package com.huawei.iotdb;

import com.huawei.hadoop.security.crypter.CrypterUtil;
import java.io.File;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.stream.Stream;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.authorizer.LocalFileAuthorizer;
import org.apache.iotdb.commons.auth.entity.User;
import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.db.auth.AuthorizerManager;
import org.apache.iotdb.db.mpp.plan.statement.sys.AuthorStatement;
import org.apache.iotdb.db.qp.logical.sys.AuthorOperator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/iotdb/LocalAuthorizer.class */
public class LocalAuthorizer extends LocalFileAuthorizer {
    private static final String ALTER_PASSWORD = "alter_password";
    private static final String NO_SUCH_USER_ERROR = "No such user %s";
    private static final String TEMP_SUFFIX = ".temp";
    private static final String STRING_ENCODING = "utf-8";
    private static final Logger logger = LoggerFactory.getLogger(LocalAuthorizer.class);
    private static final String WEAK_PASSWORD_DIC_DIR = System.getenv("BIGDATA_COMMON") + "/security/weakPasswdDic/weakPasswdDic.ini";
    private static final String ROOT_PROFILE_PATH = System.getProperty("IOTDB_HOME");
    private static ThreadLocal<ByteBuffer> encodingBufferLocal = new ThreadLocal<>();

    public boolean login(String str, String str2) throws AuthException {
        if (!str.equals(CommonDescriptor.getInstance().getConfig().getAdminName()) || !str2.equals(CommonDescriptor.getInstance().getConfig().getAdminPassword())) {
            return super.login(str, str2);
        }
        logger.error("{} login failed!", str);
        throw new AuthException("Please alter " + str + " password! You can execute 'alter-cli-password.sh' script.");
    }

    public boolean login(String str, String str2, Map<String, String> map) throws AuthException {
        String str3 = map.get(ALTER_PASSWORD);
        if (str3 != null) {
            if (!checkPassword(str3)) {
                logger.error("Simple password. Enter another password");
                return false;
            }
            if (!checkWeakPassword(str3)) {
                logger.error("Weak password. Enter another password");
                return false;
            }
            if (super.login(str, str2)) {
                AuthorStatement authorStatement = new AuthorStatement(AuthorOperator.AuthorType.UPDATE_USER);
                authorStatement.setUserName(str);
                authorStatement.setNewPassword(str3);
                AuthorizerManager.getInstance().operatePermission(authorStatement);
                logger.info("Alter password success");
                return true;
            }
        }
        return login(str, str2);
    }

    public boolean checkPassword(String str) {
        return str.matches("^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-_]).{4,16}$");
    }

    public boolean checkWeakPassword(String str) {
        HashSet hashSet = new HashSet(10000);
        boolean z = false;
        try {
            Stream<String> lines = Files.lines(Paths.get(new File(WEAK_PASSWORD_DIC_DIR).getCanonicalPath(), new String[0]), StandardCharsets.UTF_8);
            Throwable th = null;
            try {
                try {
                    lines.forEach(str2 -> {
                        hashSet.add(str2.toLowerCase(Locale.ENGLISH));
                    });
                    z = true;
                    if (lines != null) {
                        if (0 != 0) {
                            try {
                                lines.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            lines.close();
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (IOException e) {
            logger.error("Read filePath error.");
        }
        if (!z || !hashSet.contains(str.toLowerCase(Locale.ENGLISH))) {
            return true;
        }
        logger.error("Weak password. Enter another password");
        return false;
    }

    public void init() throws AuthException {
        User user;
        super.init();
        if (CommonDescriptor.getInstance().getConfig().getInternalUserName() == null || CommonDescriptor.getInstance().getConfig().getInternalUserPassword() == null) {
            logger.info("The built-in user does not need to be initialized.");
            return;
        }
        try {
            user = getUser(CommonDescriptor.getInstance().getConfig().getInternalUserName());
        } catch (AuthException e) {
            logger.warn("Cannot load admin, Creating a new one.", e);
            user = null;
        }
        if (user == null) {
            createUser(CommonDescriptor.getInstance().getConfig().getInternalUserName(), CrypterUtil.decrypt(CommonDescriptor.getInstance().getConfig().getInternalUserPassword()));
        }
        logger.info("internal username {} initialized", CommonDescriptor.getInstance().getConfig().getInternalUserName());
    }

    public boolean isAdmin(String str) {
        String internalUserName = CommonDescriptor.getInstance().getConfig().getInternalUserName();
        if (super.isAdmin(str)) {
            return true;
        }
        return internalUserName != null && internalUserName.equals(str);
    }
}
