package com.google.gerrit.server;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.MoreObjects;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import com.google.common.flogger.FluentLogger;
import com.google.common.flogger.LazyArgs;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.common.UsedAt;
import com.google.gerrit.entities.Account;
import com.google.gerrit.server.account.AccountCache;
import com.google.gerrit.server.account.AccountState;
import com.google.gerrit.server.account.GroupBackend;
import com.google.gerrit.server.account.GroupMembership;
import com.google.gerrit.server.account.ListGroupMembership;
import com.google.gerrit.server.account.Realm;
import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.gerrit.server.config.AnonymousCowardName;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.gerrit.server.config.EnablePeerIPInReflogRecord;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.inject.Inject;
import com.google.inject.OutOfScopeException;
import com.google.inject.Provider;
import com.google.inject.ProvisionException;
import com.google.inject.Singleton;
import com.google.inject.util.Providers;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.SocketAddress;
import java.net.URL;
import java.time.Instant;
import java.util.Collection;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.TimeZone;
import org.apache.sshd.server.shell.UnknownCommandFactory;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.util.SystemReader;

/* loaded from: input_file:WEB-INF/lib/com_google_gerrit_server_libserver.jar:com/google/gerrit/server/IdentifiedUser.class */
public class IdentifiedUser extends CurrentUser {
    private static final FluentLogger logger = FluentLogger.forEnclosingClass();
    private static final GroupMembership registeredGroups = new ListGroupMembership(ImmutableSet.of(SystemGroupBackend.ANONYMOUS_USERS, SystemGroupBackend.REGISTERED_USERS));
    private final Provider<String> canonicalUrl;
    private final AccountCache accountCache;
    private final AuthConfig authConfig;
    private final Realm realm;
    private final GroupBackend groupBackend;
    private final String anonymousCowardName;
    private final Boolean enablePeerIPInReflogRecord;
    private final Set<String> validEmails;
    private final CurrentUser realUser;
    private final Provider<SocketAddress> remotePeerProvider;
    private final Account.Id accountId;
    private AccountState state;
    private boolean loadedAllEmails;
    private Set<String> invalidEmails;
    private GroupMembership effectiveGroups;

    @Singleton
    /* loaded from: input_file:WEB-INF/lib/com_google_gerrit_server_libserver.jar:com/google/gerrit/server/IdentifiedUser$GenericFactory.class */
    public static class GenericFactory {
        private final AuthConfig authConfig;
        private final Realm realm;
        private final String anonymousCowardName;
        private final Provider<String> canonicalUrl;
        private final AccountCache accountCache;
        private final GroupBackend groupBackend;
        private final Boolean enablePeerIPInReflogRecord;

        @Inject
        public GenericFactory(AuthConfig authConfig, Realm realm, @AnonymousCowardName String str, @CanonicalWebUrl Provider<String> provider, @EnablePeerIPInReflogRecord Boolean bool, AccountCache accountCache, GroupBackend groupBackend) {
            this.authConfig = authConfig;
            this.realm = realm;
            this.anonymousCowardName = str;
            this.canonicalUrl = provider;
            this.accountCache = accountCache;
            this.groupBackend = groupBackend;
            this.enablePeerIPInReflogRecord = bool;
        }

        public IdentifiedUser create(AccountState accountState) {
            return new IdentifiedUser(this.authConfig, this.realm, this.anonymousCowardName, this.canonicalUrl, this.accountCache, this.groupBackend, this.enablePeerIPInReflogRecord, Providers.of(null), accountState, null);
        }

        public IdentifiedUser create(Account.Id id) {
            return create(null, id);
        }

        @VisibleForTesting
        @UsedAt(UsedAt.Project.GOOGLE)
        public IdentifiedUser forTest(Account.Id id, PropertyMap propertyMap) {
            return runAs(null, id, null, propertyMap);
        }

        public IdentifiedUser create(SocketAddress socketAddress, Account.Id id) {
            return runAs(socketAddress, id, null);
        }

        public IdentifiedUser runAs(SocketAddress socketAddress, Account.Id id, @Nullable CurrentUser currentUser) {
            return runAs(socketAddress, id, currentUser, PropertyMap.EMPTY);
        }

        private IdentifiedUser runAs(SocketAddress socketAddress, Account.Id id, @Nullable CurrentUser currentUser, PropertyMap propertyMap) {
            return new IdentifiedUser(this.authConfig, this.realm, this.anonymousCowardName, this.canonicalUrl, this.accountCache, this.groupBackend, this.enablePeerIPInReflogRecord, Providers.of(socketAddress), id, currentUser, propertyMap);
        }
    }

    @Singleton
    /* loaded from: input_file:WEB-INF/lib/com_google_gerrit_server_libserver.jar:com/google/gerrit/server/IdentifiedUser$RequestFactory.class */
    public static class RequestFactory {
        private final AuthConfig authConfig;
        private final Realm realm;
        private final String anonymousCowardName;
        private final Provider<String> canonicalUrl;
        private final AccountCache accountCache;
        private final GroupBackend groupBackend;
        private final Boolean enablePeerIPInReflogRecord;
        private final Provider<SocketAddress> remotePeerProvider;

        @Inject
        RequestFactory(AuthConfig authConfig, Realm realm, @AnonymousCowardName String str, @CanonicalWebUrl Provider<String> provider, AccountCache accountCache, GroupBackend groupBackend, @EnablePeerIPInReflogRecord Boolean bool, @RemotePeer Provider<SocketAddress> provider2) {
            this.authConfig = authConfig;
            this.realm = realm;
            this.anonymousCowardName = str;
            this.canonicalUrl = provider;
            this.accountCache = accountCache;
            this.groupBackend = groupBackend;
            this.enablePeerIPInReflogRecord = bool;
            this.remotePeerProvider = provider2;
        }

        public IdentifiedUser create(Account.Id id) {
            return create(id, PropertyMap.EMPTY);
        }

        public <T> IdentifiedUser create(Account.Id id, PropertyMap propertyMap) {
            return new IdentifiedUser(this.authConfig, this.realm, this.anonymousCowardName, this.canonicalUrl, this.accountCache, this.groupBackend, this.enablePeerIPInReflogRecord, this.remotePeerProvider, id, null, propertyMap);
        }

        public IdentifiedUser runAs(Account.Id id, CurrentUser currentUser, PropertyMap propertyMap) {
            return new IdentifiedUser(this.authConfig, this.realm, this.anonymousCowardName, this.canonicalUrl, this.accountCache, this.groupBackend, this.enablePeerIPInReflogRecord, this.remotePeerProvider, id, currentUser, propertyMap);
        }
    }

    private IdentifiedUser(AuthConfig authConfig, Realm realm, String str, Provider<String> provider, AccountCache accountCache, GroupBackend groupBackend, Boolean bool, @Nullable Provider<SocketAddress> provider2, AccountState accountState, @Nullable CurrentUser currentUser) {
        this(authConfig, realm, str, provider, accountCache, groupBackend, bool, provider2, accountState.account().id(), currentUser, PropertyMap.EMPTY);
        this.state = accountState;
    }

    private IdentifiedUser(AuthConfig authConfig, Realm realm, String str, Provider<String> provider, AccountCache accountCache, GroupBackend groupBackend, Boolean bool, @Nullable Provider<SocketAddress> provider2, Account.Id id, @Nullable CurrentUser currentUser, PropertyMap propertyMap) {
        super(propertyMap);
        this.validEmails = Sets.newTreeSet(String.CASE_INSENSITIVE_ORDER);
        this.canonicalUrl = provider;
        this.accountCache = accountCache;
        this.groupBackend = groupBackend;
        this.authConfig = authConfig;
        this.realm = realm;
        this.anonymousCowardName = str;
        this.enablePeerIPInReflogRecord = bool;
        this.remotePeerProvider = provider2;
        this.accountId = id;
        this.realUser = currentUser != null ? currentUser : this;
    }

    @Override // com.google.gerrit.server.CurrentUser
    public CurrentUser getRealUser() {
        return this.realUser;
    }

    @Override // com.google.gerrit.server.CurrentUser
    public boolean isImpersonating() {
        if (this.realUser == this) {
            return false;
        }
        return (this.realUser.isIdentifiedUser() && this.realUser.getAccountId().equals(getAccountId())) ? false : true;
    }

    public AccountState state() {
        if (this.state == null) {
            this.state = this.accountCache.getEvenIfMissing(getAccountId());
        }
        return this.state;
    }

    @Override // com.google.gerrit.server.CurrentUser
    public IdentifiedUser asIdentifiedUser() {
        return this;
    }

    @Override // com.google.gerrit.server.CurrentUser
    public Account.Id getAccountId() {
        return this.accountId;
    }

    @Override // com.google.gerrit.server.CurrentUser
    public Optional<String> getUserName() {
        return state().userName();
    }

    @Override // com.google.gerrit.server.CurrentUser
    public String getLoggableName() {
        return getUserName().orElseGet(() -> {
            return (String) MoreObjects.firstNonNull(getAccount().preferredEmail(), "a/" + getAccountId().get());
        });
    }

    public Account getAccount() {
        return state().account();
    }

    public boolean hasEmailAddress(String str) {
        if (this.validEmails.contains(str)) {
            return true;
        }
        if (this.invalidEmails != null && this.invalidEmails.contains(str)) {
            return false;
        }
        if (this.realm.hasEmailAddress(this, str)) {
            this.validEmails.add(str);
            return true;
        }
        if (this.invalidEmails == null) {
            this.invalidEmails = Sets.newTreeSet(String.CASE_INSENSITIVE_ORDER);
        }
        this.invalidEmails.add(str);
        return false;
    }

    @Override // com.google.gerrit.server.CurrentUser
    public ImmutableSet<String> getEmailAddresses() {
        if (!this.loadedAllEmails) {
            this.validEmails.addAll(this.realm.getEmailAddresses(this));
            this.loadedAllEmails = true;
        }
        return ImmutableSet.copyOf((Collection) this.validEmails);
    }

    @Override // com.google.gerrit.server.CurrentUser
    public ImmutableSet<ExternalId.Key> getExternalIdKeys() {
        return (ImmutableSet) state().externalIds().stream().map((v0) -> {
            return v0.key();
        }).collect(ImmutableSet.toImmutableSet());
    }

    public String getName() {
        return getAccount().getName();
    }

    public String getNameEmail() {
        return getAccount().getNameEmail(this.anonymousCowardName);
    }

    @Override // com.google.gerrit.server.CurrentUser
    public GroupMembership getEffectiveGroups() {
        if (this.effectiveGroups == null) {
            if (this.authConfig.isIdentityTrustable(state().externalIds())) {
                this.effectiveGroups = this.groupBackend.membershipsOf(this);
                FluentLogger.Api atFinest = logger.atFinest();
                String loggableName = getLoggableName();
                GroupMembership groupMembership = this.effectiveGroups;
                Objects.requireNonNull(groupMembership);
                atFinest.log("Known groups of %s: %s", loggableName, LazyArgs.lazy(groupMembership::getKnownGroups));
            } else {
                this.effectiveGroups = registeredGroups;
                FluentLogger.Api atFinest2 = logger.atFinest();
                String loggableName2 = getLoggableName();
                GroupMembership groupMembership2 = registeredGroups;
                Objects.requireNonNull(groupMembership2);
                atFinest2.log("%s has a non-trusted identity, falling back to %s as known groups", loggableName2, LazyArgs.lazy(groupMembership2::getKnownGroups));
            }
        }
        return this.effectiveGroups;
    }

    @Override // com.google.gerrit.server.CurrentUser
    public Object getCacheKey() {
        return getAccountId();
    }

    public PersonIdent newRefLogIdent() {
        return newRefLogIdent(Instant.now(), TimeZone.getDefault());
    }

    public PersonIdent newRefLogIdent(Instant instant, TimeZone timeZone) {
        String constructMailAddress;
        Account account = getAccount();
        String fullName = account.fullName();
        if (fullName == null || fullName.isEmpty()) {
            fullName = account.preferredEmail();
        }
        if (fullName == null || fullName.isEmpty()) {
            fullName = this.anonymousCowardName;
        }
        if (this.enablePeerIPInReflogRecord.booleanValue()) {
            constructMailAddress = constructMailAddress(account, guessHost());
        } else {
            constructMailAddress = Strings.isNullOrEmpty(account.preferredEmail()) ? constructMailAddress(account, UnknownCommandFactory.FACTORY_NAME) : account.preferredEmail();
        }
        return newPersonIdent(fullName, constructMailAddress, instant, timeZone);
    }

    private String constructMailAddress(Account account, String str) {
        return getUserName().orElse("") + "|account-" + account.id().toString() + "@" + str;
    }

    public PersonIdent newCommitterIdent(PersonIdent personIdent) {
        return newCommitterIdent(personIdent.getWhen().toInstant(), personIdent.getTimeZone());
    }

    public PersonIdent newCommitterIdent(Instant instant, TimeZone timeZone) {
        String hostname;
        Account account = getAccount();
        String fullName = account.fullName();
        String preferredEmail = account.preferredEmail();
        if (preferredEmail == null || preferredEmail.isEmpty()) {
            String orElseGet = getUserName().orElseGet(() -> {
                return "account-" + account.id().toString();
            });
            if (this.canonicalUrl.get() != null) {
                try {
                    hostname = new URL(this.canonicalUrl.get()).getHost();
                } catch (MalformedURLException e) {
                    hostname = SystemReader.getInstance().getHostname();
                }
            } else {
                hostname = SystemReader.getInstance().getHostname();
            }
            preferredEmail = orElseGet + "@" + hostname;
        }
        if (fullName == null || fullName.isEmpty()) {
            int indexOf = preferredEmail.indexOf(64);
            fullName = 0 < indexOf ? preferredEmail.substring(0, indexOf) : this.anonymousCowardName;
        }
        return newPersonIdent(fullName, preferredEmail, instant, timeZone);
    }

    public String toString() {
        return "IdentifiedUser[account " + getAccountId() + "]";
    }

    @Override // com.google.gerrit.server.CurrentUser
    public boolean isIdentifiedUser() {
        return true;
    }

    public IdentifiedUser materializedCopy() {
        Provider provider;
        try {
            provider = Providers.of(this.remotePeerProvider.get());
        } catch (OutOfScopeException | ProvisionException e) {
            provider = () -> {
                throw e;
            };
        }
        return new IdentifiedUser(this.authConfig, this.realm, this.anonymousCowardName, Providers.of(this.canonicalUrl.get()), this.accountCache, this.groupBackend, this.enablePeerIPInReflogRecord, provider, this.state, this.realUser);
    }

    @Override // com.google.gerrit.server.CurrentUser
    public boolean hasSameAccountId(CurrentUser currentUser) {
        return getAccountId().get() == currentUser.getAccountId().get();
    }

    private String guessHost() {
        String str = null;
        Object obj = null;
        try {
            obj = (SocketAddress) this.remotePeerProvider.get();
        } catch (OutOfScopeException | ProvisionException e) {
        }
        if (obj instanceof InetSocketAddress) {
            InetSocketAddress inetSocketAddress = (InetSocketAddress) obj;
            InetAddress address = inetSocketAddress.getAddress();
            str = address != null ? address.getHostAddress() : inetSocketAddress.getHostName();
        }
        return Strings.isNullOrEmpty(str) ? UnknownCommandFactory.FACTORY_NAME : str;
    }

    private static PersonIdent newPersonIdent(String str, String str2, Instant instant, TimeZone timeZone) {
        return new PersonIdent(str, str2, instant.toEpochMilli(), timeZone.getOffset(instant.toEpochMilli()) / 60000);
    }
}
