package com.atlassian.crowd.manager.application;

import com.atlassian.crowd.common.properties.SystemProperties;
import com.atlassian.crowd.common.util.ProxyUtil;
import com.atlassian.crowd.darkfeature.CrowdDarkFeatureManager;
import com.atlassian.crowd.embedded.api.ApplicationFactory;
import com.atlassian.crowd.embedded.api.Directories;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.OperationType;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.embedded.api.UserCapabilities;
import com.atlassian.crowd.embedded.impl.DirectoryUserCapabilities;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.crowd.event.EventStore;
import com.atlassian.crowd.event.EventTokenExpiredException;
import com.atlassian.crowd.event.Events;
import com.atlassian.crowd.event.IncrementalSynchronisationNotAvailableException;
import com.atlassian.crowd.event.user.UserAuthenticatedEvent;
import com.atlassian.crowd.event.user.UserAuthenticationFailedInvalidAuthenticationEvent;
import com.atlassian.crowd.exception.ApplicationPermissionException;
import com.atlassian.crowd.exception.BulkAddFailedException;
import com.atlassian.crowd.exception.DirectoryInstantiationException;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.InvalidGroupException;
import com.atlassian.crowd.exception.InvalidMembershipException;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.MembershipAlreadyExistsException;
import com.atlassian.crowd.exception.MembershipNotFoundException;
import com.atlassian.crowd.exception.NestedGroupsNotSupportedException;
import com.atlassian.crowd.exception.ObjectNotFoundException;
import com.atlassian.crowd.exception.ReadOnlyGroupException;
import com.atlassian.crowd.exception.UserAlreadyExistsException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.exception.WebhookNotFoundException;
import com.atlassian.crowd.exception.runtime.OperationFailedException;
import com.atlassian.crowd.manager.application.ApplicationService;
import com.atlassian.crowd.manager.application.canonicality.CanonicalEntityByNameFinder;
import com.atlassian.crowd.manager.application.canonicality.SimpleCanonicalityChecker;
import com.atlassian.crowd.manager.application.filtering.AccessFilter;
import com.atlassian.crowd.manager.application.filtering.AccessFilterFactory;
import com.atlassian.crowd.manager.application.search.GroupSearchStrategy;
import com.atlassian.crowd.manager.application.search.MembershipSearchStrategy;
import com.atlassian.crowd.manager.application.search.SearchStrategyFactory;
import com.atlassian.crowd.manager.application.search.UserSearchStrategy;
import com.atlassian.crowd.manager.avatar.AvatarProvider;
import com.atlassian.crowd.manager.avatar.AvatarReference;
import com.atlassian.crowd.manager.directory.BulkAddResult;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.crowd.manager.directory.DirectoryPermissionException;
import com.atlassian.crowd.manager.permission.PermissionManager;
import com.atlassian.crowd.manager.webhook.InvalidWebhookEndpointException;
import com.atlassian.crowd.manager.webhook.WebhookRegistry;
import com.atlassian.crowd.model.DirectoryEntity;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.model.application.ApplicationDirectoryMapping;
import com.atlassian.crowd.model.application.ApplicationType;
import com.atlassian.crowd.model.application.Applications;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupTemplate;
import com.atlassian.crowd.model.group.GroupType;
import com.atlassian.crowd.model.group.GroupWithAttributes;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.crowd.model.user.UserTemplateWithAttributes;
import com.atlassian.crowd.model.user.UserTemplateWithCredentialAndAttributes;
import com.atlassian.crowd.model.user.UserWithAttributes;
import com.atlassian.crowd.model.webhook.Webhook;
import com.atlassian.crowd.model.webhook.WebhookTemplate;
import com.atlassian.crowd.search.Entity;
import com.atlassian.crowd.search.query.entity.EntityQuery;
import com.atlassian.crowd.search.query.membership.MembershipQuery;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.fugue.Pair;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Collection;
import java.util.ConcurrentModificationException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.transaction.annotation.Transactional;

@Transactional
/* loaded from: input_file:com/atlassian/crowd/manager/application/ApplicationServiceGeneric.class */
public class ApplicationServiceGeneric implements ApplicationService {
    private static final Logger logger = LoggerFactory.getLogger(ApplicationServiceGeneric.class);
    private static final Pattern USER_KEY_PATTERN = Pattern.compile("(\\d+):(.+)");
    private static final Set<OperationType> UPDATE_GROUP_PERMISSION = ImmutableSet.of(OperationType.UPDATE_GROUP);
    private static final Set<OperationType> CREATE_AND_UPDATE_GROUP_PERMISSIONS = ImmutableSet.of(OperationType.CREATE_GROUP, OperationType.UPDATE_GROUP);
    private final SearchStrategyFactory searchStrategyFactory;
    private final CrowdDarkFeatureManager crowdDarkFeatureManager;
    private final DirectoryManager directoryManager;
    private final PermissionManager permissionManager;
    private final EventPublisher eventPublisher;
    private final EventStore eventStore;
    private final WebhookRegistry webhookRegistry;
    private final AvatarProvider avatarProvider;
    private final AuthenticationOrderOptimizer authenticationOrderOptimizer;
    private final ApplicationFactory applicationFactory;
    private final AccessFilterFactory accessFilterFactory;
    private final Predicate<Directory> supportsNestedGroups = new Predicate<Directory>() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.1
        public boolean apply(Directory directory) {
            try {
                return ApplicationServiceGeneric.this.directoryManager.supportsNestedGroups(directory.getId().longValue());
            } catch (DirectoryNotFoundException e) {
                throw ApplicationServiceGeneric.concurrentModificationExceptionForDirectoryAccess(e);
            } catch (DirectoryInstantiationException e2) {
                throw new OperationFailedException(e2);
            }
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.atlassian.crowd.manager.application.ApplicationServiceGeneric$8, reason: invalid class name */
    /* loaded from: input_file:com/atlassian/crowd/manager/application/ApplicationServiceGeneric$8.class */
    public static /* synthetic */ class AnonymousClass8 {
        static final /* synthetic */ int[] $SwitchMap$com$atlassian$crowd$model$group$GroupType = new int[GroupType.values().length];

        static {
            try {
                $SwitchMap$com$atlassian$crowd$model$group$GroupType[GroupType.GROUP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/crowd/manager/application/ApplicationServiceGeneric$DirectoryAndGroup.class */
    public static class DirectoryAndGroup {
        final Directory directory;
        final Group group;

        DirectoryAndGroup(Directory directory, Group group) {
            this.directory = directory;
            this.group = group;
        }
    }

    /* loaded from: input_file:com/atlassian/crowd/manager/application/ApplicationServiceGeneric$DirectoryPredicate.class */
    private abstract class DirectoryPredicate implements Predicate<Directory> {
        private DirectoryPredicate() {
        }

        public final boolean apply(Directory directory) {
            try {
                return fallibleCheckForEntity(directory);
            } catch (DirectoryNotFoundException e) {
                throw ApplicationServiceGeneric.concurrentModificationExceptionForDirectoryAccess(e);
            } catch (ObjectNotFoundException e2) {
                return false;
            } catch (com.atlassian.crowd.exception.OperationFailedException e3) {
                throw new OperationFailedException(errorMessage(directory), e3);
            }
        }

        protected abstract boolean fallibleCheckForEntity(Directory directory) throws ObjectNotFoundException, com.atlassian.crowd.exception.OperationFailedException, DirectoryNotFoundException;

        protected abstract String errorMessage(Directory directory);
    }

    public ApplicationServiceGeneric(DirectoryManager directoryManager, SearchStrategyFactory searchStrategyFactory, PermissionManager permissionManager, EventPublisher eventPublisher, EventStore eventStore, WebhookRegistry webhookRegistry, AvatarProvider avatarProvider, AuthenticationOrderOptimizer authenticationOrderOptimizer, ApplicationFactory applicationFactory, AccessFilterFactory accessFilterFactory, CrowdDarkFeatureManager crowdDarkFeatureManager) {
        this.directoryManager = (DirectoryManager) Preconditions.checkNotNull(directoryManager);
        this.searchStrategyFactory = (SearchStrategyFactory) Preconditions.checkNotNull(searchStrategyFactory);
        this.permissionManager = (PermissionManager) Preconditions.checkNotNull(permissionManager);
        this.eventPublisher = eventPublisher;
        this.eventStore = eventStore;
        this.webhookRegistry = webhookRegistry;
        this.authenticationOrderOptimizer = authenticationOrderOptimizer;
        this.avatarProvider = avatarProvider;
        this.applicationFactory = applicationFactory;
        this.accessFilterFactory = accessFilterFactory;
        this.crowdDarkFeatureManager = crowdDarkFeatureManager;
    }

    public User authenticateUser(Application application, String str, PasswordCredential passwordCredential) throws com.atlassian.crowd.exception.OperationFailedException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, UserNotFoundException {
        if (application.getApplicationDirectoryMappings().isEmpty()) {
            throw new InvalidAuthenticationException("Unable to authenticate user as there are no directories mapped to the application " + application.getName());
        }
        com.atlassian.crowd.exception.OperationFailedException operationFailedException = null;
        for (Directory directory : this.authenticationOrderOptimizer.optimizeDirectoryOrderForAuthentication(application, getActiveDirectories(application), str)) {
            String str2 = directory.getName() + " (" + directory.getId() + ")";
            try {
                logger.debug("Trying to authenticate user '{}' in directory '{}' for application '{}'", new Object[]{str, str2, application.getName()});
                User authenticateUser = this.directoryManager.authenticateUser(directory.getId().longValue(), str, passwordCredential);
                logger.debug("Authenticated user '{}' in directory '{}' for application '{}'", new Object[]{str, str2, application.getName()});
                this.eventPublisher.publish(new UserAuthenticatedEvent(this, directory, application, authenticateUser));
                return authenticateUser;
            } catch (InvalidAuthenticationException e) {
                logger.info("Invalid credentials for user '{}' in directory '{}', aborting", str, str2);
                this.eventPublisher.publish(new UserAuthenticationFailedInvalidAuthenticationEvent(this, directory, str));
                throw new InvalidAuthenticationException(str, directory, e);
            } catch (DirectoryNotFoundException e2) {
                throw concurrentModificationExceptionForDirectoryIteration(e2);
            } catch (com.atlassian.crowd.exception.OperationFailedException e3) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Failed to authenticate against '{}': ", str2, e3);
                }
                logger.error("Directory '{}' is not functional during authentication of '{}'. Skipped.", str2, str);
                if (operationFailedException == null) {
                    operationFailedException = e3;
                }
            } catch (UserNotFoundException e4) {
                logger.debug("User '{}' does not exist in directory '{}', continuing", str, str2);
            }
        }
        if (operationFailedException != null) {
            logger.debug("Failed to find user '{}' in any directory for application '{}', rethrowing: ", new Object[]{str, application.getName(), operationFailedException});
            throw operationFailedException;
        }
        logger.debug("Failed to find user '{}' in any directory for application '{}'", str, application.getName());
        throw new UserNotFoundException(str);
    }

    public boolean isUserAuthorised(Application application, String str) {
        try {
            return isUserAuthorised(application, findUserByName(application, str));
        } catch (UserNotFoundException e) {
            return false;
        }
    }

    public boolean isUserAuthorised(Application application, User user) {
        return isUserAuthorised(user.getName(), user.getDirectoryId(), application);
    }

    private boolean isUserAuthorised(String str, long j, Application application) {
        try {
            return isAllowedToAuthenticate(str, j, application);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
            logger.error(e2.getMessage(), e2);
            return false;
        }
    }

    public void addAllUsers(Application application, Collection<UserTemplateWithCredentialAndAttributes> collection) throws ApplicationPermissionException, com.atlassian.crowd.exception.OperationFailedException, BulkAddFailedException {
        logger.debug("Adding users for application {}", application);
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Directory findFirstDirectoryWithCreateUserPermission = findFirstDirectoryWithCreateUserPermission(application);
        if (findFirstDirectoryWithCreateUserPermission == null) {
            throw new ApplicationPermissionException("Application '" + application.getName() + "' has no directories that allow adding of users.");
        }
        try {
            Iterator<UserTemplateWithCredentialAndAttributes> it = collection.iterator();
            while (it.hasNext()) {
                it.next().setDirectoryId(findFirstDirectoryWithCreateUserPermission.getId().longValue());
            }
            BulkAddResult addAllUsers = this.directoryManager.addAllUsers(findFirstDirectoryWithCreateUserPermission.getId().longValue(), collection, false);
            Iterator it2 = addAllUsers.getExistingEntities().iterator();
            while (it2.hasNext()) {
                hashSet2.add(((User) it2.next()).getName());
            }
            Iterator it3 = addAllUsers.getFailedEntities().iterator();
            while (it3.hasNext()) {
                hashSet.add(((User) it3.next()).getName());
            }
            if (hashSet.size() > 0 || hashSet2.size() > 0) {
                throw new BulkAddFailedException(hashSet, hashSet2);
            }
        } catch (DirectoryNotFoundException e) {
            throw new com.atlassian.crowd.exception.OperationFailedException("Directory Not Found when trying to add users to directory '" + findFirstDirectoryWithCreateUserPermission.getName() + "'.", e);
        } catch (DirectoryPermissionException e2) {
            throw new ApplicationPermissionException("Permission Exception when trying to add users to directory '" + findFirstDirectoryWithCreateUserPermission.getName() + "'. " + e2.getMessage(), e2);
        }
    }

    private Directory findFirstDirectoryWithCreateUserPermission(Application application) {
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, OperationType.CREATE_USER)) {
                return directory;
            }
        }
        return null;
    }

    public User findUserByName(Application application, String str) throws UserNotFoundException {
        return finder(application).findUserByName(str);
    }

    public User findRemoteUserByName(Application application, String str) throws UserNotFoundException {
        return finder(application).findRemoteUserByName(str);
    }

    @VisibleForTesting
    static Pair<Long, String> directoryIdAndExternalIdFromKey(String str) {
        Matcher matcher = USER_KEY_PATTERN.matcher(str);
        Preconditions.checkArgument(matcher.matches(), "Invalid user key");
        return Pair.pair(Long.valueOf(Long.parseLong(matcher.group(1))), matcher.group(2));
    }

    public User findUserByKey(Application application, String str) throws UserNotFoundException {
        Pair<Long, String> directoryIdAndExternalIdFromKey = directoryIdAndExternalIdFromKey(str);
        long longValue = ((Long) directoryIdAndExternalIdFromKey.left()).longValue();
        String str2 = (String) directoryIdAndExternalIdFromKey.right();
        if (!Iterables.any(getActiveDirectories(application), Directories.directoryWithIdPredicate(longValue))) {
            logger.debug("Cannot look up in directory {} because it is not mapped to the application", Long.valueOf(longValue));
            throw new UserNotFoundException(str2);
        }
        try {
            return checkCanonicalUser(this.directoryManager.findUserByExternalId(longValue, str2), application);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
            throw new UserNotFoundException(str2, e2);
        }
    }

    public UserWithAttributes findUserWithAttributesByKey(Application application, String str) throws UserNotFoundException {
        Pair<Long, String> directoryIdAndExternalIdFromKey = directoryIdAndExternalIdFromKey(str);
        long longValue = ((Long) directoryIdAndExternalIdFromKey.left()).longValue();
        String str2 = (String) directoryIdAndExternalIdFromKey.right();
        if (!Iterables.any(getActiveDirectories(application), Directories.directoryWithIdPredicate(longValue))) {
            logger.debug("Cannot look up in directory {} because it is not mapped to the application", Long.valueOf(longValue));
            throw new UserNotFoundException(str2);
        }
        try {
            return checkCanonicalUser(this.directoryManager.findUserWithAttributesByExternalId(longValue, str2), application);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (com.atlassian.crowd.exception.OperationFailedException e2) {
            throw new UserNotFoundException(str2, e2);
        }
    }

    private <T extends User> T checkCanonicalUser(T t, Application application) throws UserNotFoundException {
        if (!isCanonical(application, t)) {
            logger.debug("Skipping user '{}' from directory {} because it is shadowed by another user", t.getName(), Long.valueOf(t.getDirectoryId()));
            throw new UserNotFoundException(t.getExternalId());
        }
        if (simpleAccessFilter(application).hasAccess(t.getDirectoryId(), Entity.USER, t.getName())) {
            return t;
        }
        throw new UserNotFoundException(t.getExternalId());
    }

    private User fastFailingFindUser(Application application, String str) throws UserNotFoundException, com.atlassian.crowd.exception.OperationFailedException {
        return finder(application).fastFailingFindUserByName(str);
    }

    private Group fastFailingFindGroup(Application application, String str) throws GroupNotFoundException, com.atlassian.crowd.exception.OperationFailedException {
        return finder(application).fastFailingFindGroupByName(str);
    }

    public UserWithAttributes findUserWithAttributesByName(Application application, String str) throws UserNotFoundException {
        return finder(application).findUserWithAttributesByName(str);
    }

    public User addUser(Application application, UserTemplate userTemplate, PasswordCredential passwordCredential) throws InvalidUserException, com.atlassian.crowd.exception.OperationFailedException, InvalidCredentialException, ApplicationPermissionException {
        return addUser(application, UserTemplateWithAttributes.toUserWithNoAttributes(userTemplate), passwordCredential);
    }

    public UserWithAttributes addUser(Application application, UserTemplateWithAttributes userTemplateWithAttributes, PasswordCredential passwordCredential) throws InvalidUserException, com.atlassian.crowd.exception.OperationFailedException, InvalidCredentialException, ApplicationPermissionException {
        if (IdentifierUtils.hasLeadingOrTrailingWhitespace(userTemplateWithAttributes.getName())) {
            throw new InvalidUserException(userTemplateWithAttributes, "User name may not contain leading or trailing whitespace");
        }
        if (application.isFilteringUsersWithAccessEnabled()) {
            throw new com.atlassian.crowd.exception.OperationFailedException("Adding users is not supported while filtering user with access is enabled");
        }
        logger.debug("Adding user '{}' for application '{}'", userTemplateWithAttributes.getName(), application.getName());
        try {
            fastFailingFindUser(application, userTemplateWithAttributes.getName());
            throw new InvalidUserException(userTemplateWithAttributes, "User already exists");
        } catch (UserNotFoundException e) {
            Directory findFirstDirectoryWithCreateUserPermission = findFirstDirectoryWithCreateUserPermission(application);
            if (findFirstDirectoryWithCreateUserPermission == null) {
                throw new ApplicationPermissionException("Application '" + application.getName() + "' has no directories that allow adding of users.");
            }
            try {
                userTemplateWithAttributes.setDirectoryId(findFirstDirectoryWithCreateUserPermission.getId().longValue());
                UserWithAttributes addUser = this.directoryManager.addUser(findFirstDirectoryWithCreateUserPermission.getId().longValue(), userTemplateWithAttributes, passwordCredential);
                logger.debug("User '{}' was added to directory '{}'.", userTemplateWithAttributes.getName(), findFirstDirectoryWithCreateUserPermission.getName());
                return addUser;
            } catch (DirectoryPermissionException e2) {
                throw new ApplicationPermissionException("Permission Exception when trying to add user '" + userTemplateWithAttributes.getName() + "' to directory '" + findFirstDirectoryWithCreateUserPermission.getName() + "'. " + e2.getMessage(), e2);
            } catch (DirectoryNotFoundException e3) {
                throw new com.atlassian.crowd.exception.OperationFailedException("Directory not found when trying to add user '" + userTemplateWithAttributes.getName() + "' to directory '" + findFirstDirectoryWithCreateUserPermission.getName() + "'.", e3);
            } catch (UserAlreadyExistsException e4) {
                throw new InvalidUserException(userTemplateWithAttributes, "User " + userTemplateWithAttributes.getName() + " already exists.", e4);
            }
        }
    }

    public User updateUser(Application application, UserTemplate userTemplate) throws InvalidUserException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, UserNotFoundException {
        logger.debug("Updating user '{}' for application '{}'", userTemplate.getName(), application.getName());
        User fastFailingFindUser = fastFailingFindUser(application, userTemplate.getName());
        if (StringUtils.isBlank(userTemplate.getExternalId())) {
            userTemplate.setExternalId(fastFailingFindUser.getExternalId());
        }
        if (userTemplate.getDirectoryId() <= 0) {
            userTemplate.setDirectoryId(fastFailingFindUser.getDirectoryId());
        } else if (userTemplate.getDirectoryId() != fastFailingFindUser.getDirectoryId()) {
            throw new InvalidUserException(userTemplate, "Attempted to update user '" + userTemplate.getName() + "' with invalid directory ID " + userTemplate.getDirectoryId() + ", we expected ID " + fastFailingFindUser.getDirectoryId() + ".");
        }
        if (isDifferentEmail(userTemplate, fastFailingFindUser) && !isAllowedToChangeEmail(application)) {
            throw new ApplicationPermissionException("External applications are not allowed to change user emails");
        }
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER)) {
            throw new ApplicationPermissionException("Cannot update user '" + userTemplate.getName() + "' because directory '" + findDirectoryById.getName() + "' does not allow updates.");
        }
        try {
            return this.directoryManager.updateUser(findDirectoryById.getId().longValue(), userTemplate);
        } catch (DirectoryPermissionException e) {
            throw new ApplicationPermissionException("Permission Exception when trying to update user '" + userTemplate.getName() + "' in directory '" + findDirectoryById.getName() + "'.", e);
        } catch (DirectoryNotFoundException e2) {
            throw concurrentModificationExceptionForDirectoryAccess(e2);
        }
    }

    private boolean isAllowedToChangeEmail(Application application) {
        return isRunningInEmbeddedCrowd() || isCrowdConsoleApp(application) || SystemProperties.EMAIL_CHANGE_BY_EXTERNAL_APPS_ENABLED.getValue().booleanValue();
    }

    private boolean isCrowdConsoleApp(Application application) {
        return application.getType().equals(ApplicationType.CROWD);
    }

    private boolean isRunningInEmbeddedCrowd() {
        return this.applicationFactory.isEmbeddedCrowd();
    }

    private boolean isDifferentEmail(UserTemplate userTemplate, User user) {
        return !IdentifierUtils.equalsInLowerCase(userTemplate.getEmailAddress(), user.getEmailAddress());
    }

    public User renameUser(Application application, String str, String str2) throws UserNotFoundException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, InvalidUserException {
        logger.debug("Renaming user '{}' to '{}' for application '{}'", new Object[]{str, str2, application.getName()});
        User fastFailingFindUser = fastFailingFindUser(application, str);
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER)) {
            throw new ApplicationPermissionException("Cannot rename user '" + str + "' because directory '" + findDirectoryById.getName() + "' does not allow updates.");
        }
        try {
            return this.directoryManager.renameUser(findDirectoryById.getId().longValue(), str, str2);
        } catch (DirectoryPermissionException e) {
            throw new ApplicationPermissionException("Permission Exception when trying to rename user '" + str + "' in directory '" + findDirectoryById.getName() + "'.", e);
        } catch (UserAlreadyExistsException e2) {
            throw new InvalidUserException(fastFailingFindUser, "User " + str2 + " already exists.");
        } catch (DirectoryNotFoundException e3) {
            throw concurrentModificationExceptionForDirectoryAccess(e3);
        }
    }

    public void updateUserCredential(Application application, String str, PasswordCredential passwordCredential) throws com.atlassian.crowd.exception.OperationFailedException, InvalidCredentialException, ApplicationPermissionException, UserNotFoundException {
        User fastFailingFindUser = fastFailingFindUser(application, str);
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER)) {
            throw new ApplicationPermissionException("Not allowed to update user '" + fastFailingFindUser.getName() + "' in directory '" + findDirectoryById.getName() + "'.");
        }
        try {
            this.directoryManager.updateUserCredential(fastFailingFindUser.getDirectoryId(), str, passwordCredential);
        } catch (DirectoryPermissionException e) {
            throw new ApplicationPermissionException(e);
        } catch (DirectoryNotFoundException e2) {
            throw concurrentModificationExceptionForDirectoryAccess(e2);
        }
    }

    public void storeUserAttributes(Application application, String str, Map<String, Set<String>> map) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, UserNotFoundException {
        logger.debug("Storing user attributes for user '{}' and application '{}'", str, application.getName());
        User fastFailingFindUser = fastFailingFindUser(application, str);
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER_ATTRIBUTE)) {
            throw new ApplicationPermissionException("Not allowed to update user attributes '" + fastFailingFindUser.getName() + "' in directory '" + findDirectoryById.getName() + "'.");
        }
        try {
            this.directoryManager.storeUserAttributes(findDirectoryById.getId().longValue(), str, map);
        } catch (DirectoryPermissionException e) {
            throw new ApplicationPermissionException(e);
        } catch (DirectoryNotFoundException e2) {
            throw concurrentModificationExceptionForDirectoryAccess(e2);
        }
    }

    public void removeUserAttributes(Application application, String str, String str2) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, UserNotFoundException {
        logger.debug("Removing user attributes for user '{}' and application '{}'", str, application.getName());
        User fastFailingFindUser = fastFailingFindUser(application, str);
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER_ATTRIBUTE)) {
            throw new ApplicationPermissionException("Not allowed to update user attributes '" + fastFailingFindUser.getName() + "' in directory '" + findDirectoryById.getName() + "'.");
        }
        try {
            this.directoryManager.removeUserAttributes(findDirectoryById.getId().longValue(), str, str2);
        } catch (DirectoryPermissionException e) {
            throw new ApplicationPermissionException(e);
        } catch (DirectoryNotFoundException e2) {
            throw concurrentModificationExceptionForDirectoryAccess(e2);
        }
    }

    public void removeUser(Application application, String str) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, UserNotFoundException {
        User fastFailingFindUser = fastFailingFindUser(application, str);
        Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
        if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.DELETE_USER)) {
            throw new ApplicationPermissionException("Not allowed to delete user '" + fastFailingFindUser.getName() + "' from directory '" + findDirectoryById.getName() + "'.");
        }
        try {
            this.directoryManager.removeUser(findDirectoryById.getId().longValue(), str);
        } catch (DirectoryPermissionException e) {
            throw new ApplicationPermissionException(e);
        } catch (DirectoryNotFoundException e2) {
            throw concurrentModificationExceptionForDirectoryAccess(e2);
        }
    }

    public <T> List<T> searchUsers(Application application, EntityQuery<T> entityQuery) {
        return getUserSearchStrategyOrFail(application).searchUsers(entityQuery);
    }

    public Group findGroupByName(Application application, String str) throws GroupNotFoundException {
        return finder(application).findGroupByName(str);
    }

    public GroupWithAttributes findGroupWithAttributesByName(Application application, String str) throws GroupNotFoundException {
        return finder(application).findGroupWithAttributesByName(str);
    }

    private CanonicalEntityByNameFinder finder(Application application) {
        return new CanonicalEntityByNameFinder(this.directoryManager, getActiveDirectories(application), simpleAccessFilter(application));
    }

    public Group addGroup(Application application, GroupTemplate groupTemplate) throws InvalidGroupException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException {
        if (IdentifierUtils.hasLeadingOrTrailingWhitespace(groupTemplate.getName())) {
            throw new InvalidGroupException(groupTemplate, "Group name may not contain leading or trailing whitespace");
        }
        if (application.isFilteringGroupsWithAccessEnabled()) {
            throw new com.atlassian.crowd.exception.OperationFailedException("Adding groups is not supported while filtering groups with access is enabled");
        }
        logger.debug("Adding group '{}' for application '{}'", groupTemplate.getName(), application.getName());
        try {
            fastFailingFindGroup(application, groupTemplate.getName());
            throw new InvalidGroupException(groupTemplate, "Group already exists");
        } catch (GroupNotFoundException e) {
            OperationType createOperationType = getCreateOperationType(groupTemplate);
            for (Directory directory : getActiveDirectories(application)) {
                if (this.permissionManager.hasPermission(application, directory, createOperationType)) {
                    try {
                        groupTemplate.setDirectoryId(directory.getId().longValue());
                        this.directoryManager.addGroup(directory.getId().longValue(), groupTemplate);
                    } catch (DirectoryPermissionException e2) {
                        logger.info("Could not add group '{}' to directory '{}'", groupTemplate.getName(), directory.getName());
                        logger.info(e2.getMessage());
                    } catch (DirectoryNotFoundException e3) {
                        logger.error(e3.getMessage(), e3);
                    }
                }
            }
            try {
                return fastFailingFindGroup(application, groupTemplate.getName());
            } catch (GroupNotFoundException e4) {
                throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow adding of groups");
            }
        }
    }

    public Group updateGroup(Application application, GroupTemplate groupTemplate) throws InvalidGroupException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, GroupNotFoundException {
        logger.debug("Updating group '{}' for application '{}'", groupTemplate.getName(), application.getName());
        OperationType updateOperationType = getUpdateOperationType(fastFailingFindGroup(application, groupTemplate.getName()));
        boolean z = false;
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, updateOperationType)) {
                try {
                    groupTemplate.setDirectoryId(directory.getId().longValue());
                    this.directoryManager.updateGroup(directory.getId().longValue(), groupTemplate);
                    z = true;
                } catch (DirectoryPermissionException e) {
                    logger.info("Could not update group '{}' to directory '{}'", groupTemplate.getName(), directory.getName());
                    logger.info(e.getMessage());
                } catch (DirectoryNotFoundException e2) {
                    throw concurrentModificationExceptionForDirectoryIteration(e2);
                } catch (GroupNotFoundException e3) {
                } catch (ReadOnlyGroupException e4) {
                    logger.info("Could not update group '{}' to directory '{}' because the group is read-only.", new Object[]{groupTemplate.getName(), directory.getName(), e4});
                }
            }
        }
        if (z) {
            return fastFailingFindGroup(application, groupTemplate.getName());
        }
        throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group modifications");
    }

    public void storeGroupAttributes(Application application, String str, Map<String, Set<String>> map) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, GroupNotFoundException {
        logger.debug("Storing group attributes for group '{}' and application '{}'", str, application.getName());
        OperationType updateAttributeOperationType = getUpdateAttributeOperationType(fastFailingFindGroup(application, str));
        boolean z = false;
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, updateAttributeOperationType)) {
                try {
                    this.directoryManager.storeGroupAttributes(directory.getId().longValue(), str, map);
                    z = true;
                } catch (GroupNotFoundException e) {
                } catch (DirectoryPermissionException e2) {
                    logger.info("Could not update group '{}' to directory '{}'", str, directory.getName());
                    logger.info(e2.getMessage());
                } catch (DirectoryNotFoundException e3) {
                    throw concurrentModificationExceptionForDirectoryIteration(e3);
                }
            }
        }
        if (!z) {
            throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group attribute modifications");
        }
    }

    public void removeGroupAttributes(Application application, String str, String str2) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, GroupNotFoundException {
        logger.debug("Removing group attributes for group '{}' and application '{}'", str, application.getName());
        boolean z = false;
        OperationType updateAttributeOperationType = getUpdateAttributeOperationType(fastFailingFindGroup(application, str));
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, updateAttributeOperationType)) {
                try {
                    this.directoryManager.removeGroupAttributes(directory.getId().longValue(), str, str2);
                    z = true;
                } catch (GroupNotFoundException e) {
                } catch (DirectoryPermissionException e2) {
                    logger.info("Could not update group '{}' to directory '{}'", str, directory.getName());
                    logger.info(e2.getMessage());
                } catch (DirectoryNotFoundException e3) {
                    throw concurrentModificationExceptionForDirectoryIteration(e3);
                }
            }
        }
        if (!z) {
            throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group attribute modifications");
        }
    }

    public void removeGroup(Application application, String str) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, GroupNotFoundException {
        boolean z = false;
        OperationType deleteOperationType = getDeleteOperationType(fastFailingFindGroup(application, str));
        for (Directory directory : getActiveDirectories(application)) {
            if (this.permissionManager.hasPermission(application, directory, deleteOperationType)) {
                try {
                    this.directoryManager.removeGroup(directory.getId().longValue(), str);
                    z = true;
                } catch (ReadOnlyGroupException e) {
                    logger.info("Could not update group '{}' to directory '{}' because the group is read-only.", new Object[]{str, directory.getName(), e});
                } catch (DirectoryNotFoundException e2) {
                    throw concurrentModificationExceptionForDirectoryIteration(e2);
                } catch (DirectoryPermissionException e3) {
                    logger.info("Could not remove group '{}' from directory '{}'", str, directory.getName());
                } catch (GroupNotFoundException e4) {
                }
            }
        }
        if (!z) {
            throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group removal");
        }
    }

    public <T> List<T> searchGroups(Application application, EntityQuery<T> entityQuery) {
        return getGroupSearchStrategyOrFail(application).searchGroups(entityQuery);
    }

    public void addUserToGroup(Application application, String str, String str2) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, UserNotFoundException, GroupNotFoundException, MembershipAlreadyExistsException {
        Directory findDirectoryToAddUserToGroupAggregating = application.isMembershipAggregationEnabled() ? findDirectoryToAddUserToGroupAggregating(application, str, str2) : findDirectoryToAddUserToGroupNonAggregating(application, str, str2);
        try {
            this.directoryManager.addUserToGroup(findDirectoryToAddUserToGroupAggregating.getId().longValue(), str, str2);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        } catch (ReadOnlyGroupException e2) {
            throw new ApplicationPermissionException(String.format("Could not add user %s to group %s in directory %s because the directory or group is read-only.", str, str2, findDirectoryToAddUserToGroupAggregating.getName()));
        } catch (DirectoryPermissionException e3) {
            throw new ApplicationPermissionException("Permission Exception when trying to update group '" + str2 + "' in directory '" + findDirectoryToAddUserToGroupAggregating.getName() + "'.", e3);
        }
    }

    private Directory findDirectoryToAddUserToGroupNonAggregating(Application application, String str, String str2) throws UserNotFoundException, com.atlassian.crowd.exception.OperationFailedException, GroupNotFoundException, ApplicationPermissionException {
        long directoryId = fastFailingFindUser(application, str).getDirectoryId();
        try {
            try {
                this.directoryManager.findGroupByName(directoryId, str2);
            } catch (GroupNotFoundException e) {
                Group fastFailingFindGroup = fastFailingFindGroup(application, str2);
                try {
                    this.directoryManager.addGroup(directoryId, new GroupTemplate(fastFailingFindGroup).withDirectoryId(directoryId));
                } catch (InvalidGroupException e2) {
                    throw new GroupNotFoundException(String.format("Unable to create group %s in directory %d in order to add membership of user %s (group %s found in directory %d)", fastFailingFindGroup.getName(), Long.valueOf(directoryId), str, fastFailingFindGroup.getName(), Long.valueOf(directoryId)), e2);
                } catch (DirectoryPermissionException e3) {
                    throw new ApplicationPermissionException(e3);
                }
            }
            Directory findDirectoryById = findDirectoryById(directoryId);
            if (hasPermissions(application, UPDATE_GROUP_PERMISSION).apply(findDirectoryById)) {
                return findDirectoryById;
            }
            throw new ApplicationPermissionException("Cannot update group '" + str2 + "' because directory '" + findDirectoryById.getName() + "' does not allow updates.");
        } catch (DirectoryNotFoundException e4) {
            throw concurrentModificationExceptionForDirectoryAccess(e4);
        }
    }

    private Directory findDirectoryToAddUserToGroupAggregating(Application application, String str, String str2) throws UserNotFoundException, MembershipAlreadyExistsException, GroupNotFoundException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException {
        Directory directoryWithPermissions;
        ImmutableList copyOf = ImmutableList.copyOf(Iterables.filter(getActiveDirectories(application), containsUser(str)));
        if (copyOf.isEmpty()) {
            throw new UserNotFoundException(str);
        }
        ImmutableList copyOf2 = ImmutableList.copyOf(Iterables.filter(copyOf, containsGroup(str2)));
        if (Iterables.any(copyOf2, containsUserDirectMembershipInGroup(str, str2))) {
            throw new MembershipAlreadyExistsException(str, str2);
        }
        Directory directoryWithPermissions2 = directoryWithPermissions(application, copyOf2, UPDATE_GROUP_PERMISSION);
        if (directoryWithPermissions2 != null) {
            directoryWithPermissions = directoryWithPermissions2;
        } else {
            directoryWithPermissions = directoryWithPermissions(application, copyOf, CREATE_AND_UPDATE_GROUP_PERMISSIONS);
            if (directoryWithPermissions != null) {
                try {
                    this.directoryManager.addGroup(directoryWithPermissions.getId().longValue(), new GroupTemplate(fastFailingFindGroup(application, str2)).withDirectoryId(directoryWithPermissions.getId().longValue()));
                } catch (DirectoryNotFoundException e) {
                    throw concurrentModificationExceptionForDirectoryAccess(e);
                } catch (DirectoryPermissionException e2) {
                    throw new ApplicationPermissionException(e2);
                } catch (InvalidGroupException e3) {
                    throw new com.atlassian.crowd.exception.OperationFailedException(e3);
                }
            }
        }
        if (directoryWithPermissions == null) {
            throw new ApplicationPermissionException("Did not have update groups permission in any of the directories " + copyOf2);
        }
        return directoryWithPermissions;
    }

    @Nullable
    private Directory directoryWithPermissionsAnd(Application application, Collection<Directory> collection, Set<OperationType> set, Predicate<Directory> predicate) {
        return (Directory) Iterables.find(collection, Predicates.and(hasPermissions(application, set), predicate), (Object) null);
    }

    @Nullable
    private Directory directoryWithPermissions(Application application, Collection<Directory> collection, Set<OperationType> set) {
        return directoryWithPermissionsAnd(application, collection, set, Predicates.alwaysTrue());
    }

    private Predicate<Directory> hasPermissions(Application application, Set<OperationType> set) {
        return directory -> {
            return Iterables.all(set, operationType -> {
                return this.permissionManager.hasPermission(application, directory, operationType);
            });
        };
    }

    private Predicate<Directory> containsUserDirectMembershipInGroup(final String str, final String str2) {
        return new DirectoryPredicate() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.2
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected boolean fallibleCheckForEntity(Directory directory) throws DirectoryNotFoundException, com.atlassian.crowd.exception.OperationFailedException {
                return ApplicationServiceGeneric.this.directoryManager.isUserDirectGroupMember(directory.getId().longValue(), str, str2);
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected String errorMessage(Directory directory) {
                return String.format("Failed to determine if user %s is a member of group %s in directory %d", str, str2, directory.getId());
            }
        };
    }

    private Predicate<Directory> containsUserNestedMembershipInGroup(final String str, final String str2) {
        return new DirectoryPredicate() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.3
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected boolean fallibleCheckForEntity(Directory directory) throws DirectoryNotFoundException, com.atlassian.crowd.exception.OperationFailedException {
                return ApplicationServiceGeneric.this.directoryManager.isUserNestedGroupMember(directory.getId().longValue(), str, str2);
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected String errorMessage(Directory directory) {
                return String.format("Failed to determine if user %s is a nested member of group %s in directory %d", str, str2, directory.getId());
            }
        };
    }

    private Predicate<Directory> containsGroupDirectMembershipInGroup(final String str, final String str2) {
        return new DirectoryPredicate() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.4
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected boolean fallibleCheckForEntity(Directory directory) throws DirectoryNotFoundException, com.atlassian.crowd.exception.OperationFailedException {
                return ApplicationServiceGeneric.this.directoryManager.isGroupDirectGroupMember(directory.getId().longValue(), str, str2);
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected String errorMessage(Directory directory) {
                return String.format("Failed to determine if child group %s is a member of parent group %s in directory %d", str, str2, directory.getId());
            }
        };
    }

    private Predicate<Directory> containsGroupNestedMembershipInGroup(final String str, final String str2) {
        return new DirectoryPredicate() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.5
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected boolean fallibleCheckForEntity(Directory directory) throws DirectoryNotFoundException, com.atlassian.crowd.exception.OperationFailedException {
                return ApplicationServiceGeneric.this.directoryManager.isGroupNestedGroupMember(directory.getId().longValue(), str, str2);
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected String errorMessage(Directory directory) {
                return String.format("Failed to determine if child group %s is a nested member of parent group %s in directory %d", str, str2, directory.getId());
            }
        };
    }

    private Predicate<Directory> containsGroup(final String str) {
        return new DirectoryPredicate() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.6
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected boolean fallibleCheckForEntity(Directory directory) throws DirectoryNotFoundException, com.atlassian.crowd.exception.OperationFailedException, GroupNotFoundException {
                ApplicationServiceGeneric.this.directoryManager.findGroupByName(directory.getId().longValue(), str);
                return true;
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected String errorMessage(Directory directory) {
                return String.format("Failed to determine if group %s exists in directory %d", str, directory.getId());
            }
        };
    }

    private Predicate<Directory> containsUser(final String str) {
        return new DirectoryPredicate() { // from class: com.atlassian.crowd.manager.application.ApplicationServiceGeneric.7
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected boolean fallibleCheckForEntity(Directory directory) throws DirectoryNotFoundException, com.atlassian.crowd.exception.OperationFailedException, UserNotFoundException {
                ApplicationServiceGeneric.this.directoryManager.findUserByName(directory.getId().longValue(), str);
                return true;
            }

            @Override // com.atlassian.crowd.manager.application.ApplicationServiceGeneric.DirectoryPredicate
            protected String errorMessage(Directory directory) {
                return String.format("Failed to determine if user %s exists in directory %d", str, directory.getId());
            }
        };
    }

    private Directory findDirectoryById(long j) throws ConcurrentModificationException {
        try {
            return this.directoryManager.findDirectoryById(j);
        } catch (DirectoryNotFoundException e) {
            throw concurrentModificationExceptionForDirectoryAccess(e);
        }
    }

    public void addGroupToGroup(Application application, String str, String str2) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, GroupNotFoundException, InvalidMembershipException, MembershipAlreadyExistsException {
        if (IdentifierUtils.equalsInLowerCase(str, str2)) {
            throw new InvalidMembershipException("Cannot add a group to itself.");
        }
        if (isGroupNestedGroupMember(application, str2, str)) {
            throw new InvalidMembershipException("Cannot add child group '" + str + "' to parent group '" + str2 + "' - this would cause a circular dependency.");
        }
        DirectoryAndGroup findDirectoryAndGroupForAddGroupToGroupAggregating = application.isMembershipAggregationEnabled() ? findDirectoryAndGroupForAddGroupToGroupAggregating(application, str, str2) : findDirectoryAndGroupForAddGroupToGroupNonAggregating(application, str, str2);
        Directory directory = findDirectoryAndGroupForAddGroupToGroupAggregating.directory;
        Group group = findDirectoryAndGroupForAddGroupToGroupAggregating.group;
        try {
            Group findGroupByName = this.directoryManager.findGroupByName(directory.getId().longValue(), str);
            Group findGroupByName2 = group != null ? group : this.directoryManager.findGroupByName(directory.getId().longValue(), str2);
            if (findGroupByName.getType() != findGroupByName2.getType()) {
                throw new InvalidMembershipException("Cannot add group of type " + findGroupByName.getType().name() + " to group of type " + findGroupByName2.getType().name());
            }
            this.directoryManager.addGroupToGroup(directory.getId().longValue(), str, str2);
        } catch (NestedGroupsNotSupportedException e) {
            throw new InvalidMembershipException(e);
        } catch (DirectoryNotFoundException e2) {
            throw concurrentModificationExceptionForDirectoryAccess(e2);
        } catch (ReadOnlyGroupException e3) {
            throw new ApplicationPermissionException(String.format("Could not add child group %s to parent group %s in directory %s because the directory or group is read-only.", str, str2, directory.getName()));
        } catch (DirectoryPermissionException e4) {
            throw new ApplicationPermissionException("Permission Exception when trying to update group '" + str2 + "' in directory '" + directory.getName() + "'.", e4);
        }
    }

    private DirectoryAndGroup findDirectoryAndGroupForAddGroupToGroupNonAggregating(Application application, String str, String str2) throws GroupNotFoundException, com.atlassian.crowd.exception.OperationFailedException, InvalidMembershipException, ApplicationPermissionException {
        Group group = null;
        long directoryId = fastFailingFindGroup(application, str).getDirectoryId();
        Directory findDirectoryById = findDirectoryById(directoryId);
        try {
            if (!this.directoryManager.supportsNestedGroups(directoryId)) {
                throw new InvalidMembershipException("Nested directories are not supported by directory " + findDirectoryById.getName());
            }
            try {
                this.directoryManager.findGroupByName(directoryId, str2);
            } catch (GroupNotFoundException e) {
                group = this.directoryManager.addGroup(findDirectoryById.getId().longValue(), new GroupTemplate(fastFailingFindGroup(application, str2)).withDirectoryId(findDirectoryById.getId().longValue()));
            }
            if (hasPermissions(application, UPDATE_GROUP_PERMISSION).apply(findDirectoryById)) {
                return new DirectoryAndGroup(findDirectoryById, group);
            }
            throw new ApplicationPermissionException("Cannot update group '" + str2 + "' because directory '" + findDirectoryById.getName() + "' does not allow updates.");
        } catch (InvalidGroupException e2) {
            throw new com.atlassian.crowd.exception.OperationFailedException(e2);
        } catch (DirectoryPermissionException e3) {
            throw new ApplicationPermissionException(String.format("Parent group %s could not be added to directory %d where the canonical instance of %s was found.", str2, Long.valueOf(directoryId), str));
        } catch (DirectoryNotFoundException e4) {
            throw concurrentModificationExceptionForDirectoryAccess(e4);
        }
    }

    private DirectoryAndGroup findDirectoryAndGroupForAddGroupToGroupAggregating(Application application, String str, String str2) throws GroupNotFoundException, MembershipAlreadyExistsException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException {
        Directory directoryWithPermissionsAnd;
        Group group;
        ImmutableList copyOf = ImmutableList.copyOf(Iterables.filter(getActiveDirectories(application), containsGroup(str)));
        if (copyOf.isEmpty()) {
            throw new GroupNotFoundException(str);
        }
        ImmutableList copyOf2 = ImmutableList.copyOf(Iterables.filter(copyOf, containsGroup(str2)));
        if (Iterables.any(copyOf2, containsGroupDirectMembershipInGroup(str, str2))) {
            throw new MembershipAlreadyExistsException(str, str2);
        }
        Directory directoryWithPermissionsAnd2 = directoryWithPermissionsAnd(application, copyOf2, UPDATE_GROUP_PERMISSION, this.supportsNestedGroups);
        if (directoryWithPermissionsAnd2 != null) {
            directoryWithPermissionsAnd = directoryWithPermissionsAnd2;
            group = null;
        } else {
            directoryWithPermissionsAnd = directoryWithPermissionsAnd(application, copyOf, CREATE_AND_UPDATE_GROUP_PERMISSIONS, this.supportsNestedGroups);
            if (directoryWithPermissionsAnd != null) {
                try {
                    group = this.directoryManager.addGroup(directoryWithPermissionsAnd.getId().longValue(), new GroupTemplate(fastFailingFindGroup(application, str2)).withDirectoryId(directoryWithPermissionsAnd.getId().longValue()));
                } catch (DirectoryNotFoundException e) {
                    throw concurrentModificationExceptionForDirectoryAccess(e);
                } catch (DirectoryPermissionException e2) {
                    throw new ApplicationPermissionException(e2);
                } catch (InvalidGroupException e3) {
                    throw new com.atlassian.crowd.exception.OperationFailedException(e3);
                }
            } else {
                group = null;
            }
        }
        if (directoryWithPermissionsAnd == null) {
            throw new ApplicationPermissionException(String.format("Could not find a directory in which it is possible to add %s to %s", str, str2));
        }
        return new DirectoryAndGroup(directoryWithPermissionsAnd, group);
    }

    public void removeUserFromGroup(Application application, String str, String str2) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, MembershipNotFoundException, UserNotFoundException, GroupNotFoundException {
        if (application.isMembershipAggregationEnabled()) {
            removeUserFromGroupAggregating(application, str, str2);
        } else {
            removeUserFromGroupNonAggregating(application, str, str2);
        }
    }

    private void removeUserFromGroupNonAggregating(Application application, String str, String str2) throws UserNotFoundException, com.atlassian.crowd.exception.OperationFailedException, GroupNotFoundException, MembershipNotFoundException, ApplicationPermissionException {
        User fastFailingFindUser = fastFailingFindUser(application, str);
        try {
            this.directoryManager.findGroupByName(fastFailingFindUser.getDirectoryId(), str2);
            if (!isUserDirectGroupMember(application, str, str2)) {
                throw new MembershipNotFoundException(str, str2);
            }
            Directory findDirectoryById = findDirectoryById(fastFailingFindUser.getDirectoryId());
            if (!hasPermissions(application, UPDATE_GROUP_PERMISSION).apply(findDirectoryById)) {
                throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group modifications");
            }
            try {
                this.directoryManager.removeUserFromGroup(findDirectoryById.getId().longValue(), str, str2);
            } catch (DirectoryNotFoundException e) {
                throw concurrentModificationExceptionForDirectoryAccess(e);
            } catch (ReadOnlyGroupException e2) {
                throw new ApplicationPermissionException(String.format("Could not remove user %s from group %s in directory %s because the directory or group is read-only.", str, str2, findDirectoryById.getName()));
            } catch (DirectoryPermissionException e3) {
                throw new ApplicationPermissionException(e3);
            }
        } catch (DirectoryNotFoundException e4) {
            throw concurrentModificationExceptionForDirectoryAccess(e4);
        }
    }

    private void removeUserFromGroupAggregating(Application application, String str, String str2) throws UserNotFoundException, GroupNotFoundException, MembershipNotFoundException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException {
        List<Directory> activeDirectories = getActiveDirectories(application);
        ImmutableList copyOf = ImmutableList.copyOf(Iterables.filter(activeDirectories, containsUserDirectMembershipInGroup(str, str2)));
        if (copyOf.isEmpty()) {
            if (!Iterables.any(activeDirectories, containsUser(str))) {
                throw new UserNotFoundException(str);
            }
            if (!Iterables.any(activeDirectories, containsGroup(str2))) {
                throw new GroupNotFoundException(str2);
            }
            throw new MembershipNotFoundException(str, str2);
        }
        if (!Iterables.all(copyOf, hasPermissions(application, UPDATE_GROUP_PERMISSION))) {
            throw new ApplicationPermissionException(String.format("At least one directory containing %s as a member of %s does not have write permission", str, str2));
        }
        Iterator it = copyOf.iterator();
        while (it.hasNext()) {
            try {
                this.directoryManager.removeUserFromGroup(((Directory) it.next()).getId().longValue(), str, str2);
            } catch (DirectoryPermissionException e) {
                throw new ApplicationPermissionException(e);
            } catch (ReadOnlyGroupException e2) {
                throw new ApplicationPermissionException(e2);
            } catch (DirectoryNotFoundException e3) {
            }
        }
    }

    public void removeGroupFromGroup(Application application, String str, String str2) throws com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException, MembershipNotFoundException, GroupNotFoundException {
        if (application.isMembershipAggregationEnabled()) {
            removeGroupFromGroupAggregating(application, str, str2);
        } else {
            removeGroupFromGroupNonAggregating(application, str, str2);
        }
    }

    private void removeGroupFromGroupNonAggregating(Application application, String str, String str2) throws GroupNotFoundException, com.atlassian.crowd.exception.OperationFailedException, MembershipNotFoundException, ApplicationPermissionException {
        Group fastFailingFindGroup = fastFailingFindGroup(application, str);
        try {
            this.directoryManager.findGroupByName(fastFailingFindGroup.getDirectoryId(), str2);
            if (!isGroupDirectGroupMember(application, str, str2)) {
                throw new MembershipNotFoundException(str, str2);
            }
            Directory findDirectoryById = findDirectoryById(fastFailingFindGroup.getDirectoryId());
            if (!hasPermissions(application, UPDATE_GROUP_PERMISSION).apply(findDirectoryById)) {
                throw new ApplicationPermissionException("Application \"" + application.getName() + "\" does not allow group modifications");
            }
            try {
                this.directoryManager.removeGroupFromGroup(findDirectoryById.getId().longValue(), str, str2);
            } catch (ReadOnlyGroupException e) {
                throw new ApplicationPermissionException(String.format("Could not remove child group %s from parent group %s in directory %s because the directory or group is read-only.", str, str2, findDirectoryById.getName()), e);
            } catch (DirectoryPermissionException e2) {
                throw new ApplicationPermissionException(e2);
            } catch (DirectoryNotFoundException e3) {
                throw concurrentModificationExceptionForDirectoryAccess(e3);
            } catch (InvalidMembershipException e4) {
                throw new com.atlassian.crowd.exception.OperationFailedException(String.format("Cannot remove group %s from %s because they have different types", str, str2), e4);
            }
        } catch (DirectoryNotFoundException e5) {
            throw concurrentModificationExceptionForDirectoryAccess(e5);
        }
    }

    private void removeGroupFromGroupAggregating(Application application, String str, String str2) throws GroupNotFoundException, MembershipNotFoundException, com.atlassian.crowd.exception.OperationFailedException, ApplicationPermissionException {
        List<Directory> activeDirectories = getActiveDirectories(application);
        ImmutableList copyOf = ImmutableList.copyOf(Iterables.filter(activeDirectories, containsGroupDirectMembershipInGroup(str, str2)));
        if (copyOf.isEmpty()) {
            if (!Iterables.any(activeDirectories, containsGroup(str))) {
                throw new GroupNotFoundException(str);
            }
            if (!Iterables.any(activeDirectories, containsGroup(str2))) {
                throw new GroupNotFoundException(str2);
            }
            throw new MembershipNotFoundException(str, str2);
        }
        if (!Iterables.all(copyOf, hasPermissions(application, UPDATE_GROUP_PERMISSION))) {
            throw new ApplicationPermissionException(String.format("At least one directory containing %s as a member of %s does not have write permission", str, str2));
        }
        Iterator it = copyOf.iterator();
        while (it.hasNext()) {
            try {
                this.directoryManager.removeGroupFromGroup(((Directory) it.next()).getId().longValue(), str, str2);
            } catch (ReadOnlyGroupException e) {
                throw new ApplicationPermissionException(e);
            } catch (DirectoryNotFoundException e2) {
            } catch (DirectoryPermissionException e3) {
                throw new ApplicationPermissionException(e3);
            } catch (InvalidMembershipException e4) {
                throw new com.atlassian.crowd.exception.OperationFailedException(String.format("Cannot remove group %s from %s because they have different types", str, str2), e4);
            }
        }
    }

    public boolean isUserDirectGroupMember(Application application, String str, String str2) {
        if (application.isMembershipAggregationEnabled()) {
            return Iterables.any(getActiveDirectories(application), containsUserDirectMembershipInGroup(str, str2));
        }
        try {
            return this.directoryManager.isUserDirectGroupMember(findUserByName(application, str).getDirectoryId(), str, str2);
        } catch (com.atlassian.crowd.exception.OperationFailedException e) {
            logger.error(e.getMessage(), e);
            return false;
        } catch (DirectoryNotFoundException e2) {
            throw concurrentModificationExceptionForDirectoryIteration(e2);
        } catch (UserNotFoundException e3) {
            return false;
        }
    }

    public boolean isGroupDirectGroupMember(Application application, String str, String str2) {
        if (application.isMembershipAggregationEnabled()) {
            return Iterables.any(getActiveDirectories(application), containsGroupDirectMembershipInGroup(str, str2));
        }
        try {
            return this.directoryManager.isGroupDirectGroupMember(findGroupByName(application, str).getDirectoryId(), str, str2);
        } catch (com.atlassian.crowd.exception.OperationFailedException e) {
            logger.error(e.getMessage(), e);
            return false;
        } catch (GroupNotFoundException e2) {
            return false;
        } catch (DirectoryNotFoundException e3) {
            throw new ConcurrentModificationException("Directory mapping was removed while determining if the group is a direct group member: " + e3.getMessage());
        }
    }

    public boolean isUserNestedGroupMember(Application application, String str, String str2) {
        if (application.isMembershipAggregationEnabled()) {
            return Iterables.any(getActiveDirectories(application), containsUserNestedMembershipInGroup(str, str2));
        }
        try {
            return this.directoryManager.isUserNestedGroupMember(findUserByName(application, str).getDirectoryId(), str, str2);
        } catch (com.atlassian.crowd.exception.OperationFailedException e) {
            logger.error(e.getMessage(), e);
            return false;
        } catch (DirectoryNotFoundException e2) {
            throw concurrentModificationExceptionForDirectoryAccess(e2);
        } catch (UserNotFoundException e3) {
            return false;
        }
    }

    public boolean isGroupNestedGroupMember(Application application, String str, String str2) {
        if (application.isMembershipAggregationEnabled()) {
            return Iterables.any(getActiveDirectories(application), containsGroupNestedMembershipInGroup(str, str2));
        }
        try {
            return this.directoryManager.isGroupNestedGroupMember(findGroupByName(application, str).getDirectoryId(), str, str2);
        } catch (com.atlassian.crowd.exception.OperationFailedException e) {
            logger.error(e.getMessage(), e);
            return false;
        } catch (GroupNotFoundException e2) {
            return false;
        } catch (DirectoryNotFoundException e3) {
            throw new ConcurrentModificationException("Directory mapping was removed while determining if the group is a nested group member: " + e3.getMessage());
        }
    }

    public <T> List<T> searchDirectGroupRelationships(Application application, MembershipQuery<T> membershipQuery) {
        return getMembershipSearchStrategyOrFail(application).searchDirectGroupRelationships(membershipQuery);
    }

    public <T> List<T> searchNestedGroupRelationships(Application application, MembershipQuery<T> membershipQuery) {
        return getMembershipSearchStrategyOrFail(application).searchNestedGroupRelationships(membershipQuery);
    }

    <T extends DirectoryEntity> boolean isCanonical(Application application, @Nullable T t) {
        User findGroupByName;
        if (t == null) {
            return true;
        }
        Directory directory = (Directory) Iterables.getFirst(getActiveDirectories(application), (Object) null);
        if (directory == null) {
            return false;
        }
        if (directory.getId().equals(Long.valueOf(t.getDirectoryId()))) {
            return true;
        }
        try {
            if (t instanceof User) {
                findGroupByName = findUserByName(application, t.getName());
            } else {
                if (!(t instanceof Group)) {
                    throw new IllegalArgumentException("Entity must be an instance of User or Group (was " + t.getClass().getName() + ")");
                }
                findGroupByName = findGroupByName(application, t.getName());
            }
            return t.getDirectoryId() == findGroupByName.getDirectoryId();
        } catch (UserNotFoundException | GroupNotFoundException e) {
            return false;
        }
    }

    public String getCurrentEventToken(Application application) throws IncrementalSynchronisationNotAvailableException {
        ImmutableList copyOf = ImmutableList.copyOf(getActiveDirectories(application));
        assertIncrementalSynchronisationIsAvailable(copyOf);
        return this.eventStore.getCurrentEventToken((List) copyOf.stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toList()));
    }

    public Events getNewEvents(Application application, String str) throws EventTokenExpiredException, com.atlassian.crowd.exception.OperationFailedException {
        Events newEvents = this.eventStore.getNewEvents(str, application);
        ImmutableList copyOf = ImmutableList.copyOf(newEvents.getEvents());
        if ((application.isFilteringGroupsWithAccessEnabled() || application.isFilteringUsersWithAccessEnabled()) && !copyOf.isEmpty()) {
            throw new EventTokenExpiredException("Incremental sync is not available when access based filtering is on.");
        }
        return new Events(new EventTransformer(getCachedDirectoryManagerIfEnabled(), application).transformEvents(copyOf), newEvents.getNewEventToken());
    }

    @VisibleForTesting
    DirectoryManager getCachedDirectoryManagerIfEnabled() {
        return this.crowdDarkFeatureManager.isEventTransformerDirectoryManagerCacheEnabled() ? (DirectoryManager) ProxyUtil.cached(new FixedSizeLinkedHashMap(SystemProperties.EVENT_TRANSFORMER_DIRECTORY_MANAGER_CACHE_SIZE.getValue().intValue()), this.directoryManager) : this.directoryManager;
    }

    public Webhook findWebhookById(Application application, long j) throws WebhookNotFoundException, ApplicationPermissionException {
        Webhook findById = this.webhookRegistry.findById(j);
        if (application.getId().equals(findById.getApplication().getId())) {
            return findById;
        }
        throw new ApplicationPermissionException("Application does not own Webhook");
    }

    public Webhook registerWebhook(Application application, String str, @Nullable String str2) throws InvalidWebhookEndpointException {
        ensureWebhookEndpointUrlIsValid(str);
        return this.webhookRegistry.add(new WebhookTemplate(application, str, str2));
    }

    public void unregisterWebhook(Application application, long j) throws ApplicationPermissionException, WebhookNotFoundException {
        Webhook findById = this.webhookRegistry.findById(j);
        if (!application.getId().equals(findById.getApplication().getId())) {
            throw new ApplicationPermissionException("Application does not own Webhook");
        }
        this.webhookRegistry.remove(findById);
    }

    public UserCapabilities getCapabilitiesForNewUsers(Application application) {
        Directory findFirstDirectoryWithCreateUserPermission = findFirstDirectoryWithCreateUserPermission(application);
        return findFirstDirectoryWithCreateUserPermission == null ? DirectoryUserCapabilities.none() : DirectoryUserCapabilities.fromDirectory(findFirstDirectoryWithCreateUserPermission);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<Directory> getActiveDirectories(Application application) {
        return Applications.getActiveDirectories(application);
    }

    private MembershipSearchStrategy getMembershipSearchStrategyOrFail(Application application) {
        List<Directory> activeDirectories = getActiveDirectories(application);
        return this.searchStrategyFactory.createMembershipSearchStrategy(application.isMembershipAggregationEnabled(), activeDirectories, new SimpleCanonicalityChecker(this.directoryManager, activeDirectories), simpleAccessFilter(application));
    }

    private GroupSearchStrategy getGroupSearchStrategyOrFail(Application application) {
        return this.searchStrategyFactory.createGroupSearchStrategy(true, getActiveDirectories(application), simpleAccessFilter(application));
    }

    private UserSearchStrategy getUserSearchStrategyOrFail(Application application) {
        return this.searchStrategyFactory.createUserSearchStrategy(true, getActiveDirectories(application), simpleAccessFilter(application));
    }

    private AccessFilter simpleAccessFilter(Application application) {
        return this.accessFilterFactory.create(application, false);
    }

    private static void ensureWebhookEndpointUrlIsValid(String str) throws InvalidWebhookEndpointException {
        try {
            URI uri = new URI(str);
            if (!uri.isAbsolute()) {
                throw new InvalidWebhookEndpointException(str, "because the url is not absolute");
            }
            if (!"http".equalsIgnoreCase(uri.getScheme()) && !"https".equalsIgnoreCase(uri.getScheme())) {
                throw new InvalidWebhookEndpointException(str, "because the url scheme is not http or https");
            }
        } catch (URISyntaxException e) {
            throw new InvalidWebhookEndpointException(str, e);
        }
    }

    private void assertIncrementalSynchronisationIsAvailable(List<Directory> list) throws IncrementalSynchronisationNotAvailableException {
        for (Directory directory : list) {
            if (BooleanUtils.isFalse(BooleanUtils.toBooleanObject(directory.getValue("com.atlassian.crowd.directory.sync.cache.enabled")))) {
                throw new IncrementalSynchronisationNotAvailableException("Directory '" + directory.getName() + "' is not cached and so cannot be incrementally synchronised");
            }
        }
    }

    private OperationType getCreateOperationType(Group group) {
        switch (AnonymousClass8.$SwitchMap$com$atlassian$crowd$model$group$GroupType[group.getType().ordinal()]) {
            case 1:
                return OperationType.CREATE_GROUP;
            default:
                throw new UnsupportedOperationException();
        }
    }

    private OperationType getUpdateOperationType(Group group) {
        switch (AnonymousClass8.$SwitchMap$com$atlassian$crowd$model$group$GroupType[group.getType().ordinal()]) {
            case 1:
                return OperationType.UPDATE_GROUP;
            default:
                throw new UnsupportedOperationException();
        }
    }

    private OperationType getUpdateAttributeOperationType(Group group) {
        switch (AnonymousClass8.$SwitchMap$com$atlassian$crowd$model$group$GroupType[group.getType().ordinal()]) {
            case 1:
                return OperationType.UPDATE_GROUP_ATTRIBUTE;
            default:
                throw new UnsupportedOperationException();
        }
    }

    private OperationType getDeleteOperationType(Group group) {
        switch (AnonymousClass8.$SwitchMap$com$atlassian$crowd$model$group$GroupType[group.getType().ordinal()]) {
            case 1:
                return OperationType.DELETE_GROUP;
            default:
                throw new UnsupportedOperationException();
        }
    }

    private boolean isAllowedToAuthenticate(String str, long j, Application application) throws com.atlassian.crowd.exception.OperationFailedException, DirectoryNotFoundException {
        if (!application.isActive()) {
            logger.debug("User does not have access to application '{}' as the application is inactive", application.getName());
            return false;
        }
        ApplicationDirectoryMapping applicationDirectoryMapping = application.getApplicationDirectoryMapping(j);
        if (applicationDirectoryMapping != null && (applicationDirectoryMapping.isAllowAllToAuthenticate() || this.directoryManager.isUserNestedGroupMember(j, str, applicationDirectoryMapping.getAuthorisedGroupNames()))) {
            return true;
        }
        logger.debug("User does not have access to application '{}' as the directory is not allow all to authenticate and the user is not a member of any of the authorised groups", application.getName());
        return false;
    }

    private static ConcurrentModificationException concurrentModificationExceptionForDirectoryIteration(DirectoryNotFoundException directoryNotFoundException) {
        ConcurrentModificationException concurrentModificationException = new ConcurrentModificationException("Directory mapping was removed while iterating through directories");
        concurrentModificationException.initCause(directoryNotFoundException);
        return concurrentModificationException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ConcurrentModificationException concurrentModificationExceptionForDirectoryAccess(DirectoryNotFoundException directoryNotFoundException) {
        ConcurrentModificationException concurrentModificationException = new ConcurrentModificationException("Directory mapping was removed while accessing the directory");
        concurrentModificationException.initCause(directoryNotFoundException);
        return concurrentModificationException;
    }

    private Directory getDefiningDirectory(Application application, String str) throws com.atlassian.crowd.exception.OperationFailedException, UserNotFoundException {
        return application.getApplicationDirectoryMapping(fastFailingFindUser(application, str).getDirectoryId()).getDirectory();
    }

    @Nullable
    public URI getUserAvatarLink(Application application, String str, int i) throws UserNotFoundException, DirectoryNotFoundException, com.atlassian.crowd.exception.OperationFailedException {
        Directory definingDirectory = getDefiningDirectory(application, str);
        AvatarReference.UriAvatarReference userAvatarByName = this.directoryManager.getUserAvatarByName(definingDirectory.getId().longValue(), str, i);
        if (userAvatarByName instanceof AvatarReference.UriAvatarReference) {
            return userAvatarByName.getUri();
        }
        if (userAvatarByName instanceof AvatarReference.BlobAvatar) {
            return this.avatarProvider.getHostedUserAvatarUrl(application.getId().longValue(), str, i);
        }
        return this.avatarProvider.getUserAvatar(this.directoryManager.findUserByName(definingDirectory.getId().longValue(), str), i);
    }

    @Nullable
    public AvatarReference getUserAvatar(Application application, String str, int i) throws UserNotFoundException, DirectoryNotFoundException, com.atlassian.crowd.exception.OperationFailedException {
        Directory definingDirectory = getDefiningDirectory(application, str);
        AvatarReference userAvatarByName = this.directoryManager.getUserAvatarByName(definingDirectory.getId().longValue(), str, i);
        if (userAvatarByName != null) {
            return userAvatarByName;
        }
        URI userAvatar = this.avatarProvider.getUserAvatar(this.directoryManager.findUserByName(definingDirectory.getId().longValue(), str), i);
        if (userAvatar != null) {
            return new AvatarReference.UriAvatarReference(userAvatar);
        }
        return null;
    }

    public void expireAllPasswords(Application application) throws com.atlassian.crowd.exception.OperationFailedException {
        logger.info("Expiring all passwords for application '{}'", application.getName());
        for (Directory directory : getActiveDirectories(application)) {
            try {
                if (this.directoryManager.supportsExpireAllPasswords(directory.getId().longValue())) {
                    this.directoryManager.expireAllPasswords(directory.getId().longValue());
                }
            } catch (DirectoryNotFoundException e) {
                throw new com.atlassian.crowd.exception.OperationFailedException(e);
            }
        }
    }

    public User userAuthenticated(Application application, String str) throws UserNotFoundException, com.atlassian.crowd.exception.OperationFailedException, InactiveAccountException {
        com.atlassian.crowd.exception.OperationFailedException operationFailedException = null;
        for (Directory directory : this.authenticationOrderOptimizer.optimizeDirectoryOrderForAuthentication(application, getActiveDirectories(application), str)) {
            try {
                User userAuthenticated = this.directoryManager.userAuthenticated(directory.getId().longValue(), str);
                this.eventPublisher.publish(new UserAuthenticatedEvent(this, directory, application, userAuthenticated));
                return userAuthenticated;
            } catch (UserNotFoundException e) {
                logger.debug("User not found during userAuthenticated() for user '{}' directory {}, continuing", new Object[]{str, directory.getId(), e});
            } catch (DirectoryNotFoundException e2) {
                throw concurrentModificationExceptionForDirectoryIteration(e2);
            } catch (com.atlassian.crowd.exception.OperationFailedException e3) {
                logger.debug("userAuthenticated() failed for user '{}' directory {}, continuing", new Object[]{str, directory.getId(), e3});
                if (operationFailedException == null) {
                    operationFailedException = e3;
                }
            }
        }
        if (operationFailedException != null) {
            throw operationFailedException;
        }
        throw new UserNotFoundException(str);
    }

    public ApplicationService.MembershipsIterable getMemberships(Application application) {
        return MembershipsIterableImpl.runWithClassLoader(Thread.currentThread().getContextClassLoader(), new MembershipsIterableImpl(this.directoryManager, this.searchStrategyFactory, application, this.accessFilterFactory));
    }

    public <T> PagedSearcher<T> createPagedUserSearcher(Application application, EntityQuery<T> entityQuery) throws PagingNotSupportedException {
        return this.searchStrategyFactory.createUserSearchStrategy(true, getActiveDirectories(application), this.accessFilterFactory.create(application, true)).createPagedUserSearcher(entityQuery);
    }

    public <T> PagedSearcher<T> createPagedGroupSearcher(Application application, EntityQuery<T> entityQuery) throws PagingNotSupportedException {
        return this.searchStrategyFactory.createGroupSearchStrategy(true, getActiveDirectories(application), this.accessFilterFactory.create(application, true)).createPagedGroupSearcher(entityQuery);
    }
}
