package org.apache.iotdb.db.auth;

import com.google.common.util.concurrent.SettableFuture;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.function.BiFunction;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.entity.PathPrivilege;
import org.apache.iotdb.commons.auth.entity.PrivilegeModelType;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.auth.entity.PrivilegeUnion;
import org.apache.iotdb.commons.auth.entity.Role;
import org.apache.iotdb.commons.auth.entity.User;
import org.apache.iotdb.commons.client.IClientManager;
import org.apache.iotdb.commons.client.exception.ClientManagerException;
import org.apache.iotdb.commons.conf.CommonConfig;
import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.consensus.ConfigRegionId;
import org.apache.iotdb.commons.exception.IoTDBException;
import org.apache.iotdb.commons.exception.MetadataException;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.path.PathPatternTree;
import org.apache.iotdb.commons.utils.AuthUtils;
import org.apache.iotdb.commons.utils.TestOnly;
import org.apache.iotdb.confignode.rpc.thrift.TAuthizedPatternTreeResp;
import org.apache.iotdb.confignode.rpc.thrift.TAuthorizerRelationalReq;
import org.apache.iotdb.confignode.rpc.thrift.TAuthorizerReq;
import org.apache.iotdb.confignode.rpc.thrift.TAuthorizerResp;
import org.apache.iotdb.confignode.rpc.thrift.TCheckUserPrivilegesReq;
import org.apache.iotdb.confignode.rpc.thrift.TLoginReq;
import org.apache.iotdb.confignode.rpc.thrift.TPermissionInfoResp;
import org.apache.iotdb.confignode.rpc.thrift.TRoleResp;
import org.apache.iotdb.db.protocol.client.ConfigNodeClient;
import org.apache.iotdb.db.protocol.client.ConfigNodeClientManager;
import org.apache.iotdb.db.protocol.client.ConfigNodeInfo;
import org.apache.iotdb.db.queryengine.plan.execution.config.ConfigTaskResult;
import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.RelationalAuthorStatement;
import org.apache.iotdb.db.queryengine.plan.statement.sys.AuthorStatement;
import org.apache.iotdb.rpc.RpcUtils;
import org.apache.iotdb.rpc.TSStatusCode;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/iotdb/db/auth/ClusterAuthorityFetcher.class */
public class ClusterAuthorityFetcher implements IAuthorityFetcher {
    private final IAuthorCache iAuthorCache;
    private boolean cacheOutDate = false;
    private long heartBeatTimeStamp = 0;
    private boolean acceptCache = false;
    private static final String CONNECTERROR = "Failed to connect to config node.";
    private static final Logger LOGGER = LoggerFactory.getLogger(ClusterAuthorityFetcher.class);
    private static final CommonConfig CONFIG = CommonDescriptor.getInstance().getConfig();
    private static final IClientManager<ConfigRegionId, ConfigNodeClient> CONFIG_NODE_CLIENT_MANAGER = ConfigNodeClientManager.getInstance();

    public ClusterAuthorityFetcher(IAuthorCache iAuthorCache) {
        this.iAuthorCache = iAuthorCache;
    }

    private TSStatus checkPrivilege(String str, PrivilegeUnion privilegeUnion, BiFunction<Role, PrivilegeUnion, Boolean> biFunction, TCheckUserPrivilegesReq tCheckUserPrivilegesReq) {
        Role roleCache;
        User userCache = this.iAuthorCache.getUserCache(str);
        if (userCache == null) {
            return checkPrivilegeFromConfigNode(tCheckUserPrivilegesReq).getStatus();
        }
        if (biFunction.apply(userCache, privilegeUnion).booleanValue()) {
            return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
        }
        boolean z = false;
        Iterator it = userCache.getRoleSet().iterator();
        do {
            if (it.hasNext()) {
                roleCache = this.iAuthorCache.getRoleCache((String) it.next());
                if (roleCache == null) {
                    z = true;
                }
            }
            return z ? checkPrivilegeFromConfigNode(tCheckUserPrivilegesReq).getStatus() : RpcUtils.getStatus(TSStatusCode.NO_PERMISSION);
        } while (!biFunction.apply(roleCache, privilegeUnion).booleanValue());
        return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public TSStatus checkUserSysPrivileges(String str, PrivilegeType privilegeType) {
        checkCacheAvailable();
        return checkPrivilege(str, new PrivilegeUnion(privilegeType, false), (role, privilegeUnion) -> {
            return Boolean.valueOf(role.checkSysPrivilege(privilegeUnion.getPrivilegeType()));
        }, new TCheckUserPrivilegesReq(str, PrivilegeModelType.SYSTEM.ordinal(), privilegeType.ordinal(), false));
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public TSStatus checkUserSysPrivilegesGrantOpt(String str, PrivilegeType privilegeType) {
        checkCacheAvailable();
        return checkPrivilege(str, new PrivilegeUnion(privilegeType, true), (role, privilegeUnion) -> {
            return Boolean.valueOf(role.checkSysPriGrantOpt(privilegeUnion.getPrivilegeType()));
        }, new TCheckUserPrivilegesReq(str, PrivilegeModelType.SYSTEM.ordinal(), privilegeType.ordinal(), true));
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public List<Integer> checkUserPathPrivileges(String str, List<? extends PartialPath> list, PrivilegeType privilegeType) {
        checkCacheAvailable();
        ArrayList arrayList = new ArrayList();
        User userCache = this.iAuthorCache.getUserCache(str);
        if (userCache == null) {
            return checkPathFromConfigNode(str, list, privilegeType);
        }
        if (userCache.isOpenIdUser()) {
            return arrayList;
        }
        int i = 0;
        for (PartialPath partialPath : list) {
            if (!userCache.checkPathPrivilege(partialPath, privilegeType)) {
                boolean z = false;
                Iterator it = userCache.getRoleSet().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Role roleCache = this.iAuthorCache.getRoleCache((String) it.next());
                    if (roleCache == null) {
                        return checkPathFromConfigNode(str, list, privilegeType);
                    }
                    if (roleCache.checkPathPrivilege(partialPath, privilegeType)) {
                        z = true;
                        break;
                    }
                }
                if (!z) {
                    arrayList.add(Integer.valueOf(i));
                }
            }
            i++;
        }
        return arrayList;
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public TSStatus checkUserPathPrivilegesGrantOpt(String str, List<? extends PartialPath> list, PrivilegeType privilegeType) {
        User userCache = this.iAuthorCache.getUserCache(str);
        if (userCache == null) {
            return checkPrivilegeFromConfigNode(new TCheckUserPrivilegesReq(str, PrivilegeModelType.TREE.ordinal(), privilegeType.ordinal(), true).setPaths(AuthUtils.serializePartialPathList(list))).getStatus();
        }
        if (userCache.isOpenIdUser()) {
            return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
        }
        for (PartialPath partialPath : list) {
            if (!userCache.checkPathPrivilegeGrantOpt(partialPath, privilegeType)) {
                boolean z = false;
                Iterator it = userCache.getRoleSet().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Role roleCache = this.iAuthorCache.getRoleCache((String) it.next());
                    if (roleCache == null) {
                        return checkPrivilegeFromConfigNode(new TCheckUserPrivilegesReq(str, PrivilegeModelType.TREE.ordinal(), privilegeType.ordinal(), true).setPaths(AuthUtils.serializePartialPathList(list))).getStatus();
                    }
                    if (roleCache.checkPathPrivilegeGrantOpt(partialPath, privilegeType)) {
                        z = true;
                        break;
                    }
                }
                if (!z) {
                    return RpcUtils.getStatus(TSStatusCode.NO_PERMISSION);
                }
            }
        }
        return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public TSStatus checkUserDBPrivileges(String str, String str2, PrivilegeType privilegeType) {
        checkCacheAvailable();
        return checkPrivilege(str, new PrivilegeUnion(str2, privilegeType), (role, privilegeUnion) -> {
            return Boolean.valueOf(role.checkDatabasePrivilege(privilegeUnion.getDBName(), privilegeUnion.getPrivilegeType()));
        }, new TCheckUserPrivilegesReq(str, PrivilegeModelType.RELATIONAL.ordinal(), privilegeType.ordinal(), false).setDatabase(str2));
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public TSStatus checkUserDBPrivilegesGrantOpt(String str, String str2, PrivilegeType privilegeType) {
        checkCacheAvailable();
        return checkPrivilege(str, new PrivilegeUnion(str2, privilegeType, true), (role, privilegeUnion) -> {
            return Boolean.valueOf(role.checkDatabasePrivilegeGrantOption(privilegeUnion.getDBName(), privilegeUnion.getPrivilegeType()));
        }, new TCheckUserPrivilegesReq(str, PrivilegeModelType.RELATIONAL.ordinal(), privilegeType.ordinal(), true).setDatabase(str2));
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public TSStatus checkUserTBPrivileges(String str, String str2, String str3, PrivilegeType privilegeType) {
        checkCacheAvailable();
        return checkPrivilege(str, new PrivilegeUnion(str2, str3, privilegeType), (role, privilegeUnion) -> {
            return Boolean.valueOf(role.checkTablePrivilege(privilegeUnion.getDBName(), privilegeUnion.getTbName(), privilegeUnion.getPrivilegeType()));
        }, new TCheckUserPrivilegesReq(str, PrivilegeModelType.RELATIONAL.ordinal(), privilegeType.ordinal(), false).setDatabase(str2).setTable(str3));
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public TSStatus checkUserTBPrivilegesGrantOpt(String str, String str2, String str3, PrivilegeType privilegeType) {
        checkCacheAvailable();
        return checkPrivilege(str, new PrivilegeUnion(str2, str3, privilegeType, true), (role, privilegeUnion) -> {
            return Boolean.valueOf(role.checkTablePrivilegeGrantOption(privilegeUnion.getDBName(), privilegeUnion.getTbName(), privilegeUnion.getPrivilegeType()));
        }, new TCheckUserPrivilegesReq(str, PrivilegeModelType.RELATIONAL.ordinal(), privilegeType.ordinal(), true).setDatabase(str2).setTable(str3));
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public TSStatus checkUserAnyScopePrivilegeGrantOption(String str, PrivilegeType privilegeType) {
        checkCacheAvailable();
        return checkPrivilege(str, new PrivilegeUnion(privilegeType, false, true), (role, privilegeUnion) -> {
            return Boolean.valueOf(role.checkAnyScopePrivilegeGrantOption(privilegeUnion.getPrivilegeType()));
        }, new TCheckUserPrivilegesReq(str, PrivilegeModelType.RELATIONAL.ordinal(), privilegeType.ordinal(), true));
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public TSStatus checkDBVisible(String str, String str2) {
        checkCacheAvailable();
        return checkPrivilege(str, new PrivilegeUnion(str2, (PrivilegeType) null, false), (role, privilegeUnion) -> {
            return Boolean.valueOf(role.checkDBVisible(privilegeUnion.getDBName()));
        }, new TCheckUserPrivilegesReq(str, PrivilegeModelType.RELATIONAL.ordinal(), -1, false).setDatabase(str2));
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public TSStatus checkTBVisible(String str, String str2, String str3) {
        checkCacheAvailable();
        return checkPrivilege(str, new PrivilegeUnion(str2, str3, (PrivilegeType) null, false), (role, privilegeUnion) -> {
            return Boolean.valueOf(role.checkTBVisible(privilegeUnion.getDBName(), privilegeUnion.getTbName()));
        }, new TCheckUserPrivilegesReq(str, PrivilegeModelType.RELATIONAL.ordinal(), -1, false).setDatabase(str2).setTable(str3));
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public PathPatternTree getAuthorizedPatternTree(String str, PrivilegeType privilegeType) throws AuthException {
        PathPatternTree pathPatternTree = new PathPatternTree();
        User userCache = this.iAuthorCache.getUserCache(str);
        if (userCache == null) {
            return fetchAuthizedPatternTree(str, privilegeType);
        }
        for (PathPrivilege pathPrivilege : userCache.getPathPrivilegeList()) {
            if (pathPrivilege.checkPrivilege(privilegeType)) {
                pathPatternTree.appendPathPattern(pathPrivilege.getPath());
            }
        }
        Iterator it = userCache.getRoleSet().iterator();
        while (it.hasNext()) {
            Role roleCache = this.iAuthorCache.getRoleCache((String) it.next());
            if (roleCache == null) {
                return fetchAuthizedPatternTree(str, privilegeType);
            }
            for (PathPrivilege pathPrivilege2 : roleCache.getPathPrivilegeList()) {
                if (pathPrivilege2.checkPrivilege(privilegeType)) {
                    pathPatternTree.appendPathPattern(pathPrivilege2.getPath());
                }
            }
        }
        pathPatternTree.constructTree();
        return pathPatternTree;
    }

    private PathPatternTree fetchAuthizedPatternTree(String str, PrivilegeType privilegeType) throws AuthException {
        TCheckUserPrivilegesReq tCheckUserPrivilegesReq = new TCheckUserPrivilegesReq(str, PrivilegeModelType.TREE.ordinal(), privilegeType.ordinal(), false);
        TAuthizedPatternTreeResp tAuthizedPatternTreeResp = new TAuthizedPatternTreeResp();
        try {
            ConfigNodeClient configNodeClient = (ConfigNodeClient) CONFIG_NODE_CLIENT_MANAGER.borrowClient(ConfigNodeInfo.CONFIG_REGION_ID);
            try {
                tAuthizedPatternTreeResp = configNodeClient.fetchAuthizedPatternTree(tCheckUserPrivilegesReq);
                if (configNodeClient != null) {
                    configNodeClient.close();
                }
            } finally {
            }
        } catch (ClientManagerException | TException e) {
            LOGGER.error(CONNECTERROR);
            tAuthizedPatternTreeResp.setStatus(RpcUtils.getStatus(TSStatusCode.EXECUTE_STATEMENT_ERROR, CONNECTERROR));
        }
        if (tAuthizedPatternTreeResp.getStatus().getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
            throw new AuthException(TSStatusCode.EXECUTE_STATEMENT_ERROR, tAuthizedPatternTreeResp.getStatus().getMessage());
        }
        if (this.acceptCache) {
            this.iAuthorCache.putUserCache(str, cacheUser(tAuthizedPatternTreeResp.getPermissionInfo()));
        }
        return PathPatternTree.deserialize(ByteBuffer.wrap(tAuthizedPatternTreeResp.getPathPatternTree()));
    }

    private SettableFuture<ConfigTaskResult> operatePermissionInternal(Object obj, boolean z) {
        SettableFuture<ConfigTaskResult> create = SettableFuture.create();
        try {
            ConfigNodeClient configNodeClient = (ConfigNodeClient) CONFIG_NODE_CLIENT_MANAGER.borrowClient(ConfigNodeInfo.CONFIG_REGION_ID);
            try {
                TSStatus operateRPermission = z ? configNodeClient.operateRPermission(statementToAuthorizerReq((RelationalAuthorStatement) obj)) : configNodeClient.operatePermission(statementToAuthorizerReq((AuthorStatement) obj));
                if (TSStatusCode.SUCCESS_STATUS.getStatusCode() != operateRPermission.getCode()) {
                    create.setException(new IoTDBException(operateRPermission.message, operateRPermission.code));
                } else {
                    create.set(new ConfigTaskResult(TSStatusCode.SUCCESS_STATUS));
                }
                if (configNodeClient != null) {
                    configNodeClient.close();
                }
            } finally {
            }
        } catch (AuthException e) {
            create.setException(e);
        } catch (ClientManagerException | TException e2) {
            LOGGER.error(CONNECTERROR);
            create.setException(e2);
        }
        return create;
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public SettableFuture<ConfigTaskResult> operatePermission(AuthorStatement authorStatement) {
        return operatePermissionInternal(authorStatement, false);
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public SettableFuture<ConfigTaskResult> operatePermission(RelationalAuthorStatement relationalAuthorStatement) {
        return operatePermissionInternal(relationalAuthorStatement, true);
    }

    private SettableFuture<ConfigTaskResult> queryPermissionInternal(Object obj, boolean z) {
        SettableFuture<ConfigTaskResult> create = SettableFuture.create();
        TAuthorizerResp tAuthorizerResp = new TAuthorizerResp();
        try {
            ConfigNodeClient configNodeClient = (ConfigNodeClient) CONFIG_NODE_CLIENT_MANAGER.borrowClient(ConfigNodeInfo.CONFIG_REGION_ID);
            try {
                TAuthorizerResp queryRPermission = z ? configNodeClient.queryRPermission(statementToAuthorizerReq((RelationalAuthorStatement) obj)) : configNodeClient.queryPermission(statementToAuthorizerReq((AuthorStatement) obj));
                if (TSStatusCode.SUCCESS_STATUS.getStatusCode() != queryRPermission.getStatus().getCode()) {
                    create.setException(new IoTDBException(queryRPermission.getStatus().message, queryRPermission.getStatus().code));
                } else {
                    AuthorityChecker.buildTSBlock(queryRPermission, create);
                }
                if (configNodeClient != null) {
                    configNodeClient.close();
                }
            } catch (Throwable th) {
                if (configNodeClient != null) {
                    try {
                        configNodeClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (ClientManagerException | TException e) {
            LOGGER.error(CONNECTERROR);
            tAuthorizerResp.setStatus(RpcUtils.getStatus(TSStatusCode.EXECUTE_STATEMENT_ERROR, CONNECTERROR));
            create.setException(new IoTDBException(tAuthorizerResp.getStatus().message, tAuthorizerResp.getStatus().code));
        } catch (AuthException e2) {
            create.setException(e2);
        }
        return create;
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public SettableFuture<ConfigTaskResult> queryPermission(AuthorStatement authorStatement) {
        return queryPermissionInternal(authorStatement, false);
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public SettableFuture<ConfigTaskResult> queryPermission(RelationalAuthorStatement relationalAuthorStatement) {
        return queryPermissionInternal(relationalAuthorStatement, true);
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public IAuthorCache getAuthorCache() {
        return this.iAuthorCache;
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public void refreshToken() {
        long currentTimeMillis = System.currentTimeMillis();
        if (this.heartBeatTimeStamp == 0) {
            this.heartBeatTimeStamp = currentTimeMillis;
            return;
        }
        if (currentTimeMillis - this.heartBeatTimeStamp > CONFIG.getDatanodeTokenTimeoutMS()) {
            this.cacheOutDate = true;
        }
        this.heartBeatTimeStamp = currentTimeMillis;
    }

    private void checkCacheAvailable() {
        if (this.cacheOutDate) {
            this.iAuthorCache.invalidAllCache();
        }
        this.cacheOutDate = false;
    }

    @TestOnly
    public void setAcceptCache(boolean z) {
        this.acceptCache = z;
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public TSStatus checkUser(String str, String str2) {
        TPermissionInfoResp tPermissionInfoResp;
        ConfigNodeClient configNodeClient;
        checkCacheAvailable();
        User userCache = this.iAuthorCache.getUserCache(str);
        if (userCache != null) {
            return userCache.isOpenIdUser() ? RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS) : (str2 == null || !AuthUtils.validatePassword(str2, userCache.getPassword())) ? RpcUtils.getStatus(TSStatusCode.WRONG_LOGIN_PASSWORD, "Authentication failed.") : RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
        }
        TLoginReq tLoginReq = new TLoginReq(str, str2);
        try {
            try {
                configNodeClient = (ConfigNodeClient) CONFIG_NODE_CLIENT_MANAGER.borrowClient(ConfigNodeInfo.CONFIG_REGION_ID);
            } catch (ClientManagerException | TException e) {
                LOGGER.error(CONNECTERROR);
                tPermissionInfoResp = new TPermissionInfoResp();
                tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.EXECUTE_STATEMENT_ERROR, CONNECTERROR));
                if (tPermissionInfoResp == null) {
                    tPermissionInfoResp = new TPermissionInfoResp();
                }
            }
            try {
                tPermissionInfoResp = configNodeClient.login(tLoginReq);
                if (configNodeClient != null) {
                    configNodeClient.close();
                }
                if (tPermissionInfoResp == null) {
                    tPermissionInfoResp = new TPermissionInfoResp();
                }
                if (tPermissionInfoResp.getStatus().getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
                    return tPermissionInfoResp.getStatus();
                }
                if (this.acceptCache) {
                    this.iAuthorCache.putUserCache(str, cacheUser(tPermissionInfoResp));
                }
                return tPermissionInfoResp.getStatus();
            } catch (Throwable th) {
                if (configNodeClient != null) {
                    try {
                        configNodeClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                new TPermissionInfoResp();
            }
            throw th3;
        }
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public boolean checkRole(String str, String str2) {
        checkCacheAvailable();
        User userCache = this.iAuthorCache.getUserCache(str);
        return userCache != null ? userCache.isOpenIdUser() || userCache.getRoleSet().contains(str2) : checkRoleFromConfigNode(str, str2);
    }

    private TPermissionInfoResp checkPrivilegeFromConfigNode(TCheckUserPrivilegesReq tCheckUserPrivilegesReq) {
        TPermissionInfoResp tPermissionInfoResp;
        try {
            ConfigNodeClient configNodeClient = (ConfigNodeClient) CONFIG_NODE_CLIENT_MANAGER.borrowClient(ConfigNodeInfo.CONFIG_REGION_ID);
            try {
                tPermissionInfoResp = configNodeClient.checkUserPrivileges(tCheckUserPrivilegesReq);
                if (configNodeClient != null) {
                    configNodeClient.close();
                }
            } finally {
            }
        } catch (ClientManagerException | TException e) {
            LOGGER.error(CONNECTERROR);
            tPermissionInfoResp = new TPermissionInfoResp();
            tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.EXECUTE_STATEMENT_ERROR, CONNECTERROR));
        }
        if (tPermissionInfoResp.getStatus().getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode() && this.acceptCache) {
            this.iAuthorCache.putUserCache(tCheckUserPrivilegesReq.getUsername(), cacheUser(tPermissionInfoResp));
        }
        return tPermissionInfoResp;
    }

    private List<Integer> checkPathFromConfigNode(String str, List<? extends PartialPath> list, PrivilegeType privilegeType) {
        TCheckUserPrivilegesReq tCheckUserPrivilegesReq = new TCheckUserPrivilegesReq(str, PrivilegeModelType.TREE.ordinal(), privilegeType.ordinal(), false);
        tCheckUserPrivilegesReq.setPaths(AuthUtils.serializePartialPathList(list));
        return checkPrivilegeFromConfigNode(tCheckUserPrivilegesReq).getFailPos();
    }

    private boolean checkRoleFromConfigNode(String str, String str2) {
        TPermissionInfoResp tPermissionInfoResp;
        TAuthorizerReq tAuthorizerReq = new TAuthorizerReq();
        tAuthorizerReq.setAuthorType(0);
        tAuthorizerReq.setPassword("");
        tAuthorizerReq.setNewPassword("");
        tAuthorizerReq.setNodeNameList(AuthUtils.serializePartialPathList(Collections.emptyList()));
        tAuthorizerReq.setPermissions(Collections.emptySet());
        tAuthorizerReq.setGrantOpt(false);
        tAuthorizerReq.setUserName(str);
        tAuthorizerReq.setRoleName(str2);
        try {
            ConfigNodeClient configNodeClient = (ConfigNodeClient) CONFIG_NODE_CLIENT_MANAGER.borrowClient(ConfigNodeInfo.CONFIG_REGION_ID);
            try {
                tPermissionInfoResp = configNodeClient.checkRoleOfUser(tAuthorizerReq);
                if (configNodeClient != null) {
                    configNodeClient.close();
                }
            } finally {
            }
        } catch (ClientManagerException | TException e) {
            LOGGER.error(CONNECTERROR);
            tPermissionInfoResp = new TPermissionInfoResp();
            tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.EXECUTE_STATEMENT_ERROR, CONNECTERROR));
        }
        if (tPermissionInfoResp.getStatus().getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
            if (!this.acceptCache) {
                return true;
            }
            this.iAuthorCache.putUserCache(str, cacheUser(tPermissionInfoResp));
            return true;
        }
        if (tPermissionInfoResp.getStatus().getCode() != TSStatusCode.USER_NOT_HAS_ROLE.getStatusCode() || !this.acceptCache) {
            return false;
        }
        this.iAuthorCache.putUserCache(str, cacheUser(tPermissionInfoResp));
        return false;
    }

    public User cacheUser(TPermissionInfoResp tPermissionInfoResp) {
        User user = new User();
        List privilegeList = tPermissionInfoResp.getUserInfo().getPermissionInfo().getPrivilegeList();
        user.setName(tPermissionInfoResp.getUserInfo().getPermissionInfo().getName());
        user.setPassword(tPermissionInfoResp.getUserInfo().getPassword());
        user.loadDatabaseAndTablePrivilegeInfo(tPermissionInfoResp.getUserInfo().getPermissionInfo().getDbPrivilegeMap());
        user.setAnyScopePrivilegeSetInt(tPermissionInfoResp.getUserInfo().getPermissionInfo().getAnyScopeSet());
        user.setAnyScopePrivilegeGrantOptSetInt(tPermissionInfoResp.getUserInfo().getPermissionInfo().getAnyScopeGrantSet());
        user.setOpenIdUser(tPermissionInfoResp.getUserInfo().isIsOpenIdUser());
        user.setRoleSet(tPermissionInfoResp.getUserInfo().getRoleSet());
        user.setSysPrivilegeSetInt(tPermissionInfoResp.getUserInfo().getPermissionInfo().getSysPriSet());
        user.setSysPriGrantOptInt(tPermissionInfoResp.getUserInfo().getPermissionInfo().getSysPriSetGrantOpt());
        try {
            user.loadTreePrivilegeInfo(privilegeList);
        } catch (MetadataException e) {
            LOGGER.error("cache user's path privileges error", e);
        }
        if (tPermissionInfoResp.isSetRoleInfo()) {
            for (String str : tPermissionInfoResp.getRoleInfo().keySet()) {
                this.iAuthorCache.putRoleCache(str, cacheRole(str, tPermissionInfoResp));
            }
        }
        return user;
    }

    public Role cacheRole(String str, TPermissionInfoResp tPermissionInfoResp) {
        TRoleResp tRoleResp = (TRoleResp) tPermissionInfoResp.getRoleInfo().get(str);
        Role role = new Role(tRoleResp.getName());
        role.setAnyScopePrivilegeSetInt(tRoleResp.getAnyScopeSet());
        role.setAnyScopePrivilegeGrantOptSetInt(tRoleResp.getAnyScopeGrantSet());
        role.loadDatabaseAndTablePrivilegeInfo(tRoleResp.getDbPrivilegeMap());
        role.setSysPriGrantOptInt(((TRoleResp) tPermissionInfoResp.getRoleInfo().get(str)).getSysPriSetGrantOpt());
        role.setSysPrivilegeSetInt(((TRoleResp) tPermissionInfoResp.getRoleInfo().get(str)).getSysPriSet());
        try {
            role.loadTreePrivilegeInfo(tRoleResp.getPrivilegeList());
        } catch (MetadataException e) {
            LOGGER.error("cache role's path privileges error", e);
        }
        return role;
    }

    private TAuthorizerReq statementToAuthorizerReq(AuthorStatement authorStatement) throws AuthException {
        if (authorStatement.getAuthorType() == null) {
            authorStatement.setNodeNameList(new ArrayList());
        }
        return new TAuthorizerReq(authorStatement.getAuthorType().ordinal(), authorStatement.getUserName() == null ? "" : authorStatement.getUserName(), authorStatement.getRoleName() == null ? "" : authorStatement.getRoleName(), authorStatement.getPassWord() == null ? "" : authorStatement.getPassWord(), authorStatement.getNewPassword() == null ? "" : authorStatement.getNewPassword(), AuthUtils.strToPermissions(authorStatement.getPrivilegeList()), authorStatement.getGrantOpt(), AuthUtils.serializePartialPathList(authorStatement.getNodeNameList()));
    }

    private TAuthorizerRelationalReq statementToAuthorizerReq(RelationalAuthorStatement relationalAuthorStatement) {
        return new TAuthorizerRelationalReq(relationalAuthorStatement.getAuthorType().ordinal(), relationalAuthorStatement.getUserName() == null ? "" : relationalAuthorStatement.getUserName(), relationalAuthorStatement.getRoleName() == null ? "" : relationalAuthorStatement.getRoleName(), relationalAuthorStatement.getPassword() == null ? "" : relationalAuthorStatement.getPassword(), relationalAuthorStatement.getDatabase() == null ? "" : relationalAuthorStatement.getDatabase(), relationalAuthorStatement.getTableName() == null ? "" : relationalAuthorStatement.getTableName(), relationalAuthorStatement.getPrivilegeTypes() == null ? Collections.emptySet() : relationalAuthorStatement.getPrivilegeIds(), relationalAuthorStatement.isGrantOption());
    }
}
