package org.apache.iotdb.commons.utils;

import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.entity.PathPrivilege;
import org.apache.iotdb.commons.auth.entity.PriPrivilegeType;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.auth.entity.Role;
import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.conf.IoTDBConstant;
import org.apache.iotdb.commons.exception.IllegalPathException;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.path.PathDeserializeUtil;
import org.apache.iotdb.commons.path.PathPatternUtil;
import org.apache.iotdb.commons.security.encrypt.AsymmetricEncryptFactory;
import org.apache.iotdb.confignode.rpc.thrift.TPermissionInfoResp;
import org.apache.iotdb.confignode.rpc.thrift.TRoleResp;
import org.apache.iotdb.confignode.rpc.thrift.TUserResp;
import org.apache.iotdb.rpc.TSStatusCode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/iotdb/commons/utils/AuthUtils.class */
public class AuthUtils {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthUtils.class);
    private static final String ROOT_PREFIX = "root";
    private static final int MIN_LENGTH = 4;
    private static final int MAX_LENGTH = 32;
    private static final String REX_PATTERN = "^[-\\w!@#$%^&*()+=]*$";
    private static final int MAX_LENGTH_PRE = 64;
    private static final String REX_PATTERN_PRE = "^[-\\w]*$";

    private AuthUtils() {
    }

    public static void validatePasswordPre(String str) throws AuthException {
        validateNameOrPasswordPre(str);
    }

    public static void validateUsernamePre(String str) throws AuthException {
        validateNameOrPasswordPre(str);
    }

    public static void validateRolenamePre(String str) throws AuthException {
        validateNameOrPasswordPre(str);
    }

    public static void validateNameOrPasswordPre(String str) throws AuthException {
        int length = str.length();
        if (length < 4) {
            throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, "The length of name or password must be greater than or equal to 4");
        }
        if (length > 64) {
            throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, "The length of name or password must be less than or equal to 32");
        }
        if (str.contains(" ")) {
            throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, "The name or password cannot contain spaces");
        }
        if (!str.matches(REX_PATTERN_PRE)) {
            throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, "The name or password can only contain letters, numbers, and underscores");
        }
    }

    public static void validatePassword(String str) throws AuthException {
        validateNameOrPassword(str);
    }

    public static boolean validatePassword(String str, String str2) {
        return AsymmetricEncryptFactory.getEncryptProvider(CommonDescriptor.getInstance().getConfig().getEncryptDecryptProvider(), CommonDescriptor.getInstance().getConfig().getEncryptDecryptProviderParameter()).validate(str, str2);
    }

    public static void validateUsername(String str) throws AuthException {
        validateNameOrPassword(str);
    }

    public static void validateRolename(String str) throws AuthException {
        validateNameOrPassword(str);
    }

    public static void validateNameOrPassword(String str) throws AuthException {
        int length = str.length();
        if (length < 4) {
            throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, "The length of name or password must be greater than or equal to 4");
        }
        if (length > MAX_LENGTH) {
            throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, "The length of name or password must be less than or equal to 32");
        }
        if (str.contains(" ")) {
            throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, "The name or password cannot contain spaces");
        }
        if (!str.matches(REX_PATTERN)) {
            throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, "The name or password can only contain letters, numbers or !@#$%^*()_+-=");
        }
    }

    public static void validatePath(PartialPath partialPath) throws AuthException {
        if (!partialPath.getFirstNode().equals("root")) {
            throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, String.format("Illegal seriesPath %s, seriesPath should start with \"%s\"", partialPath, "root"));
        }
    }

    public static void validatePatternPath(PartialPath partialPath) throws AuthException {
        validatePath(partialPath);
        if (partialPath.hasWildcard()) {
            if (!PathPatternUtil.isMultiLevelMatchWildcard(partialPath.getTailNode())) {
                throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, String.format("Illegal pattern path: %s, only pattern path that end with ** are supported.", partialPath));
            }
            for (int i = 0; i < partialPath.getNodeLength() - 1; i++) {
                if (PathPatternUtil.hasWildcard(partialPath.getNodes()[i])) {
                    throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, String.format("Illegal pattern path: %s, only pattern path that end with wildcards are supported.", partialPath));
                }
            }
        }
    }

    public static PartialPath convertPatternPath(PartialPath partialPath) throws IllegalPathException {
        String str = new String();
        for (int i = 0; i < partialPath.getNodeLength() && !PathPatternUtil.hasWildcard(partialPath.getNodes()[i]); i++) {
            str = str.concat(partialPath.getNodes()[i] + ".");
        }
        return new PartialPath(str.concat(IoTDBConstant.MULTI_LEVEL_PATH_WILDCARD));
    }

    public static String encryptPassword(String str) {
        return AsymmetricEncryptFactory.getEncryptProvider(CommonDescriptor.getInstance().getConfig().getEncryptDecryptProvider(), CommonDescriptor.getInstance().getConfig().getEncryptDecryptProviderParameter()).encrypt(str);
    }

    public static boolean checkPathPrivilege(PartialPath partialPath, int i, List<PathPrivilege> list) {
        if (list == null) {
            return false;
        }
        for (PathPrivilege pathPrivilege : list) {
            if (pathPrivilege.getPath().matchFullPath(partialPath) && pathPrivilege.checkPrivilege(i)) {
                return true;
            }
        }
        return false;
    }

    public static boolean checkPathPrivilegeGrantOpt(PartialPath partialPath, int i, List<PathPrivilege> list) {
        if (list == null) {
            return false;
        }
        for (PathPrivilege pathPrivilege : list) {
            if (pathPrivilege.getPath().matchFullPath(partialPath) && pathPrivilege.getPrivileges().contains(Integer.valueOf(i)) && pathPrivilege.getGrantOpt().contains(Integer.valueOf(i))) {
                return true;
            }
        }
        return false;
    }

    public static Set<Integer> getPrivileges(PartialPath partialPath, List<PathPrivilege> list) {
        if (list == null) {
            return new HashSet();
        }
        HashSet hashSet = new HashSet();
        for (PathPrivilege pathPrivilege : list) {
            if (pathPrivilege.getPath().matchFullPath(partialPath)) {
                hashSet.addAll(pathPrivilege.getPrivileges());
            }
        }
        return hashSet;
    }

    public static boolean hasPrivilegeToReovke(PartialPath partialPath, int i, List<PathPrivilege> list) {
        for (PathPrivilege pathPrivilege : list) {
            if (partialPath.matchFullPath(pathPrivilege.getPath()) && pathPrivilege.getPrivileges().contains(Integer.valueOf(i))) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasPrivilege(PartialPath partialPath, int i, List<PathPrivilege> list) {
        for (PathPrivilege pathPrivilege : list) {
            if (pathPrivilege.getPath().equals(partialPath) && pathPrivilege.getPrivileges().contains(Integer.valueOf(i))) {
                return true;
            }
        }
        return false;
    }

    public static void addPrivilege(PartialPath partialPath, int i, List<PathPrivilege> list, boolean z) {
        PathPrivilege pathPrivilege = null;
        Iterator<PathPrivilege> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            PathPrivilege next = it.next();
            if (next.getPath().equals(partialPath)) {
                pathPrivilege = next;
                break;
            }
        }
        if (pathPrivilege == null) {
            pathPrivilege = new PathPrivilege(partialPath);
            list.add(pathPrivilege);
        }
        pathPrivilege.grantPrivilege(i, z);
    }

    public static void removePrivilege(PartialPath partialPath, int i, List<PathPrivilege> list) {
        Iterator<PathPrivilege> it = list.iterator();
        while (it.hasNext()) {
            PathPrivilege next = it.next();
            if (partialPath.matchFullPath(next.getPath())) {
                next.revokePrivilege(i);
                if (next.getPrivileges().isEmpty()) {
                    it.remove();
                }
            }
        }
    }

    public static void removePrivilegePre(PartialPath partialPath, int i, List<PathPrivilege> list) {
        Iterator<PathPrivilege> it = list.iterator();
        while (it.hasNext()) {
            PathPrivilege next = it.next();
            if (next.getPath().equals(partialPath)) {
                if (i == PriPrivilegeType.ALL.ordinal()) {
                    it.remove();
                    return;
                } else {
                    next.revokePrivilege(i);
                    if (next.getPrivileges().isEmpty()) {
                        it.remove();
                    }
                }
            }
        }
    }

    public static TPermissionInfoResp generateEmptyPermissionInfoResp() {
        TPermissionInfoResp tPermissionInfoResp = new TPermissionInfoResp();
        tPermissionInfoResp.setUserInfo(new TUserResp("", "", new ArrayList(), new HashSet(), new HashSet(), new ArrayList(), false));
        HashMap hashMap = new HashMap();
        hashMap.put("", new TRoleResp("", new ArrayList(), new HashSet(), new HashSet()));
        tPermissionInfoResp.setRoleInfo(hashMap);
        return tPermissionInfoResp;
    }

    public static Set<Integer> strToPermissions(String[] strArr) throws AuthException {
        HashSet hashSet = new HashSet();
        if (strArr == null) {
            return hashSet;
        }
        PrivilegeType[] values = PrivilegeType.values();
        for (String str : strArr) {
            boolean z = false;
            int length = values.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                PrivilegeType privilegeType = values[i];
                if (str.equalsIgnoreCase(privilegeType.name())) {
                    hashSet.add(Integer.valueOf(privilegeType.ordinal()));
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                throw new AuthException(TSStatusCode.UNKNOWN_AUTH_PRIVILEGE, "No such privilege " + str);
            }
        }
        return hashSet;
    }

    public static ByteBuffer serializePartialPathList(List<PartialPath> list) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        try {
            dataOutputStream.writeInt(list.size());
            Iterator<PartialPath> it = list.iterator();
            while (it.hasNext()) {
                it.next().serialize(dataOutputStream);
            }
        } catch (IOException e) {
            LOGGER.error("Failed to serialize PartialPath list", e);
        }
        return ByteBuffer.wrap(byteArrayOutputStream.toByteArray());
    }

    public static List<PartialPath> deserializePartialPathList(ByteBuffer byteBuffer) {
        int i = byteBuffer.getInt();
        ArrayList arrayList = new ArrayList();
        for (int i2 = 0; i2 < i; i2++) {
            arrayList.add((PartialPath) PathDeserializeUtil.deserialize(byteBuffer));
        }
        return arrayList;
    }

    public static void checkAndRefreshPri(Role role) {
        if (role.getServiceReady()) {
            return;
        }
        role.getSysPrivilege();
        List<PathPrivilege> pathPrivilegeList = role.getPathPrivilegeList();
        role.setSysPrivilegeSet(new HashSet());
        role.setPrivilegeList(new ArrayList());
        for (PathPrivilege pathPrivilege : pathPrivilegeList) {
            PartialPath path = pathPrivilege.getPath();
            Iterator<Integer> it = pathPrivilege.getPrivileges().iterator();
            while (it.hasNext()) {
                PriPrivilegeType priPrivilegeType = PriPrivilegeType.values()[it.next().intValue()];
                if (priPrivilegeType.isAccept()) {
                    for (PrivilegeType privilegeType : priPrivilegeType.getSubPri()) {
                        if (privilegeType.isPathRelevant()) {
                            try {
                                validatePatternPath(path);
                            } catch (AuthException e) {
                                try {
                                    path = convertPatternPath(path);
                                } catch (IllegalPathException e2) {
                                    path = new PartialPath(new String[]{"root", IoTDBConstant.MULTI_LEVEL_PATH_WILDCARD});
                                }
                            }
                            role.addPathPrivilege(path, privilegeType.ordinal(), false);
                        } else {
                            role.addSysPrivilege(privilegeType.ordinal());
                        }
                    }
                }
            }
        }
        role.setServiceReady(true);
    }
}
