package org.neo4j.server.security.enterprise.auth;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.stream.Stream;
import org.neo4j.graphdb.security.AuthorizationViolationException;
import org.neo4j.kernel.api.security.AuthSubject;
import org.neo4j.kernel.api.security.exception.IllegalCredentialsException;
import org.neo4j.procedure.Context;
import org.neo4j.procedure.Name;
import org.neo4j.procedure.PerformsDBMS;
import org.neo4j.procedure.Procedure;

/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/AuthProcedures.class */
public class AuthProcedures {
    public static final String PERMISSION_DENIED = "Permission denied";

    @Context
    public AuthSubject authSubject;

    /* loaded from: input_file:org/neo4j/server/security/enterprise/auth/AuthProcedures$RoleResult.class */
    public class RoleResult {
        public final String role;
        public final List<String> users = new ArrayList();

        public RoleResult(String str, Set<String> set) {
            this.role = str;
            this.users.addAll(set);
        }
    }

    /* loaded from: input_file:org/neo4j/server/security/enterprise/auth/AuthProcedures$StringResult.class */
    public class StringResult {
        public final String value;

        public StringResult(String str) {
            this.value = str;
        }
    }

    /* loaded from: input_file:org/neo4j/server/security/enterprise/auth/AuthProcedures$UserResult.class */
    public class UserResult {
        public final String username;
        public final List<String> roles = new ArrayList();

        public UserResult(String str, Set<String> set) {
            this.username = str;
            this.roles.addAll(set);
        }
    }

    @Procedure("dbms.createUser")
    @PerformsDBMS
    public void createUser(@Name("username") String str, @Name("password") String str2, @Name("requirePasswordChange") boolean z) throws IllegalCredentialsException, IOException {
        ShiroAuthSubject castOrFail = ShiroAuthSubject.castOrFail(this.authSubject);
        if (!castOrFail.isAdmin()) {
            throw new AuthorizationViolationException(PERMISSION_DENIED);
        }
        castOrFail.getUserManager().newUser(str, str2, z);
    }

    @Procedure("dbms.changeUserPassword")
    @PerformsDBMS
    public void changeUserPassword(@Name("username") String str, @Name("newPassword") String str2) throws IllegalCredentialsException, IOException {
        ShiroAuthSubject castOrFail = ShiroAuthSubject.castOrFail(this.authSubject);
        if (castOrFail.doesUsernameMatch(str)) {
            castOrFail.getUserManager().setPassword(castOrFail, str, str2);
        } else {
            if (!castOrFail.isAdmin()) {
                throw new AuthorizationViolationException(PERMISSION_DENIED);
            }
            castOrFail.getUserManager().setUserPassword(str, str2);
        }
    }

    @Procedure("dbms.addUserToRole")
    @PerformsDBMS
    public void addUserToRole(@Name("username") String str, @Name("roleName") String str2) throws IOException {
        ShiroAuthSubject castOrFail = ShiroAuthSubject.castOrFail(this.authSubject);
        if (!castOrFail.isAdmin()) {
            throw new AuthorizationViolationException(PERMISSION_DENIED);
        }
        castOrFail.getRoleManager().addUserToRole(str, str2);
    }

    @Procedure("dbms.removeUserFromRole")
    @PerformsDBMS
    public void removeUserFromRole(@Name("username") String str, @Name("roleName") String str2) throws IllegalCredentialsException, IOException {
        ShiroAuthSubject castOrFail = ShiroAuthSubject.castOrFail(this.authSubject);
        if (!castOrFail.isAdmin()) {
            throw new AuthorizationViolationException(PERMISSION_DENIED);
        }
        castOrFail.getRoleManager().removeUserFromRole(str, str2);
    }

    @Procedure("dbms.deleteUser")
    @PerformsDBMS
    public void deleteUser(@Name("username") String str) throws IllegalCredentialsException, IOException {
        ShiroAuthSubject castOrFail = ShiroAuthSubject.castOrFail(this.authSubject);
        if (!castOrFail.isAdmin()) {
            throw new AuthorizationViolationException(PERMISSION_DENIED);
        }
        castOrFail.getUserManager().deleteUser(str);
    }

    @Procedure("dbms.suspendUser")
    @PerformsDBMS
    public void suspendUser(@Name("username") String str) throws IOException {
        ShiroAuthSubject castOrFail = ShiroAuthSubject.castOrFail(this.authSubject);
        if (!castOrFail.isAdmin()) {
            throw new AuthorizationViolationException(PERMISSION_DENIED);
        }
        castOrFail.getUserManager().suspendUser(str);
    }

    @Procedure("dbms.activateUser")
    @PerformsDBMS
    public void activateUser(@Name("username") String str) throws IOException {
        ShiroAuthSubject castOrFail = ShiroAuthSubject.castOrFail(this.authSubject);
        if (!castOrFail.isAdmin()) {
            throw new AuthorizationViolationException(PERMISSION_DENIED);
        }
        castOrFail.getUserManager().activateUser(str);
    }

    @Procedure("dbms.showCurrentUser")
    @PerformsDBMS
    public Stream<UserResult> showCurrentUser() throws IllegalCredentialsException, IOException {
        ShiroAuthSubject castOrFail = ShiroAuthSubject.castOrFail(this.authSubject);
        return Stream.of(new UserResult(castOrFail.name(), castOrFail.getRoleManager().getRoleNamesForUser(castOrFail.name())));
    }

    @Procedure("dbms.listUsers")
    @PerformsDBMS
    public Stream<UserResult> listUsers() throws IllegalCredentialsException, IOException {
        ShiroAuthSubject castOrFail = ShiroAuthSubject.castOrFail(this.authSubject);
        if (!castOrFail.isAdmin()) {
            throw new AuthorizationViolationException(PERMISSION_DENIED);
        }
        RoleManager roleManager = castOrFail.getRoleManager();
        return castOrFail.getUserManager().getAllUsernames().stream().map(str -> {
            return new UserResult(str, roleManager.getRoleNamesForUser(str));
        });
    }

    @Procedure("dbms.listRoles")
    @PerformsDBMS
    public Stream<RoleResult> listRoles() throws IllegalCredentialsException, IOException {
        ShiroAuthSubject castOrFail = ShiroAuthSubject.castOrFail(this.authSubject);
        if (!castOrFail.isAdmin()) {
            throw new AuthorizationViolationException(PERMISSION_DENIED);
        }
        RoleManager roleManager = castOrFail.getRoleManager();
        return roleManager.getAllRoleNames().stream().map(str -> {
            return new RoleResult(str, roleManager.getUsernamesForRole(str));
        });
    }

    @Procedure("dbms.listRolesForUser")
    @PerformsDBMS
    public Stream<StringResult> listRolesForUser(@Name("username") String str) throws IllegalCredentialsException, IOException {
        ShiroAuthSubject castOrFail = ShiroAuthSubject.castOrFail(this.authSubject);
        if (castOrFail.isAdmin()) {
            return castOrFail.getRoleManager().getRoleNamesForUser(str).stream().map(str2 -> {
                return new StringResult(str2);
            });
        }
        throw new AuthorizationViolationException(PERMISSION_DENIED);
    }

    @Procedure("dbms.listUsersForRole")
    @PerformsDBMS
    public Stream<StringResult> listUsersForRole(@Name("roleName") String str) throws IllegalCredentialsException, IOException {
        ShiroAuthSubject castOrFail = ShiroAuthSubject.castOrFail(this.authSubject);
        if (castOrFail.isAdmin()) {
            return castOrFail.getRoleManager().getUsernamesForRole(str).stream().map(str2 -> {
                return new StringResult(str2);
            });
        }
        throw new AuthorizationViolationException(PERMISSION_DENIED);
    }
}
