package org.gridgain.grid.internal.processors.security;

import java.io.Externalizable;
import java.io.IOException;
import java.io.ObjectInput;
import java.io.ObjectOutput;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.ignite.IgniteSystemProperties;
import org.apache.ignite.internal.processors.security.SecurityContext;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.internal.util.typedef.internal.S;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.plugin.security.SecurityPermissionSet;
import org.apache.ignite.plugin.security.SecuritySubject;

/* loaded from: input_file:org/gridgain/grid/internal/processors/security/GridSecurityContext.class */
public class GridSecurityContext implements SecurityContext, Externalizable {
    private static final long serialVersionUID = 0;
    private SecuritySubject subj;
    private Map<String, Collection<SecurityPermission>> strictTaskPerms = new LinkedHashMap();
    private Map<String, Collection<SecurityPermission>> wildcardTaskPerms = new LinkedHashMap();
    private Map<String, Collection<SecurityPermission>> strictSrvcPerms = new LinkedHashMap();
    private Map<String, Collection<SecurityPermission>> wildcardSrvcPerms = new LinkedHashMap();
    private Map<String, Collection<SecurityPermission>> strictCachePerms = new LinkedHashMap();
    private Map<String, Collection<SecurityPermission>> wildcardCachePerms = new LinkedHashMap();
    private Collection<SecurityPermission> sysPerms;
    static final /* synthetic */ boolean $assertionsDisabled;

    public GridSecurityContext() {
    }

    public GridSecurityContext(SecuritySubject securitySubject) {
        this.subj = securitySubject;
        initRules();
    }

    @Override // org.apache.ignite.internal.processors.security.SecurityContext
    public SecuritySubject subject() {
        return this.subj;
    }

    @Override // org.apache.ignite.internal.processors.security.SecurityContext
    public boolean taskOperationAllowed(String str, SecurityPermission securityPermission) {
        if (!$assertionsDisabled && securityPermission != SecurityPermission.TASK_EXECUTE && securityPermission != SecurityPermission.TASK_CANCEL) {
            throw new AssertionError(securityPermission);
        }
        Collection<SecurityPermission> collection = this.strictTaskPerms.get(str);
        if (collection != null) {
            return collection.contains(securityPermission);
        }
        for (Map.Entry<String, Collection<SecurityPermission>> entry : this.wildcardTaskPerms.entrySet()) {
            if (str.startsWith(entry.getKey())) {
                return entry.getValue().contains(securityPermission);
            }
        }
        return this.subj.permissions().defaultAllowAll();
    }

    @Override // org.apache.ignite.internal.processors.security.SecurityContext
    public boolean cacheOperationAllowed(String str, SecurityPermission securityPermission) {
        if (!$assertionsDisabled && securityPermission != SecurityPermission.CACHE_PUT && securityPermission != SecurityPermission.CACHE_READ && securityPermission != SecurityPermission.CACHE_REMOVE && securityPermission != SecurityPermission.CACHE_CREATE && securityPermission != SecurityPermission.CACHE_DESTROY) {
            throw new AssertionError(securityPermission);
        }
        Collection<SecurityPermission> collection = this.strictCachePerms.get(str);
        if (collection != null) {
            return collection.contains(securityPermission);
        }
        for (Map.Entry<String, Collection<SecurityPermission>> entry : this.wildcardCachePerms.entrySet()) {
            if (str != null) {
                if (str.startsWith(entry.getKey())) {
                    return entry.getValue().contains(securityPermission);
                }
            } else if (entry.getKey().isEmpty()) {
                return entry.getValue().contains(securityPermission);
            }
        }
        return this.subj.permissions().defaultAllowAll();
    }

    @Override // org.apache.ignite.internal.processors.security.SecurityContext
    public boolean serviceOperationAllowed(String str, SecurityPermission securityPermission) {
        if (!$assertionsDisabled && securityPermission != SecurityPermission.SERVICE_DEPLOY && securityPermission != SecurityPermission.SERVICE_CANCEL && securityPermission != SecurityPermission.SERVICE_INVOKE) {
            throw new AssertionError(securityPermission);
        }
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        Collection<SecurityPermission> collection = this.strictSrvcPerms.get(str);
        if (collection != null) {
            return collection.contains(securityPermission);
        }
        for (Map.Entry<String, Collection<SecurityPermission>> entry : this.wildcardSrvcPerms.entrySet()) {
            if (str.startsWith(entry.getKey())) {
                return entry.getValue().contains(securityPermission);
            }
        }
        return this.subj.permissions().defaultAllowAll();
    }

    @Override // org.apache.ignite.internal.processors.security.SecurityContext
    public boolean systemOperationAllowed(SecurityPermission securityPermission) {
        if (!$assertionsDisabled && securityPermission != SecurityPermission.EVENTS_ENABLE && securityPermission != SecurityPermission.EVENTS_DISABLE && securityPermission != SecurityPermission.ADMIN_VIEW && securityPermission != SecurityPermission.ADMIN_CACHE && securityPermission != SecurityPermission.ADMIN_QUERY && securityPermission != SecurityPermission.ADMIN_OPS && securityPermission != SecurityPermission.CACHE_DESTROY && securityPermission != SecurityPermission.CACHE_CREATE && securityPermission != SecurityPermission.JOIN_AS_SERVER && securityPermission != SecurityPermission.CHANGE_SNAPSHOT_SECURITY_LEVEL && securityPermission != SecurityPermission.SET_QUERY_MEMORY_QUOTA && securityPermission != SecurityPermission.GET_QUERY_VIEWS && securityPermission != SecurityPermission.KILL_QUERY && securityPermission != SecurityPermission.ADMIN_METADATA_OPS && securityPermission != SecurityPermission.ADMIN_READ_DISTRIBUTED_PROPERTY && securityPermission != SecurityPermission.ADMIN_WRITE_DISTRIBUTED_PROPERTY && securityPermission != SecurityPermission.REFRESH_STATISTICS && securityPermission != SecurityPermission.CHANGE_STATISTICS) {
            throw new AssertionError();
        }
        if (IgniteSystemProperties.getBoolean(IgniteSystemProperties.IGNITE_DFLT_ALLOW_EMPTY_SYS_PERMISSIONS)) {
            if (this.sysPerms == null) {
                return this.subj.permissions().defaultAllowAll();
            }
        } else if (F.isEmpty((Collection<?>) this.sysPerms)) {
            return this.subj.permissions().defaultAllowAll();
        }
        boolean contains = this.sysPerms.contains(securityPermission);
        if (!contains && (securityPermission == SecurityPermission.EVENTS_ENABLE || securityPermission == SecurityPermission.EVENTS_DISABLE)) {
            contains = this.sysPerms.contains(SecurityPermission.ADMIN_VIEW) || this.sysPerms.contains(SecurityPermission.ADMIN_OPS) || this.sysPerms.contains(SecurityPermission.ADMIN_CACHE) || this.sysPerms.contains(SecurityPermission.ADMIN_QUERY);
        }
        return contains;
    }

    private void initRules() {
        SecurityPermissionSet permissions = this.subj.permissions();
        initRules(permissions.taskPermissions(), this.wildcardTaskPerms, this.strictTaskPerms);
        initRules(permissions.cachePermissions(), this.wildcardCachePerms, this.strictCachePerms);
        initRules(permissions.servicePermissions(), this.wildcardSrvcPerms, this.strictSrvcPerms);
        this.sysPerms = permissions.systemPermissions();
    }

    private void initRules(Map<String, Collection<SecurityPermission>> map, Map<String, Collection<SecurityPermission>> map2, Map<String, Collection<SecurityPermission>> map3) {
        for (Map.Entry<String, Collection<SecurityPermission>> entry : map.entrySet()) {
            String key = entry.getKey();
            Collection<SecurityPermission> unmodifiableCollection = Collections.unmodifiableCollection(entry.getValue());
            if (key == null || !key.endsWith("*")) {
                map3.put(key, unmodifiableCollection);
            } else {
                map2.put(key.substring(0, key.length() - 1), unmodifiableCollection);
            }
        }
    }

    @Override // java.io.Externalizable
    public void writeExternal(ObjectOutput objectOutput) throws IOException {
        objectOutput.writeObject(this.subj);
    }

    @Override // java.io.Externalizable
    public void readExternal(ObjectInput objectInput) throws IOException, ClassNotFoundException {
        this.subj = (SecuritySubject) objectInput.readObject();
        initRules();
    }

    public String toString() {
        return S.toString((Class<GridSecurityContext>) GridSecurityContext.class, this);
    }

    static {
        $assertionsDisabled = !GridSecurityContext.class.desiredAssertionStatus();
    }
}
