package com.google.gerrit.server.account;

import com.google.common.collect.Sets;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.common.data.GroupDescriptions;
import com.google.gerrit.common.errors.InvalidSshKeyException;
import com.google.gerrit.extensions.annotations.RequiresCapability;
import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.DefaultInput;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.extensions.restapi.TopLevelResource;
import com.google.gerrit.extensions.restapi.UnprocessableEntityException;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AccountExternalId;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.AccountGroupMember;
import com.google.gerrit.reviewdb.client.AccountGroupMemberAudit;
import com.google.gerrit.reviewdb.client.AccountSshKey;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.AccountInfo;
import com.google.gerrit.server.group.GroupsCollection;
import com.google.gerrit.server.ssh.SshKeyCache;
import com.google.gerrit.server.util.TimeUtil;
import com.google.gwtorm.server.OrmDuplicateKeyException;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.assistedinject.Assisted;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.validator.routines.EmailValidator;

@RequiresCapability(GlobalCapability.CREATE_ACCOUNT)
/* loaded from: input_file:com/google/gerrit/server/account/CreateAccount.class */
public class CreateAccount implements RestModifyView<TopLevelResource, Input> {
    private final ReviewDb db;
    private final Provider<IdentifiedUser> currentUser;
    private final GroupsCollection groupsCollection;
    private final SshKeyCache sshKeyCache;
    private final AccountCache accountCache;
    private final AccountByEmailCache byEmailCache;
    private final AccountInfo.Loader.Factory infoLoader;
    private final String username;

    /* loaded from: input_file:com/google/gerrit/server/account/CreateAccount$Factory.class */
    public interface Factory {
        CreateAccount create(String str);
    }

    /* loaded from: input_file:com/google/gerrit/server/account/CreateAccount$Input.class */
    public static class Input {

        @DefaultInput
        public String username;
        public String name;
        public String email;
        public String sshKey;
        public String httpPassword;
        public List<String> groups;
    }

    @Inject
    CreateAccount(ReviewDb reviewDb, Provider<IdentifiedUser> provider, GroupsCollection groupsCollection, SshKeyCache sshKeyCache, AccountCache accountCache, AccountByEmailCache accountByEmailCache, AccountInfo.Loader.Factory factory, @Assisted String str) {
        this.db = reviewDb;
        this.currentUser = provider;
        this.groupsCollection = groupsCollection;
        this.sshKeyCache = sshKeyCache;
        this.accountCache = accountCache;
        this.byEmailCache = accountByEmailCache;
        this.infoLoader = factory;
        this.username = str;
    }

    @Override // com.google.gerrit.extensions.restapi.RestModifyView
    public Response<AccountInfo> apply(TopLevelResource topLevelResource, Input input) throws BadRequestException, ResourceConflictException, UnprocessableEntityException, OrmException {
        if (input == null) {
            input = new Input();
        }
        if (input.username != null && !this.username.equals(input.username)) {
            throw new BadRequestException("username must match URL");
        }
        if (!this.username.matches(Account.USER_NAME_PATTERN)) {
            throw new BadRequestException("Username '" + this.username + "' must contain only letters, numbers, _, - or .");
        }
        Set<AccountGroup.Id> parseGroups = parseGroups(input.groups);
        Account.Id id = new Account.Id(this.db.nextAccountId());
        AccountSshKey createSshKey = createSshKey(id, input.sshKey);
        AccountExternalId accountExternalId = new AccountExternalId(id, new AccountExternalId.Key(AccountExternalId.SCHEME_USERNAME, this.username));
        if (input.httpPassword != null) {
            accountExternalId.setPassword(input.httpPassword);
        }
        if (this.db.accountExternalIds().get(accountExternalId.getKey()) != null) {
            throw new ResourceConflictException("username '" + this.username + "' already exists");
        }
        if (input.email != null) {
            if (this.db.accountExternalIds().get(getEmailKey(input.email)) != null) {
                throw new UnprocessableEntityException("email '" + input.email + "' already exists");
            }
            if (!EmailValidator.getInstance().isValid(input.email)) {
                throw new BadRequestException("invalid email address");
            }
        }
        try {
            this.db.accountExternalIds().insert(Collections.singleton(accountExternalId));
            if (input.email != null) {
                AccountExternalId accountExternalId2 = new AccountExternalId(id, getEmailKey(input.email));
                accountExternalId2.setEmailAddress(input.email);
                try {
                    this.db.accountExternalIds().insert(Collections.singleton(accountExternalId2));
                } catch (OrmDuplicateKeyException e) {
                    try {
                        this.db.accountExternalIds().delete(Collections.singleton(accountExternalId));
                    } catch (OrmException e2) {
                    }
                    throw new UnprocessableEntityException("email '" + input.email + "' already exists");
                }
            }
            Account account = new Account(id, TimeUtil.nowTs());
            account.setFullName(input.name);
            account.setPreferredEmail(input.email);
            this.db.accounts().insert(Collections.singleton(account));
            if (createSshKey != null) {
                this.db.accountSshKeys().insert(Collections.singleton(createSshKey));
            }
            Iterator<AccountGroup.Id> it = parseGroups.iterator();
            while (it.hasNext()) {
                AccountGroupMember accountGroupMember = new AccountGroupMember(new AccountGroupMember.Key(id, it.next()));
                this.db.accountGroupMembersAudit().insert(Collections.singleton(new AccountGroupMemberAudit(accountGroupMember, this.currentUser.get().getAccountId(), TimeUtil.nowTs())));
                this.db.accountGroupMembers().insert(Collections.singleton(accountGroupMember));
            }
            this.sshKeyCache.evict(this.username);
            this.accountCache.evictByUsername(this.username);
            this.byEmailCache.evict(input.email);
            AccountInfo.Loader create = this.infoLoader.create(true);
            AccountInfo accountInfo = create.get(id);
            create.fill();
            return Response.created(accountInfo);
        } catch (OrmDuplicateKeyException e3) {
            throw new ResourceConflictException("username '" + this.username + "' already exists");
        }
    }

    private Set<AccountGroup.Id> parseGroups(List<String> list) throws UnprocessableEntityException {
        HashSet newHashSet = Sets.newHashSet();
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                newHashSet.add(GroupDescriptions.toAccountGroup(this.groupsCollection.parseInternal(it.next())).getId());
            }
        }
        return newHashSet;
    }

    private AccountSshKey createSshKey(Account.Id id, String str) throws BadRequestException {
        if (str == null) {
            return null;
        }
        try {
            return this.sshKeyCache.create(new AccountSshKey.Id(id, 1), str.trim());
        } catch (InvalidSshKeyException e) {
            throw new BadRequestException(e.getMessage());
        }
    }

    private AccountExternalId.Key getEmailKey(String str) {
        return new AccountExternalId.Key(AccountExternalId.SCHEME_MAILTO, str);
    }
}
