package org.voltdb;

import com.google_voltpatches.common.base.Throwables;
import com.google_voltpatches.common.collect.ImmutableList;
import com.google_voltpatches.common.collect.ImmutableMap;
import com.google_voltpatches.common.collect.ImmutableSet;
import java.io.EOFException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.SocketChannel;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.security.auth.Subject;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.hsqldb_voltpatches.Tokens;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.MessageProp;
import org.mindrot.BCrypt;
import org.voltcore.logging.Level;
import org.voltcore.logging.VoltLogger;
import org.voltcore.utils.RateLimitedLogger;
import org.voltdb.catalog.Connector;
import org.voltdb.catalog.Database;
import org.voltdb.catalog.Group;
import org.voltdb.catalog.GroupRef;
import org.voltdb.catalog.Procedure;
import org.voltdb.catalog.User;
import org.voltdb.catalog.UserRef;
import org.voltdb.client.ClientAuthScheme;
import org.voltdb.client.DelegatePrincipal;
import org.voltdb.common.Constants;
import org.voltdb.common.Permission;
import org.voltdb.security.AuthenticationRequest;
import org.voltdb.utils.Encoder;
import org.voltdb.utils.LogKeys;

/* loaded from: input_file:org/voltdb/AuthSystem.class */
public class AuthSystem {
    private static final VoltLogger authLogger = new VoltLogger("AUTH");
    public static final String VOLTDB_SERVICE_LOGIN_MODULE = System.getProperty("VOLTDB_SERVICE_LOGIN_MODULE", "VoltDBService");
    private Map<String, AuthUser> m_users;
    private Map<String, AuthGroup> m_groups;
    private final boolean m_enabled;
    private final AuthProvider m_authProvider;
    private final LoginContext m_loginCtx;
    private final byte[] m_principalName;
    private final GSSManager m_gssManager;
    private final InternalImporterUser m_internalImporterUser;
    private final InternalAdminUser m_internalAdminUser;
    private static String[] m_perm_list;
    private final AuthUser m_authDisabledUser = new AuthDisabledUser();

    /* loaded from: input_file:org/voltdb/AuthSystem$AuthDisabledUser.class */
    public static class AuthDisabledUser extends AuthUser {
        public AuthDisabledUser() {
            super(null, null, null, null, null);
        }

        @Override // org.voltdb.AuthSystem.AuthUser
        public boolean hasUserDefinedProcedurePermission(Procedure procedure) {
            return true;
        }

        @Override // org.voltdb.AuthSystem.AuthUser
        public boolean hasPermission(Permission... permissionArr) {
            return true;
        }

        @Override // org.voltdb.AuthSystem.AuthUser
        public boolean authorizeConnector(String str) {
            return true;
        }

        @Override // org.voltdb.AuthSystem.AuthUser
        public boolean isAuthEnabled() {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/voltdb/AuthSystem$AuthGroup.class */
    public class AuthGroup {
        private final String m_name;
        private Set<AuthUser> m_users;
        private final EnumSet<Permission> m_permissions;

        private AuthGroup(String str, EnumSet<Permission> enumSet) {
            this.m_users = new HashSet();
            this.m_permissions = EnumSet.noneOf(Permission.class);
            this.m_name = str.intern();
            this.m_permissions.addAll(enumSet);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void finish() {
            this.m_users = ImmutableSet.copyOf((Collection) this.m_users);
        }
    }

    /* loaded from: input_file:org/voltdb/AuthSystem$AuthProvider.class */
    public enum AuthProvider {
        HASH("hash", "database"),
        KERBEROS(Constants.KERBEROS, Constants.KERBEROS);

        private static final Map<String, AuthProvider> providerMap;
        private static final Map<String, AuthProvider> serviceMap;
        final String provider;
        final String service;

        AuthProvider(String str, String str2) {
            this.provider = str;
            this.service = str2;
        }

        public String provider() {
            return this.provider;
        }

        public String service() {
            return this.service;
        }

        public static AuthProvider fromProvider(String str) {
            AuthProvider authProvider = providerMap.get(str);
            if (authProvider == null) {
                throw new IllegalArgumentException("No provider mapping for " + str);
            }
            return authProvider;
        }

        public static AuthProvider fromService(String str) {
            AuthProvider authProvider = serviceMap.get(str);
            if (authProvider == null) {
                throw new IllegalArgumentException("No service mapping for " + str);
            }
            return authProvider;
        }

        static {
            ImmutableMap.Builder builder = ImmutableMap.builder();
            ImmutableMap.Builder builder2 = ImmutableMap.builder();
            for (AuthProvider authProvider : values()) {
                builder.put(authProvider.provider, authProvider);
                builder2.put(authProvider.service, authProvider);
            }
            providerMap = builder.build();
            serviceMap = builder2.build();
        }
    }

    /* loaded from: input_file:org/voltdb/AuthSystem$AuthUser.class */
    public static class AuthUser {
        private final byte[] m_sha1ShadowPassword;
        private final byte[] m_sha2ShadowPassword;
        private final String m_bcryptShadowPassword;
        private final String m_bcryptSha2ShadowPassword;
        public final String m_name;
        private List<AuthGroup> m_groups;
        private EnumSet<Permission> m_permissions;
        private String[] m_permissions_list;
        private Set<Procedure> m_authorizedProcedures;
        private Set<Connector> m_authorizedConnectors;

        private AuthUser(byte[] bArr, byte[] bArr2, String str, String str2, String str3) {
            this.m_groups = new ArrayList();
            this.m_permissions = EnumSet.noneOf(Permission.class);
            this.m_authorizedProcedures = new HashSet();
            this.m_authorizedConnectors = new HashSet();
            this.m_sha1ShadowPassword = bArr;
            this.m_sha2ShadowPassword = bArr2;
            this.m_bcryptShadowPassword = str;
            this.m_bcryptSha2ShadowPassword = str2;
            if (str3 != null) {
                this.m_name = str3.intern();
            } else {
                this.m_name = null;
            }
        }

        public boolean hasUserDefinedProcedurePermission(Procedure procedure) {
            if (procedure == null) {
                return false;
            }
            return hasPermission(Permission.ALLPROC) || this.m_authorizedProcedures.contains(procedure);
        }

        public boolean hasPermission(Permission... permissionArr) {
            for (Permission permission : permissionArr) {
                if (this.m_permissions.contains(permission)) {
                    return true;
                }
            }
            return false;
        }

        public final String[] getGroupNames() {
            String[] strArr = new String[this.m_groups.size()];
            for (int i = 0; i < this.m_groups.size(); i++) {
                strArr[i] = this.m_groups.get(i).m_name;
            }
            return strArr;
        }

        public boolean authorizeConnector(String str) {
            if (str == null) {
                return false;
            }
            Iterator<Connector> it = this.m_authorizedConnectors.iterator();
            while (it.hasNext()) {
                if (it.next().getLoaderclass().equals(str)) {
                    return true;
                }
            }
            return false;
        }

        public boolean isAuthEnabled() {
            return true;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void finish() {
            this.m_groups = ImmutableList.copyOf((Collection) this.m_groups);
            this.m_authorizedProcedures = ImmutableSet.copyOf((Collection) this.m_authorizedProcedures);
            this.m_authorizedConnectors = ImmutableSet.copyOf((Collection) this.m_authorizedConnectors);
        }
    }

    /* loaded from: input_file:org/voltdb/AuthSystem$HashAuthenticationRequest.class */
    public class HashAuthenticationRequest extends AuthenticationRequest {
        private final String m_user;
        private final byte[] m_password;

        public HashAuthenticationRequest(String str, byte[] bArr) {
            this.m_user = str;
            this.m_password = bArr;
        }

        @Override // org.voltdb.security.AuthenticationRequest
        protected boolean authenticateImpl(ClientAuthScheme clientAuthScheme, String str) throws Exception {
            if (!AuthSystem.this.m_enabled) {
                this.m_authenticatedUser = this.m_user;
                return true;
            }
            if (AuthSystem.this.m_authProvider != AuthProvider.HASH) {
                return false;
            }
            AuthUser authUser = (AuthUser) AuthSystem.this.m_users.get(this.m_user);
            if (authUser == null) {
                AuthSystem.logAuthFails(LogKeys.auth_AuthSystem_NoSuchUser.name(), this.m_user, str);
                return false;
            }
            boolean z = true;
            if (authUser.m_sha1ShadowPassword == null && authUser.m_sha2ShadowPassword == null) {
                z = BCrypt.checkpw(Encoder.hexEncode(this.m_password), clientAuthScheme == ClientAuthScheme.HASH_SHA1 ? authUser.m_bcryptShadowPassword : authUser.m_bcryptSha2ShadowPassword);
            } else {
                MessageDigest messageDigest = null;
                try {
                    messageDigest = MessageDigest.getInstance(ClientAuthScheme.getDigestScheme(clientAuthScheme));
                } catch (NoSuchAlgorithmException e) {
                    VoltDB.crashLocalVoltDB(e.getMessage(), true, e);
                }
                byte[] digest = messageDigest.digest(this.m_password);
                byte[] bArr = clientAuthScheme == ClientAuthScheme.HASH_SHA1 ? authUser.m_sha1ShadowPassword : authUser.m_sha2ShadowPassword;
                for (int i = 0; i < digest.length; i++) {
                    if (digest[i] != bArr[i]) {
                        z = false;
                    }
                }
            }
            if (!z) {
                AuthSystem.logAuthFails(LogKeys.auth_AuthSystem_AuthFailedPasswordMistmatch.name(), this.m_user, str);
                return false;
            }
            this.m_authenticatedUser = this.m_user;
            AuthSystem.logAuthSuccess(this.m_authenticatedUser, str);
            return true;
        }
    }

    /* loaded from: input_file:org/voltdb/AuthSystem$InternalAdminUser.class */
    public static class InternalAdminUser extends AuthUser {
        private static final EnumSet<Permission> PERMS = EnumSet.allOf(Permission.class);
        private final boolean m_authEnabled;

        private InternalAdminUser(boolean z) {
            super(null, null, null, null, null);
            this.m_authEnabled = z;
        }

        @Override // org.voltdb.AuthSystem.AuthUser
        public boolean hasUserDefinedProcedurePermission(Procedure procedure) {
            return true;
        }

        @Override // org.voltdb.AuthSystem.AuthUser
        public boolean hasPermission(Permission... permissionArr) {
            if (!this.m_authEnabled) {
                return true;
            }
            if (permissionArr != null && permissionArr.length == 1) {
                return PERMS.contains(permissionArr[0]);
            }
            if (permissionArr == null || permissionArr.length == 0) {
                return false;
            }
            return PERMS.containsAll(Arrays.asList(permissionArr));
        }

        @Override // org.voltdb.AuthSystem.AuthUser
        public boolean authorizeConnector(String str) {
            return true;
        }

        @Override // org.voltdb.AuthSystem.AuthUser
        public boolean isAuthEnabled() {
            return this.m_authEnabled;
        }
    }

    /* loaded from: input_file:org/voltdb/AuthSystem$InternalImporterUser.class */
    public static class InternalImporterUser extends AuthUser {
        private static final EnumSet<Permission> PERMS = EnumSet.of(Permission.ALLPROC, Permission.DEFAULTPROC);
        private final boolean m_authEnabled;

        private InternalImporterUser(boolean z) {
            super(null, null, null, null, null);
            this.m_authEnabled = z;
        }

        @Override // org.voltdb.AuthSystem.AuthUser
        public boolean hasUserDefinedProcedurePermission(Procedure procedure) {
            return true;
        }

        @Override // org.voltdb.AuthSystem.AuthUser
        public boolean hasPermission(Permission... permissionArr) {
            if (!this.m_authEnabled) {
                return true;
            }
            if (permissionArr != null && permissionArr.length == 1) {
                return PERMS.contains(permissionArr[0]);
            }
            if (permissionArr == null || permissionArr.length == 0) {
                return false;
            }
            return PERMS.containsAll(Arrays.asList(permissionArr));
        }

        @Override // org.voltdb.AuthSystem.AuthUser
        public boolean authorizeConnector(String str) {
            return true;
        }

        @Override // org.voltdb.AuthSystem.AuthUser
        public boolean isAuthEnabled() {
            return this.m_authEnabled;
        }
    }

    /* loaded from: input_file:org/voltdb/AuthSystem$KerberosAuthenticationRequest.class */
    public class KerberosAuthenticationRequest extends AuthenticationRequest {
        private SocketChannel m_socket;

        public KerberosAuthenticationRequest(SocketChannel socketChannel) {
            this.m_socket = socketChannel;
        }

        @Override // org.voltdb.security.AuthenticationRequest
        protected boolean authenticateImpl(ClientAuthScheme clientAuthScheme, String str) throws Exception {
            if (!AuthSystem.this.m_enabled) {
                this.m_authenticatedUser = "_^_pinco_pallo_^_";
                return true;
            }
            if (AuthSystem.this.m_authProvider != AuthProvider.KERBEROS) {
                return false;
            }
            int length = 10 + AuthSystem.this.m_principalName.length;
            final ByteBuffer allocate = ByteBuffer.allocate(DelegatePrincipal.MAX_DELEGATE_NAME_SIZE);
            allocate.putInt(length - 4).put((byte) 2).put((byte) 4);
            allocate.putInt(AuthSystem.this.m_principalName.length);
            allocate.put(AuthSystem.this.m_principalName);
            allocate.flip();
            while (allocate.hasRemaining()) {
                this.m_socket.write(allocate);
            }
            String str2 = (String) Subject.doAs(AuthSystem.this.m_loginCtx.getSubject(), new PrivilegedAction<String>() { // from class: org.voltdb.AuthSystem.KerberosAuthenticationRequest.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public String run() {
                    GSSContext gSSContext = null;
                    try {
                        try {
                            GSSContext createContext = AuthSystem.this.m_gssManager.createContext((GSSCredential) null);
                            while (!createContext.isEstablished()) {
                                allocate.clear().limit(4);
                                while (allocate.hasRemaining()) {
                                    if (KerberosAuthenticationRequest.this.m_socket.read(allocate) == -1) {
                                        throw new EOFException();
                                    }
                                }
                                allocate.flip();
                                int i = allocate.getInt();
                                if (i > allocate.capacity() || i <= 0) {
                                    AuthSystem.authLogger.warn("Authentication packet not within alloted size");
                                    if (createContext != null) {
                                        try {
                                            createContext.dispose();
                                        } catch (Exception e) {
                                        }
                                    }
                                    return null;
                                }
                                allocate.clear().limit(i);
                                while (allocate.hasRemaining()) {
                                    if (KerberosAuthenticationRequest.this.m_socket.read(allocate) == -1) {
                                        throw new EOFException();
                                    }
                                }
                                allocate.flip();
                                byte b = allocate.get();
                                if (b != 2) {
                                    AuthSystem.authLogger.warn("Encountered unexpected authentication protocol version " + ((int) b));
                                    if (createContext != null) {
                                        try {
                                            createContext.dispose();
                                        } catch (Exception e2) {
                                        }
                                    }
                                    return null;
                                }
                                byte b2 = allocate.get();
                                if (b2 != 5) {
                                    AuthSystem.authLogger.warn("Encountered unexpected authentication protocol tag " + ((int) b2));
                                    if (createContext != null) {
                                        try {
                                            createContext.dispose();
                                        } catch (Exception e3) {
                                        }
                                    }
                                    return null;
                                }
                                byte[] acceptSecContext = createContext.acceptSecContext(allocate.array(), allocate.arrayOffset() + allocate.position(), allocate.remaining());
                                if (acceptSecContext != null) {
                                    int length2 = 6 + acceptSecContext.length;
                                    allocate.clear().limit(length2);
                                    allocate.putInt(length2 - 4).put((byte) 2).put((byte) 5);
                                    allocate.put(acceptSecContext);
                                    allocate.flip();
                                    while (allocate.hasRemaining()) {
                                        KerberosAuthenticationRequest.this.m_socket.write(allocate);
                                    }
                                }
                            }
                            String gSSName = createContext.getSrcName().toString();
                            if (!createContext.getMutualAuthState()) {
                                if (createContext != null) {
                                    try {
                                        createContext.dispose();
                                    } catch (Exception e4) {
                                    }
                                }
                                return null;
                            }
                            if (createContext.getTargName() != null && createContext.getSrcName().equals(createContext.getTargName())) {
                                allocate.clear().limit(4);
                                while (allocate.hasRemaining()) {
                                    if (KerberosAuthenticationRequest.this.m_socket.read(allocate) == -1) {
                                        throw new EOFException();
                                    }
                                }
                                allocate.flip();
                                int i2 = allocate.getInt();
                                if (i2 > allocate.capacity() || i2 <= 0) {
                                    AuthSystem.authLogger.warn("Authentication packet not within alloted size");
                                    if (createContext != null) {
                                        try {
                                            createContext.dispose();
                                        } catch (Exception e5) {
                                        }
                                    }
                                    return null;
                                }
                                allocate.clear().limit(i2);
                                while (allocate.hasRemaining()) {
                                    if (KerberosAuthenticationRequest.this.m_socket.read(allocate) == -1) {
                                        throw new EOFException();
                                    }
                                }
                                allocate.flip();
                                byte b3 = allocate.get();
                                if (b3 != 2) {
                                    AuthSystem.authLogger.warn("Encountered unexpected authentication protocol version " + ((int) b3));
                                    if (createContext != null) {
                                        try {
                                            createContext.dispose();
                                        } catch (Exception e6) {
                                        }
                                    }
                                    return null;
                                }
                                byte b4 = allocate.get();
                                if (b4 != 5) {
                                    AuthSystem.authLogger.warn("Encountered unexpected authentication protocol tag " + ((int) b4));
                                    if (createContext != null) {
                                        try {
                                            createContext.dispose();
                                        } catch (Exception e7) {
                                        }
                                    }
                                    return null;
                                }
                                DelegatePrincipal delegatePrincipal = new DelegatePrincipal(createContext.unwrap(allocate.array(), allocate.arrayOffset() + allocate.position(), allocate.remaining(), new MessageProp(0, true)));
                                if (delegatePrincipal.getId() != System.identityHashCode(AuthSystem.this)) {
                                    if (createContext != null) {
                                        try {
                                            createContext.dispose();
                                        } catch (Exception e8) {
                                        }
                                    }
                                    return null;
                                }
                                gSSName = delegatePrincipal.getName();
                            }
                            createContext.dispose();
                            GSSContext gSSContext2 = null;
                            String str3 = gSSName;
                            if (0 != 0) {
                                try {
                                    gSSContext2.dispose();
                                } catch (Exception e9) {
                                }
                            }
                            return str3;
                        } catch (IOException | GSSException e10) {
                            Throwables.propagate(e10);
                            if (0 == 0) {
                                return null;
                            }
                            try {
                                gSSContext.dispose();
                                return null;
                            } catch (Exception e11) {
                                return null;
                            }
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            try {
                                gSSContext.dispose();
                            } catch (Exception e12) {
                            }
                        }
                        throw th;
                    }
                }
            });
            if (str2 == null) {
                return false;
            }
            if (((AuthUser) AuthSystem.this.m_users.get(str2)) == null) {
                AuthSystem.logAuthFails(LogKeys.auth_AuthSystem_NoSuchUser.name(), str2, str);
                return false;
            }
            this.m_authenticatedUser = str2;
            AuthSystem.logAuthSuccess(this.m_authenticatedUser, str);
            return true;
        }
    }

    /* loaded from: input_file:org/voltdb/AuthSystem$SpnegoPassthroughRequest.class */
    public class SpnegoPassthroughRequest extends AuthenticationRequest {
        private final String m_authenticatedPrincipal;

        public SpnegoPassthroughRequest(String str) {
            this.m_authenticatedPrincipal = str;
        }

        @Override // org.voltdb.security.AuthenticationRequest
        protected boolean authenticateImpl(ClientAuthScheme clientAuthScheme, String str) throws Exception {
            if (((AuthUser) AuthSystem.this.m_users.get(this.m_authenticatedPrincipal)) == null) {
                AuthSystem.logAuthFails(LogKeys.auth_AuthSystem_NoSuchUser.name(), this.m_authenticatedPrincipal, str);
                return false;
            }
            this.m_authenticatedUser = this.m_authenticatedPrincipal;
            AuthSystem.logAuthSuccess(this.m_authenticatedUser, str);
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthSystem(Database database, boolean z) {
        AuthGroup authGroup;
        this.m_users = new HashMap();
        this.m_groups = new HashMap();
        LoginContext loginContext = null;
        GSSManager gSSManager = null;
        String str = null;
        m_perm_list = new String[Permission.values().length];
        int i = 0;
        for (Permission permission : Permission.values()) {
            int i2 = i;
            i++;
            m_perm_list[i2] = permission.name();
        }
        this.m_internalImporterUser = new InternalImporterUser(z);
        this.m_internalAdminUser = new InternalAdminUser(z);
        this.m_enabled = z;
        if (!this.m_enabled) {
            this.m_authProvider = null;
            this.m_loginCtx = null;
            this.m_principalName = null;
            this.m_gssManager = null;
            return;
        }
        this.m_authProvider = AuthProvider.fromProvider(database.getSecurityprovider());
        if (this.m_authProvider == AuthProvider.KERBEROS) {
            try {
                loginContext = new LoginContext(VOLTDB_SERVICE_LOGIN_MODULE);
            } catch (SecurityException | LoginException e) {
                VoltDB.crashGlobalVoltDB("Cannot initialize JAAS LoginContext", true, e);
            }
            try {
                loginContext.login();
                str = loginContext.getSubject().getPrincipals().iterator().next().getName();
                gSSManager = GSSManager.getInstance();
            } catch (CredentialExpiredException e2) {
                VoltDB.crashGlobalVoltDB("VoltDB assigned service principal credentials have expired", true, e2);
            } catch (Exception e3) {
                VoltDB.crashGlobalVoltDB("Unexpected exception occured during service authentication", true, e3);
            } catch (AccountExpiredException e4) {
                VoltDB.crashGlobalVoltDB("VoltDB assigned service principal has expired", true, e4);
            } catch (FailedLoginException e5) {
                VoltDB.crashGlobalVoltDB("VoltDB failed to authenticate against kerberos", true, e5);
            } catch (LoginException e6) {
                VoltDB.crashGlobalVoltDB("VoltDB service principal failed to login", true, e6);
            }
        }
        this.m_loginCtx = loginContext;
        this.m_principalName = str != null ? str.getBytes(StandardCharsets.UTF_8) : null;
        this.m_gssManager = gSSManager;
        Iterator<User> it = database.getUsers().iterator();
        while (it.hasNext()) {
            User next = it.next();
            String shadowpassword = next.getShadowpassword();
            String sha256shadowpassword = next.getSha256shadowpassword();
            byte[] bArr = null;
            byte[] bArr2 = null;
            if (shadowpassword.length() == 40) {
                bArr = Encoder.hexDecode(shadowpassword);
                bArr2 = Encoder.hexDecode(sha256shadowpassword);
            } else if (shadowpassword.length() != 60) {
                VoltDB.crashGlobalVoltDB("Found a shadowPassword in the catalog that was in an unrecogized format", true, null);
            }
            AuthUser authUser = new AuthUser(bArr, bArr2, shadowpassword, sha256shadowpassword, next.getTypeName());
            this.m_users.put(authUser.m_name, authUser);
            Iterator<GroupRef> it2 = next.getGroups().iterator();
            while (it2.hasNext()) {
                Group group = it2.next().getGroup();
                if (this.m_groups.containsKey(group.getTypeName())) {
                    authGroup = this.m_groups.get(group.getTypeName());
                } else {
                    authGroup = new AuthGroup(group.getTypeName(), Permission.getPermissionSetForGroup(group));
                    this.m_groups.put(authGroup.m_name, authGroup);
                }
                authUser.m_permissions.addAll(authGroup.m_permissions);
                authGroup.m_users.add(authUser);
                authUser.m_groups.add(authGroup);
            }
            authUser.m_permissions_list = new String[authUser.m_permissions.size()];
            int i3 = 0;
            Iterator it3 = authUser.m_permissions.iterator();
            while (it3.hasNext()) {
                int i4 = i3;
                i3++;
                authUser.m_permissions_list[i4] = ((Permission) it3.next()).toString();
            }
        }
        Iterator<Group> it4 = database.getGroups().iterator();
        while (it4.hasNext()) {
            Group next2 = it4.next();
            if (this.m_groups.containsKey(next2.getTypeName())) {
                this.m_groups.get(next2.getTypeName());
            } else {
                AuthGroup authGroup2 = new AuthGroup(next2.getTypeName(), Permission.getPermissionSetForGroup(next2));
                this.m_groups.put(authGroup2.m_name, authGroup2);
            }
        }
        Iterator<Procedure> it5 = database.getProcedures().iterator();
        while (it5.hasNext()) {
            Procedure next3 = it5.next();
            Iterator<UserRef> it6 = next3.getAuthusers().iterator();
            while (it6.hasNext()) {
                AuthUser authUser2 = this.m_users.get(it6.next().getUser().getTypeName());
                if (authUser2 != null) {
                    authUser2.m_authorizedProcedures.add(next3);
                }
            }
            Iterator<GroupRef> it7 = next3.getAuthgroups().iterator();
            while (it7.hasNext()) {
                AuthGroup authGroup3 = this.m_groups.get(it7.next().getGroup().getTypeName());
                if (authGroup3 != null) {
                    Iterator it8 = authGroup3.m_users.iterator();
                    while (it8.hasNext()) {
                        ((AuthUser) it8.next()).m_authorizedProcedures.add(next3);
                    }
                }
            }
        }
        this.m_users = ImmutableMap.copyOf((Map) this.m_users);
        this.m_groups = ImmutableMap.copyOf((Map) this.m_groups);
        Iterator<AuthUser> it9 = this.m_users.values().iterator();
        while (it9.hasNext()) {
            it9.next().finish();
        }
        Iterator<AuthGroup> it10 = this.m_groups.values().iterator();
        while (it10.hasNext()) {
            it10.next().finish();
        }
        if (str == null || !this.m_users.containsKey(str)) {
            return;
        }
        VoltDB.crashGlobalVoltDB("Kerberos service principal " + str + " must not correspond to a database user", true, null);
    }

    public boolean isSecurityEnabled() {
        return this.m_enabled;
    }

    public LoginContext getLoginContext() {
        return this.m_loginCtx;
    }

    public String getServicePrincipal() {
        if (this.m_principalName == null) {
            return null;
        }
        return new String(this.m_principalName, StandardCharsets.UTF_8);
    }

    public InternalImporterUser getImporterUser() {
        return this.m_internalImporterUser;
    }

    public InternalAdminUser getInternalAdminUser() {
        return this.m_internalAdminUser;
    }

    public AuthUser getUser(String str) {
        return !this.m_enabled ? this.m_authDisabledUser : this.m_users.get(str);
    }

    public String[] getGroupNamesForUser(String str) {
        if (str == null) {
            return new String[0];
        }
        AuthUser user = getUser(str);
        return user == null ? new String[0] : user.getGroupNames();
    }

    public String[] getUserPermissionList(String str) {
        if (!this.m_enabled) {
            return m_perm_list;
        }
        if (str == null) {
            return new String[0];
        }
        AuthUser user = getUser(str);
        return user == null ? new String[0] : user.m_permissions_list;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void logAuthSuccess(String str, String str2) {
        if (str2 == null) {
            str2 = Tokens.T_NULL;
        }
        RateLimitedLogger.tryLogForMessage(System.currentTimeMillis(), 60L, TimeUnit.SECONDS, authLogger, Level.INFO, String.format("Authenticated user %s from %s. This message is rate limited to once every 60 seconds.", str, str2), new Object[0]);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void logAuthFails(String str, String str2, String str3) {
        authLogger.l7dlog(Level.INFO, str, new String[]{str2, str3}, null);
    }
}
