package io.dingodb.verify.auth;

import com.google.auto.service.AutoService;
import io.dingodb.common.auth.Authentication;
import io.dingodb.common.auth.Certificate;
import io.dingodb.common.auth.DingoRole;
import io.dingodb.common.environment.ExecutionEnvironment;
import io.dingodb.common.privilege.UserDefinition;
import io.dingodb.net.service.AuthService;
import io.dingodb.sdk.service.entity.common.Location;
import io.dingodb.verify.auth.IdentityAuth;
import io.dingodb.verify.plugin.AlgorithmPlugin;
import io.dingodb.verify.token.TokenManager;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.ServiceLoader;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/dingodb/verify/auth/IdentityAuthService.class */
public class IdentityAuthService implements AuthService<Authentication> {
    public IdentityAuth identityAuth;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) IdentityAuthService.class);
    public static final AuthService INSTANCE = new IdentityAuthService();
    ExecutionEnvironment env = ExecutionEnvironment.getExecutionEnvironment();
    Iterable<IdentityAuth.Provider> serviceProviders = ServiceLoader.load(IdentityAuth.Provider.class);

    @AutoService({AuthService.Provider.class})
    /* loaded from: input_file:io/dingodb/verify/auth/IdentityAuthService$IdentityAuthServiceProvider.class */
    public static class IdentityAuthServiceProvider implements AuthService.Provider {
        @Override // io.dingodb.net.service.AuthService.Provider
        public <C> AuthService<C> get() {
            return IdentityAuthService.INSTANCE;
        }
    }

    public IdentityAuthService() {
        Iterator<IdentityAuth.Provider> it = this.serviceProviders.iterator();
        while (it.hasNext()) {
            this.identityAuth = it.next().get();
            log.info("IdentityAuth: {}", this.identityAuth);
        }
    }

    public Certificate getCertificate(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("user", str);
        hashMap.put(Location.Fields.host, str2);
        return Certificate.builder().code(100).token(TokenManager.INSTANCE.createToken(hashMap)).build();
    }

    public boolean identification(UserDefinition userDefinition, Authentication authentication) {
        if (authentication.getRole() == DingoRole.EXECUTOR && this.env.getRole() == DingoRole.EXECUTOR) {
            return true;
        }
        if (userDefinition == null) {
            return false;
        }
        String plugin = userDefinition.getPlugin();
        return AlgorithmPlugin.digestAlgorithm(authentication.getPassword(), plugin).equals(userDefinition.getPassword());
    }

    public String getHost() {
        try {
            return InetAddress.getLocalHost().getHostAddress();
        } catch (UnknownHostException e) {
            return "";
        }
    }

    @Override // io.dingodb.net.service.AuthService
    public String tag() {
        return "identity";
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // io.dingodb.net.service.AuthService
    public Authentication createCertificate() {
        String user = this.env.getUser();
        String host = getHost();
        String password = this.env.getPassword();
        if (StringUtils.isNotBlank(user)) {
            return Authentication.builder().username(user).host(host).role(this.env.getRole()).password(password).build();
        }
        return null;
    }

    @Override // io.dingodb.net.service.AuthService
    public Object validate(Authentication authentication) throws Exception {
        if (this.identityAuth == null) {
            return null;
        }
        if (!identification(this.identityAuth.getUserDefinition(authentication), authentication)) {
            throw new Exception(String.format("Access denied for user '%s'@'%s'", authentication.getUsername(), authentication.getHost()));
        }
        this.identityAuth.cachePrivileges(authentication);
        return getCertificate(authentication.getUsername(), authentication.getHost());
    }
}
