package oracle.kv.impl.admin.plan.task;

import com.sleepycat.je.Transaction;
import com.sleepycat.persist.model.Persistent;
import java.util.Arrays;
import java.util.concurrent.TimeUnit;
import oracle.kv.AuthenticationRequiredException;
import oracle.kv.UnauthorizedException;
import oracle.kv.impl.admin.IllegalCommandException;
import oracle.kv.impl.admin.param.GlobalParams;
import oracle.kv.impl.admin.plan.SecurityMetadataPlan;
import oracle.kv.impl.fault.ClientAccessException;
import oracle.kv.impl.security.ExecutionContext;
import oracle.kv.impl.security.KVStoreUserPrincipal;
import oracle.kv.impl.security.SystemPrivilege;
import oracle.kv.impl.security.metadata.KVStoreUser;
import oracle.kv.impl.security.metadata.SecurityMetadata;
import oracle.kv.impl.security.util.SecurityUtils;
import oracle.kv.impl.test.TestStatus;

@Persistent(version = 1)
/* loaded from: input_file:oracle/kv/impl/admin/plan/task/ChangeUser.class */
public class ChangeUser extends UpdateMetadata<SecurityMetadata> {
    private static final long serialVersionUID = 1;
    private String userName;
    private Boolean isEnabled;
    private char[] plainPassword;
    private boolean retainPassword;
    private boolean clearRetainedPassword;
    private Long pwdLifetime;

    public ChangeUser(SecurityMetadataPlan securityMetadataPlan, String str, Boolean bool, char[] cArr, boolean z, boolean z2, Long l) {
        super(securityMetadataPlan);
        SecurityMetadata metadata = securityMetadataPlan.getMetadata();
        if (metadata == null || metadata.getUser(str) == null) {
            throw new IllegalCommandException("User with name " + str + " does not exist!");
        }
        KVStoreUser user = metadata.getUser(str);
        ExecutionContext current = ExecutionContext.getCurrent();
        if (current != null) {
            KVStoreUserPrincipal subjectUserPrincipal = ExecutionContext.getSubjectUserPrincipal(current.requestorSubject());
            if (subjectUserPrincipal != null && !user.getElementId().equals(subjectUserPrincipal.getUserId()) && !current.hasPrivilege(SystemPrivilege.SYSOPER)) {
                throw new ClientAccessException(new UnauthorizedException("Admin privilege is required in order to modify other users."));
            }
        } else if (!TestStatus.isActive()) {
            throw new ClientAccessException(new AuthenticationRequiredException("Authentication required for access", false));
        }
        if (bool != null && !bool.booleanValue() && metadata.isLastSysadminUser(str)) {
            throw new IllegalCommandException("Cannot disable the last enabled admin user " + str);
        }
        if (user.getUserType() == KVStoreUser.UserType.EXTERNAL && (cArr != null || z || z2 || l != null)) {
            throw new IllegalCommandException("Cannot change the password or lifetime for external user");
        }
        if (!z2 && z && metadata.getUser(str).retainedPasswordValid()) {
            throw new IllegalCommandException("Could not retain password: existing retained password should be cleared first.");
        }
        Utils.checkAlterUserPwPolicies(cArr, securityMetadataPlan.getAdmin(), user.mo712clone());
        this.userName = str;
        this.isEnabled = bool;
        this.plainPassword = cArr == null ? null : Arrays.copyOf(cArr, cArr.length);
        this.retainPassword = z;
        this.clearRetainedPassword = z2;
        this.pwdLifetime = l;
    }

    private ChangeUser() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // oracle.kv.impl.admin.plan.task.UpdateMetadata
    public SecurityMetadata updateMetadata(SecurityMetadata securityMetadata, Transaction transaction) {
        if (securityMetadata.getUser(this.userName) == null) {
            return null;
        }
        KVStoreUser mo712clone = securityMetadata.getUser(this.userName).mo712clone();
        if (this.isEnabled != null) {
            mo712clone.setEnabled(this.isEnabled.booleanValue());
        }
        if (this.clearRetainedPassword || !mo712clone.retainedPasswordValid()) {
            mo712clone.clearRetainedPassword();
        }
        if (this.plainPassword != null) {
            if (this.retainPassword) {
                try {
                    mo712clone.retainPassword();
                    mo712clone.getRetainedPassword().setLifetime(TimeUnit.MILLISECONDS.convert(24L, TimeUnit.HOURS));
                } catch (IllegalStateException e) {
                }
            } else {
                mo712clone.clearRetainedPassword();
            }
            GlobalParams globalParams = getPlan().getAdmin().getParams().getGlobalParams();
            mo712clone.setPassword(((SecurityMetadataPlan) getPlan()).makeDefaultHashDigest(this.plainPassword)).setPasswordLifetime(globalParams.getPasswordDefaultLifeTimeUnit().toMillis(globalParams.getPasswordDefaultLifeTime()));
            SecurityUtils.clearPassword(this.plainPassword);
        }
        if (this.pwdLifetime != null) {
            mo712clone.setPasswordLifetime(this.pwdLifetime.longValue());
        }
        securityMetadata.updateUser(mo712clone.getElementId(), mo712clone);
        getPlan().getAdmin().saveMetadata(securityMetadata, transaction);
        return securityMetadata;
    }

    @Override // oracle.kv.impl.admin.plan.task.UpdateMetadata, oracle.kv.impl.admin.plan.task.AbstractTask, oracle.kv.impl.admin.plan.task.Task
    public boolean logicalCompare(Task task) {
        if (this == task) {
            return true;
        }
        if (task == null || getClass() != task.getClass()) {
            return false;
        }
        ChangeUser changeUser = (ChangeUser) task;
        if (this.userName.equals(changeUser.userName) && this.isEnabled == changeUser.isEnabled && Arrays.equals(this.plainPassword, changeUser.plainPassword) && this.retainPassword == changeUser.retainPassword && this.clearRetainedPassword == changeUser.clearRetainedPassword) {
            return this.pwdLifetime == null ? changeUser.pwdLifetime == null : this.pwdLifetime.equals(changeUser.pwdLifetime);
        }
        return false;
    }
}
