package org.neo4j.server.security.auth;

import java.io.IOException;
import java.security.SecureRandom;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.neo4j.helpers.Clock;
import org.neo4j.helpers.ThisShouldNotHappenError;
import org.neo4j.kernel.impl.util.BytePrinter;
import org.neo4j.kernel.lifecycle.LifecycleAdapter;
import org.neo4j.server.security.auth.User;
import org.neo4j.server.security.auth.exception.IllegalTokenException;
import org.neo4j.server.security.auth.exception.IllegalUsernameException;
import org.neo4j.server.security.auth.exception.TooManyAuthenticationAttemptsException;

/* loaded from: input_file:org/neo4j/server/security/auth/SecurityCentral.class */
public class SecurityCentral extends LifecycleAdapter {
    public static final User UNAUTHENTICATED = new UnauthenticatedUser();
    private final Authentication authentication;
    private final UserRepository users;
    private final ConcurrentMap<String, User> usersByToken = new ConcurrentHashMap();
    private final SecureRandom rand = new SecureRandom();

    public SecurityCentral(Clock clock, UserRepository userRepository) {
        this.users = userRepository;
        this.authentication = new Authentication(clock, userRepository, 3);
    }

    public void start() throws Throwable {
        if (this.users.numberOfUsers() == 0) {
            newUser("neo4j", Privileges.ADMIN);
        }
    }

    public boolean authenticate(String str, String str2) throws TooManyAuthenticationAttemptsException {
        return this.authentication.authenticate(str, str2);
    }

    public void newUser(String str, Privileges privileges) throws IOException, IllegalUsernameException {
        try {
            assertValidName(str);
            this.users.save(new User.Builder().withName(str).withPrivileges(privileges).build());
            this.authentication.setPassword(str, str);
            this.authentication.requirePasswordChange(str);
        } catch (IllegalTokenException e) {
            throw new ThisShouldNotHappenError("Jake", "There is no token set at this point.", e);
        }
    }

    public User userForToken(String str) {
        if (str == null) {
            return UNAUTHENTICATED;
        }
        User user = this.usersByToken.get(str);
        if (user != null) {
            return user;
        }
        for (User user2 : this.users) {
            if (user2.tokenEquals(str)) {
                this.usersByToken.putIfAbsent(user2.token(), user2);
                return user2;
            }
        }
        return UNAUTHENTICATED;
    }

    public User userForName(String str) {
        User user;
        if (str != null && (user = this.users.get(str)) != null) {
            return user;
        }
        return UNAUTHENTICATED;
    }

    public String regenerateToken(String str) throws IOException {
        try {
            String newToken = newToken();
            setToken(str, newToken);
            return newToken;
        } catch (IllegalTokenException e) {
            return regenerateToken(str);
        }
    }

    public synchronized void setToken(String str, String str2) throws IllegalTokenException, IOException {
        assertValidToken(str2);
        User user = this.users.get(str);
        if (user != null) {
            String str3 = user.token();
            User build = user.augment().withToken(str2).build();
            try {
                this.users.save(build);
                this.usersByToken.put(str2, build);
                if (str3 != User.NO_TOKEN) {
                    this.usersByToken.remove(str3);
                }
            } catch (IllegalUsernameException e) {
                throw new ThisShouldNotHappenError("Jake", "Username has already been accepted, we are modifying the token only.");
            }
        }
    }

    public synchronized void setPassword(String str, String str2) throws IOException {
        if (userForName(str).passwordChangeRequired()) {
            regenerateToken(str);
        }
        this.authentication.setPassword(str, str2);
    }

    private String newToken() {
        byte[] bArr = new byte[16];
        this.rand.nextBytes(bArr);
        return BytePrinter.compactHex(bArr).toLowerCase();
    }

    private void assertValidName(String str) {
        if (!this.users.isValidName(str)) {
            throw new IllegalArgumentException("User name contains illegal characters. Please use simple ascii characters and numbers.");
        }
    }

    private void assertValidToken(String str) {
        if (!this.users.isValidToken(str)) {
            throw new IllegalArgumentException("Token is not a valid Neo4j Authorization Token.");
        }
    }
}
