package org.apache.iotdb.commons.auth.role;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.entity.PriPrivilegeType;
import org.apache.iotdb.commons.auth.entity.Role;
import org.apache.iotdb.commons.concurrent.HashLock;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.utils.AuthUtils;
import org.apache.iotdb.rpc.TSStatusCode;

/* loaded from: input_file:org/apache/iotdb/commons/auth/role/BasicRoleManager.class */
public abstract class BasicRoleManager implements IRoleManager {
    protected IRoleAccessor accessor;
    private boolean preVersion = false;
    protected Map<String, Role> roleMap = new HashMap();
    protected HashLock lock = new HashLock();

    /* JADX INFO: Access modifiers changed from: package-private */
    public BasicRoleManager(LocalFileRoleAccessor localFileRoleAccessor) {
        this.accessor = localFileRoleAccessor;
    }

    @Override // org.apache.iotdb.commons.auth.role.IRoleManager
    public Role getRole(String str) {
        this.lock.readLock(str);
        Role role = this.roleMap.get(str);
        this.lock.readUnlock(str);
        return role;
    }

    @Override // org.apache.iotdb.commons.auth.role.IRoleManager
    public boolean createRole(String str) throws AuthException {
        if (getRole(str) != null) {
            return false;
        }
        this.lock.writeLock(str);
        this.roleMap.put(str, new Role(str));
        this.lock.writeUnlock(str);
        return true;
    }

    @Override // org.apache.iotdb.commons.auth.role.IRoleManager
    public boolean deleteRole(String str) {
        this.lock.writeLock(str);
        try {
            return this.roleMap.remove(str) != null;
        } finally {
            this.lock.writeUnlock(str);
        }
    }

    @Override // org.apache.iotdb.commons.auth.role.IRoleManager
    public void grantPrivilegeToRole(String str, PartialPath partialPath, int i, boolean z) throws AuthException {
        this.lock.writeLock(str);
        try {
            Role role = getRole(str);
            if (role == null) {
                throw new AuthException(TSStatusCode.ROLE_NOT_EXIST, String.format("No such role %s", str));
            }
            if (!this.preVersion) {
                if (partialPath != null) {
                    AuthUtils.validatePatternPath(partialPath);
                    role.addPathPrivilege(partialPath, i, z);
                } else {
                    role.getSysPrivilege().add(Integer.valueOf(i));
                    if (z) {
                        role.getSysPriGrantOpt().add(Integer.valueOf(i));
                    }
                }
                this.lock.writeUnlock(str);
                return;
            }
            AuthUtils.validatePath(partialPath);
            if (i == PriPrivilegeType.ALL.ordinal()) {
                for (PriPrivilegeType priPrivilegeType : PriPrivilegeType.values()) {
                    role.addPathPrivilege(partialPath, priPrivilegeType.ordinal(), false);
                }
            } else {
                role.addPathPrivilege(partialPath, i, false);
            }
            if (role.getServiceReady()) {
                role.setServiceReady(false);
            }
        } finally {
            this.lock.writeUnlock(str);
        }
    }

    @Override // org.apache.iotdb.commons.auth.role.IRoleManager
    public boolean revokePrivilegeFromRole(String str, PartialPath partialPath, int i) throws AuthException {
        this.lock.writeLock(str);
        try {
            Role role = getRole(str);
            if (role == null) {
                throw new AuthException(TSStatusCode.ROLE_NOT_EXIST, String.format("No such role %s", str));
            }
            if (this.preVersion) {
                if (!AuthUtils.hasPrivilege(partialPath, i, role.getPathPrivilegeList())) {
                    return false;
                }
                AuthUtils.removePrivilegePre(partialPath, i, role.getPathPrivilegeList());
                this.lock.writeUnlock(str);
                return true;
            }
            if (!role.hasPrivilegeToRevoke(partialPath, i)) {
                this.lock.writeUnlock(str);
                return false;
            }
            if (partialPath != null) {
                AuthUtils.validatePatternPath(partialPath);
                role.removePathPrivilege(partialPath, i);
            } else {
                role.getSysPrivilege().remove(Integer.valueOf(i));
                role.getSysPriGrantOpt().remove(Integer.valueOf(i));
            }
            this.lock.writeUnlock(str);
            return true;
        } finally {
            this.lock.writeUnlock(str);
        }
    }

    @Override // org.apache.iotdb.commons.auth.role.IRoleManager
    public void reset() throws AuthException {
        this.accessor.reset();
        this.roleMap.clear();
        for (String str : this.accessor.listAllRoles()) {
            try {
                this.roleMap.put(str, this.accessor.loadRole(str));
            } catch (IOException e) {
                throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
            }
        }
    }

    @Override // org.apache.iotdb.commons.auth.role.IRoleManager
    public List<String> listAllRoles() {
        ArrayList arrayList = new ArrayList();
        this.roleMap.forEach((str, role) -> {
            arrayList.add(str);
        });
        arrayList.sort(null);
        return arrayList;
    }

    @Override // org.apache.iotdb.commons.auth.role.IRoleManager
    public void replaceAllRoles(Map<String, Role> map) throws AuthException {
        synchronized (this) {
            reset();
            this.roleMap = map;
            Iterator<Map.Entry<String, Role>> it = this.roleMap.entrySet().iterator();
            while (it.hasNext()) {
                try {
                    this.accessor.saveRole(it.next().getValue());
                } catch (IOException e) {
                    throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
                }
            }
        }
    }

    @Override // org.apache.iotdb.commons.auth.role.IRoleManager
    public void setPreVersion(boolean z) {
        this.preVersion = z;
    }

    @Override // org.apache.iotdb.commons.auth.role.IRoleManager
    public boolean preVersion() {
        return this.preVersion;
    }

    @Override // org.apache.iotdb.commons.auth.role.IRoleManager
    public void checkAndRefreshPathPri() {
        this.roleMap.forEach((str, role) -> {
            AuthUtils.checkAndRefreshPri(role);
        });
    }
}
