package org.gridgain.grid.internal.processors.security;

import java.io.Externalizable;
import java.io.IOException;
import java.io.ObjectInput;
import java.io.ObjectOutput;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.ignite.internal.processors.security.SecurityContext;
import org.apache.ignite.internal.util.typedef.internal.S;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.plugin.security.SecurityPermissionSet;
import org.apache.ignite.plugin.security.SecuritySubject;

/* loaded from: input_file:org/gridgain/grid/internal/processors/security/GridSecurityContext.class */
public class GridSecurityContext implements SecurityContext, Externalizable {
    private static final long serialVersionUID = 0;
    private static final String VISOR_IGNITE_TASK_PREFIX = "org.apache.ignite.internal.visor.";
    private static final String VISOR_GRIDGAIN_TASK_PREFIX = "org.gridgain.grid.internal.visor.";
    public static final String VISOR_CACHE_QUERY_TASK_NAME = "org.apache.ignite.internal.visor.query.VisorQueryTask";
    public static final String VISOR_CACHE_LOAD_TASK_NAME = "org.apache.ignite.internal.visor.cache.VisorCacheLoadTask";
    public static final String VISOR_CACHE_CLEAR_TASK_NAME = "org.apache.ignite.internal.visor.query.VisorQueryCleanupTask";
    private SecuritySubject subj;
    private Map<String, Collection<SecurityPermission>> strictTaskPermissions = new LinkedHashMap();
    private Map<String, Collection<SecurityPermission>> wildcardTaskPermissions = new LinkedHashMap();
    private Map<String, Collection<SecurityPermission>> strictCachePermissions = new LinkedHashMap();
    private Map<String, Collection<SecurityPermission>> wildcardCachePermissions = new LinkedHashMap();
    private Collection<SecurityPermission> sysPermissions;
    static final /* synthetic */ boolean $assertionsDisabled;

    public GridSecurityContext() {
    }

    public GridSecurityContext(SecuritySubject securitySubject) {
        this.subj = securitySubject;
        initRules();
    }

    public SecuritySubject subject() {
        return this.subj;
    }

    public boolean taskOperationAllowed(String str, SecurityPermission securityPermission) {
        if (!$assertionsDisabled && securityPermission != SecurityPermission.TASK_EXECUTE && securityPermission != SecurityPermission.TASK_CANCEL) {
            throw new AssertionError();
        }
        if (visorTask(str)) {
            return visorTaskAllowed(str);
        }
        Collection<SecurityPermission> collection = this.strictTaskPermissions.get(str);
        if (collection != null) {
            return collection.contains(securityPermission);
        }
        for (Map.Entry<String, Collection<SecurityPermission>> entry : this.wildcardTaskPermissions.entrySet()) {
            if (str.startsWith(entry.getKey())) {
                return entry.getValue().contains(securityPermission);
            }
        }
        return this.subj.permissions().defaultAllowAll();
    }

    public boolean cacheOperationAllowed(String str, SecurityPermission securityPermission) {
        if (!$assertionsDisabled && securityPermission != SecurityPermission.CACHE_PUT && securityPermission != SecurityPermission.CACHE_READ && securityPermission != SecurityPermission.CACHE_REMOVE) {
            throw new AssertionError();
        }
        Collection<SecurityPermission> collection = this.strictCachePermissions.get(str);
        if (collection != null) {
            return collection.contains(securityPermission);
        }
        for (Map.Entry<String, Collection<SecurityPermission>> entry : this.wildcardCachePermissions.entrySet()) {
            if (str != null) {
                if (str.startsWith(entry.getKey())) {
                    return entry.getValue().contains(securityPermission);
                }
            } else if (entry.getKey().isEmpty()) {
                return entry.getValue().contains(securityPermission);
            }
        }
        return this.subj.permissions().defaultAllowAll();
    }

    public boolean systemOperationAllowed(SecurityPermission securityPermission) {
        if (this.sysPermissions == null) {
            return this.subj.permissions().defaultAllowAll();
        }
        boolean contains = this.sysPermissions.contains(securityPermission);
        if (!contains && (securityPermission == SecurityPermission.EVENTS_ENABLE || securityPermission == SecurityPermission.EVENTS_DISABLE)) {
            contains = this.sysPermissions.contains(SecurityPermission.ADMIN_VIEW);
        }
        return contains;
    }

    private boolean visorTask(String str) {
        return str.startsWith(VISOR_IGNITE_TASK_PREFIX) || str.startsWith(VISOR_GRIDGAIN_TASK_PREFIX);
    }

    private boolean visorTaskAllowed(String str) {
        if (this.sysPermissions == null) {
            return this.subj.permissions().defaultAllowAll();
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case -1154100674:
                if (str.equals(VISOR_CACHE_QUERY_TASK_NAME)) {
                    z = false;
                    break;
                }
                break;
            case 148332400:
                if (str.equals(VISOR_CACHE_CLEAR_TASK_NAME)) {
                    z = 2;
                    break;
                }
                break;
            case 190237572:
                if (str.equals(VISOR_CACHE_LOAD_TASK_NAME)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return this.sysPermissions.contains(SecurityPermission.ADMIN_QUERY);
            case true:
            case true:
                return this.sysPermissions.contains(SecurityPermission.ADMIN_CACHE);
            default:
                return this.sysPermissions.contains(SecurityPermission.ADMIN_VIEW);
        }
    }

    private void initRules() {
        SecurityPermissionSet permissions = this.subj.permissions();
        for (Map.Entry entry : permissions.taskPermissions().entrySet()) {
            String str = (String) entry.getKey();
            Collection<SecurityPermission> unmodifiableCollection = Collections.unmodifiableCollection((Collection) entry.getValue());
            if (str.endsWith("*")) {
                this.wildcardTaskPermissions.put(str.substring(0, str.length() - 1), unmodifiableCollection);
            } else {
                this.strictTaskPermissions.put(str, unmodifiableCollection);
            }
        }
        for (Map.Entry entry2 : permissions.cachePermissions().entrySet()) {
            String str2 = (String) entry2.getKey();
            Collection<SecurityPermission> unmodifiableCollection2 = Collections.unmodifiableCollection((Collection) entry2.getValue());
            if (str2 == null || !str2.endsWith("*")) {
                this.strictCachePermissions.put(str2, unmodifiableCollection2);
            } else {
                this.wildcardCachePermissions.put(str2.substring(0, str2.length() - 1), unmodifiableCollection2);
            }
        }
        this.sysPermissions = permissions.systemPermissions();
    }

    @Override // java.io.Externalizable
    public void writeExternal(ObjectOutput objectOutput) throws IOException {
        objectOutput.writeObject(this.subj);
    }

    @Override // java.io.Externalizable
    public void readExternal(ObjectInput objectInput) throws IOException, ClassNotFoundException {
        this.subj = (SecuritySubject) objectInput.readObject();
        initRules();
    }

    public String toString() {
        return S.toString(GridSecurityContext.class, this);
    }

    static {
        $assertionsDisabled = !GridSecurityContext.class.desiredAssertionStatus();
    }
}
