package org.neo4j.commandline.admin.security;

import java.nio.file.Path;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.neo4j.commandline.admin.AdminCommand;
import org.neo4j.commandline.admin.CommandFailed;
import org.neo4j.commandline.admin.IncorrectUsage;
import org.neo4j.commandline.admin.OutsideWorld;
import org.neo4j.dbms.DatabaseManagementSystemSettings;
import org.neo4j.graphdb.factory.GraphDatabaseSettings;
import org.neo4j.helpers.Args;
import org.neo4j.helpers.collection.Pair;
import org.neo4j.kernel.configuration.Config;
import org.neo4j.logging.NullLogProvider;
import org.neo4j.server.configuration.ConfigLoader;
import org.neo4j.server.security.auth.BasicAuthManager;
import org.neo4j.server.security.auth.BasicAuthManagerFactory;
import org.neo4j.server.security.auth.BasicPasswordPolicy;
import org.neo4j.server.security.auth.FileUserRepository;
import org.neo4j.server.security.auth.ListSnapshot;
import org.neo4j.time.Clocks;

/* loaded from: input_file:org/neo4j/commandline/admin/security/UsersCommand.class */
public class UsersCommand implements AdminCommand {
    private final Path homeDir;
    private final Path configDir;
    private OutsideWorld outsideWorld;

    /* loaded from: input_file:org/neo4j/commandline/admin/security/UsersCommand$Provider.class */
    public static class Provider extends AdminCommand.Provider {
        public Provider() {
            super("users", new String[0]);
        }

        public Optional<String> arguments() {
            return Optional.of("<subcommand> [<username>] [<password>] [--requires-password-change]");
        }

        public String description() {
            return "Runs several possible sub-commands for managing the native users repository: 'list', 'create', 'delete' and 'set-password'. When creating a new user, it is created with a requirement to change password on first login. Use the option --requires-password-change=false to disable this. Passing a username to the 'list' command will do a case-insensitive substring search.";
        }

        public AdminCommand create(Path path, Path path2, OutsideWorld outsideWorld) {
            return new UsersCommand(path, path2, outsideWorld);
        }
    }

    public UsersCommand(Path path, Path path2, OutsideWorld outsideWorld) {
        this.homeDir = path;
        this.configDir = path2;
        this.outsideWorld = outsideWorld;
    }

    public void execute(String[] strArr) throws IncorrectUsage, CommandFailed {
        Args parse = Args.parse(strArr);
        if (parse.orphans().size() < 1) {
            throw new IncorrectUsage("Missing arguments: expected at least one sub-command as argument: list, create, delete or set-password");
        }
        String str = parse.orphans().size() > 0 ? (String) parse.orphans().get(0) : null;
        String str2 = parse.orphans().size() > 1 ? (String) parse.orphans().get(1) : null;
        String str3 = parse.orphans().size() > 2 ? (String) parse.orphans().get(2) : null;
        boolean z = !hasFlagWithValue(parse, "requires-password-change", "false");
        try {
            String lowerCase = str.trim().toLowerCase();
            boolean z2 = -1;
            switch (lowerCase.hashCode()) {
                case -1352294148:
                    if (lowerCase.equals("create")) {
                        z2 = 2;
                        break;
                    }
                    break;
                case -1335458389:
                    if (lowerCase.equals("delete")) {
                        z2 = 3;
                        break;
                    }
                    break;
                case 3322014:
                    if (lowerCase.equals("list")) {
                        z2 = false;
                        break;
                    }
                    break;
                case 1021333414:
                    if (lowerCase.equals("set-password")) {
                        z2 = true;
                        break;
                    }
                    break;
            }
            switch (z2) {
                case ListSnapshot.FROM_MEMORY /* 0 */:
                    listUsers(str2);
                    break;
                case ListSnapshot.FROM_PERSISTED /* 1 */:
                    if (str2 != null && str3 != null) {
                        setPassword(str2, str3, z);
                        break;
                    } else {
                        throw new IncorrectUsage("Missing arguments: 'users set-password' expects username and password arguments");
                    }
                case true:
                    if (str2 != null && str3 != null) {
                        createUser(str2, str3, z);
                        break;
                    } else {
                        throw new IncorrectUsage("Missing arguments: 'users create' expects username and password arguments");
                    }
                    break;
                case true:
                    if (str2 != null) {
                        deleteUser(str2);
                        break;
                    } else {
                        throw new IncorrectUsage("Missing arguments: 'users delete' expects username argument");
                    }
                default:
                    throw new IncorrectUsage("Unknown users command: " + str);
            }
        } catch (IncorrectUsage e) {
            throw e;
        } catch (Exception e2) {
            throw new CommandFailed("Failed run 'users " + str + "' on '" + str2 + "': " + e2.getMessage(), e2);
        } catch (Throwable th) {
            throw new CommandFailed("Failed run 'users " + str + "' on '" + str2 + "': " + th.getMessage(), new RuntimeException(th.getMessage()));
        }
    }

    private boolean hasFlagWithValue(Args args, String str, String str2) {
        Map asMap = args.asMap();
        return asMap.containsKey(str) && ((String) asMap.get(str)).trim().toLowerCase().equals(str2);
    }

    private void listUsers(String str) throws Throwable {
        getAuthManager();
        for (String str2 : getUserRepository().getAllUsernames()) {
            if (str == null || str2.toLowerCase().contains(str.toLowerCase())) {
                this.outsideWorld.stdOutLine(str2);
            }
        }
    }

    private void createUser(String str, String str2, boolean z) throws Throwable {
        getAuthManager().newUser(str, str2, z);
        this.outsideWorld.stdOutLine("Created new user '" + str + "'");
    }

    private void deleteUser(String str) throws Throwable {
        BasicAuthManager authManager = getAuthManager();
        authManager.getUser(str);
        if (authManager.getAllUsernames().size() == 1) {
            throw new IllegalArgumentException("Deleting the only remaining user '" + str + "' is not allowed");
        }
        if (authManager.deleteUser(str)) {
            this.outsideWorld.stdOutLine("Deleted user '" + str + "'");
        } else {
            this.outsideWorld.stdErrLine("Failed to delete user '" + str + "'");
        }
    }

    private void setPassword(String str, String str2, boolean z) throws Throwable {
        getAuthManager().setUserPassword(str, str2, z);
        this.outsideWorld.stdOutLine("Changed password for user '" + str + "'");
    }

    private static Config loadNeo4jConfig(Path path, Path path2) {
        return new ConfigLoader(settings()).loadConfig(Optional.of(path.toFile()), Optional.of(path2.resolve("neo4j.conf").toFile()), new Pair[0]);
    }

    private static List<Class<?>> settings() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(GraphDatabaseSettings.class);
        arrayList.add(DatabaseManagementSystemSettings.class);
        return arrayList;
    }

    private FileUserRepository getUserRepository() throws Throwable {
        FileUserRepository userRepository = BasicAuthManagerFactory.getUserRepository(loadNeo4jConfig(this.homeDir, this.configDir), NullLogProvider.getInstance(), this.outsideWorld.fileSystem());
        userRepository.start();
        return userRepository;
    }

    private BasicAuthManager getAuthManager() throws Throwable {
        BasicAuthManager basicAuthManager = new BasicAuthManager(getUserRepository(), new BasicPasswordPolicy(), Clocks.systemClock());
        basicAuthManager.start();
        return basicAuthManager;
    }
}
