package org.neo4j.server.security.systemgraph;

import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import org.neo4j.cypher.internal.security.SecureHasher;
import org.neo4j.cypher.internal.security.SystemGraphCredential;
import org.neo4j.dbms.database.DatabaseContext;
import org.neo4j.dbms.database.DatabaseManager;
import org.neo4j.dbms.database.SystemGraphInitializer;
import org.neo4j.graphdb.ConstraintViolationException;
import org.neo4j.graphdb.GraphDatabaseService;
import org.neo4j.graphdb.Label;
import org.neo4j.graphdb.Node;
import org.neo4j.graphdb.ResourceIterator;
import org.neo4j.graphdb.Transaction;
import org.neo4j.graphdb.security.AuthProviderFailedException;
import org.neo4j.kernel.database.DatabaseIdRepository;
import org.neo4j.kernel.impl.security.Credential;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.logging.Log;
import org.neo4j.server.security.auth.ListSnapshot;
import org.neo4j.server.security.auth.UserRepository;
import org.neo4j.string.UTF8;

/* loaded from: input_file:org/neo4j/server/security/systemgraph/UserSecurityGraphInitializer.class */
public class UserSecurityGraphInitializer implements SecurityGraphInitializer {
    protected Label USER_LABEL = Label.label("User");
    protected List<Node> userNodes = new ArrayList();
    protected List<String> usernames = new ArrayList();
    protected final DatabaseManager<?> databaseManager;
    protected GraphDatabaseService systemDb;
    protected final SystemGraphInitializer systemGraphInitializer;
    protected Log log;
    protected final UserRepository migrationUserRepository;
    private final UserRepository initialUserRepository;
    private final SecureHasher secureHasher;

    public UserSecurityGraphInitializer(DatabaseManager<?> databaseManager, SystemGraphInitializer systemGraphInitializer, Log log, UserRepository userRepository, UserRepository userRepository2, SecureHasher secureHasher) {
        this.databaseManager = databaseManager;
        this.systemGraphInitializer = systemGraphInitializer;
        this.log = log;
        this.migrationUserRepository = userRepository;
        this.initialUserRepository = userRepository2;
        this.secureHasher = secureHasher;
    }

    @Override // org.neo4j.server.security.systemgraph.SecurityGraphInitializer
    public void initializeSecurityGraph() throws Exception {
        initializeSecurityGraph(getSystemDb());
    }

    @Override // org.neo4j.server.security.systemgraph.SecurityGraphInitializer
    public void initializeSecurityGraph(GraphDatabaseService graphDatabaseService) throws Exception {
        this.systemGraphInitializer.initializeSystemGraph(graphDatabaseService);
        this.systemDb = graphDatabaseService;
        doInitializeSecurityGraph();
    }

    private void doInitializeSecurityGraph() throws Exception {
        setupConstraints();
        Transaction beginTx = this.systemDb.beginTx();
        try {
            this.userNodes = findInitialNodes(beginTx, this.USER_LABEL);
            this.userNodes.stream().filter(node -> {
                return node.hasProperty("name") && node.getProperty("name").getClass().equals(String.class);
            }).forEach(node2 -> {
                this.usernames.add((String) node2.getProperty("name"));
            });
            boolean z = !this.userNodes.isEmpty();
            if (!z) {
                z = migrateFromAuthFile(beginTx);
            }
            if (!z) {
                addDefaultUser(beginTx);
            }
            setInitialPassword();
            beginTx.commit();
            if (beginTx != null) {
                beginTx.close();
            }
        } catch (Throwable th) {
            if (beginTx != null) {
                try {
                    beginTx.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void setupConstraints() {
        Transaction beginTx = this.systemDb.beginTx();
        try {
            try {
                beginTx.schema().constraintFor(this.USER_LABEL).assertPropertyIsUnique("name").create();
            } catch (Throwable th) {
                if (beginTx != null) {
                    try {
                        beginTx.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (ConstraintViolationException e) {
            if (!e.getMessage().startsWith("An equivalent constraint already exists")) {
                throw e;
            }
        }
        beginTx.commit();
        if (beginTx != null) {
            beginTx.close();
        }
    }

    protected ArrayList<Node> findInitialNodes(Transaction transaction, Label label) {
        ArrayList<Node> arrayList = new ArrayList<>();
        ResourceIterator findNodes = transaction.findNodes(label);
        Objects.requireNonNull(arrayList);
        findNodes.forEachRemaining((v1) -> {
            r1.add(v1);
        });
        findNodes.close();
        return arrayList;
    }

    private boolean migrateFromAuthFile(Transaction transaction) throws Exception {
        startUserRepository(this.migrationUserRepository);
        boolean doMigrateUsers = doMigrateUsers(transaction, this.migrationUserRepository);
        stopUserRepository(this.migrationUserRepository);
        return doMigrateUsers;
    }

    protected boolean doMigrateUsers(Transaction transaction, UserRepository userRepository) throws Exception {
        ListSnapshot<User> persistedSnapshot = userRepository.getPersistedSnapshot();
        if (persistedSnapshot.values().isEmpty()) {
            return false;
        }
        for (User user : persistedSnapshot.values()) {
            addUser(transaction, user.name(), user.credentials(), user.passwordChangeRequired(), user.hasFlag(BasicSystemGraphRealm.IS_SUSPENDED));
        }
        this.log.info("Completed migration of %s %s into system graph.", new Object[]{Integer.toString(persistedSnapshot.values().size()), persistedSnapshot.values().size() == 1 ? "user" : "users"});
        return true;
    }

    protected void addDefaultUser(Transaction transaction) {
        addUser(transaction, "neo4j", SystemGraphCredential.createCredentialForPassword(UTF8.encode("neo4j"), this.secureHasher), true, false);
    }

    protected void startUserRepository(UserRepository userRepository) throws Exception {
        userRepository.init();
        userRepository.start();
    }

    protected void stopUserRepository(UserRepository userRepository) throws Exception {
        userRepository.stop();
        userRepository.shutdown();
    }

    protected void setInitialPassword() throws Exception {
        User initialUser;
        if (this.userNodes.size() == 1) {
            Node node = this.userNodes.get(0);
            if (node.getProperty("name").equals("neo4j") && SystemGraphCredential.deserialize((String) node.getProperty("credentials"), this.secureHasher).matchesPassword(UTF8.encode("neo4j")) && (initialUser = getInitialUser()) != null) {
                node.setProperty("credentials", initialUser.credentials().serialize());
                node.setProperty("passwordChangeRequired", Boolean.valueOf(initialUser.passwordChangeRequired()));
            }
        }
    }

    private User getInitialUser() throws Exception {
        User user = null;
        startUserRepository(this.initialUserRepository);
        if (this.initialUserRepository.numberOfUsers() == 1) {
            user = this.initialUserRepository.getUserByName("neo4j");
            if (user == null) {
                this.log.error("Invalid `auth.ini` file: the user in the file is not named neo4j");
                throw new IllegalStateException("Invalid `auth.ini` file: the user in the file is not named neo4j");
            }
        } else if (this.initialUserRepository.numberOfUsers() > 1) {
            this.log.error("Invalid `auth.ini` file: the file contains more than one user");
            throw new IllegalStateException("Invalid `auth.ini` file: the file contains more than one user");
        }
        stopUserRepository(this.initialUserRepository);
        return user;
    }

    private void addUser(Transaction transaction, String str, Credential credential, boolean z, boolean z2) {
        Node createNode = transaction.createNode(new Label[]{this.USER_LABEL});
        createNode.setProperty("name", str);
        createNode.setProperty("credentials", credential.serialize());
        createNode.setProperty("passwordChangeRequired", Boolean.valueOf(z));
        createNode.setProperty("suspended", Boolean.valueOf(z2));
        this.userNodes.add(createNode);
        this.usernames.add(str);
    }

    protected GraphDatabaseService getSystemDb() {
        return ((DatabaseContext) this.databaseManager.getDatabaseContext(DatabaseIdRepository.NAMED_SYSTEM_DATABASE_ID).orElseThrow(() -> {
            return new AuthProviderFailedException("No database called `system` was found.");
        })).databaseFacade();
    }
}
