package org.apache.iotdb.commons.auth.authorizer;

import java.io.File;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.auth.entity.Role;
import org.apache.iotdb.commons.auth.entity.User;
import org.apache.iotdb.commons.auth.role.IRoleManager;
import org.apache.iotdb.commons.auth.user.IUserManager;
import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.conf.IoTDBConstant;
import org.apache.iotdb.commons.exception.StartupException;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.service.IService;
import org.apache.iotdb.commons.service.ServiceType;
import org.apache.iotdb.commons.utils.AuthUtils;
import org.apache.iotdb.rpc.TSStatusCode;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.class */
public abstract class BasicAuthorizer implements IAuthorizer, IService {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) BasicAuthorizer.class);
    private static final String NO_SUCH_ROLE_EXCEPTION = "No such role : %s";
    private static final String NO_SUCH_USER_EXCEPTION = "No such user : %s";
    IUserManager userManager;
    IRoleManager roleManager;

    /* loaded from: input_file:org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer$InstanceHolder.class */
    private static class InstanceHolder {
        private static final IAuthorizer instance;

        private InstanceHolder() {
        }

        static {
            try {
                Class<?> cls = Class.forName(CommonDescriptor.getInstance().getConfig().getAuthorizerProvider());
                BasicAuthorizer.LOGGER.info("Authorizer provider class: {}", CommonDescriptor.getInstance().getConfig().getAuthorizerProvider());
                instance = (IAuthorizer) cls.getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
            } catch (Exception e) {
                throw new IllegalStateException("Authorizer could not be initialized!", e);
            }
        }
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void checkUserPathPrivilege() {
        this.userManager.checkAndRefreshPathPri();
        this.roleManager.checkAndRefreshPathPri();
        this.userManager.setPreVersion(false);
        this.roleManager.setPreVersion(false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BasicAuthorizer(IUserManager iUserManager, IRoleManager iRoleManager) throws AuthException {
        this.userManager = iUserManager;
        this.roleManager = iRoleManager;
        init();
    }

    protected void init() throws AuthException {
        this.userManager.reset();
        this.roleManager.reset();
        LOGGER.info("Initialization of Authorizer completes");
    }

    public static IAuthorizer getInstance() throws AuthException {
        if (InstanceHolder.instance == null) {
            throw new AuthException(TSStatusCode.INIT_AUTH_ERROR, "Authorizer uninitialized");
        }
        return InstanceHolder.instance;
    }

    abstract boolean isAdmin(String str);

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public boolean login(String str, String str2) throws AuthException {
        User user = this.userManager.getUser(str);
        return (user == null || str2 == null || !AuthUtils.validatePassword(str2, user.getPassword())) ? false : true;
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void createUser(String str, String str2) throws AuthException {
        if (!this.userManager.createUser(str, str2, true)) {
            throw new AuthException(TSStatusCode.USER_ALREADY_EXIST, String.format("User %s already exists", str));
        }
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void createUserWithoutCheck(String str, String str2) throws AuthException {
        if (!this.userManager.createUser(str, str2, false)) {
            throw new AuthException(TSStatusCode.USER_ALREADY_EXIST, String.format("User %s already exists", str));
        }
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void deleteUser(String str) throws AuthException {
        if (isAdmin(str)) {
            throw new AuthException(TSStatusCode.NO_PERMISSION, "Default administrator cannot be deleted");
        }
        if (!this.userManager.deleteUser(str)) {
            throw new AuthException(TSStatusCode.USER_NOT_EXIST, String.format("User %s does not exist", str));
        }
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void grantPrivilegeToUser(String str, PartialPath partialPath, int i, boolean z) throws AuthException {
        if (isAdmin(str)) {
            throw new AuthException(TSStatusCode.NO_PERMISSION, "Invalid operation, administrator already has all privileges");
        }
        this.userManager.grantPrivilegeToUser(str, partialPath, i, z);
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void revokePrivilegeFromUser(String str, PartialPath partialPath, int i) throws AuthException {
        if (isAdmin(str)) {
            throw new AuthException(TSStatusCode.NO_PERMISSION, "Invalid operation, administrator must have all privileges");
        }
        if (this.userManager.revokePrivilegeFromUser(str, partialPath, i)) {
            return;
        }
        TSStatusCode tSStatusCode = TSStatusCode.NOT_HAS_PRIVILEGE;
        Object[] objArr = new Object[3];
        objArr[0] = str;
        objArr[1] = PrivilegeType.values()[i];
        objArr[2] = partialPath != null ? partialPath : IoTDBConstant.SYSTEM_FOLDER_NAME;
        throw new AuthException(tSStatusCode, String.format("User %s does not have %s on %s", objArr));
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void createRole(String str) throws AuthException {
        if (this.roleManager.createRole(str)) {
            return;
        }
        LOGGER.error("Role {} already exists", str);
        throw new AuthException(TSStatusCode.ROLE_ALREADY_EXIST, String.format("Role %s already exists", str));
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void deleteRole(String str) throws AuthException {
        if (!this.roleManager.deleteRole(str)) {
            throw new AuthException(TSStatusCode.ROLE_NOT_EXIST, String.format("Role %s does not exist", str));
        }
        for (String str2 : this.userManager.listAllUsers()) {
            try {
                this.userManager.revokeRoleFromUser(str, str2);
            } catch (AuthException e) {
                LOGGER.warn("Error encountered when revoking a role {} from user {} after deletion", str, str2, e);
            }
        }
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void grantPrivilegeToRole(String str, PartialPath partialPath, int i, boolean z) throws AuthException {
        this.roleManager.grantPrivilegeToRole(str, partialPath, i, z);
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void revokePrivilegeFromRole(String str, PartialPath partialPath, int i) throws AuthException {
        if (!this.roleManager.revokePrivilegeFromRole(str, partialPath, i)) {
            throw new AuthException(TSStatusCode.NOT_HAS_PRIVILEGE, String.format("Role %s does not have %s on %s", str, PrivilegeType.values()[i], partialPath));
        }
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void grantRoleToUser(String str, String str2) throws AuthException {
        if (this.roleManager.getRole(str) == null) {
            throw new AuthException(TSStatusCode.ROLE_NOT_EXIST, String.format(NO_SUCH_ROLE_EXCEPTION, str));
        }
        if (!this.userManager.grantRoleToUser(str, str2)) {
            throw new AuthException(TSStatusCode.USER_ALREADY_HAS_ROLE, String.format("User %s already has role %s", str2, str));
        }
        if (this.roleManager.getRole(str) == null) {
            throw new AuthException(TSStatusCode.ROLE_NOT_EXIST, String.format(NO_SUCH_ROLE_EXCEPTION, str));
        }
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void revokeRoleFromUser(String str, String str2) throws AuthException {
        if (this.roleManager.getRole(str) == null) {
            throw new AuthException(TSStatusCode.ROLE_NOT_EXIST, String.format(NO_SUCH_ROLE_EXCEPTION, str));
        }
        if (!this.userManager.revokeRoleFromUser(str, str2)) {
            throw new AuthException(TSStatusCode.USER_NOT_HAS_ROLE, String.format("User %s does not have role %s", str2, str));
        }
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public Set<Integer> getPrivileges(String str, PartialPath partialPath) throws AuthException {
        User user = this.userManager.getUser(str);
        if (user == null) {
            throw new AuthException(TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_EXCEPTION, str));
        }
        Set<Integer> pathPrivileges = user.getPathPrivileges(partialPath);
        Iterator<String> it = user.getRoleList().iterator();
        while (it.hasNext()) {
            Role role = this.roleManager.getRole(it.next());
            if (role != null) {
                pathPrivileges.addAll(role.getPathPrivileges(partialPath));
            }
        }
        return pathPrivileges;
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void updateUserPassword(String str, String str2) throws AuthException {
        if (!this.userManager.updateUserPassword(str, str2)) {
            throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, "password " + str2 + " is illegal");
        }
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public boolean checkUserPrivileges(String str, PartialPath partialPath, int i) throws AuthException {
        if (isAdmin(str)) {
            return true;
        }
        User user = this.userManager.getUser(str);
        if (user == null) {
            throw new AuthException(TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_EXCEPTION, str));
        }
        if (partialPath != null) {
            if (user.checkPathPrivilege(partialPath, i)) {
                return true;
            }
            Iterator<String> it = user.getRoleList().iterator();
            while (it.hasNext()) {
                if (this.roleManager.getRole(it.next()).checkPathPrivilege(partialPath, i)) {
                    return true;
                }
            }
            return false;
        }
        if (user.checkSysPrivilege(i)) {
            return true;
        }
        Iterator<String> it2 = user.getRoleList().iterator();
        while (it2.hasNext()) {
            if (this.roleManager.getRole(it2.next()).checkSysPrivilege(i)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public Map<String, Boolean> getAllUserWaterMarkStatus() {
        HashMap hashMap = new HashMap();
        for (String str : listAllUsers()) {
            try {
                hashMap.put(str, Boolean.valueOf(isUserUseWaterMark(str)));
            } catch (AuthException e) {
                LOGGER.error(String.format(NO_SUCH_USER_EXCEPTION, str));
            }
        }
        return hashMap;
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public Map<String, User> getAllUsers() {
        HashMap hashMap = new HashMap();
        for (String str : listAllUsers()) {
            try {
                hashMap.put(str, getUser(str));
            } catch (AuthException e) {
                LOGGER.error(String.format("get all users failed, No such user : %s", str));
            }
        }
        return hashMap;
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public Map<String, Role> getAllRoles() {
        HashMap hashMap = new HashMap();
        for (String str : listAllRoles()) {
            try {
                hashMap.put(str, getRole(str));
            } catch (AuthException e) {
                LOGGER.error(String.format("get all roles failed, No such role : %s", str));
            }
        }
        return hashMap;
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void reset() throws AuthException {
        init();
    }

    @Override // org.apache.iotdb.commons.service.IService
    public void start() throws StartupException {
        try {
            init();
        } catch (AuthException e) {
            throw new StartupException(e);
        }
    }

    @Override // org.apache.iotdb.commons.service.IService
    public void stop() {
    }

    @Override // org.apache.iotdb.commons.service.IService
    public ServiceType getID() {
        return ServiceType.AUTHORIZATION_SERVICE;
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public List<String> listAllUsers() {
        return this.userManager.listAllUsers();
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public List<String> listAllRoles() {
        return this.roleManager.listAllRoles();
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public Role getRole(String str) throws AuthException {
        return this.roleManager.getRole(str);
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public User getUser(String str) throws AuthException {
        return this.userManager.getUser(str);
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public boolean isUserUseWaterMark(String str) throws AuthException {
        return this.userManager.isUserUseWaterMark(str);
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void setUserUseWaterMark(String str, boolean z) throws AuthException {
        this.userManager.setUserUseWaterMark(str, z);
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void replaceAllUsers(Map<String, User> map) throws AuthException {
        this.userManager.replaceAllUsers(map);
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void replaceAllRoles(Map<String, Role> map) throws AuthException {
        this.roleManager.replaceAllRoles(map);
    }

    @Override // org.apache.iotdb.commons.snapshot.SnapshotProcessor
    public boolean processTakeSnapshot(File file) throws TException, IOException {
        return this.userManager.processTakeSnapshot(file) && this.roleManager.processTakeSnapshot(file);
    }

    @Override // org.apache.iotdb.commons.snapshot.SnapshotProcessor
    public void processLoadSnapshot(File file) throws TException, IOException {
        this.userManager.processLoadSnapshot(file);
        this.roleManager.processLoadSnapshot(file);
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void setUserForPreVersion(boolean z) {
        this.userManager.setPreVersion(z);
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public void setRoleForPreVersion(boolean z) {
        this.roleManager.setPreVersion(z);
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public boolean forUserPreVersion() {
        return this.userManager.preVersion();
    }

    @Override // org.apache.iotdb.commons.auth.authorizer.IAuthorizer
    public boolean forRolePreVersion() {
        return this.roleManager.preVersion();
    }
}
