package org.apache.iotdb.db.auth;

import java.util.Iterator;
import java.util.List;
import org.apache.iotdb.db.auth.authorizer.BasicAuthorizer;
import org.apache.iotdb.db.auth.authorizer.IAuthorizer;
import org.apache.iotdb.db.auth.entity.PrivilegeType;
import org.apache.iotdb.db.conf.IoTDBConstant;
import org.apache.iotdb.db.conf.IoTDBDescriptor;
import org.apache.iotdb.db.metadata.PartialPath;
import org.apache.iotdb.db.qp.constant.SQLConstant;
import org.apache.iotdb.db.qp.logical.Operator;
import org.apache.iotdb.db.rescon.MemTableManager;
import org.apache.iotdb.db.writelog.io.SingleFileLogReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/iotdb/db/auth/AuthorityChecker.class */
public class AuthorityChecker {
    private static final String SUPER_USER = IoTDBDescriptor.getInstance().getConfig().getAdminName();
    private static final Logger logger = LoggerFactory.getLogger(AuthorityChecker.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.iotdb.db.auth.AuthorityChecker$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/iotdb/db/auth/AuthorityChecker$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType = new int[Operator.OperatorType.values().length];

        static {
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.GRANT_ROLE_PRIVILEGE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.CREATE_ROLE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.CREATE_USER.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.MODIFY_PASSWORD.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.GRANT_USER_PRIVILEGE.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.REVOKE_ROLE_PRIVILEGE.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.REVOKE_USER_PRIVILEGE.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.GRANT_USER_ROLE.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.DELETE_USER.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.DELETE_ROLE.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.REVOKE_USER_ROLE.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.SET_STORAGE_GROUP.ordinal()] = 12;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.CREATE_TIMESERIES.ordinal()] = 13;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.DELETE_TIMESERIES.ordinal()] = 14;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.DELETE.ordinal()] = 15;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.DROP_INDEX.ordinal()] = 16;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.QUERY.ordinal()] = 17;
            } catch (NoSuchFieldError e17) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.GROUP_BY_TIME.ordinal()] = 18;
            } catch (NoSuchFieldError e18) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.QUERY_INDEX.ordinal()] = 19;
            } catch (NoSuchFieldError e19) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.AGGREGATION.ordinal()] = 20;
            } catch (NoSuchFieldError e20) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.UDAF.ordinal()] = 21;
            } catch (NoSuchFieldError e21) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.UDTF.ordinal()] = 22;
            } catch (NoSuchFieldError e22) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.LAST.ordinal()] = 23;
            } catch (NoSuchFieldError e23) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.FILL.ordinal()] = 24;
            } catch (NoSuchFieldError e24) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.GROUP_BY_FILL.ordinal()] = 25;
            } catch (NoSuchFieldError e25) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.INSERT.ordinal()] = 26;
            } catch (NoSuchFieldError e26) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.LOAD_DATA.ordinal()] = 27;
            } catch (NoSuchFieldError e27) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.CREATE_INDEX.ordinal()] = 28;
            } catch (NoSuchFieldError e28) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.LIST_ROLE.ordinal()] = 29;
            } catch (NoSuchFieldError e29) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.LIST_ROLE_USERS.ordinal()] = 30;
            } catch (NoSuchFieldError e30) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.LIST_ROLE_PRIVILEGE.ordinal()] = 31;
            } catch (NoSuchFieldError e31) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.LIST_USER.ordinal()] = 32;
            } catch (NoSuchFieldError e32) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.LIST_USER_ROLES.ordinal()] = 33;
            } catch (NoSuchFieldError e33) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.LIST_USER_PRIVILEGE.ordinal()] = 34;
            } catch (NoSuchFieldError e34) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.CREATE_FUNCTION.ordinal()] = 35;
            } catch (NoSuchFieldError e35) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.DROP_FUNCTION.ordinal()] = 36;
            } catch (NoSuchFieldError e36) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.CREATE_TRIGGER.ordinal()] = 37;
            } catch (NoSuchFieldError e37) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.DROP_TRIGGER.ordinal()] = 38;
            } catch (NoSuchFieldError e38) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.START_TRIGGER.ordinal()] = 39;
            } catch (NoSuchFieldError e39) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.STOP_TRIGGER.ordinal()] = 40;
            } catch (NoSuchFieldError e40) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.CREATE_CONTINUOUS_QUERY.ordinal()] = 41;
            } catch (NoSuchFieldError e41) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[Operator.OperatorType.DROP_CONTINUOUS_QUERY.ordinal()] = 42;
            } catch (NoSuchFieldError e42) {
            }
        }
    }

    private AuthorityChecker() {
    }

    public static boolean check(String str, List<PartialPath> list, Operator.OperatorType operatorType, String str2) throws AuthException {
        if (SUPER_USER.equals(str)) {
            return true;
        }
        int translateToPermissionId = translateToPermissionId(operatorType);
        if (translateToPermissionId == -1) {
            return false;
        }
        if (translateToPermissionId == PrivilegeType.MODIFY_PASSWORD.ordinal() && str.equals(str2)) {
            return true;
        }
        if (list.isEmpty()) {
            return checkOnePath(str, null, translateToPermissionId);
        }
        Iterator<PartialPath> it = list.iterator();
        while (it.hasNext()) {
            if (!checkOnePath(str, it.next(), translateToPermissionId)) {
                return false;
            }
        }
        return true;
    }

    private static boolean checkOnePath(String str, PartialPath partialPath, int i) throws AuthException {
        String fullPath;
        IAuthorizer basicAuthorizer = BasicAuthorizer.getInstance();
        if (partialPath == null) {
            fullPath = "root";
        } else {
            try {
                fullPath = partialPath.getFullPath();
            } catch (AuthException e) {
                logger.error("Error occurs when checking the seriesPath {} for user {}", new Object[]{partialPath, str, e});
                return false;
            }
        }
        return basicAuthorizer.checkUserPrivileges(str, fullPath, i);
    }

    private static int translateToPermissionId(Operator.OperatorType operatorType) {
        switch (AnonymousClass1.$SwitchMap$org$apache$iotdb$db$qp$logical$Operator$OperatorType[operatorType.ordinal()]) {
            case 1:
                return PrivilegeType.GRANT_ROLE_PRIVILEGE.ordinal();
            case 2:
                return PrivilegeType.CREATE_ROLE.ordinal();
            case IoTDBConstant.FILE_NAME_SUFFIX_UNSEQMERGECNT_INDEX /* 3 */:
                return PrivilegeType.CREATE_USER.ordinal();
            case MemTableManager.MEMTABLE_NUM_FOR_EACH_PARTITION /* 4 */:
                return PrivilegeType.MODIFY_PASSWORD.ordinal();
            case 5:
                return PrivilegeType.GRANT_USER_PRIVILEGE.ordinal();
            case 6:
                return PrivilegeType.REVOKE_ROLE_PRIVILEGE.ordinal();
            case 7:
                return PrivilegeType.REVOKE_USER_PRIVILEGE.ordinal();
            case IoTDBConstant.MIN_SUPPORTED_JDK_VERSION /* 8 */:
                return PrivilegeType.GRANT_USER_ROLE.ordinal();
            case 9:
                return PrivilegeType.DELETE_USER.ordinal();
            case 10:
                return PrivilegeType.DELETE_ROLE.ordinal();
            case 11:
                return PrivilegeType.REVOKE_USER_ROLE.ordinal();
            case SingleFileLogReader.LEAST_LOG_SIZE /* 12 */:
                return PrivilegeType.SET_STORAGE_GROUP.ordinal();
            case 13:
                return PrivilegeType.CREATE_TIMESERIES.ordinal();
            case 14:
            case 15:
            case 16:
                return PrivilegeType.DELETE_TIMESERIES.ordinal();
            case 17:
            case 18:
            case 19:
            case 20:
            case 21:
            case 22:
            case SQLConstant.TOK_WHERE /* 23 */:
            case SQLConstant.TOK_INSERT /* 24 */:
            case SQLConstant.TOK_DELETE /* 25 */:
                return PrivilegeType.READ_TIMESERIES.ordinal();
            case SQLConstant.TOK_UPDATE /* 26 */:
            case SQLConstant.TOK_QUERY /* 27 */:
            case 28:
                return PrivilegeType.INSERT_TIMESERIES.ordinal();
            case 29:
            case 30:
            case SQLConstant.TOK_CREATE_INDEX /* 31 */:
                return PrivilegeType.LIST_ROLE.ordinal();
            case SQLConstant.TOK_DROP_INDEX /* 32 */:
            case SQLConstant.TOK_QUERY_INDEX /* 33 */:
            case SQLConstant.TOK_GRANT_WATERMARK_EMBEDDING /* 34 */:
                return PrivilegeType.LIST_USER.ordinal();
            case SQLConstant.TOK_REVOKE_WATERMARK_EMBEDDING /* 35 */:
                return PrivilegeType.CREATE_FUNCTION.ordinal();
            case 36:
                return PrivilegeType.DROP_FUNCTION.ordinal();
            case 37:
                return PrivilegeType.CREATE_TRIGGER.ordinal();
            case 38:
                return PrivilegeType.DROP_TRIGGER.ordinal();
            case 39:
                return PrivilegeType.START_TRIGGER.ordinal();
            case 40:
                return PrivilegeType.STOP_TRIGGER.ordinal();
            case SQLConstant.TOK_AUTHOR_CREATE /* 41 */:
                return PrivilegeType.CREATE_CONTINUOUS_QUERY.ordinal();
            case SQLConstant.TOK_AUTHOR_DROP /* 42 */:
                return PrivilegeType.DROP_CONTINUOUS_QUERY.ordinal();
            default:
                logger.error("Unrecognizable operator type ({}) for AuthorityChecker.", operatorType);
                return -1;
        }
    }
}
