package com.ibm.nosql.db2wire.server;

import com.ibm.nosql.json.api.BasicDBList;
import com.ibm.nosql.json.api.BasicDBObject;
import com.ibm.nosql.json.api.DBObject;
import com.ibm.nosql.json.resources.Messages;
import com.ibm.nosql.socket.Listener;
import com.ibm.nosql.utils.NoSQLConfig;
import com.ibm.nosql.utils.RequestContext;
import com.ibm.nosql.wireListener.auth.ConfigTool;
import com.ibm.nosql.wireListener.auth.ManageRegistry;
import com.ibm.nosql.wireListener.auth.Scram;
import com.ibm.nosql.wireListener.auth.UserAuthentication;
import com.ibm.nosql.wireListener.bson.BSONObject;
import com.ibm.nosql.wireListener.bson.BasicBSONObject;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Iterator;

/* loaded from: input_file:com/ibm/nosql/db2wire/server/DB2Security.class */
public class DB2Security {
    private static final boolean LOCK_REGISTRY = false;
    private static final String MECHANISM = "mechanisms";
    private static final String CUSTOMDATA = "customData";
    public static final String SHA1 = "SCRAM-SHA-1";
    public static final String SHA256 = "SCRAM-SHA-256";
    private static ManageRegistry registry = null;
    private static boolean isAuthenticationRequired = true;
    private static boolean forceSingleAuthentication = false;
    public static boolean registryIsBlocked = false;
    public static int AUTH_MECH_SHA_1 = 1;
    public static int AUTH_MECH_SHA_256 = 2;
    public static int AUTH_MECH_SHA_BOTH = 3;

    public static void setCredentials(NoSQLConfig noSQLConfig) {
        if (noSQLConfig.getRegistryFileName() == null) {
            isAuthenticationRequired = false;
            return;
        }
        registry = new ManageRegistry(noSQLConfig.getRegistryFileName());
        if (registry == null || registry.getAuthenticationType() != ManageRegistry.AUTH_TYPE_SINGLE) {
            return;
        }
        forceSingleAuthentication = true;
    }

    public static void setCredentials(String str) {
        if (str == null || str.length() == 0) {
            isAuthenticationRequired = false;
        } else {
            registry = new ManageRegistry(str);
        }
    }

    public static boolean isAuthenticationRequired() {
        return isAuthenticationRequired;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isUserAuthenticated(RequestContext requestContext, int i) {
        if (isAuthenticationRequired) {
            return requestContext.userIsAuthenticated(i);
        }
        return true;
    }

    static boolean isAdminAuthenticated(RequestContext requestContext, int i) {
        if (isAuthenticationRequired && !requestContext.userIsAuthenticated(i)) {
            return requestContext.adminIsAuthenticated(i);
        }
        return true;
    }

    public static boolean isDbUsingContext(String str) {
        return registry.isDbUseTrustedContext(str);
    }

    public static boolean isDbAuthenticationRequired(String str) {
        if (str == null || str.length() == 0) {
            return isAuthenticationRequired();
        }
        if (isAuthenticationRequired) {
            return registry.isDbAuthenticatedUse(str);
        }
        return false;
    }

    public static void nonce(RequestContext requestContext, DBObject dBObject) {
        BasicBSONObject basicBSONObject = new BasicBSONObject();
        if (!"1".equals(dBObject.get("getnonce").toString()) && !"1.0".equals(dBObject.get("getnonce").toString())) {
            setResponse(requestContext, basicBSONObject, false, 0, null);
        } else {
            basicBSONObject.put("nonce", (Object) ManageRegistry.getNonce());
            setResponse(requestContext, basicBSONObject, true, 0, null);
        }
    }

    public static void authenticate(RequestContext requestContext, DBObject dBObject) {
        BasicBSONObject basicBSONObject = new BasicBSONObject();
        if (dBObject == null || dBObject.get("authenticate") == null) {
            setResponse(requestContext, basicBSONObject, false, 0, "TXT_2041", null);
            return;
        }
        if (((Integer) dBObject.get("authenticate")).intValue() != 1) {
            setResponse(requestContext, basicBSONObject, false, 0, "TXT_2041", null);
            return;
        }
        if (!isAuthenticationRequired) {
            setResponse(requestContext, basicBSONObject, true, 0, null);
            return;
        }
        if (registry == null || !registry.isRegistryLoaded()) {
            setResponse(requestContext, basicBSONObject, false, 0, "TXT_2094", null);
            return;
        }
        if (!registry.isDbAuthenticatedUse(requestContext.getDBName())) {
            setResponse(requestContext, basicBSONObject, true, 0, null);
            return;
        }
        if (forceSingleAuthentication && requestContext.getUserAuthentication() != null) {
            setResponse(requestContext, basicBSONObject, false, 0, "TXT_2040", null);
            return;
        }
        String str = (String) dBObject.get("user");
        if (str == null) {
            setResponse(requestContext, basicBSONObject, false, 0, "Username was not set");
            return;
        }
        String str2 = (String) dBObject.get("nonce");
        if (str2 == null) {
            setResponse(requestContext, basicBSONObject, false, 0, "Nonce was not set");
            return;
        }
        if (dBObject.get("key") == null) {
            setResponse(requestContext, basicBSONObject, false, 0, "Key was not set");
            return;
        }
        try {
            String encryptedToken = registry.getEncryptedToken(str2, str, requestContext.getDBName());
            if (encryptedToken == null || !encryptedToken.equals((String) dBObject.get("key"))) {
                setResponse(requestContext, basicBSONObject, false, 18, "auth fails");
            } else {
                requestContext.setUserAuthentication(requestContext.getDBName(), new UserAuthentication(str, requestContext.getDBName(), true, registry.getContextUser(str, requestContext.getDBName()), registry.getRoles(str, requestContext.getDBName()), str2));
                setResponse(requestContext, basicBSONObject, true, 0, null);
            }
        } catch (Exception e) {
            setResponse(requestContext, basicBSONObject, false, 18, "auth fails");
        }
    }

    public static void shaAuthenticate(RequestContext requestContext, DBObject dBObject) {
        DBObject dBObject2;
        BasicBSONObject basicBSONObject = new BasicBSONObject();
        if (dBObject == null || dBObject.get("mechanism") == null || dBObject.get("payload") == null) {
            setResponse(requestContext, basicBSONObject, false, 0, "TXT_2041", null);
            return;
        }
        boolean z = false;
        if ("1".equals(dBObject.get("saslStart").toString()) || "1.0".equals(dBObject.get("saslStart").toString())) {
            z = true;
        }
        if (!z) {
            setResponse(requestContext, basicBSONObject, false, 0, "TXT_2041", null);
            return;
        }
        String dBName = requestContext.getDBName();
        if (dBObject.containsField("$db") == Boolean.TRUE.booleanValue()) {
            dBName = (String) dBObject.get("$db");
        }
        boolean z2 = false;
        boolean z3 = false;
        if (SHA1.equals(dBObject.get("mechanism"))) {
            z2 = true;
        }
        if (SHA256.equals(dBObject.get("mechanism"))) {
            z3 = true;
        }
        if (!z2 && !z3) {
            setResponse(requestContext, basicBSONObject, false, 0, "TXT_2041", null);
            return;
        }
        if (!isAuthenticationRequired) {
            setResponse(requestContext, basicBSONObject, true, 0, null);
            return;
        }
        if (registry == null || !registry.isRegistryLoaded()) {
            setResponse(requestContext, basicBSONObject, false, 0, "TXT_2094", null);
            return;
        }
        if (!registry.isDbAuthenticatedUse(requestContext.getDBName())) {
            setResponse(requestContext, basicBSONObject, true, 0, null);
            return;
        }
        if (forceSingleAuthentication && requestContext.getUserAuthentication() != null) {
            setResponse(requestContext, basicBSONObject, false, 0, "TXT_2040", null);
            return;
        }
        byte[] bArr = (byte[]) dBObject.get("payload");
        if (bArr == null) {
            setResponse(requestContext, basicBSONObject, false, 0, "Payload was not set");
            return;
        }
        try {
            BasicDBObject parsePayload = parsePayload(bArr);
            String str = (String) parsePayload.get("n");
            if (str == null) {
                setResponse(requestContext, basicBSONObject, false, 0, "Invalid Payload");
                return;
            }
            String str2 = (String) parsePayload.get("r");
            if (str2 == null) {
                setResponse(requestContext, basicBSONObject, false, 0, "Missing nonce in Payload");
                return;
            }
            DBObject credential = registry.getCredential(str, dBName);
            if (credential == null) {
                setResponse(requestContext, basicBSONObject, false, 0, "User does not exist in database " + dBName);
                return;
            }
            int i = 1;
            if (z2) {
                dBObject2 = (DBObject) credential.get(SHA1);
            } else {
                dBObject2 = (DBObject) credential.get(SHA256);
                i = 2;
            }
            if (dBObject2 == null) {
                setResponse(requestContext, basicBSONObject, false, 0, "Invalid user's authentication mechanism");
                return;
            }
            String obj = dBObject2.get("salt").toString();
            String obj2 = dBObject2.get("iterationCount").toString();
            String obj3 = dBObject2.get("storedKey").toString();
            String obj4 = dBObject2.get("serverKey").toString();
            String nonce = ManageRegistry.getNonce();
            String str3 = str2 + nonce;
            String str4 = "r=" + str3 + ",s=" + obj + ",i=" + obj2;
            basicBSONObject.put("conversationId", (Object) 1);
            basicBSONObject.put("done", (Object) false);
            basicBSONObject.put("payload", (Object) Scram.getUTF8Bytes(str4));
            basicBSONObject.put("ok", (Object) 1);
            requestContext.addToResponse(basicBSONObject);
            requestContext.setUserAuthentication(dBName, new UserAuthentication(str, dBName, false, registry.getContextUser(str, dBName), registry.getRoles(str, dBName), nonce, "n=" + str + ",r=" + str2 + "," + str4 + ",c=biws,r=" + str3, obj3, obj4, i));
        } catch (Exception e) {
            setResponse(requestContext, basicBSONObject, false, 18, "Authentication failed: " + e.getMessage());
        }
    }

    public static void verifyClientProof(RequestContext requestContext, DBObject dBObject) {
        BasicBSONObject basicBSONObject = new BasicBSONObject();
        if (dBObject == null || dBObject.get("payload") == null) {
            setResponse(requestContext, basicBSONObject, false, 0, "TXT_2041", null);
            return;
        }
        String obj = dBObject.containsField("conversationId") ? dBObject.get("conversationId").toString() : "1";
        byte[] bArr = (byte[]) dBObject.get("payload");
        if (bArr == null) {
            setResponse(requestContext, basicBSONObject, false, 0, "Payload was not set");
            return;
        }
        if (bArr.length == 0 && requestContext.getUserAuthentication().isAuthenticated()) {
            basicBSONObject.put("conversationId", (Object) Integer.valueOf(Integer.parseInt(obj)));
            basicBSONObject.put("done", (Object) true);
            basicBSONObject.put("payload", (Object) bArr);
            basicBSONObject.put("ok", (Object) 1);
            requestContext.addToResponse(basicBSONObject);
            return;
        }
        try {
            BasicDBObject parsePayload = parsePayload(bArr);
            String str = (String) parsePayload.get("p");
            if (str == null) {
                setResponse(requestContext, basicBSONObject, false, 0, "Missing clientProof from payload");
                return;
            }
            if (((String) parsePayload.get("r")) == null) {
                setResponse(requestContext, basicBSONObject, false, 0, "Missing nonce in Payload");
                return;
            }
            String verifyClientProof = Scram.verifyClientProof(requestContext, str);
            if (verifyClientProof == null) {
                setResponse(requestContext, basicBSONObject, false, 0, "Invalid clientProof");
                return;
            }
            basicBSONObject.put("conversationId", (Object) Integer.valueOf(Integer.parseInt(obj)));
            basicBSONObject.put("done", (Object) false);
            basicBSONObject.put("payload", (Object) Scram.getUTF8Bytes("v=" + verifyClientProof));
            basicBSONObject.put("ok", (Object) 1);
            requestContext.addToResponse(basicBSONObject);
        } catch (Exception e) {
            setResponse(requestContext, basicBSONObject, false, 18, "Authentication failed: " + e.getMessage());
        }
    }

    private static BasicDBObject parsePayload(byte[] bArr) {
        BasicDBObject basicDBObject = new BasicDBObject();
        new String();
        try {
            for (String str : new String(bArr, 0, bArr.length, Listener.ENCODING_UTF8).split("\\,")) {
                String[] split = str.split("\\=", 2);
                if (split.length > 1) {
                    basicDBObject.append(split[0], split[1]);
                }
            }
            return basicDBObject;
        } catch (UnsupportedEncodingException e) {
            return basicDBObject;
        }
    }

    public static void logoutUser(RequestContext requestContext, DBObject dBObject) {
        BasicBSONObject basicBSONObject = new BasicBSONObject();
        if (dBObject == null || dBObject.get("logout") == null) {
            setResponse(requestContext, basicBSONObject, false, 0, "TXT_2042", null);
            return;
        }
        if (0 != 0) {
            String str = (String) dBObject.get("nonce");
            if (str == null) {
                setResponse(requestContext, basicBSONObject, false, 0, "Nonce was not set");
                return;
            } else if (requestContext.getUserAuthentication() != null) {
                if (!requestContext.getUserAuthentication().getNonce().equals(str)) {
                    setResponse(requestContext, basicBSONObject, false, 0, "TXT_2042", null);
                    return;
                }
                requestContext.setUserAuthentication(requestContext.getDBName(), null);
            }
        } else {
            requestContext.setUserAuthentication(requestContext.getDBName(), null);
        }
        setResponse(requestContext, basicBSONObject, true, 0, null);
    }

    private static void setResponse(RequestContext requestContext, BasicBSONObject basicBSONObject, boolean z, int i, String str) {
        setResponse(requestContext, basicBSONObject, z, i, null, str);
    }

    private static void setResponse(RequestContext requestContext, BasicBSONObject basicBSONObject, boolean z, int i, String str, String str2) {
        if (str2 != null) {
            basicBSONObject.put("errmsg", (Object) str2);
        } else if (str != null) {
            basicBSONObject.put("errmsg", (Object) Messages.getText(str, new Object[0]));
        }
        if (z) {
            basicBSONObject.put("ok", (Object) 1);
        } else {
            basicBSONObject.put("ok", (Object) 0);
        }
        if (i > 0) {
            basicBSONObject.put("code", (Object) Integer.valueOf(i));
            if (i == 11) {
                basicBSONObject.put("codeName", "UserNotFound");
            }
        }
        requestContext.addToResponse(basicBSONObject);
    }

    private static void setResponseUnblock(RequestContext requestContext, BasicBSONObject basicBSONObject, boolean z, int i, String str, String str2) {
        registryIsBlocked = false;
        setResponse(requestContext, basicBSONObject, z, i, str, str2);
    }

    public static boolean insertUser(RequestContext requestContext, DBObject dBObject) {
        return modifyUser(requestContext, dBObject, true);
    }

    public static void usersInfo(RequestContext requestContext, DBObject dBObject) {
        BasicBSONObject basicBSONObject = new BasicBSONObject();
        if (!isAdminAuthenticated(requestContext, 3)) {
            requestContext.addToResponse(UserAuthentication.getResponseNotAuthAccess());
            return;
        }
        if (registryIsBlocked) {
            setResponse(requestContext, basicBSONObject, false, 0, "Registry is locked, try again later");
        }
        registryIsBlocked = false;
        String[] strArr = new String[0];
        String[] strArr2 = new String[0];
        String dBName = requestContext.getDBName();
        if (registry != null) {
            String[] userNames = dBObject.get("usersInfo") instanceof String ? new String[]{dBObject.get("usersInfo").toString()} : registry.getUserNames();
            r13 = dBObject.containsField("showCredentials") == Boolean.TRUE.booleanValue() ? ((Boolean) dBObject.get("showCredentials")).booleanValue() : false;
            strArr2 = registry.getDbUsers(dBName, userNames);
        }
        try {
            BasicDBList basicDBList = new BasicDBList();
            for (String str : strArr2) {
                BasicDBObject basicDBObject = new BasicDBObject();
                basicDBObject.put("_id", dBName + "." + str);
                basicDBObject.put("user", str);
                basicDBObject.put("db", dBName);
                ArrayList arrayList = new ArrayList();
                int i = AUTH_MECH_SHA_BOTH;
                if (registry != null) {
                    i = registry.getAuthMechanism(str, dBName);
                }
                if (i == AUTH_MECH_SHA_1) {
                    arrayList.add(SHA1);
                } else if (i == AUTH_MECH_SHA_256) {
                    arrayList.add(SHA256);
                } else {
                    arrayList.add(SHA1);
                    arrayList.add(SHA256);
                }
                if (r13) {
                    DBObject credential = registry != null ? registry.getCredential(str, dBName) : null;
                    if (credential != null) {
                        basicDBObject.put("credentials", credential);
                    }
                }
                if (registry != null) {
                    ArrayList<String> mongoRoles = ManageRegistry.getMongoRoles(registry.getRoles(str, dBName));
                    ArrayList arrayList2 = new ArrayList();
                    Iterator<String> it = mongoRoles.iterator();
                    while (it.hasNext()) {
                        String next = it.next();
                        BasicBSONObject basicBSONObject2 = new BasicBSONObject();
                        basicBSONObject2.put("role", (Object) next);
                        basicBSONObject2.put("db", (Object) dBName);
                        arrayList2.add(basicBSONObject2);
                    }
                    basicDBObject.put("role", arrayList2);
                    DBObject dBObject2 = (DBObject) registry.getCustomData(str, dBName);
                    if (dBObject2 != null) {
                        basicDBObject.put(CUSTOMDATA, dBObject2);
                    }
                }
                basicDBObject.put(MECHANISM, arrayList);
                basicDBList.add(basicDBObject);
            }
            basicBSONObject.put("users", (Object) basicDBList);
            basicBSONObject.put("ok", (Object) Double.valueOf(1.0d));
        } catch (Exception e) {
            basicBSONObject.put("errmsg", (Object) e);
            basicBSONObject.put("ok", (Object) Double.valueOf(0.0d));
        }
        setResponseUnblock(requestContext, basicBSONObject, true, 0, null, null);
    }

    public static ArrayList<String> getAuthMechsForUser(RequestContext requestContext, String str, String str2) {
        BasicBSONObject basicBSONObject = new BasicBSONObject();
        ArrayList<String> arrayList = new ArrayList<>();
        if (registry == null) {
            return arrayList;
        }
        if (registryIsBlocked) {
            setResponse(requestContext, basicBSONObject, false, 0, "Registry is locked, try again later");
            return arrayList;
        }
        registryIsBlocked = false;
        try {
            int authMechanism = registry.getAuthMechanism(str2, str);
            registryIsBlocked = false;
            if (authMechanism == AUTH_MECH_SHA_1) {
                arrayList.add(SHA1);
            } else if (authMechanism == AUTH_MECH_SHA_256) {
                arrayList.add(SHA256);
            } else if (authMechanism == AUTH_MECH_SHA_BOTH) {
                arrayList.add(SHA1);
                arrayList.add(SHA256);
            }
        } catch (Exception e) {
            basicBSONObject.put("errmsg", (Object) e);
            basicBSONObject.put("ok", (Object) Double.valueOf(0.0d));
            setResponseUnblock(requestContext, basicBSONObject, false, 0, null, null);
        }
        return arrayList;
    }

    /* JADX WARN: Code restructure failed: missing block: B:99:0x045c, code lost:
    
        setResponseUnblock(r9, r0, false, 0, "Invalid role assignment", null);
        r25 = false;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static boolean modifyUser(com.ibm.nosql.utils.RequestContext r9, com.ibm.nosql.json.api.DBObject r10, boolean r11) {
        /*
            Method dump skipped, instructions count: 1239
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.nosql.db2wire.server.DB2Security.modifyUser(com.ibm.nosql.utils.RequestContext, com.ibm.nosql.json.api.DBObject, boolean):boolean");
    }

    private static boolean isCentralDb(String str) {
        return str.equalsIgnoreCase("admin");
    }

    public static boolean removeUser(RequestContext requestContext, DBObject dBObject) {
        if (!isUserAuthenticated(requestContext, 3)) {
            requestContext.addToResponse(UserAuthentication.getResponseNotAuthAccess());
            return false;
        }
        BasicBSONObject basicBSONObject = new BasicBSONObject();
        if (registryIsBlocked) {
            setResponse(requestContext, basicBSONObject, false, 0, "Registry is locked, try again later");
            return false;
        }
        registryIsBlocked = false;
        String str = null;
        if (dBObject.get("user") != null) {
            str = (String) dBObject.get("user");
        }
        if (dBObject.get(ConfigTool.ACT_USER_DROP) != null) {
            str = (String) dBObject.get(ConfigTool.ACT_USER_DROP);
        }
        if (str == null) {
            setResponseUnblock(requestContext, basicBSONObject, false, 0, "Username was not set", null);
            return false;
        }
        String dBName = requestContext.getDBName();
        if (isCentralDb(requestContext.getDBName())) {
            dBName = null;
        }
        try {
            registry.removeUser(str, dBName);
            setResponseUnblock(requestContext, basicBSONObject, true, 0, null, null);
            if (!registryIsBlocked) {
                return true;
            }
            registryIsBlocked = false;
            return true;
        } catch (Exception e) {
            setResponseUnblock(requestContext, basicBSONObject, false, 11, e.getMessage(), "User '" + str + "@" + dBName + "' not found");
            return false;
        }
    }

    public static void dropAllUsers(RequestContext requestContext) {
        if (!isUserAuthenticated(requestContext, 3)) {
            requestContext.addToResponse(UserAuthentication.getResponseNotAuthAccess());
        }
        BasicBSONObject basicBSONObject = new BasicBSONObject();
        int i = 0;
        double d = 1.0d;
        if (registryIsBlocked) {
            setResponse(requestContext, basicBSONObject, false, 0, "Registry is locked, try again later");
        }
        registryIsBlocked = false;
        try {
            i = registry.removeAllUsers(requestContext.getDBName());
        } catch (Exception e) {
            d = 0.0d;
        }
        if (registryIsBlocked) {
            registryIsBlocked = false;
        }
        basicBSONObject.put("n", (Object) Long.valueOf(i));
        basicBSONObject.put("ok", (Object) Double.valueOf(d));
        requestContext.addToResponse(basicBSONObject);
    }

    public static boolean updateUser(RequestContext requestContext, DBObject dBObject) {
        return modifyUser(requestContext, dBObject, false);
    }

    public static boolean modifyUserRoles(RequestContext requestContext, DBObject dBObject, boolean z) {
        if (!isUserAuthenticated(requestContext, 3)) {
            requestContext.addToResponse(UserAuthentication.getResponseNotAuthAccess());
            return false;
        }
        BasicBSONObject basicBSONObject = new BasicBSONObject();
        if (registryIsBlocked) {
            setResponse(requestContext, basicBSONObject, false, 0, "Registry is locked, try again later");
            return false;
        }
        registryIsBlocked = false;
        String str = null;
        if (z && dBObject.get("grantRolesToUser") != null) {
            str = (String) dBObject.get("grantRolesToUser");
        } else if (dBObject.get("revokeRolesFromUser") != null) {
            str = (String) dBObject.get("revokeRolesFromUser");
        }
        if (str == null) {
            setResponseUnblock(requestContext, basicBSONObject, false, 0, "Username was not set", null);
            return false;
        }
        String dBName = requestContext.getDBName();
        String[] strArr = null;
        boolean z2 = false;
        if (dBObject.get("roles") == null) {
            z2 = true;
        } else if ((dBObject.get("roles") instanceof DBObject) && (((DBObject) dBObject.get("roles")) instanceof BasicDBList)) {
            z2 = true;
            BasicDBList basicDBList = (BasicDBList) dBObject.get("roles");
            if (basicDBList.size() > 0) {
                strArr = new String[basicDBList.size()];
                for (int i = 0; i < basicDBList.size(); i++) {
                    if (basicDBList.get(i) instanceof String) {
                        strArr[i] = (String) basicDBList.get(i);
                    } else if (basicDBList.get(i) instanceof DBObject) {
                        DBObject dBObject2 = (DBObject) basicDBList.get(i);
                        if ((dBObject2.get("role") instanceof String) && dBName.equals(dBObject2.get("db"))) {
                            strArr[i] = (String) dBObject2.get("role");
                        }
                    }
                }
            }
        }
        if (!z2) {
            setResponseUnblock(requestContext, basicBSONObject, false, 0, "Invalid roles", null);
            return false;
        }
        String convertMongoRoles = ManageRegistry.convertMongoRoles(strArr);
        String convertMongoRolesAny = ManageRegistry.convertMongoRolesAny(strArr);
        if (convertMongoRoles.equalsIgnoreCase(UserAuthentication.NO_ROLE) && convertMongoRolesAny.equalsIgnoreCase(UserAuthentication.NO_ROLE)) {
            setResponseUnblock(requestContext, basicBSONObject, false, 0, "Invalid role assignment", null);
            return false;
        }
        try {
            registry.updateRoles(str, dBName, ManageRegistry.mergeRoles(convertMongoRoles, convertMongoRolesAny, true), z);
            setResponseUnblock(requestContext, basicBSONObject, true, 0, null, null);
            if (!registryIsBlocked) {
                return true;
            }
            registryIsBlocked = false;
            return true;
        } catch (Exception e) {
            setResponseUnblock(requestContext, basicBSONObject, false, 0, e.getMessage(), null);
            return false;
        }
    }

    public static void checkDuplicateUser(RequestContext requestContext, DBObject dBObject) {
        if (!isUserAuthenticated(requestContext, 3)) {
            requestContext.addToResponse(getResponseNotAuthAccess());
            return;
        }
        BasicBSONObject basicBSONObject = new BasicBSONObject();
        String str = null;
        if (dBObject.get("user") != null) {
            str = (String) dBObject.get("user");
        }
        if (str == null) {
            requestContext.addToResponse(getResponseError("Username was not set"));
            return;
        }
        try {
            if (requestContext.getDBName().equalsIgnoreCase("admin")) {
                registry.isUserRegistered(str, null);
            } else {
                registry.isUserRegistered(str, requestContext.getDBName());
            }
            basicBSONObject.put("ok", (Object) 1);
            requestContext.addToResponse(basicBSONObject);
        } catch (Exception e) {
            requestContext.addToResponse(getResponseError("duplicate username"));
        }
    }

    public static BSONObject getResponseNotAuthAccess() {
        BasicBSONObject basicBSONObject = new BasicBSONObject();
        basicBSONObject.put("errmsg", (Object) "not authorized");
        basicBSONObject.put("ok", (Object) Double.valueOf(0.0d));
        return basicBSONObject;
    }

    public static BasicBSONObject getResponseError(String str) {
        BasicBSONObject basicBSONObject = new BasicBSONObject();
        basicBSONObject.put("errmsg", (Object) str);
        basicBSONObject.put("ok", (Object) Double.valueOf(0.0d));
        return basicBSONObject;
    }
}
