package org.apache.iotdb.db.auth.authorizer;

import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.iotdb.db.auth.AuthException;
import org.apache.iotdb.db.auth.entity.PrivilegeType;
import org.apache.iotdb.db.auth.entity.Role;
import org.apache.iotdb.db.auth.entity.User;
import org.apache.iotdb.db.auth.role.IRoleManager;
import org.apache.iotdb.db.auth.user.IUserManager;
import org.apache.iotdb.db.conf.IoTDBDescriptor;
import org.apache.iotdb.db.exception.StartupException;
import org.apache.iotdb.db.service.IService;
import org.apache.iotdb.db.service.ServiceType;
import org.apache.iotdb.db.utils.AuthUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/iotdb/db/auth/authorizer/BasicAuthorizer.class */
public abstract class BasicAuthorizer implements IAuthorizer, IService {
    private static final Logger logger = LoggerFactory.getLogger(BasicAuthorizer.class);
    private static final Set<Integer> ADMIN_PRIVILEGES = new HashSet();
    private static final String NO_SUCH_ROLE_EXCEPTION = "No such role : %s";
    IUserManager userManager;
    IRoleManager roleManager;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/iotdb/db/auth/authorizer/BasicAuthorizer$InstanceHolder.class */
    public static class InstanceHolder {
        private static IAuthorizer instance;

        private InstanceHolder() {
        }

        static {
            try {
                Class<?> cls = Class.forName(IoTDBDescriptor.getInstance().getConfig().getAuthorizerProvider());
                BasicAuthorizer.logger.info("Authorizer provider class: {}", IoTDBDescriptor.getInstance().getConfig().getAuthorizerProvider());
                instance = (IAuthorizer) cls.getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
            } catch (Exception e) {
                instance = null;
                throw new IllegalStateException("Authorizer could not be initialized!", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BasicAuthorizer(IUserManager iUserManager, IRoleManager iRoleManager) throws AuthException {
        this.userManager = iUserManager;
        this.roleManager = iRoleManager;
        init();
    }

    protected void init() throws AuthException {
        this.userManager.reset();
        this.roleManager.reset();
        logger.info("Initialization of Authorizer completes");
    }

    public static IAuthorizer getInstance() throws AuthException {
        if (InstanceHolder.instance == null) {
            throw new AuthException("Authorizer uninitialized");
        }
        return InstanceHolder.instance;
    }

    abstract boolean isAdmin(String str);

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public boolean login(String str, String str2) throws AuthException {
        User user = this.userManager.getUser(str);
        return user != null && user.getPassword().equals(AuthUtils.encryptPassword(str2));
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public void createUser(String str, String str2) throws AuthException {
        if (!this.userManager.createUser(str, str2)) {
            throw new AuthException(String.format("User %s already exists", str));
        }
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public void deleteUser(String str) throws AuthException {
        if (isAdmin(str)) {
            throw new AuthException("Default administrator cannot be deleted");
        }
        if (!this.userManager.deleteUser(str)) {
            throw new AuthException(String.format("User %s does not exist", str));
        }
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public void grantPrivilegeToUser(String str, String str2, int i) throws AuthException {
        String str3 = str2;
        if (isAdmin(str)) {
            throw new AuthException("Invalid operation, administrator already has all privileges");
        }
        if (!PrivilegeType.isPathRelevant(i)) {
            str3 = "root";
        }
        if (!this.userManager.grantPrivilegeToUser(str, str3, i)) {
            throw new AuthException(String.format("User %s already has %s on %s", str, PrivilegeType.values()[i], str2));
        }
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public void revokePrivilegeFromUser(String str, String str2, int i) throws AuthException {
        if (isAdmin(str)) {
            throw new AuthException("Invalid operation, administrator must have all privileges");
        }
        String str3 = str2;
        if (!PrivilegeType.isPathRelevant(i)) {
            str3 = "root";
        }
        if (!this.userManager.revokePrivilegeFromUser(str, str3, i)) {
            throw new AuthException(String.format("User %s does not have %s on %s", str, PrivilegeType.values()[i], str2));
        }
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public void createRole(String str) throws AuthException {
        if (!this.roleManager.createRole(str)) {
            throw new AuthException(String.format("Role %s already exists", str));
        }
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public void deleteRole(String str) throws AuthException {
        if (!this.roleManager.deleteRole(str)) {
            throw new AuthException(String.format("Role %s does not exist", str));
        }
        for (String str2 : this.userManager.listAllUsers()) {
            try {
                this.userManager.revokeRoleFromUser(str, str2);
            } catch (AuthException e) {
                logger.warn("Error encountered when revoking a role {} from user {} after deletion, because {}", new Object[]{str, str2, e});
            }
        }
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public void grantPrivilegeToRole(String str, String str2, int i) throws AuthException {
        String str3 = str2;
        if (!PrivilegeType.isPathRelevant(i)) {
            str3 = "root";
        }
        if (!this.roleManager.grantPrivilegeToRole(str, str3, i)) {
            throw new AuthException(String.format("Role %s already has %s on %s", str, PrivilegeType.values()[i], str2));
        }
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public void revokePrivilegeFromRole(String str, String str2, int i) throws AuthException {
        String str3 = str2;
        if (!PrivilegeType.isPathRelevant(i)) {
            str3 = "root";
        }
        if (!this.roleManager.revokePrivilegeFromRole(str, str3, i)) {
            throw new AuthException(String.format("Role %s does not have %s on %s", str, PrivilegeType.values()[i], str2));
        }
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public void grantRoleToUser(String str, String str2) throws AuthException {
        if (this.roleManager.getRole(str) == null) {
            throw new AuthException(String.format(NO_SUCH_ROLE_EXCEPTION, str));
        }
        if (!this.userManager.grantRoleToUser(str, str2)) {
            throw new AuthException(String.format("User %s already has role %s", str2, str));
        }
        if (this.roleManager.getRole(str) == null) {
            throw new AuthException(String.format(NO_SUCH_ROLE_EXCEPTION, str));
        }
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public void revokeRoleFromUser(String str, String str2) throws AuthException {
        if (this.roleManager.getRole(str) == null) {
            throw new AuthException(String.format(NO_SUCH_ROLE_EXCEPTION, str));
        }
        if (!this.userManager.revokeRoleFromUser(str, str2)) {
            throw new AuthException(String.format("User %s does not have role %s", str2, str));
        }
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public Set<Integer> getPrivileges(String str, String str2) throws AuthException {
        if (isAdmin(str)) {
            return ADMIN_PRIVILEGES;
        }
        User user = this.userManager.getUser(str);
        if (user == null) {
            throw new AuthException(String.format("No such user : %s", str));
        }
        Set<Integer> privileges = user.getPrivileges(str2);
        Iterator<String> it = user.getRoleList().iterator();
        while (it.hasNext()) {
            Role role = this.roleManager.getRole(it.next());
            if (role != null) {
                privileges.addAll(role.getPrivileges(str2));
            }
        }
        return privileges;
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public void updateUserPassword(String str, String str2) throws AuthException {
        if (!this.userManager.updateUserPassword(str, str2)) {
            throw new AuthException("password " + str2 + " is illegal");
        }
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public boolean checkUserPrivileges(String str, String str2, int i) throws AuthException {
        if (isAdmin(str)) {
            return true;
        }
        User user = this.userManager.getUser(str);
        if (user == null) {
            throw new AuthException(String.format("No such user : %s", str));
        }
        if (user.checkPrivilege(str2, i)) {
            return true;
        }
        Iterator<String> it = user.getRoleList().iterator();
        while (it.hasNext()) {
            if (this.roleManager.getRole(it.next()).checkPrivilege(str2, i)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public void reset() throws AuthException {
        init();
    }

    @Override // org.apache.iotdb.db.service.IService
    public void start() throws StartupException {
        try {
            init();
        } catch (AuthException e) {
            throw new StartupException(e);
        }
    }

    @Override // org.apache.iotdb.db.service.IService
    public void stop() {
    }

    @Override // org.apache.iotdb.db.service.IService
    public ServiceType getID() {
        return ServiceType.AUTHORIZATION_SERVICE;
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public List<String> listAllUsers() {
        return this.userManager.listAllUsers();
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public List<String> listAllRoles() {
        return this.roleManager.listAllRoles();
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public Role getRole(String str) throws AuthException {
        return this.roleManager.getRole(str);
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public User getUser(String str) throws AuthException {
        return this.userManager.getUser(str);
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public boolean isUserUseWaterMark(String str) throws AuthException {
        return this.userManager.isUserUseWaterMark(str);
    }

    @Override // org.apache.iotdb.db.auth.authorizer.IAuthorizer
    public void setUserUseWaterMark(String str, boolean z) throws AuthException {
        this.userManager.setUserUseWaterMark(str, z);
    }

    static {
        for (int i = 0; i < PrivilegeType.values().length; i++) {
            ADMIN_PRIVILEGES.add(Integer.valueOf(i));
        }
    }
}
