package org.apache.ignite.internal.processors.security;

import java.util.Collection;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteLogger;
import org.apache.ignite.cluster.ClusterNode;
import org.apache.ignite.internal.GridComponent;
import org.apache.ignite.internal.GridKernalContext;
import org.apache.ignite.internal.IgniteFeatures;
import org.apache.ignite.internal.IgniteInternalFuture;
import org.apache.ignite.internal.processors.GridProcessor;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.lang.IgniteFuture;
import org.apache.ignite.marshaller.MarshallerUtils;
import org.apache.ignite.marshaller.jdk.JdkMarshaller;
import org.apache.ignite.plugin.security.AuthenticationContext;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecurityException;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.plugin.security.SecuritySubject;
import org.apache.ignite.spi.IgniteNodeValidationResult;
import org.apache.ignite.spi.discovery.DiscoveryDataBag;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.class */
public class IgniteSecurityProcessor implements IgniteSecurity, GridProcessor {
    public static final String ATTR_GRID_SEC_PROC_CLASS = "grid.security.processor.class";
    private final GridKernalContext ctx;
    private final GridSecurityProcessor secPrc;
    private final JdkMarshaller marsh;
    private final IgniteLogger log;
    static final /* synthetic */ boolean $assertionsDisabled;
    private final ThreadLocal<SecurityContext> curSecCtx = ThreadLocal.withInitial(this::localSecurityContext);
    private final Map<UUID, SecurityContext> secCtxs = new ConcurrentHashMap();

    public IgniteSecurityProcessor(GridKernalContext gridKernalContext, GridSecurityProcessor gridSecurityProcessor) {
        if (!$assertionsDisabled && gridKernalContext == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && gridSecurityProcessor == null) {
            throw new AssertionError();
        }
        this.ctx = gridKernalContext;
        this.log = gridKernalContext.log(IgniteSecurityProcessor.class);
        this.secPrc = gridSecurityProcessor;
        this.marsh = MarshallerUtils.jdkMarshaller(gridKernalContext.igniteInstanceName());
    }

    @Override // org.apache.ignite.internal.processors.security.IgniteSecurity
    public OperationSecurityContext withContext(SecurityContext securityContext) {
        if (!$assertionsDisabled && securityContext == null) {
            throw new AssertionError();
        }
        this.secPrc.touch(securityContext);
        SecurityContext securityContext2 = this.curSecCtx.get();
        this.curSecCtx.set(securityContext);
        return new OperationSecurityContext(this, securityContext2);
    }

    @Override // org.apache.ignite.internal.processors.security.IgniteSecurity
    public OperationSecurityContext withContext(UUID uuid) {
        ClusterNode clusterNode = (ClusterNode) Optional.ofNullable(this.ctx.discovery().node(uuid)).orElseGet(() -> {
            return this.ctx.discovery().historicalNode(uuid);
        });
        SecurityContext computeIfAbsent = clusterNode != null ? this.secCtxs.computeIfAbsent(uuid, uuid2 -> {
            return SecurityUtils.nodeSecurityContext(this.marsh, U.resolveClassLoader(this.ctx.config()), clusterNode);
        }) : this.secPrc.securityContext(uuid);
        if (computeIfAbsent == null) {
            throw new IllegalStateException("Failed to find security context for subject with given ID : " + uuid);
        }
        return withContext(computeIfAbsent);
    }

    @Override // org.apache.ignite.internal.processors.security.IgniteSecurity
    public SecurityContext securityContext() {
        SecurityContext securityContext = this.curSecCtx.get();
        if ($assertionsDisabled || securityContext != null) {
            return securityContext;
        }
        throw new AssertionError();
    }

    @Override // org.apache.ignite.internal.processors.security.IgniteSecurity
    public SecurityContext authenticateNode(ClusterNode clusterNode, SecurityCredentials securityCredentials) throws IgniteCheckedException {
        return this.secPrc.authenticateNode(clusterNode, securityCredentials);
    }

    @Override // org.apache.ignite.internal.processors.security.IgniteSecurity
    public boolean isGlobalNodeAuthentication() {
        return this.secPrc.isGlobalNodeAuthentication();
    }

    @Override // org.apache.ignite.internal.processors.security.IgniteSecurity
    public SecurityContext authenticate(AuthenticationContext authenticationContext) throws IgniteCheckedException {
        return this.secPrc.authenticate(authenticationContext);
    }

    @Override // org.apache.ignite.internal.processors.security.IgniteSecurity
    public Collection<SecuritySubject> authenticatedSubjects() throws IgniteCheckedException {
        return this.secPrc.authenticatedSubjects();
    }

    @Override // org.apache.ignite.internal.processors.security.IgniteSecurity
    public SecuritySubject authenticatedSubject(UUID uuid) throws IgniteCheckedException {
        return this.secPrc.authenticatedSubject(uuid);
    }

    @Override // org.apache.ignite.internal.processors.security.IgniteSecurity
    public void onSessionExpired(UUID uuid) {
        this.secPrc.onSessionExpired(uuid);
    }

    @Override // org.apache.ignite.internal.processors.security.IgniteSecurity
    public void authorize(String str, SecurityPermission securityPermission) throws SecurityException {
        SecurityContext securityContext = this.curSecCtx.get();
        if (!$assertionsDisabled && securityContext == null) {
            throw new AssertionError();
        }
        this.secPrc.authorize(str, securityPermission, securityContext);
    }

    @Override // org.apache.ignite.internal.processors.security.IgniteSecurity
    public boolean enabled() {
        return true;
    }

    @Override // org.apache.ignite.internal.GridComponent
    public void start() throws IgniteCheckedException {
        this.ctx.addNodeAttribute(ATTR_GRID_SEC_PROC_CLASS, this.secPrc.getClass().getName());
        this.secPrc.start();
    }

    @Override // org.apache.ignite.internal.GridComponent
    public void stop(boolean z) throws IgniteCheckedException {
        this.secPrc.stop(z);
    }

    @Override // org.apache.ignite.internal.GridComponent
    public void onKernalStart(boolean z) throws IgniteCheckedException {
        this.ctx.event().addDiscoveryEventListener((discoveryEvent, discoCache) -> {
            this.secCtxs.remove(discoveryEvent.eventNode().id());
        }, 12, 11);
        this.secPrc.onKernalStart(z);
    }

    @Override // org.apache.ignite.internal.GridComponent
    public void onKernalStop(boolean z) {
        this.secPrc.onKernalStop(z);
    }

    @Override // org.apache.ignite.internal.GridComponent
    public void collectJoiningNodeData(DiscoveryDataBag discoveryDataBag) {
        this.secPrc.collectJoiningNodeData(discoveryDataBag);
    }

    @Override // org.apache.ignite.internal.GridComponent
    public void collectGridNodeData(DiscoveryDataBag discoveryDataBag) {
        this.secPrc.collectGridNodeData(discoveryDataBag);
    }

    @Override // org.apache.ignite.internal.GridComponent
    public void onGridDataReceived(DiscoveryDataBag.GridDiscoveryData gridDiscoveryData) {
        this.secPrc.onGridDataReceived(gridDiscoveryData);
    }

    @Override // org.apache.ignite.internal.GridComponent
    public void onJoiningNodeDataReceived(DiscoveryDataBag.JoiningNodeDiscoveryData joiningNodeDiscoveryData) {
        this.secPrc.onJoiningNodeDataReceived(joiningNodeDiscoveryData);
    }

    @Override // org.apache.ignite.internal.GridComponent
    public void printMemoryStats() {
        this.secPrc.printMemoryStats();
    }

    @Override // org.apache.ignite.internal.GridComponent
    @Nullable
    public IgniteNodeValidationResult validateNode(ClusterNode clusterNode) {
        IgniteNodeValidationResult validateSecProcClass = validateSecProcClass(clusterNode);
        return validateSecProcClass != null ? validateSecProcClass : this.secPrc.validateNode(clusterNode);
    }

    @Override // org.apache.ignite.internal.GridComponent
    @Nullable
    public IgniteNodeValidationResult validateNode(ClusterNode clusterNode, DiscoveryDataBag.JoiningNodeDiscoveryData joiningNodeDiscoveryData) {
        IgniteNodeValidationResult validateSecProcClass = validateSecProcClass(clusterNode);
        return validateSecProcClass != null ? validateSecProcClass : this.secPrc.validateNode(clusterNode, joiningNodeDiscoveryData);
    }

    @Override // org.apache.ignite.internal.GridComponent
    @Nullable
    public GridComponent.DiscoveryDataExchangeType discoveryDataType() {
        return this.secPrc.discoveryDataType();
    }

    @Override // org.apache.ignite.internal.GridComponent
    public void onDisconnected(IgniteFuture<?> igniteFuture) throws IgniteCheckedException {
        this.secPrc.onDisconnected(igniteFuture);
    }

    @Override // org.apache.ignite.internal.GridComponent
    @Nullable
    public IgniteInternalFuture<?> onReconnected(boolean z) throws IgniteCheckedException {
        return this.secPrc.onReconnected(z);
    }

    private SecurityContext localSecurityContext() {
        return SecurityUtils.nodeSecurityContext(this.marsh, U.resolveClassLoader(this.ctx.config()), this.ctx.discovery().localNode());
    }

    private IgniteNodeValidationResult validateSecProcClass(ClusterNode clusterNode) {
        String str = (String) clusterNode.attribute(ATTR_GRID_SEC_PROC_CLASS);
        String name = this.secPrc.getClass().getName();
        if (!IgniteFeatures.allNodesSupports(this.ctx, this.ctx.discovery().allNodes(), IgniteFeatures.IGNITE_SECURITY_PROCESSOR) || F.eq(name, str)) {
            return null;
        }
        return new IgniteNodeValidationResult(clusterNode.id(), String.format(IgniteSecurity.MSG_SEC_PROC_CLS_IS_INVALID, this.ctx.localNodeId(), clusterNode.id(), name, str), String.format(IgniteSecurity.MSG_SEC_PROC_CLS_IS_INVALID, clusterNode.id(), this.ctx.localNodeId(), str, name));
    }

    public GridSecurityProcessor gridSecurityProcessor() {
        return this.secPrc;
    }

    static {
        $assertionsDisabled = !IgniteSecurityProcessor.class.desiredAssertionStatus();
    }
}
