package org.neo4j.server.security.enterprise.auth;

import java.io.IOException;
import java.util.Set;
import org.neo4j.graphdb.security.AuthorizationViolationException;
import org.neo4j.internal.kernel.api.security.AuthSubject;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.server.security.enterprise.log.SecurityLog;

/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/PersonalUserManager.class */
class PersonalUserManager implements EnterpriseUserManager {
    private final EnterpriseUserManager userManager;
    private final SecurityLog securityLog;
    private final AuthSubject subject;
    private final boolean isUserManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PersonalUserManager(EnterpriseUserManager enterpriseUserManager, AuthSubject authSubject, SecurityLog securityLog, boolean z) {
        this.userManager = enterpriseUserManager;
        this.securityLog = securityLog;
        this.subject = authSubject;
        this.isUserManager = z;
    }

    public User newUser(String str, String str2, boolean z) throws IOException, InvalidArgumentsException, AuthorizationViolationException {
        try {
            assertUserManager();
            User newUser = this.userManager.newUser(str, str2, z);
            SecurityLog securityLog = this.securityLog;
            AuthSubject authSubject = this.subject;
            Object[] objArr = new Object[2];
            objArr[0] = str;
            objArr[1] = z ? ", with password change required" : "";
            securityLog.info(authSubject, "created user `%s`%s", objArr);
            return newUser;
        } catch (AuthorizationViolationException | IOException | InvalidArgumentsException e) {
            this.securityLog.error(this.subject, "tried to create user `%s`: %s", str, e.getMessage());
            throw e;
        }
    }

    @Override // org.neo4j.server.security.enterprise.auth.EnterpriseUserManager
    public void suspendUser(String str) throws IOException, InvalidArgumentsException, AuthorizationViolationException {
        try {
            assertUserManager();
            if (this.subject.hasUsername(str)) {
                throw new InvalidArgumentsException("Suspending yourself (user '" + str + "') is not allowed.");
            }
            this.userManager.suspendUser(str);
            this.securityLog.info(this.subject, "suspended user `%s`", str);
        } catch (AuthorizationViolationException | IOException | InvalidArgumentsException e) {
            this.securityLog.error(this.subject, "tried to suspend user `%s`: %s", str, e.getMessage());
            throw e;
        }
    }

    public boolean deleteUser(String str) throws IOException, InvalidArgumentsException, AuthorizationViolationException {
        try {
            assertUserManager();
            if (this.subject.hasUsername(str)) {
                throw new InvalidArgumentsException("Deleting yourself (user '" + str + "') is not allowed.");
            }
            boolean deleteUser = this.userManager.deleteUser(str);
            this.securityLog.info(this.subject, "deleted user `%s`", str);
            return deleteUser;
        } catch (AuthorizationViolationException | IOException | InvalidArgumentsException e) {
            this.securityLog.error(this.subject, "tried to delete user `%s`: %s", str, e.getMessage());
            throw e;
        }
    }

    @Override // org.neo4j.server.security.enterprise.auth.EnterpriseUserManager
    public void activateUser(String str, boolean z) throws IOException, InvalidArgumentsException, AuthorizationViolationException {
        try {
            assertUserManager();
            if (this.subject.hasUsername(str)) {
                throw new InvalidArgumentsException("Activating yourself (user '" + str + "') is not allowed.");
            }
            this.userManager.activateUser(str, z);
            this.securityLog.info(this.subject, "activated user `%s`", str);
        } catch (AuthorizationViolationException | IOException | InvalidArgumentsException e) {
            this.securityLog.error(this.subject, "tried to activate user `%s`: %s", str, e.getMessage());
            throw e;
        }
    }

    public User getUser(String str) throws InvalidArgumentsException {
        return this.userManager.getUser(str);
    }

    public User silentlyGetUser(String str) {
        return this.userManager.silentlyGetUser(str);
    }

    @Override // org.neo4j.server.security.enterprise.auth.EnterpriseUserManager
    public RoleRecord newRole(String str, String... strArr) throws IOException, InvalidArgumentsException, AuthorizationViolationException {
        try {
            assertUserManager();
            RoleRecord newRole = this.userManager.newRole(str, strArr);
            this.securityLog.info(this.subject, "created role `%s`", str);
            return newRole;
        } catch (AuthorizationViolationException | IOException | InvalidArgumentsException e) {
            this.securityLog.error(this.subject, "tried to create role `%s`: %s", str, e.getMessage());
            throw e;
        }
    }

    @Override // org.neo4j.server.security.enterprise.auth.EnterpriseUserManager
    public boolean deleteRole(String str) throws IOException, InvalidArgumentsException, AuthorizationViolationException {
        try {
            assertUserManager();
            boolean deleteRole = this.userManager.deleteRole(str);
            this.securityLog.info(this.subject, "deleted role `%s`", str);
            return deleteRole;
        } catch (AuthorizationViolationException | IOException | InvalidArgumentsException e) {
            this.securityLog.error(this.subject, "tried to delete role `%s`: %s", str, e.getMessage());
            throw e;
        }
    }

    public void setUserPassword(String str, String str2, boolean z) throws IOException, InvalidArgumentsException, AuthorizationViolationException {
        if (this.subject.hasUsername(str)) {
            try {
                this.userManager.setUserPassword(str, str2, z);
                SecurityLog securityLog = this.securityLog;
                AuthSubject authSubject = this.subject;
                Object[] objArr = new Object[1];
                objArr[0] = z ? ", with password change required" : "";
                securityLog.info(authSubject, "changed password%s", objArr);
                return;
            } catch (AuthorizationViolationException | IOException | InvalidArgumentsException e) {
                this.securityLog.error(this.subject, "tried to change password: %s", e.getMessage());
                throw e;
            }
        }
        try {
            assertUserManager();
            this.userManager.setUserPassword(str, str2, z);
            SecurityLog securityLog2 = this.securityLog;
            AuthSubject authSubject2 = this.subject;
            Object[] objArr2 = new Object[2];
            objArr2[0] = str;
            objArr2[1] = z ? ", with password change required" : "";
            securityLog2.info(authSubject2, "changed password for user `%s`%s", objArr2);
        } catch (AuthorizationViolationException | IOException | InvalidArgumentsException e2) {
            this.securityLog.error(this.subject, "tried to change password for user `%s`: %s", str, e2.getMessage());
            throw e2;
        }
    }

    public Set<String> getAllUsernames() throws AuthorizationViolationException {
        try {
            assertUserManager();
            return this.userManager.getAllUsernames();
        } catch (AuthorizationViolationException e) {
            this.securityLog.error(this.subject, "tried to list users: %s", e.getMessage());
            throw e;
        }
    }

    @Override // org.neo4j.server.security.enterprise.auth.EnterpriseUserManager
    public RoleRecord getRole(String str) throws InvalidArgumentsException {
        return this.userManager.getRole(str);
    }

    @Override // org.neo4j.server.security.enterprise.auth.EnterpriseUserManager
    public RoleRecord silentlyGetRole(String str) {
        return this.userManager.silentlyGetRole(str);
    }

    @Override // org.neo4j.server.security.enterprise.auth.EnterpriseUserManager
    public void addRoleToUser(String str, String str2) throws IOException, InvalidArgumentsException, AuthorizationViolationException {
        try {
            assertUserManager();
            this.userManager.addRoleToUser(str, str2);
            this.securityLog.info(this.subject, "added role `%s` to user `%s`", str, str2);
        } catch (AuthorizationViolationException | IOException | InvalidArgumentsException e) {
            this.securityLog.error(this.subject, "tried to add role `%s` to user `%s`: %s", str, str2, e.getMessage());
            throw e;
        }
    }

    @Override // org.neo4j.server.security.enterprise.auth.EnterpriseUserManager
    public void removeRoleFromUser(String str, String str2) throws IOException, InvalidArgumentsException, AuthorizationViolationException {
        try {
            assertUserManager();
            if (this.subject.hasUsername(str2) && str.equals("admin")) {
                throw new InvalidArgumentsException("Removing yourself (user '" + str2 + "') from the admin role is not allowed.");
            }
            this.userManager.removeRoleFromUser(str, str2);
            this.securityLog.info(this.subject, "removed role `%s` from user `%s`", str, str2);
        } catch (AuthorizationViolationException | IOException | InvalidArgumentsException e) {
            this.securityLog.error(this.subject, "tried to remove role `%s` from user `%s`: %s", str, str2, e.getMessage());
            throw e;
        }
    }

    @Override // org.neo4j.server.security.enterprise.auth.EnterpriseUserManager
    public Set<String> getAllRoleNames() throws AuthorizationViolationException {
        try {
            assertUserManager();
            return this.userManager.getAllRoleNames();
        } catch (AuthorizationViolationException e) {
            this.securityLog.error(this.subject, "tried to list roles: %s", e.getMessage());
            throw e;
        }
    }

    @Override // org.neo4j.server.security.enterprise.auth.EnterpriseUserManager
    public Set<String> getRoleNamesForUser(String str) throws InvalidArgumentsException, AuthorizationViolationException {
        try {
            assertSelfOrUserManager(str);
            return this.userManager.getRoleNamesForUser(str);
        } catch (AuthorizationViolationException | InvalidArgumentsException e) {
            this.securityLog.error(this.subject, "tried to list roles for user `%s`: %s", str, e.getMessage());
            throw e;
        }
    }

    @Override // org.neo4j.server.security.enterprise.auth.EnterpriseUserManager
    public Set<String> silentlyGetRoleNamesForUser(String str) {
        return this.userManager.silentlyGetRoleNamesForUser(str);
    }

    @Override // org.neo4j.server.security.enterprise.auth.EnterpriseUserManager
    public Set<String> getUsernamesForRole(String str) throws InvalidArgumentsException, AuthorizationViolationException {
        try {
            assertUserManager();
            return this.userManager.getUsernamesForRole(str);
        } catch (AuthorizationViolationException | InvalidArgumentsException e) {
            this.securityLog.error(this.subject, "tried to list users for role `%s`: %s", str, e.getMessage());
            throw e;
        }
    }

    @Override // org.neo4j.server.security.enterprise.auth.EnterpriseUserManager
    public Set<String> silentlyGetUsernamesForRole(String str) {
        return this.userManager.silentlyGetUsernamesForRole(str);
    }

    private void assertSelfOrUserManager(String str) {
        if (this.subject.hasUsername(str)) {
            return;
        }
        assertUserManager();
    }

    private void assertUserManager() throws AuthorizationViolationException {
        if (!this.isUserManager) {
            throw new AuthorizationViolationException("Permission denied.");
        }
    }
}
