package org.neo4j.server.security.auth;

import java.io.IOException;
import java.time.Clock;
import java.util.Map;
import java.util.Set;
import org.neo4j.graphdb.security.AuthorizationViolationException;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.kernel.api.security.AuthManager;
import org.neo4j.kernel.api.security.AuthSubject;
import org.neo4j.kernel.api.security.AuthToken;
import org.neo4j.kernel.api.security.AuthenticationResult;
import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;
import org.neo4j.server.security.auth.User;
import org.neo4j.server.security.auth.exception.ConcurrentModificationException;

/* loaded from: input_file:org/neo4j/server/security/auth/BasicAuthManager.class */
public class BasicAuthManager implements AuthManager, UserManager, UserManagerSupplier {
    protected final AuthenticationStrategy authStrategy;
    protected final UserRepository userRepository;
    protected final PasswordPolicy passwordPolicy;
    private final UserRepository initialUserRepository;

    public BasicAuthManager(UserRepository userRepository, PasswordPolicy passwordPolicy, AuthenticationStrategy authenticationStrategy, UserRepository userRepository2) {
        this.userRepository = userRepository;
        this.passwordPolicy = passwordPolicy;
        this.authStrategy = authenticationStrategy;
        this.initialUserRepository = userRepository2;
    }

    public BasicAuthManager(UserRepository userRepository, PasswordPolicy passwordPolicy, Clock clock, UserRepository userRepository2) {
        this(userRepository, passwordPolicy, new RateLimitedAuthenticationStrategy(clock, 3), userRepository2);
    }

    public void init() throws Throwable {
        this.userRepository.init();
        this.initialUserRepository.init();
    }

    public void start() throws Throwable {
        User userByName;
        this.userRepository.start();
        this.initialUserRepository.start();
        if (this.userRepository.numberOfUsers() == 0) {
            User newUser = newUser(UserManager.INITIAL_USER_NAME, UserManager.INITIAL_USER_NAME, true);
            if (this.initialUserRepository.numberOfUsers() <= 0 || (userByName = this.initialUserRepository.getUserByName(UserManager.INITIAL_USER_NAME)) == null) {
                return;
            }
            this.userRepository.update(newUser, userByName);
        }
    }

    public void stop() throws Throwable {
        this.userRepository.stop();
        this.initialUserRepository.stop();
    }

    public void shutdown() throws Throwable {
        this.userRepository.shutdown();
        this.initialUserRepository.shutdown();
    }

    public BasicAuthSubject login(Map<String, Object> map) throws InvalidAuthTokenException {
        String safeCast = AuthToken.safeCast("scheme", map);
        if (!safeCast.equals("basic")) {
            throw new InvalidAuthTokenException("Unsupported authentication scheme '" + safeCast + "'.");
        }
        String safeCast2 = AuthToken.safeCast("principal", map);
        String safeCast3 = AuthToken.safeCast("credentials", map);
        User userByName = this.userRepository.getUserByName(safeCast2);
        AuthenticationResult authenticationResult = AuthenticationResult.FAILURE;
        if (userByName != null) {
            authenticationResult = this.authStrategy.authenticate(userByName, safeCast3);
            if (authenticationResult == AuthenticationResult.SUCCESS && userByName.passwordChangeRequired()) {
                authenticationResult = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
            }
        }
        return new BasicAuthSubject(this, userByName, authenticationResult);
    }

    @Override // org.neo4j.server.security.auth.UserManager
    public User newUser(String str, String str2, boolean z) throws IOException, InvalidArgumentsException {
        this.userRepository.assertValidUsername(str);
        this.passwordPolicy.validatePassword(str2);
        User build = new User.Builder().withName(str).withCredentials(Credential.forPassword(str2)).withRequiredPasswordChange(z).build();
        this.userRepository.create(build);
        return build;
    }

    @Override // org.neo4j.server.security.auth.UserManager
    public boolean deleteUser(String str) throws IOException, InvalidArgumentsException {
        User user = getUser(str);
        return user != null && this.userRepository.delete(user);
    }

    @Override // org.neo4j.server.security.auth.UserManager
    public User getUser(String str) throws InvalidArgumentsException {
        User userByName = this.userRepository.getUserByName(str);
        if (userByName == null) {
            throw new InvalidArgumentsException("User '" + str + "' does not exist.");
        }
        return userByName;
    }

    @Override // org.neo4j.server.security.auth.UserManager
    public User silentlyGetUser(String str) {
        return this.userRepository.getUserByName(str);
    }

    public void setPassword(AuthSubject authSubject, String str, String str2, boolean z) throws IOException, InvalidArgumentsException {
        if (!BasicAuthSubject.castOrFail(authSubject).hasUsername(str)) {
            throw new AuthorizationViolationException("Invalid attempt to change the password for user " + str);
        }
        setUserPassword(str, str2, z);
    }

    @Override // org.neo4j.server.security.auth.UserManager
    public void setUserPassword(String str, String str2, boolean z) throws IOException, InvalidArgumentsException {
        User user = getUser(str);
        this.passwordPolicy.validatePassword(str2);
        if (user.credentials().matchesPassword(str2)) {
            throw new InvalidArgumentsException("Old password and new password cannot be the same.");
        }
        try {
            this.userRepository.update(user, user.augment().withCredentials(Credential.forPassword(str2)).withRequiredPasswordChange(z).build());
        } catch (ConcurrentModificationException e) {
            setUserPassword(str, str2, z);
        }
    }

    @Override // org.neo4j.server.security.auth.UserManager
    public Set<String> getAllUsernames() {
        return this.userRepository.getAllUsernames();
    }

    @Override // org.neo4j.server.security.auth.UserManagerSupplier
    public UserManager getUserManager(AuthSubject authSubject) {
        return this;
    }

    @Override // org.neo4j.server.security.auth.UserManagerSupplier
    public UserManager getUserManager() {
        return this;
    }

    /* renamed from: login, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ AuthSubject m0login(Map map) throws InvalidAuthTokenException {
        return login((Map<String, Object>) map);
    }
}
