributesByName::getValues));
                if (!map.isEmpty()) {
                    try {
                        this.internalDirectory.storeGroupAttributes(groupTemplate.getName(), map);
                    } catch (GroupNotFoundException e) {
                        throw new OperationFailedException(e);
                    }
                }
                return true;
            } catch (InvalidGroupException e2) {
                log.debug("Failed to add group " + str, e2);
                return true;
            }
        } catch (GroupNotFoundException e3) {
            log.debug("Tried to add group " + str + " to internal directory, but failed retrieving the group from remote. Ignoring.", e3);
            return false;
        }
    }

    private void preventExternalIdDuplication(User user, User user2) throws OperationFailedException, InvalidUserException {
        if (StringUtils.isBlank(user.getExternalId()) || user.getExternalId().equals(user2.getExternalId())) {
            return;
        }
        try {
            TimestampedUser findUserByExternalId = this.internalDirectory.findUserByExternalId(user.getExternalId());
            if (findUserByExternalId != null) {
                removeExternalId(findUserByExternalId);
                log.warn("Possible user unique id duplication, removing unique id: " + user2.getExternalId() + " for user " + user2.getName());
            }
        } catch (UserNotFoundException e) {
        }
    }

    private void removeExternalId(User user) throws UserNotFoundException, InvalidUserException, OperationFailedException {
        UserTemplate userTemplate = new UserTemplate(user);
        userTemplate.setExternalId((String) null);
        this.internalDirectory.updateUser(userTemplate);
    }

    private ImmutableSet<String> findAllLocalGroups() throws OperationFailedException {
        return !this.localGroupHandler.isLocalGroupsEnabled() ? ImmutableSet.of() : ImmutableSet.copyOf(this.internalDirectory.searchGroups(QueryBuilder.queryFor(String.class, EntityDescriptor.group()).with(Restriction.on(GroupTermKeys.LOCAL).exactlyMatching(true)).returningAtMost(-1)));
    }

    public UserWithAttributes addUser(UserTemplateWithAttributes userTemplateWithAttributes, PasswordCredential passwordCredential) throws InvalidUserException, InvalidCredentialException, UserAlreadyExistsException, OperationFailedException {
        UserTemplateWithAttributes userWithNoAttributes = UserTemplateWithAttributes.toUserWithNoAttributes(userTemplateWithAttributes);
        if (isUserAttributeSynchronisationEnabled()) {
            userTemplateWithAttributes.getAttributes().entrySet().stream().filter(AttributePredicates.SYNCHRONISABLE_ATTRIBUTE_ENTRY_PREDICATE).forEach(entry -> {
                userWithNoAttributes.setAttribute((String) entry.getKey(), (Set) entry.getValue());
            });
        }
        UserWithAttributes addUser = this.remoteDirectory.addUser(userWithNoAttributes, passwordCredential);
        UserTemplateWithAttributes userTemplateWithAttributes2 = new UserTemplateWithAttributes(addUser);
        for (String str : userTemplateWithAttributes.getKeys()) {
            if (addUser.getValue(str) == null) {
                userTemplateWithAttributes2.setAttribute(str, userTemplateWithAttributes.getValues(str));
            }
        }
        return addInternalUser(userTemplateWithAttributes2);
    }

    @VisibleForTesting
    boolean isUserAttributeSynchronisationEnabled() {
        return Boolean.parseBoolean(this.remoteDirectory.getValue("userAttributesSyncEnabled"));
    }

    private UserWithAttributes addInternalUser(UserWithAttributes userWithAttributes) throws InvalidUserException, OperationFailedException {
        try {
            return this.internalDirectory.addUser(new UserTemplateWithAttributes(userWithAttributes), PasswordCredential.encrypted(INTERNAL_USER_PASSWORD));
        } catch (UserAlreadyExistsException e) {
            try {
                this.internalDirectory.updateUser(new UserTemplateWithAttributes(userWithAttributes));
                return this.internalDirectory.findUserWithAttributesByName(userWithAttributes.getName());
            } catch (UserNotFoundException e2) {
                throw new ConcurrentModificationException((Throwable) e2);
            }
        } catch (InvalidCredentialException e3) {
            throw new RuntimeException("Unexpected Credential Exception", e3);
        }
    }

    public User updateUser(UserTemplate userTemplate) throws InvalidUserException, UserNotFoundException, OperationFailedException {
        UserTemplate userTemplate2 = new UserTemplate(userTemplate);
        if (this.remoteDirectory.supportsInactiveAccounts() && isLocalUserStatusEnabled()) {
            userTemplate2.setActive(this.remoteDirectory.findUserByName(userTemplate.getName()).isActive());
        }
        UserTemplate userTemplate3 = new UserTemplate(this.remoteDirectory.updateUser(userTemplate2));
        if (!this.remoteDirectory.supportsInactiveAccounts() || isLocalUserStatusEnabled()) {
            userTemplate3.setActive(userTemplate.isActive());
        }
        return this.internalDirectory.updateUser(userTemplate3);
    }

    private boolean isLocalUserStatusEnabled() {
        return this.internalDirectory.isLocalUserStatusEnabled();
    }

    public void updateUserCredential(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InvalidCredentialException, OperationFailedException {
        this.remoteDirectory.updateUserCredential(str, passwordCredential);
    }

    public User renameUser(String str, String str2) throws UserNotFoundException, InvalidUserException, OperationFailedException, UserAlreadyExistsException {
        this.remoteDirectory.renameUser(str, str2);
        return this.internalDirectory.renameUser(str, str2);
    }

    public void storeUserAttributes(String str, Map<String, Set<String>> map) throws UserNotFoundException, OperationFailedException {
        if (isUserAttributeSynchronisationEnabled()) {
            Map map2 = (Map) map.entrySet().stream().filter(AttributePredicates.SYNCHRONISABLE_ATTRIBUTE_ENTRY_PREDICATE).collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, (v0) -> {
                return v0.getValue();
            }));
            if (!map2.isEmpty()) {
                this.remoteDirectory.storeUserAttributes(str, map2);
            }
        }
        this.internalDirectory.storeUserAttributes(str, map);
    }

    public void removeUserAttributes(String str, String str2) throws UserNotFoundException, OperationFailedException {
        if (isUserAttributeSynchronisationEnabled() && AttributePredicates.SYNCING_ATTRIBUTE.test(str2)) {
            this.remoteDirectory.removeUserAttributes(str, str2);
        }
        this.internalDirectory.removeUserAttributes(str, str2);
    }

    public void removeUser(String str) throws UserNotFoundException, OperationFailedException {
        try {
            this.remoteDirectory.removeUser(str);
            this.internalDirectory.removeUser(str);
        } catch (UserNotFoundException e) {
            this.internalDirectory.removeUser(str);
            throw e;
        }
    }

    public Group addGroup(GroupTemplate groupTemplate) throws InvalidGroupException, OperationFailedException {
        if (this.localGroupHandler.isLocalGroupsEnabled()) {
            if (isRemoteGroup(groupTemplate.getName())) {
                throw new InvalidGroupException(groupTemplate, "Group already exists in the Remote Directory");
            }
            try {
                return this.localGroupHandler.createLocalGroup(makeGroupTemplate(groupTemplate));
            } catch (DirectoryNotFoundException e) {
                throw new OperationFailedException(e);
            }
        }
        try {
            GroupTemplate groupTemplate2 = new GroupTemplate(this.remoteDirectory.addGroup(groupTemplate));
            try {
                return this.internalDirectory.addGroup(groupTemplate2);
            } catch (InvalidGroupException e2) {
                try {
                    return this.internalDirectory.updateGroup(groupTemplate2);
                } catch (GroupNotFoundException | ReadOnlyGroupException e3) {
                    throw new OperationFailedException(e2);
                }
            }
        } catch (InvalidGroupException e4) {
            try {
                this.internalDirectory.addGroup(new GroupTemplate(this.remoteDirectory.findGroupByName(groupTemplate.getName())));
                throw e4;
            } catch (GroupNotFoundException e5) {
                throw e4;
            }
        }
    }

    public Group updateGroup(GroupTemplate groupTemplate) throws InvalidGroupException, GroupNotFoundException, OperationFailedException, ReadOnlyGroupException {
        if (!this.localGroupHandler.isLocalGroupsEnabled()) {
            return this.internalDirectory.updateGroup(new GroupTemplate(this.remoteDirectory.updateGroup(groupTemplate)));
        }
        if (isRemoteGroup(groupTemplate.getName())) {
            throw new ReadOnlyGroupException(groupTemplate.getName());
        }
        return this.localGroupHandler.updateLocalGroup(makeGroupTemplate(groupTemplate));
    }

    public Group renameGroup(String str, String str2) throws GroupNotFoundException, InvalidGroupException {
        throw new UnsupportedOperationException("Renaming groups is not supported");
    }

    public void storeGroupAttributes(String str, Map<String, Set<String>> map) throws GroupNotFoundException, OperationFailedException {
        Map map2 = (Map) map.entrySet().stream().filter(AttributePredicates.SYNCHRONISABLE_ATTRIBUTE_ENTRY_PREDICATE).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
        if (!map2.isEmpty()) {
            this.remoteDirectory.storeGroupAttributes(str, map2);
        }
        this.internalDirectory.storeGroupAttributes(str, map);
    }

    public void removeGroupAttributes(String str, String str2) throws GroupNotFoundException, OperationFailedException {
        if (AttributePredicates.SYNCING_ATTRIBUTE.test(str2)) {
            this.remoteDirectory.removeGroupAttributes(str, str2);
        }
        this.internalDirectory.removeGroupAttributes(str, str2);
    }

    public void removeGroup(String str) throws GroupNotFoundException, OperationFailedException, ReadOnlyGroupException {
        if (this.localGroupHandler.isLocalGroupsEnabled()) {
            if (isRemoteGroup(str)) {
                throw new ReadOnlyGroupException(str);
            }
            this.internalDirectory.removeGroup(str);
        } else {
            try {
                this.remoteDirectory.removeGroup(str);
                this.internalDirectory.removeGroup(str);
            } catch (GroupNotFoundException e) {
                this.internalDirectory.removeGroup(str);
                throw e;
            }
        }
    }

    private boolean isRemoteGroup(String str) throws OperationFailedException {
        try {
            this.remoteDirectory.findGroupByName(str);
            return true;
        } catch (GroupNotFoundException e) {
            return false;
        }
    }

    public void addUserToGroup(String str, String str2) throws GroupNotFoundException, UserNotFoundException, OperationFailedException, ReadOnlyGroupException, MembershipAlreadyExistsException {
        if (this.localGroupHandler.isLocalGroupsEnabled()) {
            if (isRemoteGroup(str2)) {
                throw new ReadOnlyGroupException(str2);
            }
            this.localGroupHandler.addUserToLocalGroup(str, str2);
        } else {
            try {
                this.remoteDirectory.addUserToGroup(str, str2);
                addUserToGroupInternal(str, str2);
            } catch (MembershipAlreadyExistsException e) {
                addUserToGroupInternal(str, str2);
                throw e;
            }
        }
    }

    private void addUserToGroupInternal(String str, String str2) throws GroupNotFoundException, UserNotFoundException, ReadOnlyGroupException, OperationFailedException {
        try {
            this.internalDirectory.addUserToGroup(str, str2);
        } catch (MembershipAlreadyExistsException e) {
            log.debug("User (" + str + ") is already a member of group (" + str2 + ").");
        }
    }

    public void addGroupToGroup(String str, String str2) throws GroupNotFoundException, InvalidMembershipException, OperationFailedException, ReadOnlyGroupException, MembershipAlreadyExistsException {
        if (this.localGroupHandler.isLocalGroupsEnabled()) {
            if (isRemoteGroup(str2)) {
                throw new ReadOnlyGroupException(str2);
            }
            addGroupToGroupInternal(str, str2);
        } else {
            try {
                this.remoteDirectory.addGroupToGroup(str, str2);
                addGroupToGroupInternal(str, str2);
            } catch (MembershipAlreadyExistsException e) {
                addGroupToGroupInternal(str, str2);
                throw e;
            }
        }
    }

    private void addGroupToGroupInternal(String str, String str2) throws GroupNotFoundException, InvalidMembershipException, ReadOnlyGroupException, OperationFailedException {
        try {
            this.internalDirectory.addGroupToGroup(str, str2);
        } catch (MembershipAlreadyExistsException e) {
            log.debug("Group (" + str + ") is already a member of group (" + str2 + ").");
        }
    }

    public void removeUserFromGroup(String str, String str2) throws GroupNotFoundException, UserNotFoundException, MembershipNotFoundException, OperationFailedException, ReadOnlyGroupException {
        if (this.localGroupHandler.isLocalGroupsEnabled()) {
            if (isRemoteGroup(str2)) {
                throw new ReadOnlyGroupException(str2);
            }
            this.localGroupHandler.removeUserFromLocalGroup(str, str2);
        } else {
            try {
                this.remoteDirectory.removeUserFromGroup(str, str2);
                this.internalDirectory.removeUserFromGroup(str, str2);
            } catch (UserNotFoundException | GroupNotFoundException | MembershipNotFoundException e) {
                silentlyRemoveUserFromGroupInTheCache(str, str2);
                throw e;
            }
        }
    }

    private void silentlyRemoveUserFromGroupInTheCache(String str, String str2) {
        try {
            this.internalDirectory.removeUserFromGroup(str, str2);
        } catch (ObjectNotFoundException | ReadOnlyGroupException | OperationFailedException e) {
            log.debug("Ignoring exception when removing user from group in cache", e);
        }
    }

    public void removeGroupFromGroup(String str, String str2) throws GroupNotFoundException, InvalidMembershipException, MembershipNotFoundException, OperationFailedException, ReadOnlyGroupException {
        if (this.localGroupHandler.isLocalGroupsEnabled()) {
            if (isRemoteGroup(str2)) {
                throw new ReadOnlyGroupException(str2);
            }
            this.internalDirectory.removeGroupFromGroup(str, str2);
        } else {
            try {
                this.remoteDirectory.removeGroupFromGroup(str, str2);
                this.internalDirectory.removeGroupFromGroup(str, str2);
            } catch (GroupNotFoundException | MembershipNotFoundException e) {
                silentlyRemoveGroupFromGroupInTheCache(str, str2);
                throw e;
            }
        }
    }

    private void silentlyRemoveGroupFromGroupInTheCache(String str, String str2) {
        try {
            this.internalDirectory.removeGroupFromGroup(str, str2);
        } catch (ObjectNotFoundException | OperationFailedException | InvalidMembershipException | ReadOnlyGroupException e) {
            log.debug("Ignoring exception when removing group from group in cache", e);
        }
    }

    public void testConnection() throws OperationFailedException {
        this.remoteDirectory.testConnection();
    }

    public boolean supportsInactiveAccounts() {
        return this.remoteDirectory.supportsInactiveAccounts() || this.internalDirectory.isLocalUserStatusEnabled();
    }

    public boolean supportsNestedGroups() {
        return this.remoteDirectory.supportsNestedGroups();
    }

    public boolean supportsPasswordExpiration() {
        return this.remoteDirectory.supportsPasswordExpiration();
    }

    public boolean supportsSettingEncryptedCredential() {
        return this.remoteDirectory.supportsSettingEncryptedCredential();
    }

    public boolean isRolesDisabled() {
        return true;
    }

    private boolean shouldSyncGroupMembershipAfterUserAuthentication(boolean z) {
        SynchronisableDirectoryProperties.SyncGroupMembershipsAfterAuth forDirectory = SynchronisableDirectoryProperties.SyncGroupMembershipsAfterAuth.forDirectory(this.remoteDirectory);
        return forDirectory == SynchronisableDirectoryProperties.SyncGroupMembershipsAfterAuth.ALWAYS || (forDirectory == SynchronisableDirectoryProperties.SyncGroupMembershipsAfterAuth.WHEN_AUTHENTICATION_CREATED_THE_USER && z);
    }

    public Set<String> getValues(String str) {
        return this.remoteDirectory.getValues(str);
    }

    public String getValue(String str) {
        return this.remoteDirectory.getValue(str);
    }

    public boolean isEmpty() {
        return this.remoteDirectory.isEmpty();
    }

    public Set<String> getKeys() {
        return this.remoteDirectory.getKeys();
    }

    public boolean isIncrementalSyncEnabled() {
        return Boolean.parseBoolean(this.remoteDirectory.getValue("crowd.sync.incremental.enabled"));
    }

    public void synchroniseCache(SynchronisationMode synchronisationMode, SynchronisationStatusManager synchronisationStatusManager) throws OperationFailedException {
        long directoryId = getDirectoryId();
        SynchronisationMode synchronisationMode2 = null;
        TimedOperation timedOperation = new TimedOperation();
        try {
            log.info("{} synchronisation for directory [ {} ] starting", synchronisationMode, Long.valueOf(directoryId));
            DirectoryCache createDirectoryCache = this.directoryCacheFactory.createDirectoryCache(this.remoteDirectory, this.internalDirectory);
            if (synchronisationMode == SynchronisationMode.INCREMENTAL) {
                synchronisationStatusManager.syncStatus(directoryId, "directory.caching.sync.incremental", new Serializable[0]);
                try {
                    log.info("Attempting {} synchronisation for directory [ {} ]", synchronisationMode, Long.valueOf(directoryId));
                    if (this.cacheRefresher.synchroniseChanges(createDirectoryCache)) {
                        synchronisationMode2 = SynchronisationMode.INCREMENTAL;
                    } else {
                        log.info("Incremental synchronisation for directory [ {} ] was not completed, falling back to a full synchronisation", Long.valueOf(directoryId));
                    }
                } catch (RuntimeException | OperationFailedException e) {
                    log.error("Incremental synchronisation for directory [ {} ] was unexpectedly interrupted, falling back to a full synchronisation", Long.valueOf(directoryId), e);
                }
            }
            if (synchronisationMode2 == null) {
                if (synchronisationMode == SynchronisationMode.INCREMENTAL) {
                    log.info("{} synchronisation for directory [ {} ] was not successful, attempting {}", new Object[]{synchronisationMode, Long.valueOf(directoryId), SynchronisationMode.FULL});
                }
                synchronisationStatusManager.syncStatus(directoryId, "directory.caching.sync.full", new Serializable[0]);
                this.cacheRefresher.synchroniseAll(createDirectoryCache);
                synchronisationMode2 = SynchronisationMode.FULL;
            }
            String str = " synchronisation complete for directory [ " + directoryId + " ]";
            if (synchronisationMode2 != null) {
                log.info(timedOperation.complete(synchronisationMode2 + str));
                synchronisationStatusManager.syncStatus(directoryId, "directory.caching.sync.completed." + synchronisationMode2, new Serializable[0]);
            } else {
                log.info(timedOperation.complete("failed" + str));
                synchronisationStatusManager.syncStatus(directoryId, "directory.caching.sync.completed.error", new Serializable[0]);
            }
        } catch (Throwable th) {
            String str2 = " synchronisation complete for directory [ " + directoryId + " ]";
            if (synchronisationMode2 != null) {
                log.info(timedOperation.complete(synchronisationMode2 + str2));
                synchronisationStatusManager.syncStatus(directoryId, "directory.caching.sync.completed." + synchronisationMode2, new Serializable[0]);
            } else {
                log.info(timedOperation.complete("failed" + str2));
                synchronisationStatusManager.syncStatus(directoryId, "directory.caching.sync.completed.error", new Serializable[0]);
            }
            throw th;
        }
    }

    public RemoteDirectory getAuthoritativeDirectory() {
        return this.remoteDirectory;
    }

    public void expireAllPasswords() throws OperationFailedException {
        this.remoteDirectory.expireAllPasswords();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: getDelegate, reason: merged with bridge method [inline-methods] */
    public InternalRemoteDirectory m3getDelegate() {
        return this.internalDirectory;
    }

    private static GroupTemplate makeGroupTemplate(Group group) {
        GroupTemplate groupTemplate = new GroupTemplate(group);
        groupTemplate.setDescription(group.getDescription());
        return groupTemplate;
    }
}
