package org.apache.ignite.internal.processors.security.impl;

import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.cluster.ClusterNode;
import org.apache.ignite.internal.GridKernalContext;
import org.apache.ignite.internal.processors.GridProcessorAdapter;
import org.apache.ignite.internal.processors.security.GridSecurityProcessor;
import org.apache.ignite.internal.processors.security.SecurityContext;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.plugin.security.AuthenticationContext;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecurityException;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.plugin.security.SecurityPermissionSet;
import org.apache.ignite.plugin.security.SecuritySubject;
import org.apache.ignite.plugin.security.SecuritySubjectType;

/* loaded from: input_file:org/apache/ignite/internal/processors/security/impl/TestSecurityProcessor.class */
public class TestSecurityProcessor extends GridProcessorAdapter implements GridSecurityProcessor {
    public static final Map<SecurityCredentials, SecurityPermissionSet> PERMS = new ConcurrentHashMap();
    private static final Map<UUID, SecurityContext> SECURITY_CONTEXTS = new ConcurrentHashMap();
    private final TestSecurityData nodeSecData;
    private final Collection<TestSecurityData> predefinedAuthData;
    private final boolean globalAuth;

    public TestSecurityProcessor(GridKernalContext gridKernalContext, TestSecurityData testSecurityData, Collection<TestSecurityData> collection, boolean z) {
        super(gridKernalContext);
        this.nodeSecData = testSecurityData;
        this.predefinedAuthData = collection.isEmpty() ? Collections.emptyList() : new ArrayList<>(collection);
        this.globalAuth = z;
    }

    public SecurityContext authenticateNode(ClusterNode clusterNode, SecurityCredentials securityCredentials) {
        if (PERMS.containsKey(securityCredentials)) {
            return new TestSecurityContext(new TestSecuritySubject().setType(SecuritySubjectType.REMOTE_NODE).setId(clusterNode.id()).setAddr(new InetSocketAddress((String) F.first(clusterNode.addresses()), 0)).setLogin(securityCredentials.getLogin()).setPerms(PERMS.get(securityCredentials)));
        }
        return null;
    }

    public boolean isGlobalNodeAuthentication() {
        return this.globalAuth;
    }

    public SecurityContext authenticate(AuthenticationContext authenticationContext) {
        if (!PERMS.containsKey(authenticationContext.credentials())) {
            return null;
        }
        TestSecurityContext testSecurityContext = new TestSecurityContext(new TestSecuritySubject().setType(authenticationContext.subjectType()).setId(authenticationContext.subjectId()).setAddr(authenticationContext.address()).setLogin(authenticationContext.credentials().getLogin()).setPerms(PERMS.get(authenticationContext.credentials())));
        SECURITY_CONTEXTS.put(testSecurityContext.subject().id(), testSecurityContext);
        return testSecurityContext;
    }

    public Collection<SecuritySubject> authenticatedSubjects() {
        return Collections.emptyList();
    }

    public SecuritySubject authenticatedSubject(UUID uuid) {
        return null;
    }

    public SecurityContext securityContext(UUID uuid) {
        return SECURITY_CONTEXTS.get(uuid);
    }

    public void authorize(String str, SecurityPermission securityPermission, SecurityContext securityContext) throws SecurityException {
        if (!((TestSecurityContext) securityContext).operationAllowed(str, securityPermission)) {
            throw new SecurityException("Authorization failed [perm=" + securityPermission + ", name=" + str + ", subject=" + securityContext.subject() + ']');
        }
    }

    public void onSessionExpired(UUID uuid) {
    }

    public boolean enabled() {
        return true;
    }

    public void start() throws IgniteCheckedException {
        super.start();
        PERMS.put(this.nodeSecData.credentials(), this.nodeSecData.getPermissions());
        this.ctx.addNodeAttribute("org.apache.ignite.security.cred", this.nodeSecData.credentials());
        for (TestSecurityData testSecurityData : this.predefinedAuthData) {
            PERMS.put(testSecurityData.credentials(), testSecurityData.getPermissions());
        }
    }

    public void stop(boolean z) throws IgniteCheckedException {
        super.stop(z);
        PERMS.remove(this.nodeSecData.credentials());
        Iterator<TestSecurityData> it = this.predefinedAuthData.iterator();
        while (it.hasNext()) {
            PERMS.remove(it.next().credentials());
        }
    }
}
