package org.neo4j.graphdb.security;

import org.neo4j.gqlstatus.ErrorGqlStatusObject;
import org.neo4j.gqlstatus.ErrorGqlStatusObjectImplementation;
import org.neo4j.gqlstatus.GqlRuntimeException;
import org.neo4j.gqlstatus.GqlStatusInfoCodes;
import org.neo4j.kernel.api.exceptions.Status;

/* loaded from: input_file:org/neo4j/graphdb/security/AuthorizationViolationException.class */
public class AuthorizationViolationException extends GqlRuntimeException implements Status.HasStatus {
    public static final String PERMISSION_DENIED = "Permission denied.";
    private final Status statusCode;

    private AuthorizationViolationException(ErrorGqlStatusObject errorGqlStatusObject, String str, Status status) {
        super(errorGqlStatusObject, str);
        this.statusCode = status;
    }

    private AuthorizationViolationException(ErrorGqlStatusObject errorGqlStatusObject, String str) {
        super(errorGqlStatusObject, str);
        this.statusCode = Status.Security.Forbidden;
    }

    public static AuthorizationViolationException authorizationViolation(String str) {
        return new AuthorizationViolationException(ErrorGqlStatusObjectImplementation.from(GqlStatusInfoCodes.STATUS_42NFF).build(), str);
    }

    public static AuthorizationViolationException credentialsExpired(String str) {
        return new AuthorizationViolationException(ErrorGqlStatusObjectImplementation.from(GqlStatusInfoCodes.STATUS_42NFF).withCause(ErrorGqlStatusObjectImplementation.from(GqlStatusInfoCodes.STATUS_42NFD).build()).build(), str, Status.Security.CredentialsExpired);
    }

    public static AuthorizationViolationException alterCurrentUserNotAllowed() {
        return new AuthorizationViolationException(ErrorGqlStatusObjectImplementation.from(GqlStatusInfoCodes.STATUS_42NFF).build(), "`ALTER CURRENT USER` is not permitted.");
    }

    public static AuthorizationViolationException impersonationDisallowed(String str) {
        return new AuthorizationViolationException(ErrorGqlStatusObjectImplementation.from(GqlStatusInfoCodes.STATUS_42N83).build(), str, Status.Security.CredentialsExpired);
    }

    public static AuthorizationViolationException permissionDeniedUnauthorized() {
        return new AuthorizationViolationException(ErrorGqlStatusObjectImplementation.from(GqlStatusInfoCodes.STATUS_42NFF).build(), PERMISSION_DENIED, Status.Security.Unauthorized);
    }

    public static AuthorizationViolationException permissionDeniedForbidden() {
        return new AuthorizationViolationException(ErrorGqlStatusObjectImplementation.from(GqlStatusInfoCodes.STATUS_42NFF).build(), PERMISSION_DENIED, Status.Security.Forbidden);
    }

    public static AuthorizationViolationException updatesWhenImpersonating() {
        return new AuthorizationViolationException(ErrorGqlStatusObjectImplementation.from(GqlStatusInfoCodes.STATUS_42NFF).build(), "Not allowed to run updating system commands when impersonating a user.");
    }

    public static AuthorizationViolationException revokingImmutablePrivileges(String str) {
        return new AuthorizationViolationException(ErrorGqlStatusObjectImplementation.from(GqlStatusInfoCodes.STATUS_42NFF).build(), "Immutable privileges cannot be revoked. Use `SHOW ROLE %s PRIVILEGES AS COMMANDS YIELD *` to inspect %s's privileges.".formatted(str, str));
    }

    public static AuthorizationViolationException grantingImmutablePrivileges() {
        return new AuthorizationViolationException(ErrorGqlStatusObjectImplementation.from(GqlStatusInfoCodes.STATUS_42NFF).build(), "Immutable privileges cannot be granted. Try granting the privilege without the IMMUTABLE keyword.");
    }

    public static AuthorizationViolationException denyingImmutablePrivileges() {
        return new AuthorizationViolationException(ErrorGqlStatusObjectImplementation.from(GqlStatusInfoCodes.STATUS_42NFF).build(), "Immutable privileges cannot be denied. Try denying the privilege without the IMMUTABLE keyword.");
    }

    public static AuthorizationViolationException droppingImmutableRoles() {
        return authorizationViolation("Immutable roles cannot be dropped. Use `SHOW ROLES YIELD *` to see which roles are immutable.");
    }

    public static AuthorizationViolationException creatingImmutableRoles() {
        return authorizationViolation("Immutable roles cannot be created. Try creating the role without the IMMUTABLE keyword.");
    }

    public static AuthorizationViolationException replacingImmutableRoles() {
        return authorizationViolation("Immutable roles cannot be replaced. Use `SHOW ROLES YIELD *` to see which roles are immutable.");
    }

    public static AuthorizationViolationException renamingImmutableRoles() {
        return authorizationViolation("Immutable roles cannot be renamed. Use `SHOW ROLES YIELD *` to see which roles are immutable.");
    }

    public static AuthorizationViolationException assigningMutablePrivilegesToImmutableRole() {
        return authorizationViolation("Only immutable privileges can be assigned to an immutable role. Try `GRANT/DENY IMMUTABLE` instead.");
    }

    public static AuthorizationViolationException copyingRoleWithMutablePrivileges(String str) {
        return authorizationViolation("'$role' cannot be copied to an immutable role because '$role' has one or more non-immutable privileges. Immutable roles can only contain immutable privileges. Use `SHOW ROLE $role PRIVILEGES AS COMMANDS YIELD *` to inspect $role's privileges.".replace("$role", str));
    }

    public static AuthorizationViolationException copyingRoleWithImmutablePrivileges(String str) {
        return authorizationViolation("'$role' cannot be copied because it has one or more immutable privileges assigned to it and immutable privileges cannot be copied. Use `SHOW ROLE $role PRIVILEGES AS COMMANDS YIELD *` to inspect $role's privileges.".replace("$role", str));
    }

    public static String generateCredentialsExpiredMessage(String str) {
        return String.format("%s%n%nThe credentials you provided were valid, but must be changed before you can use this instance. If this is the first time you are using Neo4j, this is to ensure you are not using the default credentials in production. If you are not using default credentials, you are getting this message because an administrator requires a password change.%nTo change your password, issue an `ALTER CURRENT USER SET PASSWORD FROM 'current password' TO 'new password'` statement against the system database.", str);
    }

    public Status status() {
        return this.statusCode;
    }
}
