package com.hazelcast.security;

import com.hazelcast.jet.core.ProcessorMetaSupplier;
import com.hazelcast.jet.impl.execution.init.Contexts;
import com.hazelcast.security.impl.function.SecuredFunction;
import com.hazelcast.security.permission.ActionConstants;
import com.hazelcast.security.permission.CachePermission;
import com.hazelcast.security.permission.ListPermission;
import com.hazelcast.security.permission.MapPermission;
import java.security.Permission;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.security.auth.Subject;

/* loaded from: input_file:BOOT-INF/lib/hazelcast-5.1.4.jar:com/hazelcast/security/PermissionsUtil.class */
public final class PermissionsUtil {
    private PermissionsUtil() {
    }

    @Nullable
    public static Permission checkRemote(@Nullable String str, @Nonnull Permission permission) {
        if (str == null) {
            return permission;
        }
        return null;
    }

    @Nullable
    public static Permission mapUpdatePermission(@Nullable String str, @Nonnull String str2) {
        return checkRemote(str, new MapPermission(str2, ActionConstants.ACTION_CREATE, ActionConstants.ACTION_PUT, "remove", ActionConstants.ACTION_READ));
    }

    @Nullable
    public static Permission mapPutPermission(@Nullable String str, @Nonnull String str2) {
        return checkRemote(str, new MapPermission(str2, ActionConstants.ACTION_CREATE, ActionConstants.ACTION_PUT));
    }

    @Nullable
    public static Permission cachePutPermission(@Nullable String str, @Nonnull String str2) {
        return checkRemote(str, new CachePermission(str2, ActionConstants.ACTION_CREATE, ActionConstants.ACTION_PUT));
    }

    @Nullable
    public static Permission listAddPermission(@Nullable String str, @Nonnull String str2) {
        return checkRemote(str, new ListPermission(str2, ActionConstants.ACTION_CREATE, "add"));
    }

    @Nullable
    public static Permission listReadPermission(@Nullable String str, @Nonnull String str2) {
        return checkRemote(str, new ListPermission(str2, ActionConstants.ACTION_CREATE, ActionConstants.ACTION_READ));
    }

    public static void checkPermission(SecuredFunction securedFunction, ProcessorMetaSupplier.Context context) {
        if (context instanceof Contexts.MetaSupplierCtx) {
            Contexts.MetaSupplierCtx metaSupplierCtx = (Contexts.MetaSupplierCtx) context;
            List<Permission> permissions = securedFunction.permissions();
            SecurityContext securityContext = metaSupplierCtx.nodeEngine().getNode().securityContext;
            Subject subject = metaSupplierCtx.subject();
            if (securityContext == null || permissions == null || permissions.isEmpty() || subject == null) {
                return;
            }
            permissions.forEach(permission -> {
                if (permission != null) {
                    securityContext.checkPermission(subject, permission);
                }
            });
        }
    }
}
