package com.google.gerrit.sshd.commands;

import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.common.errors.InvalidSshKeyException;
import com.google.gerrit.extensions.annotations.RequiresCapability;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AccountExternalId;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.AccountGroupMember;
import com.google.gerrit.reviewdb.client.AccountGroupMemberAudit;
import com.google.gerrit.reviewdb.client.AccountSshKey;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.AccountByEmailCache;
import com.google.gerrit.server.account.AccountCache;
import com.google.gerrit.server.ssh.SshKeyCache;
import com.google.gerrit.sshd.BaseCommand;
import com.google.gerrit.sshd.SshCommand;
import com.google.gwtorm.server.OrmDuplicateKeyException;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.kohsuke.args4j.Argument;
import org.kohsuke.args4j.Option;

@RequiresCapability(GlobalCapability.CREATE_ACCOUNT)
/* loaded from: input_file:WEB-INF/lib/gerrit-sshd-2.5.2.jar:com/google/gerrit/sshd/commands/CreateAccountCommand.class */
final class CreateAccountCommand extends SshCommand {

    @Option(name = "--group", aliases = {"-g"}, metaVar = "GROUP", usage = "groups to add account to")
    private List<AccountGroup.Id> groups = new ArrayList();

    @Option(name = "--full-name", metaVar = "NAME", usage = "display name of the account")
    private String fullName;

    @Option(name = "--email", metaVar = "EMAIL", usage = "email address of the account")
    private String email;

    @Option(name = "--ssh-key", metaVar = "-|KEY", usage = "public key for SSH authentication")
    private String sshKey;

    @Option(name = "--http-password", metaVar = "PASSWORD", usage = "password for HTTP authentication")
    private String httpPassword;

    @Argument(index = 0, required = true, metaVar = "USERNAME", usage = "name of the user account")
    private String username;

    @Inject
    private IdentifiedUser currentUser;

    @Inject
    private ReviewDb db;

    @Inject
    private SshKeyCache sshKeyCache;

    @Inject
    private AccountCache accountCache;

    @Inject
    private AccountByEmailCache byEmailCache;

    CreateAccountCommand() {
    }

    @Override // com.google.gerrit.sshd.SshCommand
    protected void run() throws OrmException, IOException, InvalidSshKeyException, BaseCommand.UnloggedFailure {
        if (!this.username.matches(Account.USER_NAME_PATTERN)) {
            throw die("Username '" + this.username + "' must contain only letters, numbers, _, - or .");
        }
        Account.Id id = new Account.Id(this.db.nextAccountId());
        AccountSshKey readSshKey = readSshKey(id);
        AccountExternalId accountExternalId = new AccountExternalId(id, new AccountExternalId.Key(AccountExternalId.SCHEME_USERNAME, this.username));
        if (this.httpPassword != null) {
            accountExternalId.setPassword(this.httpPassword);
        }
        if (this.db.accountExternalIds().get(accountExternalId.getKey()) != null) {
            throw die("username '" + this.username + "' already exists");
        }
        if (this.email != null && this.db.accountExternalIds().get(getEmailKey()) != null) {
            throw die("email '" + this.email + "' already exists");
        }
        try {
            this.db.accountExternalIds().insert(Collections.singleton(accountExternalId));
            if (this.email != null) {
                AccountExternalId accountExternalId2 = new AccountExternalId(id, getEmailKey());
                accountExternalId2.setEmailAddress(this.email);
                try {
                    this.db.accountExternalIds().insert(Collections.singleton(accountExternalId2));
                } catch (OrmDuplicateKeyException e) {
                    try {
                        this.db.accountExternalIds().delete(Collections.singleton(accountExternalId));
                    } catch (OrmException e2) {
                    }
                    throw die("email '" + this.email + "' already exists");
                }
            }
            Account account = new Account(id);
            account.setFullName(this.fullName);
            account.setPreferredEmail(this.email);
            this.db.accounts().insert(Collections.singleton(account));
            if (readSshKey != null) {
                this.db.accountSshKeys().insert(Collections.singleton(readSshKey));
            }
            Iterator it = new HashSet(this.groups).iterator();
            while (it.hasNext()) {
                AccountGroupMember accountGroupMember = new AccountGroupMember(new AccountGroupMember.Key(id, (AccountGroup.Id) it.next()));
                this.db.accountGroupMembersAudit().insert(Collections.singleton(new AccountGroupMemberAudit(accountGroupMember, this.currentUser.getAccountId())));
                this.db.accountGroupMembers().insert(Collections.singleton(accountGroupMember));
            }
            this.sshKeyCache.evict(this.username);
            this.accountCache.evictByUsername(this.username);
            this.byEmailCache.evict(this.email);
        } catch (OrmDuplicateKeyException e3) {
            throw die("username '" + this.username + "' already exists");
        }
    }

    private AccountExternalId.Key getEmailKey() {
        return new AccountExternalId.Key(AccountExternalId.SCHEME_MAILTO, this.email);
    }

    private AccountSshKey readSshKey(Account.Id id) throws UnsupportedEncodingException, IOException, InvalidSshKeyException {
        if (this.sshKey == null) {
            return null;
        }
        if ("-".equals(this.sshKey)) {
            this.sshKey = "";
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(this.in, "UTF-8"));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                this.sshKey += readLine + "\n";
            }
        }
        return this.sshKeyCache.create(new AccountSshKey.Id(id, 1), this.sshKey.trim());
    }
}
