package org.neo4j.server.security.auth;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Stream;
import org.neo4j.graphdb.security.AuthorizationViolationException;
import org.neo4j.internal.kernel.api.security.AuthSubject;
import org.neo4j.internal.kernel.api.security.SecurityContext;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.kernel.api.security.UserManager;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.procedure.Context;
import org.neo4j.procedure.Description;
import org.neo4j.procedure.Mode;
import org.neo4j.procedure.Name;
import org.neo4j.procedure.Procedure;
import org.neo4j.string.UTF8;

/* loaded from: input_file:org/neo4j/server/security/auth/AuthProcedures.class */
public class AuthProcedures {

    @Context
    public SecurityContext securityContext;

    @Context
    public UserManager userManager;

    /* loaded from: input_file:org/neo4j/server/security/auth/AuthProcedures$UserResult.class */
    public static class UserResult {
        public final String username;
        public final List<String> flags = new ArrayList();

        UserResult(String str, Iterable<String> iterable) {
            this.username = str;
            Iterator<String> it = iterable.iterator();
            while (it.hasNext()) {
                this.flags.add(it.next());
            }
        }
    }

    @Procedure(name = "dbms.security.createUser", mode = Mode.DBMS)
    @Description("Create a new user.")
    public void createUser(@Name("username") String str, @Name("password") String str2, @Name(value = "requirePasswordChange", defaultValue = "true") boolean z) throws InvalidArgumentsException, IOException {
        this.securityContext.assertCredentialsNotExpired();
        this.userManager.newUser(str, str2 != null ? UTF8.encode(str2) : null, z);
    }

    @Procedure(name = "dbms.security.deleteUser", mode = Mode.DBMS)
    @Description("Delete the specified user.")
    public void deleteUser(@Name("username") String str) throws InvalidArgumentsException, IOException {
        this.securityContext.assertCredentialsNotExpired();
        if (this.securityContext.subject().hasUsername(str)) {
            throw new InvalidArgumentsException("Deleting yourself (user '" + str + "') is not allowed.");
        }
        this.userManager.deleteUser(str);
    }

    @Procedure(name = "dbms.changePassword", mode = Mode.DBMS, deprecatedBy = "dbms.security.changePassword")
    @Deprecated
    @Description("Change the current user's password. Deprecated by dbms.security.changePassword.")
    public void changePasswordDeprecated(@Name("password") String str) throws InvalidArgumentsException, IOException {
        changePassword(str);
    }

    @Procedure(name = "dbms.security.changePassword", mode = Mode.DBMS)
    @Description("Change the current user's password.")
    public void changePassword(@Name("password") String str) throws InvalidArgumentsException, IOException {
        if (this.securityContext.subject() == AuthSubject.ANONYMOUS) {
            throw new AuthorizationViolationException("Anonymous cannot change password");
        }
        this.userManager.setUserPassword(this.securityContext.subject().username(), UTF8.encode(str), false);
        this.securityContext.subject().setPasswordChangeNoLongerRequired();
    }

    @Procedure(name = "dbms.showCurrentUser", mode = Mode.DBMS)
    @Description("Show the current user.")
    public Stream<UserResult> showCurrentUser() {
        return Stream.of(userResultForName(this.securityContext.subject().username()));
    }

    @Procedure(name = "dbms.security.showCurrentUser", mode = Mode.DBMS, deprecatedBy = "dbms.showCurrentUser")
    @Deprecated
    @Description("Show the current user. Deprecated by dbms.showCurrentUser.")
    public Stream<UserResult> showCurrentUserDeprecated() {
        return showCurrentUser();
    }

    @Procedure(name = "dbms.security.listUsers", mode = Mode.DBMS)
    @Description("List all native users.")
    public Stream<UserResult> listUsers() {
        this.securityContext.assertCredentialsNotExpired();
        Set allUsernames = this.userManager.getAllUsernames();
        return allUsernames.isEmpty() ? showCurrentUser() : allUsernames.stream().map(this::userResultForName);
    }

    private UserResult userResultForName(String str) {
        User silentlyGetUser = this.userManager.silentlyGetUser(str);
        return new UserResult(str, silentlyGetUser == null ? Collections.emptyList() : silentlyGetUser.getFlags());
    }
}
