package com.google.gerrit.server.restapi.account;

import com.google.common.base.Strings;
import com.google.common.flogger.FluentLogger;
import com.google.gerrit.common.UsedAt;
import com.google.gerrit.exceptions.EmailException;
import com.google.gerrit.extensions.common.HttpPasswordInput;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.UserInitiated;
import com.google.gerrit.server.account.AccountResource;
import com.google.gerrit.server.account.AccountsUpdate;
import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.gerrit.server.account.externalids.ExternalIds;
import com.google.gerrit.server.mail.send.HttpPasswordUpdateSender;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.query.change.ChangeQueryBuilder;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import org.apache.commons.codec.binary.Base64;
import org.eclipse.jgit.errors.ConfigInvalidException;

/* loaded from: input_file:com/google/gerrit/server/restapi/account/PutHttpPassword.class */
public class PutHttpPassword implements RestModifyView<AccountResource, HttpPasswordInput> {
    private static final FluentLogger logger = FluentLogger.forEnclosingClass();
    private static final int LEN = 31;
    private static final SecureRandom rng;
    private final Provider<CurrentUser> self;
    private final PermissionBackend permissionBackend;
    private final ExternalIds externalIds;
    private final Provider<AccountsUpdate> accountsUpdateProvider;
    private final HttpPasswordUpdateSender.Factory httpPasswordUpdateSenderFactory;

    @Inject
    PutHttpPassword(Provider<CurrentUser> provider, PermissionBackend permissionBackend, ExternalIds externalIds, @UserInitiated Provider<AccountsUpdate> provider2, HttpPasswordUpdateSender.Factory factory) {
        this.self = provider;
        this.permissionBackend = permissionBackend;
        this.externalIds = externalIds;
        this.accountsUpdateProvider = provider2;
        this.httpPasswordUpdateSenderFactory = factory;
    }

    @Override // com.google.gerrit.extensions.restapi.RestModifyView
    public Response<String> apply(AccountResource accountResource, HttpPasswordInput httpPasswordInput) throws AuthException, ResourceNotFoundException, ResourceConflictException, IOException, ConfigInvalidException, PermissionBackendException {
        String str;
        if (!this.self.get().hasSameAccountId(accountResource.getUser())) {
            this.permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
        }
        if (httpPasswordInput == null) {
            httpPasswordInput = new HttpPasswordInput();
        }
        httpPasswordInput.httpPassword = Strings.emptyToNull(httpPasswordInput.httpPassword);
        if (httpPasswordInput.generate) {
            str = generate();
        } else if (httpPasswordInput.httpPassword == null) {
            str = null;
        } else {
            this.permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
            str = httpPasswordInput.httpPassword;
        }
        return apply(accountResource.getUser(), str);
    }

    @UsedAt(UsedAt.Project.PLUGIN_SERVICEUSER)
    public Response<String> apply(IdentifiedUser identifiedUser, String str) throws ResourceNotFoundException, ResourceConflictException, IOException, ConfigInvalidException {
        ExternalId orElseThrow = this.externalIds.get(ExternalId.Key.create("username", identifiedUser.getUserName().orElseThrow(() -> {
            return new ResourceConflictException("username must be set");
        }))).orElseThrow(ResourceNotFoundException::new);
        this.accountsUpdateProvider.get().update("Set HTTP Password via API", orElseThrow.accountId(), builder -> {
            builder.updateExternalId(ExternalId.createWithPassword(orElseThrow.key(), orElseThrow.accountId(), orElseThrow.email(), str));
        });
        try {
            this.httpPasswordUpdateSenderFactory.create(identifiedUser, str == null ? ChangeQueryBuilder.FIELD_DELETED : "added or updated").send();
        } catch (EmailException e) {
            logger.atSevere().withCause(e).log("Cannot send HttpPassword update message to %s", identifiedUser.getAccount().preferredEmail());
        }
        return Strings.isNullOrEmpty(str) ? Response.none() : Response.ok(str);
    }

    @UsedAt(UsedAt.Project.PLUGIN_SERVICEUSER)
    public static String generate() {
        byte[] bArr = new byte[31];
        rng.nextBytes(bArr);
        byte[] encodeBase64 = Base64.encodeBase64(bArr, false);
        StringBuilder sb = new StringBuilder(encodeBase64.length);
        for (int i = 0; i < encodeBase64.length && encodeBase64[i] != 61; i++) {
            sb.append((char) encodeBase64[i]);
        }
        return sb.toString();
    }

    static {
        try {
            rng = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Cannot create RNG for password generator", e);
        }
    }
}
