package org.apache.ignite.internal.processors.odbc;

import java.security.cert.Certificate;
import java.util.Collections;
import java.util.Map;
import java.util.UUID;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.internal.GridKernalContext;
import org.apache.ignite.internal.processors.authentication.AuthorizationContext;
import org.apache.ignite.internal.processors.authentication.IgniteAccessControlException;
import org.apache.ignite.internal.processors.security.SecurityContext;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.plugin.security.AuthenticationContext;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecuritySubjectType;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:org/apache/ignite/internal/processors/odbc/ClientListenerAbstractConnectionContext.class */
public abstract class ClientListenerAbstractConnectionContext implements ClientListenerConnectionContext {
    protected final GridKernalContext ctx;
    private SecurityContext secCtx;
    private long connId;
    private AuthorizationContext authCtx;
    protected Map<String, String> userAttrs;

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientListenerAbstractConnectionContext(GridKernalContext gridKernalContext, long j) {
        this.ctx = gridKernalContext;
        this.connId = j;
    }

    public GridKernalContext kernalContext() {
        return this.ctx;
    }

    @Override // org.apache.ignite.internal.processors.odbc.ClientListenerConnectionContext
    @Nullable
    public SecurityContext securityContext() {
        return this.secCtx;
    }

    @Override // org.apache.ignite.internal.processors.odbc.ClientListenerConnectionContext
    @Nullable
    public AuthorizationContext authorizationContext() {
        return this.authCtx;
    }

    @Override // org.apache.ignite.internal.processors.odbc.ClientListenerConnectionContext
    public long connectionId() {
        return this.connId;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthorizationContext authenticate(Certificate[] certificateArr, String str, String str2) throws IgniteCheckedException {
        if (this.ctx.security().enabled()) {
            this.authCtx = authenticateExternal(certificateArr, str, str2).authorizationContext();
        } else if (!this.ctx.authentication().enabled()) {
            this.authCtx = null;
        } else {
            if (F.isEmpty(str)) {
                throw new IgniteAccessControlException("Unauthenticated sessions are prohibited.");
            }
            this.authCtx = this.ctx.authentication().authenticate(str, str2);
            if (this.authCtx == null) {
                throw new IgniteAccessControlException("Unknown authentication error.");
            }
        }
        return this.authCtx;
    }

    private AuthenticationContext authenticateExternal(Certificate[] certificateArr, String str, String str2) throws IgniteCheckedException {
        SecurityCredentials securityCredentials = new SecurityCredentials(str, str2);
        AuthenticationContext authenticationContext = new AuthenticationContext();
        authenticationContext.subjectType(SecuritySubjectType.REMOTE_CLIENT);
        authenticationContext.subjectId(UUID.randomUUID());
        authenticationContext.nodeAttributes(F.isEmpty(this.userAttrs) ? Collections.emptyMap() : this.userAttrs);
        authenticationContext.credentials(securityCredentials);
        authenticationContext.certificates(certificateArr);
        this.secCtx = this.ctx.security().authenticate(authenticationContext);
        if (this.secCtx == null) {
            throw new IgniteAccessControlException(String.format("The user name or password is incorrect [userName=%s]", str));
        }
        return authenticationContext;
    }

    @Override // org.apache.ignite.internal.processors.odbc.ClientListenerConnectionContext
    public void onDisconnected() {
        if (this.ctx.security().enabled()) {
            this.ctx.security().onSessionExpired(this.secCtx.subject().id());
        }
    }
}
