package com.aoindustries.aoserv.master;

import com.aoindustries.aoserv.client.account.Account;
import com.aoindustries.aoserv.client.account.User;
import com.aoindustries.aoserv.client.linux.User;
import com.aoindustries.aoserv.client.mysql.User;
import com.aoindustries.aoserv.client.postgresql.User;
import com.aoindustries.aoserv.client.schema.Table;
import com.aoindustries.collections.IntCollection;
import com.aoindustries.collections.IntList;
import com.aoindustries.dbc.DatabaseAccess;
import com.aoindustries.dbc.DatabaseConnection;
import com.aoindustries.validation.ValidationException;
import java.io.IOException;
import java.sql.SQLException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/aoindustries/aoserv/master/AccountUserHandler.class */
public final class AccountUserHandler {
    private static final Map<User.Name, Boolean> disabledUsers = new HashMap();
    private static final Map<User.Name, Account.Name> userAccounts = new HashMap();

    private AccountUserHandler() {
    }

    public static boolean canAccessUser(DatabaseConnection databaseConnection, RequestSource requestSource, User.Name name) throws IOException, SQLException {
        return PackageHandler.canAccessPackage(databaseConnection, requestSource, getPackageForUser(databaseConnection, name));
    }

    public static void checkAccessUser(DatabaseConnection databaseConnection, RequestSource requestSource, String str, User.Name name) throws IOException, SQLException {
        if (!canAccessUser(databaseConnection, requestSource, name)) {
            throw new SQLException("currentAdministrator=" + requestSource.getCurrentAdministrator() + " is not allowed to access username: action='" + str + "', username=" + name);
        }
    }

    public static void addUser(DatabaseConnection databaseConnection, RequestSource requestSource, InvalidateList invalidateList, Account.Name name, User.Name name2, boolean z) throws IOException, SQLException {
        if (name2.equals(com.aoindustries.aoserv.client.linux.User.MAIL)) {
            throw new SQLException("Not allowed to add User for name '" + com.aoindustries.aoserv.client.linux.User.MAIL + '\'');
        }
        if (!z) {
            PackageHandler.checkAccessPackage(databaseConnection, requestSource, "addUser", name);
            if (PackageHandler.isPackageDisabled(databaseConnection, name)) {
                throw new SQLException("Unable to add User '" + name2 + "', Package disabled: " + name);
            }
            String name3 = name2.toString();
            int lastIndexOf = name3.lastIndexOf(64);
            if (lastIndexOf != -1) {
                String substring = name3.substring(lastIndexOf + 1);
                if (substring.length() > 0) {
                    MasterServer.checkAccessHostname(databaseConnection, requestSource, "addUser", substring);
                }
            }
        }
        databaseConnection.executeUpdate("insert into account.\"User\" values(?,?,null)", new Object[]{name2, name});
        invalidateList.addTable((DatabaseAccess) databaseConnection, Table.TableID.USERNAMES, PackageHandler.getAccountForPackage((DatabaseAccess) databaseConnection, name), (IntCollection) InvalidateList.allHosts, false);
    }

    public static void disableUser(DatabaseConnection databaseConnection, RequestSource requestSource, InvalidateList invalidateList, int i, User.Name name) throws IOException, SQLException {
        AccountHandler.checkAccessDisableLog(databaseConnection, requestSource, "disableUser", i, false);
        checkAccessUser(databaseConnection, requestSource, "disableUser", name);
        if (isUserDisabled(databaseConnection, name)) {
            throw new SQLException("Username is already disabled: " + name);
        }
        String name2 = name.toString();
        if (User.Name.validate(name2).isValid()) {
            try {
                User.Name valueOf = User.Name.valueOf(name2);
                if (LinuxAccountHandler.isUser(databaseConnection, valueOf) && !LinuxAccountHandler.isUserDisabled(databaseConnection, valueOf)) {
                    throw new SQLException("Cannot disable Username '" + name + "': Linux user not disabled: " + valueOf);
                }
            } catch (ValidationException e) {
                throw new AssertionError("Already validated", e);
            }
        }
        if (User.Name.validate(name2).isValid()) {
            try {
                User.Name valueOf2 = User.Name.valueOf(name2);
                if (MysqlHandler.isUser(databaseConnection, valueOf2) && !MysqlHandler.isUserDisabled(databaseConnection, valueOf2)) {
                    throw new SQLException("Cannot disable Username '" + name + "': MySQL user not disabled: " + valueOf2);
                }
            } catch (ValidationException e2) {
                throw new AssertionError("Already validated", e2);
            }
        }
        if (User.Name.validate(name2).isValid()) {
            try {
                User.Name valueOf3 = User.Name.valueOf(name2);
                if (PostgresqlHandler.isUser(databaseConnection, valueOf3) && !PostgresqlHandler.isUserDisabled(databaseConnection, valueOf3)) {
                    throw new SQLException("Cannot disable Username '" + name + "': PostgreSQL user not disabled: " + valueOf3);
                }
            } catch (ValidationException e3) {
                throw new AssertionError("Already validated", e3);
            }
        }
        databaseConnection.executeUpdate("update account.\"User\" set disable_log=? where username=?", new Object[]{Integer.valueOf(i), name});
        invalidateList.addTable((DatabaseAccess) databaseConnection, Table.TableID.USERNAMES, getAccountForUser(databaseConnection, name), (IntCollection) getHostsForUser(databaseConnection, name), false);
    }

    public static void enableUser(DatabaseConnection databaseConnection, RequestSource requestSource, InvalidateList invalidateList, User.Name name) throws IOException, SQLException {
        checkAccessUser(databaseConnection, requestSource, "enableUser", name);
        int disableLogForUser = getDisableLogForUser(databaseConnection, name);
        if (disableLogForUser == -1) {
            throw new SQLException("User is already enabled: " + name);
        }
        AccountHandler.checkAccessDisableLog(databaseConnection, requestSource, "enableUser", disableLogForUser, true);
        Account.Name packageForUser = getPackageForUser(databaseConnection, name);
        if (PackageHandler.isPackageDisabled(databaseConnection, packageForUser)) {
            throw new SQLException("Unable to enable Username '" + name + "', Package not enabled: " + packageForUser);
        }
        databaseConnection.executeUpdate("update account.\"User\" set disable_log=null where username=?", new Object[]{name});
        invalidateList.addTable((DatabaseAccess) databaseConnection, Table.TableID.USERNAMES, getAccountForUser(databaseConnection, name), (IntCollection) getHostsForUser(databaseConnection, name), false);
    }

    public static int getDisableLogForUser(DatabaseConnection databaseConnection, User.Name name) throws IOException, SQLException {
        return databaseConnection.executeIntQuery("select coalesce(disable_log, -1) from account.\"User\" where username=?", new Object[]{name});
    }

    public static void invalidateTable(Table.TableID tableID) {
        if (tableID == Table.TableID.USERNAMES) {
            synchronized (disabledUsers) {
                disabledUsers.clear();
            }
            synchronized (userAccounts) {
                userAccounts.clear();
            }
        }
    }

    public static boolean isUserNameAvailable(DatabaseConnection databaseConnection, User.Name name) throws IOException, SQLException {
        return databaseConnection.executeBooleanQuery("select (select username from account.\"User\" where username=?) is null", new Object[]{name});
    }

    public static boolean isUserDisabled(DatabaseConnection databaseConnection, User.Name name) throws IOException, SQLException {
        synchronized (disabledUsers) {
            Boolean bool = disabledUsers.get(name);
            if (bool != null) {
                return bool.booleanValue();
            }
            boolean z = getDisableLogForUser(databaseConnection, name) != -1;
            disabledUsers.put(name, Boolean.valueOf(z));
            return z;
        }
    }

    public static void removeUser(DatabaseConnection databaseConnection, RequestSource requestSource, InvalidateList invalidateList, User.Name name) throws IOException, SQLException {
        if (name.equals(requestSource.getCurrentAdministrator())) {
            throw new SQLException("Not allowed to remove self: " + name);
        }
        checkAccessUser(databaseConnection, requestSource, "removeUser", name);
        removeUser(databaseConnection, invalidateList, name);
    }

    public static void removeUser(DatabaseConnection databaseConnection, InvalidateList invalidateList, User.Name name) throws IOException, SQLException {
        if (name.equals(com.aoindustries.aoserv.client.linux.User.MAIL)) {
            throw new SQLException("Not allowed to remove User named '" + com.aoindustries.aoserv.client.linux.User.MAIL + '\'');
        }
        Account.Name accountForUser = getAccountForUser(databaseConnection, name);
        databaseConnection.executeUpdate("delete from account.\"User\" where username=?", new Object[]{name});
        invalidateList.addTable((DatabaseAccess) databaseConnection, Table.TableID.USERNAMES, accountForUser, (IntCollection) InvalidateList.allHosts, false);
    }

    public static Account.Name getAccountForUser(DatabaseConnection databaseConnection, User.Name name) throws IOException, SQLException {
        synchronized (userAccounts) {
            Account.Name name2 = userAccounts.get(name);
            if (name2 != null) {
                return name2;
            }
            Account.Name name3 = (Account.Name) databaseConnection.executeObjectQuery(ObjectFactories.accountNameFactory, "select pk.accounting from account.\"User\" un, billing.\"Package\" pk where un.username=? and un.package=pk.name", new Object[]{name});
            userAccounts.put(name, name3);
            return name3;
        }
    }

    public static Account.Name getPackageForUser(DatabaseConnection databaseConnection, User.Name name) throws IOException, SQLException {
        return (Account.Name) databaseConnection.executeObjectQuery(ObjectFactories.accountNameFactory, "select package from account.\"User\" where username=?", new Object[]{name});
    }

    public static IntList getHostsForUser(DatabaseConnection databaseConnection, User.Name name) throws IOException, SQLException {
        return databaseConnection.executeIntListQuery("select\n  bs.server\nfrom\n  account.\"User\" un,\n  billing.\"Package\" pk,\n  account.\"AccountHost\" bs\nwhere\n  un.username=?\n  and un.package=pk.name\n  and pk.accounting=bs.accounting", new Object[]{name});
    }

    public static List<User.Name> getUsersForPackage(DatabaseConnection databaseConnection, Account.Name name) throws IOException, SQLException {
        return databaseConnection.executeObjectListQuery(ObjectFactories.userNameFactory, "select username from account.\"User\" where package=?", new Object[]{name});
    }

    public static boolean canUserAccessHost(DatabaseConnection databaseConnection, User.Name name, int i) throws IOException, SQLException {
        return databaseConnection.executeBooleanQuery("select\n  (\n    select\n      un.username\n    from\n      account.\"User\" un,\n      billing.\"Package\" pk,\n      account.\"AccountHost\" bs\n    where\n      un.username=?\n      and un.package=pk.name\n      and pk.accounting=bs.accounting\n      and bs.server=?\n    limit 1\n  )\n  is not null\n", new Object[]{name, Integer.valueOf(i)});
    }

    public static void checkUserAccessHost(DatabaseConnection databaseConnection, RequestSource requestSource, String str, User.Name name, int i) throws IOException, SQLException {
        if (!canUserAccessHost(databaseConnection, name, i)) {
            throw new SQLException("username=" + name + " is not allowed to access server.id=" + i + ": action='" + str + "'");
        }
    }
}
