package org.apache.iotdb.confignode.persistence;

import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer;
import org.apache.iotdb.commons.auth.authorizer.IAuthorizer;
import org.apache.iotdb.commons.auth.authorizer.OpenIdAuthorizer;
import org.apache.iotdb.commons.auth.entity.PathPrivilege;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.auth.entity.Role;
import org.apache.iotdb.commons.auth.entity.User;
import org.apache.iotdb.commons.conf.CommonConfig;
import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.snapshot.SnapshotProcessor;
import org.apache.iotdb.commons.utils.AuthUtils;
import org.apache.iotdb.commons.utils.FileUtils;
import org.apache.iotdb.confignode.conf.ConfigNodeConstant;
import org.apache.iotdb.confignode.consensus.request.ConfigPhysicalPlanType;
import org.apache.iotdb.confignode.consensus.request.auth.AuthorPlan;
import org.apache.iotdb.confignode.consensus.response.PermissionInfoResp;
import org.apache.iotdb.confignode.rpc.thrift.TPermissionInfoResp;
import org.apache.iotdb.confignode.rpc.thrift.TRoleResp;
import org.apache.iotdb.confignode.rpc.thrift.TUserResp;
import org.apache.iotdb.rpc.RpcUtils;
import org.apache.iotdb.rpc.TSStatusCode;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/iotdb/confignode/persistence/AuthorInfo.class */
public class AuthorInfo implements SnapshotProcessor {
    private static final Logger logger = LoggerFactory.getLogger(AuthorInfo.class);
    private static final CommonConfig commonConfig = CommonDescriptor.getInstance().getConfig();
    private IAuthorizer authorizer;

    /* renamed from: org.apache.iotdb.confignode.persistence.AuthorInfo$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/iotdb/confignode/persistence/AuthorInfo$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType = new int[ConfigPhysicalPlanType.values().length];

        static {
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.UpdateUser.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.CreateUser.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.CreateRole.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.DropUser.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.DropRole.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.GrantRole.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.GrantUser.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.GrantRoleToUser.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.RevokeUser.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.RevokeRole.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.RevokeRoleFromUser.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
        }
    }

    public AuthorInfo() {
        try {
            this.authorizer = BasicAuthorizer.getInstance();
        } catch (AuthException e) {
            logger.error("get user or role permissionInfo failed because ", e);
        }
    }

    public TPermissionInfoResp login(String str, String str2) {
        boolean z;
        String str3 = null;
        TSStatus tSStatus = new TSStatus();
        TPermissionInfoResp tPermissionInfoResp = new TPermissionInfoResp();
        try {
            z = this.authorizer.login(str, str2);
            if (z) {
                if (this.authorizer instanceof OpenIdAuthorizer) {
                    tPermissionInfoResp = getUserPermissionInfo(this.authorizer.getIoTDBUserName(str));
                    tPermissionInfoResp.getUserInfo().setIsOpenIdUser(true);
                } else {
                    tPermissionInfoResp = getUserPermissionInfo(str);
                }
                tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS, "Login successfully"));
            } else {
                tPermissionInfoResp = AuthUtils.generateEmptyPermissionInfoResp();
            }
        } catch (AuthException e) {
            logger.error("meet error while logging in.", e);
            z = false;
            str3 = e.getMessage();
        }
        if (!z) {
            tSStatus.setMessage(str3 != null ? str3 : "Authentication failed.");
            tSStatus.setCode(TSStatusCode.WRONG_LOGIN_PASSWORD.getStatusCode());
            tPermissionInfoResp.setStatus(tSStatus);
        }
        return tPermissionInfoResp;
    }

    public TPermissionInfoResp checkUserPrivileges(String str, List<String> list, int i) {
        boolean z = true;
        TPermissionInfoResp tPermissionInfoResp = new TPermissionInfoResp();
        try {
            Iterator<String> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (!checkOnePath(str, it.next(), i)) {
                    z = false;
                    break;
                }
            }
        } catch (AuthException e) {
            z = false;
        }
        if (z) {
            try {
                tPermissionInfoResp = getUserPermissionInfo(str);
                tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
            } catch (AuthException e2) {
                tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.AUTHENTICATION_ERROR, e2.getMessage()));
            }
        } else {
            tPermissionInfoResp = AuthUtils.generateEmptyPermissionInfoResp();
            tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.NO_PERMISSION));
        }
        return tPermissionInfoResp;
    }

    private boolean checkOnePath(String str, String str2, int i) throws AuthException {
        try {
            return this.authorizer.checkUserPrivileges(str, str2, i);
        } catch (AuthException e) {
            logger.error("Error occurs when checking the seriesPath {} for user {}", new Object[]{str2, str, e});
            throw new AuthException(e);
        }
    }

    public TSStatus authorNonQuery(AuthorPlan authorPlan) {
        ConfigPhysicalPlanType authorType = authorPlan.getAuthorType();
        String userName = authorPlan.getUserName();
        String roleName = authorPlan.getRoleName();
        String password = authorPlan.getPassword();
        String newPassword = authorPlan.getNewPassword();
        Set<Integer> permissions = authorPlan.getPermissions();
        List<String> nodeNameList = authorPlan.getNodeNameList();
        try {
            switch (AnonymousClass1.$SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[authorType.ordinal()]) {
                case 1:
                    this.authorizer.updateUserPassword(userName, newPassword);
                    break;
                case 2:
                    this.authorizer.createUser(userName, password);
                    break;
                case 3:
                    this.authorizer.createRole(roleName);
                    break;
                case 4:
                    this.authorizer.deleteUser(userName);
                    break;
                case 5:
                    this.authorizer.deleteRole(roleName);
                    break;
                case 6:
                    Iterator<Integer> it = permissions.iterator();
                    while (it.hasNext()) {
                        int intValue = it.next().intValue();
                        Iterator<String> it2 = nodeNameList.iterator();
                        while (it2.hasNext()) {
                            this.authorizer.grantPrivilegeToRole(roleName, it2.next(), intValue);
                        }
                    }
                    break;
                case 7:
                    Iterator<Integer> it3 = permissions.iterator();
                    while (it3.hasNext()) {
                        int intValue2 = it3.next().intValue();
                        Iterator<String> it4 = nodeNameList.iterator();
                        while (it4.hasNext()) {
                            this.authorizer.grantPrivilegeToUser(userName, it4.next(), intValue2);
                        }
                    }
                    break;
                case ConfigNodeConstant.MIN_SUPPORTED_JDK_VERSION /* 8 */:
                    this.authorizer.grantRoleToUser(roleName, userName);
                    break;
                case 9:
                    Iterator<Integer> it5 = permissions.iterator();
                    while (it5.hasNext()) {
                        int intValue3 = it5.next().intValue();
                        Iterator<String> it6 = nodeNameList.iterator();
                        while (it6.hasNext()) {
                            this.authorizer.revokePrivilegeFromUser(userName, it6.next(), intValue3);
                        }
                    }
                    break;
                case 10:
                    Iterator<Integer> it7 = permissions.iterator();
                    while (it7.hasNext()) {
                        int intValue4 = it7.next().intValue();
                        Iterator<String> it8 = nodeNameList.iterator();
                        while (it8.hasNext()) {
                            this.authorizer.revokePrivilegeFromRole(roleName, it8.next(), intValue4);
                        }
                    }
                    break;
                case 11:
                    this.authorizer.revokeRoleFromUser(roleName, userName);
                    break;
                default:
                    throw new AuthException("unknown type: " + authorPlan.getAuthorType());
            }
            return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
        } catch (AuthException e) {
            return RpcUtils.getStatus(TSStatusCode.AUTHENTICATION_ERROR, e.getMessage());
        }
    }

    public PermissionInfoResp executeListUsers(AuthorPlan authorPlan) throws AuthException {
        PermissionInfoResp permissionInfoResp = new PermissionInfoResp();
        HashMap hashMap = new HashMap();
        List<String> listAllUsers = this.authorizer.listAllUsers();
        if (!authorPlan.getRoleName().isEmpty()) {
            try {
                if (this.authorizer.getRole(authorPlan.getRoleName()) == null) {
                    permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.ROLE_NOT_EXIST, "No such role : " + authorPlan.getRoleName()));
                    permissionInfoResp.setPermissionInfo(hashMap);
                    return permissionInfoResp;
                }
                Iterator<String> it = listAllUsers.iterator();
                while (it.hasNext()) {
                    User user = this.authorizer.getUser(it.next());
                    if (user == null || !user.hasRole(authorPlan.getRoleName())) {
                        it.remove();
                    }
                }
            } catch (AuthException e) {
                throw new AuthException(e);
            }
        }
        hashMap.put("user", listAllUsers);
        permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
        permissionInfoResp.setPermissionInfo(hashMap);
        return permissionInfoResp;
    }

    public PermissionInfoResp executeListRoles(AuthorPlan authorPlan) throws AuthException {
        PermissionInfoResp permissionInfoResp = new PermissionInfoResp();
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        if (authorPlan.getUserName().isEmpty()) {
            arrayList.addAll(this.authorizer.listAllRoles());
        } else {
            try {
                User user = this.authorizer.getUser(authorPlan.getUserName());
                if (user == null) {
                    permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.USER_NOT_EXIST, "No such user : " + authorPlan.getUserName()));
                    permissionInfoResp.setPermissionInfo(hashMap);
                    return permissionInfoResp;
                }
                Iterator it = user.getRoleList().iterator();
                while (it.hasNext()) {
                    arrayList.add((String) it.next());
                }
            } catch (AuthException e) {
                throw new AuthException(e);
            }
        }
        hashMap.put("role", arrayList);
        permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
        permissionInfoResp.setPermissionInfo(hashMap);
        return permissionInfoResp;
    }

    public PermissionInfoResp executeListRolePrivileges(AuthorPlan authorPlan) throws AuthException {
        PermissionInfoResp permissionInfoResp = new PermissionInfoResp();
        HashMap hashMap = new HashMap();
        try {
            Role role = this.authorizer.getRole(authorPlan.getRoleName());
            if (role == null) {
                permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.ROLE_NOT_EXIST, "No such role : " + authorPlan.getRoleName()));
                permissionInfoResp.setPermissionInfo(hashMap);
                return permissionInfoResp;
            }
            HashSet hashSet = new HashSet();
            for (PathPrivilege pathPrivilege : role.getPrivilegeList()) {
                if (authorPlan.getNodeNameList().isEmpty()) {
                    hashSet.add(pathPrivilege.toString());
                } else {
                    Iterator<String> it = authorPlan.getNodeNameList().iterator();
                    while (it.hasNext()) {
                        if (AuthUtils.pathBelongsTo(pathPrivilege.getPath(), it.next())) {
                            hashSet.add(pathPrivilege.toString());
                        }
                    }
                }
            }
            hashMap.put("privilege", new ArrayList(hashSet));
            permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
            permissionInfoResp.setPermissionInfo(hashMap);
            return permissionInfoResp;
        } catch (AuthException e) {
            throw new AuthException(e);
        }
    }

    public PermissionInfoResp executeListUserPrivileges(AuthorPlan authorPlan) throws AuthException {
        PermissionInfoResp permissionInfoResp = new PermissionInfoResp();
        HashMap hashMap = new HashMap();
        try {
            User user = this.authorizer.getUser(authorPlan.getUserName());
            if (user == null) {
                permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.USER_NOT_EXIST, "No such user : " + authorPlan.getUserName()));
                permissionInfoResp.setPermissionInfo(hashMap);
                return permissionInfoResp;
            }
            ArrayList arrayList = new ArrayList();
            if ("root".equals(authorPlan.getUserName())) {
                for (PrivilegeType privilegeType : PrivilegeType.values()) {
                    arrayList.add(privilegeType.toString());
                }
            } else {
                ArrayList arrayList2 = new ArrayList();
                HashSet hashSet = new HashSet();
                for (PathPrivilege pathPrivilege : user.getPrivilegeList()) {
                    if (!authorPlan.getNodeNameList().isEmpty() || hashSet.contains(pathPrivilege.toString())) {
                        Iterator<String> it = authorPlan.getNodeNameList().iterator();
                        while (it.hasNext()) {
                            if (AuthUtils.pathBelongsTo(pathPrivilege.getPath(), it.next()) && !hashSet.contains(pathPrivilege.toString())) {
                                arrayList2.add("");
                                hashSet.add(pathPrivilege.toString());
                            }
                        }
                    } else {
                        arrayList2.add("");
                        hashSet.add(pathPrivilege.toString());
                    }
                }
                arrayList.addAll(hashSet);
                for (String str : user.getRoleList()) {
                    Role role = this.authorizer.getRole(str);
                    if (str != null) {
                        HashSet hashSet2 = new HashSet();
                        for (PathPrivilege pathPrivilege2 : role.getPrivilegeList()) {
                            if (!authorPlan.getNodeNameList().isEmpty() || hashSet2.contains(pathPrivilege2.toString())) {
                                Iterator<String> it2 = authorPlan.getNodeNameList().iterator();
                                while (it2.hasNext()) {
                                    if (AuthUtils.pathBelongsTo(pathPrivilege2.getPath(), it2.next()) && !hashSet2.contains(pathPrivilege2.toString())) {
                                        arrayList2.add(str);
                                        hashSet2.add(pathPrivilege2.toString());
                                    }
                                }
                            } else {
                                arrayList2.add(str);
                                hashSet2.add(pathPrivilege2.toString());
                            }
                        }
                        arrayList.addAll(hashSet2);
                    }
                }
                hashMap.put("role", arrayList2);
            }
            hashMap.put("privilege", arrayList);
            permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
            permissionInfoResp.setPermissionInfo(hashMap);
            return permissionInfoResp;
        } catch (AuthException e) {
            throw new AuthException(e);
        }
    }

    public boolean processTakeSnapshot(File file) throws TException, IOException {
        return this.authorizer.processTakeSnapshot(file);
    }

    public void processLoadSnapshot(File file) throws TException, IOException {
        this.authorizer.processLoadSnapshot(file);
    }

    public void clear() throws AuthException {
        File file = new File(commonConfig.getUserFolder());
        if (file.exists()) {
            FileUtils.deleteDirectory(file);
        }
        File file2 = new File(commonConfig.getRoleFolder());
        if (file2.exists()) {
            FileUtils.deleteDirectory(file2);
        }
        this.authorizer.reset();
    }

    public TPermissionInfoResp getUserPermissionInfo(String str) throws AuthException {
        TPermissionInfoResp tPermissionInfoResp = new TPermissionInfoResp();
        TUserResp tUserResp = new TUserResp();
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        User user = this.authorizer.getUser(str);
        if (user.getPrivilegeList() != null) {
            for (PathPrivilege pathPrivilege : user.getPrivilegeList()) {
                arrayList.add(pathPrivilege.getPath());
                String obj = pathPrivilege.getPrivileges().toString();
                arrayList.add(obj.substring(1, obj.length() - 1));
            }
            tUserResp.setUsername(user.getName());
            tUserResp.setPassword(user.getPassword());
            tUserResp.setPrivilegeList(arrayList);
            tUserResp.setRoleList(user.getRoleList());
        }
        if (user.getRoleList() != null) {
            for (String str2 : user.getRoleList()) {
                Role role = this.authorizer.getRole(str2);
                ArrayList arrayList2 = new ArrayList();
                for (PathPrivilege pathPrivilege2 : role.getPrivilegeList()) {
                    arrayList2.add(pathPrivilege2.getPath());
                    String obj2 = pathPrivilege2.getPrivileges().toString();
                    arrayList2.add(obj2.substring(1, obj2.length() - 1));
                }
                hashMap.put(str2, new TRoleResp(str2, arrayList2));
            }
        }
        tPermissionInfoResp.setUserInfo(tUserResp);
        tPermissionInfoResp.setRoleInfo(hashMap);
        return tPermissionInfoResp;
    }
}
