package org.apache.iotdb.db.auth;

import com.google.common.util.concurrent.SettableFuture;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.stream.Collectors;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.entity.PathPrivilege;
import org.apache.iotdb.commons.auth.entity.Role;
import org.apache.iotdb.commons.auth.entity.User;
import org.apache.iotdb.commons.client.IClientManager;
import org.apache.iotdb.commons.consensus.PartitionRegionId;
import org.apache.iotdb.commons.exception.IoTDBException;
import org.apache.iotdb.commons.utils.AuthUtils;
import org.apache.iotdb.confignode.rpc.thrift.TAuthorizerReq;
import org.apache.iotdb.confignode.rpc.thrift.TAuthorizerResp;
import org.apache.iotdb.confignode.rpc.thrift.TCheckUserPrivilegesReq;
import org.apache.iotdb.confignode.rpc.thrift.TLoginReq;
import org.apache.iotdb.confignode.rpc.thrift.TPermissionInfoResp;
import org.apache.iotdb.db.client.ConfigNodeClient;
import org.apache.iotdb.db.client.ConfigNodeInfo;
import org.apache.iotdb.db.client.DataNodeClientPoolFactory;
import org.apache.iotdb.db.mpp.plan.execution.config.ConfigTaskResult;
import org.apache.iotdb.db.mpp.plan.statement.sys.AuthorStatement;
import org.apache.iotdb.db.qp.logical.sys.AuthorOperator;
import org.apache.iotdb.rpc.RpcUtils;
import org.apache.iotdb.rpc.TSStatusCode;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/iotdb/db/auth/ClusterAuthorityFetcher.class */
public class ClusterAuthorityFetcher implements IAuthorityFetcher {
    private IAuthorCache iAuthorCache;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ClusterAuthorityFetcher.class);
    private static final IClientManager<PartitionRegionId, ConfigNodeClient> CONFIG_NODE_CLIENT_MANAGER = new IClientManager.Factory().createClientManager(new DataNodeClientPoolFactory.ConfigNodeClientPoolFactory());

    public ClusterAuthorityFetcher(IAuthorCache iAuthorCache) {
        this.iAuthorCache = iAuthorCache;
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public TSStatus checkUserPrivileges(String str, List<String> list, int i) {
        User userCache = this.iAuthorCache.getUserCache(str);
        if (userCache == null) {
            return checkPath(str, list, i);
        }
        for (String str2 : list) {
            try {
                if (!userCache.checkPrivilege(str2, i)) {
                    if (userCache.getRoleList().isEmpty()) {
                        return RpcUtils.getStatus(TSStatusCode.NO_PERMISSION_ERROR);
                    }
                    boolean z = false;
                    Iterator<String> it = userCache.getRoleList().iterator();
                    while (it.hasNext()) {
                        Role roleCache = this.iAuthorCache.getRoleCache(it.next());
                        if (roleCache == null) {
                            this.iAuthorCache.invalidateCache(str, "");
                            return checkPath(str, list, i);
                        }
                        z = roleCache.checkPrivilege(str2, i);
                        if (z) {
                            break;
                        }
                    }
                    if (!z) {
                        return RpcUtils.getStatus(TSStatusCode.NO_PERMISSION_ERROR);
                    }
                }
            } catch (AuthException e) {
                return RpcUtils.getStatus(TSStatusCode.EXECUTE_STATEMENT_ERROR, e.getMessage());
            }
        }
        return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public SettableFuture<ConfigTaskResult> operatePermission(AuthorStatement authorStatement) {
        SettableFuture<ConfigTaskResult> create = SettableFuture.create();
        try {
            ConfigNodeClient borrowClient = CONFIG_NODE_CLIENT_MANAGER.borrowClient(ConfigNodeInfo.partitionRegionId);
            try {
                TAuthorizerReq statementToAuthorizerReq = statementToAuthorizerReq(authorStatement);
                TSStatus operatePermission = borrowClient.operatePermission(statementToAuthorizerReq);
                if (TSStatusCode.SUCCESS_STATUS.getStatusCode() != operatePermission.getCode()) {
                    logger.error("Failed to execute {} in config node, status is {}.", AuthorOperator.AuthorType.values()[statementToAuthorizerReq.getAuthorType()].toString().toLowerCase(Locale.ROOT), operatePermission);
                    create.setException(new IoTDBException(operatePermission.message, operatePermission.code));
                } else {
                    create.set(new ConfigTaskResult(TSStatusCode.SUCCESS_STATUS));
                }
                if (borrowClient != null) {
                    borrowClient.close();
                }
            } catch (Throwable th) {
                if (borrowClient != null) {
                    try {
                        borrowClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException | TException e) {
            logger.error("Failed to connect to config node.");
            create.setException(e);
        } catch (AuthException e2) {
            create.setException(e2);
        }
        return create;
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public SettableFuture<ConfigTaskResult> queryPermission(AuthorStatement authorStatement) {
        SettableFuture<ConfigTaskResult> create = SettableFuture.create();
        TAuthorizerResp tAuthorizerResp = new TAuthorizerResp();
        try {
            ConfigNodeClient borrowClient = CONFIG_NODE_CLIENT_MANAGER.borrowClient(ConfigNodeInfo.partitionRegionId);
            try {
                TAuthorizerReq statementToAuthorizerReq = statementToAuthorizerReq(authorStatement);
                TAuthorizerResp queryPermission = borrowClient.queryPermission(statementToAuthorizerReq);
                if (TSStatusCode.SUCCESS_STATUS.getStatusCode() != queryPermission.getStatus().getCode()) {
                    logger.error("Failed to execute {} in config node, status is {}.", AuthorOperator.AuthorType.values()[statementToAuthorizerReq.getAuthorType()].toString().toLowerCase(Locale.ROOT), queryPermission.getStatus());
                    create.setException(new IoTDBException(queryPermission.getStatus().message, queryPermission.getStatus().code));
                } else {
                    AuthorizerManager.getInstance().buildTSBlock(queryPermission.getAuthorizerInfo(), create);
                }
                if (borrowClient != null) {
                    borrowClient.close();
                }
            } catch (Throwable th) {
                if (borrowClient != null) {
                    try {
                        borrowClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException | TException e) {
            logger.error("Failed to connect to config node.");
            tAuthorizerResp.setStatus(RpcUtils.getStatus(TSStatusCode.EXECUTE_STATEMENT_ERROR, "Failed to connect to config node."));
            create.setException(new IoTDBException(tAuthorizerResp.getStatus().message, tAuthorizerResp.getStatus().code));
        } catch (AuthException e2) {
            create.setException(e2);
        }
        return create;
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public IAuthorCache getAuthorCache() {
        return this.iAuthorCache;
    }

    @Override // org.apache.iotdb.db.auth.IAuthorityFetcher
    public TSStatus checkUser(String str, String str2) {
        TPermissionInfoResp tPermissionInfoResp;
        User userCache = this.iAuthorCache.getUserCache(str);
        if (userCache != null) {
            return (str2 == null || !AuthUtils.validatePassword(str2, userCache.getPassword())) ? RpcUtils.getStatus(TSStatusCode.WRONG_LOGIN_PASSWORD_ERROR, "Authentication failed.") : RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
        }
        TLoginReq tLoginReq = new TLoginReq(str, str2);
        try {
            try {
                ConfigNodeClient borrowClient = CONFIG_NODE_CLIENT_MANAGER.borrowClient(ConfigNodeInfo.partitionRegionId);
                try {
                    tPermissionInfoResp = borrowClient.login(tLoginReq);
                    if (borrowClient != null) {
                        borrowClient.close();
                    }
                    if (tPermissionInfoResp == null) {
                        tPermissionInfoResp = new TPermissionInfoResp();
                    }
                } catch (Throwable th) {
                    if (borrowClient != null) {
                        try {
                            borrowClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    new TPermissionInfoResp();
                }
                throw th3;
            }
        } catch (IOException | TException e) {
            logger.error("Failed to connect to config node.");
            tPermissionInfoResp = new TPermissionInfoResp();
            tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.EXECUTE_STATEMENT_ERROR, "Failed to connect to config node."));
            if (tPermissionInfoResp == null) {
                tPermissionInfoResp = new TPermissionInfoResp();
            }
        }
        if (tPermissionInfoResp.getStatus().getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
            return tPermissionInfoResp.getStatus();
        }
        this.iAuthorCache.putUserCache(str, cacheUser(tPermissionInfoResp));
        return tPermissionInfoResp.getStatus();
    }

    public TSStatus checkPath(String str, List<String> list, int i) {
        TPermissionInfoResp tPermissionInfoResp;
        TCheckUserPrivilegesReq tCheckUserPrivilegesReq = new TCheckUserPrivilegesReq(str, list, i);
        try {
            ConfigNodeClient borrowClient = CONFIG_NODE_CLIENT_MANAGER.borrowClient(ConfigNodeInfo.partitionRegionId);
            try {
                tPermissionInfoResp = borrowClient.checkUserPrivileges(tCheckUserPrivilegesReq);
                if (borrowClient != null) {
                    borrowClient.close();
                }
            } finally {
            }
        } catch (IOException | TException e) {
            logger.error("Failed to connect to config node.");
            tPermissionInfoResp = new TPermissionInfoResp();
            tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.EXECUTE_STATEMENT_ERROR, "Failed to connect to config node."));
        }
        if (tPermissionInfoResp.getStatus().getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
            return tPermissionInfoResp.getStatus();
        }
        this.iAuthorCache.putUserCache(str, cacheUser(tPermissionInfoResp));
        return tPermissionInfoResp.getStatus();
    }

    public User cacheUser(TPermissionInfoResp tPermissionInfoResp) {
        User user = new User();
        List<String> privilegeList = tPermissionInfoResp.getUserInfo().getPrivilegeList();
        ArrayList arrayList = new ArrayList();
        user.setName(tPermissionInfoResp.getUserInfo().getUsername());
        user.setPassword(tPermissionInfoResp.getUserInfo().getPassword());
        int i = 0;
        while (i < privilegeList.size()) {
            String str = privilegeList.get(i);
            int i2 = i + 1;
            arrayList.add(toPathPrivilege(str, privilegeList.get(i2)));
            i = i2 + 1;
        }
        user.setPrivilegeList(arrayList);
        user.setRoleList(tPermissionInfoResp.getUserInfo().getRoleList());
        for (String str2 : tPermissionInfoResp.getRoleInfo().keySet()) {
            this.iAuthorCache.putRoleCache(str2, cacheRole(str2, tPermissionInfoResp));
        }
        return user;
    }

    public Role cacheRole(String str, TPermissionInfoResp tPermissionInfoResp) {
        Role role = new Role();
        List<String> privilegeList = tPermissionInfoResp.getRoleInfo().get(str).getPrivilegeList();
        ArrayList arrayList = new ArrayList();
        role.setName(tPermissionInfoResp.getRoleInfo().get(str).getRoleName());
        int i = 0;
        while (i < privilegeList.size()) {
            String str2 = privilegeList.get(i);
            int i2 = i + 1;
            arrayList.add(toPathPrivilege(str2, privilegeList.get(i2)));
            i = i2 + 1;
        }
        role.setPrivilegeList(arrayList);
        return role;
    }

    private PathPrivilege toPathPrivilege(String str, String str2) {
        PathPrivilege pathPrivilege = new PathPrivilege();
        String[] split = str2.replace(" ", "").split(",");
        HashSet hashSet = new HashSet();
        for (String str3 : split) {
            hashSet.add(Integer.valueOf(Integer.parseInt(str3)));
        }
        pathPrivilege.setPrivileges(hashSet);
        pathPrivilege.setPath(str);
        return pathPrivilege;
    }

    private TAuthorizerReq statementToAuthorizerReq(AuthorStatement authorStatement) throws AuthException {
        return new TAuthorizerReq(authorStatement.getAuthorType().ordinal(), authorStatement.getUserName() == null ? "" : authorStatement.getUserName(), authorStatement.getRoleName() == null ? "" : authorStatement.getRoleName(), authorStatement.getPassWord() == null ? "" : authorStatement.getPassWord(), authorStatement.getNewPassword() == null ? "" : authorStatement.getNewPassword(), AuthUtils.strToPermissions(authorStatement.getPrivilegeList()), authorStatement.getNodeNameList() == null ? Collections.emptyList() : (List) authorStatement.getNodeNameList().stream().map((v0) -> {
            return v0.getFullPath();
        }).collect(Collectors.toList()));
    }
}
