package com.atlassian.jira.application;

import com.atlassian.annotations.Internal;
import com.atlassian.application.api.ApplicationKey;
import com.atlassian.application.host.ApplicationConfigurationManager;
import com.atlassian.application.host.events.ApplicationDefinedEvent;
import com.atlassian.application.host.events.ApplicationUndefinedEvent;
import com.atlassian.cache.Cache;
import com.atlassian.cache.CacheLoader;
import com.atlassian.cache.CacheManager;
import com.atlassian.cache.CacheSettingsBuilder;
import com.atlassian.cache.CachedReference;
import com.atlassian.cache.Supplier;
import com.atlassian.collectors.CollectorsUtil;
import com.atlassian.crowd.directory.loader.DirectoryInstanceLoader;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.DirectoryType;
import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.crowd.event.DirectoryEvent;
import com.atlassian.crowd.event.application.ApplicationDirectoryOrderUpdatedEvent;
import com.atlassian.crowd.event.directory.DirectoryUpdatedEvent;
import com.atlassian.crowd.event.directory.RemoteDirectorySynchronisationFinishedEvent;
import com.atlassian.crowd.event.group.GroupCreatedEvent;
import com.atlassian.crowd.event.group.GroupDeletedEvent;
import com.atlassian.crowd.event.group.GroupMembershipDeletedEvent;
import com.atlassian.crowd.event.group.GroupMembershipsCreatedEvent;
import com.atlassian.crowd.event.group.GroupUpdatedEvent;
import com.atlassian.crowd.event.migration.XMLRestoreFinishedEvent;
import com.atlassian.crowd.event.user.AutoUserUpdatedEvent;
import com.atlassian.crowd.event.user.UserDeletedEvent;
import com.atlassian.crowd.event.user.UserEditedEvent;
import com.atlassian.crowd.event.user.UserUpdatedEvent;
import com.atlassian.crowd.exception.DirectoryInstantiationException;
import com.atlassian.crowd.manager.directory.SynchronisationStatusManager;
import com.atlassian.event.api.EventListener;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.CachingComponent;
import com.atlassian.jira.EventComponent;
import com.atlassian.jira.application.ApplicationRoleDefinitions;
import com.atlassian.jira.application.ApplicationRoleStore;
import com.atlassian.jira.auditing.AffectedApplication;
import com.atlassian.jira.auditing.AssociatedItem;
import com.atlassian.jira.auditing.AuditingCategory;
import com.atlassian.jira.auditing.AuditingService;
import com.atlassian.jira.auditing.ChangedValue;
import com.atlassian.jira.auditing.ChangedValueImpl;
import com.atlassian.jira.cluster.ClusterSafe;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.config.FeatureManager;
import com.atlassian.jira.crowd.embedded.JiraEncryptingDirectoryDAO;
import com.atlassian.jira.crowd.embedded.ofbiz.ExtendedUserDao;
import com.atlassian.jira.crowd.embedded.ofbiz.InternalMembershipDao;
import com.atlassian.jira.crowd.embedded.ofbiz.db.OfBizTransactionManager;
import com.atlassian.jira.event.ClearCacheEvent;
import com.atlassian.jira.event.ComponentManagerShutdownEvent;
import com.atlassian.jira.license.JiraLicenseManager;
import com.atlassian.jira.license.LicenseChangedEvent;
import com.atlassian.jira.license.LicenseCountService;
import com.atlassian.jira.license.LicenseDetails;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.groups.GroupManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.util.RecoveryMode;
import com.atlassian.jira.user.util.Users;
import com.atlassian.jira.util.dbc.Assertions;
import com.atlassian.jira.util.thread.JiraThreadLocalUtils;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Stopwatch;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import io.atlassian.fugue.Option;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
import java.util.concurrent.FutureTask;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.validation.constraints.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@EventComponent
/* loaded from: input_file:com/atlassian/jira/application/DefaultApplicationRoleManager.class */
public class DefaultApplicationRoleManager implements ApplicationRoleManager, CachingComponent, LicenseCountService, ApplicationConfigurationManager {
    private static final Logger log = LoggerFactory.getLogger(DefaultApplicationRoleManager.class);
    private static final String AUDIT_CATEGORY = AuditingCategory.APPLICATIONS.getId();
    private static final String ACTIVE_USERS_COUNT_CACHE_ASYNCHRONOUS_FEATURE_FLAG = "com.atlassian.jira.application.active.users.count.cache.asynchronous";
    private final ApplicationRoleDefinitions definitions;
    private final GroupManager groupManager;
    private final ApplicationRoleStore applicationRoleStore;
    private final JiraLicenseManager licenseManager;
    private final RecoveryMode recoveryMode;
    private final CrowdService crowdService;
    private final EventPublisher eventPublisher;
    private final DirectoryInstanceLoader directoryInstanceLoader;
    private final InternalMembershipDao internalMembershipDao;
    private final JiraEncryptingDirectoryDAO directoryDao;
    private final ExtendedUserDao ofBizUserDao;
    private final OfBizTransactionManager ofBizTransactionManager;
    private final SynchronisationStatusManager crowdSyncStatusManager;
    private final FeatureManager featureManager;

    @ClusterSafe
    private final Cache<ApplicationKey, Option<ApplicationRole>> appRoleCache;

    @ClusterSafe
    private final Cache<ApplicationKey, Integer> activeUsersCountForLicense;
    private final ThreadPoolExecutor cacheRefreshExecutor;
    private volatile Option<Future<Void>> lastRefresh = Option.none();
    private final CachedReference<Integer> billableUsersCount;

    /* loaded from: input_file:com/atlassian/jira/application/DefaultApplicationRoleManager$BillableUserCountLoader.class */
    private final class BillableUserCountLoader implements Supplier<Integer> {
        private BillableUserCountLoader() {
        }

        /* renamed from: get, reason: merged with bridge method [inline-methods] */
        public Integer m27get() {
            Stopwatch createStarted = Stopwatch.createStarted();
            Set<String> set = (Set) getGroupsThatGrantUserAccess().stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toSet());
            DefaultApplicationRoleManager.log.debug("Time taken for reading base group names: {}", createStarted);
            int countUsersInGroups = DefaultApplicationRoleManager.this.countUsersInGroups(set);
            DefaultApplicationRoleManager.log.debug("License check time: {}", createStarted);
            return Integer.valueOf(countUsersInGroups);
        }

        private Set<Group> getGroupsThatGrantUserAccess() {
            return DefaultApplicationRoleManager.this.getGroupsForLicensedRoles();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/jira/application/DefaultApplicationRoleManager$DelegatingSettableFutureTask.class */
    public static class DelegatingSettableFutureTask extends FutureTask<Void> {
        private volatile Future futureTask;

        DelegatingSettableFutureTask(Runnable runnable) {
            super(runnable, null);
        }

        public void setDelegate(Future future) {
            this.futureTask = future;
            set(null);
        }

        @Override // java.util.concurrent.FutureTask, java.util.concurrent.Future
        public Void get() throws InterruptedException, ExecutionException {
            throw new UnsupportedOperationException();
        }

        @Override // java.util.concurrent.FutureTask, java.util.concurrent.Future
        public Void get(long j, TimeUnit timeUnit) throws InterruptedException, ExecutionException, TimeoutException {
            super.get(j, timeUnit);
            if (this.futureTask == null) {
                return null;
            }
            this.futureTask.get(j, timeUnit);
            return null;
        }
    }

    /* loaded from: input_file:com/atlassian/jira/application/DefaultApplicationRoleManager$RoleLoader.class */
    private class RoleLoader implements CacheLoader<ApplicationKey, Option<ApplicationRole>> {
        private RoleLoader() {
        }

        @Nonnull
        public Option<ApplicationRole> load(@Nonnull ApplicationKey applicationKey) {
            return DefaultApplicationRoleManager.this.definitions.getLicensed(applicationKey).map(applicationRoleDefinition -> {
                ApplicationRoleStore.ApplicationRoleData applicationRoleData = DefaultApplicationRoleManager.this.applicationRoleStore.get(applicationKey);
                Stream<String> stream = applicationRoleData.getGroups().stream();
                GroupManager groupManager = DefaultApplicationRoleManager.this.groupManager;
                Objects.requireNonNull(groupManager);
                Set set = (Set) stream.map(groupManager::getGroup).filter((v0) -> {
                    return Objects.nonNull(v0);
                }).collect(CollectorsUtil.toImmutableSet());
                Stream<String> stream2 = applicationRoleData.getDefaultGroups().stream();
                GroupManager groupManager2 = DefaultApplicationRoleManager.this.groupManager;
                Objects.requireNonNull(groupManager2);
                Stream filter = stream2.map(groupManager2::getGroup).filter((v0) -> {
                    return Objects.nonNull(v0);
                });
                Objects.requireNonNull(set);
                return new DefinitionApplicationRole(DefaultApplicationRoleManager.this.definitions, applicationRoleDefinition, set, (Set) filter.filter((v1) -> {
                    return r1.contains(v1);
                }).collect(CollectorsUtil.toImmutableSet()), DefaultApplicationRoleManager.this.getNumberOfSeatsGrantedToRole(applicationKey), applicationRoleData.isSelectedByDefault());
            });
        }
    }

    public DefaultApplicationRoleManager(@Nonnull CacheManager cacheManager, @Nonnull ApplicationRoleStore applicationRoleStore, @Nonnull ApplicationRoleDefinitions applicationRoleDefinitions, @Nonnull GroupManager groupManager, @Nonnull JiraLicenseManager jiraLicenseManager, @Nonnull RecoveryMode recoveryMode, @Nonnull CrowdService crowdService, @Nonnull EventPublisher eventPublisher, @Nonnull InternalMembershipDao internalMembershipDao, @Nonnull JiraEncryptingDirectoryDAO jiraEncryptingDirectoryDAO, @Nonnull ExtendedUserDao extendedUserDao, @Nonnull OfBizTransactionManager ofBizTransactionManager, @Nonnull SynchronisationStatusManager synchronisationStatusManager, @Nonnull FeatureManager featureManager, @Nonnull DirectoryInstanceLoader directoryInstanceLoader) {
        Assertions.notNull("cacheManager", cacheManager);
        this.recoveryMode = (RecoveryMode) Assertions.notNull("recoveryMode", recoveryMode);
        this.groupManager = (GroupManager) Assertions.notNull("groupManager", groupManager);
        this.applicationRoleStore = (ApplicationRoleStore) Assertions.notNull("store", applicationRoleStore);
        this.definitions = (ApplicationRoleDefinitions) Assertions.notNull("definitions", applicationRoleDefinitions);
        this.licenseManager = (JiraLicenseManager) Assertions.notNull("licenseManager", jiraLicenseManager);
        this.crowdService = (CrowdService) Assertions.notNull("crowdService", crowdService);
        this.eventPublisher = (EventPublisher) Assertions.notNull("eventPublisher", eventPublisher);
        this.internalMembershipDao = (InternalMembershipDao) Assertions.notNull("internalMembershipDao", internalMembershipDao);
        this.directoryDao = (JiraEncryptingDirectoryDAO) Assertions.notNull("directoryDao", jiraEncryptingDirectoryDAO);
        this.ofBizUserDao = (ExtendedUserDao) Assertions.notNull("ofBizUserDao", extendedUserDao);
        this.ofBizTransactionManager = (OfBizTransactionManager) Assertions.notNull("ofBizTransactionManager", ofBizTransactionManager);
        this.crowdSyncStatusManager = (SynchronisationStatusManager) Assertions.notNull("crowdSyncStatusManager", synchronisationStatusManager);
        this.cacheRefreshExecutor = new ThreadPoolExecutor(1, 1, 0L, TimeUnit.MILLISECONDS, new LinkedBlockingQueue(2), new ThreadFactoryBuilder().setNameFormat("default-application-role-manager-cache-refresh-%d").build(), (runnable, threadPoolExecutor) -> {
            log.debug("Queue already full. Skipping cache refresh");
            DelegatingSettableFutureTask delegatingSettableFutureTask = (DelegatingSettableFutureTask) runnable;
            Future future = (Future) threadPoolExecutor.getQueue().peek();
            delegatingSettableFutureTask.setDelegate(future != null ? future : Futures.immediateFuture((Object) null));
        });
        this.appRoleCache = cacheManager.getCache(DefaultApplicationRoleManager.class.getName() + ".applicationRoleGroups", new RoleLoader(), new CacheSettingsBuilder().expireAfterAccess(30L, TimeUnit.MINUTES).maxEntries(100).build());
        this.activeUsersCountForLicense = cacheManager.getCache("com.atlassian.jira.application.DefaultApplicationRoleManager.activeUsersCountForLicenseUnflushableCache", applicationKey -> {
            return (Integer) getRole(applicationKey).map(this::countApplicationUsers).getOrElse(0);
        }, new CacheSettingsBuilder().remote().replicateViaCopy().unflushable().build());
        this.billableUsersCount = cacheManager.getCachedReference(getClass().getName() + ".billableUsersCount", new BillableUserCountLoader(), new CacheSettingsBuilder().expireAfterWrite(2L, TimeUnit.HOURS).build());
        jiraLicenseManager.subscribeToClearCache(r3 -> {
            clearCache();
        });
        this.featureManager = featureManager;
        this.directoryInstanceLoader = directoryInstanceLoader;
    }

    @VisibleForTesting
    protected void waitForActiveUsersCacheLoader() {
        Future future = (Future) this.lastRefresh.getOrNull();
        if (future != null) {
            try {
                Stopwatch createStarted = Stopwatch.createStarted();
                future.get(60L, TimeUnit.SECONDS);
                log.debug("Waiting for active users count cache to be refreshed took {}", createStarted);
            } catch (InterruptedException | ExecutionException e) {
                throw new RuntimeException("Exception occurred while waiting for queue synchronization", e);
            } catch (TimeoutException e2) {
                throw new RuntimeException("ActiveUsersCountForLicenseCache refresh took over 60 seconds. This operation takes too long and it may affect JIRA performance and stability. Please see https://confluence.atlassian.com/display/JIRAKB/KB-JRASERVER-64384-docs for details.", e2);
            }
        }
    }

    private boolean shouldSynchronizeActiveUsersCountCache() {
        return !this.featureManager.isEnabled(ACTIVE_USERS_COUNT_CACHE_ASYNCHRONOUS_FEATURE_FLAG);
    }

    private void refreshActiveUsersCount() {
        log.debug("Request for refresh active users count cache.");
        DelegatingSettableFutureTask delegatingSettableFutureTask = new DelegatingSettableFutureTask(JiraThreadLocalUtils.wrap(this::tryRefreshActiveUsersCountForLicense));
        this.lastRefresh = Option.some(delegatingSettableFutureTask);
        Future future = (Future) this.cacheRefreshExecutor.getQueue().peek();
        if (future != null) {
            delegatingSettableFutureTask.setDelegate(future);
        } else {
            this.cacheRefreshExecutor.execute(delegatingSettableFutureTask);
        }
    }

    private void tryRefreshActiveUsersCountForLicense() {
        try {
            refreshActiveUsersCountForLicense();
        } catch (Exception e) {
            log.error("Error occurred while trying to refresh active users count for license", e);
        }
    }

    private void refreshActiveUsersCountForLicense() {
        Set allLicensedApplicationKeys = this.licenseManager.getAllLicensedApplicationKeys();
        ((List) allLicensedApplicationKeys.stream().filter(applicationKey -> {
            return !ApplicationKeys.CORE.equals(applicationKey);
        }).collect(CollectorsUtil.toImmutableListWithSizeOf(allLicensedApplicationKeys))).forEach(applicationKey2 -> {
            Option<ApplicationRole> role = getRole(applicationKey2);
            if (role.isDefined()) {
                this.activeUsersCountForLicense.put(applicationKey2, Integer.valueOf(countApplicationRoleUsers((ApplicationRole) role.get())));
            } else {
                this.activeUsersCountForLicense.put(applicationKey2, 0);
                log.debug("Can't find application role for applicationKey '{}'", applicationKey2);
            }
        });
        if (!getRole(ApplicationKeys.CORE).isDefined()) {
            log.debug("Can't find application role. Skipping active CORE users cache update.");
        } else {
            this.activeUsersCountForLicense.put(ApplicationKeys.CORE, Integer.valueOf(countCoreUsers()));
        }
    }

    @Nonnull
    public Option<ApplicationRole> getRole(@Nonnull ApplicationKey applicationKey) {
        Assertions.notNull("role", applicationKey);
        return (Option) this.appRoleCache.get(applicationKey);
    }

    @Nonnull
    public Set<ApplicationRole> getRoles() {
        HashSet newHashSet = Sets.newHashSet();
        Iterator it = this.licenseManager.getAllLicensedApplicationKeys().iterator();
        while (it.hasNext()) {
            Iterables.addAll(newHashSet, getRole((ApplicationKey) it.next()));
        }
        return Collections.unmodifiableSet(newHashSet);
    }

    @Nonnull
    public Set<ApplicationKey> getDefaultApplicationKeys() {
        return (Set) getRoles().stream().filter((v0) -> {
            return v0.isSelectedByDefault();
        }).map((v0) -> {
            return v0.getKey();
        }).collect(CollectorsUtil.toImmutableSet());
    }

    public boolean hasAnyRole(@Nullable ApplicationUser applicationUser) {
        if (Users.isAnonymous(applicationUser)) {
            return false;
        }
        return getRoles().stream().anyMatch(applicationRole -> {
            return userHasRole(applicationUser, applicationRole);
        }) || this.recoveryMode.isRecoveryUser(applicationUser);
    }

    public boolean userHasRole(@Nullable ApplicationUser applicationUser, ApplicationKey applicationKey) {
        Assertions.notNull("key", applicationKey);
        if (Users.isAnonymous(applicationUser)) {
            return false;
        }
        Iterator it = ((Set) getRole(applicationKey).map((v0) -> {
            return v0.getGroups();
        }).getOrElse(ImmutableSet.of())).iterator();
        while (it.hasNext()) {
            if (this.groupManager.isUserInGroup(applicationUser, (Group) it.next())) {
                return true;
            }
        }
        return false;
    }

    public boolean userOccupiesRole(@Nullable ApplicationUser applicationUser, ApplicationKey applicationKey) {
        return getOccupiedLicenseRolesForUser(applicationUser).stream().anyMatch(applicationRole -> {
            return applicationRole.getKey().equals(applicationKey);
        });
    }

    public boolean isAnyRoleLimitExceeded() {
        return getRoles().stream().anyMatch(applicationRole -> {
            return isRoleLimitExceeded(applicationRole.getKey());
        });
    }

    public boolean isAnyRoleLimitExceededAsync() {
        return getRoles().stream().anyMatch(applicationRole -> {
            return isRoleLimitExceededAsync(applicationRole.getKey());
        });
    }

    public boolean isRoleLimitExceeded(@Nonnull ApplicationKey applicationKey) {
        if (!hasUnlimitedLicense(applicationKey) && shouldSynchronizeActiveUsersCountCache()) {
            waitForActiveUsersCacheLoader();
        }
        return isRoleLimitExceededCurrentValue(applicationKey);
    }

    public boolean isRoleLimitExceededAsync(@Nonnull ApplicationKey applicationKey) {
        return isRoleLimitExceededCurrentValue(applicationKey);
    }

    private boolean isRoleLimitExceededCurrentValue(@Nonnull ApplicationKey applicationKey) {
        int numberOfSeatsGrantedToRole = getNumberOfSeatsGrantedToRole(applicationKey);
        return numberOfSeatsGrantedToRole != -1 && getUserCountCurrentValue(applicationKey) > numberOfSeatsGrantedToRole;
    }

    public boolean hasExceededAllRoles(@Nonnull ApplicationUser applicationUser) {
        Set<ApplicationRole> rolesForUser = getRolesForUser((ApplicationUser) Assertions.notNull(applicationUser));
        if (!rolesForUser.stream().map((v0) -> {
            return v0.getKey();
        }).anyMatch(this::hasUnlimitedLicense) && shouldSynchronizeActiveUsersCountCache()) {
            waitForActiveUsersCacheLoader();
        }
        return rolesForUser.stream().allMatch(applicationRole -> {
            return isRoleLimitExceededCurrentValue(applicationRole.getKey());
        });
    }

    public boolean hasExceededAllRolesAsync(@Nonnull ApplicationUser applicationUser) {
        return getRolesForUser((ApplicationUser) Assertions.notNull(applicationUser)).stream().allMatch(applicationRole -> {
            return isRoleLimitExceededCurrentValue(applicationRole.getKey());
        });
    }

    public Set<ApplicationRole> getRolesForUser(@Nonnull ApplicationUser applicationUser) {
        Assertions.notNull(applicationUser);
        return (Set) getRoles().stream().filter(applicationRole -> {
            return userHasRole(applicationUser, applicationRole);
        }).collect(CollectorsUtil.toImmutableSet());
    }

    public Set<ApplicationRole> getOccupiedLicenseRolesForUser(@Nonnull ApplicationUser applicationUser) {
        Assertions.notNull(applicationUser);
        Set<ApplicationRole> rolesForUser = getRolesForUser(applicationUser);
        return (rolesForUser.size() <= 1 || !rolesForUser.stream().anyMatch(applicationRole -> {
            return ApplicationKeys.CORE.equals(applicationRole.getKey());
        }) || rolesForUser.stream().filter(applicationRole2 -> {
            return !ApplicationKeys.CORE.equals(applicationRole2.getKey());
        }).allMatch(applicationRole3 -> {
            return isRoleLimitExceeded(applicationRole3.getKey());
        })) ? rolesForUser : (Set) rolesForUser.stream().filter(applicationRole4 -> {
            return !ApplicationKeys.CORE.equals(applicationRole4.getKey());
        }).collect(CollectorsUtil.toImmutableSet());
    }

    public Set<ApplicationRole> getRolesForGroup(@Nonnull Group group) {
        Assertions.notNull("group", group);
        HashSet newHashSet = Sets.newHashSet();
        for (ApplicationRole applicationRole : getRoles()) {
            for (Group group2 : applicationRole.getGroups()) {
                if (group2.equals(group) || this.crowdService.isGroupMemberOfGroup(group, group2)) {
                    newHashSet.add(applicationRole);
                    break;
                }
            }
        }
        return Collections.unmodifiableSet(newHashSet);
    }

    @Nonnull
    public Set<Group> getGroupsForLicensedRoles() {
        return (Set) getRoles().stream().map((v0) -> {
            return v0.getGroups();
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(CollectorsUtil.toImmutableSet());
    }

    public void removeGroupFromRoles(@Nonnull Group group) {
        Assertions.notNull("group", group);
        logRemovedGroup(group);
        this.applicationRoleStore.removeGroup(group.getName());
        clearCache();
    }

    private void logRemovedGroup(@Nonnull Group group) {
        AuditingService auditingService = (AuditingService) ComponentAccessor.getComponent(AuditingService.class);
        for (ApplicationRole applicationRole : getRoles()) {
            if (applicationRole.getGroups().contains(group) && auditingService != null) {
                auditingService.storeRecord(AUDIT_CATEGORY, "Group was deleted", new AffectedApplication(applicationRole), (Iterable<ChangedValue>) ImmutableList.of(new ChangedValueImpl(group.getName(), "Associated", "Group deleted")), (Iterable<AssociatedItem>) null, (String) null);
            }
        }
    }

    public boolean isRoleInstalledAndLicensed(@Nonnull ApplicationKey applicationKey) {
        Assertions.notNull("key", applicationKey);
        return this.definitions.isDefined(applicationKey) && this.definitions.isLicensed(applicationKey);
    }

    @Nonnull
    public ApplicationRole setRole(@Nonnull ApplicationRole applicationRole) {
        validateRole((ApplicationRole) Assertions.notNull("role", applicationRole));
        logDiffForRole(applicationRole);
        ApplicationKey key = applicationRole.getKey();
        try {
            this.applicationRoleStore.save(new ApplicationRoleStore.ApplicationRoleData(key, groupNames(applicationRole.getGroups()), groupNames(applicationRole.getDefaultGroups()), applicationRole.isSelectedByDefault()));
            return (ApplicationRole) ((Option) this.appRoleCache.get(key)).getOrElse(() -> {
                return IdApplicationRole.empty(key);
            });
        } finally {
            clearCacheLine(key);
        }
    }

    public void clearConfiguration(ApplicationKey applicationKey) {
        AuditingService auditingService = (AuditingService) ComponentAccessor.getComponent(AuditingService.class);
        if (auditingService != null) {
            Option map = this.definitions.getDefined(applicationKey).map(applicationRoleDefinition -> {
                return applicationRoleDefinitionToApplicationRole(applicationKey, applicationRoleDefinition);
            });
            if (map.isDefined()) {
                ApplicationRole applicationRole = (ApplicationRole) map.get();
                auditingService.storeRecord(AUDIT_CATEGORY, "Application configuration cleared.", new AffectedApplication(applicationRole), ApplicationRoleDiff.diffRemoved(applicationRole).messages(), (Iterable<AssociatedItem>) null, (String) null);
            }
        }
        try {
            this.applicationRoleStore.removeByKey(applicationKey);
            clearCacheLine(applicationKey);
            this.eventPublisher.publish(new ApplicationConfigurationEvent(ImmutableSet.of(applicationKey)));
        } catch (Throwable th) {
            clearCacheLine(applicationKey);
            this.eventPublisher.publish(new ApplicationConfigurationEvent(ImmutableSet.of(applicationKey)));
            throw th;
        }
    }

    public int getUserCount(@Nonnull ApplicationKey applicationKey) {
        Assertions.notNull("key", applicationKey);
        if (shouldSynchronizeActiveUsersCountCache()) {
            waitForActiveUsersCacheLoader();
        }
        return getUserCountCurrentValue(applicationKey);
    }

    public int getUserCountAsync(@Nonnull ApplicationKey applicationKey) {
        Assertions.notNull("key", applicationKey);
        return getUserCountCurrentValue(applicationKey);
    }

    private int getUserCountCurrentValue(@Nonnull ApplicationKey applicationKey) {
        int intValue = ((Integer) getRole(applicationKey).fold(() -> {
            return 0;
        }, applicationRole -> {
            return (Integer) this.activeUsersCountForLicense.get(applicationKey);
        })).intValue();
        log.trace("getUserCountCurrentValue({}) = {}", applicationKey, Integer.valueOf(intValue));
        return intValue;
    }

    public int getRemainingSeats(@Nonnull ApplicationKey applicationKey) {
        if (!hasUnlimitedLicense(applicationKey) && shouldSynchronizeActiveUsersCountCache()) {
            waitForActiveUsersCacheLoader();
        }
        return getRemainingSeatsCurrentValue(applicationKey);
    }

    public int getRemainingSeatsAsync(@Nonnull ApplicationKey applicationKey) {
        return getRemainingSeatsCurrentValue(applicationKey);
    }

    private boolean hasUnlimitedLicense(@Nonnull ApplicationKey applicationKey) {
        return getNumberOfSeatsGrantedToRole(applicationKey) == -1;
    }

    private int getRemainingSeatsCurrentValue(@Nonnull ApplicationKey applicationKey) {
        return ((Integer) getRole((ApplicationKey) Assertions.notNull("key", applicationKey)).map(applicationRole -> {
            int numberOfSeats = applicationRole.getNumberOfSeats();
            if (numberOfSeats == -1) {
                return -1;
            }
            return Integer.valueOf(Math.max(numberOfSeats - getUserCountCurrentValue(applicationKey), 0));
        }).getOrElse(0)).intValue();
    }

    public boolean hasSeatsAvailable(@Nonnull ApplicationKey applicationKey, int i) {
        if (!hasUnlimitedLicense(applicationKey) && shouldSynchronizeActiveUsersCountCache()) {
            waitForActiveUsersCacheLoader();
        }
        return hasSeatsAvailableCurrentValue(applicationKey, i);
    }

    public boolean hasSeatsAvailableAsync(@Nonnull ApplicationKey applicationKey, int i) {
        return hasSeatsAvailableCurrentValue(applicationKey, i);
    }

    private boolean hasSeatsAvailableCurrentValue(@Nonnull ApplicationKey applicationKey, int i) {
        Assertions.notNull("key", applicationKey);
        if (i < 0) {
            throw new IllegalArgumentException("seatCount < 0");
        }
        int remainingSeatsCurrentValue = getRemainingSeatsCurrentValue(applicationKey);
        return remainingSeatsCurrentValue == -1 || i <= remainingSeatsCurrentValue;
    }

    @Nonnull
    public Set<Group> getDefaultGroups(@Nonnull ApplicationKey applicationKey) {
        Assertions.notNull("key", applicationKey);
        return (Set) getRole(applicationKey).map((v0) -> {
            return v0.getDefaultGroups();
        }).getOrElse(ImmutableSet.of());
    }

    @EventListener
    public void onClearCache(ClearCacheEvent clearCacheEvent) {
        clearCaches(clearCacheEvent);
        this.eventPublisher.publish(new XMLRestoreFinishedEvent(this, (String) null));
    }

    @EventListener
    public void onApplicationDefined(ApplicationDefinedEvent applicationDefinedEvent) {
        clearCaches(applicationDefinedEvent);
    }

    @EventListener
    public void onApplicationUndefined(ApplicationUndefinedEvent applicationUndefinedEvent) {
        clearCaches(applicationUndefinedEvent);
    }

    @EventListener
    public void onLicenseChanged(LicenseChangedEvent licenseChangedEvent) {
        clearCaches(licenseChangedEvent);
    }

    @EventListener
    public void onGroupCreated(GroupCreatedEvent groupCreatedEvent) {
        if (shouldRepopulateCache(groupCreatedEvent)) {
            clearCaches(groupCreatedEvent);
        }
    }

    @EventListener
    public void onGroupDeleted(GroupDeletedEvent groupDeletedEvent) {
        if (shouldRepopulateCache(groupDeletedEvent)) {
            clearCaches(groupDeletedEvent);
        }
    }

    @EventListener
    public void onGroupUpdated(GroupUpdatedEvent groupUpdatedEvent) {
        if (shouldRepopulateCache(groupUpdatedEvent)) {
            clearCaches(groupUpdatedEvent);
        }
    }

    @EventListener
    public void onDirectoryReorder(ApplicationDirectoryOrderUpdatedEvent applicationDirectoryOrderUpdatedEvent) {
        clearCaches(applicationDirectoryOrderUpdatedEvent);
    }

    @EventListener
    public void onDirectoryUpdated(DirectoryUpdatedEvent directoryUpdatedEvent) {
        clearCaches(directoryUpdatedEvent);
    }

    @EventListener
    public void onGroupMembershipsCreated(GroupMembershipsCreatedEvent groupMembershipsCreatedEvent) {
        clearUserCountsIfNotInSync(groupMembershipsCreatedEvent);
    }

    @EventListener
    public void onGroupMembershipDeleted(GroupMembershipDeletedEvent groupMembershipDeletedEvent) {
        clearUserCountsIfNotInSync(groupMembershipDeletedEvent);
    }

    @EventListener
    public void onUserDeleted(UserDeletedEvent userDeletedEvent) {
        clearUserCountsIfNotInSync(userDeletedEvent);
    }

    @EventListener
    public void onUserUpdated(UserEditedEvent userEditedEvent) {
        clearCacheForUpdatedUser(userEditedEvent, userEditedEvent.getOriginalUser(), userEditedEvent.getUser());
    }

    @EventListener
    public void onUserUpdated(AutoUserUpdatedEvent autoUserUpdatedEvent) {
        clearCacheForUpdatedUser(autoUserUpdatedEvent, autoUserUpdatedEvent.getOriginalUser(), autoUserUpdatedEvent.getUser());
    }

    @EventListener
    public void onSyncFinished(RemoteDirectorySynchronisationFinishedEvent remoteDirectorySynchronisationFinishedEvent) {
        clearUserCounts(remoteDirectorySynchronisationFinishedEvent);
    }

    @EventListener
    public void onComponentManagerShutdown(ComponentManagerShutdownEvent componentManagerShutdownEvent) {
        this.cacheRefreshExecutor.shutdown();
    }

    @Override // com.atlassian.jira.CachingComponent
    @Internal
    public void clearCache() {
        this.appRoleCache.removeAll();
        refreshActiveUsersCount();
        flushBillableUsersCache();
    }

    private boolean shouldRepopulateCache(DirectoryEvent directoryEvent) {
        if (this.featureManager.isEnabled("com.atlassian.jira.ldap.nonblocking.sync.disabled") || !this.crowdSyncStatusManager.getDirectorySynchronisationInformation(directoryEvent.getDirectory()).isSynchronising()) {
            return true;
        }
        log.debug("Directory (id={}) synchronization is in progress. Delaying repopulating license cache.", directoryEvent.getDirectory().getId());
        return false;
    }

    public int totalBillableUsers() {
        return ((Integer) this.billableUsersCount.get()).intValue();
    }

    public void flush() {
        flushBillableUsersCache();
    }

    public void flushBillableUsersCache() {
        this.billableUsersCount.reset();
    }

    private int getNumberOfSeatsGrantedToRole(@Nonnull ApplicationKey applicationKey) {
        int i = 0;
        Iterator it = this.licenseManager.getLicenses().iterator();
        while (it.hasNext()) {
            int userLimit = ((LicenseDetails) it.next()).getLicensedApplications().getUserLimit(applicationKey);
            if (userLimit != 0) {
                if (i != 0) {
                    throw new IllegalStateException("Application role has users granted in > 1 license: " + applicationKey);
                }
                i = userLimit;
            }
        }
        return i;
    }

    private void validateRole(ApplicationRole applicationRole) {
        if (!this.licenseManager.getAllLicensedApplicationKeys().contains(applicationRole.getKey())) {
            throw new IllegalArgumentException(String.format("The '%s' role is not provided by any license.", applicationRole.getKey()));
        }
        for (Group group : applicationRole.getGroups()) {
            if (!this.groupManager.groupExists(group)) {
                throw new IllegalArgumentException(String.format("The '%s' role is associated with group '%s', which does not exist.", applicationRole.getKey(), group.getName()));
            }
        }
    }

    private boolean userHasRole(@Nonnull ApplicationUser applicationUser, @Nonnull ApplicationRole applicationRole) {
        return applicationRole.getGroups().stream().anyMatch(group -> {
            return this.groupManager.isUserInGroup(applicationUser, group);
        });
    }

    private void clearCaches(@Nullable Object obj) {
        log.debug("Clearing the cache on {}.", obj != null ? obj.getClass().getName() : "<UNKNOWN>");
        clearCache();
    }

    private void clearUserCountsIfNotInSync(DirectoryEvent directoryEvent) {
        if (shouldRepopulateCache(directoryEvent)) {
            clearUserCounts(directoryEvent);
        }
    }

    private void clearUserCounts(@Nullable Object obj) {
        log.debug("Clearing the user counts on {}.", obj != null ? obj.getClass().getName() : "<UNKNOWN>");
        refreshActiveUsersCount();
        flushBillableUsersCache();
    }

    private void clearCacheForUpdatedUser(@Nullable UserUpdatedEvent userUpdatedEvent, User user, @Nullable User user2) {
        if (shouldRepopulateCache(userUpdatedEvent)) {
            if (user2 == null || user.isActive() != user2.isActive()) {
                clearUserCounts(userUpdatedEvent);
            }
        }
    }

    private void clearCacheLine(ApplicationKey applicationKey) {
        log.debug("Clearing the cache line {}.", applicationKey);
        if (!ApplicationKeys.CORE.equals(applicationKey)) {
            this.appRoleCache.remove(ApplicationKeys.CORE);
        }
        this.appRoleCache.remove(applicationKey);
        refreshActiveUsersCount();
        flushBillableUsersCache();
    }

    private static Iterable<String> groupNames(Collection<Group> collection) {
        return (Iterable) collection.stream().map((v0) -> {
            return v0.getName();
        }).collect(CollectorsUtil.toImmutableSet());
    }

    private ApplicationRole applicationRoleDefinitionToApplicationRole(@Nonnull ApplicationKey applicationKey, @NotNull ApplicationRoleDefinitions.ApplicationRoleDefinition applicationRoleDefinition) {
        ApplicationRoleStore.ApplicationRoleData applicationRoleData = this.applicationRoleStore.get(applicationKey);
        Stream<String> stream = applicationRoleData.getGroups().stream();
        GroupManager groupManager = this.groupManager;
        Objects.requireNonNull(groupManager);
        Set set = (Set) stream.map(groupManager::getGroup).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(CollectorsUtil.toImmutableSet());
        Stream<String> stream2 = applicationRoleData.getDefaultGroups().stream();
        GroupManager groupManager2 = this.groupManager;
        Objects.requireNonNull(groupManager2);
        Stream filter = stream2.map(groupManager2::getGroup).filter((v0) -> {
            return Objects.nonNull(v0);
        });
        Objects.requireNonNull(set);
        return new DefinitionApplicationRole(this.definitions, applicationRoleDefinition, set, (Set) filter.filter((v1) -> {
            return r1.contains(v1);
        }).collect(CollectorsUtil.toImmutableSet()), getNumberOfSeatsGrantedToRole(applicationKey), applicationRoleData.isSelectedByDefault());
    }

    private int countApplicationUsers(ApplicationRole applicationRole) {
        Stopwatch createStarted = Stopwatch.createStarted();
        int countCoreUsers = ApplicationKeys.CORE.equals(applicationRole.getKey()) ? countCoreUsers() : countApplicationRoleUsers(applicationRole);
        log.debug("{} count: {}", applicationRole.getName(), Integer.valueOf(countCoreUsers));
        log.debug("Count application users: {} {}", createStarted, applicationRole.getName());
        return countCoreUsers;
    }

    private int countApplicationRoleUsers(ApplicationRole applicationRole) {
        return countUsersInGroups((Set) applicationRole.getGroups().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet()));
    }

    private int countCoreUsers() {
        return countUsersInGroupsExcluding((Set) ((ApplicationRole) getRole(ApplicationKeys.CORE).getOrThrow(() -> {
            return new IllegalStateException("Can't fetch role for core application. CORE role is not available");
        })).getGroups().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet()), readUsersInGroups((Set) getRoles().stream().filter(applicationRole -> {
            return (applicationRole.getKey().equals(ApplicationKeys.CORE) || isRoleLimitExceededCurrentValue(applicationRole.getKey())) ? false : true;
        }).flatMap(applicationRole2 -> {
            return applicationRole2.getGroups().stream();
        }).map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet())));
    }

    private Multimap<Long, String> readExpandedGroupNamesByDirectory(Set<String> set) {
        HashMultimap create = HashMultimap.create();
        for (Directory directory : this.directoryDao.findAll()) {
            if (directory.isActive()) {
                long longValue = directory.getId().longValue();
                Set<String> set2 = create.get(Long.valueOf(longValue));
                set2.addAll(set);
                if (isNestedGroup(directory)) {
                    readExpandedGroupNamesForDirectory(longValue, set2);
                }
            }
        }
        return create;
    }

    private boolean isNestedGroup(Directory directory) {
        try {
            if (DirectoryType.INTERNAL != directory.getType()) {
                return this.directoryInstanceLoader.getDirectory(directory).supportsNestedGroups();
            }
        } catch (DirectoryInstantiationException e) {
        }
        return Boolean.parseBoolean((String) directory.getAttributes().get("useNestedGroups"));
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void readExpandedGroupNamesForDirectory(long j, Set<String> set) {
        Collection collection = set;
        do {
            collection = this.internalMembershipDao.findGroupChildrenOfGroups(j, collection);
        } while (set.addAll(collection));
    }

    private Multimap<Long, String> readUsersInGroupsByDirectory(Multimap<Long, String> multimap) {
        HashMultimap create = HashMultimap.create();
        for (Map.Entry entry : multimap.asMap().entrySet()) {
            long longValue = ((Long) entry.getKey()).longValue();
            create.putAll(Long.valueOf(longValue), (Iterable) this.internalMembershipDao.findUserChildrenOfGroups(longValue, (Collection) entry.getValue()).stream().map(IdentifierUtils::toLowerCase).collect(Collectors.toSet()));
        }
        return create;
    }

    private Set<String> readUsersInGroups(Set<String> set) {
        return readUsersInGroupsExcluding(set, Collections.emptySet());
    }

    private Set<String> readUsersInGroupsExcluding(Set<String> set, Set<String> set2) {
        HashSet hashSet = new HashSet();
        Stopwatch createStarted = Stopwatch.createStarted();
        Multimap<Long, String> readExpandedGroupNamesByDirectory = readExpandedGroupNamesByDirectory(set);
        Multimap<Long, String> readUsersInGroupsByDirectory = readUsersInGroupsByDirectory(readExpandedGroupNamesByDirectory);
        log.debug("Time taken for readExpandedGroupNamesByDirectory: {}", createStarted);
        log.debug("Expanded group names by directory: " + readExpandedGroupNamesByDirectory.size());
        Stopwatch createStarted2 = Stopwatch.createStarted();
        this.ofBizTransactionManager.withTransaction(ofBizTransaction -> {
            this.ofBizUserDao.processUsers(user -> {
                if (user.isActive()) {
                    String lowerCase = IdentifierUtils.toLowerCase(user.getName());
                    if (readUsersInGroupsByDirectory.get(Long.valueOf(user.getDirectoryId())).contains(lowerCase) && !set2.contains(lowerCase)) {
                        hashSet.add(lowerCase);
                    }
                }
            });
        });
        log.debug("Time taken for processing users {}", createStarted2);
        return hashSet;
    }

    private int countUsersInGroups(Set<String> set) {
        return readUsersInGroups(set).size();
    }

    private int countUsersInGroupsExcluding(Set<String> set, Set<String> set2) {
        return readUsersInGroupsExcluding(set, set2).size();
    }

    private GlobalPermissionManager getGlobalPermissionManager() {
        return (GlobalPermissionManager) ComponentAccessor.getComponent(GlobalPermissionManager.class);
    }

    private void logDiffForRole(@Nonnull ApplicationRole applicationRole) {
        storeRecord(applicationRole, ApplicationRoleDiff.diff(getRole(applicationRole.getKey()), applicationRole));
    }

    private void storeRecord(@Nonnull ApplicationRole applicationRole, @Nonnull ApplicationRoleDiff applicationRoleDiff) {
        AuditingService auditingService = (AuditingService) ComponentAccessor.getComponent(AuditingService.class);
        if (auditingService == null || applicationRoleDiff.isEmpty()) {
            return;
        }
        auditingService.storeRecord(AUDIT_CATEGORY, applicationRoleDiff.summary(), new AffectedApplication(applicationRole), applicationRoleDiff.messages(), (Iterable<AssociatedItem>) null, (String) null);
    }
}
