package com.floragunn.searchguard.enterprise.femt;

import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.fluent.collections.ImmutableMap;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.searchguard.BaseDependencies;
import com.floragunn.searchguard.SearchGuardModule;
import com.floragunn.searchguard.authc.legacy.LegacySgConfig;
import com.floragunn.searchguard.authz.ActionAuthorization;
import com.floragunn.searchguard.authz.PrivilegesEvaluationContext;
import com.floragunn.searchguard.authz.PrivilegesEvaluationException;
import com.floragunn.searchguard.authz.actions.Action;
import com.floragunn.searchguard.configuration.AdminDNs;
import com.floragunn.searchguard.configuration.CType;
import com.floragunn.searchguard.configuration.SgDynamicConfiguration;
import com.floragunn.searchguard.privileges.PrivilegesInterceptor;
import com.floragunn.searchguard.user.User;
import com.floragunn.searchsupport.cstate.ComponentState;
import com.floragunn.searchsupport.cstate.ComponentStateProvider;
import com.google.common.collect.ImmutableList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.function.Supplier;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.action.ActionRequest;
import org.opensearch.action.ActionResponse;
import org.opensearch.cluster.metadata.IndexNameExpressionResolver;
import org.opensearch.cluster.node.DiscoveryNodes;
import org.opensearch.cluster.service.ClusterService;
import org.opensearch.common.settings.ClusterSettings;
import org.opensearch.common.settings.IndexScopedSettings;
import org.opensearch.common.settings.Settings;
import org.opensearch.common.settings.SettingsFilter;
import org.opensearch.plugins.ActionPlugin;
import org.opensearch.rest.RestController;
import org.opensearch.rest.RestHandler;
import org.opensearch.script.ScriptService;
import org.opensearch.threadpool.ThreadPool;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/femt/FeMultiTenancyModule.class */
public class FeMultiTenancyModule implements SearchGuardModule, ComponentStateProvider {
    private volatile boolean enabled;
    private volatile PrivilegesInterceptorImpl interceptorImpl;
    private volatile FeMultiTenancyConfig config;
    private ThreadPool threadPool;
    private ClusterService clusterService;
    private AdminDNs adminDns;
    private static final Logger log = LogManager.getLogger(FeMultiTenancyModule.class);
    private static final CType<FeMultiTenancyConfig> TYPE = FeMultiTenancyConfig.TYPE;
    private final ComponentState componentState = new ComponentState(1000, (String) null, "fe_multi_tenancy", FeMultiTenancyModule.class).requiresEnterpriseLicense();
    private volatile ImmutableSet<String> tenantNames = ImmutableSet.empty();
    private final PrivilegesInterceptor privilegesInterceptor = new PrivilegesInterceptor() { // from class: com.floragunn.searchguard.enterprise.femt.FeMultiTenancyModule.1
        public PrivilegesInterceptor.InterceptionResult replaceKibanaIndex(PrivilegesEvaluationContext privilegesEvaluationContext, ActionRequest actionRequest, Action action, ActionAuthorization actionAuthorization) throws PrivilegesEvaluationException {
            return (!FeMultiTenancyModule.this.enabled || FeMultiTenancyModule.this.interceptorImpl == null) ? PrivilegesInterceptor.InterceptionResult.NORMAL : FeMultiTenancyModule.this.interceptorImpl.replaceKibanaIndex(privilegesEvaluationContext, actionRequest, action, actionAuthorization);
        }

        public boolean isEnabled() {
            return FeMultiTenancyModule.this.enabled;
        }

        public String getKibanaIndex() {
            return (!FeMultiTenancyModule.this.enabled || FeMultiTenancyModule.this.interceptorImpl == null) ? ".kibana" : FeMultiTenancyModule.this.interceptorImpl.getKibanaIndex();
        }

        public String getKibanaServerUser() {
            return (!FeMultiTenancyModule.this.enabled || FeMultiTenancyModule.this.interceptorImpl == null) ? "kibanaserver" : FeMultiTenancyModule.this.interceptorImpl.getKibanaServerUser();
        }

        public Map<String, Boolean> mapTenants(User user, ImmutableSet<String> immutableSet, ActionAuthorization actionAuthorization) {
            return (!FeMultiTenancyModule.this.enabled || FeMultiTenancyModule.this.interceptorImpl == null) ? ImmutableMap.empty() : FeMultiTenancyModule.this.interceptorImpl.mapTenants(user, immutableSet, actionAuthorization);
        }
    };

    public Collection<Object> createComponents(BaseDependencies baseDependencies) {
        this.threadPool = baseDependencies.getThreadPool();
        this.clusterService = baseDependencies.getClusterService();
        this.adminDns = new AdminDNs(baseDependencies.getSettings());
        baseDependencies.getConfigurationRepository().subscribeOnChange(configMap -> {
            SgDynamicConfiguration sgDynamicConfiguration = configMap.get(FeMultiTenancyConfig.TYPE);
            SgDynamicConfiguration sgDynamicConfiguration2 = configMap.get(CType.CONFIG);
            FeMultiTenancyConfig feMultiTenancyConfig = null;
            if (sgDynamicConfiguration != null && sgDynamicConfiguration.getCEntry("default") != null) {
                feMultiTenancyConfig = (FeMultiTenancyConfig) sgDynamicConfiguration.getCEntry("default");
                this.componentState.setState(ComponentState.State.INITIALIZED, "using_authc_config");
                this.componentState.setConfigVersion(sgDynamicConfiguration.getDocVersion());
            } else if (sgDynamicConfiguration2 == null || sgDynamicConfiguration2.getCEntry("sg_config") == null) {
                feMultiTenancyConfig = FeMultiTenancyConfig.DEFAULT;
                this.componentState.setState(ComponentState.State.INITIALIZED, "using_default_config");
                this.componentState.setConfigVersion(sgDynamicConfiguration.getDocVersion());
            } else {
                try {
                    feMultiTenancyConfig = FeMultiTenancyConfig.parseLegacySgConfig(((LegacySgConfig) sgDynamicConfiguration2.getCEntry("sg_config")).getSource(), null);
                    this.componentState.setState(ComponentState.State.INITIALIZED, "using_legacy_config");
                    this.componentState.setConfigVersion(sgDynamicConfiguration2.getDocVersion());
                } catch (ConfigValidationException e) {
                    log.warn("Error while parsing legacy MT configuration", e);
                    this.componentState.setFailed(e);
                    this.componentState.setConfigVersion(sgDynamicConfiguration2.getDocVersion());
                }
            }
            this.config = feMultiTenancyConfig;
            ImmutableSet<String> of = ImmutableSet.of(configMap.get(CType.TENANTS).getCEntries().keySet());
            this.tenantNames = of;
            if (feMultiTenancyConfig == null) {
                this.enabled = false;
            } else if (feMultiTenancyConfig.isEnabled()) {
                this.enabled = true;
                this.interceptorImpl = new PrivilegesInterceptorImpl(feMultiTenancyConfig, of, baseDependencies.getActions());
            } else {
                this.enabled = false;
                this.componentState.setState(ComponentState.State.SUSPENDED, "disabled_by_config");
            }
            if (log.isDebugEnabled()) {
                log.debug("Using MT config: " + feMultiTenancyConfig + "\nenabled: " + this.enabled + "\ninterceptor: " + this.interceptorImpl);
            }
        });
        return Arrays.asList(this.privilegesInterceptor);
    }

    public ComponentState getComponentState() {
        return this.componentState;
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public FeMultiTenancyConfig getConfig() {
        return this.config;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ImmutableSet<String> getTenantNames() {
        return this.tenantNames;
    }

    public List<RestHandler> getRestHandlers(Settings settings, RestController restController, ClusterSettings clusterSettings, IndexScopedSettings indexScopedSettings, SettingsFilter settingsFilter, IndexNameExpressionResolver indexNameExpressionResolver, ScriptService scriptService, Supplier<DiscoveryNodes> supplier) {
        return ImmutableList.of(new TenantInfoAction(settings, restController, this, this.threadPool, this.clusterService, this.adminDns), FeMultiTenancyConfigApi.REST_API);
    }

    public List<ActionPlugin.ActionHandler<? extends ActionRequest, ? extends ActionResponse>> getActions() {
        return FeMultiTenancyConfigApi.ACTION_HANDLERS;
    }

    public ImmutableSet<String> getCapabilities() {
        return ImmutableSet.of("fe_multi_tenancy");
    }
}
