package com.aoindustries.aoserv.daemon.postgres;

import com.aoindustries.aoserv.client.AOServConnector;
import com.aoindustries.aoserv.client.distribution.OperatingSystemVersion;
import com.aoindustries.aoserv.client.linux.Server;
import com.aoindustries.aoserv.client.postgresql.User;
import com.aoindustries.aoserv.client.postgresql.UserServer;
import com.aoindustries.aoserv.daemon.AOServDaemon;
import com.aoindustries.aoserv.daemon.AOServDaemonConfiguration;
import com.aoindustries.aoserv.daemon.util.BuilderThread;
import com.aoindustries.util.ErrorPrinter;
import com.aoindustries.validation.ValidationException;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang3.NotImplementedException;

/* loaded from: input_file:com/aoindustries/aoserv/daemon/postgres/PostgresUserManager.class */
public final class PostgresUserManager extends BuilderThread {
    private static final Logger logger = Logger.getLogger(PostgresUserManager.class.getName());
    private static final Object rebuildLock = new Object();
    private static PostgresUserManager postgresUserManager;

    private PostgresUserManager() {
    }

    private static Set<User.Name> getSystemRoles(String str) {
        if (str.startsWith("7.1.") || str.startsWith("7.2.") || str.startsWith("7.3.") || str.startsWith("8.0.") || str.startsWith("8.1.") || str.startsWith("8.3.") || str.startsWith("8.3R") || str.startsWith("9.4.") || str.startsWith("9.4R")) {
            return Collections.singleton(User.POSTGRES);
        }
        if (str.startsWith("9.5.") || str.startsWith("9.5R")) {
            throw new NotImplementedException("TODO: Implement for version " + str);
        }
        if (str.startsWith("9.6.") || str.startsWith("9.6R")) {
            throw new NotImplementedException("TODO: Implement for version " + str);
        }
        if (str.startsWith("10.") || str.startsWith("10R")) {
            return new HashSet(Arrays.asList(User.POSTGRES, User.PG_MONITOR, User.PG_READ_ALL_SETTINGS, User.PG_READ_ALL_STATS, User.PG_SIGNAL_BACKEND, User.PG_STAT_SCAN_TABLES));
        }
        if (str.startsWith("11.") || str.startsWith("11R") || str.startsWith("12.") || str.startsWith("12R") || str.startsWith("13.") || str.startsWith("13R")) {
            return new HashSet(Arrays.asList(User.POSTGRES, User.PG_MONITOR, User.PG_READ_ALL_SETTINGS, User.PG_READ_ALL_STATS, User.PG_SIGNAL_BACKEND, User.PG_STAT_SCAN_TABLES, User.PG_EXECUTE_SERVER_PROGRAM, User.PG_READ_SERVER_FILES, User.PG_WRITE_SERVER_FILES));
        }
        throw new NotImplementedException("TODO: Implement for version " + str);
    }

    private static boolean supportsRoles(String str) {
        return (str.startsWith("7.1.") || str.startsWith("7.2.") || str.startsWith("7.3.") || str.startsWith("8.0.")) ? false : true;
    }

    @Override // com.aoindustries.aoserv.daemon.util.BuilderThread
    protected boolean doRebuild() {
        try {
            Server thisServer = AOServDaemon.getThisServer();
            OperatingSystemVersion operatingSystemVersion = thisServer.getHost().getOperatingSystemVersion();
            int pkey = operatingSystemVersion.getPkey();
            if (pkey != 45 && pkey != 47 && pkey != 67 && pkey != 70) {
                throw new AssertionError("Unsupported OperatingSystemVersion: " + operatingSystemVersion);
            }
            AOServConnector connector = AOServDaemon.getConnector();
            synchronized (rebuildLock) {
                for (com.aoindustries.aoserv.client.postgresql.Server server : thisServer.getPostgresServers()) {
                    List<UserServer> postgresServerUsers = server.getPostgresServerUsers();
                    if (postgresServerUsers.isEmpty()) {
                        logger.severe("No users; refusing to rebuild config: " + server);
                    } else {
                        String version = server.getVersion().getTechnologyVersion(connector).getVersion();
                        Set<User.Name> systemRoles = getSystemRoles(version);
                        boolean supportsRoles = supportsRoles(version);
                        boolean z = false;
                        Connection connection = PostgresServerManager.getPool(server).getConnection();
                        try {
                            try {
                                HashSet<User.Name> hashSet = new HashSet();
                                try {
                                    Statement createStatement = connection.createStatement();
                                    try {
                                        ResultSet executeQuery = createStatement.executeQuery(supportsRoles ? "SELECT rolname FROM pg_authid" : "SELECT usename FROM pg_user");
                                        while (executeQuery.next()) {
                                            try {
                                                String string = executeQuery.getString(1);
                                                if (logger.isLoggable(Level.FINE)) {
                                                    logger.fine("Found user " + string);
                                                }
                                                try {
                                                    User.Name valueOf = User.Name.valueOf(string);
                                                    if (!hashSet.add(valueOf)) {
                                                        throw new SQLException("Duplicate username: " + valueOf);
                                                    }
                                                } catch (ValidationException e) {
                                                    throw new SQLException((Throwable) e);
                                                }
                                            } finally {
                                            }
                                        }
                                        if (executeQuery != null) {
                                            executeQuery.close();
                                        }
                                        if (createStatement != null) {
                                            createStatement.close();
                                        }
                                        ArrayList<UserServer> arrayList = new ArrayList();
                                        for (UserServer userServer : postgresServerUsers) {
                                            if (!hashSet.remove(userServer.getPostgresUser().getKey())) {
                                                arrayList.add(userServer);
                                            }
                                        }
                                        for (User.Name name : hashSet) {
                                            if (!systemRoles.contains(name)) {
                                                if (User.isSpecial(name)) {
                                                    logger.log(Level.WARNING, (String) null, (Throwable) new SQLException("Refusing to drop special user: " + name + " on " + server.getName()));
                                                } else {
                                                    if (logger.isLoggable(Level.FINE)) {
                                                        logger.fine("Dropping user: " + name);
                                                    }
                                                    String str = null;
                                                    try {
                                                        createStatement = connection.createStatement();
                                                        try {
                                                            String str2 = "DROP USER \"" + name + '\"';
                                                            str = str2;
                                                            createStatement.executeUpdate(str2);
                                                            if (createStatement != null) {
                                                                createStatement.close();
                                                            }
                                                        } finally {
                                                        }
                                                    } catch (Error | RuntimeException | SQLException e2) {
                                                        ErrorPrinter.addSQL(e2, str);
                                                        throw e2;
                                                    }
                                                }
                                            }
                                        }
                                        for (UserServer userServer2 : arrayList) {
                                            User postgresUser = userServer2.getPostgresUser();
                                            User.Name key = postgresUser.getKey();
                                            if (!systemRoles.contains(key)) {
                                                if (userServer2.isSpecial()) {
                                                    logger.log(Level.WARNING, (String) null, (Throwable) new SQLException("Refusing to create special user: " + key + " on " + server.getName()));
                                                } else {
                                                    if (logger.isLoggable(Level.FINE)) {
                                                        logger.fine("Adding user: " + key);
                                                    }
                                                    StringBuilder sb = new StringBuilder();
                                                    sb.append(supportsRoles ? "CREATE ROLE " : "CREATE USER ");
                                                    sb.append('\"').append(key).append('\"');
                                                    if (postgresUser.canCreateDB()) {
                                                        sb.append(" CREATEDB");
                                                    }
                                                    if (postgresUser.canCatUPD()) {
                                                        sb.append(supportsRoles ? " CREATEROLE" : " CREATEUSER");
                                                    }
                                                    if (supportsRoles) {
                                                        sb.append(" LOGIN");
                                                    }
                                                    String str3 = null;
                                                    try {
                                                        Statement createStatement2 = connection.createStatement();
                                                        try {
                                                            String sb2 = sb.toString();
                                                            str3 = sb2;
                                                            createStatement2.executeUpdate(sb2);
                                                            if (createStatement2 != null) {
                                                                createStatement2.close();
                                                            }
                                                        } finally {
                                                            if (createStatement2 != null) {
                                                                try {
                                                                    createStatement2.close();
                                                                } catch (Throwable th) {
                                                                    th.addSuppressed(th);
                                                                }
                                                            }
                                                        }
                                                    } catch (Error | RuntimeException | SQLException e3) {
                                                        ErrorPrinter.addSQL(e3, str3);
                                                        throw e3;
                                                    }
                                                }
                                            }
                                        }
                                        if (supportsRoles) {
                                            for (UserServer userServer3 : postgresServerUsers) {
                                                if (!userServer3.isSpecial()) {
                                                    User.Name key2 = userServer3.getPostgresUser().getKey();
                                                    if (systemRoles.contains(key2)) {
                                                        continue;
                                                    } else {
                                                        PreparedStatement prepareStatement = connection.prepareStatement("SELECT rolcanlogin FROM pg_authid WHERE rolname=?");
                                                        try {
                                                            try {
                                                                prepareStatement.setString(1, key2.toString());
                                                                ResultSet executeQuery2 = prepareStatement.executeQuery();
                                                                try {
                                                                    if (!executeQuery2.next()) {
                                                                        throw new SQLException("Unable to find pg_authid entry for rolname='" + key2 + "'");
                                                                    }
                                                                    boolean z2 = executeQuery2.getBoolean(1);
                                                                    if (executeQuery2 != null) {
                                                                        executeQuery2.close();
                                                                    }
                                                                    if (prepareStatement != null) {
                                                                        prepareStatement.close();
                                                                    }
                                                                    if (userServer3.isDisabled()) {
                                                                        if (z2) {
                                                                            if (logger.isLoggable(Level.FINE)) {
                                                                                logger.fine("Removing login role: " + key2);
                                                                            }
                                                                            String str4 = null;
                                                                            try {
                                                                                createStatement = connection.createStatement();
                                                                                try {
                                                                                    String str5 = "ALTER ROLE \"" + key2 + "\" NOLOGIN";
                                                                                    str4 = str5;
                                                                                    createStatement.executeUpdate(str5);
                                                                                    if (createStatement != null) {
                                                                                        createStatement.close();
                                                                                    }
                                                                                } finally {
                                                                                    if (createStatement != null) {
                                                                                        try {
                                                                                            createStatement.close();
                                                                                        } catch (Throwable th2) {
                                                                                            th.addSuppressed(th2);
                                                                                        }
                                                                                    }
                                                                                }
                                                                            } catch (Error | RuntimeException | SQLException e4) {
                                                                                ErrorPrinter.addSQL(e4, str4);
                                                                                throw e4;
                                                                            }
                                                                        } else {
                                                                            continue;
                                                                        }
                                                                    } else if (z2) {
                                                                        continue;
                                                                    } else {
                                                                        if (logger.isLoggable(Level.FINE)) {
                                                                            logger.fine("Adding login role: " + key2);
                                                                        }
                                                                        String str6 = null;
                                                                        try {
                                                                            Statement createStatement3 = connection.createStatement();
                                                                            try {
                                                                                String str7 = "ALTER ROLE \"" + key2 + "\" LOGIN";
                                                                                str6 = str7;
                                                                                createStatement3.executeUpdate(str7);
                                                                                if (createStatement3 != null) {
                                                                                    createStatement3.close();
                                                                                }
                                                                            } finally {
                                                                                if (createStatement3 != null) {
                                                                                    try {
                                                                                        createStatement3.close();
                                                                                    } catch (Throwable th3) {
                                                                                        th.addSuppressed(th3);
                                                                                    }
                                                                                }
                                                                            }
                                                                        } catch (Error | RuntimeException | SQLException e5) {
                                                                            ErrorPrinter.addSQL(e5, str6);
                                                                            throw e5;
                                                                        }
                                                                    }
                                                                } finally {
                                                                }
                                                            } catch (Throwable th4) {
                                                                if (prepareStatement != null) {
                                                                    try {
                                                                        prepareStatement.close();
                                                                    } catch (Throwable th5) {
                                                                        th4.addSuppressed(th5);
                                                                    }
                                                                }
                                                                throw th4;
                                                            }
                                                        } catch (Error | RuntimeException | SQLException e6) {
                                                            ErrorPrinter.addSQL(e6, prepareStatement);
                                                            throw e6;
                                                        }
                                                    }
                                                }
                                            }
                                            z = true;
                                        }
                                        if (connection != null) {
                                            connection.close();
                                        }
                                        if (!z) {
                                            for (UserServer userServer4 : postgresServerUsers) {
                                                if (!userServer4.isSpecial()) {
                                                    String predisablePassword = userServer4.getPredisablePassword();
                                                    if (userServer4.isDisabled()) {
                                                        if (predisablePassword == null) {
                                                            userServer4.setPredisablePassword(getPassword(userServer4));
                                                            setPassword(userServer4, User.NO_PASSWORD, true);
                                                        }
                                                    } else if (predisablePassword != null) {
                                                        setPassword(userServer4, predisablePassword, true);
                                                        userServer4.setPredisablePassword((String) null);
                                                    }
                                                }
                                            }
                                        }
                                    } finally {
                                    }
                                } catch (Error | RuntimeException | SQLException e7) {
                                    ErrorPrinter.addSQL(e7, (String) null);
                                    throw e7;
                                }
                            } catch (Throwable th6) {
                                if (connection != null) {
                                    try {
                                        connection.close();
                                    } catch (Throwable th7) {
                                        th6.addSuppressed(th7);
                                    }
                                }
                                throw th6;
                            }
                        } catch (SQLException e8) {
                            connection.abort(AOServDaemon.executorService);
                            throw e8;
                        }
                    }
                }
            }
            return true;
        } catch (ThreadDeath e9) {
            throw e9;
        } catch (Throwable th8) {
            logger.log(Level.SEVERE, (String) null, th8);
            return false;
        }
    }

    public static String getPassword(UserServer userServer) throws IOException, SQLException {
        if (userServer.isSpecial()) {
            throw new SQLException("Refusing to get the password for a special user: " + userServer);
        }
        com.aoindustries.aoserv.client.postgresql.Server postgresServer = userServer.getPostgresServer();
        boolean supportsRoles = supportsRoles(postgresServer.getVersion().getTechnologyVersion(AOServDaemon.getConnector()).getVersion());
        Connection connection = PostgresServerManager.getPool(postgresServer).getConnection(true);
        try {
            try {
                PreparedStatement prepareStatement = connection.prepareStatement(supportsRoles ? "SELECT rolpassword FROM pg_authid WHERE rolname=?" : "SELECT passwd FROM pg_shadow WHERE usename=?");
                try {
                    try {
                        prepareStatement.setString(1, userServer.getPostgresUser_username().toString());
                        ResultSet executeQuery = prepareStatement.executeQuery();
                        try {
                            if (!executeQuery.next()) {
                                throw new SQLException("No rows returned.");
                            }
                            String string = executeQuery.getString(1);
                            if (executeQuery != null) {
                                executeQuery.close();
                            }
                            if (prepareStatement != null) {
                                prepareStatement.close();
                            }
                            if (connection != null) {
                                connection.close();
                            }
                            return string;
                        } catch (Throwable th) {
                            if (executeQuery != null) {
                                try {
                                    executeQuery.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            }
                            throw th;
                        }
                    } catch (Throwable th3) {
                        if (prepareStatement != null) {
                            try {
                                prepareStatement.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        }
                        throw th3;
                    }
                } catch (Error | RuntimeException | SQLException e) {
                    ErrorPrinter.addSQL(e, prepareStatement);
                    throw e;
                }
            } catch (SQLException e2) {
                connection.abort(AOServDaemon.executorService);
                throw e2;
            }
        } catch (Throwable th5) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Throwable th6) {
                    th5.addSuppressed(th6);
                }
            }
            throw th5;
        }
    }

    public static void setPassword(UserServer userServer, String str, boolean z) throws IOException, SQLException {
        if (userServer.isSpecial()) {
            throw new SQLException("Refusing to set the password for a special user: " + userServer);
        }
        AOServConnector connector = AOServDaemon.getConnector();
        com.aoindustries.aoserv.client.postgresql.Server postgresServer = userServer.getPostgresServer();
        String version = postgresServer.getVersion().getTechnologyVersion(connector).getVersion();
        boolean supportsRoles = supportsRoles(version);
        User.Name postgresUser_username = userServer.getPostgresUser_username();
        Connection connection = PostgresServerManager.getPool(postgresServer).getConnection();
        try {
            try {
                if (supportsRoles) {
                    try {
                        Statement createStatement = connection.createStatement();
                        try {
                            createStatement.executeUpdate("ALTER ROLE \"" + postgresUser_username + "\" WITH " + ((Objects.equals(str, User.NO_PASSWORD) || z) ? "UNENCRYPTED " : "") + "PASSWORD '" + (Objects.equals(str, User.NO_PASSWORD) ? "" : checkPasswordChars(str)) + '\'');
                            if (createStatement != null) {
                                createStatement.close();
                            }
                        } catch (Throwable th) {
                            if (createStatement != null) {
                                try {
                                    createStatement.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            }
                            throw th;
                        }
                    } catch (Error | RuntimeException | SQLException e) {
                        ErrorPrinter.addSQL(e, (String) null);
                        throw e;
                    }
                } else {
                    PreparedStatement prepareStatement = connection.prepareStatement("ALTER USER \"" + postgresUser_username + "\" WITH " + ((version.startsWith("7.1.") || !(Objects.equals(str, User.NO_PASSWORD) || z)) ? "" : "UNENCRYPTED ") + "PASSWORD ?");
                    try {
                        try {
                            prepareStatement.setString(1, Objects.equals(str, User.NO_PASSWORD) ? "" : str);
                            prepareStatement.executeUpdate();
                            if (prepareStatement != null) {
                                prepareStatement.close();
                            }
                        } catch (Throwable th3) {
                            if (prepareStatement != null) {
                                try {
                                    prepareStatement.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            }
                            throw th3;
                        }
                    } catch (Error | RuntimeException | SQLException e2) {
                        ErrorPrinter.addSQL(e2, prepareStatement);
                        throw e2;
                    }
                }
                if (connection != null) {
                    connection.close();
                }
            } catch (SQLException e3) {
                connection.abort(AOServDaemon.executorService);
                throw e3;
            }
        } catch (Throwable th5) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Throwable th6) {
                    th5.addSuppressed(th6);
                }
            }
            throw th5;
        }
    }

    private static String checkPasswordChars(String str) throws SQLException {
        if (str == null) {
            throw new SQLException("password is null");
        }
        if (str.length() == 0) {
            throw new SQLException("password is empty");
        }
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if ((charAt < 'a' || charAt > 'z') && ((charAt < 'A' || charAt > 'Z') && !((charAt >= '0' && charAt <= '9') || charAt == ' ' || charAt == '!' || charAt == '@' || charAt == '#' || charAt == '$' || charAt == '%' || charAt == '^' || charAt == '&' || charAt == '*' || charAt == '(' || charAt == ')' || charAt == '-' || charAt == '_' || charAt == '=' || charAt == '+' || charAt == '[' || charAt == ']' || charAt == '{' || charAt == '}' || charAt == '|' || charAt == ';' || charAt == ':' || charAt == '\"' || charAt == ',' || charAt == '.' || charAt == '<' || charAt == '>' || charAt == '/' || charAt == '?'))) {
                throw new SQLException("Invalid character in password, may only contain a-z, A-Z, 0-9, (space), !@#$%^&*()-_=+[]{}|;:\",.<>/?");
            }
        }
        return str;
    }

    public static void start() throws IOException, SQLException {
        OperatingSystemVersion operatingSystemVersion = AOServDaemon.getThisServer().getHost().getOperatingSystemVersion();
        int pkey = operatingSystemVersion.getPkey();
        synchronized (System.out) {
            if (pkey != 64 && pkey != 63 && pkey != 69) {
                if (AOServDaemonConfiguration.isManagerEnabled(PostgresUserManager.class) && postgresUserManager == null) {
                    System.out.print("Starting PostgresUserManager: ");
                    if (pkey == 45 || pkey == 47 || pkey == 67 || pkey == 70) {
                        AOServConnector connector = AOServDaemon.getConnector();
                        postgresUserManager = new PostgresUserManager();
                        connector.getPostgresql().getUserServer().addTableListener(postgresUserManager, 0L);
                        System.out.println("Done");
                    } else {
                        System.out.println("Unsupported OperatingSystemVersion: " + operatingSystemVersion);
                    }
                }
            }
        }
    }

    public static void waitForRebuild() {
        if (postgresUserManager != null) {
            postgresUserManager.waitForBuild();
        }
    }

    @Override // com.aoindustries.aoserv.daemon.util.BuilderThread
    public String getProcessTimerDescription() {
        return "Rebuild PostgresSQL Users";
    }
}
