package org.neo4j.internal.kernel.api.security;

import java.util.Collections;
import java.util.Set;
import org.neo4j.internal.kernel.api.security.AccessMode;
import org.neo4j.internal.kernel.api.security.LoginContext;

/* loaded from: input_file:org/neo4j/internal/kernel/api/security/SecurityContext.class */
public class SecurityContext implements LoginContext {
    protected final AuthSubject subject;
    protected final AccessMode mode;
    public static final SecurityContext AUTH_DISABLED = new AuthDisabled(AccessMode.Static.FULL);

    /* loaded from: input_file:org/neo4j/internal/kernel/api/security/SecurityContext$AuthDisabled.class */
    private static final class AuthDisabled extends SecurityContext {
        private AuthDisabled(AccessMode accessMode) {
            super(AuthSubject.AUTH_DISABLED, accessMode);
        }

        @Override // org.neo4j.internal.kernel.api.security.SecurityContext
        public SecurityContext withMode(AccessMode accessMode) {
            return new AuthDisabled(accessMode);
        }

        @Override // org.neo4j.internal.kernel.api.security.SecurityContext
        public String description() {
            return "AUTH_DISABLED with " + mode().name();
        }

        public String toString() {
            return defaultString("auth-disabled");
        }
    }

    public SecurityContext(AuthSubject authSubject, AccessMode accessMode) {
        this.subject = authSubject;
        this.mode = accessMode;
    }

    public AccessMode mode() {
        return this.mode;
    }

    public boolean allowExecuteAdminProcedure(int i) {
        return true;
    }

    public boolean allowsAdminAction(AdminActionOnResource adminActionOnResource) {
        assertCredentialsNotExpired();
        return true;
    }

    public Set<String> roles() {
        return Collections.emptySet();
    }

    @Override // org.neo4j.internal.kernel.api.security.LoginContext
    public AuthSubject subject() {
        return this.subject;
    }

    @Override // org.neo4j.internal.kernel.api.security.LoginContext
    public SecurityContext authorize(LoginContext.IdLookup idLookup, String str) {
        return this;
    }

    public SecurityContext withMode(AccessMode accessMode) {
        return new SecurityContext(this.subject, accessMode);
    }

    public SecurityContext withMode(AdminAccessMode adminAccessMode) {
        return new SecurityContext(this.subject, this.mode);
    }

    public void assertCredentialsNotExpired() {
        if (AuthenticationResult.PASSWORD_CHANGE_REQUIRED.equals(subject().getAuthenticationResult())) {
            throw mode().onViolation("Permission denied.");
        }
    }

    public String description() {
        return String.format("user '%s' with %s", subject().username(), mode().name());
    }

    protected String defaultString(String str) {
        return String.format("%s{ username=%s, accessMode=%s }", str, subject().username(), mode());
    }
}
