package com.google.gerrit.sshd.commands;

import com.google.gerrit.common.errors.InvalidSshKeyException;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AccountExternalId;
import com.google.gerrit.reviewdb.client.AccountSshKey;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.AccountCache;
import com.google.gerrit.server.account.AccountException;
import com.google.gerrit.server.account.AccountManager;
import com.google.gerrit.server.account.AuthRequest;
import com.google.gerrit.server.account.Realm;
import com.google.gerrit.server.ssh.SshKeyCache;
import com.google.gerrit.sshd.BaseCommand;
import com.google.gwtorm.server.OrmException;
import com.google.gwtorm.server.ResultSet;
import com.google.inject.Inject;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.sshd.server.Environment;
import org.kohsuke.args4j.Argument;
import org.kohsuke.args4j.Option;

/* loaded from: input_file:WEB-INF/lib/gerrit-sshd-2.5.2.jar:com/google/gerrit/sshd/commands/SetAccountCommand.class */
final class SetAccountCommand extends BaseCommand {

    @Argument(index = 0, required = true, metaVar = "USER", usage = "full name, email-address, ssh username or account id")
    private Account.Id id;

    @Option(name = "--full-name", metaVar = "NAME", usage = "display name of the account")
    private String fullName;

    @Option(name = "--active", usage = "set account's state to active")
    private boolean active;

    @Option(name = "--inactive", usage = "set account's state to inactive")
    private boolean inactive;

    @Option(name = "--add-email", multiValued = true, metaVar = "EMAIL", usage = "email addresses to add to the account")
    private List<String> addEmails = new ArrayList();

    @Option(name = "--delete-email", multiValued = true, metaVar = "EMAIL", usage = "email addresses to delete from the account")
    private List<String> deleteEmails = new ArrayList();

    @Option(name = "--add-ssh-key", multiValued = true, metaVar = "-|KEY", usage = "public keys to add to the account")
    private List<String> addSshKeys = new ArrayList();

    @Option(name = "--delete-ssh-key", multiValued = true, metaVar = "-|KEY", usage = "public keys to delete from the account")
    private List<String> deleteSshKeys = new ArrayList();

    @Option(name = "--http-password", metaVar = "PASSWORD", usage = "password for HTTP authentication for the account")
    private String httpPassword;

    @Inject
    private IdentifiedUser currentUser;

    @Inject
    private ReviewDb db;

    @Inject
    private AccountManager manager;

    @Inject
    private SshKeyCache sshKeyCache;

    @Inject
    private AccountCache byIdCache;

    @Inject
    private Realm realm;

    SetAccountCommand() {
    }

    @Override // org.apache.sshd.server.Command
    public void start(Environment environment) {
        startThread(new BaseCommand.CommandRunnable() { // from class: com.google.gerrit.sshd.commands.SetAccountCommand.1
            @Override // com.google.gerrit.sshd.BaseCommand.CommandRunnable
            public void run() throws Exception {
                if (!SetAccountCommand.this.currentUser.getCapabilities().canAdministrateServer()) {
                    throw new BaseCommand.UnloggedFailure(1, String.format("fatal: %s does not have \"Administrator\" capability.", SetAccountCommand.this.currentUser.getUserName()));
                }
                SetAccountCommand.this.parseCommandLine();
                SetAccountCommand.this.validate();
                SetAccountCommand.this.setAccount();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void validate() throws BaseCommand.UnloggedFailure {
        if (this.active && this.inactive) {
            throw new BaseCommand.UnloggedFailure(1, "--active and --inactive options are mutually exclusive.");
        }
        if (this.addSshKeys.contains("-") && this.deleteSshKeys.contains("-")) {
            throw new BaseCommand.UnloggedFailure(1, "Only one option may use the stdin");
        }
        if (this.deleteSshKeys.contains("ALL")) {
            this.deleteSshKeys = Collections.singletonList("ALL");
        }
        if (this.deleteEmails.contains("ALL")) {
            this.deleteEmails = Collections.singletonList("ALL");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setAccount() throws OrmException, IOException, BaseCommand.UnloggedFailure {
        Account account = this.db.accounts().get(this.id);
        boolean z = false;
        boolean z2 = false;
        Iterator<String> it = this.addEmails.iterator();
        while (it.hasNext()) {
            link(this.id, it.next());
        }
        Iterator<String> it2 = this.deleteEmails.iterator();
        while (it2.hasNext()) {
            deleteMail(this.id, it2.next());
        }
        if (this.fullName != null) {
            if (!this.realm.allowsEdit(Account.FieldName.FULL_NAME)) {
                throw new BaseCommand.UnloggedFailure(1, "The realm doesn't allow editing names");
            }
            account.setFullName(this.fullName);
        }
        if (this.httpPassword != null) {
            setHttpPassword(this.id, this.httpPassword);
        }
        if (this.active) {
            z = true;
            account.setActive(true);
        } else if (this.inactive) {
            z = true;
            account.setActive(false);
        }
        this.addSshKeys = readSshKey(this.addSshKeys);
        if (!this.addSshKeys.isEmpty()) {
            z2 = true;
            addSshKeys(this.addSshKeys, account);
        }
        this.deleteSshKeys = readSshKey(this.deleteSshKeys);
        if (!this.deleteSshKeys.isEmpty()) {
            z2 = true;
            deleteSshKeys(this.deleteSshKeys, account);
        }
        if (z) {
            this.db.accounts().update(Collections.singleton(account));
            this.byIdCache.evict(this.id);
        }
        if (z2) {
            this.sshKeyCache.evict(account.getUserName());
        }
    }

    private void addSshKeys(List<String> list, Account account) throws OrmException, BaseCommand.UnloggedFailure {
        ArrayList arrayList = new ArrayList();
        int size = this.db.accountSshKeys().byAccount(account.getId()).toList().size();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            try {
                size++;
                arrayList.add(this.sshKeyCache.create(new AccountSshKey.Id(account.getId(), size), it.next().trim()));
            } catch (InvalidSshKeyException e) {
                throw new BaseCommand.UnloggedFailure(1, "fatal: invalid ssh key");
            }
        }
        this.db.accountSshKeys().insert(arrayList);
    }

    private void deleteSshKeys(List<String> list, Account account) throws OrmException {
        ResultSet<AccountSshKey> byAccount = this.db.accountSshKeys().byAccount(account.getId());
        if (list.contains("ALL")) {
            this.db.accountSshKeys().delete(byAccount);
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            for (AccountSshKey accountSshKey : byAccount) {
                if (str.trim().equals(accountSshKey.getSshPublicKey()) || accountSshKey.getComment().trim().equals(str)) {
                    arrayList.add(accountSshKey);
                }
            }
        }
        this.db.accountSshKeys().delete(arrayList);
    }

    private void deleteMail(Account.Id id, String str) throws BaseCommand.UnloggedFailure, OrmException {
        if (!str.equals("ALL")) {
            if (this.db.accountExternalIds().get(new AccountExternalId.Key(AccountExternalId.SCHEME_MAILTO, str)) != null) {
                unlink(id, str);
                return;
            }
            return;
        }
        for (AccountExternalId accountExternalId : this.db.accountExternalIds().byAccount(id)) {
            if (accountExternalId.isScheme(AccountExternalId.SCHEME_MAILTO)) {
                unlink(id, accountExternalId.getEmailAddress());
            }
        }
    }

    private void setHttpPassword(Account.Id id, String str) throws BaseCommand.UnloggedFailure, OrmException {
        for (AccountExternalId accountExternalId : this.db.accountExternalIds().byAccount(id)) {
            if (accountExternalId.isScheme(AccountExternalId.SCHEME_USERNAME)) {
                accountExternalId.setPassword(str);
                this.db.accountExternalIds().update(Collections.singleton(accountExternalId));
                this.byIdCache.evict(id);
            }
        }
    }

    private void unlink(Account.Id id, String str) throws BaseCommand.UnloggedFailure {
        try {
            this.manager.unlink(id, AuthRequest.forEmail(str));
        } catch (AccountException e) {
            throw die(e.getMessage());
        }
    }

    private void link(Account.Id id, String str) throws BaseCommand.UnloggedFailure {
        try {
            this.manager.link(id, AuthRequest.forEmail(str));
        } catch (AccountException e) {
            throw die(e.getMessage());
        }
    }

    private List<String> readSshKey(List<String> list) throws UnsupportedEncodingException, IOException {
        int indexOf;
        if (!list.isEmpty() && (indexOf = list.indexOf("-")) >= 0) {
            String str = "";
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(this.in, "UTF-8"));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                str = str + readLine + "\n";
            }
            list.set(indexOf, str);
        }
        return list;
    }
}
