package org.gridgain.grid.security.passcode;

import java.util.HashMap;
import java.util.Map;
import javax.management.JMException;
import javax.management.ObjectName;
import org.apache.ignite.Ignite;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteException;
import org.apache.ignite.IgniteLogger;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.util.tostring.GridToStringExclude;
import org.apache.ignite.internal.util.typedef.internal.S;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.lifecycle.LifecycleAware;
import org.apache.ignite.plugin.security.AuthenticationContext;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecurityPermissionSet;
import org.apache.ignite.plugin.security.SecuritySubject;
import org.apache.ignite.plugin.security.SecuritySubjectType;
import org.apache.ignite.resources.IgniteInstanceResource;
import org.apache.ignite.resources.LoggerResource;
import org.gridgain.grid.internal.GridPluginUtils;
import org.gridgain.grid.internal.processors.security.SecuritySubjectAdapter;
import org.gridgain.grid.security.AuthenticationValidator;
import org.gridgain.grid.security.Authenticator;
import org.gridgain.grid.security.jaas.JaasAuthenticatorMBean;

/* loaded from: input_file:org/gridgain/grid/security/passcode/PasscodeAuthenticator.class */
public class PasscodeAuthenticator implements Authenticator, AuthenticationValidator, PasscodeAuthenticatorMBean, LifecycleAware {
    private ObjectName mBean;
    private Map<SecurityCredentials, SecurityPermissionSet> permissions;
    private AuthenticationAclProvider aclProvider;

    @IgniteInstanceResource
    @GridToStringExclude
    private Ignite ignite;

    @LoggerResource
    private IgniteLogger log;
    static final /* synthetic */ boolean $assertionsDisabled;

    public void setAclProvider(AuthenticationAclProvider authenticationAclProvider) {
        this.aclProvider = authenticationAclProvider;
    }

    @Override // org.gridgain.grid.security.passcode.PasscodeAuthenticatorMBean
    public String getPasscodesFormatted() {
        StringBuilder sb = new StringBuilder("Passcodes: [");
        String str = "";
        for (Map.Entry<SecurityCredentials, SecurityPermissionSet> entry : this.permissions.entrySet()) {
            sb.append(str).append(entry.getKey()).append("='").append(entry.getValue()).append("'");
            str = ", ";
        }
        return sb.append("]").toString();
    }

    @Override // org.gridgain.grid.security.AuthenticationValidator
    public Object validationToken() {
        HashMap hashMap = new HashMap();
        for (Map.Entry<SecurityCredentials, SecurityPermissionSet> entry : this.permissions.entrySet()) {
            hashMap.put(entry.getKey().getLogin(), entry.getValue());
        }
        return hashMap;
    }

    @Override // org.gridgain.grid.security.Authenticator
    public boolean supported(SecuritySubjectType securitySubjectType) {
        if ($assertionsDisabled || securitySubjectType != null) {
            return true;
        }
        throw new AssertionError();
    }

    @Override // org.gridgain.grid.security.Authenticator
    public boolean isGlobalNodeAuthentication() {
        return true;
    }

    public void start() {
        GridPluginUtils.assertParameter(this.aclProvider != null, "aclProvider != null");
        this.permissions = this.aclProvider.acl();
        if (this.permissions == null) {
            throw new IgniteException("Failed to start passcode authentication (ACL is empty).");
        }
        registerMBean();
    }

    public void stop() {
        unregisterMBean();
        if (this.log.isDebugEnabled()) {
            this.log.debug("Authenticator stopped ok.");
        }
    }

    private void registerMBean() {
        if (U.IGNITE_MBEANS_DISABLED) {
            return;
        }
        try {
            IgniteConfiguration configuration = this.ignite.configuration();
            this.mBean = U.registerMBean(configuration.getMBeanServer(), configuration.getIgniteInstanceName(), "authenticator", U.getSimpleName(getClass()), this, PasscodeAuthenticatorMBean.class);
        } catch (JMException e) {
            throw new IgniteException("Failed to register authenticator MBean: " + JaasAuthenticatorMBean.class, e);
        }
    }

    private void unregisterMBean() {
        if (this.mBean == null) {
            return;
        }
        try {
            this.ignite.configuration().getMBeanServer().unregisterMBean(this.mBean);
        } catch (JMException e) {
            throw new IgniteException("Failed to register authenticator MBean: " + JaasAuthenticatorMBean.class, e);
        }
    }

    @Override // org.gridgain.grid.security.Authenticator
    public SecuritySubject authenticate(AuthenticationContext authenticationContext) throws IgniteCheckedException {
        SecurityPermissionSet securityPermissionSet;
        if (!$assertionsDisabled && authenticationContext == null) {
            throw new AssertionError();
        }
        SecurityCredentials credentials = authenticationContext.credentials();
        if (credentials == null || (securityPermissionSet = this.permissions.get(credentials)) == null) {
            return null;
        }
        SecuritySubjectAdapter securitySubjectAdapter = new SecuritySubjectAdapter(authenticationContext.subjectType(), authenticationContext.subjectId());
        securitySubjectAdapter.permissions(securityPermissionSet);
        securitySubjectAdapter.address(authenticationContext.address());
        if (authenticationContext.credentials() != null) {
            securitySubjectAdapter.login(authenticationContext.credentials().getLogin());
        }
        return securitySubjectAdapter;
    }

    public String toString() {
        return S.toString(PasscodeAuthenticator.class, this);
    }

    static {
        $assertionsDisabled = !PasscodeAuthenticator.class.desiredAssertionStatus();
    }
}
