package com.atlassian.crowd.directory;

import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.embedded.impl.IdentifierMap;
import com.atlassian.crowd.embedded.impl.IdentifierSet;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.crowd.embedded.spi.DirectoryDao;
import com.atlassian.crowd.event.group.AutoGroupCreatedEvent;
import com.atlassian.crowd.event.group.AutoGroupMembershipCreatedEvent;
import com.atlassian.crowd.event.group.AutoGroupMembershipDeletedEvent;
import com.atlassian.crowd.event.user.AutoUserCreatedEvent;
import com.atlassian.crowd.event.user.AutoUserUpdatedEvent;
import com.atlassian.crowd.event.user.UserRenamedEvent;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.InvalidGroupException;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.OperationNotSupportedException;
import com.atlassian.crowd.exception.UserAlreadyExistsException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.model.DirectoryEntities;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupTemplate;
import com.atlassian.crowd.model.group.InternalDirectoryGroup;
import com.atlassian.crowd.model.membership.MembershipType;
import com.atlassian.crowd.model.user.ImmutableUser;
import com.atlassian.crowd.model.user.TimestampedUser;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.crowd.model.user.UserTemplateWithAttributes;
import com.atlassian.crowd.model.user.UserWithAttributes;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.search.builder.Restriction;
import com.atlassian.crowd.search.query.entity.restriction.constants.GroupTermKeys;
import com.atlassian.crowd.search.query.membership.MembershipQuery;
import com.atlassian.crowd.util.BatchResult;
import com.atlassian.event.api.EventPublisher;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.ListMultimap;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.google.common.collect.UnmodifiableIterator;
import java.util.Collection;
import java.util.Collections;
import java.util.ConcurrentModificationException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/directory/DelegatedAuthenticationDirectory.class */
public class DelegatedAuthenticationDirectory extends AbstractForwardingDirectory implements RemoteDirectory, MultiValuesQueriesSupport {
    private static final Logger logger = LoggerFactory.getLogger(DelegatedAuthenticationDirectory.class);
    public static final String ATTRIBUTE_CREATE_USER_ON_AUTH = "crowd.delegated.directory.auto.create.user";
    public static final String ATTRIBUTE_UPDATE_USER_ON_AUTH = "crowd.delegated.directory.auto.update.user";
    public static final String ATTRIBUTE_LDAP_DIRECTORY_CLASS = "crowd.delegated.directory.type";
    public static final String ATTRIBUTE_KEY_IMPORT_GROUPS = "crowd.delegated.directory.importGroups";
    private final RemoteDirectory ldapDirectory;
    private final InternalRemoteDirectory internalDirectory;
    private final EventPublisher eventPublisher;
    private final DirectoryDao directoryDao;

    public DelegatedAuthenticationDirectory(RemoteDirectory remoteDirectory, InternalRemoteDirectory internalRemoteDirectory, EventPublisher eventPublisher, DirectoryDao directoryDao) {
        this.ldapDirectory = remoteDirectory;
        this.internalDirectory = internalRemoteDirectory;
        this.eventPublisher = eventPublisher;
        this.directoryDao = directoryDao;
    }

    @Override // com.atlassian.crowd.directory.AbstractForwardingDirectory
    public void setDirectoryId(long j) {
        throw new UnsupportedOperationException("You cannot mutate the directoryID of " + getClass().getName());
    }

    @Override // com.atlassian.crowd.directory.AbstractForwardingDirectory
    public String getDescriptiveName() {
        return "Delegated authentication directory";
    }

    @Override // com.atlassian.crowd.directory.AbstractForwardingDirectory
    public void setAttributes(Map<String, String> map) {
        throw new UnsupportedOperationException("You cannot mutate the attributes of " + getClass().getName());
    }

    @Override // com.atlassian.crowd.directory.AbstractForwardingDirectory
    public User authenticate(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException {
        User authenticateAndUpdateOrCreate;
        if (isUserCreateOnAuthEnabled() || isUserUpdateOnAuthEnabled()) {
            authenticateAndUpdateOrCreate = authenticateAndUpdateOrCreate(str, passwordCredential);
        } else {
            authenticateAndUpdateOrCreate = findUserByName(str);
            if (!authenticateAndUpdateOrCreate.isActive()) {
                throw new InactiveAccountException(authenticateAndUpdateOrCreate.getName());
            }
            User authenticate = this.ldapDirectory.authenticate(str, passwordCredential);
            if (isImportGroupsEnabled()) {
                updateGroups(authenticate, authenticateAndUpdateOrCreate);
            }
        }
        updateAttributesAfterAuth(authenticateAndUpdateOrCreate);
        return authenticateAndUpdateOrCreate;
    }

    public User userAuthenticated(String str) throws OperationFailedException, UserNotFoundException, InactiveAccountException {
        User userAuthenticated = super.userAuthenticated(str);
        updateAttributesAfterAuth(userAuthenticated);
        return userAuthenticated;
    }

    private void updateAttributesAfterAuth(User user) throws OperationFailedException, UserNotFoundException {
        HashMap hashMap = new HashMap();
        hashMap.put("lastAuthenticated", Collections.singleton(Long.toString(System.currentTimeMillis())));
        this.internalDirectory.storeUserAttributes(user.getName(), hashMap);
    }

    private User authenticateAndUpdateOrCreate(String str, PasswordCredential passwordCredential) throws InactiveAccountException, ExpiredCredentialException, OperationFailedException, InvalidAuthenticationException, UserNotFoundException {
        User updateUserFromRemoteDirectory = updateUserFromRemoteDirectory(this.ldapDirectory.authenticate(str, passwordCredential));
        if (updateUserFromRemoteDirectory.isActive()) {
            return updateUserFromRemoteDirectory;
        }
        throw new InactiveAccountException(str);
    }

    @Override // com.atlassian.crowd.directory.AbstractForwardingDirectory
    public User updateUserFromRemoteDirectory(@Nonnull User user) throws OperationFailedException, UserNotFoundException {
        boolean z = true;
        User findLocalUserByExternalId = findLocalUserByExternalId(user.getExternalId());
        if (findLocalUserByExternalId != null && !IdentifierUtils.equalsInLowerCase(findLocalUserByExternalId.getName(), user.getName())) {
            if (isUserUpdateOnAuthEnabled()) {
                try {
                    Directory findById = this.directoryDao.findById(user.getDirectoryId());
                    String name = findLocalUserByExternalId.getName();
                    findLocalUserByExternalId = this.internalDirectory.forceRenameUser(findLocalUserByExternalId, user.getName());
                    this.eventPublisher.publish(new UserRenamedEvent(this, findById, findLocalUserByExternalId, name));
                } catch (DirectoryNotFoundException e) {
                    throw new OperationFailedException("Invalid directory: directory " + user.getDirectoryId() + " not found", e);
                } catch (UserNotFoundException e2) {
                    throw new ConcurrentModificationException("Unable to rename '" + findLocalUserByExternalId.getName() + "' to new name '" + user.getName() + "' during login.");
                }
            } else {
                findLocalUserByExternalId = null;
            }
        }
        if (findLocalUserByExternalId == null) {
            try {
                findLocalUserByExternalId = this.internalDirectory.findUserByName(user.getName());
                if (StringUtils.isNotBlank(findLocalUserByExternalId.getExternalId()) && !findLocalUserByExternalId.getExternalId().equals(user.getExternalId()) && isUserUpdateOnAuthEnabled() && isUserCreateOnAuthEnabled()) {
                    try {
                        Directory findById2 = this.directoryDao.findById(user.getDirectoryId());
                        User findUserByExternalId = this.ldapDirectory.findUserByExternalId(findLocalUserByExternalId.getExternalId());
                        this.eventPublisher.publish(new UserRenamedEvent(this, findById2, this.internalDirectory.forceRenameUser(findLocalUserByExternalId, findUserByExternalId.getName()), findLocalUserByExternalId.getName()));
                        findLocalUserByExternalId = createLdapUserInLocalCache(user.getName(), user);
                        z = false;
                    } catch (UserNotFoundException e3) {
                    } catch (DirectoryNotFoundException e4) {
                        throw new OperationFailedException("Invalid directory: directory " + user.getDirectoryId() + " not found", e4);
                    }
                }
            } catch (UserNotFoundException e5) {
                if (!isUserCreateOnAuthEnabled()) {
                    throw e5;
                }
                findLocalUserByExternalId = createLdapUserInLocalCache(user.getName(), user);
                z = false;
            }
        }
        if (z) {
            if (isUserUpdateOnAuthEnabled()) {
                findLocalUserByExternalId = updateLocalUserDetails(user, findLocalUserByExternalId);
            }
            if (isImportGroupsEnabled()) {
                updateGroups(user, findLocalUserByExternalId);
            }
        }
        return findLocalUserByExternalId;
    }

    private User createLdapUserInLocalCache(String str, User user) throws OperationFailedException {
        try {
            return addLdapUser(user);
        } catch (InvalidUserException e) {
            throw new OperationFailedException("Failed to clone LDAP user <" + str + "> to internal directory", e);
        } catch (UserAlreadyExistsException e2) {
            logger.info("User '{}' could not be found initially, but when cloning the user internally, user exists", str);
            try {
                return findUserByName(str);
            } catch (UserNotFoundException e3) {
                throw new ConcurrentModificationException("User '" + str + "' no longer exists.");
            }
        }
    }

    private User findLocalUserByExternalId(String str) {
        try {
            if (StringUtils.isNotBlank(str)) {
                return this.internalDirectory.findUserByExternalId(str);
            }
            return null;
        } catch (UserNotFoundException e) {
            return null;
        }
    }

    private void preventExternalIdDuplication(User user, User user2) throws OperationFailedException, InvalidUserException, DirectoryNotFoundException {
        if (StringUtils.isBlank(user.getExternalId()) || user.getExternalId().equals(user2.getExternalId())) {
            return;
        }
        try {
            TimestampedUser findUserByExternalId = this.internalDirectory.findUserByExternalId(user.getExternalId());
            if (findUserByExternalId != null) {
                removeExternalId(findUserByExternalId);
                logger.warn("Possible user unique id duplication, removing unique id: {} for user '{}'", user2.getExternalId(), user2.getName());
            }
        } catch (UserNotFoundException e) {
        }
    }

    public User addOrUpdateLdapUser(String str) throws UserNotFoundException, OperationFailedException {
        User findUserByName = this.ldapDirectory.findUserByName(str);
        try {
            TimestampedUser findUserByName2 = this.internalDirectory.findUserByName(str);
            User updateLocalUserDetails = updateLocalUserDetails(findUserByName, findUserByName2);
            if (isImportGroupsEnabled()) {
                updateGroups(findUserByName, findUserByName2);
            }
            return updateLocalUserDetails;
        } catch (UserNotFoundException e) {
            try {
                return addLdapUser(findUserByName);
            } catch (InvalidUserException e2) {
                throw new OperationFailedException(str, e2);
            } catch (UserAlreadyExistsException e3) {
                logger.info("User was added during the internal cloning process. Returning found user.");
                return findUserByName(str);
            }
        }
    }

    private User addLdapUser(User user) throws OperationFailedException, InvalidUserException, UserAlreadyExistsException {
        try {
            UserWithAttributes addUser = addUser(UserTemplateWithAttributes.toUserWithNoAttributes(user), (PasswordCredential) null);
            Directory findById = this.directoryDao.findById(addUser.getDirectoryId());
            this.eventPublisher.publish(new AutoUserCreatedEvent(this, findById, addUser));
            if (isImportGroupsEnabled()) {
                List groups = getGroups(user, this.ldapDirectory, String.class);
                importGroupsAndMemberships(user, findById, groups);
                if (supportsNestedGroups()) {
                    importGroupHierarchy(groups, findById);
                }
            }
            return addUser;
        } catch (InvalidCredentialException e) {
            throw new OperationFailedException("Could not create authenticated user <" + user.getName() + "> in underlying InternalDirectory: " + e.getMessage(), e);
        } catch (DirectoryNotFoundException e2) {
            throw new ConcurrentModificationException("Directory mapping was removed while cloning a user: " + e2.getMessage());
        }
    }

    private void importGroupsAndMemberships(User user, Directory directory, Collection<String> collection) throws OperationFailedException {
        IdentifierMap identifierMap = new IdentifierMap(Maps.uniqueIndex(getInternalGroups(collection), (v0) -> {
            return v0.getName();
        }));
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (String str : collection) {
            InternalDirectoryGroup internalDirectoryGroup = (InternalDirectoryGroup) identifierMap.get(str);
            if (internalDirectoryGroup == null) {
                hashSet2.add(str);
            } else if (internalDirectoryGroup.isLocal()) {
                logger.info("Remote group \"{}\" in directory \"{}\" is shadowed by a local group of the same name and will not be imported.", internalDirectoryGroup.getName(), getDescriptiveName());
            } else {
                hashSet.add(internalDirectoryGroup);
            }
        }
        if (!hashSet2.isEmpty()) {
            hashSet.addAll(importGroups(hashSet2, directory));
        }
        if (hashSet.isEmpty()) {
            return;
        }
        importMemberships(user.getName(), (Set) hashSet.stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet()), directory);
    }

    private Set<InternalDirectoryGroup> getInternalGroups(Collection<String> collection) throws OperationFailedException {
        return collection.isEmpty() ? ImmutableSet.of() : Sets.newHashSet(this.internalDirectory.searchGroups(QueryBuilder.queryFor(InternalDirectoryGroup.class, EntityDescriptor.group()).with(Restriction.on(GroupTermKeys.NAME).exactlyMatchingAny(collection)).returningAtMost(-1)));
    }

    private List<Group> importGroups(Set<String> set, Directory directory) {
        HashSet hashSet = new HashSet();
        set.forEach(str -> {
            GroupTemplate groupTemplate = new GroupTemplate(str, this.internalDirectory.getDirectoryId());
            groupTemplate.setLocal(false);
            hashSet.add(groupTemplate);
        });
        BatchResult addAllGroups = this.internalDirectory.addAllGroups(hashSet);
        addAllGroups.getSuccessfulEntities().forEach(group -> {
            logRemoteGroupImported(group.getName());
            this.eventPublisher.publish(new AutoGroupCreatedEvent(this, directory, group));
        });
        addAllGroups.getFailedEntities().forEach(group2 -> {
            logCouldNotImportRemoteGroup(group2.getName(), null);
        });
        return addAllGroups.getSuccessfulEntities();
    }

    private Group importGroup(String str, Directory directory) {
        try {
            GroupTemplate groupTemplate = new GroupTemplate(str, this.internalDirectory.getDirectoryId());
            groupTemplate.setLocal(false);
            Group addGroup = this.internalDirectory.addGroup(groupTemplate);
            logRemoteGroupImported(str);
            this.eventPublisher.publish(new AutoGroupCreatedEvent(this, directory, addGroup));
            return addGroup;
        } catch (Exception e) {
            logCouldNotImportRemoteGroup(str, e);
            return null;
        }
    }

    private void logRemoteGroupImported(String str) {
        logger.info("Imported remote group \"{}\" to directory \"{}\".", str, getDescriptiveName());
    }

    private void logCouldNotImportRemoteGroup(String str, Throwable th) {
        logger.error("Could not import remote group \"{}\" to directory \"{}\".", new Object[]{str, getDescriptiveName(), th});
    }

    private void importMemberships(String str, Set<String> set, Directory directory) throws OperationFailedException {
        try {
            BatchResult addUserToGroups = this.internalDirectory.addUserToGroups(str, set);
            addUserToGroups.getSuccessfulEntities().forEach(str2 -> {
                logger.info("Imported user \"{}\"'s membership of remote group \"{}\" to directory \"{}\".", new Object[]{str, str2, getDescriptiveName()});
                this.eventPublisher.publish(new AutoGroupMembershipCreatedEvent(this, directory, str, str2, MembershipType.GROUP_USER));
            });
            addUserToGroups.getFailedEntities().forEach(str3 -> {
                logger.error("Could not import user \"{}\"'s membership of remote group \"{}\" to directory \"{}\".", new Object[]{str, str3, getDescriptiveName()});
            });
        } catch (UserNotFoundException e) {
            throw new OperationFailedException(e);
        }
    }

    private void importGroupMembership(String str, String str2, Directory directory) {
        try {
            addGroupToGroup(str, str2);
            logger.info("Imported group \"{}\"'s membership of remote group \"{}\" to directory \"{}\".", new Object[]{str, str2, getDescriptiveName()});
            this.eventPublisher.publish(new AutoGroupMembershipCreatedEvent(this, directory, str, str2, MembershipType.GROUP_GROUP));
        } catch (Exception e) {
            logger.error("Could not import group \"{}\"'s membership of remote group \"{}\" to directory \"{}\".", new Object[]{str, str2, getDescriptiveName(), e});
        }
    }

    private void removeGroupMembership(String str, String str2, Directory directory) {
        try {
            removeGroupFromGroup(str, str2);
            logger.info("Removed group \"{}\"'s membership of remote group \"{}\" in directory \"{}\".", new Object[]{str, str2, getDescriptiveName()});
            this.eventPublisher.publish(new AutoGroupMembershipDeletedEvent(this, directory, str, str2, MembershipType.GROUP_GROUP));
        } catch (Exception e) {
            logger.error("Could not remove group \"{}\"'s membership of remote group \"{}\" in directory \"{}\".", new Object[]{str, str2, getDescriptiveName(), e});
        }
    }

    private User updateLocalUserDetails(User user, User user2) throws OperationFailedException {
        try {
            Directory findById = this.directoryDao.findById(user.getDirectoryId());
            UserTemplate userTemplate = new UserTemplate(user);
            userTemplate.setActive(user2.isActive());
            if (!user.getName().equals(user2.getName())) {
                try {
                    this.eventPublisher.publish(new UserRenamedEvent(this, findById, renameUser(user2.getName(), user.getName()), user2.getName()));
                } catch (UserAlreadyExistsException e) {
                    userTemplate.setName(user2.getName());
                    logger.warn("Remote username '{}' casing differs from local username '{}', but the username cannot be updated", user.getName(), user2.getName());
                }
            }
            preventExternalIdDuplication(user, user2);
            ImmutableUser from = ImmutableUser.from(user2);
            User updateUser = updateUser(userTemplate);
            this.eventPublisher.publish(new AutoUserUpdatedEvent(this, findById, updateUser, from));
            return updateUser;
        } catch (DirectoryNotFoundException e2) {
            throw new ConcurrentModificationException("Directory mapping was removed while cloning a user: " + e2.getMessage());
        } catch (UserNotFoundException e3) {
            throw new ConcurrentModificationException("User was removed during cloning process: " + e3.getMessage());
        } catch (InvalidUserException e4) {
            throw new OperationFailedException("Invalid user: unable to update user: '" + user.getName() + "' with data from LDAP", e4);
        }
    }

    private void removeExternalId(User user) throws UserNotFoundException, InvalidUserException, OperationFailedException, DirectoryNotFoundException {
        UserTemplate userTemplate = new UserTemplate(user);
        userTemplate.setExternalId((String) null);
        Directory findById = this.directoryDao.findById(user.getDirectoryId());
        updateUser(userTemplate);
        this.eventPublisher.publish(new AutoUserUpdatedEvent(this, findById, userTemplate, user));
    }

    private void updateGroups(User user, User user2) {
        try {
            Directory findById = this.directoryDao.findById(user.getDirectoryId());
            HashSet newHashSet = Sets.newHashSet(getGroups(user, this.ldapDirectory, String.class));
            ImmutableMap uniqueIndex = Maps.uniqueIndex(getGroups(user2, this.internalDirectory, InternalDirectoryGroup.class), DirectoryEntities.NAME_FUNCTION);
            Set keySet = uniqueIndex.keySet();
            for (String str : IdentifierSet.differenceWithOriginalCasing(keySet, newHashSet)) {
                if (!((InternalDirectoryGroup) uniqueIndex.get(str)).isLocal()) {
                    try {
                        removeUserFromGroup(user2.getName(), str);
                        this.eventPublisher.publish(new AutoGroupMembershipDeletedEvent(this, findById, user2.getName(), str, MembershipType.GROUP_USER));
                        logger.info("Deleted user \"{}\"'s imported membership of remote group \"{}\" to directory \"{}\".", new Object[]{user2.getName(), str, getDescriptiveName()});
                    } catch (Exception e) {
                        logger.error("Could not delete user \"{}\"'s imported membership of remote group \"{}\" to directory \"{}\".", new Object[]{user2.getName(), str, getDescriptiveName(), e});
                    }
                }
            }
            importGroupsAndMemberships(user2, findById, IdentifierSet.differenceWithOriginalCasing(newHashSet, keySet));
            if (supportsNestedGroups()) {
                importGroupHierarchy(newHashSet, findById);
            }
        } catch (Exception e2) {
            logger.error("Could not update remote group imported memberships of user \"{}\" in directory \"{}\".", new Object[]{user2.getName(), getDescriptiveName(), e2});
        } catch (DirectoryNotFoundException e3) {
            throw new ConcurrentModificationException("Directory mapping was removed while updating the groups of a user " + e3.getMessage());
        }
    }

    private void importGroupHierarchy(Collection<String> collection, Directory directory) throws OperationFailedException {
        importGroupHierarchy(collection, directory, Collections.emptySet());
    }

    private void importGroupHierarchy(Collection<String> collection, Directory directory, Set<String> set) throws OperationFailedException {
        for (String str : collection) {
            if (!set.contains(str)) {
                Set<String> build = ImmutableSet.builder().addAll(set).add(str).build();
                MembershipQuery<String> directParentGroupsQuery = getDirectParentGroupsQuery(str);
                ImmutableSet copyOf = ImmutableSet.copyOf(this.ldapDirectory.searchGroupRelationships(directParentGroupsQuery));
                ImmutableSet copyOf2 = ImmutableSet.copyOf(this.internalDirectory.searchGroupRelationships(directParentGroupsQuery));
                UnmodifiableIterator it = Sets.difference(copyOf, copyOf2).iterator();
                while (it.hasNext()) {
                    String str2 = (String) it.next();
                    if (build.contains(str2)) {
                        logger.error("Importing remote group \"{}\"'s membership of remote group \"{}\" to directory \"{}\" would introduce a loop in the group hierarchy.", new Object[]{str, str2, getDescriptiveName()});
                    } else {
                        try {
                            InternalDirectoryGroup findGroupByName = this.internalDirectory.findGroupByName(str2);
                            if (findGroupByName.isLocal()) {
                                logger.info("Remote group \"{}\" in directory \"{}\" is shadowed by a local group of the same name and will not be imported.", findGroupByName.getName(), getDescriptiveName());
                            } else {
                                logger.debug("Remote group \"{}\" in directory \"{}\" has already been imported.", findGroupByName.getName(), getDescriptiveName());
                                importGroupMembership(str, str2, directory);
                            }
                        } catch (GroupNotFoundException e) {
                            importGroup(str2, directory);
                            importGroupMembership(str, str2, directory);
                        } catch (Exception e2) {
                            logger.error("Could not import group \"{}\"'s membership of remote group \"{}\" to directory \"{}\".", new Object[]{str, str2, getDescriptiveName(), e2});
                        }
                    }
                }
                UnmodifiableIterator it2 = Sets.difference(copyOf2, copyOf).iterator();
                while (it2.hasNext()) {
                    removeGroupMembership(str, (String) it2.next(), directory);
                }
                importGroupHierarchy(copyOf, directory, build);
            }
        }
    }

    private MembershipQuery<String> getDirectParentGroupsQuery(String str) {
        return QueryBuilder.queryFor(String.class, EntityDescriptor.group()).parentsOf(EntityDescriptor.group()).withName(str).returningAtMost(-1);
    }

    private <T> List<T> getGroups(User user, RemoteDirectory remoteDirectory, Class<T> cls) throws OperationFailedException {
        return remoteDirectory.searchGroupRelationships(QueryBuilder.queryFor(cls, EntityDescriptor.group()).parentsOf(EntityDescriptor.user()).withName(user.getName()).returningAtMost(-1));
    }

    @Override // com.atlassian.crowd.directory.AbstractForwardingDirectory
    public void updateUserCredential(String str, PasswordCredential passwordCredential) throws UserNotFoundException, InvalidCredentialException, OperationFailedException {
        throw new OperationNotSupportedException("Passwords are stored in LDAP and are read-only for delegated authentication directory");
    }

    @Override // com.atlassian.crowd.directory.AbstractForwardingDirectory
    public Group addGroup(GroupTemplate groupTemplate) throws InvalidGroupException, OperationFailedException {
        groupTemplate.setLocal(true);
        return super.addGroup(groupTemplate);
    }

    @Override // com.atlassian.crowd.directory.AbstractForwardingDirectory
    public void testConnection() throws OperationFailedException {
        this.ldapDirectory.testConnection();
    }

    @Override // com.atlassian.crowd.directory.AbstractForwardingDirectory
    public boolean supportsNestedGroups() {
        return this.ldapDirectory.supportsNestedGroups();
    }

    @Override // com.atlassian.crowd.directory.AbstractForwardingDirectory
    public boolean supportsPasswordExpiration() {
        return this.ldapDirectory.supportsPasswordExpiration();
    }

    @Override // com.atlassian.crowd.directory.AbstractForwardingDirectory
    public boolean supportsSettingEncryptedCredential() {
        return false;
    }

    @Override // com.atlassian.crowd.directory.AbstractForwardingDirectory
    public boolean isRolesDisabled() {
        return true;
    }

    @Override // com.atlassian.crowd.directory.AbstractForwardingDirectory
    public RemoteDirectory getAuthoritativeDirectory() {
        return this.ldapDirectory;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.AbstractForwardingDirectory
    /* renamed from: getDelegate, reason: merged with bridge method [inline-methods] */
    public InternalRemoteDirectory mo12getDelegate() {
        return this.internalDirectory;
    }

    private boolean isUserCreateOnAuthEnabled() {
        return Boolean.parseBoolean(getValue(ATTRIBUTE_CREATE_USER_ON_AUTH));
    }

    private boolean isUserUpdateOnAuthEnabled() {
        return Boolean.parseBoolean(getValue(ATTRIBUTE_UPDATE_USER_ON_AUTH));
    }

    private boolean isImportGroupsEnabled() {
        return Boolean.parseBoolean(getValue(ATTRIBUTE_KEY_IMPORT_GROUPS));
    }

    public <T> ListMultimap<String, T> searchGroupRelationshipsGroupedByName(MembershipQuery<T> membershipQuery) {
        return this.internalDirectory.searchGroupRelationshipsGroupedByName(membershipQuery);
    }
}
