package com.googlesource.gerrit.plugins.importer;

import com.google.gerrit.common.errors.InvalidSshKeyException;
import com.google.gerrit.common.errors.NoSuchAccountException;
import com.google.gerrit.extensions.api.accounts.AccountInput;
import com.google.gerrit.extensions.api.groups.GroupApi;
import com.google.gerrit.extensions.common.AccountInfo;
import com.google.gerrit.extensions.common.SshKeyInfo;
import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.TopLevelResource;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AuthType;
import com.google.gerrit.server.account.AccountCache;
import com.google.gerrit.server.account.AccountException;
import com.google.gerrit.server.account.AccountManager;
import com.google.gerrit.server.account.AccountState;
import com.google.gerrit.server.account.AuthRequest;
import com.google.gerrit.server.account.CreateAccount;
import com.google.gerrit.server.account.VersionedAuthorizedKeys;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:com/googlesource/gerrit/plugins/importer/AccountUtil.class */
class AccountUtil {
    private static Logger log = LoggerFactory.getLogger(AccountUtil.class);
    private static final String IMPORTED_USERS = "Imported Users";
    private final AccountCache accountCache;
    private final AccountManager accountManager;
    private final AuthType authType;
    private final com.google.gerrit.extensions.api.GerritApi gApi;
    private final VersionedAuthorizedKeys.Accessor authorizedKeys;
    private final CreateAccount.Factory createAccountFactory;

    /* renamed from: com.googlesource.gerrit.plugins.importer.AccountUtil$1, reason: invalid class name */
    /* loaded from: input_file:com/googlesource/gerrit/plugins/importer/AccountUtil$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$google$gerrit$reviewdb$client$AuthType = new int[AuthType.values().length];

        static {
            try {
                $SwitchMap$com$google$gerrit$reviewdb$client$AuthType[AuthType.HTTP_LDAP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$google$gerrit$reviewdb$client$AuthType[AuthType.CLIENT_SSL_CERT_LDAP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$google$gerrit$reviewdb$client$AuthType[AuthType.LDAP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$google$gerrit$reviewdb$client$AuthType[AuthType.CUSTOM_EXTENSION.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$google$gerrit$reviewdb$client$AuthType[AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$google$gerrit$reviewdb$client$AuthType[AuthType.HTTP.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$com$google$gerrit$reviewdb$client$AuthType[AuthType.LDAP_BIND.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$com$google$gerrit$reviewdb$client$AuthType[AuthType.OAUTH.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$com$google$gerrit$reviewdb$client$AuthType[AuthType.OPENID.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$com$google$gerrit$reviewdb$client$AuthType[AuthType.OPENID_SSO.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
        }
    }

    @Inject
    public AccountUtil(AccountCache accountCache, AccountManager accountManager, AuthConfig authConfig, com.google.gerrit.extensions.api.GerritApi gerritApi, VersionedAuthorizedKeys.Accessor accessor, CreateAccount.Factory factory) {
        this.accountCache = accountCache;
        this.accountManager = accountManager;
        this.authType = authConfig.getAuthType();
        this.gApi = gerritApi;
        this.authorizedKeys = accessor;
        this.createAccountFactory = factory;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Account.Id resolveUser(GerritApi gerritApi, AccountInfo accountInfo) throws NoSuchAccountException, IOException, OrmException, RestApiException, ConfigInvalidException {
        if (accountInfo.username == null) {
            throw new NoSuchAccountException(String.format("User %s <%s> (%s) doesn't have a username and cannot be looked up.", accountInfo.name, accountInfo.email, accountInfo._accountId));
        }
        AccountState byUsername = this.accountCache.getByUsername(accountInfo.username);
        if (byUsername == null) {
            switch (AnonymousClass1.$SwitchMap$com$google$gerrit$reviewdb$client$AuthType[this.authType.ordinal()]) {
                case 1:
                case 2:
                case 3:
                    return createAccountByLdapAndAddSshKeys(gerritApi, accountInfo);
                case 4:
                case 5:
                case 6:
                case 7:
                case 8:
                case 9:
                case 10:
                default:
                    return createLocalUser(accountInfo);
            }
        }
        if (!Objects.equals(byUsername.getAccount().getPreferredEmail(), accountInfo.email)) {
            log.warn(String.format("Email mismatch for user %s: expected %s but found %s", accountInfo.username, accountInfo.email, byUsername.getAccount().getPreferredEmail()));
        }
        return byUsername.getAccount().getId();
    }

    private Account.Id createAccountByLdapAndAddSshKeys(GerritApi gerritApi, AccountInfo accountInfo) throws NoSuchAccountException, IOException, OrmException, RestApiException, ConfigInvalidException {
        if (!accountInfo.username.matches("^([a-zA-Z0-9][a-zA-Z0-9._-]*[a-zA-Z0-9]|[a-zA-Z0-9])$")) {
            throw new NoSuchAccountException(String.format("User %s not found", accountInfo.username));
        }
        try {
            AuthRequest forUser = AuthRequest.forUser(accountInfo.username);
            forUser.setSkipAuthentication(true);
            Account.Id accountId = this.accountManager.authenticate(forUser).getAccountId();
            addSshKeys(gerritApi, accountInfo);
            return accountId;
        } catch (AccountException e) {
            return createLocalUser(accountInfo);
        }
    }

    private void addSshKeys(GerritApi gerritApi, AccountInfo accountInfo) throws BadRequestException, IOException, OrmException, ConfigInvalidException {
        List<SshKeyInfo> sshKeys = gerritApi.getSshKeys(accountInfo.username);
        AccountState byUsername = this.accountCache.getByUsername(accountInfo.username);
        Iterator<SshKeyInfo> it = sshKeys.iterator();
        while (it.hasNext()) {
            try {
                this.authorizedKeys.addKey(byUsername.getAccount().getId(), it.next().sshPublicKey);
            } catch (InvalidSshKeyException e) {
                log.warn(String.format("Invalid SSH key for user %s", accountInfo.username));
            }
        }
    }

    private Account.Id createLocalUser(AccountInfo accountInfo) throws OrmException, RestApiException, IOException, ConfigInvalidException {
        AccountInput accountInput = new AccountInput();
        log.info(String.format("User '%s' not found", accountInfo.username));
        String str = accountInfo.username;
        accountInput.username = str;
        accountInput.email = accountInfo.email;
        accountInput.name = accountInfo.name;
        AccountInfo accountInfo2 = (AccountInfo) this.createAccountFactory.create(str).apply(TopLevelResource.INSTANCE, accountInput).value();
        log.info(String.format("Local user '%s' created", str));
        Account.Id id = new Account.Id(accountInfo2._accountId.intValue());
        Account account = this.accountCache.get(id).getAccount();
        addToImportedUsersGroup(id);
        account.setActive(false);
        this.accountCache.evict(id);
        return id;
    }

    private void addToImportedUsersGroup(Account.Id id) throws RestApiException {
        GroupApi create;
        try {
            create = this.gApi.groups().id(IMPORTED_USERS);
        } catch (ResourceNotFoundException e) {
            create = this.gApi.groups().create(IMPORTED_USERS);
        }
        create.addMembers(new String[]{Integer.toString(id.get())});
    }
}
