package org.neo4j.server.security.auth;

import java.io.IOException;
import java.time.Clock;
import org.neo4j.graphdb.security.AuthorizationViolationException;
import org.neo4j.kernel.api.security.AuthManager;
import org.neo4j.kernel.api.security.AuthSubject;
import org.neo4j.kernel.api.security.AuthenticationResult;
import org.neo4j.kernel.api.security.exception.IllegalCredentialsException;
import org.neo4j.server.security.auth.User;
import org.neo4j.server.security.auth.exception.ConcurrentModificationException;

/* loaded from: input_file:org/neo4j/server/security/auth/BasicAuthManager.class */
public class BasicAuthManager implements AuthManager, UserManager {
    private final AuthenticationStrategy authStrategy;
    private final UserRepository users;
    private final boolean authEnabled;

    public BasicAuthManager(UserRepository userRepository, AuthenticationStrategy authenticationStrategy, boolean z) {
        this.users = userRepository;
        this.authStrategy = authenticationStrategy;
        this.authEnabled = z;
    }

    public BasicAuthManager(UserRepository userRepository, AuthenticationStrategy authenticationStrategy) {
        this(userRepository, authenticationStrategy, true);
    }

    public BasicAuthManager(UserRepository userRepository, Clock clock, boolean z) {
        this(userRepository, new RateLimitedAuthenticationStrategy(clock, 3), z);
    }

    public void init() throws Throwable {
        this.users.init();
    }

    public void start() throws Throwable {
        this.users.start();
        if (this.authEnabled && this.users.numberOfUsers() == 0) {
            newUser("neo4j", "neo4j", true);
        }
    }

    public void stop() throws Throwable {
        this.users.stop();
    }

    public void shutdown() throws Throwable {
        this.users.shutdown();
    }

    public AuthenticationResult authenticate(String str, String str2) {
        return login(str, str2).getAuthenticationResult();
    }

    public AuthSubject login(String str, String str2) {
        assertAuthEnabled();
        User findByName = this.users.findByName(str);
        AuthenticationResult authenticationResult = AuthenticationResult.FAILURE;
        if (findByName != null) {
            authenticationResult = this.authStrategy.authenticate(findByName, str2);
            if (authenticationResult == AuthenticationResult.SUCCESS && findByName.passwordChangeRequired()) {
                authenticationResult = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
            }
        }
        return new BasicAuthSubject(this, findByName, authenticationResult);
    }

    @Override // org.neo4j.server.security.auth.UserManager
    public User newUser(String str, String str2, boolean z) throws IOException, IllegalCredentialsException {
        assertAuthEnabled();
        assertValidName(str);
        User build = new User.Builder().withName(str).withCredentials(Credential.forPassword(str2)).withRequiredPasswordChange(z).build();
        this.users.create(build);
        return build;
    }

    @Override // org.neo4j.server.security.auth.UserManager
    public boolean deleteUser(String str) throws IOException {
        assertAuthEnabled();
        User findByName = this.users.findByName(str);
        return findByName != null && this.users.delete(findByName);
    }

    @Override // org.neo4j.server.security.auth.UserManager
    public User getUser(String str) {
        assertAuthEnabled();
        return this.users.findByName(str);
    }

    public void setPassword(AuthSubject authSubject, String str, String str2) throws IOException, IllegalCredentialsException {
        if (!(authSubject instanceof BasicAuthSubject)) {
            throw new IllegalArgumentException("Incorrect AuthSubject type " + authSubject.getClass().getTypeName());
        }
        if (!((BasicAuthSubject) authSubject).doesUsernameMatch(str)) {
            throw new AuthorizationViolationException("Invalid attempt to change the password for user " + str);
        }
        setUserPassword(str, str2);
    }

    @Override // org.neo4j.server.security.auth.UserManager
    public void setUserPassword(String str, String str2) throws IOException, IllegalCredentialsException {
        assertAuthEnabled();
        User findByName = this.users.findByName(str);
        if (findByName == null) {
            throw new IllegalCredentialsException("User " + str + " does not exist");
        }
        if (findByName.credentials().matchesPassword(str2)) {
            return;
        }
        try {
            this.users.update(findByName, findByName.augment().withCredentials(Credential.forPassword(str2)).withRequiredPasswordChange(false).build());
        } catch (ConcurrentModificationException e) {
            setUserPassword(str, str2);
        }
    }

    private void assertAuthEnabled() {
        if (!this.authEnabled) {
            throw new IllegalStateException("Auth not enabled");
        }
    }

    private void assertValidName(String str) {
        if (!this.users.isValidName(str)) {
            throw new IllegalArgumentException("User name contains illegal characters. Please use simple ascii characters and numbers.");
        }
    }
}
