package com.floragunn.searchguard.enterprise.dlsfls;

import com.floragunn.searchguard.authz.PrivilegesEvaluationContext;
import com.floragunn.searchguard.authz.PrivilegesEvaluationException;
import com.floragunn.searchguard.enterprise.dlsfls.RoleBasedFieldAuthorization;
import com.floragunn.searchsupport.cstate.ComponentState;
import com.floragunn.searchsupport.cstate.ComponentStateProvider;
import com.floragunn.searchsupport.cstate.metrics.Meter;
import com.floragunn.searchsupport.cstate.metrics.MetricsLevel;
import com.floragunn.searchsupport.cstate.metrics.TimeAggregation;
import com.floragunn.searchsupport.meta.Meta;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Function;
import java.util.function.Predicate;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.plugins.FieldPredicate;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/dlsfls/FlsFieldFilter.class */
public class FlsFieldFilter implements Function<String, FieldPredicate>, ComponentStateProvider {
    private static final String KEYWORD = ".keyword";
    private static final Logger log = LogManager.getLogger(FlsFieldFilter.class);
    private final DlsFlsBaseContext baseContext;
    private final AtomicReference<DlsFlsProcessedConfig> config;
    private final ComponentState componentState = new ComponentState(1, (String) null, "fls_field_filter", FlsFieldFilter.class).initialized();
    private final TimeAggregation applyAggregation = new TimeAggregation.Nanoseconds();

    /* JADX INFO: Access modifiers changed from: package-private */
    public FlsFieldFilter(DlsFlsBaseContext dlsFlsBaseContext, AtomicReference<DlsFlsProcessedConfig> atomicReference) {
        this.baseContext = dlsFlsBaseContext;
        this.config = atomicReference;
        this.componentState.addMetrics("filter_fields", this.applyAggregation);
    }

    @Override // java.util.function.Function
    public FieldPredicate apply(String str) {
        DlsFlsProcessedConfig dlsFlsProcessedConfig = this.config.get();
        PrivilegesEvaluationContext privilegesEvaluationContext = this.baseContext.getPrivilegesEvaluationContext();
        if (privilegesEvaluationContext == null) {
            return FieldPredicate.ACCEPT_ALL;
        }
        try {
            Meter detail = Meter.detail(dlsFlsProcessedConfig.getMetricsLevel(), this.applyAggregation);
            try {
                Meta.Index index = (Meta.Index) this.baseContext.getIndexMetaData().getIndexOrLike(str);
                RoleBasedFieldAuthorization fieldAuthorization = dlsFlsProcessedConfig.getFieldAuthorization();
                if (fieldAuthorization == null) {
                    throw new IllegalStateException("FLS is not initialized");
                }
                if (privilegesEvaluationContext.getSpecialPrivilegesEvaluationContext() != null && privilegesEvaluationContext.getSpecialPrivilegesEvaluationContext().getRolesConfig() != null) {
                    fieldAuthorization = new RoleBasedFieldAuthorization(privilegesEvaluationContext.getSpecialPrivilegesEvaluationContext().getRolesConfig(), this.baseContext.getIndexMetaData(), MetricsLevel.NONE);
                }
                RoleBasedFieldAuthorization.FlsRule restriction = fieldAuthorization.getRestriction(privilegesEvaluationContext, index, detail);
                FieldPredicate createFieldPredicate = createFieldPredicate(str2 -> {
                    return restriction.isAllowed(removeSuffix(str2));
                });
                if (detail != null) {
                    detail.close();
                }
                return createFieldPredicate;
            } catch (Throwable th) {
                if (detail != null) {
                    try {
                        detail.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (RuntimeException e) {
            log.error("Error while evaluating FLS for index " + str, e);
            this.componentState.addLastException("filter_fields", e);
            throw e;
        } catch (PrivilegesEvaluationException e2) {
            log.error("Error while evaluating FLS for index " + str, e2);
            this.componentState.addLastException("filter_fields", e2);
            throw new RuntimeException("Error while evaluating FLS for index " + str, e2);
        }
    }

    private FieldPredicate createFieldPredicate(final Predicate<String> predicate) {
        return new FieldPredicate() { // from class: com.floragunn.searchguard.enterprise.dlsfls.FlsFieldFilter.1
            public long ramBytesUsed() {
                return 0L;
            }

            public boolean test(String str) {
                return predicate.test(str);
            }

            public String modifyHash(String str) {
                return str;
            }
        };
    }

    private static String removeSuffix(String str) {
        return (str == null || !str.endsWith(KEYWORD)) ? str : str.substring(0, str.length() - KEYWORD.length());
    }

    public ComponentState getComponentState() {
        return this.componentState;
    }
}
