package org.neo4j.internal.kernel.api.security;

import java.util.Collections;
import java.util.Set;
import org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo;
import org.neo4j.internal.kernel.api.security.AccessMode;
import org.neo4j.internal.kernel.api.security.LoginContext;
import org.neo4j.kernel.api.exceptions.Status;
import org.neo4j.kernel.database.PrivilegeDatabaseReference;
import org.neo4j.messages.MessageUtil;

/* loaded from: input_file:org/neo4j/internal/kernel/api/security/SecurityContext.class */
public class SecurityContext extends LoginContext {
    protected final AccessMode mode;
    private final String database;
    public static final SecurityContext AUTH_DISABLED = authDisabled(AccessMode.Static.FULL, ClientConnectionInfo.EMBEDDED_CONNECTION, null);

    public SecurityContext(AuthSubject authSubject, AccessMode accessMode, ClientConnectionInfo clientConnectionInfo, String str) {
        super(authSubject, clientConnectionInfo);
        this.mode = accessMode;
        this.database = str;
    }

    public AccessMode mode() {
        return this.mode;
    }

    public DatabaseAccessMode databaseAccessMode() {
        return DatabaseAccessMode.FULL;
    }

    public String database() {
        return this.database;
    }

    public PermissionState allowExecuteAdminProcedure(int i) {
        return PermissionState.EXPLICIT_GRANT;
    }

    public PermissionState allowsAdminAction(AdminActionOnResource adminActionOnResource) {
        return PermissionState.EXPLICIT_GRANT;
    }

    public Set<String> roles() {
        return Collections.emptySet();
    }

    @Override // org.neo4j.internal.kernel.api.security.LoginContext
    public SecurityContext authorize(LoginContext.IdLookup idLookup, PrivilegeDatabaseReference privilegeDatabaseReference, AbstractSecurityLog abstractSecurityLog) {
        return this;
    }

    public SecurityContext withMode(AccessMode accessMode) {
        return new SecurityContext(this.subject, accessMode, connectionInfo(), database());
    }

    public SecurityContext withMode(AdminAccessMode adminAccessMode) {
        return new SecurityContext(this.subject, this.mode, connectionInfo(), database());
    }

    public void assertCredentialsNotExpired(SecurityAuthorizationHandler securityAuthorizationHandler) {
        if (AuthenticationResult.PASSWORD_CHANGE_REQUIRED.equals(subject().getAuthenticationResult())) {
            throw securityAuthorizationHandler.logAndGetAuthorizationException(this, SecurityAuthorizationHandler.generateCredentialsExpiredMessage("Permission denied."), Status.Security.CredentialsExpired);
        }
    }

    public String description() {
        return MessageUtil.withUser(subject().executingUser(), mode().name());
    }

    protected String defaultString(String str) {
        return String.format("%s{ username=%s, accessMode=%s }", str, subject().executingUser(), mode());
    }

    public static SecurityContext authDisabled(AccessMode accessMode, ClientConnectionInfo clientConnectionInfo, String str) {
        return new SecurityContext(AuthSubject.AUTH_DISABLED, accessMode, clientConnectionInfo, str) { // from class: org.neo4j.internal.kernel.api.security.SecurityContext.1
            @Override // org.neo4j.internal.kernel.api.security.SecurityContext
            public SecurityContext withMode(AccessMode accessMode2) {
                return authDisabled(accessMode2, connectionInfo(), database());
            }

            @Override // org.neo4j.internal.kernel.api.security.SecurityContext
            public String description() {
                return "AUTH_DISABLED with " + mode().name();
            }

            public String toString() {
                return defaultString("auth-disabled");
            }
        };
    }
}
