package org.neo4j.server.security.enterprise.auth;

import java.io.IOException;
import java.util.Set;
import java.util.stream.Stream;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.procedure.Description;
import org.neo4j.procedure.Mode;
import org.neo4j.procedure.Name;
import org.neo4j.procedure.Procedure;
import org.neo4j.server.security.enterprise.auth.AuthProceduresBase;

/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/UserManagementProcedures.class */
public class UserManagementProcedures extends AuthProceduresBase {
    @Procedure(name = "dbms.security.createUser", mode = Mode.DBMS)
    @Description("Create a new user.")
    public void createUser(@Name("username") String str, @Name("password") String str2, @Name(value = "requirePasswordChange", defaultValue = "true") boolean z) throws InvalidArgumentsException, IOException {
        this.securityContext.assertCredentialsNotExpired();
        this.userManager.newUser(str, str2, z);
    }

    @Procedure(name = "dbms.changePassword", mode = Mode.DBMS, deprecatedBy = "dbms.security.changePassword")
    @Deprecated
    @Description("Change the current user's password. Deprecated by dbms.security.changePassword.")
    public void changePasswordDeprecated(@Name("password") String str) throws InvalidArgumentsException, IOException {
        changePassword(str, false);
    }

    @Procedure(name = "dbms.security.changePassword", mode = Mode.DBMS)
    @Description("Change the current user's password.")
    public void changePassword(@Name("password") String str, @Name(value = "requirePasswordChange", defaultValue = "false") boolean z) throws InvalidArgumentsException, IOException {
        setUserPassword(this.securityContext.subject().username(), str, z);
    }

    @Procedure(name = "dbms.security.changeUserPassword", mode = Mode.DBMS)
    @Description("Change the given user's password.")
    public void changeUserPassword(@Name("username") String str, @Name("newPassword") String str2, @Name(value = "requirePasswordChange", defaultValue = "true") boolean z) throws InvalidArgumentsException, IOException {
        this.securityContext.assertCredentialsNotExpired();
        setUserPassword(str, str2, z);
    }

    @Procedure(name = "dbms.security.addRoleToUser", mode = Mode.DBMS)
    @Description("Assign a role to the user.")
    public void addRoleToUser(@Name("roleName") String str, @Name("username") String str2) throws IOException, InvalidArgumentsException {
        this.securityContext.assertCredentialsNotExpired();
        this.userManager.addRoleToUser(str, str2);
    }

    @Procedure(name = "dbms.security.removeRoleFromUser", mode = Mode.DBMS)
    @Description("Unassign a role from the user.")
    public void removeRoleFromUser(@Name("roleName") String str, @Name("username") String str2) throws InvalidArgumentsException, IOException {
        this.securityContext.assertCredentialsNotExpired();
        this.userManager.removeRoleFromUser(str, str2);
    }

    @Procedure(name = "dbms.security.deleteUser", mode = Mode.DBMS)
    @Description("Delete the specified user.")
    public void deleteUser(@Name("username") String str) throws InvalidArgumentsException, IOException {
        this.securityContext.assertCredentialsNotExpired();
        if (this.userManager.deleteUser(str)) {
            kickoutUser(str, "deletion");
        }
    }

    @Procedure(name = "dbms.security.suspendUser", mode = Mode.DBMS)
    @Description("Suspend the specified user.")
    public void suspendUser(@Name("username") String str) throws IOException, InvalidArgumentsException {
        this.securityContext.assertCredentialsNotExpired();
        this.userManager.suspendUser(str);
        kickoutUser(str, "suspension");
    }

    @Procedure(name = "dbms.security.activateUser", mode = Mode.DBMS)
    @Description("Activate a suspended user.")
    public void activateUser(@Name("username") String str, @Name(value = "requirePasswordChange", defaultValue = "true") boolean z) throws IOException, InvalidArgumentsException {
        this.securityContext.assertCredentialsNotExpired();
        this.userManager.activateUser(str, z);
    }

    @Procedure(name = "dbms.security.listUsers", mode = Mode.DBMS)
    @Description("List all local users.")
    public Stream<AuthProceduresBase.UserResult> listUsers() throws InvalidArgumentsException, IOException {
        this.securityContext.assertCredentialsNotExpired();
        Set allUsernames = this.userManager.getAllUsernames();
        return allUsernames.isEmpty() ? Stream.of(userResultForSubject()) : allUsernames.stream().map(this::userResultForName);
    }

    @Procedure(name = "dbms.security.listRoles", mode = Mode.DBMS)
    @Description("List all available roles.")
    public Stream<AuthProceduresBase.RoleResult> listRoles() throws InvalidArgumentsException, IOException {
        this.securityContext.assertCredentialsNotExpired();
        return this.userManager.getAllRoleNames().stream().map(this::roleResultForName);
    }

    @Procedure(name = "dbms.security.listRolesForUser", mode = Mode.DBMS)
    @Description("List all roles assigned to the specified user.")
    public Stream<AuthProceduresBase.StringResult> listRolesForUser(@Name("username") String str) throws InvalidArgumentsException, IOException {
        this.securityContext.assertCredentialsNotExpired();
        return this.userManager.getRoleNamesForUser(str).stream().map(AuthProceduresBase.StringResult::new);
    }

    @Procedure(name = "dbms.security.listUsersForRole", mode = Mode.DBMS)
    @Description("List all users currently assigned the specified role.")
    public Stream<AuthProceduresBase.StringResult> listUsersForRole(@Name("roleName") String str) throws InvalidArgumentsException, IOException {
        this.securityContext.assertCredentialsNotExpired();
        return this.userManager.getUsernamesForRole(str).stream().map(AuthProceduresBase.StringResult::new);
    }

    @Procedure(name = "dbms.security.createRole", mode = Mode.DBMS)
    @Description("Create a new role.")
    public void createRole(@Name("roleName") String str) throws InvalidArgumentsException, IOException {
        this.securityContext.assertCredentialsNotExpired();
        this.userManager.newRole(str, new String[0]);
    }

    @Procedure(name = "dbms.security.deleteRole", mode = Mode.DBMS)
    @Description("Delete the specified role. Any role assignments will be removed.")
    public void deleteRole(@Name("roleName") String str) throws InvalidArgumentsException, IOException {
        this.securityContext.assertCredentialsNotExpired();
        this.userManager.deleteRole(str);
    }

    private void setUserPassword(String str, String str2, boolean z) throws IOException, InvalidArgumentsException {
        this.userManager.setUserPassword(str, str2, z);
        if (this.securityContext.subject().hasUsername(str)) {
            this.securityContext.subject().setPasswordChangeNoLongerRequired();
        }
    }
}
