package com.atlassian.jira.auditing.handlers;

import com.atlassian.annotations.VisibleForTesting;
import com.atlassian.audit.api.AuditService;
import com.atlassian.audit.entity.AuditAttribute;
import com.atlassian.audit.entity.AuditEvent;
import com.atlassian.audit.entity.AuditResource;
import com.atlassian.audit.entity.AuditType;
import com.atlassian.audit.entity.CoverageArea;
import com.atlassian.audit.entity.CoverageLevel;
import com.atlassian.crowd.event.user.AutoUserUpdatedEvent;
import com.atlassian.crowd.event.user.ResetPasswordEvent;
import com.atlassian.crowd.event.user.UserAttributeDeletedEvent;
import com.atlassian.crowd.event.user.UserAttributeStoredEvent;
import com.atlassian.crowd.event.user.UserCreatedEvent;
import com.atlassian.crowd.event.user.UserCredentialUpdatedEvent;
import com.atlassian.crowd.event.user.UserDeletedEvent;
import com.atlassian.crowd.event.user.UserEditedEvent;
import com.atlassian.crowd.event.user.UserEmailChangedEvent;
import com.atlassian.crowd.event.user.UserRenamedEvent;
import com.atlassian.crowd.event.user.UserUpdatedEvent;
import com.atlassian.crowd.model.user.User;
import com.atlassian.jira.auditing.AffectedUser;
import com.atlassian.jira.auditing.AssociatedItem;
import com.atlassian.jira.auditing.AuditEntitiesUtils;
import com.atlassian.jira.auditing.AuditingCategory;
import com.atlassian.jira.auditing.ChangedValue;
import com.atlassian.jira.auditing.RecordRequest;
import com.atlassian.jira.auditing.converters.AuditResources;
import com.atlassian.jira.auditing.throwsafe.AuditExceptionSafe;
import com.atlassian.jira.bc.security.login.LoginReason;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.component.pico.throwsafe.ThrowSafe;
import com.atlassian.jira.event.user.CannotChangePasswordEvent;
import com.atlassian.jira.event.user.ForgotPasswordEvent;
import com.atlassian.jira.event.user.ForgotUsernameEvent;
import com.atlassian.jira.event.user.LoginEvent;
import com.atlassian.jira.event.user.LoginFailedEvent;
import com.atlassian.jira.event.user.UserEvent;
import com.atlassian.jira.event.user.anonymize.UserAnonymizationFinishedEvent;
import com.atlassian.jira.event.user.anonymize.UserAnonymizationStartedEvent;
import com.atlassian.jira.event.user.anonymize.UserKeyChangedEvent;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.UserKeyService;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.jira.workflow.function.issue.UpdateIssueFieldFunction;
import com.google.common.collect.Lists;
import io.atlassian.fugue.Option;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Supplier;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@AuditExceptionSafe
/* loaded from: input_file:com/atlassian/jira/auditing/handlers/UserEventHandlerImpl.class */
public class UserEventHandlerImpl implements UserEventHandler {
    private static final Logger LOG = LoggerFactory.getLogger(UserEventHandlerImpl.class);

    @VisibleForTesting
    static final AuditType USER_LOGGED_IN = AuditEntitiesUtils.newAuditType(CoverageArea.SECURITY, "jira.auditing.category.login", "jira.auditing.user.logged.in", CoverageLevel.FULL);

    @VisibleForTesting
    static final AuditType USER_LOGIN_FAILED = AuditEntitiesUtils.newAuditType(CoverageArea.SECURITY, "jira.auditing.category.login", "jira.auditing.user.login.failed", CoverageLevel.FULL);
    private static final AuditType USER_LOGGED_OUT = AuditEntitiesUtils.newAuditType(CoverageArea.SECURITY, "jira.auditing.category.login", "jira.auditing.user.logged.out", CoverageLevel.FULL);

    @VisibleForTesting
    static final AuditType USER_FORGOT_PASSWORD = AuditEntitiesUtils.newAuditType(CoverageArea.SECURITY, "jira.auditing.category.security", "jira.auditing.user.forgot.password", CoverageLevel.ADVANCED);

    @VisibleForTesting
    static final AuditType USER_FORGOT_USERNAME = AuditEntitiesUtils.newAuditType(CoverageArea.SECURITY, "jira.auditing.category.security", "jira.auditing.user.forgot.username", CoverageLevel.ADVANCED);

    @VisibleForTesting
    static final AuditType USER_CANNOT_CHANGE_PASSWORD = AuditEntitiesUtils.newAuditType(CoverageArea.SECURITY, "jira.auditing.category.security", "jira.auditing.user.cannot.change.password", CoverageLevel.ADVANCED);

    @VisibleForTesting
    static final AuditType USER_RENAMED = AuditEntitiesUtils.newAuditType(CoverageArea.USER_MANAGEMENT, "jira.auditing.category.usermanagement", "jira.auditing.user.renamed", CoverageLevel.BASE);

    @VisibleForTesting
    static final String UNKNOWN_USERNAME_KEY = "jira.auditing.user.not.known.username";

    @VisibleForTesting
    static final String EMAIL_WORD_KEY = "common.words.email";

    @VisibleForTesting
    static final String AUTHENTICATION_DENIED_KEY = "jira.auditing.user.login.failed.authentication.denied";

    @VisibleForTesting
    static final String AUTHENTICATION_FAILED_KEY = "jira.auditing.user.login.failed.authentication.failed";

    @VisibleForTesting
    static final String AUTHORISATION_FAILED_KEY = "jira.auditing.user.login.failed.authorisation.failed";

    @VisibleForTesting
    static final String REASON_UNKNOWN_KEY = "jira.auditing.user.login.failed.reason.unknown";

    @VisibleForTesting
    static final String LOGIN_FAILED_REASON_KEY = "jira.auditing.user.login.failed.reason";

    @VisibleForTesting
    static final String LOGIN_FAILED_COUNT_KEY = "jira.auditing.user.login.failed.count";

    @VisibleForTesting
    static final String ACCESSED_URL_KEY = "jira.auditing.user.login.failed.accessed.url";
    static final String UNKNOWN_LOGIN_COUNT_KEY = "jira.auditing.user.login.failed.unknown.login.count";
    private final UserKeyService userKeyService;
    private final I18nHelper.BeanFactory i18nBeanFactory;
    private final AuditService auditService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.atlassian.jira.auditing.handlers.UserEventHandlerImpl$1, reason: invalid class name */
    /* loaded from: input_file:com/atlassian/jira/auditing/handlers/UserEventHandlerImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$atlassian$jira$bc$security$login$LoginReason = new int[LoginReason.values().length];

        static {
            try {
                $SwitchMap$com$atlassian$jira$bc$security$login$LoginReason[LoginReason.AUTHENTICATION_DENIED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$atlassian$jira$bc$security$login$LoginReason[LoginReason.AUTHENTICATED_FAILED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$atlassian$jira$bc$security$login$LoginReason[LoginReason.AUTHORISATION_FAILED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public UserEventHandlerImpl(UserKeyService userKeyService, I18nHelper.BeanFactory beanFactory, AuditService auditService) {
        this.userKeyService = userKeyService;
        this.i18nBeanFactory = beanFactory;
        this.auditService = auditService;
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    public Option<RecordRequest> onUserUpdatedEvent(UserUpdatedEvent userUpdatedEvent) {
        if (userUpdatedEvent instanceof AutoUserUpdatedEvent) {
            return onAutoUserUpdatedEvent((AutoUserUpdatedEvent) userUpdatedEvent);
        }
        if (userUpdatedEvent instanceof ResetPasswordEvent) {
            return Option.option(onResetPasswordEvent((ResetPasswordEvent) userUpdatedEvent));
        }
        if (userUpdatedEvent instanceof UserRenamedEvent) {
            return Option.none();
        }
        if ((userUpdatedEvent instanceof UserAttributeStoredEvent) || (userUpdatedEvent instanceof UserAttributeDeletedEvent)) {
            return Option.none();
        }
        if (userUpdatedEvent instanceof UserEditedEvent) {
            return onUserEditedEvent((UserEditedEvent) userUpdatedEvent);
        }
        if (userUpdatedEvent instanceof UserEmailChangedEvent) {
            return Option.none();
        }
        throw new RuntimeException("Unsupported event: " + userUpdatedEvent.getClass().getName());
    }

    private Option<RecordRequest> onAutoUserUpdatedEvent(AutoUserUpdatedEvent autoUserUpdatedEvent) {
        return userUpdated(autoUserUpdatedEvent.getOriginalUser(), autoUserUpdatedEvent.getUser());
    }

    private Option<RecordRequest> onUserEditedEvent(UserEditedEvent userEditedEvent) {
        return userUpdated(userEditedEvent.getOriginalUser(), userEditedEvent.getUser());
    }

    private Option<RecordRequest> userUpdated(User user, User user2) {
        return HandlerUtils.requestIfThereAreAnyValues(buildChangedValues(user, user2), list -> {
            return new RecordRequest(AuditingCategory.USER_MANAGEMENT, "jira.auditing.user.updated").withActionI18nKey("jira.auditing.user.updated").withChangedValues(list).forObject(new AffectedUser(user2));
        });
    }

    private RecordRequest onResetPasswordEvent(ResetPasswordEvent resetPasswordEvent) {
        return new RecordRequest(AuditingCategory.USER_MANAGEMENT, "jira.auditing.user.password.reset").withActionI18nKey("jira.auditing.user.password.reset").forObject(new AffectedUser(resetPasswordEvent.getUser()));
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    @ThrowSafe
    public void onUserRenamedEvent(com.atlassian.jira.event.user.UserRenamedEvent userRenamedEvent) {
        ApplicationUser userByName = ComponentAccessor.getUserManager().getUserByName(userRenamedEvent.getUsername());
        this.auditService.audit(AuditEvent.builder(USER_RENAMED).affectedObject(userByName == null ? AuditResources.unknownUserFrom(userRenamedEvent.getUsername()) : AuditResources.from(userByName)).changedValue(AuditEntitiesUtils.newChangedValue("common.words.username", userRenamedEvent.getOldUserName(), userRenamedEvent.getUsername())).build());
    }

    private List<ChangedValue> buildChangedValues(User user, User user2) {
        ChangedValuesBuilder changedValuesBuilder = new ChangedValuesBuilder();
        changedValuesBuilder.addIfDifferent("common.words.username", user == null ? null : user.getName(), user2.getName()).addIfDifferent("common.words.fullname", user == null ? null : user.getDisplayName(), user2.getDisplayName()).addIfDifferent(EMAIL_WORD_KEY, user == null ? null : user.getEmailAddress(), user2.getEmailAddress()).addIfDifferent("admin.common.phrases.active.inactive", user == null ? null : stringBooleanToActiveInactive(Boolean.valueOf(user.isActive())), stringBooleanToActiveInactive(Boolean.valueOf(user2.isActive())));
        return changedValuesBuilder.build();
    }

    public static String stringBooleanToActiveInactive(Boolean bool) {
        return bool == null ? UpdateIssueFieldFunction.UNASSIGNED_VALUE : bool.equals(Boolean.TRUE) ? "Active" : "Inactive";
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    public RecordRequest onUserCreatedEvent(UserCreatedEvent userCreatedEvent) {
        User user = userCreatedEvent.getUser();
        return new RecordRequest(AuditingCategory.USER_MANAGEMENT, "jira.auditing.user.created").withActionI18nKey("jira.auditing.user.created").withChangedValues(buildChangedValues(user)).forObject(new AffectedUser(user));
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    public Option<RecordRequest> onUserDeletedEvent(UserDeletedEvent userDeletedEvent) {
        return Option.none();
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    public RecordRequest onUserCredentialUpdatedEvent(UserCredentialUpdatedEvent userCredentialUpdatedEvent) {
        return new RecordRequest(AuditingCategory.USER_MANAGEMENT, "jira.auditing.user.password.changed").withActionI18nKey("jira.auditing.user.password.changed").forObject(new AffectedUser(userCredentialUpdatedEvent.getUsername(), ComponentAccessor.getUserKeyService().getKeyForUsername(userCredentialUpdatedEvent.getUsername()), userCredentialUpdatedEvent.getDirectory()));
    }

    private List<ChangedValue> buildChangedValues(User user) {
        return buildChangedValues(null, user);
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    public RecordRequest onUserAnonymizationStartedEvent(UserAnonymizationStartedEvent userAnonymizationStartedEvent) {
        return new RecordRequest(AuditingCategory.USER_MANAGEMENT, "jira.auditing.user.anonymization.started").withActionI18nKey("jira.auditing.user.anonymization.started").withDescription(getI18n().getText("jira.auditing.user.anonymization.started.description", userAnonymizationStartedEvent.getUserName(), userAnonymizationStartedEvent.getUserKey())).forObject(new AffectedUser(userAnonymizationStartedEvent.getUserName(), userAnonymizationStartedEvent.getUserKey(), null));
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    public RecordRequest onUserAnonymizationFinishedEvent(UserAnonymizationFinishedEvent userAnonymizationFinishedEvent) {
        String str = UpdateIssueFieldFunction.UNASSIGNED_VALUE;
        if (userAnonymizationFinishedEvent.isReRun()) {
            str = " " + getI18n().getText("jira.auditing.user.anonymized.rerun.description", (String) Optional.ofNullable(userAnonymizationFinishedEvent.getReRunUserKey()).orElse("-"), (String) Optional.ofNullable(userAnonymizationFinishedEvent.getReRunUserName()).orElse("-"));
        }
        RecordRequest forObject = new RecordRequest(AuditingCategory.USER_MANAGEMENT, "jira.auditing.user.anonymized").withActionI18nKey("jira.auditing.user.anonymized").withDescription(getI18n().getText("jira.auditing.user.anonymized.description", userAnonymizationFinishedEvent.getUserName(), userAnonymizationFinishedEvent.getOldUserName(), userAnonymizationFinishedEvent.getUserKey(), userAnonymizationFinishedEvent.getOldUserKey()) + str).forObject(new AffectedUser(userAnonymizationFinishedEvent.getUserName(), userAnonymizationFinishedEvent.getUserKey(), null));
        if (!Objects.equals(userAnonymizationFinishedEvent.getUserName(), userAnonymizationFinishedEvent.getOldUserName())) {
            forObject.withAssociatedItems(new AssociatedItem[]{new AffectedUser(userAnonymizationFinishedEvent.getOldUserName(), userAnonymizationFinishedEvent.getOldUserKey(), null)});
        }
        return forObject;
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    public RecordRequest onUserKeyChangedEvent(UserKeyChangedEvent userKeyChangedEvent) {
        String usernameForKey = this.userKeyService.getUsernameForKey(userKeyChangedEvent.getNewUserKey());
        RecordRequest withChangedValues = new RecordRequest(AuditingCategory.USER_MANAGEMENT, "jira.auditing.user.key.changed").withActionI18nKey("jira.auditing.user.key.changed").withChangedValues(new ChangedValuesBuilder().add("common.words.key", userKeyChangedEvent.getOldUserKey(), userKeyChangedEvent.getNewUserKey()).build());
        if (usernameForKey != null) {
            withChangedValues.forObject(new AffectedUser(usernameForKey, userKeyChangedEvent.getNewUserKey(), null));
            if (!Objects.equals(userKeyChangedEvent.getOldUserKey(), userKeyChangedEvent.getNewUserKey())) {
                withChangedValues.withAssociatedItems(new AssociatedItem[]{new AffectedUser(usernameForKey, userKeyChangedEvent.getOldUserKey(), null)});
            }
        }
        return withChangedValues;
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    @ThrowSafe
    public void onUserLoggedIn(LoginEvent loginEvent) {
        this.auditService.audit(AuditEvent.builder(USER_LOGGED_IN).affectedObject(AuditResources.from(loginEvent.getUser())).build());
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    @ThrowSafe
    public void onUserLoginFailed(LoginFailedEvent loginFailedEvent) {
        ArrayList newArrayList = Lists.newArrayList(new AuditAttribute[]{getFailedLoginCountAttribute(loginFailedEvent), getFailedLoginReasonAttribute(loginFailedEvent)});
        loginFailedEvent.getUrl().ifPresent(str -> {
            if (StringUtils.isNotBlank(str)) {
                newArrayList.add(AuditEntitiesUtils.newAuditAttribute(ACCESSED_URL_KEY, str));
            }
        });
        this.auditService.audit(AuditEvent.builder(USER_LOGIN_FAILED).affectedObject(AuditResources.from(loginFailedEvent.getUser())).extraAttributes(newArrayList).build());
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    @ThrowSafe
    public void onUserLoggedOut(@Nonnull ApplicationUser applicationUser) {
        this.auditService.audit(AuditEvent.builder(USER_LOGGED_OUT).affectedObject(AuditResources.from(applicationUser)).build());
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    @ThrowSafe
    public void onUnknownUserLoggedOut(@Nonnull String str) {
        this.auditService.audit(AuditEvent.builder(USER_LOGGED_OUT).affectedObject(AuditResource.builder(str, AssociatedItem.Type.UNKNOWN_USER.name()).build()).build());
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    @ThrowSafe
    public void onUnknownUserLoginFailed(@Nonnull String str) {
        this.auditService.audit(AuditEvent.builder(USER_LOGIN_FAILED).extraAttribute(AuditEntitiesUtils.newAuditAttribute(LOGIN_FAILED_REASON_KEY, getI18n().getText("jira.auditing.user.login.failed.unknown.failed"))).affectedObject(AuditResource.builder(str, AssociatedItem.Type.UNKNOWN_USER.name()).build()).build());
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    @ThrowSafe
    public void onForgotPasswordEvent(ForgotPasswordEvent forgotPasswordEvent) {
        this.auditService.audit(AuditEvent.builder(USER_FORGOT_PASSWORD).affectedObject(getAffectedUserResource(forgotPasswordEvent, () -> {
            return getUsername(forgotPasswordEvent);
        })).build());
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    @ThrowSafe
    public void onForgotUsernameEvent(ForgotUsernameEvent forgotUsernameEvent) {
        AuditResource affectedUserResource = getAffectedUserResource(forgotUsernameEvent, this::getUnknownUsername);
        String orElse = getStringParam(forgotUsernameEvent, "email").orElse(UpdateIssueFieldFunction.UNASSIGNED_VALUE);
        AuditEvent.Builder affectedObject = AuditEvent.builder(USER_FORGOT_USERNAME).affectedObject(affectedUserResource);
        if (forgotUsernameEvent.getUser() == null) {
            affectedObject.extraAttribute(AuditEntitiesUtils.newAuditAttribute(EMAIL_WORD_KEY, orElse));
        }
        this.auditService.audit(affectedObject.build());
    }

    @Override // com.atlassian.jira.auditing.handlers.UserEventHandler
    @ThrowSafe
    public void onCannotChangePasswordEvent(CannotChangePasswordEvent cannotChangePasswordEvent) {
        this.auditService.audit(AuditEvent.builder(USER_CANNOT_CHANGE_PASSWORD).affectedObject(AuditResources.from(cannotChangePasswordEvent.getUser())).build());
    }

    @Nonnull
    private AuditResource getAffectedUserResource(@Nonnull UserEvent userEvent, Supplier<String> supplier) {
        return userEvent.getUser() == null ? AuditResources.unknownUserFrom(supplier.get()) : AuditResources.from(userEvent.getUser());
    }

    @Nonnull
    private AuditAttribute getFailedLoginReasonAttribute(@Nonnull LoginFailedEvent loginFailedEvent) {
        String str;
        switch (AnonymousClass1.$SwitchMap$com$atlassian$jira$bc$security$login$LoginReason[loginFailedEvent.getLoginReason().ordinal()]) {
            case 1:
                str = AUTHENTICATION_DENIED_KEY;
                break;
            case 2:
                str = AUTHENTICATION_FAILED_KEY;
                break;
            case 3:
                str = AUTHORISATION_FAILED_KEY;
                break;
            default:
                str = REASON_UNKNOWN_KEY;
                break;
        }
        return AuditEntitiesUtils.newAuditAttribute(LOGIN_FAILED_REASON_KEY, getI18n().getText(str));
    }

    @Nonnull
    private AuditAttribute getFailedLoginCountAttribute(@Nonnull LoginFailedEvent loginFailedEvent) {
        return AuditEntitiesUtils.newAuditAttribute(LOGIN_FAILED_COUNT_KEY, (String) Optional.ofNullable(loginFailedEvent.getLoginInfo().getCurrentFailedLoginCount()).map((v0) -> {
            return Objects.toString(v0);
        }).orElse(getI18n().getText(UNKNOWN_LOGIN_COUNT_KEY)));
    }

    @Nonnull
    private String getUsername(UserEvent userEvent) {
        return getStringParam(userEvent, "username").orElseGet(this::getUnknownUsername);
    }

    @Nonnull
    private String getUnknownUsername() {
        return getI18n().getText(UNKNOWN_USERNAME_KEY);
    }

    @Nonnull
    private static Optional<String> getStringParam(@Nonnull UserEvent userEvent, String str) {
        Object obj = userEvent.getParams().get(str);
        if (obj instanceof String) {
            return Optional.of((String) obj);
        }
        LOG.debug("Missing or unexpected value for the '{}' parameter value.", str);
        return Optional.empty();
    }

    private I18nHelper getI18n() {
        return this.i18nBeanFactory.getInstance(Locale.ENGLISH);
    }
}
