package io.dingodb.verify.privilege;

import io.dingodb.common.auth.Authentication;
import io.dingodb.common.auth.DingoRole;
import io.dingodb.common.config.DingoConfiguration;
import io.dingodb.common.config.SecurityConfiguration;
import io.dingodb.common.environment.ExecutionEnvironment;
import io.dingodb.common.privilege.DingoSqlAccessEnum;
import io.dingodb.common.privilege.PrivilegeDict;
import io.dingodb.common.privilege.PrivilegeGather;
import io.dingodb.common.privilege.SchemaPrivDefinition;
import io.dingodb.common.privilege.TablePrivDefinition;
import io.dingodb.common.privilege.UserDefinition;
import io.dingodb.common.util.PrivilegeUtils;
import io.dingodb.net.Channel;
import java.util.ArrayList;
import java.util.List;
import org.apache.calcite.sql.util.ReflectiveSqlOperatorTable;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/dingodb/verify/privilege/PrivilegeVerify.class */
public final class PrivilegeVerify {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PrivilegeVerify.class);
    static ExecutionEnvironment env = ExecutionEnvironment.getExecutionEnvironment();
    public static boolean isVerify = SecurityConfiguration.isVerify();
    private static final List<Integer> filterPx = new ArrayList();

    private PrivilegeVerify() {
    }

    public static boolean verify(Channel channel, String str, String str2, DingoSqlAccessEnum dingoSqlAccessEnum) {
        Object[] objArr = channel.auth().get("token");
        if (objArr == null) {
            throw new IllegalArgumentException("Access denied, invalid parameter.");
        }
        Authentication authentication = (Authentication) objArr[0];
        return verify(authentication.getUsername(), authentication.getHost(), str, str2, dingoSqlAccessEnum);
    }

    public static boolean verify(String str, String str2, String str3, String str4, DingoSqlAccessEnum dingoSqlAccessEnum) {
        if (prefilter(str) || verifyInformationSchema(str3, dingoSqlAccessEnum)) {
            return true;
        }
        PrivilegeGather privilegeGather = env.getPrivilegeGatherMap().get(str + "#" + PrivilegeUtils.getRealAddress(str2));
        if (privilegeGather == null) {
            privilegeGather = env.getPrivilegeGatherMap().get(str + "#%");
            if (privilegeGather == null) {
                privilegeGather = env.getPrivilegeGatherMap().get(str + "#" + DingoConfiguration.host());
                if (privilegeGather == null) {
                    return false;
                }
            }
        }
        return verify(str, str2, str3, str4, dingoSqlAccessEnum, privilegeGather);
    }

    public static boolean verifyInformationSchema(String str, DingoSqlAccessEnum dingoSqlAccessEnum) {
        return ReflectiveSqlOperatorTable.IS_NAME.equalsIgnoreCase(str) && dingoSqlAccessEnum == DingoSqlAccessEnum.SELECT;
    }

    public static boolean verify(String str, String str2, String str3, String str4, DingoSqlAccessEnum dingoSqlAccessEnum, PrivilegeGather privilegeGather) {
        if (privilegeGather == null) {
            return false;
        }
        if (log.isDebugEnabled()) {
            log.debug(" privilege for {} @ {} detail:" + privilegeGather, str, str2);
        }
        Integer num = PrivilegeDict.privilegeIndexDict.get(dingoSqlAccessEnum.getAccessType());
        if (num == null) {
            return true;
        }
        UserDefinition userDef = privilegeGather.getUserDef();
        if (userDef != null && userDef.getPrivileges()[num.intValue()].booleanValue()) {
            return true;
        }
        if (str3 == null) {
            return false;
        }
        SchemaPrivDefinition schemaPrivDefinition = privilegeGather.getSchemaPrivDefMap().get(str3.toUpperCase());
        if (schemaPrivDefinition != null && schemaPrivDefinition.getPrivileges()[num.intValue()].booleanValue()) {
            return true;
        }
        TablePrivDefinition tablePrivDefinition = privilegeGather.getTablePrivDefMap().get(str4);
        return tablePrivDefinition != null && tablePrivDefinition.getPrivileges()[num.intValue()].booleanValue();
    }

    public static boolean verify(String str, String str2, String str3, String str4, String str5) {
        if (prefilter(str) || verifyInformationSchema(str3, DingoSqlAccessEnum.SELECT)) {
            return true;
        }
        PrivilegeGather privilegeGather = env.getPrivilegeGatherMap().get(str + "#" + PrivilegeUtils.getRealAddress(str2));
        if (privilegeGather == null) {
            privilegeGather = env.getPrivilegeGatherMap().get(str + "#%");
            if (privilegeGather == null) {
                privilegeGather = env.getPrivilegeGatherMap().get(str + "#" + DingoConfiguration.host());
                if (privilegeGather == null) {
                    return false;
                }
            }
        }
        return verify(str3, str4, privilegeGather, str5);
    }

    private static boolean prefilter(String str) {
        if (isVerify && DingoRole.SQLLINE != env.getRole()) {
            return StringUtils.isBlank(str);
        }
        return true;
    }

    public static boolean verify(String str, String str2, PrivilegeGather privilegeGather, String str3) {
        if (privilegeGather == null) {
            return false;
        }
        UserDefinition userDef = privilegeGather.getUserDef();
        if (userDef != null) {
            for (int i = 0; i < userDef.getPrivileges().length; i++) {
                if (userDef.getPrivileges()[i].booleanValue() && isFilter(str3, i)) {
                    return true;
                }
            }
        }
        if (str == null) {
            return false;
        }
        SchemaPrivDefinition schemaPrivDefinition = privilegeGather.getSchemaPrivDefMap().get(str);
        if (schemaPrivDefinition != null) {
            for (int i2 = 0; i2 < schemaPrivDefinition.getPrivileges().length; i2++) {
                if (schemaPrivDefinition.getPrivileges()[i2].booleanValue() && isFilter(str3, i2)) {
                    return true;
                }
            }
        }
        if (str2 == null) {
            return privilegeGather.getTablePrivDefMap().values().stream().anyMatch(tablePrivDefinition -> {
                if (!str.equalsIgnoreCase(tablePrivDefinition.getSchemaName())) {
                    return false;
                }
                log.info("schema verify:" + str);
                for (int i3 = 0; i3 < tablePrivDefinition.getPrivileges().length; i3++) {
                    if (tablePrivDefinition.getPrivileges()[i3].booleanValue() && isFilter(str3, i3)) {
                        return true;
                    }
                }
                return false;
            });
        }
        TablePrivDefinition tablePrivDefinition2 = privilegeGather.getTablePrivDefMap().get(str2);
        if (tablePrivDefinition2 == null) {
            return false;
        }
        for (int i3 = 0; i3 < tablePrivDefinition2.getPrivileges().length; i3++) {
            if (tablePrivDefinition2.getPrivileges()[i3].booleanValue() && isFilter(str3, i3)) {
                return true;
            }
        }
        return false;
    }

    private static boolean isFilter(String str, int i) {
        boolean z = false;
        if ("use".equals(str) || "getTables".equals(str)) {
            z = filterPx.contains(Integer.valueOf(i));
        } else if ("getSchemas".equals(str)) {
            z = filterPx.contains(Integer.valueOf(i)) || i == 23;
        }
        return z;
    }

    public static boolean verifyDuplicate(String str, String str2, String str3, String str4, List<DingoSqlAccessEnum> list) {
        return list.stream().allMatch(dingoSqlAccessEnum -> {
            return verify(str, str2, str3, str4, dingoSqlAccessEnum);
        });
    }

    static {
        filterPx.add(0);
        filterPx.add(1);
        filterPx.add(2);
        filterPx.add(3);
        filterPx.add(4);
        filterPx.add(5);
        filterPx.add(6);
        filterPx.add(7);
    }
}
