package org.gridgain.grid.internal.processors.security;

import java.io.Externalizable;
import java.io.IOException;
import java.io.ObjectInput;
import java.io.ObjectOutput;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import org.apache.ignite.internal.processors.security.SecurityContext;
import org.apache.ignite.internal.util.typedef.internal.S;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.plugin.security.SecurityPermissionSet;
import org.apache.ignite.plugin.security.SecuritySubject;
import org.gridgain.grid.internal.util.portable.GridPortableMarshaller;

/* loaded from: input_file:org/gridgain/grid/internal/processors/security/GridSecurityContext.class */
public class GridSecurityContext implements SecurityContext, Externalizable {
    private static final long serialVersionUID = 0;
    private static final String VISOR_IGNITE_TASK_PREFIX = "org.apache.ignite.internal.visor.";
    private static final String VISOR_GRIDGAIN_TASK_PREFIX = "org.gridgain.grid.internal.visor.";
    public static final String VISOR_CACHE_QUERY_TASK_NAME = "org.apache.ignite.internal.visor.query.VisorQueryTask";
    public static final String VISOR_GRIDGAIN_CACHE_QUERY_TASK_NAME = "org.gridgain.grid.internal.visor.query.VisorGridGainQueryTask";
    public static final String VISOR_CACHE_LOAD_TASK_NAME = "org.apache.ignite.internal.visor.cache.VisorCacheLoadTask";
    public static final String VISOR_CACHE_CLEAR_TASK_NAME = "org.apache.ignite.internal.visor.cache.VisorCacheClearTask";
    public static final String VISOR_CACHE_REBALANCE_TASK_NAME = "org.apache.ignite.internal.visor.cache.VisorCacheRebalanceTask";
    public static final String VISOR_CACHE_SWAP_BACKUPS_TASK_NAME = "org.apache.ignite.internal.visor.cache.VisorCacheSwapBackupsTask";
    public static final String VISOR_CACHE_METRICS_RESET_TASK_NAME = "org.apache.ignite.internal.visor.cache.VisorCacheResetMetricsTask";
    public static final String VISOR_CACHE_QUERY_METRICS_RESET_TASK_NAME = "org.apache.ignite.internal.visor.cache.VisorCacheResetQueryMetricsTask";
    public static final String VISOR_CACHE_QUERY_DETAIL_METRICS_COLLECTOR_TASK_NAME = "org.apache.ignite.internal.visor.cache.VisorCacheQueryDetailMetricsCollectorTask";
    public static final String VISOR_CACHE_QUERY_DETAIL_METRICS_RESET_TASK_NAME = "org.apache.ignite.internal.visor.cache.VisorCacheResetQueryDetailMetricsTask";
    public static final String VISOR_CACHE_START_TASK_NAME = "org.apache.ignite.internal.visor.cache.VisorCacheStartTask";
    public static final String VISOR_CACHE_STOP_TASK_NAME = "org.apache.ignite.internal.visor.cache.VisorCacheStopTask";
    public static final String VISOR_CACHE_AFFINITY_NODE_TASK_NAME = "org.apache.ignite.internal.visor.cache.VisorCacheAffinityNodeTask";
    public static final String VISOR_CACHE_PARTITIONS_TASK_NAME = "org.apache.ignite.internal.visor.cache.VisorCachePartitionsTask";
    public static final String VISOR_LICENSE_UPLOAD_TASK = "org.gridgain.grid.internal.visor.license.VisorLicenseUpdateTask";
    public static final String VISOR_NODE_GC_TASK = "org.apache.ignite.internal.visor.node.VisorNodeGcTask";
    public static final String VISOR_THREAD_DUMP_TASK = "org.apache.ignite.internal.visor.debug.VisorThreadDumpTask";
    public static final String VISOR_NODES_RESTART_TASK = "org.apache.ignite.internal.visor.node.VisorNodeRestartTask";
    public static final String VISOR_NODES_STOP_TASK = "org.apache.ignite.internal.visor.node.VisorNodeStopTask";
    public static final String VISOR_IGFS_FORMAT_TASK = "org.apache.ignite.internal.visor.igfs.VisorIgfsFormatTask";
    public static final String VISOR_DR_SENDER_CACHE_BOOTSTRAP_TASK = "org.gridgain.grid.internal.visor.dr.VisorDrSenderCacheBootstrapTask";
    public static final String VISOR_DR_SENDER_CACHE_CHANGE_REPLICATION_STATE_TASK = "org.gridgain.grid.internal.visor.dr.VisorDrSenderCacheChangeReplicationStateTask";
    public static final String VISOR_DR_RESET_METRICS_TASK = "org.gridgain.grid.internal.visor.dr.VisorDrResetMetricsTask";
    public static final String VISOR_RESET_COMPUTE_METRICS_TASK = "org.apache.ignite.internal.visor.compute.VisorComputeResetMetricsTask";
    public static final String IGNITE_KILL_TASK = "org.apache.ignite.internal.cluster.IgniteKillTask";
    public static final Set<String> VISOR_TASK_NAMES;
    private SecuritySubject subj;
    private Map<String, Collection<SecurityPermission>> strictTaskPermissions = new LinkedHashMap();
    private Map<String, Collection<SecurityPermission>> wildcardTaskPermissions = new LinkedHashMap();
    private Map<String, Collection<SecurityPermission>> strictCachePermissions = new LinkedHashMap();
    private Map<String, Collection<SecurityPermission>> wildcardCachePermissions = new LinkedHashMap();
    private Collection<SecurityPermission> sysPermissions;
    static final /* synthetic */ boolean $assertionsDisabled;

    public GridSecurityContext() {
    }

    public GridSecurityContext(SecuritySubject securitySubject) {
        this.subj = securitySubject;
        initRules();
    }

    public SecuritySubject subject() {
        return this.subj;
    }

    public boolean taskOperationAllowed(String str, SecurityPermission securityPermission) {
        if (!$assertionsDisabled && securityPermission != SecurityPermission.TASK_EXECUTE && securityPermission != SecurityPermission.TASK_CANCEL) {
            throw new AssertionError();
        }
        if (str != null && visorTask(str)) {
            return visorTaskAllowed(str);
        }
        if (str != null && internalTask(str)) {
            return internalTaskAllowed(str, securityPermission);
        }
        Collection<SecurityPermission> collection = this.strictTaskPermissions.get(str);
        if (collection != null) {
            return collection.contains(securityPermission);
        }
        for (Map.Entry<String, Collection<SecurityPermission>> entry : this.wildcardTaskPermissions.entrySet()) {
            if (str.startsWith(entry.getKey())) {
                return entry.getValue().contains(securityPermission);
            }
        }
        return this.subj.permissions().defaultAllowAll();
    }

    public boolean cacheOperationAllowed(String str, SecurityPermission securityPermission) {
        if (!$assertionsDisabled && securityPermission != SecurityPermission.CACHE_PUT && securityPermission != SecurityPermission.CACHE_READ && securityPermission != SecurityPermission.CACHE_REMOVE) {
            throw new AssertionError();
        }
        Collection<SecurityPermission> collection = this.strictCachePermissions.get(str);
        if (collection != null) {
            return collection.contains(securityPermission);
        }
        for (Map.Entry<String, Collection<SecurityPermission>> entry : this.wildcardCachePermissions.entrySet()) {
            if (str != null) {
                if (str.startsWith(entry.getKey())) {
                    return entry.getValue().contains(securityPermission);
                }
            } else if (entry.getKey().isEmpty()) {
                return entry.getValue().contains(securityPermission);
            }
        }
        return this.subj.permissions().defaultAllowAll();
    }

    public boolean systemOperationAllowed(SecurityPermission securityPermission) {
        if (this.sysPermissions == null) {
            return this.subj.permissions().defaultAllowAll();
        }
        boolean contains = this.sysPermissions.contains(securityPermission);
        if (!contains && (securityPermission == SecurityPermission.EVENTS_ENABLE || securityPermission == SecurityPermission.EVENTS_DISABLE)) {
            contains = this.sysPermissions.contains(SecurityPermission.ADMIN_VIEW) || this.sysPermissions.contains(SecurityPermission.ADMIN_OPS) || this.sysPermissions.contains(SecurityPermission.ADMIN_CACHE) || this.sysPermissions.contains(SecurityPermission.ADMIN_QUERY);
        }
        return contains;
    }

    private boolean internalTask(String str) {
        return str.contains(IGNITE_KILL_TASK);
    }

    private boolean visorTask(String str) {
        return str.startsWith(VISOR_IGNITE_TASK_PREFIX) || str.startsWith(VISOR_GRIDGAIN_TASK_PREFIX);
    }

    private boolean internalTaskAllowed(String str, SecurityPermission securityPermission) {
        if (this.sysPermissions == null) {
            return this.subj.permissions().defaultAllowAll();
        }
        if (!this.sysPermissions.contains(SecurityPermission.ADMIN_OPS)) {
            return false;
        }
        for (Map.Entry<String, Collection<SecurityPermission>> entry : this.wildcardTaskPermissions.entrySet()) {
            if (str.startsWith(entry.getKey()) && !entry.getValue().contains(securityPermission)) {
                return false;
            }
        }
        return true;
    }

    private boolean visorTaskAllowed(String str) {
        if (this.sysPermissions == null) {
            return this.subj.permissions().defaultAllowAll();
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case -2056762851:
                if (str.equals(VISOR_DR_RESET_METRICS_TASK)) {
                    z = 21;
                    break;
                }
                break;
            case -2032344419:
                if (str.equals(VISOR_THREAD_DUMP_TASK)) {
                    z = 16;
                    break;
                }
                break;
            case -1905775570:
                if (str.equals(VISOR_CACHE_START_TASK_NAME)) {
                    z = 10;
                    break;
                }
                break;
            case -1706085610:
                if (str.equals(VISOR_CACHE_QUERY_METRICS_RESET_TASK_NAME)) {
                    z = 7;
                    break;
                }
                break;
            case -1604260555:
                if (str.equals(VISOR_IGFS_FORMAT_TASK)) {
                    z = 19;
                    break;
                }
                break;
            case -1187376212:
                if (str.equals(VISOR_LICENSE_UPLOAD_TASK)) {
                    z = 14;
                    break;
                }
                break;
            case -1154100674:
                if (str.equals(VISOR_CACHE_QUERY_TASK_NAME)) {
                    z = false;
                    break;
                }
                break;
            case -1147846123:
                if (str.equals(VISOR_CACHE_REBALANCE_TASK_NAME)) {
                    z = 4;
                    break;
                }
                break;
            case -1047383911:
                if (str.equals(VISOR_CACHE_CLEAR_TASK_NAME)) {
                    z = 3;
                    break;
                }
                break;
            case -1022950414:
                if (str.equals(VISOR_RESET_COMPUTE_METRICS_TASK)) {
                    z = 23;
                    break;
                }
                break;
            case -874177938:
                if (str.equals(VISOR_NODES_STOP_TASK)) {
                    z = 18;
                    break;
                }
                break;
            case -749803512:
                if (str.equals(VISOR_NODE_GC_TASK)) {
                    z = 15;
                    break;
                }
                break;
            case -581665174:
                if (str.equals(VISOR_CACHE_SWAP_BACKUPS_TASK_NAME)) {
                    z = 5;
                    break;
                }
                break;
            case -554432401:
                if (str.equals(VISOR_CACHE_QUERY_DETAIL_METRICS_COLLECTOR_TASK_NAME)) {
                    z = 8;
                    break;
                }
                break;
            case -242898486:
                if (str.equals(VISOR_DR_SENDER_CACHE_BOOTSTRAP_TASK)) {
                    z = 20;
                    break;
                }
                break;
            case 59449504:
                if (str.equals(VISOR_CACHE_STOP_TASK_NAME)) {
                    z = 11;
                    break;
                }
                break;
            case 177251048:
                if (str.equals(VISOR_CACHE_AFFINITY_NODE_TASK_NAME)) {
                    z = 12;
                    break;
                }
                break;
            case 190237572:
                if (str.equals(VISOR_CACHE_LOAD_TASK_NAME)) {
                    z = 2;
                    break;
                }
                break;
            case 291402691:
                if (str.equals(VISOR_DR_SENDER_CACHE_CHANGE_REPLICATION_STATE_TASK)) {
                    z = 22;
                    break;
                }
                break;
            case 684996350:
                if (str.equals(VISOR_GRIDGAIN_CACHE_QUERY_TASK_NAME)) {
                    z = true;
                    break;
                }
                break;
            case 972176261:
                if (str.equals(VISOR_CACHE_QUERY_DETAIL_METRICS_RESET_TASK_NAME)) {
                    z = 9;
                    break;
                }
                break;
            case 1377518861:
                if (str.equals(VISOR_NODES_RESTART_TASK)) {
                    z = 17;
                    break;
                }
                break;
            case 1778780455:
                if (str.equals(VISOR_CACHE_PARTITIONS_TASK_NAME)) {
                    z = 13;
                    break;
                }
                break;
            case 1987312402:
                if (str.equals(VISOR_CACHE_METRICS_RESET_TASK_NAME)) {
                    z = 6;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
                return this.sysPermissions.contains(SecurityPermission.ADMIN_QUERY);
            case true:
            case true:
            case true:
            case true:
            case GridPortableMarshaller.DOUBLE /* 6 */:
            case GridPortableMarshaller.CHAR /* 7 */:
            case GridPortableMarshaller.BOOLEAN /* 8 */:
            case GridPortableMarshaller.STRING /* 9 */:
            case true:
            case GridPortableMarshaller.DATE /* 11 */:
            case GridPortableMarshaller.BYTE_ARR /* 12 */:
            case GridPortableMarshaller.SHORT_ARR /* 13 */:
                return this.sysPermissions.contains(SecurityPermission.ADMIN_CACHE);
            case GridPortableMarshaller.INT_ARR /* 14 */:
            case GridPortableMarshaller.LONG_ARR /* 15 */:
            case true:
            case GridPortableMarshaller.DOUBLE_ARR /* 17 */:
            case GridPortableMarshaller.CHAR_ARR /* 18 */:
            case GridPortableMarshaller.BOOLEAN_ARR /* 19 */:
            case GridPortableMarshaller.STRING_ARR /* 20 */:
            case GridPortableMarshaller.UUID_ARR /* 21 */:
            case GridPortableMarshaller.DATE_ARR /* 22 */:
            case GridPortableMarshaller.OBJ_ARR /* 23 */:
                return this.sysPermissions.contains(SecurityPermission.ADMIN_OPS);
            default:
                return VISOR_TASK_NAMES.contains(str) && (this.sysPermissions.contains(SecurityPermission.ADMIN_VIEW) || this.sysPermissions.contains(SecurityPermission.ADMIN_QUERY) || this.sysPermissions.contains(SecurityPermission.ADMIN_CACHE) || this.sysPermissions.contains(SecurityPermission.ADMIN_OPS));
        }
    }

    private void initRules() {
        SecurityPermissionSet permissions = this.subj.permissions();
        for (Map.Entry entry : permissions.taskPermissions().entrySet()) {
            String str = (String) entry.getKey();
            Collection<SecurityPermission> unmodifiableCollection = Collections.unmodifiableCollection((Collection) entry.getValue());
            if (str.endsWith("*")) {
                this.wildcardTaskPermissions.put(str.substring(0, str.length() - 1), unmodifiableCollection);
            } else {
                this.strictTaskPermissions.put(str, unmodifiableCollection);
            }
        }
        for (Map.Entry entry2 : permissions.cachePermissions().entrySet()) {
            String str2 = (String) entry2.getKey();
            Collection<SecurityPermission> unmodifiableCollection2 = Collections.unmodifiableCollection((Collection) entry2.getValue());
            if (str2 == null || !str2.endsWith("*")) {
                this.strictCachePermissions.put(str2, unmodifiableCollection2);
            } else {
                this.wildcardCachePermissions.put(str2.substring(0, str2.length() - 1), unmodifiableCollection2);
            }
        }
        this.sysPermissions = permissions.systemPermissions();
    }

    @Override // java.io.Externalizable
    public void writeExternal(ObjectOutput objectOutput) throws IOException {
        objectOutput.writeObject(this.subj);
    }

    @Override // java.io.Externalizable
    public void readExternal(ObjectInput objectInput) throws IOException, ClassNotFoundException {
        this.subj = (SecuritySubject) objectInput.readObject();
        initRules();
    }

    public String toString() {
        return S.toString(GridSecurityContext.class, this);
    }

    static {
        $assertionsDisabled = !GridSecurityContext.class.desiredAssertionStatus();
        VISOR_TASK_NAMES = new HashSet(Arrays.asList("org.apache.ignite.internal.visor.VisorMultiNodeTask", "org.apache.ignite.internal.visor.misc.VisorAckTask", "org.apache.ignite.internal.visor.cache.VisorCacheMetricsCollectorTask", VISOR_CACHE_START_TASK_NAME, "org.apache.ignite.internal.visor.compute.VisorComputeCancelSessionsTask", "org.apache.ignite.internal.visor.compute.VisorComputeToggleMonitoringTask", "org.gridgain.grid.internal.visor.license.VisorLicenseCollectorTask", "org.apache.ignite.internal.visor.log.VisorLogSearchTask", "org.apache.ignite.internal.visor.node.VisorNodeDataCollectorTask", "org.gridgain.grid.internal.visor.node.VisorGridGainNodeDataCollectorTask", "org.apache.ignite.internal.visor.node.VisorNodeEventsCollectorTask", "org.gridgain.grid.internal.visor.node.VisorGridGainNodeEventsCollectorTask", VISOR_NODE_GC_TASK, VISOR_NODES_RESTART_TASK, VISOR_NODES_STOP_TASK, "org.apache.ignite.internal.visor.node.VisorNodeSuppressedErrorsTask", "org.apache.ignite.internal.visor.VisorOneNodeTask", VISOR_CACHE_CLEAR_TASK_NAME, "org.apache.ignite.internal.visor.cache.VisorCacheConfigurationCollectorTask", "org.gridgain.grid.internal.visor.cache.VisorGridGainCacheConfigurationCollectorTask", VISOR_CACHE_LOAD_TASK_NAME, "org.apache.ignite.internal.visor.cache.VisorCacheMetadataTask", "org.apache.ignite.internal.visor.cache.VisorCacheNodesTask", VISOR_CACHE_REBALANCE_TASK_NAME, VISOR_CACHE_METRICS_RESET_TASK_NAME, VISOR_CACHE_QUERY_METRICS_RESET_TASK_NAME, "org.apache.ignite.internal.visor.cache.VisorCacheQueryMetricsCollectorTask", VISOR_CACHE_STOP_TASK_NAME, VISOR_CACHE_SWAP_BACKUPS_TASK_NAME, VISOR_RESET_COMPUTE_METRICS_TASK, VISOR_DR_RESET_METRICS_TASK, VISOR_DR_SENDER_CACHE_BOOTSTRAP_TASK, VISOR_DR_SENDER_CACHE_CHANGE_REPLICATION_STATE_TASK, "org.apache.ignite.internal.visor.file.VisorFileBlockTask", VISOR_IGFS_FORMAT_TASK, "org.apache.ignite.internal.visor.igfs.VisorIgfsProfilerClearTask", "org.apache.ignite.internal.visor.igfs.VisorIgfsProfilerTask", "org.apache.ignite.internal.visor.igfs.VisorIgfsResetMetricsTask", "org.apache.ignite.internal.visor.igfs.VisorIgfsSamplingStateTask", "org.apache.ignite.internal.visor.file.VisorLatestTextFilesTask", "org.apache.ignite.internal.visor.misc.VisorLatestVersionTask", VISOR_LICENSE_UPLOAD_TASK, "org.apache.ignite.internal.visor.node.VisorNodeConfigurationCollectorTask", "org.gridgain.grid.internal.visor.node.VisorGridGainNodeConfigurationCollectorTask", "org.apache.ignite.internal.visor.node.VisorNodePingTask", "org.gridgain.grid.internal.visor.portables.VisorPortableMetadataCollectorTask", "org.apache.ignite.internal.visor.query.VisorQueryNextPageTask", VISOR_CACHE_QUERY_TASK_NAME, VISOR_GRIDGAIN_CACHE_QUERY_TASK_NAME, "org.apache.ignite.internal.visor.misc.VisorResolveHostNameTask", "org.gridgain.grid.internal.visor.security.VisorSecurityCollectorTask", VISOR_THREAD_DUMP_TASK, "org.apache.ignite.internal.visor.query.VisorQueryCleanupTask", "org.apache.ignite.internal.visor.misc.VisorNopTask", "org.apache.ignite.internal.visor.compute.VisorGatewayTask"));
    }
}
