package org.neo4j.commandline.admin.security;

import java.io.File;
import java.io.IOException;
import org.neo4j.cli.AbstractCommand;
import org.neo4j.cli.CommandFailedException;
import org.neo4j.cli.ExecutionContext;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.ConfigUtils;
import org.neo4j.configuration.GraphDatabaseSettings;
import org.neo4j.io.fs.FileSystemAbstraction;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.kernel.lifecycle.Lifecycle;
import org.neo4j.kernel.lifecycle.Lifespan;
import org.neo4j.logging.NullLogProvider;
import org.neo4j.server.security.auth.CommunitySecurityModule;
import org.neo4j.server.security.auth.FileUserRepository;
import org.neo4j.server.security.auth.LegacyCredential;
import org.neo4j.server.security.auth.ListSnapshot;
import org.neo4j.string.UTF8;
import org.neo4j.util.VisibleForTesting;
import picocli.CommandLine;

@CommandLine.Command(name = "set-initial-password", description = {"Sets the initial password of the initial admin user ('neo4j'). And removes the requirement to change password on first login."})
/* loaded from: input_file:org/neo4j/commandline/admin/security/SetInitialPasswordCommand.class */
public class SetInitialPasswordCommand extends AbstractCommand {

    @CommandLine.Option(names = {"--require-password-change"}, defaultValue = "false", description = {"Require the user to change their password on first login."})
    private boolean changeRequired;

    @CommandLine.Parameters
    private String password;

    public SetInitialPasswordCommand(ExecutionContext executionContext) {
        super(executionContext);
    }

    public void execute() {
        Config loadNeo4jConfig = loadNeo4jConfig();
        FileSystemAbstraction fs = this.ctx.fs();
        if (realUsersExist(loadNeo4jConfig)) {
            throw new CommandFailedException(realUsersExistErrorMsg(fs, CommunitySecurityModule.getUserRepositoryFile(loadNeo4jConfig)));
        }
        File initialUserRepositoryFile = CommunitySecurityModule.getInitialUserRepositoryFile(loadNeo4jConfig);
        if (fs.fileExists(initialUserRepositoryFile)) {
            fs.deleteFile(initialUserRepositoryFile);
        }
        FileUserRepository fileUserRepository = new FileUserRepository(fs, initialUserRepositoryFile, NullLogProvider.getInstance());
        try {
            fileUserRepository.start();
            fileUserRepository.create(new User.Builder("neo4j", LegacyCredential.forPassword(UTF8.encode(this.password))).withRequiredPasswordChange(this.changeRequired).build());
            fileUserRepository.shutdown();
            this.ctx.out().println("Changed password for user 'neo4j'.");
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private boolean realUsersExist(Config config) {
        boolean z = false;
        File userRepositoryFile = CommunitySecurityModule.getUserRepositoryFile(config);
        if (this.ctx.fs().fileExists(userRepositoryFile)) {
            z = true;
            FileUserRepository fileUserRepository = new FileUserRepository(this.ctx.fs(), userRepositoryFile, NullLogProvider.getInstance());
            try {
                Lifespan lifespan = new Lifespan(new Lifecycle[]{fileUserRepository});
                try {
                    ListSnapshot<User> snapshot = fileUserRepository.getSnapshot();
                    if (snapshot.values().size() == 1) {
                        User user = snapshot.values().get(0);
                        if ("neo4j".equals(user.name())) {
                            if (user.credentials().matchesPassword("neo4j")) {
                                z = false;
                            }
                        }
                    }
                    lifespan.close();
                } finally {
                }
            } catch (IOException e) {
            }
        }
        return z;
    }

    private static String realUsersExistErrorMsg(FileSystemAbstraction fileSystemAbstraction, File file) {
        return "the provided initial password was not set because existing Neo4j users were detected at `" + file.getAbsolutePath() + "`. Please remove the existing " + (fileSystemAbstraction.fileExists(new File(file.getParentFile(), "roles")) ? "`auth` and `roles` files" : "`auth` file") + " if you want to reset your database to only have a default user with the provided password.";
    }

    @VisibleForTesting
    Config loadNeo4jConfig() {
        Config build = Config.newBuilder().set(GraphDatabaseSettings.neo4j_home, this.ctx.homeDir().toAbsolutePath()).fromFileNoThrow(this.ctx.confDir().resolve("neo4j.conf")).build();
        ConfigUtils.disableAllConnectors(build);
        return build;
    }
}
