package org.apache.hugegraph.auth;

import java.io.Console;
import java.net.InetAddress;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Scanner;
import org.apache.commons.lang.StringUtils;
import org.apache.hugegraph.HugeGraph;
import org.apache.hugegraph.config.CoreOptions;
import org.apache.hugegraph.config.HugeConfig;
import org.apache.hugegraph.config.ServerOptions;
import org.apache.hugegraph.masterelection.RoleElectionOptions;
import org.apache.hugegraph.rpc.RpcClientProviderWithAuth;
import org.apache.hugegraph.util.ConfigUtil;
import org.apache.hugegraph.util.E;
import org.apache.hugegraph.util.StringEncoding;
import org.apache.tinkerpop.gremlin.server.auth.AuthenticatedUser;
import org.apache.tinkerpop.gremlin.server.auth.AuthenticationException;
import org.apache.tinkerpop.gremlin.server.auth.Authenticator;
import org.apache.tinkerpop.gremlin.structure.util.GraphFactory;

/* loaded from: input_file:org/apache/hugegraph/auth/StandardAuthenticator.class */
public class StandardAuthenticator implements HugeAuthenticator {
    private static final String INITING_STORE = "initing_store";
    private HugeGraph graph = null;

    /* loaded from: input_file:org/apache/hugegraph/auth/StandardAuthenticator$TokenSaslAuthenticator.class */
    private class TokenSaslAuthenticator implements Authenticator.SaslNegotiator {
        private static final byte NUL = 0;
        private String username;
        private String password;
        private String token;

        private TokenSaslAuthenticator() {
        }

        public byte[] evaluateResponse(byte[] bArr) throws AuthenticationException {
            decode(bArr);
            return null;
        }

        public boolean isComplete() {
            return this.username != null;
        }

        public AuthenticatedUser getAuthenticatedUser() throws AuthenticationException {
            if (!isComplete()) {
                throw new AuthenticationException("The SASL negotiation has not yet been completed.");
            }
            HashMap hashMap = new HashMap(6, 1.0f);
            hashMap.put("username", this.username);
            hashMap.put("password", this.password);
            hashMap.put(HugeAuthenticator.KEY_TOKEN, this.token);
            return StandardAuthenticator.this.authenticate((Map<String, String>) hashMap);
        }

        private void decode(byte[] bArr) throws AuthenticationException {
            this.username = null;
            this.password = null;
            int length = bArr.length;
            for (int length2 = bArr.length - 1; length2 >= 0; length2--) {
                if (bArr[length2] == 0) {
                    if (this.password == null) {
                        this.password = new String(Arrays.copyOfRange(bArr, length2 + 1, length), StandardCharsets.UTF_8);
                    } else if (this.username == null) {
                        this.username = new String(Arrays.copyOfRange(bArr, length2 + 1, length), StandardCharsets.UTF_8);
                    }
                    length = length2;
                }
            }
            if (this.username == null) {
                throw new AuthenticationException("SASL authentication ID must not be null.");
            }
            if (this.password == null) {
                throw new AuthenticationException("SASL password must not be null.");
            }
            if (this.password.isEmpty()) {
                this.token = this.username;
            }
        }
    }

    private void initAdminUser() throws Exception {
        if (requireInitAdminUser()) {
            initAdminUser(inputPassword());
        }
        this.graph.close();
    }

    @Override // org.apache.hugegraph.auth.HugeAuthenticator
    public HugeGraph graph() {
        E.checkState(this.graph != null, "Must setup Authenticator first", new Object[0]);
        return this.graph;
    }

    @Override // org.apache.hugegraph.auth.HugeAuthenticator
    public void initAdminUser(String str) {
        String name = Thread.currentThread().getName();
        E.checkState("main".equals(name), "Invalid caller '%s'", new Object[]{name});
        AuthManager authManager = graph().hugegraph().authManager();
        if (requireInitAdminUser()) {
            HugeUser hugeUser = new HugeUser(HugeAuthenticator.USER_ADMIN);
            hugeUser.password(StringEncoding.hashPassword(str));
            hugeUser.creator(HugeAuthenticator.USER_SYSTEM);
            authManager.createUser(hugeUser);
        }
    }

    private boolean requireInitAdminUser() {
        AuthManager authManager = graph().hugegraph().authManager();
        return StandardAuthManager.isLocal(authManager) && authManager.findUser(HugeAuthenticator.USER_ADMIN) == null;
    }

    private String inputPassword() {
        String nextLine;
        Console console = System.console();
        while (true) {
            if (console != null) {
                nextLine = new String(console.readPassword("Please input the admin password:", new Object[0]));
            } else {
                System.out.println("Please input the admin password:");
                nextLine = new Scanner(System.in).nextLine();
            }
            if (!nextLine.isEmpty()) {
                return nextLine;
            }
            System.out.println("The admin password can't be empty");
        }
    }

    @Override // org.apache.hugegraph.auth.HugeAuthenticator
    public void setup(HugeConfig hugeConfig) {
        String str = (String) hugeConfig.get(ServerOptions.AUTH_GRAPH_STORE);
        String str2 = (String) ConfigUtil.scanGraphsDir((String) hugeConfig.get(ServerOptions.GRAPHS)).get(str);
        E.checkArgument(str2 != null, "Can't find graph name '%s' in config '%s' at 'rest-server.properties' to store auth information, please ensure the value of '%s' matches it correctly", new Object[]{str, ServerOptions.GRAPHS, ServerOptions.AUTH_GRAPH_STORE.name()});
        HugeConfig hugeConfig2 = new HugeConfig(str2);
        if (hugeConfig.getProperty(INITING_STORE) != null && hugeConfig.getBoolean(INITING_STORE)) {
            hugeConfig2.setProperty(CoreOptions.RAFT_MODE.name(), "false");
        }
        hugeConfig2.addProperty(ServerOptions.RAFT_GROUP_PEERS.name(), (String) hugeConfig.get(ServerOptions.RAFT_GROUP_PEERS));
        transferRoleWorkerConfig(hugeConfig2, hugeConfig);
        this.graph = GraphFactory.open(hugeConfig2);
        if (StringUtils.isNotEmpty((String) hugeConfig.get(ServerOptions.AUTH_REMOTE_URL))) {
            this.graph.switchAuthManager(new RpcClientProviderWithAuth(hugeConfig).authManager());
        }
    }

    private void transferRoleWorkerConfig(HugeConfig hugeConfig, HugeConfig hugeConfig2) {
        hugeConfig.addProperty(RoleElectionOptions.NODE_EXTERNAL_URL.name(), hugeConfig2.get(ServerOptions.REST_SERVER_URL));
        hugeConfig.addProperty(RoleElectionOptions.BASE_TIMEOUT_MILLISECOND.name(), hugeConfig2.get(RoleElectionOptions.BASE_TIMEOUT_MILLISECOND));
        hugeConfig.addProperty(RoleElectionOptions.EXCEEDS_FAIL_COUNT.name(), hugeConfig2.get(RoleElectionOptions.EXCEEDS_FAIL_COUNT));
        hugeConfig.addProperty(RoleElectionOptions.RANDOM_TIMEOUT_MILLISECOND.name(), hugeConfig2.get(RoleElectionOptions.RANDOM_TIMEOUT_MILLISECOND));
        hugeConfig.addProperty(RoleElectionOptions.HEARTBEAT_INTERVAL_SECOND.name(), hugeConfig2.get(RoleElectionOptions.HEARTBEAT_INTERVAL_SECOND));
        hugeConfig.addProperty(RoleElectionOptions.MASTER_DEAD_TIMES.name(), hugeConfig2.get(RoleElectionOptions.MASTER_DEAD_TIMES));
    }

    @Override // org.apache.hugegraph.auth.HugeAuthenticator
    public UserWithRole authenticate(String str, String str2, String str3) {
        UserWithRole validateUser;
        RolePermission rolePermission;
        if (StringUtils.isNotEmpty(str3)) {
            validateUser = authManager().validateUser(str3);
        } else {
            E.checkArgumentNotNull(str, "The username parameter can't be null", new Object[0]);
            E.checkArgumentNotNull(str2, "The password parameter can't be null", new Object[0]);
            validateUser = authManager().validateUser(str, str2);
        }
        if (validateUser.role() == null) {
            rolePermission = ROLE_NONE;
        } else {
            if (!HugeAuthenticator.USER_ADMIN.equals(validateUser.username())) {
                return validateUser;
            }
            rolePermission = ROLE_ADMIN;
        }
        return new UserWithRole(validateUser.userId(), validateUser.username(), rolePermission);
    }

    @Override // org.apache.hugegraph.auth.HugeAuthenticator
    public AuthManager authManager() {
        return graph().authManager();
    }

    public Authenticator.SaslNegotiator newSaslNegotiator(InetAddress inetAddress) {
        return new TokenSaslAuthenticator();
    }

    public static void initAdminUserIfNeeded(String str) throws Exception {
        StandardAuthenticator standardAuthenticator = new StandardAuthenticator();
        HugeConfig hugeConfig = new HugeConfig(str);
        if (((String) hugeConfig.get(ServerOptions.AUTHENTICATOR)).isEmpty()) {
            return;
        }
        hugeConfig.addProperty(INITING_STORE, true);
        standardAuthenticator.setup(hugeConfig);
        if (standardAuthenticator.graph().backendStoreFeatures().supportsPersistence()) {
            standardAuthenticator.initAdminUser();
        }
    }
}
