package com.floragunn.searchguard.dlic.rest.validation;

import com.floragunn.codova.documents.DocumentParseException;
import com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator;
import java.util.Map;
import java.util.regex.Pattern;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.compress.NotXContentException;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.rest.RestRequest;

/* loaded from: input_file:com/floragunn/searchguard/dlic/rest/validation/InternalUsersValidator.class */
public class InternalUsersValidator extends AbstractConfigurationValidator {

    /* loaded from: input_file:com/floragunn/searchguard/dlic/rest/validation/InternalUsersValidator$SensitiveDataException.class */
    private static class SensitiveDataException extends Exception {
        private static final long serialVersionUID = 7279592878585611145L;

        public SensitiveDataException(String str) {
            super(str);
        }
    }

    public InternalUsersValidator(RestRequest restRequest, BytesReference bytesReference, Settings settings, Object... objArr) {
        super(restRequest, bytesReference, settings, objArr);
        this.payloadMandatory = true;
        this.allowedKeys.put("hash", AbstractConfigurationValidator.DataType.STRING);
        this.allowedKeys.put("password", AbstractConfigurationValidator.DataType.STRING);
        this.allowedKeys.put("backend_roles", AbstractConfigurationValidator.DataType.ARRAY);
        this.allowedKeys.put("attributes", AbstractConfigurationValidator.DataType.OBJECT);
        this.allowedKeys.put("description", AbstractConfigurationValidator.DataType.STRING);
        this.allowedKeys.put("search_guard_roles", AbstractConfigurationValidator.DataType.ARRAY);
    }

    @Override // com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator
    public boolean validate() {
        if (!super.validate()) {
            return false;
        }
        String str = this.esSettings.get("searchguard.restapi.password_validation_regex", (String) null);
        if ((this.request.method() != RestRequest.Method.PUT && this.request.method() != RestRequest.Method.PATCH) || str == null || str.isEmpty() || this.content == null || this.content.length() <= 1) {
            return true;
        }
        try {
            Map map = (Map) XContentHelper.convertToMap(this.content, false, XContentType.JSON).v2();
            if (map == null || !map.containsKey("password")) {
                return true;
            }
            String str2 = (String) map.get("password");
            if (str2 == null || str2.isEmpty()) {
                if (!this.log.isDebugEnabled()) {
                    return false;
                }
                this.log.debug("Unable to validate password because no password is given");
                return false;
            }
            String param = this.request.param("name");
            if (param == null && hasParams()) {
                param = (String) this.param[0];
            }
            if (param == null || param.isEmpty()) {
                if (!this.log.isDebugEnabled()) {
                    return false;
                }
                this.log.debug("Unable to validate username because no user is given");
                return false;
            }
            AbstractConfigurationValidator.ErrorType validatePassword = validatePassword(param, str2, this.esSettings);
            if (validatePassword == null) {
                return true;
            }
            this.errorType = validatePassword;
            return false;
        } catch (NotXContentException e) {
            this.log.error("Invalid xContent: " + e, e);
            return false;
        }
    }

    public static AbstractConfigurationValidator.ErrorType validatePassword(String str, String str2, Settings settings) {
        String str3;
        if (str2 == null || str2.isEmpty() || (str3 = settings.get("searchguard.restapi.password_validation_regex", (String) null)) == null || str3.isEmpty()) {
            return null;
        }
        if (Pattern.compile("^" + str3 + "$").matcher(str2).matches() && !str.toLowerCase().equals(str2.toLowerCase())) {
            return null;
        }
        return AbstractConfigurationValidator.ErrorType.INVALID_PASSWORD;
    }

    @Override // com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator
    protected Exception validationError(Exception exc) {
        return exc instanceof DocumentParseException ? new SensitiveDataException("Passed User object is invalid") : exc;
    }
}
