package org.neo4j.server.security.enterprise.auth;

import java.io.IOException;
import java.util.Collection;
import java.util.Iterator;
import org.apache.shiro.authz.AuthorizationInfo;
import org.neo4j.graphdb.security.AuthorizationViolationException;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.kernel.api.security.AccessMode;
import org.neo4j.kernel.api.security.AuthSubject;
import org.neo4j.kernel.api.security.AuthenticationResult;
import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthSubject;
import org.neo4j.kernel.impl.api.security.AccessModeSnapshot;

/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/StandardEnterpriseAuthSubject.class */
class StandardEnterpriseAuthSubject implements EnterpriseAuthSubject {
    private static final String SCHEMA_READ_WRITE = "schema:read,write";
    private static final String READ_WRITE = "data:read,write";
    private static final String READ = "data:read";
    private final MultiRealmAuthManager authManager;
    private final ShiroSubject shiroSubject;
    private Collection<AuthorizationInfo> authorizationInfoSnapshot;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static StandardEnterpriseAuthSubject castOrFail(AuthSubject authSubject) {
        return (StandardEnterpriseAuthSubject) EnterpriseAuthSubject.castOrFail(StandardEnterpriseAuthSubject.class, authSubject);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public StandardEnterpriseAuthSubject(MultiRealmAuthManager multiRealmAuthManager, ShiroSubject shiroSubject) {
        this.authManager = multiRealmAuthManager;
        this.shiroSubject = shiroSubject;
    }

    public void ensureUserExistsWithName(String str) throws InvalidArgumentsException {
        getUserManager().getUser(str);
    }

    public void logout() {
        this.shiroSubject.logout();
    }

    public AuthenticationResult getAuthenticationResult() {
        return this.shiroSubject.getAuthenticationResult();
    }

    public void setPassword(String str, boolean z) throws IOException, InvalidArgumentsException {
        getUserManager().setUserPassword(this.shiroSubject.getPrincipal().toString(), str, z);
        setPasswordChangeNoLongerRequired();
    }

    public void setPasswordChangeNoLongerRequired() {
        if (getAuthenticationResult() == AuthenticationResult.PASSWORD_CHANGE_REQUIRED) {
            this.shiroSubject.setAuthenticationResult(AuthenticationResult.SUCCESS);
        }
    }

    public boolean allowsProcedureWith(String[] strArr) throws InvalidArgumentsException {
        Iterator<AuthorizationInfo> it = this.authorizationInfoSnapshot.iterator();
        while (it.hasNext()) {
            Collection roles = it.next().getRoles();
            if (roles != null) {
                for (String str : strArr) {
                    if (roles.contains(str)) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    public EnterpriseUserManager getUserManager() {
        return this.authManager.mo1getUserManager((AuthSubject) this);
    }

    public boolean isAdmin() {
        return this.shiroSubject.isAuthenticated() && this.shiroSubject.isPermitted("*");
    }

    public boolean hasUsername(String str) {
        Object principal = this.shiroSubject.getPrincipal();
        return (principal == null || str == null || !str.equals(principal)) ? false : true;
    }

    public boolean allowsReads() {
        return this.shiroSubject.isAuthenticated() && this.shiroSubject.isPermitted(READ);
    }

    public boolean allowsWrites() {
        return this.shiroSubject.isAuthenticated() && this.shiroSubject.isPermitted(READ_WRITE);
    }

    public boolean allowsSchemaWrites() {
        return this.shiroSubject.isAuthenticated() && this.shiroSubject.isPermitted(SCHEMA_READ_WRITE);
    }

    public AuthorizationViolationException onViolation(String str) {
        return this.shiroSubject.getAuthenticationResult() == AuthenticationResult.PASSWORD_CHANGE_REQUIRED ? AccessMode.Static.CREDENTIALS_EXPIRED.onViolation(str) : new AuthorizationViolationException(str);
    }

    public String name() {
        String username = username();
        return username.isEmpty() ? "<missing_principal>" : username;
    }

    public String username() {
        Object principal = this.shiroSubject.getPrincipal();
        return principal != null ? principal.toString() : "";
    }

    public AccessMode getSnapshot() {
        this.authorizationInfoSnapshot = this.authManager.getAuthorizationInfo(this.shiroSubject.getPrincipals());
        return AccessModeSnapshot.create(this);
    }
}
