package org.apache.doris.mysql.privilege;

import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.gson.annotations.SerializedName;
import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.Resource;
import org.apache.doris.common.AuthenticationException;
import org.apache.doris.common.CaseSensibility;
import org.apache.doris.common.DdlException;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.PatternMatcher;
import org.apache.doris.common.PatternMatcherException;
import org.apache.doris.common.io.Text;
import org.apache.doris.common.io.Writable;
import org.apache.doris.mysql.MysqlPassword;
import org.apache.doris.persist.gson.GsonUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:org/apache/doris/mysql/privilege/UserManager.class */
public class UserManager implements Writable {
    public static final String ANY_HOST = "%";
    private static final Logger LOG = LogManager.getLogger(UserManager.class);

    @SerializedName("nameToUsers")
    private Map<String, List<User>> nameToUsers = Maps.newHashMap();

    public boolean userIdentityExist(UserIdentity userIdentity, boolean z) {
        List<User> list = this.nameToUsers.get(userIdentity.getQualifiedUser());
        if (CollectionUtils.isEmpty(list)) {
            return false;
        }
        for (User user : list) {
            if (user.getUserIdentity().getHost().equalsIgnoreCase(userIdentity.getHost()) && (z || !user.isSetByDomainResolver())) {
                return true;
            }
        }
        return false;
    }

    public List<User> getUserByName(String str) {
        List<User> list = this.nameToUsers.get(str);
        return list == null ? Collections.EMPTY_LIST : list;
    }

    public void checkPassword(String str, String str2, byte[] bArr, byte[] bArr2, List<UserIdentity> list) throws AuthenticationException {
        checkPasswordInternal(str, str2, bArr, bArr2, null, list, false);
    }

    public void checkPlainPassword(String str, String str2, String str3, List<UserIdentity> list) throws AuthenticationException {
        checkPasswordInternal(str, str2, null, null, str3, list, true);
    }

    private void checkPasswordInternal(String str, String str2, byte[] bArr, byte[] bArr2, String str3, List<UserIdentity> list, boolean z) throws AuthenticationException {
        PasswordPolicyManager passwdPolicyManager = Env.getCurrentEnv().getAuth().getPasswdPolicyManager();
        List<User> list2 = this.nameToUsers.get(str);
        if (CollectionUtils.isEmpty(list2)) {
            throw new AuthenticationException(ErrorCode.ERR_ACCESS_DENIED_ERROR, str + Resource.REFERENCE_SPLIT + str2, "YES");
        }
        for (User user : list2) {
            if (!user.getUserIdentity().isDomain() && (user.isAnyHost() || user.getHostPattern().match(str2))) {
                UserIdentity domainUserIdentity = user.getDomainUserIdentity();
                if (!comparePassword(user.getPassword(), bArr, bArr2, str3, z)) {
                    passwdPolicyManager.onFailedLogin(domainUserIdentity);
                    throw new AuthenticationException(ErrorCode.ERR_ACCESS_DENIED_ERROR, str + Resource.REFERENCE_SPLIT + str2, hasRemotePasswd(z, bArr));
                }
                passwdPolicyManager.checkAccountLockedAndPasswordExpiration(domainUserIdentity);
                if (list != null) {
                    list.add(domainUserIdentity);
                    return;
                }
                return;
            }
        }
        throw new AuthenticationException(ErrorCode.ERR_ACCESS_DENIED_ERROR, str + Resource.REFERENCE_SPLIT + str2, hasRemotePasswd(z, bArr));
    }

    public List<UserIdentity> getUserIdentityUncheckPasswd(String str, String str2) {
        ArrayList newArrayList = Lists.newArrayList();
        for (User user : this.nameToUsers.getOrDefault(str, Lists.newArrayList())) {
            if (!user.getUserIdentity().isDomain() && (user.isAnyHost() || user.getHostPattern().match(str2))) {
                newArrayList.add(user.getUserIdentity());
            }
        }
        return newArrayList;
    }

    private String hasRemotePasswd(boolean z, byte[] bArr) {
        return (!z && bArr.length == 0) ? "NO" : "YES";
    }

    private boolean comparePassword(Password password, byte[] bArr, byte[] bArr2, String str, boolean z) {
        if (z) {
            return MysqlPassword.checkPlainPass(password.getPassword(), str);
        }
        byte[] saltFromPassword = MysqlPassword.getSaltFromPassword(password.getPassword());
        return bArr.length == saltFromPassword.length && (bArr.length == 0 || MysqlPassword.checkScramble(bArr, bArr2, saltFromPassword));
    }

    public void clearEntriesSetByResolver() {
        Iterator<Map.Entry<String, List<User>>> it = this.nameToUsers.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<String, List<User>> next = it.next();
            Iterator<User> it2 = next.getValue().iterator();
            while (it2.hasNext()) {
                if (it2.next().isSetByDomainResolver()) {
                    it2.remove();
                }
            }
            if (CollectionUtils.isEmpty(next.getValue())) {
                it.remove();
            } else {
                Collections.sort(next.getValue());
            }
        }
    }

    public User createUser(UserIdentity userIdentity, byte[] bArr, UserIdentity userIdentity2, boolean z) throws PatternMatcherException {
        if (userIdentityExist(userIdentity, true)) {
            User userByUserIdentity = getUserByUserIdentity(userIdentity);
            if (!userByUserIdentity.isSetByDomainResolver() && z) {
                return userByUserIdentity;
            }
            userByUserIdentity.setPassword(bArr);
            userByUserIdentity.setSetByDomainResolver(z);
            return userByUserIdentity;
        }
        User user = new User(userIdentity, bArr, z, userIdentity2, PatternMatcher.createMysqlPattern(userIdentity.getHost(), CaseSensibility.HOST.getCaseSensibility()));
        List<User> list = this.nameToUsers.get(userIdentity.getQualifiedUser());
        if (CollectionUtils.isEmpty(list)) {
            this.nameToUsers.put(userIdentity.getQualifiedUser(), Lists.newArrayList(new User[]{user}));
        } else {
            list.add(user);
            Collections.sort(list);
        }
        return user;
    }

    public User getUserByUserIdentity(UserIdentity userIdentity) {
        List<User> list = this.nameToUsers.get(userIdentity.getQualifiedUser());
        if (CollectionUtils.isEmpty(list)) {
            return null;
        }
        for (User user : list) {
            if (user.getUserIdentity().equals(userIdentity)) {
                return user;
            }
        }
        return null;
    }

    public void removeUser(UserIdentity userIdentity) {
        List<User> list = this.nameToUsers.get(userIdentity.getQualifiedUser());
        if (CollectionUtils.isEmpty(list)) {
            return;
        }
        Iterator<User> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().getUserIdentity().equals(userIdentity)) {
                it.remove();
            }
        }
        if (CollectionUtils.isEmpty(list)) {
            this.nameToUsers.remove(userIdentity.getQualifiedUser());
        } else {
            Collections.sort(list);
        }
    }

    public Map<String, List<User>> getNameToUsers() {
        return this.nameToUsers;
    }

    public void setPassword(UserIdentity userIdentity, byte[] bArr, boolean z) throws DdlException {
        User userByUserIdentity = getUserByUserIdentity(userIdentity);
        if (userByUserIdentity != null) {
            userByUserIdentity.setPassword(bArr);
        } else if (z) {
            throw new DdlException("user " + userIdentity + " does not exist");
        }
    }

    public void getAllDomains(Set<String> set) {
        Iterator<Map.Entry<String, List<User>>> it = this.nameToUsers.entrySet().iterator();
        while (it.hasNext()) {
            for (User user : it.next().getValue()) {
                if (user.getUserIdentity().isDomain()) {
                    set.add(user.getUserIdentity().getHost());
                }
            }
        }
    }

    public void addUserPrivEntriesByResolvedIPs(Map<String, Set<String>> map) {
        for (Map.Entry<String, List<User>> entry : this.nameToUsers.entrySet()) {
            for (Map.Entry<String, Set<String>> entry2 : map.entrySet()) {
                User domainUser = getDomainUser(entry.getValue(), entry2.getKey());
                if (domainUser != null) {
                    Iterator<String> it = entry2.getValue().iterator();
                    while (it.hasNext()) {
                        UserIdentity createAnalyzedUserIdentWithIp = UserIdentity.createAnalyzedUserIdentWithIp(entry.getKey(), it.next());
                        byte[] password = domainUser.getPassword().getPassword();
                        Preconditions.checkNotNull(password, entry2.getKey());
                        try {
                            createUser(createAnalyzedUserIdentWithIp, password, domainUser.getUserIdentity(), true);
                        } catch (PatternMatcherException e) {
                            LOG.info("failed to create user for user ident: {}, {}", createAnalyzedUserIdentWithIp, e.getMessage());
                        }
                    }
                }
            }
        }
    }

    private User getDomainUser(List<User> list, String str) {
        for (User user : list) {
            if (user.getUserIdentity().isDomain() && user.getUserIdentity().getHost().equals(str)) {
                return user;
            }
        }
        return null;
    }

    public String toString() {
        return this.nameToUsers.toString();
    }

    public void write(DataOutput dataOutput) throws IOException {
        Text.writeString(dataOutput, GsonUtils.GSON.toJson(this));
    }

    public static UserManager read(DataInput dataInput) throws IOException {
        return (UserManager) GsonUtils.GSON.fromJson(Text.readString(dataInput), UserManager.class);
    }
}
