package org.neo4j.server.security.enterprise.auth;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.FileAttribute;
import java.util.regex.Pattern;
import org.neo4j.logging.Log;
import org.neo4j.logging.LogProvider;
import org.neo4j.server.security.enterprise.auth.RoleSerialization;

/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/FileRoleRepository.class */
public class FileRoleRepository extends AbstractRoleRepository {
    private final Path roleFile;
    private final Log log;
    private final RoleSerialization serialization = new RoleSerialization();
    private final Pattern roleNamePattern = Pattern.compile("^[a-zA-Z0-9_]+$");

    public FileRoleRepository(Path path, LogProvider logProvider) {
        this.roleFile = path.toAbsolutePath();
        this.log = logProvider.getLog(getClass());
    }

    public void start() throws Throwable {
        if (Files.exists(this.roleFile, new LinkOption[0])) {
            loadRolesFromFile();
        }
    }

    @Override // org.neo4j.server.security.enterprise.auth.RoleRepository
    public boolean isValidRoleName(String str) {
        return this.roleNamePattern.matcher(str).matches();
    }

    @Override // org.neo4j.server.security.enterprise.auth.AbstractRoleRepository
    protected void saveRoles() throws IOException {
        saveRolesToFile();
    }

    private void saveRolesToFile() throws IOException {
        Path parent = this.roleFile.getParent();
        if (!Files.exists(parent, new LinkOption[0])) {
            Files.createDirectories(parent, new FileAttribute[0]);
        }
        Path createTempFile = Files.createTempFile(parent, this.roleFile.getFileName().toString() + "-", ".tmp", new FileAttribute[0]);
        try {
            Files.write(createTempFile, this.serialization.serialize(this.roles), new OpenOption[0]);
            Files.move(createTempFile, this.roleFile, StandardCopyOption.ATOMIC_MOVE, StandardCopyOption.REPLACE_EXISTING);
        } catch (Throwable th) {
            Files.delete(createTempFile);
            throw th;
        }
    }

    private void loadRolesFromFile() throws IOException {
        try {
            this.roles = this.serialization.deserializeRoles(Files.readAllBytes(this.roleFile));
            for (RoleRecord roleRecord : this.roles) {
                this.rolesByName.put(roleRecord.name(), roleRecord);
                populateUserMap(roleRecord);
            }
        } catch (RoleSerialization.FormatException e) {
            this.log.error("Failed to read role file \"%s\" (%s)", new Object[]{this.roleFile.toAbsolutePath(), e.getMessage()});
            throw new IllegalStateException("Failed to read role file: " + this.roleFile);
        }
    }
}
