package com.floragunn.searchguard.enterprise.femt;

import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.fluent.collections.ImmutableMap;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.searchguard.BaseDependencies;
import com.floragunn.searchguard.SearchGuardModule;
import com.floragunn.searchguard.authc.legacy.LegacySgConfig;
import com.floragunn.searchguard.authz.PrivilegesEvaluationContext;
import com.floragunn.searchguard.authz.SyncAuthorizationFilter;
import com.floragunn.searchguard.authz.TenantAccessMapper;
import com.floragunn.searchguard.authz.TenantManager;
import com.floragunn.searchguard.authz.config.ActionGroup;
import com.floragunn.searchguard.configuration.AdminDNs;
import com.floragunn.searchguard.configuration.CType;
import com.floragunn.searchguard.configuration.SgDynamicConfiguration;
import com.floragunn.searchguard.enterprise.femt.datamigration880.rest.DataMigrationApi;
import com.floragunn.searchguard.enterprise.femt.request.handler.RequestHandlerFactory;
import com.floragunn.searchguard.enterprise.femt.tenants.AvailableTenantService;
import com.floragunn.searchguard.enterprise.femt.tenants.TenantAvailabilityRepository;
import com.floragunn.searchguard.support.PrivilegedConfigClient;
import com.floragunn.searchguard.user.User;
import com.floragunn.searchsupport.StaticSettings;
import com.floragunn.searchsupport.cstate.ComponentState;
import com.floragunn.searchsupport.cstate.ComponentStateProvider;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Supplier;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.cluster.node.DiscoveryNodes;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.IndexScopedSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsFilter;
import org.elasticsearch.plugins.ActionPlugin;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestHandler;
import org.elasticsearch.script.ScriptService;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/femt/FeMultiTenancyModule.class */
public class FeMultiTenancyModule implements SearchGuardModule, ComponentStateProvider {
    private volatile boolean enabled;
    private volatile MultiTenancyAuthorizationFilter multiTenancyAuthorizationFilter;
    private volatile FeMultiTenancyConfig config;
    private volatile RoleBasedTenantAuthorization tenantAuthorization;
    private volatile TenantManager tenantManager;
    private volatile FeMultiTenancyTenantAccessMapper feMultiTenancyTenantAccessMapper;
    private ThreadPool threadPool;
    private ClusterService clusterService;
    private AdminDNs adminDns;
    private static final StaticSettings.Attribute<Boolean> UNSUPPORTED_SINGLE_INDEX_MT_ENABLED = StaticSettings.Attribute.define("searchguard.unsupported.single_index_mt_enabled").withDefault(false).asBoolean();
    private static final Logger log = LogManager.getLogger(FeMultiTenancyModule.class);
    private static final CType<FeMultiTenancyConfig> TYPE = FeMultiTenancyConfig.TYPE;
    private final ComponentState componentState = new ComponentState(1000, (String) null, "fe_multi_tenancy", FeMultiTenancyModule.class).requiresEnterpriseLicense();
    private volatile ImmutableSet<String> tenantNames = ImmutableSet.empty();
    private final TenantAccessMapper tenantAccessMapper = new TenantAccessMapper() { // from class: com.floragunn.searchguard.enterprise.femt.FeMultiTenancyModule.1
        public Map<String, Boolean> mapTenantsAccess(User user, Set<String> set) {
            return !FeMultiTenancyModule.this.enabled ? ImmutableMap.empty() : FeMultiTenancyModule.this.feMultiTenancyTenantAccessMapper.mapTenantsAccess(user, set);
        }
    };
    private final SyncAuthorizationFilter syncAuthorizationFilter = new SyncAuthorizationFilter() { // from class: com.floragunn.searchguard.enterprise.femt.FeMultiTenancyModule.2
        public SyncAuthorizationFilter.Result apply(PrivilegesEvaluationContext privilegesEvaluationContext, ActionListener<?> actionListener) {
            MultiTenancyAuthorizationFilter multiTenancyAuthorizationFilter = FeMultiTenancyModule.this.multiTenancyAuthorizationFilter;
            return (!FeMultiTenancyModule.this.enabled || multiTenancyAuthorizationFilter == null) ? SyncAuthorizationFilter.Result.OK : multiTenancyAuthorizationFilter.apply(privilegesEvaluationContext, actionListener);
        }
    };

    public Collection<Object> createComponents(BaseDependencies baseDependencies) {
        this.threadPool = baseDependencies.getThreadPool();
        this.clusterService = baseDependencies.getClusterService();
        this.adminDns = new AdminDNs(baseDependencies.getSettings());
        baseDependencies.getConfigurationRepository().subscribeOnChange(configMap -> {
            SgDynamicConfiguration sgDynamicConfiguration = configMap.get(FeMultiTenancyConfig.TYPE);
            SgDynamicConfiguration sgDynamicConfiguration2 = configMap.get(CType.CONFIG);
            FeMultiTenancyConfig feMultiTenancyConfig = null;
            if (sgDynamicConfiguration != null && sgDynamicConfiguration.getCEntry("default") != null) {
                feMultiTenancyConfig = (FeMultiTenancyConfig) sgDynamicConfiguration.getCEntry("default");
                this.componentState.setState(ComponentState.State.INITIALIZED, "using_authc_config");
                this.componentState.setConfigVersion(sgDynamicConfiguration.getDocVersion());
            } else if (sgDynamicConfiguration2 == null || sgDynamicConfiguration2.getCEntry("sg_config") == null) {
                feMultiTenancyConfig = FeMultiTenancyConfig.DEFAULT;
                this.componentState.setState(ComponentState.State.INITIALIZED, "using_default_config");
                this.componentState.setConfigVersion(sgDynamicConfiguration.getDocVersion());
            } else {
                try {
                    feMultiTenancyConfig = FeMultiTenancyConfig.parseLegacySgConfig(((LegacySgConfig) sgDynamicConfiguration2.getCEntry("sg_config")).getSource(), null);
                    this.componentState.setState(ComponentState.State.INITIALIZED, "using_legacy_config");
                    this.componentState.setConfigVersion(sgDynamicConfiguration2.getDocVersion());
                } catch (ConfigValidationException e) {
                    log.warn("Error while parsing legacy MT configuration", e);
                    this.componentState.setFailed(e);
                    this.componentState.setConfigVersion(sgDynamicConfiguration2.getDocVersion());
                }
            }
            this.config = feMultiTenancyConfig;
            this.tenantNames = ImmutableSet.of(configMap.get(CType.TENANTS).getCEntries().keySet());
            SgDynamicConfiguration sgDynamicConfiguration3 = configMap.get(CType.ROLES);
            SgDynamicConfiguration sgDynamicConfiguration4 = configMap.get(CType.TENANTS);
            ActionGroup.FlattenedIndex flattenedIndex = configMap.get(CType.ACTIONGROUPS) != null ? new ActionGroup.FlattenedIndex(configMap.get(CType.ACTIONGROUPS)) : ActionGroup.FlattenedIndex.EMPTY;
            this.tenantManager = new TenantManager(sgDynamicConfiguration4.getCEntries().keySet());
            this.tenantAuthorization = new RoleBasedTenantAuthorization(sgDynamicConfiguration3, flattenedIndex, baseDependencies.getActions(), this.tenantManager, feMultiTenancyConfig.getMetricsLevel());
            this.feMultiTenancyTenantAccessMapper = new FeMultiTenancyTenantAccessMapper(this.tenantManager, this.tenantAuthorization, baseDependencies.getActions());
            RequestHandlerFactory requestHandlerFactory = new RequestHandlerFactory(baseDependencies.getLocalClient(), baseDependencies.getThreadPool().getThreadContext(), baseDependencies.getClusterService(), baseDependencies.getGuiceDependencies().getIndicesService());
            if (feMultiTenancyConfig == null) {
                this.enabled = false;
            } else if (feMultiTenancyConfig.isEnabled()) {
                this.enabled = true;
                this.multiTenancyAuthorizationFilter = new MultiTenancyAuthorizationFilter(feMultiTenancyConfig, this.tenantAuthorization, this.tenantManager, baseDependencies.getActions(), baseDependencies.getThreadPool().getThreadContext(), baseDependencies.getLocalClient(), requestHandlerFactory, this.clusterService, baseDependencies.getGuiceDependencies().getIndicesService());
            } else {
                this.enabled = false;
                this.componentState.setState(ComponentState.State.SUSPENDED, "disabled_by_config");
            }
            this.componentState.setConfigVersion(configMap.getVersionsAsString());
            this.componentState.replacePart(this.tenantAuthorization.getComponentState());
            this.componentState.updateStateFromParts();
            if (log.isDebugEnabled()) {
                log.debug("Using MT config: " + feMultiTenancyConfig + "\nenabled: " + this.enabled + "\nauthorization filter: " + this.multiTenancyAuthorizationFilter);
            }
        });
        return Arrays.asList(new FeMultiTenancyConfigurationProvider(this), this.tenantAccessMapper, new AvailableTenantService(new FeMultiTenancyConfigurationProvider(this), baseDependencies.getAuthorizationService(), this.threadPool, new TenantAvailabilityRepository(PrivilegedConfigClient.adapt(baseDependencies.getLocalClient()))));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TenantAccessMapper getTenantAccessMapper() {
        return this.tenantAccessMapper;
    }

    public ComponentState getComponentState() {
        return this.componentState;
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public FeMultiTenancyConfig getConfig() {
        return this.config;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ImmutableSet<String> getTenantNames() {
        return this.tenantNames;
    }

    public List<RestHandler> getRestHandlers(Settings settings, RestController restController, ClusterSettings clusterSettings, IndexScopedSettings indexScopedSettings, SettingsFilter settingsFilter, IndexNameExpressionResolver indexNameExpressionResolver, ScriptService scriptService, Supplier<DiscoveryNodes> supplier) {
        return ImmutableList.of(FeMultiTenancyConfigApi.REST_API, DataMigrationApi.REST_API);
    }

    /* renamed from: getActions, reason: merged with bridge method [inline-methods] */
    public ImmutableList<ActionPlugin.ActionHandler<?, ?>> m7getActions() {
        return FeMultiTenancyConfigApi.ACTION_HANDLERS.with(DataMigrationApi.ACTION_HANDLERS);
    }

    public ImmutableSet<String> getCapabilities() {
        return ImmutableSet.of("fe_multi_tenancy");
    }

    public ImmutableList<SyncAuthorizationFilter> getPrePrivilegeEvaluationSyncAuthorizationFilters() {
        return ImmutableList.of(this.syncAuthorizationFilter);
    }

    public StaticSettings.AttributeSet getSettings() {
        return StaticSettings.AttributeSet.of(new StaticSettings.Attribute[]{UNSUPPORTED_SINGLE_INDEX_MT_ENABLED});
    }
}
