package org.apache.iotdb.commons.auth.user;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.entity.PathPrivilege;
import org.apache.iotdb.commons.auth.entity.PriPrivilegeType;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.auth.entity.User;
import org.apache.iotdb.commons.concurrent.HashLock;
import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.exception.IllegalPathException;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.utils.AuthUtils;
import org.apache.iotdb.rpc.TSStatusCode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/iotdb/commons/auth/user/BasicUserManager.class */
public abstract class BasicUserManager implements IUserManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(BasicUserManager.class);
    private static final String NO_SUCH_USER_ERROR = "No such user %s";
    protected IUserAccessor accessor;
    private boolean preVersion = false;
    protected Map<String, User> userMap = new HashMap();
    protected HashLock lock = new HashLock();

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public void setPreVersion(boolean z) {
        this.preVersion = z;
    }

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public boolean preVersion() {
        return this.preVersion;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BasicUserManager(IUserAccessor iUserAccessor) throws AuthException {
        this.accessor = iUserAccessor;
        reset();
    }

    private void initAdmin() throws AuthException {
        User user;
        try {
            user = getUser(CommonDescriptor.getInstance().getConfig().getAdminName());
        } catch (AuthException e) {
            LOGGER.warn("Cannot load admin, Creating a new one", e);
            user = null;
        }
        if (user == null) {
            createUser(CommonDescriptor.getInstance().getConfig().getAdminName(), CommonDescriptor.getInstance().getConfig().getAdminPassword(), true);
            setUserUseWaterMark(CommonDescriptor.getInstance().getConfig().getAdminName(), false);
        }
        User user2 = getUser(CommonDescriptor.getInstance().getConfig().getAdminName());
        try {
            PathPrivilege pathPrivilege = new PathPrivilege(new PartialPath("root.**"));
            for (PrivilegeType privilegeType : PrivilegeType.values()) {
                if (privilegeType.isPathRelevant()) {
                    pathPrivilege.grantPrivilege(privilegeType.ordinal(), true);
                } else {
                    user2.getSysPrivilege().add(Integer.valueOf(privilegeType.ordinal()));
                    user2.getSysPriGrantOpt().add(Integer.valueOf(privilegeType.ordinal()));
                }
            }
            user2.getPathPrivilegeList().add(pathPrivilege);
        } catch (IllegalPathException e2) {
            LOGGER.warn("Got a wrong path for root to init");
        }
        LOGGER.info("Admin initialized");
    }

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public User getUser(String str) throws AuthException {
        this.lock.readLock(str);
        User user = this.userMap.get(str);
        this.lock.readUnlock(str);
        return user;
    }

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public boolean createUser(String str, String str2, boolean z) throws AuthException {
        if (z) {
            AuthUtils.validateUsername(str);
            AuthUtils.validatePassword(str2);
        }
        if (getUser(str) != null) {
            return false;
        }
        this.lock.writeLock(str);
        try {
            this.userMap.put(str, new User(str, AuthUtils.encryptPassword(str2)));
            this.lock.writeUnlock(str);
            return true;
        } catch (Throwable th) {
            this.lock.writeUnlock(str);
            throw th;
        }
    }

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public boolean deleteUser(String str) {
        this.lock.writeLock(str);
        try {
            return this.userMap.remove(str) != null;
        } finally {
            this.lock.writeUnlock(str);
        }
    }

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public boolean grantPrivilegeToUser(String str, PartialPath partialPath, int i, boolean z) throws AuthException {
        this.lock.writeLock(str);
        try {
            User user = getUser(str);
            if (user == null) {
                throw new AuthException(TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_ERROR, str));
            }
            if (!this.preVersion) {
                if (partialPath != null) {
                    AuthUtils.validatePatternPath(partialPath);
                    user.addPathPrivilege(partialPath, i, z);
                } else {
                    user.addSysPrivilege(i);
                    if (z) {
                        user.getSysPriGrantOpt().add(Integer.valueOf(i));
                    }
                }
                this.lock.writeUnlock(str);
                return true;
            }
            AuthUtils.validatePath(partialPath);
            if (i == PriPrivilegeType.ALL.ordinal()) {
                for (PriPrivilegeType priPrivilegeType : PriPrivilegeType.values()) {
                    user.addPathPrivilege(partialPath, priPrivilegeType.ordinal(), false);
                }
            } else {
                user.addPathPrivilege(partialPath, i, false);
            }
            if (user.getServiceReady()) {
                user.setServiceReady(false);
            }
            return true;
        } finally {
            this.lock.writeUnlock(str);
        }
    }

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public boolean revokePrivilegeFromUser(String str, PartialPath partialPath, int i) throws AuthException {
        this.lock.writeLock(str);
        try {
            User user = getUser(str);
            if (user == null) {
                throw new AuthException(TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_ERROR, str));
            }
            if (this.preVersion) {
                if (!AuthUtils.hasPrivilege(partialPath, i, user.getPathPrivilegeList())) {
                    return false;
                }
                AuthUtils.removePrivilegePre(partialPath, i, user.getPathPrivilegeList());
                this.lock.writeUnlock(str);
                return true;
            }
            if (!user.hasPrivilegeToRevoke(partialPath, i)) {
                this.lock.writeUnlock(str);
                return false;
            }
            if (partialPath != null) {
                AuthUtils.validatePatternPath(partialPath);
                user.removePathPrivilege(partialPath, i);
            } else {
                user.getSysPrivilege().remove(Integer.valueOf(i));
                user.getSysPriGrantOpt().remove(Integer.valueOf(i));
            }
            this.lock.writeUnlock(str);
            return true;
        } finally {
            this.lock.writeUnlock(str);
        }
    }

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public boolean updateUserPassword(String str, String str2) throws AuthException {
        try {
            if (this.preVersion) {
                AuthUtils.validatePasswordPre(str2);
            } else {
                AuthUtils.validatePassword(str2);
            }
            this.lock.writeLock(str);
            try {
                User user = getUser(str);
                if (user == null) {
                    throw new AuthException(TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_ERROR, str));
                }
                user.setPassword(AuthUtils.encryptPassword(str2));
                this.lock.writeUnlock(str);
                return true;
            } catch (Throwable th) {
                this.lock.writeUnlock(str);
                throw th;
            }
        } catch (AuthException e) {
            LOGGER.debug("An illegal password detected ", e);
            return false;
        }
    }

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public boolean grantRoleToUser(String str, String str2) throws AuthException {
        this.lock.writeLock(str2);
        try {
            User user = getUser(str2);
            if (user == null) {
                throw new AuthException(TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_ERROR, str2));
            }
            if (user.hasRole(str)) {
                return false;
            }
            user.getRoleList().add(str);
            this.lock.writeUnlock(str2);
            return true;
        } finally {
            this.lock.writeUnlock(str2);
        }
    }

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public boolean revokeRoleFromUser(String str, String str2) throws AuthException {
        this.lock.writeLock(str2);
        try {
            User user = getUser(str2);
            if (user == null) {
                throw new AuthException(TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_ERROR, str2));
            }
            if (!user.hasRole(str)) {
                return false;
            }
            user.getRoleList().remove(str);
            this.lock.writeUnlock(str2);
            return true;
        } finally {
            this.lock.writeUnlock(str2);
        }
    }

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public void reset() throws AuthException {
        this.accessor.reset();
        this.userMap.clear();
        for (String str : this.accessor.listAllUsers()) {
            try {
                this.userMap.put(str, this.accessor.loadUser(str));
            } catch (IOException e) {
                throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
            }
        }
        initAdmin();
    }

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public List<String> listAllUsers() {
        ArrayList arrayList = new ArrayList();
        this.userMap.forEach((str, user) -> {
            arrayList.add(str);
        });
        arrayList.sort(null);
        return arrayList;
    }

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public boolean isUserUseWaterMark(String str) throws AuthException {
        User user = getUser(str);
        if (user == null) {
            throw new AuthException(TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_ERROR, str));
        }
        return user.isUseWaterMark();
    }

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public void setUserUseWaterMark(String str, boolean z) throws AuthException {
        User user = getUser(str);
        if (user == null) {
            throw new AuthException(TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_ERROR, str));
        }
        if (user.isUseWaterMark() == z) {
            return;
        }
        user.setUseWaterMark(z);
    }

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public void replaceAllUsers(Map<String, User> map) throws AuthException {
        synchronized (this) {
            reset();
            this.userMap = map;
            Iterator<Map.Entry<String, User>> it = this.userMap.entrySet().iterator();
            while (it.hasNext()) {
                try {
                    this.accessor.saveUser(it.next().getValue());
                } catch (IOException e) {
                    throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
                }
            }
        }
    }

    @Override // org.apache.iotdb.commons.auth.user.IUserManager
    public void checkAndRefreshPathPri() {
        this.userMap.forEach((str, user) -> {
            AuthUtils.checkAndRefreshPri(user);
        });
    }
}
