package org.gridgain.grid.internal.processors.security;

import java.io.Serializable;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.UUID;
import javax.cache.Cache;
import javax.cache.processor.EntryProcessor;
import javax.cache.processor.EntryProcessorException;
import javax.cache.processor.MutableEntry;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteException;
import org.apache.ignite.cluster.ClusterNode;
import org.apache.ignite.events.Event;
import org.apache.ignite.internal.GridKernalContext;
import org.apache.ignite.internal.IgniteInternalFuture;
import org.apache.ignite.internal.cluster.ClusterTopologyCheckedException;
import org.apache.ignite.internal.managers.eventstorage.GridLocalEventListener;
import org.apache.ignite.internal.processors.GridProcessorAdapter;
import org.apache.ignite.internal.processors.cache.CacheEntryPredicate;
import org.apache.ignite.internal.processors.cache.IgniteInternalCache;
import org.apache.ignite.internal.processors.security.GridSecurityProcessor;
import org.apache.ignite.internal.processors.security.SecurityContext;
import org.apache.ignite.internal.util.lang.GridPlainCallable;
import org.apache.ignite.internal.util.typedef.CI1;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.lang.IgnitePredicate;
import org.apache.ignite.lifecycle.LifecycleAware;
import org.apache.ignite.plugin.security.AuthenticationContext;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecurityCredentialsProvider;
import org.apache.ignite.plugin.security.SecurityException;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.plugin.security.SecurityPermissionSet;
import org.apache.ignite.plugin.security.SecuritySubject;
import org.apache.ignite.plugin.security.SecuritySubjectType;
import org.gridgain.grid.GridGain;
import org.gridgain.grid.events.AuthenticationEvent;
import org.gridgain.grid.events.AuthorizationEvent;
import org.gridgain.grid.events.EventType;
import org.gridgain.grid.internal.GridPluginNodeAttributes;
import org.gridgain.grid.security.Authenticator;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:org/gridgain/grid/internal/processors/security/GridEntSecurityProcessor.class */
public class GridEntSecurityProcessor extends GridProcessorAdapter implements GridSecurityProcessor {
    private static final int TOP_HISTORY_SEARCH_SIZE = 5;
    private static final int ADD_TO_CACHE_RETRIES_CNT = 5;
    private static final SecurityPermissionSet ALLOW_ALL;
    private GridAuthenticatorHandler authHnd;
    private SecurityContext locNodeSecurityCtx;
    private final Authenticator authenticator;
    private GridSecurityImpl security;
    private SecurityCredentialsProvider securityCred;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.gridgain.grid.internal.processors.security.GridEntSecurityProcessor$6, reason: invalid class name */
    /* loaded from: input_file:org/gridgain/grid/internal/processors/security/GridEntSecurityProcessor$6.class */
    public static /* synthetic */ class AnonymousClass6 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$ignite$plugin$security$SecurityPermission = new int[SecurityPermission.values().length];

        static {
            try {
                $SwitchMap$org$apache$ignite$plugin$security$SecurityPermission[SecurityPermission.CACHE_READ.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$ignite$plugin$security$SecurityPermission[SecurityPermission.CACHE_PUT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$ignite$plugin$security$SecurityPermission[SecurityPermission.CACHE_REMOVE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$ignite$plugin$security$SecurityPermission[SecurityPermission.TASK_EXECUTE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$ignite$plugin$security$SecurityPermission[SecurityPermission.TASK_CANCEL.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$ignite$plugin$security$SecurityPermission[SecurityPermission.EVENTS_DISABLE.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$ignite$plugin$security$SecurityPermission[SecurityPermission.EVENTS_ENABLE.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/gridgain/grid/internal/processors/security/GridEntSecurityProcessor$AddSubjectNode.class */
    public static class AddSubjectNode implements EntryProcessor<GridSecuritySubjectKey, GridSecuritySubjectDescriptor, Void>, Serializable {
        private static final long serialVersionUID = 0;
        private SecuritySubject subj;
        private UUID nodeId;

        private AddSubjectNode(SecuritySubject securitySubject, UUID uuid) {
            this.subj = securitySubject;
            this.nodeId = uuid;
        }

        public Void process(MutableEntry<GridSecuritySubjectKey, GridSecuritySubjectDescriptor> mutableEntry, Object... objArr) {
            GridSecuritySubjectDescriptor gridSecuritySubjectDescriptor = (GridSecuritySubjectDescriptor) mutableEntry.getValue();
            if (gridSecuritySubjectDescriptor == null) {
                mutableEntry.setValue(new GridSecuritySubjectDescriptor(this.subj, Collections.singletonList(this.nodeId)));
                return null;
            }
            HashSet hashSet = new HashSet(gridSecuritySubjectDescriptor.activeNodes());
            hashSet.add(this.nodeId);
            mutableEntry.setValue(new GridSecuritySubjectDescriptor(gridSecuritySubjectDescriptor.subject(), hashSet));
            return null;
        }

        /* renamed from: process, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ Object m163process(MutableEntry mutableEntry, Object[] objArr) throws EntryProcessorException {
            return process((MutableEntry<GridSecuritySubjectKey, GridSecuritySubjectDescriptor>) mutableEntry, objArr);
        }
    }

    /* loaded from: input_file:org/gridgain/grid/internal/processors/security/GridEntSecurityProcessor$RemoveSubjectNode.class */
    private static class RemoveSubjectNode implements EntryProcessor<GridSecuritySubjectKey, GridSecuritySubjectDescriptor, Void>, Serializable {
        private static final long serialVersionUID = 0;
        private UUID nodeId;

        private RemoveSubjectNode(UUID uuid) {
            this.nodeId = uuid;
        }

        public Void process(MutableEntry<GridSecuritySubjectKey, GridSecuritySubjectDescriptor> mutableEntry, Object... objArr) {
            GridSecuritySubjectDescriptor gridSecuritySubjectDescriptor = (GridSecuritySubjectDescriptor) mutableEntry.getValue();
            if (gridSecuritySubjectDescriptor == null) {
                return null;
            }
            HashSet hashSet = new HashSet(gridSecuritySubjectDescriptor.activeNodes());
            hashSet.remove(this.nodeId);
            if (hashSet.isEmpty()) {
                mutableEntry.remove();
                return null;
            }
            mutableEntry.setValue(new GridSecuritySubjectDescriptor(gridSecuritySubjectDescriptor.subject(), hashSet));
            return null;
        }

        /* renamed from: process, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ Object m164process(MutableEntry mutableEntry, Object[] objArr) throws EntryProcessorException {
            return process((MutableEntry<GridSecuritySubjectKey, GridSecuritySubjectDescriptor>) mutableEntry, objArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/gridgain/grid/internal/processors/security/GridEntSecurityProcessor$VerifySubjectNodes.class */
    public static class VerifySubjectNodes implements EntryProcessor<GridSecuritySubjectKey, GridSecuritySubjectDescriptor, Void>, Serializable {
        private static final long serialVersionUID = 0;
        private Collection<UUID> topSnapshot;

        private VerifySubjectNodes(Collection<UUID> collection) {
            this.topSnapshot = collection;
        }

        public Void process(MutableEntry<GridSecuritySubjectKey, GridSecuritySubjectDescriptor> mutableEntry, Object... objArr) {
            GridSecuritySubjectDescriptor gridSecuritySubjectDescriptor = (GridSecuritySubjectDescriptor) mutableEntry.getValue();
            if (gridSecuritySubjectDescriptor == null) {
                return null;
            }
            HashSet hashSet = new HashSet();
            for (UUID uuid : gridSecuritySubjectDescriptor.activeNodes()) {
                if (this.topSnapshot.contains(uuid)) {
                    hashSet.add(uuid);
                }
            }
            if (hashSet.isEmpty()) {
                mutableEntry.remove();
                return null;
            }
            mutableEntry.setValue(new GridSecuritySubjectDescriptor(gridSecuritySubjectDescriptor.subject(), hashSet));
            return null;
        }

        /* renamed from: process, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ Object m165process(MutableEntry mutableEntry, Object[] objArr) throws EntryProcessorException {
            return process((MutableEntry<GridSecuritySubjectKey, GridSecuritySubjectDescriptor>) mutableEntry, objArr);
        }
    }

    public GridEntSecurityProcessor(GridKernalContext gridKernalContext) {
        super(gridKernalContext);
        GridGain gridGain = (GridGain) gridKernalContext.pluginProvider(GridGain.PLUGIN_NAME).plugin();
        this.authenticator = gridGain.configuration().getAuthenticator();
        this.securityCred = gridGain.configuration().getSecurityCredentialsProvider();
    }

    public void start() throws IgniteCheckedException {
        this.authHnd = new GridAuthenticatorHandler(this.authenticator);
        if (this.authenticator != null) {
            this.ctx.resource().injectGeneric(this.authenticator);
            if (this.authenticator instanceof LifecycleAware) {
                this.authenticator.start();
            }
        }
        try {
            boolean z = this.authenticator != null;
            SecurityCredentialsProvider securityCredentialsProvider = this.securityCred;
            if (securityCredentialsProvider != null) {
                SecurityCredentials credentials = securityCredentialsProvider.credentials();
                if (credentials != null) {
                    this.ctx.addNodeAttribute("org.apache.ignite.security.cred", credentials);
                } else if (z) {
                    throw new IgniteCheckedException("Failed to start node (authentication is configured, by security credentials provider returned null).");
                }
            } else if (z) {
                throw new IgniteCheckedException("Failed to start node (authentication is configured, but security credentials provider is not set. Fix the configuration and restart the node).");
            }
            if (enabled()) {
                this.ctx.addNodeAttribute(GridPluginNodeAttributes.ATTR_AUTHENTICATION_CLASS, this.authenticator.getClass().getName());
            }
            if (this.log.isDebugEnabled()) {
                this.log.debug("Processor started ok: " + getClass().getName());
            }
            this.security = new GridSecurityImpl(this, this.ctx);
        } catch (IgniteCheckedException e) {
            throw new IgniteCheckedException("Failed to create node security credentials", e);
        }
    }

    public void stop(boolean z) throws IgniteCheckedException {
        if (this.authenticator == null || !(this.authenticator instanceof LifecycleAware)) {
            return;
        }
        this.authenticator.stop();
    }

    public void onKernalStart() throws IgniteCheckedException {
        if (enabled() && !this.ctx.isDaemon()) {
            this.ctx.event().addLocalEventListener(new GridLocalEventListener() { // from class: org.gridgain.grid.internal.processors.security.GridEntSecurityProcessor.1
                public void onEvent(Event event) {
                    GridEntSecurityProcessor.this.checkDescriptorsCache();
                }
            }, 12, new int[]{11});
        }
        this.locNodeSecurityCtx = nodeSecurityContext(this.ctx.discovery().localNode());
        checkConfiguration();
    }

    /* JADX INFO: Access modifiers changed from: private */
    @NotNull
    public <K, V> IgniteInternalCache<K, V> descriptorsCache() {
        return this.ctx.cache().utilityCache();
    }

    private void checkConfiguration() {
        Iterator it = this.ctx.discovery().remoteNodes().iterator();
        while (it.hasNext()) {
            checkConfigurationConsistency(this.ctx.discovery().localNode(), (ClusterNode) it.next());
        }
        Iterator it2 = this.ctx.discovery().daemonNodes().iterator();
        while (it2.hasNext()) {
            checkConfigurationConsistency(this.ctx.discovery().localNode(), (ClusterNode) it2.next());
        }
    }

    private void checkConfigurationConsistency(ClusterNode clusterNode, ClusterNode clusterNode2) {
        String str = (String) clusterNode.attribute(GridPluginNodeAttributes.ATTR_AUTHENTICATION_CLASS);
        String str2 = (String) clusterNode2.attribute(GridPluginNodeAttributes.ATTR_AUTHENTICATION_CLASS);
        String name = enabled() ? this.authenticator.getClass().getName() : "null";
        if (str == null && str2 != null) {
            throw new IgniteException("Local authenticator is not configured [name=" + name + ']');
        }
        if (str2 == null && str != null) {
            throw new IgniteException("Remote authenticator with the same name is not configured [name=" + name + ", loc=" + str + ']');
        }
        if (str != null && !str.equals(str2)) {
            throw new IgniteException("Remote authenticator with the same name is of different type [name=" + name + ", loc=" + str + ", rmt=" + str2 + ']');
        }
    }

    public SecurityContext authenticateNode(ClusterNode clusterNode, SecurityCredentials securityCredentials) throws IgniteCheckedException {
        AuthenticationContext authenticationContext = new AuthenticationContext();
        authenticationContext.subjectType(SecuritySubjectType.REMOTE_NODE);
        authenticationContext.subjectId(clusterNode.id());
        authenticationContext.credentials(securityCredentials);
        authenticationContext.address(new InetSocketAddress((String) F.first(clusterNode.addresses()), 0));
        return authenticate(authenticationContext);
    }

    public boolean isGlobalNodeAuthentication() {
        return this.authenticator != null && this.authenticator.isGlobalNodeAuthentication();
    }

    public SecurityContext authenticate(AuthenticationContext authenticationContext) throws IgniteCheckedException {
        if (!$assertionsDisabled && this.authHnd == null) {
            throw new AssertionError();
        }
        SecuritySubject securitySubject = null;
        try {
            securitySubject = this.authHnd.authenticate(authenticationContext);
            Object login = authenticationContext.credentials() == null ? null : authenticationContext.credentials().getLogin();
            if (securitySubject != null) {
                if (authenticationContext.subjectType() == SecuritySubjectType.REMOTE_CLIENT) {
                    addToCache(securitySubject, 5);
                }
                if (this.ctx.event().isRecordable(1001)) {
                    recordAuthenticationEvent(1001, authenticationContext.subjectType(), authenticationContext.subjectId(), login);
                }
            } else if (this.ctx.event().isRecordable(1002)) {
                recordAuthenticationEvent(1002, authenticationContext.subjectType(), authenticationContext.subjectId(), login);
            }
            if (securitySubject == null) {
                return null;
            }
            return new GridSecurityContext(securitySubject);
        } catch (Throwable th) {
            Object login2 = authenticationContext.credentials() == null ? null : authenticationContext.credentials().getLogin();
            if (securitySubject != null) {
                if (authenticationContext.subjectType() == SecuritySubjectType.REMOTE_CLIENT) {
                    addToCache(securitySubject, 5);
                }
                if (this.ctx.event().isRecordable(1001)) {
                    recordAuthenticationEvent(1001, authenticationContext.subjectType(), authenticationContext.subjectId(), login2);
                }
            } else if (this.ctx.event().isRecordable(1002)) {
                recordAuthenticationEvent(1002, authenticationContext.subjectType(), authenticationContext.subjectId(), login2);
            }
            throw th;
        }
    }

    public Collection<SecuritySubject> authenticatedSubjects() throws IgniteCheckedException {
        if (!enabled()) {
            return Collections.emptyList();
        }
        Collection nodes = this.ctx.discovery().nodes(this.ctx.discovery().topologyVersion());
        ArrayList arrayList = new ArrayList(nodes.size());
        Iterator it = nodes.iterator();
        while (it.hasNext()) {
            arrayList.add(nodeSecurityContext((ClusterNode) it.next()).subject());
        }
        IgniteInternalCache descriptorsCache = descriptorsCache();
        descriptorsCache.context().gate().enter();
        try {
            for (Cache.Entry entry : descriptorsCache.entrySetx(new CacheEntryPredicate[0])) {
                if (entry.getKey() instanceof GridSecuritySubjectKey) {
                    arrayList.add(((GridSecuritySubjectDescriptor) entry.getValue()).subject());
                }
            }
            return arrayList;
        } finally {
            descriptorsCache.context().gate().leave();
        }
    }

    public SecuritySubject authenticatedSubject(UUID uuid) throws IgniteCheckedException {
        if (!enabled()) {
            return null;
        }
        ClusterNode node = this.ctx.discovery().node(uuid);
        if (node != null) {
            return nodeSecurityContext(node).subject();
        }
        IgniteInternalCache descriptorsCache = descriptorsCache();
        descriptorsCache.context().gate().enter();
        try {
            GridSecuritySubjectDescriptor gridSecuritySubjectDescriptor = (GridSecuritySubjectDescriptor) descriptorsCache.get(new GridSecuritySubjectKey(uuid));
            descriptorsCache.context().gate().leave();
            if (gridSecuritySubjectDescriptor != null) {
                return gridSecuritySubjectDescriptor.subject();
            }
            long j = this.ctx.discovery().topologyVersion();
            long j2 = j;
            while (true) {
                long j3 = j2 - 1;
                if (j3 <= 1 || j - j3 <= 5) {
                    return null;
                }
                for (ClusterNode clusterNode : this.ctx.discovery().topology(j3)) {
                    if (clusterNode.id().equals(uuid)) {
                        return nodeSecurityContext(clusterNode).subject();
                    }
                }
                j2 = j3;
            }
        } catch (Throwable th) {
            descriptorsCache.context().gate().leave();
            throw th;
        }
    }

    public void authorize(String str, SecurityPermission securityPermission, @Nullable SecurityContext securityContext) throws SecurityException {
        boolean systemOperationAllowed;
        if (enabled()) {
            if (securityContext == null) {
                try {
                    securityContext = this.locNodeSecurityCtx;
                } catch (IgniteCheckedException e) {
                    throw new IgniteException("Failed to get local node security context.", e);
                }
            }
            if (securityContext == null) {
                securityContext = nodeSecurityContext(this.ctx.discovery().localNode());
            }
            if (!$assertionsDisabled && securityContext == null) {
                throw new AssertionError();
            }
            switch (AnonymousClass6.$SwitchMap$org$apache$ignite$plugin$security$SecurityPermission[securityPermission.ordinal()]) {
                case 1:
                case 2:
                case 3:
                    systemOperationAllowed = securityContext.cacheOperationAllowed(str, securityPermission);
                    break;
                case 4:
                case 5:
                    systemOperationAllowed = securityContext.taskOperationAllowed(str, securityPermission);
                    break;
                case 6:
                case 7:
                    systemOperationAllowed = securityContext.systemOperationAllowed(securityPermission);
                    break;
                default:
                    throw new IllegalStateException("Invalid security permission: " + securityPermission);
            }
            SecuritySubject subject = securityContext.subject();
            if (systemOperationAllowed) {
                recordAuthorisationEvent(EventType.EVT_AUTHORIZATION_SUCCEEDED, securityPermission, subject, str);
            } else {
                recordAuthorisationEvent(EventType.EVT_AUTHORIZATION_FAILED, securityPermission, subject, str);
                throw new SecurityException("Authorization failed [perm=" + securityPermission + ", name=" + str + ", subject=" + subject + ']');
            }
        }
    }

    public void onSessionExpired(final UUID uuid) {
        if (enabled()) {
            descriptorsCache().invokeAsync(new GridSecuritySubjectKey(uuid), new RemoveSubjectNode(this.ctx.localNodeId()), new Object[0]).listen(new CI1<IgniteInternalFuture<?>>() { // from class: org.gridgain.grid.internal.processors.security.GridEntSecurityProcessor.2
                public void apply(IgniteInternalFuture<?> igniteInternalFuture) {
                    try {
                        igniteInternalFuture.get();
                    } catch (IgniteCheckedException e) {
                        U.error(GridEntSecurityProcessor.this.log, "Failed to update security subject cache: " + uuid, e);
                    }
                }
            });
        }
    }

    public boolean enabled() {
        return this.authenticator != null;
    }

    public GridSecurityImpl security() {
        return this.security;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkDescriptorsCache() {
        long j = Long.MAX_VALUE;
        final Collection nodes = this.ctx.discovery().nodes(this.ctx.discovery().topologyVersion());
        Iterator it = nodes.iterator();
        while (it.hasNext()) {
            j = Math.min(((ClusterNode) it.next()).order(), j);
        }
        if (this.ctx.discovery().localNode().order() == j) {
            this.ctx.closure().callLocalSafe(new GridPlainCallable<Object>() { // from class: org.gridgain.grid.internal.processors.security.GridEntSecurityProcessor.3
                public Object call() throws Exception {
                    GridEntSecurityProcessor.this.verifyDescriptorsCache(GridEntSecurityProcessor.this.descriptorsCache(), nodes);
                    return null;
                }
            }, false);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void verifyDescriptorsCache(IgniteInternalCache<Object, Object> igniteInternalCache, Collection<ClusterNode> collection) {
        ArrayList arrayList = new ArrayList(F.viewReadOnly(collection, F.node2id(), new IgnitePredicate[0]));
        Iterator it = igniteInternalCache.iterator();
        while (it.hasNext()) {
            Cache.Entry entry = (Cache.Entry) it.next();
            if (entry.getKey() instanceof GridSecuritySubjectKey) {
                GridSecuritySubjectKey gridSecuritySubjectKey = (GridSecuritySubjectKey) entry.getKey();
                final UUID subjectId = gridSecuritySubjectKey.subjectId();
                igniteInternalCache.invokeAsync(gridSecuritySubjectKey, new VerifySubjectNodes(arrayList), new Object[0]).listen(new CI1<IgniteInternalFuture<?>>() { // from class: org.gridgain.grid.internal.processors.security.GridEntSecurityProcessor.4
                    private static final long serialVersionUID = 0;

                    public void apply(IgniteInternalFuture<?> igniteInternalFuture) {
                        try {
                            igniteInternalFuture.get();
                        } catch (IgniteCheckedException e) {
                            U.error(GridEntSecurityProcessor.this.log, "Failed to update descriptors cache for key: " + subjectId, e);
                        }
                    }
                });
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void addToCache(final SecuritySubject securitySubject, final int i) {
        if (enabled()) {
            descriptorsCache().invokeAsync(new GridSecuritySubjectKey(securitySubject.id()), new AddSubjectNode(securitySubject, this.ctx.localNodeId()), new Object[0]).listen(new CI1<IgniteInternalFuture<?>>() { // from class: org.gridgain.grid.internal.processors.security.GridEntSecurityProcessor.5
                private static final long serialVersionUID = 0;

                public void apply(IgniteInternalFuture<?> igniteInternalFuture) {
                    try {
                        igniteInternalFuture.get();
                    } catch (IgniteCheckedException e) {
                        U.error(GridEntSecurityProcessor.this.log, "Failed to update security subject cache: " + securitySubject, e);
                    } catch (ClusterTopologyCheckedException e2) {
                        if (i > 0) {
                            GridEntSecurityProcessor.this.addToCache(securitySubject, i - 1);
                        } else {
                            U.error(GridEntSecurityProcessor.this.log, "Failed to update security subject cache: " + securitySubject, e2);
                        }
                    }
                }
            });
        }
    }

    private void recordAuthenticationEvent(int i, SecuritySubjectType securitySubjectType, UUID uuid, Object obj) {
        String str;
        if (this.ctx.event().isRecordable(i)) {
            if (i == 1001) {
                str = "Authentication procedure succeeded.";
            } else {
                if (!$assertionsDisabled && i != 1002) {
                    throw new AssertionError();
                }
                str = "Authentication procedure failed.";
            }
            this.ctx.event().record(new AuthenticationEvent(this.ctx.discovery().localNode(), str, i, securitySubjectType, uuid, obj));
        }
    }

    private void recordAuthorisationEvent(int i, SecurityPermission securityPermission, SecuritySubject securitySubject, String str) {
        Object obj;
        String format;
        if (this.ctx.event().isRecordable(i)) {
            if (i == 1005) {
                obj = "succeeded";
            } else {
                if (!$assertionsDisabled && i != 1006) {
                    throw new AssertionError();
                }
                obj = "failed";
            }
            switch (AnonymousClass6.$SwitchMap$org$apache$ignite$plugin$security$SecurityPermission[securityPermission.ordinal()]) {
                case 1:
                case 2:
                case 3:
                    format = String.format("Authorization %s [permission: %s, cache: %s]", obj, securityPermission, str);
                    break;
                case 4:
                case 5:
                    format = String.format("Authorization %s [permission: %s, task: %s]", obj, securityPermission, str);
                    break;
                default:
                    format = String.format("Authorization procedure %s [permission: %s]", obj, securityPermission);
                    break;
            }
            this.ctx.event().record(new AuthorizationEvent(this.ctx.discovery().localNode(), format, i, securityPermission, securitySubject));
        }
    }

    private SecurityContext nodeSecurityContext(ClusterNode clusterNode) throws IgniteCheckedException {
        byte[] bArr = (byte[]) clusterNode.attribute("org.apache.ignite.security.subject");
        if (bArr != null) {
            return (SecurityContext) this.ctx.config().getMarshaller().unmarshal(bArr, (ClassLoader) null);
        }
        SecuritySubjectAdapter securitySubjectAdapter = new SecuritySubjectAdapter(SecuritySubjectType.REMOTE_NODE, clusterNode.id());
        securitySubjectAdapter.address(new InetSocketAddress((String) F.first(clusterNode.addresses()), 0));
        securitySubjectAdapter.permissions(ALLOW_ALL);
        return new GridSecurityContext(securitySubjectAdapter);
    }

    static {
        $assertionsDisabled = !GridEntSecurityProcessor.class.desiredAssertionStatus();
        ALLOW_ALL = new AllowAllPermissionSet();
    }
}
