package org.apache.hugegraph.auth;

import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.hugegraph.HugeException;
import org.apache.hugegraph.auth.HugeGraphAuthProxy;
import org.apache.hugegraph.auth.HugeResource;
import org.apache.hugegraph.auth.SchemaDefine;
import org.apache.hugegraph.backend.id.Id;
import org.apache.hugegraph.backend.id.IdGenerator;
import org.apache.hugegraph.config.HugeConfig;
import org.apache.hugegraph.config.OptionSpace;
import org.apache.hugegraph.config.ServerOptions;
import org.apache.hugegraph.util.E;
import org.apache.hugegraph.util.JsonUtil;
import org.apache.tinkerpop.gremlin.server.auth.AuthenticatedUser;
import org.apache.tinkerpop.gremlin.server.auth.AuthenticationException;
import org.apache.tinkerpop.gremlin.server.auth.Authenticator;
import org.apache.tinkerpop.shaded.jackson.annotation.JsonProperty;

/* loaded from: input_file:org/apache/hugegraph/auth/HugeAuthenticator.class */
public interface HugeAuthenticator extends Authenticator {
    public static final String KEY_USERNAME = "username";
    public static final String KEY_PASSWORD = "password";
    public static final String KEY_TOKEN = "token";
    public static final String KEY_ROLE = "role";
    public static final String KEY_ADDRESS = "address";
    public static final String KEY_PATH = "path";
    public static final String USER_SYSTEM = "system";
    public static final String USER_ADMIN = "admin";
    public static final String USER_ANONY = "anonymous";
    public static final RolePermission ROLE_NONE = RolePermission.none();
    public static final RolePermission ROLE_ADMIN = RolePermission.admin();
    public static final String VAR_PREFIX = "$";
    public static final String KEY_OWNER = "$owner";
    public static final String KEY_DYNAMIC = "$dynamic";
    public static final String KEY_ACTION = "$action";

    /* loaded from: input_file:org/apache/hugegraph/auth/HugeAuthenticator$RequiredPerm.class */
    public static class RequiredPerm {

        @JsonProperty("owner")
        private String owner = "";

        @JsonProperty("action")
        private HugePermission action = HugePermission.NONE;

        @JsonProperty("resource")
        private ResourceType resource = ResourceType.NONE;

        public RequiredPerm owner(String str) {
            this.owner = str;
            return this;
        }

        public String owner() {
            return this.owner;
        }

        public RequiredPerm action(String str) {
            parseAction(str);
            return this;
        }

        public HugePermission action() {
            return this.action;
        }

        public ResourceType resource() {
            return this.resource;
        }

        public ResourceObject<?> resourceObject() {
            return ResourceObject.of(this.owner, this.resource, HugeResource.NameObject.ANY);
        }

        public String toString() {
            return JsonUtil.toJson(this);
        }

        private void parseAction(String str) {
            int i;
            int lastIndexOf = str.lastIndexOf(95);
            if (0 < lastIndexOf && (i = lastIndexOf + 1) < str.length()) {
                this.resource = ResourceType.valueOf(str.substring(0, i - 1).toUpperCase());
                str = str.substring(i);
            }
            this.action = HugePermission.valueOf(str.toUpperCase());
        }

        public static String roleFor(String str, HugePermission hugePermission) {
            return String.format("%s=%s %s=%s", HugeAuthenticator.KEY_OWNER, str, HugeAuthenticator.KEY_ACTION, hugePermission.string());
        }

        public static RequiredPerm fromJson(String str) {
            return (RequiredPerm) JsonUtil.fromJson(str, RequiredPerm.class);
        }

        public static RequiredPerm fromPermission(String str) {
            RequiredPerm requiredPerm = new RequiredPerm();
            String[] split = str.split(" ");
            String[] split2 = split[0].split("=", 2);
            E.checkState(split2.length == 2 && split2[0].equals(HugeAuthenticator.KEY_OWNER), "Bad permission format: '%s'", new Object[]{str});
            requiredPerm.owner(split2[1]);
            if (split.length == 1) {
                return requiredPerm;
            }
            E.checkState(split.length == 2, "Bad permission format: '%s'", new Object[]{str});
            String[] split3 = split[1].split("=", 2);
            E.checkState(split3.length == 2, "Bad permission format: '%s'", new Object[]{str});
            E.checkState(split3[0].equals(HugeAuthenticator.KEY_ACTION), "Bad permission format: '%s'", new Object[]{str});
            requiredPerm.action(split3[1]);
            return requiredPerm;
        }
    }

    /* loaded from: input_file:org/apache/hugegraph/auth/HugeAuthenticator$RolePerm.class */
    public static class RolePerm {

        @JsonProperty("roles")
        private Map<String, Map<HugePermission, Object>> roles;

        public RolePerm() {
            this.roles = new HashMap();
        }

        public RolePerm(Map<String, Map<HugePermission, Object>> map) {
            this.roles = map;
        }

        public String toString() {
            return JsonUtil.toJson(this);
        }

        private boolean matchOwner(String str) {
            if (str == null) {
                return true;
            }
            return this.roles.containsKey(str);
        }

        private boolean matchResource(HugePermission hugePermission, ResourceObject<?> resourceObject) {
            Object matchedAction;
            E.checkNotNull(resourceObject, "resource object");
            if (HugeResource.allowed(resourceObject)) {
                return true;
            }
            Map<HugePermission, Object> map = this.roles.get(resourceObject.graph());
            if (map == null || (matchedAction = matchedAction(hugePermission, map)) == null) {
                return false;
            }
            Iterator it = (matchedAction instanceof List ? (List) matchedAction : HugeResource.parseResources(matchedAction.toString())).iterator();
            while (it.hasNext()) {
                if (((HugeResource) it.next()).filter(resourceObject)) {
                    return true;
                }
            }
            return false;
        }

        private static Object matchedAction(HugePermission hugePermission, Map<HugePermission, Object> map) {
            Object obj = map.get(hugePermission);
            if (obj != null) {
                return obj;
            }
            for (Map.Entry<HugePermission, Object> entry : map.entrySet()) {
                if (hugePermission.match(entry.getKey())) {
                    return entry.getValue();
                }
            }
            return null;
        }

        public static RolePerm fromJson(Object obj) {
            return new RolePerm(RolePermission.fromJson(obj).map());
        }

        public static boolean match(Object obj, RequiredPerm requiredPerm) {
            if (obj == HugeAuthenticator.ROLE_ADMIN) {
                return true;
            }
            if (obj == HugeAuthenticator.ROLE_NONE) {
                return false;
            }
            RolePerm fromJson = fromJson(obj);
            return requiredPerm.action() == HugePermission.NONE ? fromJson.matchOwner(requiredPerm.owner()) : fromJson.matchResource(requiredPerm.action(), requiredPerm.resourceObject());
        }

        public static boolean match(Object obj, HugePermission hugePermission, ResourceObject<?> resourceObject) {
            if (obj == HugeAuthenticator.ROLE_ADMIN) {
                return true;
            }
            if (obj == HugeAuthenticator.ROLE_NONE) {
                return false;
            }
            return fromJson(obj).matchResource(hugePermission, resourceObject);
        }

        public static boolean match(Object obj, RolePermission rolePermission, ResourceObject<?> resourceObject) {
            if (obj == HugeAuthenticator.ROLE_ADMIN) {
                return true;
            }
            if (obj == HugeAuthenticator.ROLE_NONE) {
                return false;
            }
            if (resourceObject != null) {
                HugeUser hugeUser = (SchemaDefine.AuthElement) resourceObject.operated();
                if ((hugeUser instanceof HugeUser) && hugeUser.name().equals(HugeAuthenticator.USER_ADMIN)) {
                    return false;
                }
            }
            return RolePermission.fromJson(obj).contains(rolePermission);
        }
    }

    /* loaded from: input_file:org/apache/hugegraph/auth/HugeAuthenticator$User.class */
    public static class User extends AuthenticatedUser {
        public static final User ADMIN = new User(HugeAuthenticator.USER_ADMIN, HugeAuthenticator.ROLE_ADMIN);
        public static final User ANONYMOUS = new User(HugeAuthenticator.USER_ANONY, HugeAuthenticator.ROLE_ADMIN);
        private final RolePermission role;
        private final Id userId;
        private String client;

        /* loaded from: input_file:org/apache/hugegraph/auth/HugeAuthenticator$User$UserJson.class */
        public static class UserJson {

            @JsonProperty("username")
            private String username;

            @JsonProperty(HugeAuthenticator.KEY_ROLE)
            private RolePermission role;

            @JsonProperty("client")
            private String client;
        }

        public User(String str, RolePermission rolePermission) {
            super(str);
            E.checkNotNull(str, "username");
            E.checkNotNull(rolePermission, HugeAuthenticator.KEY_ROLE);
            this.role = rolePermission;
            this.client = null;
            this.userId = IdGenerator.of(str);
        }

        public String username() {
            return getName();
        }

        public Id userId() {
            return this.userId;
        }

        public RolePermission role() {
            return this.role;
        }

        public void client(String str) {
            this.client = str;
        }

        public String client() {
            return this.client;
        }

        public boolean isAnonymous() {
            return this == ANONYMOUS || this == ANONYMOUS_USER;
        }

        public int hashCode() {
            return username().hashCode() ^ role().hashCode();
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof User)) {
                return false;
            }
            User user = (User) obj;
            return username().equals(user.username()) && role().equals(user.role());
        }

        public String toString() {
            return String.format("User{username=%s,role=%s}", username(), role());
        }

        public String toJson() {
            UserJson userJson = new UserJson();
            userJson.username = username();
            userJson.role = role();
            userJson.client = client();
            return JsonUtil.toJson(userJson);
        }

        public static User fromJson(String str) {
            UserJson userJson;
            if (str == null || (userJson = (UserJson) JsonUtil.fromJson(str, UserJson.class)) == null) {
                return null;
            }
            User user = new User(userJson.username, RolePermission.builtin(userJson.role));
            user.client(userJson.client);
            return user;
        }
    }

    void setup(HugeConfig hugeConfig);

    UserWithRole authenticate(String str, String str2, String str3);

    AuthManager authManager();

    default void setup(Map<String, Object> map) {
        E.checkState(map != null, "Must provide a 'config' in the 'authentication'", new Object[0]);
        String str = (String) map.get("tokens");
        E.checkState(str != null, "Credentials configuration missing key 'tokens'", new Object[0]);
        OptionSpace.register("tokens", ServerOptions.instance());
        setup(new HugeConfig(str));
    }

    default User authenticate(Map<String, String> map) throws AuthenticationException {
        HugeGraphAuthProxy.resetContext();
        User user = User.ANONYMOUS;
        if (requireAuthentication()) {
            UserWithRole authenticate = authenticate(map.get("username"), map.get("password"), map.get(KEY_TOKEN));
            if (!verifyRole(authenticate.role())) {
                throw new AuthenticationException("Incorrect username or password");
            }
            user = new User(authenticate.username(), authenticate.role());
            user.client(map.get(KEY_ADDRESS));
        }
        HugeGraphAuthProxy.logUser(user, map.get(KEY_PATH));
        HugeGraphAuthProxy.setContext(new HugeGraphAuthProxy.Context(user));
        return user;
    }

    default boolean requireAuthentication() {
        return true;
    }

    default boolean verifyRole(RolePermission rolePermission) {
        return (rolePermission == ROLE_NONE || rolePermission == null) ? false : true;
    }

    void initAdminUser(String str) throws Exception;

    static HugeAuthenticator loadAuthenticator(HugeConfig hugeConfig) {
        String str = (String) hugeConfig.get(ServerOptions.AUTHENTICATOR);
        if (str.isEmpty()) {
            return null;
        }
        try {
            HugeAuthenticator hugeAuthenticator = (HugeAuthenticator) hugeConfig.getClass().getClassLoader().loadClass(str).newInstance();
            hugeAuthenticator.setup(hugeConfig);
            return hugeAuthenticator;
        } catch (Exception e) {
            throw new HugeException("Failed to load authenticator: '%s'", new Object[]{str, e});
        }
    }

    /* renamed from: authenticate, reason: collision with other method in class */
    /* bridge */ /* synthetic */ default AuthenticatedUser m63authenticate(Map map) throws AuthenticationException {
        return authenticate((Map<String, String>) map);
    }
}
