package org.apache.doris.mysql.privilege;

import com.google.common.base.Joiner;
import com.google.common.collect.Lists;
import com.google.common.collect.Queues;
import com.google.gson.annotations.SerializedName;
import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Queue;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.apache.doris.analysis.CreateFileStmt;
import org.apache.doris.analysis.PasswordOptions;
import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.common.AuthenticationException;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.io.Text;
import org.apache.doris.common.io.Writable;
import org.apache.doris.common.util.TimeUtils;
import org.apache.doris.common.util.Util;
import org.apache.doris.persist.gson.GsonUtils;
import org.apache.doris.qe.GlobalVariable;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:org/apache/doris/mysql/privilege/PasswordPolicy.class */
public class PasswordPolicy implements Writable {
    private static final Logger LOG = LogManager.getLogger(PasswordPolicy.class);
    private static final String EXPIRATION_SECONDS = "password_policy.expiration_seconds";
    private static final String PASSWORD_CREATION_TIME = "password_policy.password_creation_time";
    private static final String HISTORY_NUM = "password_policy.history_num";
    private static final String HISTORY_PASSWORDS = "password_policy.history_passwords";
    private static final String NUM_FAILED_LOGIN = "password_policy.num_failed_login";
    private static final String PASSWORD_LOCK_SECONDS = "password_policy.password_lock_seconds";
    private static final String FAILED_LOGIN_COUNTER = "password_policy.failed_login_counter";
    private static final String LOCK_TIME = "password_policy.lock_time";
    private ReentrantReadWriteLock lock = new ReentrantReadWriteLock();

    @SerializedName("expirePolicy")
    private ExpirePolicy expirePolicy = new ExpirePolicy();

    @SerializedName("historyPolicy")
    private HistoryPolicy historyPolicy = new HistoryPolicy();

    @SerializedName("failedLoginPolicy")
    private FailedLoginPolicy failedLoginPolicy = new FailedLoginPolicy();

    /* loaded from: input_file:org/apache/doris/mysql/privilege/PasswordPolicy$ExpirePolicy.class */
    public static class ExpirePolicy implements Writable {
        public static final int DEFAULT = -1;
        public static final int NEVER = 0;

        @SerializedName("expirationSecond")
        public long expirationSecond = 0;

        @SerializedName("passwordCreateTime")
        public long passwordCreateTime = 0;

        public boolean isExpire() {
            return leftSeconds() <= 0;
        }

        public long leftSeconds() {
            long j = this.expirationSecond;
            if (j == -1) {
                j = GlobalVariable.defaultPasswordLifetime * 86400;
            }
            if (j == 0) {
                return Long.MAX_VALUE;
            }
            return j - ((System.currentTimeMillis() - this.passwordCreateTime) / 1000);
        }

        public void update(long j) {
            if (j == -2) {
                return;
            }
            this.expirationSecond = j;
            this.passwordCreateTime = System.currentTimeMillis();
        }

        public void setPasswordCreateTime() {
            this.passwordCreateTime = System.currentTimeMillis();
        }

        private String expirationSecondsToString() {
            return this.expirationSecond == -1 ? CreateFileStmt.PROP_CATALOG_DEFAULT : this.expirationSecond == 0 ? "NEVER" : String.valueOf(this.expirationSecond);
        }

        public void getInfo(List<List<String>> list) {
            ArrayList newArrayList = Lists.newArrayList();
            newArrayList.add(PasswordPolicy.EXPIRATION_SECONDS);
            newArrayList.add(expirationSecondsToString());
            ArrayList newArrayList2 = Lists.newArrayList();
            newArrayList2.add(PasswordPolicy.PASSWORD_CREATION_TIME);
            newArrayList2.add(this.passwordCreateTime == 0 ? "" : TimeUtils.longToTimeString(this.passwordCreateTime));
            list.add(newArrayList);
            list.add(newArrayList2);
        }

        public void write(DataOutput dataOutput) throws IOException {
            Text.writeString(dataOutput, GsonUtils.GSON.toJson(this));
        }

        public static ExpirePolicy read(DataInput dataInput) throws IOException {
            return (ExpirePolicy) GsonUtils.GSON.fromJson(Text.readString(dataInput), ExpirePolicy.class);
        }
    }

    /* loaded from: input_file:org/apache/doris/mysql/privilege/PasswordPolicy$FailedLoginPolicy.class */
    public static class FailedLoginPolicy implements Writable {
        public static final int DISABLED = 0;
        public static final int UNBOUNDED = -1;
        public static final int LOCK_ACCOUNT = -1;
        public static final int UNLOCK_ACCOUNT = 1;

        @SerializedName("numFailedLogin")
        public int numFailedLogin = 0;

        @SerializedName("passwordLockSeconds")
        public long passwordLockSeconds = 0;
        public AtomicLong failedLoginCounter = new AtomicLong(0);
        public AtomicLong lockTime = new AtomicLong(0);

        public boolean onFailedLogin() {
            if (this.numFailedLogin == 0 || this.passwordLockSeconds == 0) {
                return false;
            }
            if (this.failedLoginCounter.get() >= this.numFailedLogin) {
                return true;
            }
            if (this.failedLoginCounter.incrementAndGet() < this.numFailedLogin) {
                return false;
            }
            this.lockTime.set(System.currentTimeMillis());
            return true;
        }

        public boolean isLocked() {
            return leftSeconds() > 0;
        }

        public long leftSeconds() {
            if (this.numFailedLogin == 0 || this.passwordLockSeconds == 0 || this.lockTime.get() == 0) {
                return 0L;
            }
            if (this.lockTime.get() <= 0 || this.passwordLockSeconds != -1) {
                return Math.max(0L, this.passwordLockSeconds - ((System.currentTimeMillis() - this.lockTime.get()) / 1000));
            }
            return 9999L;
        }

        public void updateNumFailedLogin(int i) {
            if (i == -2) {
                return;
            }
            this.numFailedLogin = i;
            unlock();
        }

        public void updatePasswordLockSeconds(long j) {
            if (j == -2) {
                return;
            }
            this.passwordLockSeconds = j;
            unlock();
        }

        public void unlock() {
            this.failedLoginCounter.set(0L);
            this.lockTime.set(0L);
        }

        public void write(DataOutput dataOutput) throws IOException {
            Text.writeString(dataOutput, GsonUtils.GSON.toJson(this));
        }

        public static FailedLoginPolicy read(DataInput dataInput) throws IOException {
            return (FailedLoginPolicy) GsonUtils.GSON.fromJson(Text.readString(dataInput), FailedLoginPolicy.class);
        }

        private String passwordLockSecondsToString() {
            return this.passwordLockSeconds == -1 ? "UNBOUNDED" : this.passwordLockSeconds == 0 ? "DISABLED" : String.valueOf(this.passwordLockSeconds);
        }

        private String numFailedLoginToString() {
            switch (this.numFailedLogin) {
                case 0:
                    return "DISABLED";
                default:
                    return String.valueOf(this.numFailedLogin);
            }
        }

        public void getInfo(List<List<String>> list) {
            ArrayList newArrayList = Lists.newArrayList();
            newArrayList.add(PasswordPolicy.NUM_FAILED_LOGIN);
            newArrayList.add(numFailedLoginToString());
            ArrayList newArrayList2 = Lists.newArrayList();
            newArrayList2.add(PasswordPolicy.PASSWORD_LOCK_SECONDS);
            newArrayList2.add(passwordLockSecondsToString());
            ArrayList newArrayList3 = Lists.newArrayList();
            newArrayList3.add(PasswordPolicy.FAILED_LOGIN_COUNTER);
            newArrayList3.add(String.valueOf(this.failedLoginCounter.get()));
            ArrayList newArrayList4 = Lists.newArrayList();
            newArrayList4.add(PasswordPolicy.LOCK_TIME);
            newArrayList4.add(this.lockTime.get() == 0 ? "" : TimeUtils.longToTimeString(this.lockTime.get()));
            list.add(newArrayList);
            list.add(newArrayList2);
            list.add(newArrayList3);
            list.add(newArrayList4);
        }
    }

    /* loaded from: input_file:org/apache/doris/mysql/privilege/PasswordPolicy$HistoryPolicy.class */
    public static class HistoryPolicy implements Writable {
        public static final int MAX_HISTORY_SIZE = 10;
        public static final int DEFAULT = -1;
        public static final int NO_RESTRICTION = 0;

        @SerializedName("historyPasswords")
        public Queue<byte[]> historyPasswords = Queues.newArrayDeque();

        @SerializedName("historyNum")
        public int historyNum = 0;

        public boolean isPasswordAllowed(byte[] bArr) {
            if (this.historyNum == 0) {
                return true;
            }
            Iterator<byte[]> it = this.historyPasswords.iterator();
            int i = this.historyNum;
            if (i == -1) {
                i = GlobalVariable.passwordHistory;
            }
            int size = this.historyPasswords.size() <= i ? 0 : this.historyPasswords.size() - i;
            while (true) {
                int i2 = size;
                size--;
                if (i2 <= 0) {
                    break;
                }
                it.next();
            }
            while (it.hasNext()) {
                if (Arrays.equals(it.next(), bArr)) {
                    return false;
                }
            }
            return true;
        }

        public void addPassword(byte[] bArr) {
            if (this.historyPasswords.size() == 10) {
                this.historyPasswords.poll();
            }
            this.historyPasswords.add(bArr);
        }

        public void update(byte[] bArr, int i) {
            if (i != -2) {
                this.historyNum = i;
                this.historyPasswords.clear();
            }
            if (bArr != null) {
                this.historyPasswords.add(bArr);
            }
        }

        private String historyNumToString() {
            switch (this.historyNum) {
                case -1:
                    return CreateFileStmt.PROP_CATALOG_DEFAULT;
                case 0:
                    return "NO_RESTRICTION";
                default:
                    return String.valueOf(this.historyNum);
            }
        }

        public void getInfo(List<List<String>> list) {
            ArrayList newArrayList = Lists.newArrayList();
            newArrayList.add(PasswordPolicy.HISTORY_NUM);
            newArrayList.add(historyNumToString());
            ArrayList newArrayList2 = Lists.newArrayList();
            newArrayList2.add(PasswordPolicy.HISTORY_PASSWORDS);
            ArrayList newArrayList3 = Lists.newArrayList();
            Iterator<byte[]> it = this.historyPasswords.iterator();
            int i = this.historyNum;
            if (i == -1) {
                i = GlobalVariable.passwordHistory;
            }
            int size = this.historyPasswords.size() <= i ? 0 : this.historyPasswords.size() - i;
            while (true) {
                int i2 = size;
                size--;
                if (i2 <= 0) {
                    break;
                } else {
                    it.next();
                }
            }
            while (it.hasNext()) {
                String bytesToHex = Util.bytesToHex(it.next());
                newArrayList3.add("*" + bytesToHex.substring(0, Math.min(3, bytesToHex.length())) + "...");
            }
            newArrayList2.add(Joiner.on(",").join(newArrayList3));
            list.add(newArrayList);
            list.add(newArrayList2);
        }

        public void write(DataOutput dataOutput) throws IOException {
            Text.writeString(dataOutput, GsonUtils.GSON.toJson(this));
        }

        public static HistoryPolicy read(DataInput dataInput) throws IOException {
            return (HistoryPolicy) GsonUtils.GSON.fromJson(Text.readString(dataInput), HistoryPolicy.class);
        }
    }

    public static PasswordPolicy createDefault() {
        return new PasswordPolicy();
    }

    public void checkAccountLockedAndPasswordExpiration(UserIdentity userIdentity) throws AuthenticationException {
        this.lock.readLock().lock();
        try {
            if (this.expirePolicy.isExpire()) {
                throw new AuthenticationException(ErrorCode.ERR_MUST_CHANGE_PASSWORD_LOGIN, new Object[0]);
            }
            if (this.failedLoginPolicy.isLocked()) {
                throw new AuthenticationException(ErrorCode.ERR_USER_ACCESS_DENIED_FOR_USER_ACCOUNT_BLOCKED_BY_PASSWORD_LOCK, userIdentity.getQualifiedUser(), userIdentity.getHost(), Long.valueOf(this.failedLoginPolicy.passwordLockSeconds), Long.valueOf(this.failedLoginPolicy.leftSeconds()), this.failedLoginPolicy.failedLoginCounter);
            }
        } finally {
            this.lock.readLock().unlock();
        }
    }

    public boolean onFailedLogin() {
        this.lock.writeLock().lock();
        try {
            return this.failedLoginPolicy.onFailedLogin();
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    public boolean checkPasswordHistory(byte[] bArr) {
        this.lock.readLock().lock();
        try {
            return this.historyPolicy.isPasswordAllowed(bArr);
        } finally {
            this.lock.readLock().unlock();
        }
    }

    public void update(byte[] bArr, PasswordOptions passwordOptions) {
        this.lock.writeLock().lock();
        try {
            this.expirePolicy.update(passwordOptions.getExpirePolicySecond());
            this.historyPolicy.update(bArr, passwordOptions.getHistoryPolicy());
            this.failedLoginPolicy.updateNumFailedLogin(passwordOptions.getLoginAttempts());
            this.failedLoginPolicy.updatePasswordLockSeconds(passwordOptions.getPasswordLockSecond());
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    public void updatePassword(byte[] bArr) {
        this.lock.writeLock().lock();
        try {
            this.historyPolicy.addPassword(bArr);
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    public ExpirePolicy getExpirePolicy() {
        return this.expirePolicy;
    }

    public void write(DataOutput dataOutput) throws IOException {
        Text.writeString(dataOutput, GsonUtils.GSON.toJson(this));
    }

    public static PasswordPolicy read(DataInput dataInput) throws IOException {
        return (PasswordPolicy) GsonUtils.GSON.fromJson(Text.readString(dataInput), PasswordPolicy.class);
    }

    public List<List<String>> getInfo() {
        this.lock.readLock().lock();
        try {
            ArrayList newArrayList = Lists.newArrayList();
            this.expirePolicy.getInfo(newArrayList);
            this.historyPolicy.getInfo(newArrayList);
            this.failedLoginPolicy.getInfo(newArrayList);
            return newArrayList;
        } finally {
            this.lock.readLock().unlock();
        }
    }

    public void unlockAccount() {
        this.lock.writeLock().lock();
        try {
            this.failedLoginPolicy.unlock();
        } finally {
            this.lock.writeLock().unlock();
        }
    }
}
