package org.apache.doris.mysql.privilege;

import com.google.common.base.Preconditions;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.Maps;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.doris.analysis.TableName;
import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.catalog.AuthorizationInfo;
import org.apache.doris.catalog.Env;
import org.apache.doris.cluster.ClusterNamespace;
import org.apache.doris.common.UserException;
import org.apache.doris.datasource.CatalogIf;
import org.apache.doris.datasource.ExternalCatalog;
import org.apache.doris.mysql.privilege.Auth;
import org.apache.doris.qe.ConnectContext;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:org/apache/doris/mysql/privilege/AccessControllerManager.class */
public class AccessControllerManager {
    private static final Logger LOG = LogManager.getLogger(AccessControllerManager.class);
    private SystemAccessController sysAccessController;
    private CatalogAccessController internalAccessController;
    private Map<String, CatalogAccessController> ctlToCtlAccessController = Maps.newConcurrentMap();

    public AccessControllerManager(Auth auth) {
        this.sysAccessController = new SystemAccessController(auth);
        this.internalAccessController = new InternalCatalogAccessController(auth);
        this.ctlToCtlAccessController.put("internal", this.internalAccessController);
    }

    public CatalogAccessController getAccessControllerOrDefault(String str) {
        CatalogAccessController catalogAccessController = this.ctlToCtlAccessController.get(str);
        if (catalogAccessController != null) {
            return catalogAccessController;
        }
        CatalogIf catalog = Env.getCurrentEnv().getCatalogMgr().getCatalog(str);
        if (catalog == null || !(catalog instanceof ExternalCatalog)) {
            return this.internalAccessController;
        }
        lazyLoadCtlAccessController((ExternalCatalog) catalog);
        return this.ctlToCtlAccessController.get(str);
    }

    private synchronized void lazyLoadCtlAccessController(ExternalCatalog externalCatalog) {
        if (this.ctlToCtlAccessController.containsKey(externalCatalog.getName())) {
            return;
        }
        externalCatalog.initAccessController(false);
        if (this.ctlToCtlAccessController.containsKey(externalCatalog.getName())) {
            return;
        }
        this.ctlToCtlAccessController.put(externalCatalog.getName(), this.internalAccessController);
    }

    public boolean checkIfAccessControllerExist(String str) {
        return this.ctlToCtlAccessController.containsKey(str);
    }

    public void createAccessController(String str, String str2, Map<String, String> map, boolean z) {
        try {
            CatalogAccessController createAccessController = ((AccessControllerFactory) Class.forName(str2).newInstance()).createAccessController(map);
            if (!z) {
                this.ctlToCtlAccessController.put(str, createAccessController);
                LOG.info("create access controller {} for catalog {}", str, str2);
            }
        } catch (ClassNotFoundException e) {
            throw new RuntimeException(e);
        } catch (IllegalAccessException e2) {
            throw new RuntimeException(e2);
        } catch (InstantiationException e3) {
            throw new RuntimeException(e3);
        }
    }

    public void removeAccessController(String str) {
        this.ctlToCtlAccessController.remove(str);
        LOG.info("remove access controller for catalog {}", str);
    }

    public Auth getAuth() {
        return this.sysAccessController.getAuth();
    }

    public boolean checkGlobalPriv(ConnectContext connectContext, PrivPredicate privPredicate) {
        return checkGlobalPriv(connectContext.getCurrentUserIdentity(), privPredicate);
    }

    public boolean checkGlobalPriv(UserIdentity userIdentity, PrivPredicate privPredicate) {
        return this.sysAccessController.checkGlobalPriv(userIdentity, privPredicate);
    }

    public boolean checkCtlPriv(ConnectContext connectContext, String str, PrivPredicate privPredicate) {
        return checkCtlPriv(connectContext.getCurrentUserIdentity(), str, privPredicate);
    }

    public boolean checkCtlPriv(UserIdentity userIdentity, String str, PrivPredicate privPredicate) {
        return getAccessControllerOrDefault("internal").checkCtlPriv(this.sysAccessController.checkGlobalPriv(userIdentity, privPredicate), userIdentity, str, privPredicate);
    }

    public boolean checkDbPriv(ConnectContext connectContext, String str, PrivPredicate privPredicate) {
        return checkDbPriv(connectContext.getCurrentUserIdentity(), str, privPredicate);
    }

    public boolean checkDbPriv(UserIdentity userIdentity, String str, PrivPredicate privPredicate) {
        return checkDbPriv(userIdentity, "internal", str, privPredicate);
    }

    public boolean checkDbPriv(ConnectContext connectContext, String str, String str2, PrivPredicate privPredicate) {
        return checkDbPriv(connectContext.getCurrentUserIdentity(), str, str2, privPredicate);
    }

    public boolean checkDbPriv(UserIdentity userIdentity, String str, String str2, PrivPredicate privPredicate) {
        return getAccessControllerOrDefault(str).checkDbPriv(this.sysAccessController.checkGlobalPriv(userIdentity, privPredicate), userIdentity, str, ClusterNamespace.getFullName("default_cluster", str2), privPredicate);
    }

    public boolean checkTblPriv(ConnectContext connectContext, String str, String str2, PrivPredicate privPredicate) {
        return checkTblPriv(connectContext, "internal", str, str2, privPredicate);
    }

    public boolean checkTblPriv(ConnectContext connectContext, TableName tableName, PrivPredicate privPredicate) {
        Preconditions.checkState(tableName.isFullyQualified());
        return checkTblPriv(connectContext, tableName.getCtl(), tableName.getDb(), tableName.getTbl(), privPredicate);
    }

    public boolean checkTblPriv(ConnectContext connectContext, String str, String str2, String str3, PrivPredicate privPredicate) {
        return checkTblPriv(connectContext.getCurrentUserIdentity(), str, str2, str3, privPredicate);
    }

    public boolean checkTblPriv(UserIdentity userIdentity, String str, String str2, PrivPredicate privPredicate) {
        return checkTblPriv(userIdentity, "internal", str, str2, privPredicate);
    }

    public boolean checkTblPriv(UserIdentity userIdentity, String str, String str2, String str3, PrivPredicate privPredicate) {
        return getAccessControllerOrDefault(str).checkTblPriv(this.sysAccessController.checkGlobalPriv(userIdentity, privPredicate), userIdentity, str, ClusterNamespace.getFullName("default_cluster", str2), str3, privPredicate);
    }

    public void checkColumnsPriv(UserIdentity userIdentity, String str, HashMultimap<TableName, String> hashMultimap, PrivPredicate privPredicate) throws UserException {
        boolean checkGlobalPriv = this.sysAccessController.checkGlobalPriv(userIdentity, privPredicate);
        CatalogAccessController accessControllerOrDefault = getAccessControllerOrDefault(str);
        for (TableName tableName : hashMultimap.keySet()) {
            accessControllerOrDefault.checkColsPriv(checkGlobalPriv, userIdentity, str, ClusterNamespace.getFullName("default_cluster", tableName.getDb()), tableName.getTbl(), hashMultimap.get(tableName), privPredicate);
        }
    }

    public void checkColumnsPriv(UserIdentity userIdentity, String str, String str2, String str3, Set<String> set, PrivPredicate privPredicate) throws UserException {
        getAccessControllerOrDefault(str).checkColsPriv(this.sysAccessController.checkGlobalPriv(userIdentity, privPredicate), userIdentity, str, str2, str3, set, privPredicate);
    }

    public void checkColumnsPriv(UserIdentity userIdentity, String str, String str2, Set<String> set, PrivPredicate privPredicate) throws UserException {
        checkColumnsPriv(userIdentity, "internal", str, str2, set, privPredicate);
    }

    public boolean checkResourcePriv(ConnectContext connectContext, String str, PrivPredicate privPredicate) {
        return checkResourcePriv(connectContext.getCurrentUserIdentity(), str, privPredicate);
    }

    public boolean checkResourcePriv(UserIdentity userIdentity, String str, PrivPredicate privPredicate) {
        return this.sysAccessController.checkResourcePriv(userIdentity, str, privPredicate);
    }

    public boolean checkWorkloadGroupPriv(ConnectContext connectContext, String str, PrivPredicate privPredicate) {
        return checkWorkloadGroupPriv(connectContext.getCurrentUserIdentity(), str, privPredicate);
    }

    public boolean checkWorkloadGroupPriv(UserIdentity userIdentity, String str, PrivPredicate privPredicate) {
        return this.sysAccessController.checkWorkloadGroupPriv(userIdentity, str, privPredicate);
    }

    public boolean checkPrivByAuthInfo(ConnectContext connectContext, AuthorizationInfo authorizationInfo, PrivPredicate privPredicate) {
        if (authorizationInfo == null || authorizationInfo.getDbName() == null) {
            return false;
        }
        if (authorizationInfo.getTableNameList() == null || authorizationInfo.getTableNameList().isEmpty()) {
            return checkDbPriv(connectContext, authorizationInfo.getDbName(), privPredicate);
        }
        Iterator<String> it = authorizationInfo.getTableNameList().iterator();
        while (it.hasNext()) {
            if (!checkTblPriv(ConnectContext.get(), authorizationInfo.getDbName(), it.next(), privPredicate)) {
                return false;
            }
        }
        return true;
    }

    public boolean checkHasPriv(ConnectContext connectContext, PrivPredicate privPredicate, Auth.PrivLevel... privLevelArr) {
        return this.sysAccessController.checkHasPriv(connectContext, privPredicate, privLevelArr);
    }
}
