package com.atlassian.jira.rest.v2.user.anonymization;

import com.atlassian.annotations.security.AdminOnly;
import com.atlassian.jira.cluster.ClusterManager;
import com.atlassian.jira.issue.fields.rest.json.beans.JiraBaseUrls;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.rest.api.http.CacheControl;
import com.atlassian.jira.rest.api.util.ErrorCollection;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.task.ProvidesTaskProgress;
import com.atlassian.jira.task.TaskDescriptor;
import com.atlassian.jira.task.TaskManager;
import com.atlassian.jira.task.TaskProgressSink;
import com.atlassian.jira.task.context.Context;
import com.atlassian.jira.task.context.Contexts;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.anonymize.AnonymizationParameters;
import com.atlassian.jira.user.anonymize.AnonymizationResult;
import com.atlassian.jira.user.anonymize.AnonymizeUserService;
import com.atlassian.jira.user.anonymize.AnonymizeUserTaskContext;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.jira.util.collect.FixedSized;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.Parameters;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.parameters.RequestBody;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Collection;
import java.util.Comparator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.Callable;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.ParametersAreNonnullByDefault;
import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;

@Path("user/anonymization")
@Consumes({"application/json"})
@AdminOnly
@Produces({"application/json"})
/* loaded from: input_file:com/atlassian/jira/rest/v2/user/anonymization/UserAnonymizationResource.class */
public class UserAnonymizationResource {
    private static final Logger log = Logger.getLogger(UserAnonymizationResource.class);
    public static final String EXPAND_AFFECTED_ENTITIES = "affectedEntities";
    private final AnonymizeUserService anonymizeUserService;
    private final JiraAuthenticationContext authenticationContext;
    private final GlobalPermissionManager globalPermissionManager;
    private final JiraBaseUrls jiraBaseUrls;
    private final UserManager userManager;
    private final TaskManager taskManager;
    private final ClusterManager clusterManager;
    private final I18nHelper i18n;

    /* JADX INFO: Access modifiers changed from: private */
    @ParametersAreNonnullByDefault
    /* loaded from: input_file:com/atlassian/jira/rest/v2/user/anonymization/UserAnonymizationResource$AnonymizeUserCommand.class */
    public class AnonymizeUserCommand implements Callable<AnonymizationResult>, ProvidesTaskProgress {
        private static final String ANONYMIZATION_PERCENTAGE = "rest.user.anonymize.percent.complete";
        private static final String ANONYMIZATION_CURRENT_TASK = "rest.user.anonymize.current.task";
        private final AnonymizationParameters anonymizationParameters;
        private volatile TaskProgressSink taskProgressSink;

        private AnonymizeUserCommand(AnonymizationParameters anonymizationParameters) {
            this.anonymizationParameters = anonymizationParameters;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public AnonymizationResult call() throws Exception {
            AnonymizeUserService.AnonymizeValidationResult validateAnonymize = UserAnonymizationResource.this.anonymizeUserService.validateAnonymize(this.anonymizationParameters);
            if (validateAnonymize.isValid()) {
                return AnonymizationResult.from(validateAnonymize, UserAnonymizationResource.this.anonymizeUserService.perform(validateAnonymize, createContext(UserAnonymizationResource.this.anonymizeUserService.getStepCount(validateAnonymize))));
            }
            UserAnonymizationResource.log.info(String.format("User anonymization of user with key '%s' rejected due to a failed validation", this.anonymizationParameters.getUserKey()));
            return AnonymizationResult.from(validateAnonymize);
        }

        public void setTaskProgressSink(TaskProgressSink taskProgressSink) {
            this.taskProgressSink = taskProgressSink;
        }

        private Context createContext(int i) {
            if (this.taskProgressSink != null) {
                return Contexts.builder().progress(this.taskProgressSink, UserAnonymizationResource.this.i18n, ANONYMIZATION_PERCENTAGE, ANONYMIZATION_CURRENT_TASK).sized(new FixedSized(i)).build();
            }
            UserAnonymizationResource.log.warn("User anonymization is being started without the ability to report progress of sub-tasks.");
            return Contexts.nullContext();
        }
    }

    @Inject
    UserAnonymizationResource(@ComponentImport AnonymizeUserService anonymizeUserService, JiraAuthenticationContext jiraAuthenticationContext, GlobalPermissionManager globalPermissionManager, JiraBaseUrls jiraBaseUrls, UserManager userManager, TaskManager taskManager, ClusterManager clusterManager, I18nHelper i18nHelper) {
        this.anonymizeUserService = anonymizeUserService;
        this.authenticationContext = jiraAuthenticationContext;
        this.globalPermissionManager = globalPermissionManager;
        this.jiraBaseUrls = jiraBaseUrls;
        this.userManager = userManager;
        this.taskManager = taskManager;
        this.clusterManager = clusterManager;
        this.i18n = i18nHelper;
    }

    @GET
    @Operation(summary = "Get validation for user anonymization", description = "Validates user anonymization process.")
    @Parameters({@Parameter(name = "userKey", description = "The key of the user to validate anonymization for.", required = true), @Parameter(name = "expand", description = "Parameter used to include parts of the response.")})
    @ApiResponses({@ApiResponse(description = "Returned when validation succeeded.", responseCode = "200"), @ApiResponse(description = "Returned if a mandatory parameter was not provided or validation failed.", responseCode = "400"), @ApiResponse(description = "Returned if the logged-in user cannot anonymize users.", responseCode = "403")})
    public Response validateUserAnonymization(@QueryParam("userKey") String str, @QueryParam("expand") String str2) {
        return validateUserAnonymization(str, false, null, null, expandAffectedEntities(str2));
    }

    @GET
    @Path("/rerun")
    @Operation(summary = "Get validation for user anonymization rerun", description = "Validates user anonymization re-run process.")
    @Parameters({@Parameter(name = "userKey", description = "The key of the user to validate anonymization for.", required = true), @Parameter(name = "oldUserKey", description = "User key before anonymization, only needed when current value is anonymized. If there is no old key, e.g. because the user was already created using the new key generation strategy, provide a value equal to the current key."), @Parameter(name = "oldUserName", description = "User name before anonymization, only needed when the current value is anonymized. If there is no old name, provide a value equal to the current name."), @Parameter(name = "expand", description = "Parameter used to include parts of the response.")})
    @ApiResponses({@ApiResponse(description = "Returned when validation succeeded.", responseCode = "200", content = {@Content(schema = @Schema(implementation = UserAnonymizationValidationBean.class))}), @ApiResponse(description = "Returned if a mandatory parameter was not provided or validation failed.", responseCode = "400"), @ApiResponse(description = "Returned if the logged-in user cannot anonymize users.", responseCode = "403")})
    public Response validateUserAnonymizationRerun(@QueryParam("userKey") String str, @QueryParam("oldUserKey") String str2, @QueryParam("oldUserName") String str3, @QueryParam("expand") String str4) {
        return validateUserAnonymization(str, true, str2, str3, expandAffectedEntities(str4));
    }

    private boolean expandAffectedEntities(String str) {
        return EXPAND_AFFECTED_ENTITIES.equals(str);
    }

    private Response validateUserAnonymization(@Nullable String str, boolean z, @Nullable String str2, @Nullable String str3, boolean z2) {
        if (!this.globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, this.authenticationContext.getLoggedInUser())) {
            return Response.status(Response.Status.FORBIDDEN).entity(ErrorCollection.of(this.i18n.getText("rest.user.anonymize.forbidden"))).build();
        }
        if (StringUtils.isBlank(str)) {
            return missingParametersResponse(ImmutableList.of("userKey"));
        }
        UserAnonymizationValidationBean from = UserAnonymizationValidationBean.from(this.anonymizeUserService.preValidateAnonymize(AnonymizationParameters.builder().executor(this.authenticationContext.getLoggedInUser()).targetUser(str).rerunPluginPoints(z).oldUserKey(str2).oldUserName(str3).getAffectedEntities(z2).build()), this.i18n);
        return from.isSuccess() ? Response.status(Response.Status.OK).entity(from).cacheControl(CacheControl.never()).build() : Response.status(Response.Status.BAD_REQUEST).entity(from).cacheControl(CacheControl.never()).build();
    }

    @Operation(summary = "Schedule user anonymization", description = "Schedules a user anonymization process. Requires system admin permission.")
    @POST
    @RequestBody(description = "JSON containing parameters to schedule the anonymization process with", required = true, content = {@Content(schema = @Schema(implementation = UserAnonymizationRequestBean.class), mediaType = "application/json")})
    @ApiResponses({@ApiResponse(description = "Returned if the process was scheduled. Note that it can still fail the extended validation once its execution starts.", responseCode = "202"), @ApiResponse(description = "Returned if a mandatory parameter was not provided.", responseCode = "400"), @ApiResponse(description = "Returned if the logged-in user cannot anonymize users.", responseCode = "403"), @ApiResponse(description = "Returned if another user anonymization process is already in progress.", responseCode = "409")})
    public Response scheduleUserAnonymization(UserAnonymizationRequestBean userAnonymizationRequestBean) throws URISyntaxException {
        List<String> missingAnonymizationParameters = getMissingAnonymizationParameters(userAnonymizationRequestBean);
        return !missingAnonymizationParameters.isEmpty() ? missingParametersResponse(missingAnonymizationParameters) : scheduleUserAnonymization(AnonymizationParameters.builder().targetUser(userAnonymizationRequestBean.userKey).newOwnerKey(userAnonymizationRequestBean.newOwnerKey).rerunPluginPoints(false).getAffectedEntities(true).executor(this.authenticationContext.getLoggedInUser()).build());
    }

    @Path("/rerun")
    @Operation(summary = "Schedule user anonymization rerun", description = "Schedules a user anonymization process. Requires system admin permission.")
    @POST
    @RequestBody(description = "JSON containing parameters to schedule the anonymization process with", required = true, content = {@Content(schema = @Schema(implementation = UserAnonymizationRerunRequestBean.class), mediaType = "application/json")})
    @ApiResponses({@ApiResponse(description = "Returned if the process was scheduled. Note that it can still fail the extended validation once its execution starts.", responseCode = "202"), @ApiResponse(description = "Returned if a mandatory parameter was not provided.", responseCode = "400"), @ApiResponse(description = "Returned if the logged-in user cannot anonymize users.", responseCode = "403"), @ApiResponse(description = "Returned if another user anonymization process is already in progress.", responseCode = "409")})
    public Response scheduleUserAnonymizationRerun(UserAnonymizationRerunRequestBean userAnonymizationRerunRequestBean) throws URISyntaxException {
        List<String> missingAnonymizationParameters = getMissingAnonymizationParameters(userAnonymizationRerunRequestBean);
        return !missingAnonymizationParameters.isEmpty() ? missingParametersResponse(missingAnonymizationParameters) : scheduleUserAnonymization(AnonymizationParameters.builder().targetUser(userAnonymizationRerunRequestBean.userKey).newOwnerKey(userAnonymizationRerunRequestBean.newOwnerKey).rerunPluginPoints(true).oldUserKey(userAnonymizationRerunRequestBean.oldUserKey).oldUserName(userAnonymizationRerunRequestBean.oldUserName).getAffectedEntities(true).executor(this.authenticationContext.getLoggedInUser()).build());
    }

    @Nonnull
    private List<String> getMissingAnonymizationParameters(UserAnonymizationRequestBean userAnonymizationRequestBean) {
        ImmutableList.Builder builder = ImmutableList.builder();
        if (StringUtils.isBlank(userAnonymizationRequestBean.userKey)) {
            builder.add("userKey");
        }
        if (StringUtils.isBlank(userAnonymizationRequestBean.newOwnerKey)) {
            builder.add("newOwnerKey");
        }
        return builder.build();
    }

    private Response scheduleUserAnonymization(@Nonnull AnonymizationParameters anonymizationParameters) throws URISyntaxException {
        if (!this.globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, this.authenticationContext.getLoggedInUser())) {
            return Response.status(Response.Status.FORBIDDEN).entity(ErrorCollection.of(this.i18n.getText("rest.user.anonymize.forbidden"))).build();
        }
        AnonymizeUserTaskContext createTaskContextFromParameters = createTaskContextFromParameters(anonymizationParameters);
        if (this.taskManager.hasLiveTaskWithContext(createTaskContextFromParameters)) {
            return Response.status(Response.Status.CONFLICT).entity(ErrorCollection.of(this.i18n.getText("rest.user.anonymize.already.running"))).build();
        }
        TaskDescriptor submitTask = this.taskManager.submitTask(new AnonymizeUserCommand(anonymizationParameters), this.i18n.getText("rest.user.anonymize.task"), createTaskContextFromParameters);
        return Response.status(Response.Status.ACCEPTED).location(new URI(this.jiraBaseUrls.baseUrl() + submitTask.getProgressURL())).entity(UserAnonymizationProgressBean.fromTaskDescriptor(submitTask)).cacheControl(CacheControl.never()).build();
    }

    @GET
    @Path("progress")
    @Operation(summary = "Get user anonymization progress", description = "Returns information about a user anonymization operation progress.")
    @Parameter(name = "taskId", description = "The id of a user anonymization task you wish to obtain details on.")
    @ApiResponses({@ApiResponse(description = "Returns a representation of the progress of the user anonymization operation.", responseCode = "200"), @ApiResponse(description = "Returned if the logged-in user cannot anonymize users.", responseCode = "403"), @ApiResponse(description = "Returned if there is no user anonymization task found.", responseCode = "404")})
    public Response getProgress(@QueryParam("taskId") long j) throws URISyntaxException {
        if (!this.globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, this.authenticationContext.getLoggedInUser())) {
            return Response.status(Response.Status.FORBIDDEN).entity(ErrorCollection.of(this.i18n.getText("rest.user.anonymize.progress.forbidden"))).build();
        }
        Optional<TaskDescriptor<?>> taskById = j > 0 ? getTaskById(j) : getLastTask();
        return !taskById.isPresent() ? taskNotFoundResponse() : taskProgressResponse(taskById.get());
    }

    @Path("unlock")
    @DELETE
    @Operation(summary = "Delete stale user anonymization task", description = "Removes stale user anonymization task, for scenarios when the node that was executing it is no longer alive. Use it only after making sure that the parent node of the task is actually down, and not just having connectivity issues.")
    @ApiResponses({@ApiResponse(description = "Returned when anonymization task has been successfully removed.", responseCode = "204"), @ApiResponse(description = "Returned if the logged-in user cannot remove anonymization tasks.", responseCode = "403"), @ApiResponse(description = "Returned if called when Jira is running in a non-clustered mode.", responseCode = "400"), @ApiResponse(description = "Returned if there is no user anonymization task found.", responseCode = "404"), @ApiResponse(description = "Returned if the node executing the anonymization is still running.", responseCode = "409")})
    public Response unlockAnonymization() {
        if (!this.globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, this.authenticationContext.getLoggedInUser())) {
            return Response.status(Response.Status.FORBIDDEN).entity(ErrorCollection.of(this.i18n.getText("rest.user.anonymize.unlock.forbidden"))).build();
        }
        if (!this.clusterManager.isClustered()) {
            return Response.status(Response.Status.BAD_REQUEST).entity(ErrorCollection.of(this.i18n.getText("rest.user.anonymize.unlock.non.clustered"))).build();
        }
        TaskDescriptor liveTask = this.taskManager.getLiveTask(AnonymizeUserTaskContext.EMPTY);
        if (liveTask == null) {
            return taskNotFoundResponse();
        }
        if (this.clusterManager.isNodeAlive(liveTask.getNodeId())) {
            return Response.status(Response.Status.CONFLICT).entity(ErrorCollection.of(this.i18n.getText("rest.user.anonymize.unlock.node.still.running", liveTask.getNodeId()))).build();
        }
        log.info(String.format("Cancelling user anonymization task '%s' from node '%s'", liveTask.getTaskId(), liveTask.getNodeId()));
        this.taskManager.removeTask(liveTask.getTaskId());
        return Response.status(Response.Status.NO_CONTENT).entity(ImmutableMap.of()).build();
    }

    @Nonnull
    private AnonymizeUserTaskContext createTaskContextFromParameters(@Nonnull AnonymizationParameters anonymizationParameters) {
        return shouldGetTaskContextWithOldUsernameUserkey(anonymizationParameters) ? createTaskContextWithOldUsernameUserkey(anonymizationParameters) : createRegularTaskContext(anonymizationParameters);
    }

    private boolean shouldGetTaskContextWithOldUsernameUserkey(@Nonnull AnonymizationParameters anonymizationParameters) {
        return anonymizationParameters.isRerunPluginPoints() && anonymizationParameters.getOldUserKey() != null;
    }

    private AnonymizeUserTaskContext createTaskContextWithOldUsernameUserkey(AnonymizationParameters anonymizationParameters) {
        ApplicationUser userByKeyEvenWhenUnknown = this.userManager.getUserByKeyEvenWhenUnknown(anonymizationParameters.getUserKey());
        Objects.requireNonNull(anonymizationParameters.getOldUserKey());
        return userByKeyEvenWhenUnknown == null ? new AnonymizeUserTaskContext(anonymizationParameters.getOldUserKey(), anonymizationParameters.getOldUserName(), true) : new AnonymizeUserTaskContext(anonymizationParameters.getOldUserKey(), anonymizationParameters.getOldUserName(), userByKeyEvenWhenUnknown.getDisplayName(), true);
    }

    private AnonymizeUserTaskContext createRegularTaskContext(AnonymizationParameters anonymizationParameters) {
        ApplicationUser userByKeyEvenWhenUnknown = this.userManager.getUserByKeyEvenWhenUnknown(anonymizationParameters.getUserKey());
        return userByKeyEvenWhenUnknown == null ? new AnonymizeUserTaskContext(anonymizationParameters.getUserKey(), anonymizationParameters.isRerunPluginPoints()) : new AnonymizeUserTaskContext(userByKeyEvenWhenUnknown.getKey(), userByKeyEvenWhenUnknown.getName(), userByKeyEvenWhenUnknown.getDisplayName(), anonymizationParameters.isRerunPluginPoints());
    }

    @Nonnull
    private Optional<TaskDescriptor<?>> getTaskById(long j) {
        TaskDescriptor task = this.taskManager.getTask(Long.valueOf(j));
        return (task == null || !(task.getTaskContext() instanceof AnonymizeUserTaskContext)) ? Optional.empty() : Optional.of(task);
    }

    @Nonnull
    private Optional<TaskDescriptor<?>> getLastTask() {
        return this.taskManager.findTasks(taskDescriptor -> {
            return taskDescriptor.getTaskContext() instanceof AnonymizeUserTaskContext;
        }).stream().max(Comparator.comparing((v0) -> {
            return v0.getTaskId();
        }));
    }

    @Nonnull
    private Response missingParametersResponse(@Nonnull List<String> list) {
        return Response.status(Response.Status.BAD_REQUEST).entity(ErrorCollection.of((Collection<String>) list.stream().map(str -> {
            return this.i18n.getText("rest.missing.parameter", str);
        }).collect(ImmutableList.toImmutableList()))).build();
    }

    @Nonnull
    private Response taskProgressResponse(@Nonnull TaskDescriptor<?> taskDescriptor) throws URISyntaxException {
        try {
            return Response.status(Response.Status.OK).location(new URI(this.jiraBaseUrls.baseUrl() + taskDescriptor.getProgressURL())).entity(UserAnonymizationProgressBean.fromTaskDescriptor(taskDescriptor, !this.clusterManager.isClustered() || this.clusterManager.isNodeAlive(taskDescriptor.getNodeId()))).cacheControl(CacheControl.never()).build();
        } catch (ClassCastException e) {
            return taskNotFoundResponse();
        }
    }

    @Nonnull
    private Response taskNotFoundResponse() {
        return Response.status(Response.Status.NOT_FOUND).entity(ErrorCollection.of(this.i18n.getText("rest.user.anonymize.progress.no.task.found"))).build();
    }
}
