package com.floragunn.searchguard.authz;

import com.floragunn.codova.config.templates.ExpressionEvaluationException;
import com.floragunn.codova.config.templates.Template;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.searchguard.authz.config.Role;
import com.floragunn.searchguard.configuration.SgDynamicConfiguration;
import com.floragunn.searchguard.support.Pattern;
import com.floragunn.searchguard.support.WildcardMatcher;
import com.floragunn.searchguard.user.User;
import com.floragunn.searchsupport.cstate.ComponentState;
import com.floragunn.searchsupport.cstate.ComponentStateProvider;
import com.google.common.collect.Sets;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.support.IndicesOptions;
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.cluster.service.ClusterService;

/* loaded from: input_file:com/floragunn/searchguard/authz/LegacyRoleBasedDocumentAuthorization.class */
public class LegacyRoleBasedDocumentAuthorization implements DocumentAuthorization, ComponentStateProvider {
    private static final Logger log = LogManager.getLogger(LegacyRoleBasedDocumentAuthorization.class);
    private final SgDynamicConfiguration<Role> roles;
    private final IndexNameExpressionResolver resolver;
    private final ClusterService clusterService;
    private final ComponentState componentState = new ComponentState("role_based_document_authorization");

    public LegacyRoleBasedDocumentAuthorization(SgDynamicConfiguration<Role> sgDynamicConfiguration, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
        this.roles = sgDynamicConfiguration;
        this.resolver = indexNameExpressionResolver;
        this.clusterService = clusterService;
        this.componentState.setInitialized();
        this.componentState.setConfigVersion(sgDynamicConfiguration.getDocVersion());
    }

    @Override // com.floragunn.searchguard.authz.DocumentAuthorization
    public EvaluatedDlsFlsConfig getDlsFlsConfig(User user, ImmutableSet<String> immutableSet, PrivilegesEvaluationContext privilegesEvaluationContext) throws PrivilegesEvaluationException {
        if (!containsDlsFlsConfig(immutableSet)) {
            if (log.isDebugEnabled()) {
                log.debug("No fls or dls found for {}", user);
            }
            return EvaluatedDlsFlsConfig.EMPTY;
        }
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        for (Map.Entry<String, Role> entry : this.roles.getCEntries().entrySet()) {
            if (immutableSet.contains(entry.getKey())) {
                for (Role.Index index : entry.getValue().getIndexPermissions()) {
                    for (Template<Pattern> template : index.getIndexPatterns()) {
                        try {
                            String[] resolvedIndexPatterns = getResolvedIndexPatterns(user, template);
                            if (index.getDls() != null) {
                                try {
                                    String str = (String) index.getDls().render(user);
                                    if (str == null || str.length() <= 0) {
                                        hashSet.addAll(Arrays.asList(resolvedIndexPatterns));
                                    } else {
                                        for (String str2 : resolvedIndexPatterns) {
                                            ((Set) hashMap.computeIfAbsent(str2, str3 -> {
                                                return new HashSet();
                                            })).add(str);
                                        }
                                    }
                                } catch (ExpressionEvaluationException e) {
                                    this.componentState.addLastException("get_dls_fls_config", e);
                                    throw new PrivilegesEvaluationException("Error while evaluating DLS query template of role " + entry.getKey() + ":\nQuery template: " + index.getDls() + "\nUser: " + user.toStringWithAttributes(), e);
                                }
                            } else {
                                hashSet.addAll(Arrays.asList(resolvedIndexPatterns));
                            }
                            ImmutableList<String> fls = index.getFls();
                            if (fls == null || fls.size() <= 0) {
                                hashSet2.addAll(Arrays.asList(resolvedIndexPatterns));
                            } else {
                                for (String str4 : resolvedIndexPatterns) {
                                    if (hashMap2.containsKey(str4)) {
                                        ((Set) hashMap2.get(str4)).addAll(Sets.newHashSet(fls));
                                    } else {
                                        hashMap2.put(str4, new HashSet());
                                        ((Set) hashMap2.get(str4)).addAll(Sets.newHashSet(fls));
                                    }
                                }
                            }
                            ImmutableList<String> maskedFields = index.getMaskedFields();
                            if (maskedFields == null || maskedFields.size() <= 0) {
                                hashSet3.addAll(Arrays.asList(resolvedIndexPatterns));
                            } else {
                                for (String str5 : resolvedIndexPatterns) {
                                    if (hashMap3.containsKey(str5)) {
                                        ((Set) hashMap3.get(str5)).addAll(Sets.newHashSet(maskedFields));
                                    } else {
                                        hashMap3.put(str5, new HashSet());
                                        ((Set) hashMap3.get(str5)).addAll(Sets.newHashSet(maskedFields));
                                    }
                                }
                            }
                        } catch (ExpressionEvaluationException e2) {
                            this.componentState.addLastException("get_dls_fls_config", e2);
                            throw new PrivilegesEvaluationException("Error while evaluating index pattern template of role " + entry.getKey() + ":\nPattern: " + template + "\nUser: " + user.toStringWithAttributes(), e2);
                        }
                    }
                }
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("Index patterns with no dls queries attached: {} - They will be removed from {}", hashSet, hashMap.keySet());
            log.debug("Index patterns with no fls fields attached: {} - They will be removed from {}", hashSet2, hashMap2.keySet());
            log.debug("Index patterns with no masked fields attached: {} - They will be removed from {}", hashSet3, hashMap3.keySet());
        }
        WildcardMatcher.wildcardRemoveFromSet((Set<String>) hashMap.keySet(), hashSet);
        WildcardMatcher.wildcardRemoveFromSet((Set<String>) hashMap2.keySet(), hashSet2);
        WildcardMatcher.wildcardRemoveFromSet((Set<String>) hashMap3.keySet(), hashSet3);
        return new EvaluatedDlsFlsConfig(hashMap, hashMap2, hashMap3);
    }

    private boolean containsDlsFlsConfig(ImmutableSet<String> immutableSet) {
        for (Map.Entry<String, Role> entry : this.roles.getCEntries().entrySet()) {
            if (immutableSet.contains(entry.getKey())) {
                Iterator it = entry.getValue().getIndexPermissions().iterator();
                while (it.hasNext()) {
                    if (containsDlsFlsConfig((Role.Index) it.next())) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    private boolean containsDlsFlsConfig(Role.Index index) {
        if (index.getDls() != null) {
            return true;
        }
        if (index.getFls() == null || index.getFls().size() == 0) {
            return (index.getMaskedFields() == null || index.getMaskedFields().size() == 0) ? false : true;
        }
        return true;
    }

    private String[] getResolvedIndexPatterns(User user, Template<Pattern> template) throws ExpressionEvaluationException {
        String renderToString = template.renderToString(user);
        String[] concreteIndexNames = this.resolver.concreteIndexNames(this.clusterService.state(), IndicesOptions.lenientExpandOpen(), new String[]{renderToString});
        return (concreteIndexNames == null || concreteIndexNames.length == 0) ? new String[]{renderToString} : concreteIndexNames;
    }

    @Override // com.floragunn.searchguard.authz.DocumentAuthorization
    public void updateIndices(Set<String> set) {
    }

    public ComponentState getComponentState() {
        return this.componentState;
    }
}
