package com.floragunn.searchguard.enterprise.femt;

import com.floragunn.fluent.collections.ImmutableMap;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.fluent.collections.UnmodifiableIterator;
import com.floragunn.searchguard.authz.PrivilegesEvaluationContext;
import com.floragunn.searchguard.authz.PrivilegesEvaluationException;
import com.floragunn.searchguard.authz.TenantAccessMapper;
import com.floragunn.searchguard.authz.TenantManager;
import com.floragunn.searchguard.authz.actions.Action;
import com.floragunn.searchguard.authz.actions.ActionRequestIntrospector;
import com.floragunn.searchguard.authz.actions.Actions;
import com.floragunn.searchguard.privileges.SpecialPrivilegesEvaluationContext;
import com.floragunn.searchguard.user.User;
import java.util.Map;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/femt/FeMultiTenancyTenantAccessMapper.class */
public class FeMultiTenancyTenantAccessMapper implements TenantAccessMapper {
    private static final Logger log = LogManager.getLogger(FeMultiTenancyTenantAccessMapper.class);
    private final TenantManager tenantManager;
    private final TenantAuthorization tenantAuthorization;
    private final Actions actions;

    public FeMultiTenancyTenantAccessMapper(TenantManager tenantManager, TenantAuthorization tenantAuthorization, Actions actions) {
        this.tenantManager = tenantManager;
        this.tenantAuthorization = tenantAuthorization;
        this.actions = actions;
    }

    public Map<String, Boolean> mapTenantsAccess(User user, boolean z, Set<String> set) {
        if (user == null) {
            return ImmutableMap.empty();
        }
        ImmutableMap.Builder builder = new ImmutableMap.Builder(set.size());
        builder.put(user.getName(), true);
        PrivilegesEvaluationContext privilegesEvaluationContext = new PrivilegesEvaluationContext(user, z, ImmutableSet.of(set), (Action) null, (Object) null, false, (ActionRequestIntrospector) null, (SpecialPrivilegesEvaluationContext) null);
        UnmodifiableIterator it = this.tenantManager.getAllKnownTenantNames().iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            try {
                boolean isOk = this.tenantAuthorization.hasTenantPermission(privilegesEvaluationContext, KibanaActionsProvider.getKibanaReadAction(this.actions), str).isOk();
                if (this.tenantAuthorization.hasTenantPermission(privilegesEvaluationContext, KibanaActionsProvider.getKibanaWriteAction(this.actions), str).isOk()) {
                    builder.put(str, true);
                } else if (isOk) {
                    builder.put(str, false);
                }
            } catch (PrivilegesEvaluationException e) {
                log.error("Error while evaluating privileges for " + user + " " + str, e);
            }
        }
        if (!this.tenantManager.isTenantHeaderValid("SGS_GLOBAL_TENANT")) {
            builder.remove("SGS_GLOBAL_TENANT");
        }
        if (!this.tenantManager.isTenantHeaderValid("__user__")) {
            builder.remove(user.getName());
        }
        return builder.build();
    }
}
