package org.apache.iotdb.confignode.persistence;

import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer;
import org.apache.iotdb.commons.auth.authorizer.IAuthorizer;
import org.apache.iotdb.commons.auth.authorizer.OpenIdAuthorizer;
import org.apache.iotdb.commons.auth.entity.PathPrivilege;
import org.apache.iotdb.commons.auth.entity.PriPrivilegeType;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.auth.entity.Role;
import org.apache.iotdb.commons.auth.entity.User;
import org.apache.iotdb.commons.conf.CommonConfig;
import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.path.PathPatternTree;
import org.apache.iotdb.commons.snapshot.SnapshotProcessor;
import org.apache.iotdb.commons.utils.AuthUtils;
import org.apache.iotdb.commons.utils.FileUtils;
import org.apache.iotdb.confignode.conf.ConfigNodeConstant;
import org.apache.iotdb.confignode.consensus.request.ConfigPhysicalPlanType;
import org.apache.iotdb.confignode.consensus.request.auth.AuthorPlan;
import org.apache.iotdb.confignode.consensus.response.auth.PermissionInfoResp;
import org.apache.iotdb.confignode.rpc.thrift.TAuthizedPatternTreeResp;
import org.apache.iotdb.confignode.rpc.thrift.TPathPrivilege;
import org.apache.iotdb.confignode.rpc.thrift.TPermissionInfoResp;
import org.apache.iotdb.confignode.rpc.thrift.TRoleResp;
import org.apache.iotdb.confignode.rpc.thrift.TUserResp;
import org.apache.iotdb.confignode.writelog.io.SingleFileLogReader;
import org.apache.iotdb.rpc.RpcUtils;
import org.apache.iotdb.rpc.TSStatusCode;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/iotdb/confignode/persistence/AuthorInfo.class */
public class AuthorInfo implements SnapshotProcessor {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthorInfo.class);
    private static final CommonConfig COMMON_CONFIG = CommonDescriptor.getInstance().getConfig();
    private static final String NO_USER_MSG = "No such user : ";
    private IAuthorizer authorizer;
    private boolean hasPrePriv = true;

    /* renamed from: org.apache.iotdb.confignode.persistence.AuthorInfo$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/iotdb/confignode/persistence/AuthorInfo$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType = new int[ConfigPhysicalPlanType.values().length];

        static {
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.UpdateUserDep.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.UpdateUser.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.CreateUserDep.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.CreateUser.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.CreateRoleDep.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.CreateRole.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.DropUserDep.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.DropUser.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.DropRoleDep.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.DropRole.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.GrantRoleDep.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.GrantRole.ordinal()] = 12;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.GrantUserDep.ordinal()] = 13;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.GrantUser.ordinal()] = 14;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.GrantRoleToUserDep.ordinal()] = 15;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.GrantRoleToUser.ordinal()] = 16;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.RevokeUserDep.ordinal()] = 17;
            } catch (NoSuchFieldError e17) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.RevokeUser.ordinal()] = 18;
            } catch (NoSuchFieldError e18) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.RevokeRoleDep.ordinal()] = 19;
            } catch (NoSuchFieldError e19) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.RevokeRole.ordinal()] = 20;
            } catch (NoSuchFieldError e20) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.RevokeRoleFromUserDep.ordinal()] = 21;
            } catch (NoSuchFieldError e21) {
            }
            try {
                $SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[ConfigPhysicalPlanType.RevokeRoleFromUser.ordinal()] = 22;
            } catch (NoSuchFieldError e22) {
            }
        }
    }

    public AuthorInfo() {
        try {
            this.authorizer = BasicAuthorizer.getInstance();
        } catch (AuthException e) {
            LOGGER.error("get user or role permissionInfo failed because ", e);
        }
    }

    public TPermissionInfoResp login(String str, String str2) {
        boolean z;
        String str3 = null;
        TSStatus tSStatus = new TSStatus();
        TPermissionInfoResp tPermissionInfoResp = new TPermissionInfoResp();
        try {
            z = this.authorizer.login(str, str2);
            if (z) {
                if (this.authorizer instanceof OpenIdAuthorizer) {
                    tPermissionInfoResp = getUserPermissionInfo(this.authorizer.getIoTDBUserName(str));
                    tPermissionInfoResp.getUserInfo().setIsOpenIdUser(true);
                } else {
                    tPermissionInfoResp = getUserPermissionInfo(str);
                }
                tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS, "Login successfully"));
            } else {
                tPermissionInfoResp = AuthUtils.generateEmptyPermissionInfoResp();
            }
        } catch (AuthException e) {
            LOGGER.error("meet error while logging in.", e);
            z = false;
            str3 = e.getMessage();
        }
        if (!z) {
            tSStatus.setMessage(str3 != null ? str3 : "Authentication failed.");
            tSStatus.setCode(TSStatusCode.WRONG_LOGIN_PASSWORD.getStatusCode());
            tPermissionInfoResp.setStatus(tSStatus);
        }
        return tPermissionInfoResp;
    }

    public TPermissionInfoResp checkUserPrivileges(String str, List<PartialPath> list, int i) {
        boolean z = true;
        TPermissionInfoResp tPermissionInfoResp = new TPermissionInfoResp();
        ArrayList arrayList = new ArrayList();
        try {
            if (list.isEmpty()) {
                z = this.authorizer.checkUserPrivileges(str, (PartialPath) null, i);
            } else {
                int i2 = 0;
                Iterator<PartialPath> it = list.iterator();
                while (it.hasNext()) {
                    if (!checkOnePath(str, it.next(), i)) {
                        arrayList.add(Integer.valueOf(i2));
                    }
                    i2++;
                }
                if (arrayList.size() == list.size()) {
                    z = false;
                }
            }
        } catch (AuthException e) {
            z = false;
        }
        if (z) {
            try {
                tPermissionInfoResp = getUserPermissionInfo(str);
                tPermissionInfoResp.setFailPos(arrayList);
                tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
            } catch (AuthException e2) {
                tPermissionInfoResp.setStatus(RpcUtils.getStatus(e2.getCode(), e2.getMessage()));
            }
        } else {
            tPermissionInfoResp = AuthUtils.generateEmptyPermissionInfoResp();
            tPermissionInfoResp.setFailPos(arrayList);
            tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.NO_PERMISSION));
        }
        return tPermissionInfoResp;
    }

    private boolean checkOnePath(String str, PartialPath partialPath, int i) throws AuthException {
        try {
            return this.authorizer.checkUserPrivileges(str, partialPath, i);
        } catch (AuthException e) {
            LOGGER.error("Error occurs when checking the seriesPath {} for user {}", new Object[]{partialPath, str, e});
            throw new AuthException(e.getCode(), e);
        }
    }

    public TSStatus authorNonQuery(AuthorPlan authorPlan) {
        ConfigPhysicalPlanType authorType = authorPlan.getAuthorType();
        String userName = authorPlan.getUserName();
        String roleName = authorPlan.getRoleName();
        String password = authorPlan.getPassword();
        String newPassword = authorPlan.getNewPassword();
        Set<Integer> permissions = authorPlan.getPermissions();
        boolean grantOpt = authorPlan.getGrantOpt();
        List<PartialPath> nodeNameList = authorPlan.getNodeNameList();
        if (authorType.ordinal() >= ConfigPhysicalPlanType.CreateUserDep.ordinal() && authorType.ordinal() <= ConfigPhysicalPlanType.UpdateUserDep.ordinal()) {
            this.authorizer.setUserForPreVersion(true);
            this.authorizer.setRoleForPreVersion(true);
        } else if (this.hasPrePriv) {
            this.authorizer.checkUserPathPrivilege();
            this.hasPrePriv = false;
        }
        try {
            try {
                switch (AnonymousClass1.$SwitchMap$org$apache$iotdb$confignode$consensus$request$ConfigPhysicalPlanType[authorType.ordinal()]) {
                    case 1:
                    case 2:
                        this.authorizer.updateUserPassword(userName, newPassword);
                        break;
                    case 3:
                        AuthUtils.validatePasswordPre(password);
                        AuthUtils.validateUsernamePre(userName);
                        this.authorizer.createUserWithoutCheck(userName, password);
                        break;
                    case 4:
                        this.authorizer.createUser(userName, password);
                        break;
                    case 5:
                        AuthUtils.validateRolenamePre(roleName);
                        this.authorizer.createRole(roleName);
                        break;
                    case 6:
                        AuthUtils.validateRolename(roleName);
                        this.authorizer.createRole(roleName);
                        break;
                    case 7:
                    case ConfigNodeConstant.MIN_SUPPORTED_JDK_VERSION /* 8 */:
                        this.authorizer.deleteUser(userName);
                        break;
                    case 9:
                    case 10:
                        this.authorizer.deleteRole(roleName);
                        break;
                    case 11:
                        grantPrivilegeForPreVersion(false, roleName, permissions, nodeNameList);
                        break;
                    case SingleFileLogReader.LEAST_LOG_SIZE /* 12 */:
                        Iterator<Integer> it = permissions.iterator();
                        while (it.hasNext()) {
                            int intValue = it.next().intValue();
                            if (PrivilegeType.isPathRelevant(intValue)) {
                                Iterator<PartialPath> it2 = nodeNameList.iterator();
                                while (it2.hasNext()) {
                                    this.authorizer.grantPrivilegeToRole(roleName, it2.next(), intValue, grantOpt);
                                }
                            } else {
                                this.authorizer.grantPrivilegeToRole(roleName, (PartialPath) null, intValue, grantOpt);
                            }
                        }
                        break;
                    case 13:
                        grantPrivilegeForPreVersion(true, userName, permissions, nodeNameList);
                        break;
                    case 14:
                        Iterator<Integer> it3 = permissions.iterator();
                        while (it3.hasNext()) {
                            int intValue2 = it3.next().intValue();
                            if (PrivilegeType.isPathRelevant(intValue2)) {
                                Iterator<PartialPath> it4 = nodeNameList.iterator();
                                while (it4.hasNext()) {
                                    this.authorizer.grantPrivilegeToUser(userName, it4.next(), intValue2, grantOpt);
                                }
                            } else {
                                this.authorizer.grantPrivilegeToUser(userName, (PartialPath) null, intValue2, grantOpt);
                            }
                        }
                        break;
                    case 15:
                    case 16:
                        this.authorizer.grantRoleToUser(roleName, userName);
                        break;
                    case 17:
                        revokePrivilegeForPreVersion(true, userName, permissions, nodeNameList);
                        break;
                    case 18:
                        Iterator<Integer> it5 = permissions.iterator();
                        while (it5.hasNext()) {
                            int intValue3 = it5.next().intValue();
                            if (PrivilegeType.isPathRelevant(intValue3)) {
                                Iterator<PartialPath> it6 = nodeNameList.iterator();
                                while (it6.hasNext()) {
                                    this.authorizer.revokePrivilegeFromUser(userName, it6.next(), intValue3);
                                }
                            } else {
                                this.authorizer.revokePrivilegeFromUser(userName, (PartialPath) null, intValue3);
                            }
                        }
                        break;
                    case 19:
                        revokePrivilegeForPreVersion(false, roleName, permissions, nodeNameList);
                        break;
                    case 20:
                        Iterator<Integer> it7 = permissions.iterator();
                        while (it7.hasNext()) {
                            int intValue4 = it7.next().intValue();
                            if (PrivilegeType.isPathRelevant(intValue4)) {
                                Iterator<PartialPath> it8 = nodeNameList.iterator();
                                while (it8.hasNext()) {
                                    this.authorizer.revokePrivilegeFromRole(roleName, it8.next(), intValue4);
                                }
                            } else {
                                this.authorizer.revokePrivilegeFromRole(roleName, (PartialPath) null, intValue4);
                            }
                        }
                        break;
                    case 21:
                    case 22:
                        this.authorizer.revokeRoleFromUser(roleName, userName);
                        break;
                    default:
                        throw new AuthException(TSStatusCode.UNSUPPORTED_AUTH_OPERATION, "unknown type: " + authorPlan.getAuthorType());
                }
                this.authorizer.setUserForPreVersion(false);
                this.authorizer.setRoleForPreVersion(false);
                return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
            } catch (AuthException e) {
                TSStatus status = RpcUtils.getStatus(e.getCode(), e.getMessage());
                this.authorizer.setUserForPreVersion(false);
                this.authorizer.setRoleForPreVersion(false);
                return status;
            }
        } catch (Throwable th) {
            this.authorizer.setUserForPreVersion(false);
            this.authorizer.setRoleForPreVersion(false);
            throw th;
        }
    }

    public PermissionInfoResp executeListUsers(AuthorPlan authorPlan) throws AuthException {
        PermissionInfoResp permissionInfoResp = new PermissionInfoResp();
        List<String> listAllUsers = this.authorizer.listAllUsers();
        if (!authorPlan.getRoleName().isEmpty()) {
            if (this.authorizer.getRole(authorPlan.getRoleName()) == null) {
                permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.ROLE_NOT_EXIST, "No such role : " + authorPlan.getRoleName()));
                return permissionInfoResp;
            }
            Iterator<String> it = listAllUsers.iterator();
            while (it.hasNext()) {
                User user = this.authorizer.getUser(it.next());
                if (user == null || !user.hasRole(authorPlan.getRoleName())) {
                    it.remove();
                }
            }
        }
        permissionInfoResp.setTag("user");
        permissionInfoResp.setMemberInfo(listAllUsers);
        permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
        return permissionInfoResp;
    }

    public PermissionInfoResp executeListRoles(AuthorPlan authorPlan) throws AuthException {
        PermissionInfoResp permissionInfoResp = new PermissionInfoResp();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (authorPlan.getUserName().isEmpty()) {
            arrayList2.addAll(this.authorizer.listAllRoles());
        } else {
            User user = this.authorizer.getUser(authorPlan.getUserName());
            if (user == null) {
                permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.USER_NOT_EXIST, NO_USER_MSG + authorPlan.getUserName()));
                permissionInfoResp.setMemberInfo(arrayList);
                return permissionInfoResp;
            }
            arrayList2.addAll(user.getRoleList());
        }
        permissionInfoResp.setTag("role");
        permissionInfoResp.setMemberInfo(arrayList2);
        permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
        return permissionInfoResp;
    }

    public PermissionInfoResp executeListRolePrivileges(AuthorPlan authorPlan) throws AuthException {
        PermissionInfoResp permissionInfoResp = new PermissionInfoResp();
        ArrayList arrayList = new ArrayList();
        Role role = this.authorizer.getRole(authorPlan.getRoleName());
        if (role == null) {
            permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.ROLE_NOT_EXIST, "No such role : " + authorPlan.getRoleName()));
            permissionInfoResp.setMemberInfo(arrayList);
            return permissionInfoResp;
        }
        TPermissionInfoResp tPermissionInfoResp = new TPermissionInfoResp();
        TRoleResp tRoleResp = new TRoleResp();
        tRoleResp.setRoleName(role.getName());
        ArrayList arrayList2 = new ArrayList();
        for (PathPrivilege pathPrivilege : role.getPathPrivilegeList()) {
            TPathPrivilege tPathPrivilege = new TPathPrivilege();
            tPathPrivilege.setPriGrantOpt(pathPrivilege.getGrantOpt());
            tPathPrivilege.setPriSet(pathPrivilege.getPrivileges());
            tPathPrivilege.setPath(pathPrivilege.getPath().toString());
            arrayList2.add(tPathPrivilege);
        }
        tRoleResp.setPrivilegeList(arrayList2);
        tRoleResp.setSysPriSet(role.getSysPrivilege());
        tRoleResp.setSysPriSetGrantOpt(role.getSysPriGrantOpt());
        HashMap hashMap = new HashMap();
        hashMap.put(role.getName(), tRoleResp);
        tPermissionInfoResp.setRoleInfo(hashMap);
        tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
        permissionInfoResp.setTag("privilege");
        permissionInfoResp.setPermissionInfoResp(tPermissionInfoResp);
        permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
        permissionInfoResp.setMemberInfo(arrayList);
        return permissionInfoResp;
    }

    public PermissionInfoResp executeListUserPrivileges(AuthorPlan authorPlan) throws AuthException {
        PermissionInfoResp permissionInfoResp = new PermissionInfoResp();
        if (this.authorizer.getUser(authorPlan.getUserName()) == null) {
            permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.USER_NOT_EXIST, NO_USER_MSG + authorPlan.getUserName()));
            return permissionInfoResp;
        }
        TPermissionInfoResp userPermissionInfo = getUserPermissionInfo(authorPlan.getUserName());
        userPermissionInfo.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
        permissionInfoResp.setTag("privilege");
        permissionInfoResp.setPermissionInfoResp(userPermissionInfo);
        permissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
        return permissionInfoResp;
    }

    public TAuthizedPatternTreeResp generateAuthizedPTree(String str, int i) throws AuthException {
        TAuthizedPatternTreeResp tAuthizedPatternTreeResp = new TAuthizedPatternTreeResp();
        User user = this.authorizer.getUser(str);
        PathPatternTree pathPatternTree = new PathPatternTree();
        if (user == null) {
            tAuthizedPatternTreeResp.setStatus(RpcUtils.getStatus(TSStatusCode.USER_NOT_EXIST, NO_USER_MSG + str));
            tAuthizedPatternTreeResp.setUsername(str);
            tAuthizedPatternTreeResp.setPrivilegeId(i);
            return tAuthizedPatternTreeResp;
        }
        for (PathPrivilege pathPrivilege : user.getPathPrivilegeList()) {
            if (pathPrivilege.checkPrivilege(i)) {
                pathPatternTree.appendPathPattern(pathPrivilege.getPath());
            }
        }
        Iterator it = user.getRoleList().iterator();
        while (it.hasNext()) {
            Role role = this.authorizer.getRole((String) it.next());
            if (role != null) {
                for (PathPrivilege pathPrivilege2 : role.getPathPrivilegeList()) {
                    if (pathPrivilege2.checkPrivilege(i)) {
                        pathPatternTree.appendPathPattern(pathPrivilege2.getPath());
                    }
                }
            }
        }
        pathPatternTree.constructTree();
        tAuthizedPatternTreeResp.setUsername(str);
        tAuthizedPatternTreeResp.setPrivilegeId(i);
        tAuthizedPatternTreeResp.setStatus(new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            pathPatternTree.serialize(new DataOutputStream(byteArrayOutputStream));
            tAuthizedPatternTreeResp.setPathPatternTree(ByteBuffer.wrap(byteArrayOutputStream.toByteArray()));
            tAuthizedPatternTreeResp.setPermissionInfo(getUserPermissionInfo(str));
            return tAuthizedPatternTreeResp;
        } catch (IOException e) {
            tAuthizedPatternTreeResp.setStatus(RpcUtils.getStatus(TSStatusCode.EXECUTE_STATEMENT_ERROR, "Get error when serialize pattern tree."));
            return tAuthizedPatternTreeResp;
        }
    }

    public TPermissionInfoResp checkUserPrivilegeGrantOpt(String str, List<PartialPath> list, int i) throws AuthException {
        User user = this.authorizer.getUser(str);
        TPermissionInfoResp tPermissionInfoResp = new TPermissionInfoResp();
        if (user == null) {
            tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.USER_NOT_EXIST, NO_USER_MSG + str));
            return tPermissionInfoResp;
        }
        try {
            if (PrivilegeType.isPathRelevant(i)) {
                for (PartialPath partialPath : list) {
                    if (!user.checkPathPrivilegeGrantOpt(partialPath, i)) {
                        if (!r11) {
                            Iterator it = user.getRoleList().iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                if (this.authorizer.getRole((String) it.next()).checkPathPrivilegeGrantOpt(partialPath, i)) {
                                    r11 = true;
                                    break;
                                }
                            }
                        }
                        if (!r11) {
                            break;
                        }
                    } else {
                        r11 = true;
                    }
                }
            } else {
                r11 = user.checkSysPriGrantOpt(i);
                if (!r11) {
                    Iterator it2 = user.getRoleList().iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            break;
                        }
                        if (this.authorizer.getRole((String) it2.next()).checkSysPriGrantOpt(i)) {
                            r11 = true;
                            break;
                        }
                    }
                }
            }
        } catch (AuthException e) {
            r11 = false;
        }
        if (r11) {
            try {
                tPermissionInfoResp = getUserPermissionInfo(str);
                tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
            } catch (AuthException e2) {
                tPermissionInfoResp.setStatus(RpcUtils.getStatus(e2.getCode(), e2.getMessage()));
            }
        } else {
            tPermissionInfoResp = AuthUtils.generateEmptyPermissionInfoResp();
            tPermissionInfoResp.setStatus(RpcUtils.getStatus(TSStatusCode.NO_PERMISSION));
        }
        return tPermissionInfoResp;
    }

    public TPermissionInfoResp checkRoleOfUser(String str, String str2) throws AuthException {
        User user = this.authorizer.getUser(str);
        if (user == null) {
            throw new AuthException(TSStatusCode.USER_NOT_EXIST, String.format("No such user : %s", str));
        }
        TPermissionInfoResp userPermissionInfo = getUserPermissionInfo(str);
        if (user.getRoleList().contains(str2)) {
            userPermissionInfo.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
        } else {
            userPermissionInfo.setStatus(RpcUtils.getStatus(TSStatusCode.USER_NOT_HAS_ROLE));
        }
        return userPermissionInfo;
    }

    public boolean processTakeSnapshot(File file) throws TException, IOException {
        return this.authorizer.processTakeSnapshot(file);
    }

    public void processLoadSnapshot(File file) throws TException, IOException {
        this.authorizer.processLoadSnapshot(file);
        try {
            this.authorizer.reset();
        } catch (AuthException e) {
            throw new IOException("Error when load role and user: %s", e);
        }
    }

    public void clear() throws AuthException {
        File file = new File(COMMON_CONFIG.getUserFolder());
        if (file.exists()) {
            FileUtils.deleteDirectory(file);
        }
        File file2 = new File(COMMON_CONFIG.getRoleFolder());
        if (file2.exists()) {
            FileUtils.deleteDirectory(file2);
        }
        this.authorizer.reset();
    }

    public TPermissionInfoResp getUserPermissionInfo(String str) throws AuthException {
        TPermissionInfoResp tPermissionInfoResp = new TPermissionInfoResp();
        TUserResp tUserResp = new TUserResp();
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        User user = this.authorizer.getUser(str);
        if (user.getPathPrivilegeList() != null) {
            for (PathPrivilege pathPrivilege : user.getPathPrivilegeList()) {
                TPathPrivilege tPathPrivilege = new TPathPrivilege();
                tPathPrivilege.setPath(pathPrivilege.getPath().getFullPath());
                tPathPrivilege.setPriSet(pathPrivilege.getPrivileges());
                tPathPrivilege.setPriGrantOpt(pathPrivilege.getGrantOpt());
                arrayList.add(tPathPrivilege);
            }
        }
        tUserResp.setUsername(user.getName());
        tUserResp.setPassword(user.getPassword());
        tUserResp.setPrivilegeList(arrayList);
        tUserResp.setRoleList(user.getRoleList());
        tUserResp.setSysPriSet(user.getSysPrivilege());
        tUserResp.setSysPriSetGrantOpt(user.getSysPriGrantOpt());
        if (user.getRoleList() != null) {
            for (String str2 : user.getRoleList()) {
                Role role = this.authorizer.getRole(str2);
                ArrayList arrayList2 = new ArrayList();
                for (PathPrivilege pathPrivilege2 : role.getPathPrivilegeList()) {
                    TPathPrivilege tPathPrivilege2 = new TPathPrivilege();
                    tPathPrivilege2.setPath(pathPrivilege2.getPath().getFullPath());
                    tPathPrivilege2.setPriSet(pathPrivilege2.getPrivileges());
                    tPathPrivilege2.setPriGrantOpt(pathPrivilege2.getGrantOpt());
                    arrayList2.add(tPathPrivilege2);
                }
                hashMap.put(str2, new TRoleResp(str2, arrayList2, role.getSysPrivilege(), role.getSysPriGrantOpt()));
            }
        }
        tPermissionInfoResp.setUserInfo(tUserResp);
        tPermissionInfoResp.setRoleInfo(hashMap);
        tPermissionInfoResp.setStatus(new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()));
        return tPermissionInfoResp;
    }

    public void checkUserPathPrivilege() {
        this.authorizer.checkUserPathPrivilege();
    }

    private void grantPrivilegeForPreVersion(boolean z, String str, Set<Integer> set, List<PartialPath> list) throws AuthException {
        Iterator<Integer> it = set.iterator();
        while (it.hasNext()) {
            int intValue = it.next().intValue();
            if (PriPrivilegeType.values()[intValue].isAccept()) {
                if (z) {
                    Iterator<PartialPath> it2 = list.iterator();
                    while (it2.hasNext()) {
                        this.authorizer.grantPrivilegeToUser(str, it2.next(), intValue, false);
                    }
                } else {
                    Iterator<PartialPath> it3 = list.iterator();
                    while (it3.hasNext()) {
                        this.authorizer.grantPrivilegeToRole(str, it3.next(), intValue, false);
                    }
                }
            }
        }
    }

    private void revokePrivilegeForPreVersion(boolean z, String str, Set<Integer> set, List<PartialPath> list) throws AuthException {
        Iterator<Integer> it = set.iterator();
        while (it.hasNext()) {
            int intValue = it.next().intValue();
            PriPrivilegeType priPrivilegeType = PriPrivilegeType.values()[intValue];
            if (priPrivilegeType.isAccept() && !priPrivilegeType.isAccept()) {
                if (z) {
                    Iterator<PartialPath> it2 = list.iterator();
                    while (it2.hasNext()) {
                        this.authorizer.revokePrivilegeFromUser(str, it2.next(), intValue);
                    }
                } else {
                    Iterator<PartialPath> it3 = list.iterator();
                    while (it3.hasNext()) {
                        this.authorizer.revokePrivilegeFromRole(str, it3.next(), intValue);
                    }
                }
            }
        }
    }
}
