package com.google.gerrit.httpd.rpc.account;

import com.google.gerrit.common.ChangeHooks;
import com.google.gerrit.common.data.AccountSecurity;
import com.google.gerrit.common.data.ContributorAgreement;
import com.google.gerrit.common.errors.ContactInformationStoreException;
import com.google.gerrit.common.errors.InvalidSshKeyException;
import com.google.gerrit.common.errors.NameAlreadyUsedException;
import com.google.gerrit.common.errors.NoSuchEntityException;
import com.google.gerrit.common.errors.NoSuchGroupException;
import com.google.gerrit.httpd.rpc.BaseServiceImplementation;
import com.google.gerrit.httpd.rpc.Handler;
import com.google.gerrit.httpd.rpc.account.DeleteExternalIds;
import com.google.gerrit.httpd.rpc.account.ExternalIdDetailFactory;
import com.google.gerrit.httpd.rpc.account.MyGroupsFactory;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AccountExternalId;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.AccountGroupMember;
import com.google.gerrit.reviewdb.client.AccountGroupMemberAudit;
import com.google.gerrit.reviewdb.client.AccountSshKey;
import com.google.gerrit.reviewdb.client.AuthType;
import com.google.gerrit.reviewdb.client.ContactInformation;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.AccountByEmailCache;
import com.google.gerrit.server.account.AccountCache;
import com.google.gerrit.server.account.AccountException;
import com.google.gerrit.server.account.AccountManager;
import com.google.gerrit.server.account.AuthRequest;
import com.google.gerrit.server.account.ChangeUserName;
import com.google.gerrit.server.account.ClearPassword;
import com.google.gerrit.server.account.GeneratePassword;
import com.google.gerrit.server.account.GroupCache;
import com.google.gerrit.server.account.Realm;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gerrit.server.contact.ContactStore;
import com.google.gerrit.server.mail.EmailException;
import com.google.gerrit.server.mail.EmailTokenVerifier;
import com.google.gerrit.server.mail.RegisterNewEmailSender;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.ssh.SshKeyCache;
import com.google.gwtjsonrpc.common.AsyncCallback;
import com.google.gwtjsonrpc.common.VoidResult;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/gerrit-httpd-2.5.2.jar:com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.class */
public class AccountSecurityImpl extends BaseServiceImplementation implements AccountSecurity {
    private final Logger log;
    private final ContactStore contactStore;
    private final AuthConfig authConfig;
    private final Realm realm;
    private final ProjectCache projectCache;
    private final Provider<IdentifiedUser> user;
    private final EmailTokenVerifier emailTokenVerifier;
    private final RegisterNewEmailSender.Factory registerNewEmailFactory;
    private final SshKeyCache sshKeyCache;
    private final AccountByEmailCache byEmailCache;
    private final AccountCache accountCache;
    private final AccountManager accountManager;
    private final boolean useContactInfo;
    private final ClearPassword.Factory clearPasswordFactory;
    private final GeneratePassword.Factory generatePasswordFactory;
    private final ChangeUserName.CurrentUser changeUserNameFactory;
    private final DeleteExternalIds.Factory deleteExternalIdsFactory;
    private final ExternalIdDetailFactory.Factory externalIdDetailFactory;
    private final MyGroupsFactory.Factory myGroupsFactory;
    private final ChangeHooks hooks;
    private final GroupCache groupCache;

    @Inject
    AccountSecurityImpl(Provider<ReviewDb> provider, Provider<CurrentUser> provider2, ContactStore contactStore, AuthConfig authConfig, Realm realm, Provider<IdentifiedUser> provider3, EmailTokenVerifier emailTokenVerifier, ProjectCache projectCache, RegisterNewEmailSender.Factory factory, SshKeyCache sshKeyCache, AccountByEmailCache accountByEmailCache, AccountCache accountCache, AccountManager accountManager, ClearPassword.Factory factory2, GeneratePassword.Factory factory3, ChangeUserName.CurrentUser currentUser, DeleteExternalIds.Factory factory4, ExternalIdDetailFactory.Factory factory5, MyGroupsFactory.Factory factory6, ChangeHooks changeHooks, GroupCache groupCache) {
        super(provider, provider2);
        this.log = LoggerFactory.getLogger(getClass());
        this.contactStore = contactStore;
        this.authConfig = authConfig;
        this.realm = realm;
        this.user = provider3;
        this.emailTokenVerifier = emailTokenVerifier;
        this.projectCache = projectCache;
        this.registerNewEmailFactory = factory;
        this.sshKeyCache = sshKeyCache;
        this.byEmailCache = accountByEmailCache;
        this.accountCache = accountCache;
        this.accountManager = accountManager;
        this.useContactInfo = this.contactStore != null && this.contactStore.isEnabled();
        this.clearPasswordFactory = factory2;
        this.generatePasswordFactory = factory3;
        this.changeUserNameFactory = currentUser;
        this.deleteExternalIdsFactory = factory4;
        this.externalIdDetailFactory = factory5;
        this.myGroupsFactory = factory6;
        this.hooks = changeHooks;
        this.groupCache = groupCache;
    }

    @Override // com.google.gerrit.common.data.AccountSecurity
    public void mySshKeys(AsyncCallback<List<AccountSshKey>> asyncCallback) {
        run(asyncCallback, new BaseServiceImplementation.Action<List<AccountSshKey>>() { // from class: com.google.gerrit.httpd.rpc.account.AccountSecurityImpl.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.google.gerrit.httpd.rpc.BaseServiceImplementation.Action
            public List<AccountSshKey> run(ReviewDb reviewDb) throws OrmException {
                return reviewDb.accountSshKeys().byAccount(((IdentifiedUser) AccountSecurityImpl.this.user.get()).getAccountId()).toList();
            }
        });
    }

    @Override // com.google.gerrit.common.data.AccountSecurity
    public void addSshKey(final String str, AsyncCallback<AccountSshKey> asyncCallback) {
        run(asyncCallback, new BaseServiceImplementation.Action<AccountSshKey>() { // from class: com.google.gerrit.httpd.rpc.account.AccountSecurityImpl.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.google.gerrit.httpd.rpc.BaseServiceImplementation.Action
            public AccountSshKey run(ReviewDb reviewDb) throws OrmException, BaseServiceImplementation.Failure {
                int i = 0;
                Account.Id accountId = ((IdentifiedUser) AccountSecurityImpl.this.user.get()).getAccountId();
                Iterator<AccountSshKey> it = reviewDb.accountSshKeys().byAccount(accountId).iterator();
                while (it.hasNext()) {
                    i = Math.max(i, it.next().getKey().get());
                }
                try {
                    AccountSshKey create = AccountSecurityImpl.this.sshKeyCache.create(new AccountSshKey.Id(accountId, i + 1), str);
                    reviewDb.accountSshKeys().insert(Collections.singleton(create));
                    AccountSecurityImpl.this.uncacheSshKeys();
                    return create;
                } catch (InvalidSshKeyException e) {
                    throw new BaseServiceImplementation.Failure(e);
                }
            }
        });
    }

    @Override // com.google.gerrit.common.data.AccountSecurity
    public void deleteSshKeys(final Set<AccountSshKey.Id> set, AsyncCallback<VoidResult> asyncCallback) {
        run(asyncCallback, new BaseServiceImplementation.Action<VoidResult>() { // from class: com.google.gerrit.httpd.rpc.account.AccountSecurityImpl.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.google.gerrit.httpd.rpc.BaseServiceImplementation.Action
            public VoidResult run(ReviewDb reviewDb) throws OrmException, BaseServiceImplementation.Failure {
                Account.Id accountId = ((IdentifiedUser) AccountSecurityImpl.this.user.get()).getAccountId();
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    if (!accountId.equals(((AccountSshKey.Id) it.next()).getParentKey())) {
                        throw new BaseServiceImplementation.Failure(new NoSuchEntityException());
                    }
                }
                reviewDb.accountSshKeys().deleteKeys(set);
                AccountSecurityImpl.this.uncacheSshKeys();
                return VoidResult.INSTANCE;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void uncacheSshKeys() {
        this.sshKeyCache.evict(this.user.get().getUserName());
    }

    @Override // com.google.gerrit.common.data.AccountSecurity
    public void changeUserName(String str, AsyncCallback<VoidResult> asyncCallback) {
        if (this.realm.allowsEdit(Account.FieldName.USER_NAME)) {
            Handler.wrap(this.changeUserNameFactory.create(str)).to(asyncCallback);
        } else {
            asyncCallback.onFailure(new NameAlreadyUsedException());
        }
    }

    @Override // com.google.gerrit.common.data.AccountSecurity
    public void generatePassword(AccountExternalId.Key key, AsyncCallback<AccountExternalId> asyncCallback) {
        Handler.wrap(this.generatePasswordFactory.create(key)).to(asyncCallback);
    }

    @Override // com.google.gerrit.common.data.AccountSecurity
    public void clearPassword(AccountExternalId.Key key, AsyncCallback<AccountExternalId> asyncCallback) {
        Handler.wrap(this.clearPasswordFactory.create(key)).to(asyncCallback);
    }

    @Override // com.google.gerrit.common.data.AccountSecurity
    public void myExternalIds(AsyncCallback<List<AccountExternalId>> asyncCallback) {
        this.externalIdDetailFactory.create().to(asyncCallback);
    }

    @Override // com.google.gerrit.common.data.AccountSecurity
    public void myGroups(AsyncCallback<List<AccountGroup>> asyncCallback) {
        run(asyncCallback, new BaseServiceImplementation.Action<List<AccountGroup>>() { // from class: com.google.gerrit.httpd.rpc.account.AccountSecurityImpl.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.google.gerrit.httpd.rpc.BaseServiceImplementation.Action
            public List<AccountGroup> run(ReviewDb reviewDb) throws OrmException, NoSuchGroupException, BaseServiceImplementation.Failure {
                return AccountSecurityImpl.this.myGroupsFactory.create().call();
            }
        });
    }

    @Override // com.google.gerrit.common.data.AccountSecurity
    public void deleteExternalIds(Set<AccountExternalId.Key> set, AsyncCallback<Set<AccountExternalId.Key>> asyncCallback) {
        this.deleteExternalIdsFactory.create(set).to(asyncCallback);
    }

    @Override // com.google.gerrit.common.data.AccountSecurity
    public void updateContact(final String str, final String str2, final ContactInformation contactInformation, AsyncCallback<Account> asyncCallback) {
        run(asyncCallback, new BaseServiceImplementation.Action<Account>() { // from class: com.google.gerrit.httpd.rpc.account.AccountSecurityImpl.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.google.gerrit.httpd.rpc.BaseServiceImplementation.Action
            public Account run(ReviewDb reviewDb) throws OrmException, BaseServiceImplementation.Failure {
                Account account = reviewDb.accounts().get(((IdentifiedUser) AccountSecurityImpl.this.user.get()).getAccountId());
                String preferredEmail = account.getPreferredEmail();
                if (AccountSecurityImpl.this.realm.allowsEdit(Account.FieldName.FULL_NAME)) {
                    account.setFullName((str == null || str.isEmpty()) ? null : str);
                }
                account.setPreferredEmail(str2);
                if (AccountSecurityImpl.this.useContactInfo) {
                    if (ContactInformation.hasAddress(contactInformation) || (account.isContactFiled() && ContactInformation.hasData(contactInformation))) {
                        account.setContactFiled();
                    }
                    if (ContactInformation.hasData(contactInformation)) {
                        try {
                            AccountSecurityImpl.this.contactStore.store(account, contactInformation);
                        } catch (ContactInformationStoreException e) {
                            throw new BaseServiceImplementation.Failure(e);
                        }
                    }
                }
                reviewDb.accounts().update(Collections.singleton(account));
                if (!AccountSecurityImpl.eq(preferredEmail, account.getPreferredEmail())) {
                    AccountSecurityImpl.this.byEmailCache.evict(preferredEmail);
                    AccountSecurityImpl.this.byEmailCache.evict(account.getPreferredEmail());
                }
                AccountSecurityImpl.this.accountCache.evict(account.getId());
                return account;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean eq(String str, String str2) {
        if (str == null && str2 == null) {
            return true;
        }
        return str != null && str.equals(str2);
    }

    @Override // com.google.gerrit.common.data.AccountSecurity
    public void enterAgreement(final String str, AsyncCallback<VoidResult> asyncCallback) {
        run(asyncCallback, new BaseServiceImplementation.Action<VoidResult>() { // from class: com.google.gerrit.httpd.rpc.account.AccountSecurityImpl.6
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.google.gerrit.httpd.rpc.BaseServiceImplementation.Action
            public VoidResult run(ReviewDb reviewDb) throws OrmException, BaseServiceImplementation.Failure {
                ContributorAgreement contributorAgreement = AccountSecurityImpl.this.projectCache.getAllProjects().getConfig().getContributorAgreement(str);
                if (contributorAgreement == null) {
                    throw new BaseServiceImplementation.Failure(new NoSuchEntityException());
                }
                if (contributorAgreement.getAutoVerify() == null) {
                    throw new BaseServiceImplementation.Failure(new IllegalStateException("cannot enter a non-autoVerify agreement"));
                }
                if (contributorAgreement.getAutoVerify().getUUID() == null) {
                    throw new BaseServiceImplementation.Failure(new NoSuchEntityException());
                }
                AccountGroup accountGroup = AccountSecurityImpl.this.groupCache.get(contributorAgreement.getAutoVerify().getUUID());
                if (accountGroup == null) {
                    throw new BaseServiceImplementation.Failure(new NoSuchEntityException());
                }
                Account account = ((IdentifiedUser) AccountSecurityImpl.this.user.get()).getAccount();
                AccountSecurityImpl.this.hooks.doClaSignupHook(account, contributorAgreement);
                AccountGroupMember.Key key = new AccountGroupMember.Key(account.getId(), accountGroup.getId());
                if (reviewDb.accountGroupMembers().get(key) == null) {
                    AccountGroupMember accountGroupMember = new AccountGroupMember(key);
                    reviewDb.accountGroupMembersAudit().insert(Collections.singleton(new AccountGroupMemberAudit(accountGroupMember, account.getId())));
                    reviewDb.accountGroupMembers().insert(Collections.singleton(accountGroupMember));
                    AccountSecurityImpl.this.accountCache.evict(accountGroupMember.getAccountId());
                }
                return VoidResult.INSTANCE;
            }
        });
    }

    @Override // com.google.gerrit.common.data.AccountSecurity
    public void registerEmail(String str, AsyncCallback<Account> asyncCallback) {
        if (this.authConfig.getAuthType() == AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT) {
            try {
                this.accountManager.link(this.user.get().getAccountId(), AuthRequest.forEmail(str));
                asyncCallback.onSuccess(this.user.get().getAccount());
                return;
            } catch (AccountException e) {
                asyncCallback.onFailure(e);
                return;
            }
        }
        try {
            this.registerNewEmailFactory.create(str).send();
        } catch (EmailException e2) {
            this.log.error("Cannot send email verification message to " + str, (Throwable) e2);
            asyncCallback.onFailure(e2);
        } catch (RuntimeException e3) {
            this.log.error("Cannot send email verification message to " + str, (Throwable) e3);
            asyncCallback.onFailure(e3);
        }
    }

    @Override // com.google.gerrit.common.data.AccountSecurity
    public void validateEmail(String str, AsyncCallback<VoidResult> asyncCallback) {
        try {
            EmailTokenVerifier.ParsedToken decode = this.emailTokenVerifier.decode(str);
            Account.Id accountId = this.user.get().getAccountId();
            if (!accountId.equals(decode.getAccountId())) {
                throw new EmailTokenVerifier.InvalidTokenException();
            }
            this.accountManager.link(accountId, decode.toAuthRequest());
            asyncCallback.onSuccess(VoidResult.INSTANCE);
        } catch (AccountException e) {
            asyncCallback.onFailure(e);
        } catch (EmailTokenVerifier.InvalidTokenException e2) {
            asyncCallback.onFailure(e2);
        }
    }
}
