package com.atlassian.jira.upgrade.tasks;

import com.atlassian.crowd.directory.DelegatedAuthenticationDirectory;
import com.atlassian.crowd.directory.GenericLDAP;
import com.atlassian.crowd.directory.InternalDirectory;
import com.atlassian.crowd.directory.RemoteCrowdDirectory;
import com.atlassian.crowd.directory.loader.LDAPDirectoryInstanceLoader;
import com.atlassian.crowd.embedded.api.CrowdDirectoryService;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.DirectoryType;
import com.atlassian.crowd.embedded.api.OperationType;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.embedded.ofbiz.OfBizDirectoryDao;
import com.atlassian.crowd.embedded.spi.DirectoryDao;
import com.atlassian.crowd.exception.DirectoryInstantiationException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.model.directory.DirectoryImpl;
import com.atlassian.jira.ComponentManager;
import com.atlassian.jira.config.properties.APKeys;
import com.atlassian.jira.config.properties.ApplicationProperties;
import com.atlassian.jira.ofbiz.FieldMap;
import com.atlassian.jira.portal.OfbizPortletConfigurationStore;
import com.atlassian.jira.upgrade.AbstractUpgradeTask;
import com.atlassian.jira.util.collect.CollectionBuilder;
import com.atlassian.jira.web.util.HelpUtil;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.io.InputStream;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.ofbiz.core.entity.GenericDelegator;
import org.ofbiz.core.entity.GenericEntityException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com/atlassian/jira/upgrade/tasks/UpgradeTask_Build601.class */
public class UpgradeTask_Build601 extends AbstractUpgradeTask {
    private static final String JIRA_OPTION_USER_PASSWORD_EXTERNALMGT = "jira.option.user.externalpasswordmanagement";
    private static final String DEFAULT_DIRECTORY = "JIRA Internal Directory";
    private static final String DELEGATING_DIRECTORY = "JIRA Delegated Authentication Directory";
    private static final String CROWD_DIRECTORY = "Remote Crowd Directory";
    private static final String APPLICATION_ENTITY_NAME = "Application";
    private static final String DIRECTORY_ENTITY_NAME = "Directory";
    private static final int INTERNAL_DIRECTORY_ID = 1;
    private static final int REMOTE_CROWD_DIRECTORY_ID = 2;
    private static final int DELEGATED_LDAP_DIRECTORY_ID = 3;
    private static final String DIRECTORY_OPERATION_ENTITY_NAME = "DirectoryOperation";
    private static final String DIRECTORY_ATTRIBUTE_ENTITY_NAME = "DirectoryAttribute";
    private final CrowdDirectoryService crowdDirectoryService;
    private final LDAPDirectoryInstanceLoader ldapDirectoryInstanceLoader;
    private final ApplicationProperties applicationProperties;
    private final String upgradeGuideUrl;
    private final String upgradeGuideTitle;
    private int ofbizProviderCount;
    private int crowdProviderCount;
    private int ldapProviderCount;
    private int unknownProviderCount;
    private List<String> providerList;
    private GenericDelegator genericDelegator;
    private static final String CROWD_EMBEDDED_APPLICATION = "crowd-embedded";
    private static final Logger log = Logger.getLogger(UpgradeTask_Build601.class);
    private static final Set<String> ofbizProviders = CollectionBuilder.newBuilder("com.atlassian.core.ofbiz.osuser.CoreOFBizCredentialsProvider", "com.atlassian.jira.user.osuser.JiraOFBizProfileProvider", "com.atlassian.jira.user.osuser.JiraOFBizAccessProvider", "com.opensymphony.user.provider.ofbiz.OFBizAccessProvider", "com.opensymphony.user.provider.ofbiz.OFBizProfileProvider", "com.opensymphony.user.provider.ofbiz.OFBizCredentialsProvider").asSet();
    private static final Set<String> crowdProviders = CollectionBuilder.newBuilder("com.atlassian.crowd.integration.osuser.CrowdCredentialsProvider", "com.atlassian.crowd.integration.osuser.CrowdAccessProvider", "com.atlassian.crowd.integration.osuser.DelegatingProfileProvider").asSet();
    private static final Set<String> ldapProviders = CollectionBuilder.newBuilder("com.opensymphony.user.provider.ldap.LDAPCredentialsProvider").asSet();

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/atlassian/jira/upgrade/tasks/UpgradeTask_Build601$CrowdServiceUrlBuilder.class */
    public static class CrowdServiceUrlBuilder {
        private String serviceUrlFromProperties;

        CrowdServiceUrlBuilder() {
        }

        CrowdServiceUrlBuilder setPropertiesUrlTo(String str) {
            this.serviceUrlFromProperties = str;
            return this;
        }

        String build() {
            return this.serviceUrlFromProperties.endsWith("/services/") ? StringUtils.removeEnd(this.serviceUrlFromProperties, "/services/") : StringUtils.removeEnd(this.serviceUrlFromProperties, "/services");
        }
    }

    public UpgradeTask_Build601(GenericDelegator genericDelegator, CrowdDirectoryService crowdDirectoryService, LDAPDirectoryInstanceLoader lDAPDirectoryInstanceLoader, ApplicationProperties applicationProperties) {
        super(false);
        this.genericDelegator = genericDelegator;
        this.crowdDirectoryService = crowdDirectoryService;
        this.ldapDirectoryInstanceLoader = lDAPDirectoryInstanceLoader;
        this.applicationProperties = applicationProperties;
        HelpUtil.HelpPath helpPath = HelpUtil.getInstance().getHelpPath("upgrading");
        this.upgradeGuideUrl = helpPath.getUrl();
        this.upgradeGuideTitle = helpPath.getTitle();
    }

    @Override // com.atlassian.jira.upgrade.AbstractUpgradeTask, com.atlassian.jira.upgrade.UpgradeTask
    public String getBuildNumber() {
        return "601";
    }

    @Override // com.atlassian.jira.upgrade.AbstractUpgradeTask, com.atlassian.jira.upgrade.UpgradeTask
    public String getShortDescription() {
        return "Migrate User Directory configuration";
    }

    @Override // com.atlassian.jira.upgrade.AbstractUpgradeTask, com.atlassian.jira.upgrade.UpgradeTask
    public void doUpgrade(boolean z) throws Exception {
        addJiraApplication();
        this.providerList = new ArrayList();
        this.ofbizProviderCount = 0;
        this.crowdProviderCount = 0;
        this.ldapProviderCount = 0;
        InputStream oSUserXmlStream = getOSUserXmlStream();
        if (validatePresentConfiguration(oSUserXmlStream)) {
            Document document = null;
            boolean z2 = false;
            boolean z3 = false;
            boolean z4 = false;
            if (oSUserXmlStream != null) {
                document = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(oSUserXmlStream);
                extractConfigurationTypes(document);
                log.info("The following OSUser providers have been detected in the osuser.xml file.");
                Iterator<String> it = this.providerList.iterator();
                while (it.hasNext()) {
                    log.info(it.next());
                }
                if (this.unknownProviderCount > 0) {
                    addError(getI18nBean().getText("admin.errors.upgrade.601.error.bad.providers", this.upgradeGuideUrl, this.upgradeGuideTitle));
                    return;
                }
                boolean z5 = false;
                if (this.ofbizProviderCount == 3 && this.crowdProviderCount == 0 && this.ldapProviderCount == 0) {
                    z5 = true;
                    z2 = true;
                } else if (this.ofbizProviderCount == 0 && this.crowdProviderCount == 3 && this.ldapProviderCount == 0) {
                    z5 = true;
                    z3 = true;
                } else if (this.ofbizProviderCount == 3 && this.crowdProviderCount == 0 && this.ldapProviderCount >= 1) {
                    z5 = true;
                    z4 = true;
                }
                if (!z5) {
                    addError(getI18nBean().getText("admin.errors.upgrade.601.error.bad.osuser.config", this.upgradeGuideUrl, this.upgradeGuideTitle));
                    return;
                }
                log.info("Migrating a valid User Directory configuration found in osuser.xml");
            } else {
                z2 = true;
            }
            if (z2) {
                createInternalDirectoryConfiguration(0);
            }
            if (z3) {
                removeAllDirectories();
                createRemoteCrowdDirectoryConfiguration(0);
                createInternalDirectoryConfiguration(1);
            }
            if (z4) {
                removeAllDirectories();
                createDelegatingLdpaDirectoryConfiguration(document, 0);
                createInternalDirectoryConfiguration(this.ldapProviderCount);
            }
            OfBizDirectoryDao ofBizDirectoryDao = (DirectoryDao) ComponentManager.getComponentInstanceOfType(DirectoryDao.class);
            if (ofBizDirectoryDao instanceof OfBizDirectoryDao) {
                ofBizDirectoryDao.flushCache();
            } else {
                log.error("Expected to find an OfBizDirectoryDao, but got " + ofBizDirectoryDao.getClass().getName());
            }
            if (getErrors().isEmpty() && z4) {
                testLdapConnections();
            }
        }
    }

    private void createInternalDirectoryConfiguration(int i) throws GenericEntityException {
        if (this.genericDelegator.findByAnd(DIRECTORY_ENTITY_NAME, FieldMap.build("directoryName", DEFAULT_DIRECTORY)).isEmpty()) {
            addDirectory(1, DEFAULT_DIRECTORY, true, "JIRA default internal directory", InternalDirectory.class.getName(), DirectoryType.INTERNAL, i);
            addDirectoryOperations(1, Sets.newHashSet(OperationType.values()));
            addDirectoryAttribute(1, "user_encryption_method", "atlassian-security");
        }
    }

    protected void addJiraApplication() throws GenericEntityException {
        if (this.genericDelegator.findByAnd(APPLICATION_ENTITY_NAME, FieldMap.build("name", CROWD_EMBEDDED_APPLICATION)).isEmpty()) {
            try {
                this.genericDelegator.create(APPLICATION_ENTITY_NAME, FieldMap.build("id", 1).add("name", CROWD_EMBEDDED_APPLICATION).add("lowerName", CROWD_EMBEDDED_APPLICATION.toLowerCase()).add("active", 1).add("description", "").add("applicationType", "CROWD").add("credential", PasswordCredential.NONE.getCredential()).add("createdDate", new Timestamp(new Date().getTime())).add("updatedDate", new Timestamp(new Date().getTime())));
            } catch (GenericEntityException e) {
                log.error(e.getMessage(), e);
                throw new RuntimeException((Throwable) e);
            }
        }
    }

    private void addDirectory(int i, String str, boolean z, String str2, String str3, DirectoryType directoryType, int i2) {
        try {
            this.genericDelegator.create(DIRECTORY_ENTITY_NAME, FieldMap.build("id", Integer.valueOf(i)).add("directoryName", str).add("lowerDirectoryName", str.toLowerCase()).add("active", Integer.valueOf(z ? 1 : 0)).add("description", str2).add("type", directoryType.name()).add(OfbizPortletConfigurationStore.Columns.ROW, Integer.valueOf(i2)).add("implementationClass", str3).add("lowerImplementationClass", str3.toLowerCase()).add("createdDate", new Timestamp(new Date().getTime())).add("updatedDate", new Timestamp(new Date().getTime())));
        } catch (GenericEntityException e) {
            log.error(e.getMessage(), e);
            throw new RuntimeException((Throwable) e);
        }
    }

    private void addDirectoryOperations(int i, HashSet<OperationType> hashSet) {
        Iterator<OperationType> it = hashSet.iterator();
        while (it.hasNext()) {
            try {
                this.genericDelegator.create(DIRECTORY_OPERATION_ENTITY_NAME, FieldMap.build("directoryId", Integer.valueOf(i)).add("operationType", it.next().getName()));
            } catch (GenericEntityException e) {
                log.error(e.getMessage(), e);
                throw new RuntimeException((Throwable) e);
            }
        }
    }

    private void addDirectoryAttribute(int i, String str, String str2) {
        try {
            this.genericDelegator.create(DIRECTORY_ATTRIBUTE_ENTITY_NAME, FieldMap.build("directoryId", Integer.valueOf(i)).add("name", str).add("value", str2));
        } catch (GenericEntityException e) {
            log.error(e.getMessage(), e);
            throw new RuntimeException((Throwable) e);
        }
    }

    private void createRemoteCrowdDirectoryConfiguration(int i) {
        Properties properties = new Properties();
        InputStream resourceAsStream = getClass().getResourceAsStream("/crowd.properties");
        if (resourceAsStream == null) {
            throw new IllegalStateException("We found a Crowd Provider in the osuser.xml file to be migrated, but can't locate the 'crowd.properties' file.");
        }
        try {
            properties.load(resourceAsStream);
            if (checkForRequiredCrowdParams(properties, "application.name") && checkForRequiredCrowdParams(properties, "application.password") && checkForRequiredCrowdParams(properties, "crowd.server.url")) {
                addDirectory(2, CROWD_DIRECTORY, true, "Remote crowd directory", RemoteCrowdDirectory.class.getName(), DirectoryType.CROWD, i);
                addDirectoryOperations(2, Sets.newHashSet(OperationType.values()));
                String build = new CrowdServiceUrlBuilder().setPropertiesUrlTo((String) properties.get("crowd.server.url")).build();
                addDirectoryAttribute(2, "application.name", (String) properties.get("application.name"));
                addDirectoryAttribute(2, "application.password", (String) properties.get("application.password"));
                if (build != null) {
                    addDirectoryAttribute(2, "crowd.server.url", build);
                }
                addDirectoryAttribute(2, "useNestedGroups", "true");
                log.warn("Added migrated directory to JIRA:Remote crowd directory");
            }
        } catch (IOException e) {
            throw new RuntimeException("An error occurred while loading the 'crowd.properties' file for migrating the Crowd connection properties.", e);
        }
    }

    private void createDelegatingLdpaDirectoryConfiguration(Document document, int i) throws GenericEntityException {
        int i2 = 0;
        Element element = null;
        NodeList elementsByTagName = document.getElementsByTagName("provider");
        for (int i3 = 0; i3 < elementsByTagName.getLength(); i3++) {
            Element element2 = (Element) elementsByTagName.item(i3);
            if (element2.getAttribute("class").contains("com.opensymphony.user.provider.ldap.LDAPCredentialsProvider")) {
                element = element2;
                addDelegatingLdapDirectory(3 + i2, i + i2, element);
                i2++;
            }
        }
        if (element == null) {
            throw new RuntimeException("We found an LDAP Provider, but now it isn't there anymore.  That just shouldn't happen");
        }
    }

    private void addDelegatingLdapDirectory(int i, int i2, Element element) {
        HashMap hashMap = new HashMap();
        NodeList elementsByTagName = element.getElementsByTagName("property");
        for (int i3 = 0; i3 < elementsByTagName.getLength(); i3++) {
            Element element2 = (Element) elementsByTagName.item(i3);
            hashMap.put(element2.getAttribute("name"), element2.getTextContent());
        }
        if (checkForRequiredLdapParams(hashMap, "java.naming.provider.url") && checkForRequiredLdapParams(hashMap, "searchBase") && checkForRequiredLdapParams(hashMap, "uidSearchName")) {
            addDirectory(i, DELEGATING_DIRECTORY, true, "JIRA delegating internal directory", DelegatedAuthenticationDirectory.class.getName(), DirectoryType.DELEGATING, i2);
            addDirectoryOperations(i, Sets.newHashSet(OperationType.values()));
            addDirectoryAttribute(i, "ldap.url", hashMap.get("java.naming.provider.url"));
            addDirectoryAttribute(i, "ldap.basedn", hashMap.get("searchBase"));
            if (hashMap.containsKey("java.naming.security.principal")) {
                addDirectoryAttribute(i, "ldap.userdn", hashMap.get("java.naming.security.principal"));
            }
            if (hashMap.containsKey("java.naming.security.credentials")) {
                addDirectoryAttribute(i, "ldap.password", hashMap.get("java.naming.security.credentials"));
            }
            addDirectoryAttribute(i, "ldap.user.username", hashMap.get("uidSearchName"));
            addDirectoryAttribute(i, "crowd.delegated.directory.type", GenericLDAP.class.getName());
            addDirectoryAttribute(i, "crowd.delegated.directory.auto.create.user", String.valueOf(false));
            if (hashMap.containsKey("java.naming.referral") && "follow".equals(hashMap.get("java.naming.referral"))) {
                addDirectoryAttribute(i, "ldap.referral", String.valueOf(true));
            }
            log.warn("Added directory to JIRA:JIRA delegating internal directory");
        }
    }

    private void testLdapConnections() throws DirectoryInstantiationException, SQLException {
        Connection databaseConnection = getDatabaseConnection();
        try {
            ResultSet executeQuery = databaseConnection.prepareStatement("select id, directory_type from " + convertToSchemaTableName("cwd_directory") + " order by directory_position").executeQuery();
            while (executeQuery.next()) {
                if (executeQuery.getString("directory_type").equals(DirectoryType.DELEGATING.toString())) {
                    try {
                        this.ldapDirectoryInstanceLoader.getDirectory(getLdapVersionOfDirectory(this.crowdDirectoryService.findDirectoryById(executeQuery.getLong("id")))).findUserByName("dummy-name");
                    } catch (UserNotFoundException e) {
                    } catch (OperationFailedException e2) {
                        if (e2.getMessage().toLowerCase().contains("authenticat")) {
                            addError(getI18nBean().getText("admin.errors.upgrade.602.ldap.authentication.failed", e2.getMessage()));
                        } else {
                            addError(getI18nBean().getText("admin.errors.upgrade.602.ldap.connection.failed", e2.getMessage()));
                        }
                    }
                }
            }
        } finally {
            databaseConnection.close();
        }
    }

    private Directory getLdapVersionOfDirectory(Directory directory) {
        DirectoryImpl directoryImpl = new DirectoryImpl(directory);
        directoryImpl.setImplementationClass(directory.getValue("crowd.delegated.directory.type"));
        return directoryImpl;
    }

    private void removeAllDirectories() throws GenericEntityException {
        this.genericDelegator.removeByAnd(DIRECTORY_ATTRIBUTE_ENTITY_NAME, new HashMap());
        this.genericDelegator.removeByAnd(DIRECTORY_OPERATION_ENTITY_NAME, new HashMap());
        this.genericDelegator.removeByAnd(DIRECTORY_ENTITY_NAME, new HashMap());
    }

    private boolean checkForRequiredCrowdParams(Properties properties, String str) {
        if (properties.containsKey(str)) {
            return true;
        }
        addError(getI18nBean().getText("admin.errors.upgrade.601.error.missing.crowd.param", str, this.upgradeGuideUrl, this.upgradeGuideTitle));
        return false;
    }

    private boolean checkForRequiredLdapParams(Map<String, String> map, String str) {
        if (map.containsKey(str)) {
            return true;
        }
        addError(getI18nBean().getText("admin.errors.upgrade.601.error.missing.ldap.param", str, this.upgradeGuideUrl, this.upgradeGuideTitle));
        return false;
    }

    private void extractConfigurationTypes(Document document) {
        NodeList elementsByTagName = document.getElementsByTagName("provider");
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            String attribute = ((Element) elementsByTagName.item(i)).getAttribute("class");
            if (attribute.contains("com.atlassian.jira.user.osuser")) {
                this.ofbizProviderCount++;
            } else if (attribute.contains("com.atlassian.core.ofbiz.osuser")) {
                this.ofbizProviderCount++;
            } else if (attribute.contains("com.opensymphony.user.provider.ofbiz")) {
                this.ofbizProviderCount++;
            } else if (ofbizProviders.contains(attribute)) {
                this.ofbizProviderCount++;
            } else if (crowdProviders.contains(attribute)) {
                this.crowdProviderCount++;
            } else if (ldapProviders.contains(attribute)) {
                this.ldapProviderCount++;
            } else {
                log.error("OSUser config file 'osuser.xml' contains an unknown provider '" + attribute + "'.");
                this.unknownProviderCount++;
            }
            this.providerList.add(attribute);
        }
    }

    private boolean validatePresentConfiguration(InputStream inputStream) throws SQLException {
        HelpUtil.HelpPath helpPath = HelpUtil.getInstance().getHelpPath("upgrade.note.43.usermanagement.changes");
        if (inputStream != null) {
            return true;
        }
        if (areExternalUsersPresent()) {
            addError(getI18nBean().getText("admin.errors.upgrade.601.error.missing.osuser.xml", helpPath.getUrl(), helpPath.getTitle()));
            return false;
        }
        if (isExternalUserManagement()) {
            addError(getI18nBean().getText("admin.errors.upgrade.601.error.missing.extrenal.user.management", helpPath.getUrl(), helpPath.getTitle()));
            return false;
        }
        if (!isExternalPasswordManagement()) {
            return true;
        }
        addError(getI18nBean().getText("admin.errors.upgrade.601.error.missing.extrenal.password.management", helpPath.getUrl(), helpPath.getTitle()));
        return false;
    }

    private boolean isExternalUserManagement() {
        return this.applicationProperties.getOption(APKeys.JIRA_OPTION_USER_EXTERNALMGT);
    }

    private boolean isExternalPasswordManagement() {
        return this.applicationProperties.getOption(JIRA_OPTION_USER_PASSWORD_EXTERNALMGT);
    }

    protected boolean areExternalUsersPresent() throws SQLException {
        Connection databaseConnection = getDatabaseConnection();
        try {
            PreparedStatement prepareStatement = databaseConnection.prepareStatement("select count(*) from " + convertToSchemaTableName("external_entities"));
            try {
                ResultSet executeQuery = prepareStatement.executeQuery();
                executeQuery.next();
                boolean z = executeQuery.getInt(1) > 1;
                databaseConnection.close();
                return z;
            } finally {
                prepareStatement.close();
            }
        } catch (Throwable th) {
            databaseConnection.close();
            throw th;
        }
    }

    protected InputStream getOSUserXmlStream() {
        return UpgradeTask_Build601.class.getResourceAsStream("/osuser.xml");
    }
}
