package com.hazelcast.jet.impl;

import com.hazelcast.config.Config;
import com.hazelcast.config.PermissionConfig;
import com.hazelcast.config.SecurityConfig;
import com.hazelcast.instance.impl.EnterpriseNodeExtension;
import com.hazelcast.instance.impl.Node;
import com.hazelcast.internal.serialization.InternalSerializationService;
import com.hazelcast.jet.impl.operation.ExportSnapshotOperation;
import com.hazelcast.jet.impl.serialization.DelegatingEnterpriseSerializationService;
import com.hazelcast.license.domain.Feature;
import com.hazelcast.license.util.LicenseHelper;
import com.hazelcast.security.impl.SecurityServiceImpl;
import com.hazelcast.security.permission.ActionConstants;
import com.hazelcast.spi.impl.operationservice.Operation;
import com.hazelcast.spi.properties.HazelcastProperties;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/hazelcast/jet/impl/EnterpriseJetServiceBackend.class */
public class EnterpriseJetServiceBackend extends JetServiceBackend {
    private final Node node;

    public EnterpriseJetServiceBackend(Node node) {
        super(node);
        this.node = node;
    }

    @Override // com.hazelcast.jet.impl.JetServiceBackend
    JobCoordinationService createJobCoordinationService() {
        return new EnterpriseJobCoordinationService(getNodeEngine(), this, getJetConfig(), getJobRepository());
    }

    @Override // com.hazelcast.jet.impl.JetServiceBackend
    public EnterpriseJobCoordinationService getJobCoordinationService() {
        return (EnterpriseJobCoordinationService) super.getJobCoordinationService();
    }

    @Override // com.hazelcast.jet.impl.JetServiceBackend
    public InternalSerializationService createSerializationService(Map<String, String> map) {
        return DelegatingEnterpriseSerializationService.from(getNodeEngine().getSerializationService(), map);
    }

    @Override // com.hazelcast.jet.impl.JetServiceBackend
    public Operation createExportSnapshotOperation(long j, String str, boolean z) {
        LicenseHelper.checkLicensePerFeature(((EnterpriseNodeExtension) getNodeEngine().getNode().getNodeExtension()).getLicense(), Feature.STREAMING_JOB_UPGRADES);
        return new ExportSnapshotOperation(j, str, z);
    }

    @Override // com.hazelcast.jet.impl.JetServiceBackend
    public void configureJetInternalObjects(Config config, HazelcastProperties hazelcastProperties) {
        super.configureJetInternalObjects(config, hazelcastProperties);
        SecurityConfig securityConfig = config.getSecurityConfig();
        if (securityConfig.isEnabled()) {
            Set<PermissionConfig> clientPermissionConfigs = securityConfig.getClientPermissionConfigs();
            HashSet hashSet = new HashSet();
            for (PermissionConfig permissionConfig : clientPermissionConfigs) {
                String name = permissionConfig.getName();
                if (name != null && name.startsWith(JobRepository.INTERNAL_JET_OBJECTS_PREFIX)) {
                    throw new IllegalArgumentException("Explicitly configuring internal Jet data-structures is forbidden");
                }
                if (permissionConfig.getType() == PermissionConfig.PermissionType.JOB) {
                    if (hasAction(permissionConfig, ActionConstants.ACTION_SUBMIT)) {
                        hashSet.add(newFlakeIdGeneratorPermission(permissionConfig));
                    }
                    if (hasAction(permissionConfig, ActionConstants.ACTION_ADD_RESOURCES)) {
                        hashSet.add(newResourcesPermission(permissionConfig));
                    }
                    if (hasAction(permissionConfig, ActionConstants.ACTION_EXPORT_SNAPSHOT)) {
                        hashSet.add(newSnapshotPermission(permissionConfig));
                    }
                }
            }
            clientPermissionConfigs.addAll(hashSet);
            ((SecurityServiceImpl) this.node.getSecurityService()).setPermissionConfigs(SecurityServiceImpl.clonePermissionConfigs(clientPermissionConfigs));
        }
    }

    private boolean hasAction(PermissionConfig permissionConfig, String str) {
        Set<String> actions = permissionConfig.getActions();
        return actions.contains(str) || actions.contains(ActionConstants.ACTION_ALL);
    }

    private PermissionConfig newFlakeIdGeneratorPermission(PermissionConfig permissionConfig) {
        PermissionConfig permissionConfig2 = new PermissionConfig(PermissionConfig.PermissionType.FLAKE_ID_GENERATOR, JobRepository.RANDOM_ID_GENERATOR_NAME, permissionConfig.getPrincipal());
        permissionConfig2.setEndpoints(permissionConfig.getEndpoints());
        permissionConfig2.addAction(ActionConstants.ACTION_ALL);
        return permissionConfig2;
    }

    private PermissionConfig newResourcesPermission(PermissionConfig permissionConfig) {
        return newMapPermission(permissionConfig, "resources*");
    }

    private PermissionConfig newSnapshotPermission(PermissionConfig permissionConfig) {
        return newMapPermission(permissionConfig, "exportedSnapshot*");
    }

    private PermissionConfig newMapPermission(PermissionConfig permissionConfig, String str) {
        PermissionConfig permissionConfig2 = new PermissionConfig(PermissionConfig.PermissionType.MAP, JobRepository.INTERNAL_JET_OBJECTS_PREFIX + str, permissionConfig.getPrincipal());
        permissionConfig2.setEndpoints(permissionConfig.getEndpoints());
        permissionConfig2.addAction(ActionConstants.ACTION_ALL);
        return permissionConfig2;
    }
}
