package org.apache.kylin.tool.security;

import java.util.Locale;
import java.util.regex.Pattern;
import org.apache.commons.collections.CollectionUtils;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.persistence.RawResource;
import org.apache.kylin.common.persistence.ResourceStore;
import org.apache.kylin.common.persistence.metadata.MetadataStore;
import org.apache.kylin.common.persistence.metadata.PersistException;
import org.apache.kylin.common.util.JsonUtil;
import org.apache.kylin.common.util.RandomUtil;
import org.apache.kylin.common.util.Unsafe;
import org.apache.kylin.guava30.shaded.common.io.ByteSource;
import org.apache.kylin.job.shaded.org.apache.commons.lang3.RandomStringUtils;
import org.apache.kylin.metadata.user.ManagedUser;
import org.apache.kylin.metadata.user.NKylinUserManager;
import org.apache.kylin.rest.constant.Constant;
import org.apache.kylin.util.PasswordEncodeFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/kylin/tool/security/AdminUserInitCLI.class */
public class AdminUserInitCLI {
    public static final String ADMIN_USER_NAME = "ADMIN";
    public static final String ADMIN_USER_RES_PATH = "/_global/user/ADMIN";
    public static final String PASSWORD_VALID_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890~!@#$%^&*(){}|:\"<>?[];',./`";
    public static final int DEFAULT_PASSWORD_LENGTH = 8;
    protected static final Logger logger = LoggerFactory.getLogger(AdminUserInitCLI.class);
    public static final Pattern PASSWORD_PATTERN = Pattern.compile("^(?=.*\\d)(?=.*[a-zA-Z])(?=.*[~!@#$%^&*(){}|:\"<>?\\[\\];',./`]).{8,}$");

    public static void main(String[] strArr) {
        try {
            initAdminUser(KylinConfig.getInstanceFromEnv().getRandomAdminPasswordEnabled());
        } catch (Exception e) {
            logger.error("Create Admin user failed.", e);
            Unsafe.systemExit(1);
        }
        Unsafe.systemExit(0);
    }

    public static void initAdminUser(boolean z) throws Exception {
        KylinConfig instanceFromEnv = KylinConfig.getInstanceFromEnv();
        if (!"ldap".equalsIgnoreCase(instanceFromEnv.getSecurityProfile()) || instanceFromEnv.isRemoveLdapCustomSecurityLimitEnabled()) {
            NKylinUserManager nKylinUserManager = NKylinUserManager.getInstance(instanceFromEnv);
            if (z) {
                if (CollectionUtils.isNotEmpty(nKylinUserManager.list())) {
                    logger.info("The user has been initialized and does not need to be initialized again");
                    return;
                }
                String generateRandomPassword = generateRandomPassword();
                ManagedUser managedUser = new ManagedUser("ADMIN", PasswordEncodeFactory.newUserPasswordEncoder().encode(generateRandomPassword), (Boolean) true, Constant.ROLE_ADMIN, Constant.GROUP_ALL_USERS);
                managedUser.setUuid(RandomUtil.randomUUIDStr());
                MetadataStore metadataStore = ResourceStore.getKylinMetaStore(instanceFromEnv).getMetadataStore();
                try {
                    logger.info("Start init default user.");
                    metadataStore.putResource(new RawResource(ADMIN_USER_RES_PATH, ByteSource.wrap(JsonUtil.writeValueAsBytes(managedUser)), System.currentTimeMillis(), 0L), null, -1L);
                    System.out.println("\u001b[31m" + String.format(Locale.ROOT, "Create default user finished. The username of initialized user is [%s], which password is [%s].\nPlease keep the password properly. And if you forget the password, you can reset it according to user manual.", "\u001b[0mADMIN\u001b[31m", "\u001b[0m" + generateRandomPassword + "\u001b[31m") + "\u001b[0m");
                } catch (PersistException e) {
                    logger.warn("{} user has been created on another node.", "ADMIN");
                }
            }
        }
    }

    public static String generateRandomPassword() {
        String random;
        do {
            random = RandomStringUtils.random(8, PASSWORD_VALID_CHARS.toCharArray());
        } while (!PASSWORD_PATTERN.matcher(random).matches());
        return random;
    }
}
