package org.apache.ignite.internal.processors.security.sandbox;

import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.util.Objects;
import java.util.concurrent.Callable;
import org.apache.ignite.IgniteException;
import org.apache.ignite.IgniteLogger;
import org.apache.ignite.internal.GridKernalContext;
import org.apache.ignite.internal.processors.security.IgniteSecurity;
import org.apache.ignite.internal.processors.security.SecurityContext;
import org.apache.ignite.internal.processors.security.SecurityUtils;
import org.apache.ignite.plugin.security.SecurityException;

/* loaded from: input_file:org/apache/ignite/internal/processors/security/sandbox/AccessControllerSandbox.class */
public class AccessControllerSandbox implements IgniteSandbox {
    private final IgniteSecurity security;
    private final IgniteLogger log;
    static final /* synthetic */ boolean $assertionsDisabled;

    public AccessControllerSandbox(GridKernalContext gridKernalContext, IgniteSecurity igniteSecurity) {
        this.security = igniteSecurity;
        this.log = gridKernalContext.log(getClass());
    }

    @Override // org.apache.ignite.internal.processors.security.sandbox.IgniteSandbox
    public <T> T execute(Callable<T> callable) throws IgniteException {
        Objects.requireNonNull(callable);
        if (!SecurityUtils.hasSecurityManager()) {
            throw new SecurityException("SecurityManager was, but it disappeared!");
        }
        SecurityContext securityContext = this.security.securityContext();
        if (!$assertionsDisabled && securityContext == null) {
            throw new AssertionError();
        }
        AccessControlContext accessControlContext = (AccessControlContext) AccessController.doPrivileged(() -> {
            return new AccessControlContext(AccessController.getContext(), new IgniteDomainCombiner(securityContext.subject().sandboxPermissions()));
        });
        if (this.log.isDebugEnabled()) {
            this.log.debug("Executing the action inside the sandbox [subjId=" + securityContext.subject().id() + "]");
        }
        try {
            Objects.requireNonNull(callable);
            return (T) AccessController.doPrivileged(callable::call, accessControlContext);
        } catch (PrivilegedActionException e) {
            throw new IgniteException(e.getException());
        }
    }

    @Override // org.apache.ignite.internal.processors.security.sandbox.IgniteSandbox
    public boolean enabled() {
        return true;
    }

    static {
        $assertionsDisabled = !AccessControllerSandbox.class.desiredAssertionStatus();
    }
}
