package org.apache.iotdb.db.auth;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.utils.AuthUtils;
import org.apache.iotdb.db.conf.OperationType;
import org.apache.iotdb.db.mpp.plan.constant.StatementType;
import org.apache.iotdb.db.mpp.plan.statement.Statement;
import org.apache.iotdb.db.mpp.plan.statement.sys.AuthorStatement;
import org.apache.iotdb.db.qp.logical.Operator;
import org.apache.iotdb.db.query.control.SessionManager;
import org.apache.iotdb.db.utils.ErrorHandlingUtils;
import org.apache.iotdb.rpc.RpcUtils;
import org.apache.iotdb.rpc.TSStatusCode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/iotdb/db/auth/AuthorityChecker.class */
public class AuthorityChecker {
    private static final String SUPER_USER = CommonDescriptor.getInstance().getConfig().getAdminName();
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AuthorityChecker.class);
    private static AuthorizerManager authorizerManager = AuthorizerManager.getInstance();
    private static SessionManager sessionManager = SessionManager.getInstance();

    private AuthorityChecker() {
    }

    public static boolean check(String str, List<? extends PartialPath> list, Operator.OperatorType operatorType, String str2) throws AuthException {
        if (SUPER_USER.equals(str)) {
            return true;
        }
        int translateToPermissionId = translateToPermissionId(operatorType);
        if (translateToPermissionId == -1) {
            return false;
        }
        if (translateToPermissionId == PrivilegeType.MODIFY_PASSWORD.ordinal() && str.equals(str2)) {
            return true;
        }
        if (list == null || list.isEmpty()) {
            return checkOnePath(str, null, translateToPermissionId);
        }
        Iterator<? extends PartialPath> it = list.iterator();
        while (it.hasNext()) {
            if (!checkOnePath(str, it.next(), translateToPermissionId)) {
                return false;
            }
        }
        return true;
    }

    public static boolean checkPermission(String str, List<? extends PartialPath> list, StatementType statementType, String str2) {
        if (SUPER_USER.equals(str)) {
            return true;
        }
        int translateToPermissionId = translateToPermissionId(statementType);
        if (translateToPermissionId == -1) {
            return false;
        }
        if (translateToPermissionId == PrivilegeType.MODIFY_PASSWORD.ordinal() && str.equals(str2)) {
            return true;
        }
        ArrayList arrayList = new ArrayList();
        if (list == null || list.isEmpty()) {
            arrayList.add(AuthUtils.ROOT_PATH_PRIVILEGE);
        } else {
            Iterator<? extends PartialPath> it = list.iterator();
            while (it.hasNext()) {
                PartialPath next = it.next();
                arrayList.add(next == null ? AuthUtils.ROOT_PATH_PRIVILEGE : next.getFullPath());
            }
        }
        return authorizerManager.checkPath(str, arrayList, translateToPermissionId).getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode();
    }

    private static boolean checkOnePath(String str, PartialPath partialPath, int i) throws AuthException {
        String fullPath;
        if (partialPath == null) {
            fullPath = AuthUtils.ROOT_PATH_PRIVILEGE;
        } else {
            try {
                fullPath = partialPath.getFullPath();
            } catch (AuthException e) {
                logger.error("Error occurs when checking the seriesPath {} for user {}", partialPath, str, e);
                throw new AuthException(e);
            }
        }
        return authorizerManager.checkUserPrivileges(str, fullPath, i);
    }

    public static TSStatus checkAuthority(Statement statement, long j) {
        try {
            return !checkAuthorization(statement, sessionManager.getUsername(Long.valueOf(j))) ? RpcUtils.getStatus(TSStatusCode.NO_PERMISSION_ERROR, "No permissions for this operation " + statement.getType()) : RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
        } catch (AuthException e) {
            logger.warn("meet error while checking authorization.", (Throwable) e);
            return RpcUtils.getStatus(TSStatusCode.UNINITIALIZED_AUTH_ERROR, e.getMessage());
        } catch (Exception e2) {
            return ErrorHandlingUtils.onNPEOrUnexpectedException(e2, OperationType.CHECK_AUTHORITY, TSStatusCode.EXECUTE_STATEMENT_ERROR);
        }
    }

    public static boolean checkAuthorization(Statement statement, String str) throws AuthException {
        if (!statement.isAuthenticationRequired()) {
            return true;
        }
        String str2 = null;
        if (statement instanceof AuthorStatement) {
            str2 = ((AuthorStatement) statement).getUserName();
        }
        return checkPermission(str, statement.getPaths(), statement.getType(), str2);
    }

    private static int translateToPermissionId(Operator.OperatorType operatorType) {
        switch (operatorType) {
            case GRANT_ROLE_PRIVILEGE:
                return PrivilegeType.GRANT_ROLE_PRIVILEGE.ordinal();
            case CREATE_ROLE:
                return PrivilegeType.CREATE_ROLE.ordinal();
            case CREATE_USER:
                return PrivilegeType.CREATE_USER.ordinal();
            case MODIFY_PASSWORD:
                return PrivilegeType.MODIFY_PASSWORD.ordinal();
            case GRANT_USER_PRIVILEGE:
                return PrivilegeType.GRANT_USER_PRIVILEGE.ordinal();
            case REVOKE_ROLE_PRIVILEGE:
                return PrivilegeType.REVOKE_ROLE_PRIVILEGE.ordinal();
            case REVOKE_USER_PRIVILEGE:
                return PrivilegeType.REVOKE_USER_PRIVILEGE.ordinal();
            case GRANT_USER_ROLE:
                return PrivilegeType.GRANT_USER_ROLE.ordinal();
            case DELETE_USER:
                return PrivilegeType.DELETE_USER.ordinal();
            case DELETE_ROLE:
                return PrivilegeType.DELETE_ROLE.ordinal();
            case REVOKE_USER_ROLE:
                return PrivilegeType.REVOKE_USER_ROLE.ordinal();
            case SET_STORAGE_GROUP:
                return PrivilegeType.SET_STORAGE_GROUP.ordinal();
            case DELETE_STORAGE_GROUP:
                return PrivilegeType.DELETE_STORAGE_GROUP.ordinal();
            case CREATE_TIMESERIES:
            case CREATE_ALIGNED_TIMESERIES:
                return PrivilegeType.CREATE_TIMESERIES.ordinal();
            case DELETE_TIMESERIES:
            case DELETE:
            case DROP_INDEX:
                return PrivilegeType.DELETE_TIMESERIES.ordinal();
            case SHOW:
            case QUERY:
            case GROUP_BY_TIME:
            case QUERY_INDEX:
            case AGGREGATION:
            case UDAF:
            case UDTF:
            case LAST:
            case FILL:
            case GROUP_BY_FILL:
            case SELECT_INTO:
                return PrivilegeType.READ_TIMESERIES.ordinal();
            case INSERT:
            case LOAD_DATA:
            case CREATE_INDEX:
            case BATCH_INSERT:
            case BATCH_INSERT_ONE_DEVICE:
            case BATCH_INSERT_ROWS:
            case MULTI_BATCH_INSERT:
                return PrivilegeType.INSERT_TIMESERIES.ordinal();
            case LIST_ROLE:
            case LIST_ROLE_USERS:
            case LIST_ROLE_PRIVILEGE:
                return PrivilegeType.LIST_ROLE.ordinal();
            case LIST_USER:
            case LIST_USER_ROLES:
            case LIST_USER_PRIVILEGE:
                return PrivilegeType.LIST_USER.ordinal();
            case CREATE_FUNCTION:
                return PrivilegeType.CREATE_FUNCTION.ordinal();
            case DROP_FUNCTION:
                return PrivilegeType.DROP_FUNCTION.ordinal();
            case CREATE_TRIGGER:
                return PrivilegeType.CREATE_TRIGGER.ordinal();
            case DROP_TRIGGER:
                return PrivilegeType.DROP_TRIGGER.ordinal();
            case START_TRIGGER:
                return PrivilegeType.START_TRIGGER.ordinal();
            case STOP_TRIGGER:
                return PrivilegeType.STOP_TRIGGER.ordinal();
            case CREATE_CONTINUOUS_QUERY:
                return PrivilegeType.CREATE_CONTINUOUS_QUERY.ordinal();
            case DROP_CONTINUOUS_QUERY:
                return PrivilegeType.DROP_CONTINUOUS_QUERY.ordinal();
            default:
                logger.error("Unrecognizable operator type ({}) for AuthorityChecker.", operatorType);
                return -1;
        }
    }

    private static int translateToPermissionId(StatementType statementType) {
        switch (statementType) {
            case GRANT_ROLE_PRIVILEGE:
                return PrivilegeType.GRANT_ROLE_PRIVILEGE.ordinal();
            case CREATE_ROLE:
                return PrivilegeType.CREATE_ROLE.ordinal();
            case CREATE_USER:
                return PrivilegeType.CREATE_USER.ordinal();
            case MODIFY_PASSWORD:
                return PrivilegeType.MODIFY_PASSWORD.ordinal();
            case GRANT_USER_PRIVILEGE:
                return PrivilegeType.GRANT_USER_PRIVILEGE.ordinal();
            case REVOKE_ROLE_PRIVILEGE:
                return PrivilegeType.REVOKE_ROLE_PRIVILEGE.ordinal();
            case REVOKE_USER_PRIVILEGE:
                return PrivilegeType.REVOKE_USER_PRIVILEGE.ordinal();
            case GRANT_USER_ROLE:
                return PrivilegeType.GRANT_USER_ROLE.ordinal();
            case DELETE_USER:
                return PrivilegeType.DELETE_USER.ordinal();
            case DELETE_ROLE:
                return PrivilegeType.DELETE_ROLE.ordinal();
            case REVOKE_USER_ROLE:
                return PrivilegeType.REVOKE_USER_ROLE.ordinal();
            case SET_STORAGE_GROUP:
                return PrivilegeType.SET_STORAGE_GROUP.ordinal();
            case DELETE_STORAGE_GROUP:
                return PrivilegeType.DELETE_STORAGE_GROUP.ordinal();
            case CREATE_TIMESERIES:
            case CREATE_ALIGNED_TIMESERIES:
                return PrivilegeType.CREATE_TIMESERIES.ordinal();
            case DELETE_TIMESERIES:
            case DELETE:
            case DROP_INDEX:
                return PrivilegeType.DELETE_TIMESERIES.ordinal();
            case SHOW:
            case QUERY:
            case GROUP_BY_TIME:
            case QUERY_INDEX:
            case AGGREGATION:
            case UDAF:
            case UDTF:
            case LAST:
            case FILL:
            case GROUP_BY_FILL:
            case SELECT_INTO:
                return PrivilegeType.READ_TIMESERIES.ordinal();
            case INSERT:
            case LOAD_DATA:
            case CREATE_INDEX:
            case BATCH_INSERT:
            case BATCH_INSERT_ONE_DEVICE:
            case BATCH_INSERT_ROWS:
            case MULTI_BATCH_INSERT:
                return PrivilegeType.INSERT_TIMESERIES.ordinal();
            case LIST_ROLE:
            case LIST_ROLE_USERS:
            case LIST_ROLE_PRIVILEGE:
                return PrivilegeType.LIST_ROLE.ordinal();
            case LIST_USER:
            case LIST_USER_ROLES:
            case LIST_USER_PRIVILEGE:
                return PrivilegeType.LIST_USER.ordinal();
            case CREATE_FUNCTION:
                return PrivilegeType.CREATE_FUNCTION.ordinal();
            case DROP_FUNCTION:
                return PrivilegeType.DROP_FUNCTION.ordinal();
            case CREATE_TRIGGER:
                return PrivilegeType.CREATE_TRIGGER.ordinal();
            case DROP_TRIGGER:
                return PrivilegeType.DROP_TRIGGER.ordinal();
            case START_TRIGGER:
                return PrivilegeType.START_TRIGGER.ordinal();
            case STOP_TRIGGER:
                return PrivilegeType.STOP_TRIGGER.ordinal();
            case CREATE_CONTINUOUS_QUERY:
                return PrivilegeType.CREATE_CONTINUOUS_QUERY.ordinal();
            case DROP_CONTINUOUS_QUERY:
                return PrivilegeType.DROP_CONTINUOUS_QUERY.ordinal();
            default:
                logger.error("Unrecognizable operator type ({}) for AuthorityChecker.", statementType);
                return -1;
        }
    }
}
