package com.google.gerrit.server.restapi.account;

import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.exceptions.InvalidSshKeyException;
import com.google.gerrit.exceptions.NoSuchGroupException;
import com.google.gerrit.extensions.annotations.RequiresCapability;
import com.google.gerrit.extensions.api.accounts.AccountInput;
import com.google.gerrit.extensions.common.AccountInfo;
import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.IdString;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestCollectionCreateView;
import com.google.gerrit.extensions.restapi.TopLevelResource;
import com.google.gerrit.extensions.restapi.UnprocessableEntityException;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.server.UserInitiated;
import com.google.gerrit.server.account.AccountExternalIdCreator;
import com.google.gerrit.server.account.AccountLoader;
import com.google.gerrit.server.account.AccountResource;
import com.google.gerrit.server.account.AccountsUpdate;
import com.google.gerrit.server.account.VersionedAuthorizedKeys;
import com.google.gerrit.server.account.externalids.DuplicateExternalIdKeyException;
import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.gerrit.server.group.GroupResolver;
import com.google.gerrit.server.group.db.GroupsUpdate;
import com.google.gerrit.server.group.db.InternalGroupUpdate;
import com.google.gerrit.server.mail.send.OutgoingEmailValidator;
import com.google.gerrit.server.notedb.Sequences;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.plugincontext.PluginSetContext;
import com.google.gerrit.server.ssh.SshKeyCache;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.eclipse.jgit.errors.ConfigInvalidException;

@Singleton
@RequiresCapability(GlobalCapability.CREATE_ACCOUNT)
/* loaded from: input_file:com/google/gerrit/server/restapi/account/CreateAccount.class */
public class CreateAccount implements RestCollectionCreateView<TopLevelResource, AccountResource, AccountInput> {
    private final Sequences seq;
    private final GroupResolver groupResolver;
    private final VersionedAuthorizedKeys.Accessor authorizedKeys;
    private final SshKeyCache sshKeyCache;
    private final Provider<AccountsUpdate> accountsUpdateProvider;
    private final AccountLoader.Factory infoLoader;
    private final PluginSetContext<AccountExternalIdCreator> externalIdCreators;
    private final Provider<GroupsUpdate> groupsUpdate;
    private final OutgoingEmailValidator validator;

    @Inject
    CreateAccount(Sequences sequences, GroupResolver groupResolver, VersionedAuthorizedKeys.Accessor accessor, SshKeyCache sshKeyCache, @UserInitiated Provider<AccountsUpdate> provider, AccountLoader.Factory factory, PluginSetContext<AccountExternalIdCreator> pluginSetContext, @UserInitiated Provider<GroupsUpdate> provider2, OutgoingEmailValidator outgoingEmailValidator) {
        this.seq = sequences;
        this.groupResolver = groupResolver;
        this.authorizedKeys = accessor;
        this.sshKeyCache = sshKeyCache;
        this.accountsUpdateProvider = provider;
        this.infoLoader = factory;
        this.externalIdCreators = pluginSetContext;
        this.groupsUpdate = provider2;
        this.validator = outgoingEmailValidator;
    }

    @Override // com.google.gerrit.extensions.restapi.RestCollectionCreateView
    public Response<AccountInfo> apply(TopLevelResource topLevelResource, IdString idString, @Nullable AccountInput accountInput) throws BadRequestException, ResourceConflictException, UnprocessableEntityException, IOException, ConfigInvalidException, PermissionBackendException {
        return apply(idString, accountInput != null ? accountInput : new AccountInput());
    }

    public Response<AccountInfo> apply(IdString idString, AccountInput accountInput) throws BadRequestException, ResourceConflictException, UnprocessableEntityException, IOException, ConfigInvalidException, PermissionBackendException {
        String str = idString.get();
        if (accountInput.username != null && !str.equals(accountInput.username)) {
            throw new BadRequestException("username must match URL");
        }
        if (!ExternalId.isValidUsername(str)) {
            throw new BadRequestException("Invalid username '" + str + "'");
        }
        Set<AccountGroup.UUID> parseGroups = parseGroups(accountInput.groups);
        Account.Id id = new Account.Id(this.seq.nextAccountId());
        ArrayList arrayList = new ArrayList();
        if (accountInput.email != null) {
            if (!this.validator.isValid(accountInput.email)) {
                throw new BadRequestException("invalid email address");
            }
            arrayList.add(ExternalId.createEmail(id, accountInput.email));
        }
        arrayList.add(ExternalId.createUsername(str, id, accountInput.httpPassword));
        this.externalIdCreators.runEach(accountExternalIdCreator -> {
            arrayList.addAll(accountExternalIdCreator.create(id, str, accountInput.email));
        });
        try {
            this.accountsUpdateProvider.get().insert("Create Account via API", id, builder -> {
                builder.setFullName(accountInput.name).setPreferredEmail(accountInput.email).addExternalIds(arrayList);
            });
            for (AccountGroup.UUID uuid : parseGroups) {
                try {
                    addGroupMember(uuid, id);
                } catch (NoSuchGroupException e) {
                    throw new UnprocessableEntityException(String.format("Group %s not found", uuid));
                }
            }
            if (accountInput.sshKey != null) {
                try {
                    this.authorizedKeys.addKey(id, accountInput.sshKey);
                    this.sshKeyCache.evict(str);
                } catch (InvalidSshKeyException e2) {
                    throw new BadRequestException(e2.getMessage());
                }
            }
            AccountLoader create = this.infoLoader.create(true);
            AccountInfo accountInfo = create.get(id);
            create.fill();
            return Response.created(accountInfo);
        } catch (DuplicateExternalIdKeyException e3) {
            if (e3.getDuplicateKey().isScheme("username")) {
                throw new ResourceConflictException("username '" + e3.getDuplicateKey().id() + "' already exists");
            }
            if (e3.getDuplicateKey().isScheme(ExternalId.SCHEME_MAILTO)) {
                throw new UnprocessableEntityException("email '" + e3.getDuplicateKey().id() + "' already exists");
            }
            throw e3;
        }
    }

    private Set<AccountGroup.UUID> parseGroups(List<String> list) throws UnprocessableEntityException {
        HashSet hashSet = new HashSet();
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                hashSet.add(this.groupResolver.parseInternal(it.next()).getGroupUUID());
            }
        }
        return hashSet;
    }

    private void addGroupMember(AccountGroup.UUID uuid, Account.Id id) throws IOException, NoSuchGroupException, ConfigInvalidException {
        this.groupsUpdate.get().updateGroup(uuid, InternalGroupUpdate.builder().setMemberModification(immutableSet -> {
            return Sets.union(immutableSet, ImmutableSet.of(id));
        }).build());
    }
}
