package org.apache.iotdb.db.auth;

import com.google.common.util.concurrent.SettableFuture;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.path.PathPatternTree;
import org.apache.iotdb.commons.service.metric.PerformanceOverviewMetrics;
import org.apache.iotdb.confignode.rpc.thrift.TAuthorizerResp;
import org.apache.iotdb.confignode.rpc.thrift.TPathPrivilege;
import org.apache.iotdb.confignode.rpc.thrift.TRoleResp;
import org.apache.iotdb.confignode.rpc.thrift.TUserResp;
import org.apache.iotdb.db.protocol.session.IClientSession;
import org.apache.iotdb.db.queryengine.common.header.ColumnHeader;
import org.apache.iotdb.db.queryengine.common.header.DatasetHeader;
import org.apache.iotdb.db.queryengine.plan.execution.config.ConfigTaskResult;
import org.apache.iotdb.db.queryengine.plan.statement.Statement;
import org.apache.iotdb.db.queryengine.plan.statement.sys.AuthorStatement;
import org.apache.iotdb.db.queryengine.transformation.dag.column.unary.scalar.SubStringFunctionColumnTransformer;
import org.apache.iotdb.rpc.TSStatusCode;
import org.apache.iotdb.tsfile.common.conf.TSFileConfig;
import org.apache.iotdb.tsfile.file.metadata.enums.TSDataType;
import org.apache.iotdb.tsfile.read.common.block.TsBlockBuilder;
import org.apache.iotdb.tsfile.utils.Binary;

/* loaded from: input_file:org/apache/iotdb/db/auth/AuthorityChecker.class */
public class AuthorityChecker {
    private static final String NO_PERMISSION_PROMOTION = "No permissions for this operation, please add privilege ";
    public static final String SUPER_USER = CommonDescriptor.getInstance().getConfig().getAdminName();
    public static final TSStatus SUCCEED = new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
    private static final IAuthorityFetcher authorityFetcher = new ClusterAuthorityFetcher(new BasicAuthorityCache());
    private static final PerformanceOverviewMetrics PERFORMANCE_OVERVIEW_METRICS = PerformanceOverviewMetrics.getInstance();

    private AuthorityChecker() {
    }

    public static IAuthorityFetcher getAuthorityFetcher() {
        return authorityFetcher;
    }

    public static boolean invalidateCache(String str, String str2) {
        return authorityFetcher.getAuthorCache().invalidateCache(str, str2);
    }

    public static TSStatus checkUser(String str, String str2) {
        return authorityFetcher.checkUser(str, str2);
    }

    public static SettableFuture<ConfigTaskResult> queryPermission(AuthorStatement authorStatement) {
        return authorityFetcher.queryPermission(authorStatement);
    }

    public static SettableFuture<ConfigTaskResult> operatePermission(AuthorStatement authorStatement) {
        return authorityFetcher.operatePermission(authorStatement);
    }

    public static TSStatus checkAuthority(Statement statement, IClientSession iClientSession) {
        long nanoTime = System.nanoTime();
        try {
            TSStatus checkPermissionBeforeProcess = statement.checkPermissionBeforeProcess(iClientSession.getUsername());
            PERFORMANCE_OVERVIEW_METRICS.recordAuthCost(System.nanoTime() - nanoTime);
            return checkPermissionBeforeProcess;
        } catch (Throwable th) {
            PERFORMANCE_OVERVIEW_METRICS.recordAuthCost(System.nanoTime() - nanoTime);
            throw th;
        }
    }

    public static TSStatus checkAuthority(Statement statement, String str) {
        long nanoTime = System.nanoTime();
        try {
            TSStatus checkPermissionBeforeProcess = statement.checkPermissionBeforeProcess(str);
            PERFORMANCE_OVERVIEW_METRICS.recordAuthCost(System.nanoTime() - nanoTime);
            return checkPermissionBeforeProcess;
        } catch (Throwable th) {
            PERFORMANCE_OVERVIEW_METRICS.recordAuthCost(System.nanoTime() - nanoTime);
            throw th;
        }
    }

    public static TSStatus getOptTSStatus(boolean z, String str) {
        return z ? SUCCEED : new TSStatus(TSStatusCode.NOT_HAS_PRIVILEGE_GRANTOPT.getStatusCode()).setMessage(str);
    }

    public static TSStatus getTSStatus(boolean z, String str) {
        return z ? SUCCEED : new TSStatus(TSStatusCode.NO_PERMISSION.getStatusCode()).setMessage(str);
    }

    public static TSStatus getTSStatus(boolean z, PrivilegeType privilegeType) {
        return z ? SUCCEED : new TSStatus(TSStatusCode.NO_PERMISSION.getStatusCode()).setMessage(NO_PERMISSION_PROMOTION + privilegeType);
    }

    public static TSStatus getTSStatus(boolean z, PartialPath partialPath, PrivilegeType privilegeType) {
        return z ? SUCCEED : new TSStatus(TSStatusCode.NO_PERMISSION.getStatusCode()).setMessage(NO_PERMISSION_PROMOTION + privilegeType + " on " + partialPath);
    }

    public static TSStatus getTSStatus(List<Integer> list, List<PartialPath> list2, PrivilegeType privilegeType) {
        if (list == null || list.isEmpty()) {
            return SUCCEED;
        }
        StringBuilder sb = new StringBuilder(NO_PERMISSION_PROMOTION);
        sb.append(privilegeType);
        sb.append(" on [");
        sb.append(list2.get(list.get(0).intValue()));
        for (int i = 1; i < list.size(); i++) {
            sb.append(", ");
            sb.append(list2.get(list.get(i).intValue()));
        }
        sb.append("]");
        return new TSStatus(TSStatusCode.NO_PERMISSION.getStatusCode()).setMessage(sb.toString());
    }

    public static boolean checkFullPathPermission(String str, PartialPath partialPath, int i) {
        return authorityFetcher.checkUserPathPrivileges(str, Collections.singletonList(partialPath), i).isEmpty();
    }

    public static List<Integer> checkFullPathListPermission(String str, List<PartialPath> list, int i) {
        return authorityFetcher.checkUserPathPrivileges(str, list, i);
    }

    public static List<Integer> checkPatternPermission(String str, List<PartialPath> list, int i) {
        return authorityFetcher.checkUserPathPrivileges(str, list, i);
    }

    public static PathPatternTree getAuthorizedPathTree(String str, int i) throws AuthException {
        return authorityFetcher.getAuthorizedPatternTree(str, i);
    }

    public static boolean checkSystemPermission(String str, int i) {
        return authorityFetcher.checkUserSysPrivileges(str, i).getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode();
    }

    public static boolean checkGrantOption(String str, String[] strArr, List<PartialPath> list) {
        for (String str2 : strArr) {
            if (!authorityFetcher.checkUserPrivilegeGrantOpt(str, list, PrivilegeType.valueOf(str2.toUpperCase()).ordinal())) {
                return false;
            }
        }
        return true;
    }

    public static boolean checkRole(String str, String str2) {
        return authorityFetcher.checkRole(str, str2);
    }

    public static void buildTSBlock(TAuthorizerResp tAuthorizerResp, SettableFuture<ConfigTaskResult> settableFuture) {
        TsBlockBuilder tsBlockBuilder;
        ArrayList arrayList = new ArrayList();
        boolean z = tAuthorizerResp.tag.equals("role") || tAuthorizerResp.tag.equals("user");
        ArrayList arrayList2 = new ArrayList();
        if (z) {
            arrayList2.add(new ColumnHeader(tAuthorizerResp.getTag(), TSDataType.TEXT));
            arrayList.add(TSDataType.TEXT);
            tsBlockBuilder = new TsBlockBuilder(arrayList);
            for (String str : tAuthorizerResp.getMemberInfo()) {
                tsBlockBuilder.getTimeColumnBuilder().writeLong(0L);
                tsBlockBuilder.getColumnBuilder(0).writeBinary(new Binary(str, TSFileConfig.STRING_CHARSET));
                tsBlockBuilder.declarePosition();
            }
        } else {
            arrayList2.add(new ColumnHeader("ROLE", TSDataType.TEXT));
            arrayList.add(TSDataType.TEXT);
            arrayList2.add(new ColumnHeader("PATH", TSDataType.TEXT));
            arrayList.add(TSDataType.TEXT);
            arrayList2.add(new ColumnHeader("PRIVILEGES", TSDataType.TEXT));
            arrayList.add(TSDataType.TEXT);
            arrayList2.add(new ColumnHeader("GRANT OPTION", TSDataType.BOOLEAN));
            arrayList.add(TSDataType.BOOLEAN);
            tsBlockBuilder = new TsBlockBuilder(arrayList);
            TUserResp userInfo = tAuthorizerResp.getPermissionInfo().getUserInfo();
            if (userInfo != null) {
                appendPriBuilder(SubStringFunctionColumnTransformer.EMPTY_STRING, "root.**", userInfo.getSysPriSet(), userInfo.getSysPriSetGrantOpt(), tsBlockBuilder);
                for (TPathPrivilege tPathPrivilege : userInfo.getPrivilegeList()) {
                    appendPriBuilder(SubStringFunctionColumnTransformer.EMPTY_STRING, tPathPrivilege.getPath(), tPathPrivilege.getPriSet(), tPathPrivilege.getPriGrantOpt(), tsBlockBuilder);
                }
            }
            Iterator it = tAuthorizerResp.getPermissionInfo().getRoleInfo().entrySet().iterator();
            while (it.hasNext()) {
                TRoleResp tRoleResp = (TRoleResp) ((Map.Entry) it.next()).getValue();
                appendPriBuilder(tRoleResp.getRoleName(), "root.**", tRoleResp.getSysPriSet(), tRoleResp.getSysPriSetGrantOpt(), tsBlockBuilder);
                for (TPathPrivilege tPathPrivilege2 : tRoleResp.getPrivilegeList()) {
                    appendPriBuilder(tRoleResp.getRoleName(), tPathPrivilege2.getPath(), tPathPrivilege2.getPriSet(), tPathPrivilege2.getPriGrantOpt(), tsBlockBuilder);
                }
            }
        }
        settableFuture.set(new ConfigTaskResult(TSStatusCode.SUCCESS_STATUS, tsBlockBuilder.build(), new DatasetHeader(arrayList2, true)));
    }

    private static void appendPriBuilder(String str, String str2, Set<Integer> set, Set<Integer> set2, TsBlockBuilder tsBlockBuilder) {
        Iterator<Integer> it = set.iterator();
        while (it.hasNext()) {
            int intValue = it.next().intValue();
            tsBlockBuilder.getColumnBuilder(0).writeBinary(new Binary(str, TSFileConfig.STRING_CHARSET));
            tsBlockBuilder.getColumnBuilder(1).writeBinary(new Binary(str2, TSFileConfig.STRING_CHARSET));
            tsBlockBuilder.getColumnBuilder(2).writeBinary(new Binary(PrivilegeType.values()[intValue].toString(), TSFileConfig.STRING_CHARSET));
            tsBlockBuilder.getColumnBuilder(3).writeBoolean(set2.contains(Integer.valueOf(intValue)));
            tsBlockBuilder.getTimeColumnBuilder().writeLong(0L);
            tsBlockBuilder.declarePosition();
        }
    }
}
