package org.neo4j.server.security.systemgraph.versions;

import java.util.List;
import java.util.UUID;
import org.neo4j.configuration.Config;
import org.neo4j.dbms.database.ComponentVersion;
import org.neo4j.dbms.database.KnownSystemComponentVersion;
import org.neo4j.graphdb.Label;
import org.neo4j.graphdb.Node;
import org.neo4j.graphdb.RelationshipType;
import org.neo4j.graphdb.ResourceIterator;
import org.neo4j.graphdb.Transaction;
import org.neo4j.internal.helpers.collection.Iterators;
import org.neo4j.internal.kernel.api.security.AbstractSecurityLog;
import org.neo4j.kernel.impl.security.Credential;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.logging.Log;
import org.neo4j.server.security.FormatException;
import org.neo4j.server.security.SecureHasher;
import org.neo4j.server.security.SystemGraphCredential;
import org.neo4j.server.security.systemgraph.SecurityGraphHelper;
import org.neo4j.server.security.systemgraph.UserSecurityGraphComponentVersion;
import org.neo4j.string.UTF8;

/* loaded from: input_file:org/neo4j/server/security/systemgraph/versions/KnownCommunitySecurityComponentVersion.class */
public abstract class KnownCommunitySecurityComponentVersion extends KnownSystemComponentVersion {
    public static final String USER_ID = "id";
    public static final String USER_NAME = "name";
    public static final String USER_CREDENTIALS = "credentials";
    public static final String USER_EXPIRED = "passwordChangeRequired";
    public static final String USER_SUSPENDED = "suspended";
    public static final String USER_HOME_DB = "homeDatabase";
    public static final String AUTH_CONSTRAINT = "auth-constraint";
    public static final String AUTH_PROVIDER = "provider";
    public static final String AUTH_ID = "id";
    private final SecureHasher secureHasher;
    private final AbstractSecurityLog securityLog;
    public static final Label USER_LABEL = Label.label("User");
    public static final Label AUTH_LABEL = Label.label("Auth");
    public static final Label ROLE_LABEL = Label.label("Role");
    public static final RelationshipType HAS_AUTH = RelationshipType.withName("HAS_AUTH");

    /* JADX INFO: Access modifiers changed from: package-private */
    public KnownCommunitySecurityComponentVersion(ComponentVersion componentVersion, Log log, AbstractSecurityLog abstractSecurityLog) {
        super(componentVersion, log);
        this.secureHasher = new SecureHasher();
        this.securityLog = abstractSecurityLog;
    }

    public abstract void setupUsers(Transaction transaction, Config config) throws Exception;

    public void addUser(Transaction transaction, String str, Credential credential, boolean z, boolean z2) {
        AbstractSecurityLog abstractSecurityLog = this.securityLog;
        Object[] objArr = new Object[3];
        objArr[0] = str;
        objArr[1] = z ? "REQUIRED" : "NOT REQUIRED";
        objArr[2] = z2 ? " SET STATUS SUSPENDED" : "";
        abstractSecurityLog.info(String.format("CREATE USER %s PASSWORD ****** CHANGE %s%s", objArr));
        Node createNode = transaction.createNode(new Label[]{USER_LABEL});
        createNode.setProperty(USER_NAME, str);
        createNode.setProperty(USER_CREDENTIALS, credential.serialize());
        createNode.setProperty(USER_EXPIRED, Boolean.valueOf(z));
        createNode.setProperty(USER_SUSPENDED, Boolean.valueOf(z2));
        createNode.setProperty("id", UUID.randomUUID().toString());
        if (this.version >= UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_521.getVersion()) {
            addAuthObject(transaction, createNode);
        }
    }

    public abstract void updateInitialUserPassword(Transaction transaction) throws Exception;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateInitialUserPassword(Transaction transaction, User user) throws FormatException {
        List asList = Iterators.asList(transaction.findNodes(USER_LABEL));
        if (asList.isEmpty()) {
            this.debugLog.warn(String.format("Unable to update missing initial user password from `auth.ini` file: %s", user.name()));
            return;
        }
        if (asList.size() != 1) {
            this.debugLog.warn("Unable to update initial user password from `auth.ini` file: multiple users in the DBMS");
            return;
        }
        Node node = (Node) asList.get(0);
        if (node.getProperty(USER_NAME).equals("neo4j") && SystemGraphCredential.deserialize(node.getProperty(USER_CREDENTIALS).toString(), this.secureHasher).matchesPassword(UTF8.encode("neo4j"))) {
            this.debugLog.info(String.format("Updating initial user password from `auth.ini` file: %s", user.name()));
            node.setProperty(USER_CREDENTIALS, user.credential().value().serialize());
            node.setProperty(USER_EXPIRED, Boolean.valueOf(user.passwordChangeRequired()));
        }
    }

    public void addAuthObjects(Transaction transaction) {
        ResourceIterator findNodes = transaction.findNodes(USER_LABEL);
        while (findNodes.hasNext()) {
            try {
                Node node = (Node) findNodes.next();
                if (node.hasProperty(USER_CREDENTIALS) && !node.hasRelationship(new RelationshipType[]{HAS_AUTH})) {
                    addAuthObject(transaction, node);
                }
            } catch (Throwable th) {
                if (findNodes != null) {
                    try {
                        findNodes.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        if (findNodes != null) {
            findNodes.close();
        }
    }

    private void addAuthObject(Transaction transaction, Node node) {
        String str = (String) node.getProperty("id");
        Node createNode = transaction.createNode(new Label[]{AUTH_LABEL});
        createNode.setProperty(AUTH_PROVIDER, SecurityGraphHelper.NATIVE_AUTH);
        createNode.setProperty("id", str);
        node.createRelationshipTo(createNode, HAS_AUTH);
    }

    public abstract void upgradeSecurityGraph(Transaction transaction, int i) throws Exception;

    public abstract void upgradeSecurityGraphSchema(Transaction transaction, int i) throws Exception;

    public boolean requiresAuthObject() {
        return true;
    }
}
