package org.neo4j.commandline.admin.security;

import java.io.IOException;
import java.nio.file.Path;
import org.neo4j.cli.AbstractAdminCommand;
import org.neo4j.cli.ExecutionContext;
import org.neo4j.commandline.admin.security.exception.InvalidPasswordException;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.ConfigUtils;
import org.neo4j.configuration.GraphDatabaseSettings;
import org.neo4j.graphdb.config.Setting;
import org.neo4j.io.fs.FileSystemAbstraction;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.logging.NullLogProvider;
import org.neo4j.memory.EmptyMemoryTracker;
import org.neo4j.server.security.auth.CommunitySecurityModule;
import org.neo4j.server.security.auth.FileUserRepository;
import org.neo4j.string.UTF8;
import org.neo4j.util.VisibleForTesting;
import picocli.CommandLine;

@CommandLine.Command(name = "set-initial-password", description = {"Sets the initial password of the initial admin user ('neo4j'). And removes the requirement to change password on first login. IMPORTANT: this change will only take effect if performed before the database is started for the first time."})
/* loaded from: input_file:org/neo4j/commandline/admin/security/SetInitialPasswordCommand.class */
public class SetInitialPasswordCommand extends AbstractAdminCommand implements PasswordCommand {

    @CommandLine.Option(names = {"--require-password-change"}, arity = "0..1", paramLabel = "true|false", showDefaultValue = CommandLine.Help.Visibility.ALWAYS, defaultValue = "false", fallbackValue = "true", description = {"Require the user to change their password on first login."})
    private boolean changeRequired;

    @CommandLine.Parameters
    private String password;

    public SetInitialPasswordCommand(ExecutionContext executionContext) {
        super(executionContext);
    }

    @Override // org.neo4j.cli.AbstractCommand
    public void execute() throws IOException {
        Config loadNeo4jConfig = loadNeo4jConfig();
        validatePassword(this.password, loadNeo4jConfig);
        FileSystemAbstraction fs = this.ctx.fs();
        Path initialUserRepositoryFile = CommunitySecurityModule.getInitialUserRepositoryFile(loadNeo4jConfig);
        EmptyMemoryTracker emptyMemoryTracker = EmptyMemoryTracker.INSTANCE;
        if (fs.fileExists(initialUserRepositoryFile)) {
            fs.deleteFile(initialUserRepositoryFile);
        }
        FileUserRepository fileUserRepository = new FileUserRepository(fs, initialUserRepositoryFile, NullLogProvider.getInstance(), emptyMemoryTracker);
        try {
            fileUserRepository.start();
            fileUserRepository.create(new User.Builder("neo4j", createCredentialForPassword(UTF8.encode(this.password))).withRequiredPasswordChange(this.changeRequired).build());
            fileUserRepository.shutdown();
            this.ctx.out().println("Changed password for user 'neo4j'. IMPORTANT: this change will only take effect if performed before the database is started for the first time.");
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @VisibleForTesting
    Config loadNeo4jConfig() {
        Config build = Config.newBuilder().set((Setting<Setting<Path>>) GraphDatabaseSettings.neo4j_home, (Setting<Path>) this.ctx.homeDir().toAbsolutePath()).fromFileNoThrow(this.ctx.confDir().resolve(Config.DEFAULT_CONFIG_FILE_NAME)).commandExpansion(this.allowCommandExpansion).build();
        ConfigUtils.disableAllConnectors(build);
        return build;
    }

    private static void validatePassword(String str, Config config) {
        Integer num = (Integer) config.get(GraphDatabaseSettings.auth_minimum_password_length);
        if (str == null || str.length() == 0) {
            throw new InvalidPasswordException("A password cannot be empty.");
        }
        if (str.length() < num.intValue()) {
            throw new InvalidPasswordException("A password must be at least " + num + " characters.");
        }
    }
}
