package com.floragunn.searchguard.authc.legacy;

import com.floragunn.codova.config.net.CacheConfig;
import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Document;
import com.floragunn.codova.documents.UnexpectedDocumentStructureException;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidatingDocNode;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.codova.validation.ValidationResult;
import com.floragunn.codova.validation.errors.InvalidAttributeValue;
import com.floragunn.codova.validation.errors.MissingAttribute;
import com.floragunn.codova.validation.errors.ValidationError;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.searchguard.NoSuchComponentException;
import com.floragunn.searchguard.TypedComponentRegistry;
import com.floragunn.searchguard.authc.AuthenticationDomain;
import com.floragunn.searchguard.authc.AuthenticatorUnavailableException;
import com.floragunn.searchguard.authc.UserInformationBackend;
import com.floragunn.searchguard.authc.rest.HttpAuthenticationFrontend;
import com.floragunn.searchguard.authc.rest.RestAuthcConfig;
import com.floragunn.searchguard.authc.transport.TransportAuthcConfig;
import com.floragunn.searchguard.authc.transport.TransportAuthenticationDomain;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.license.SearchGuardLicenseKey;
import com.floragunn.searchguard.support.WildcardMatcher;
import com.floragunn.searchguard.user.AuthCredentials;
import com.floragunn.searchguard.user.User;
import com.floragunn.searchsupport.cstate.metrics.MetricsLevel;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/floragunn/searchguard/authc/legacy/LegacySgConfig.class */
public class LegacySgConfig implements Document<LegacySgConfig> {
    private static final Logger log = LogManager.getLogger(LegacySgConfig.class);
    private final DocNode source;
    private final RestAuthcConfig restAuthcConfig;
    private final TransportAuthcConfig transportAuthcConfig;
    private final SearchGuardLicenseKey license;

    LegacySgConfig(DocNode docNode, RestAuthcConfig restAuthcConfig, TransportAuthcConfig transportAuthcConfig, SearchGuardLicenseKey searchGuardLicenseKey) {
        this.source = docNode;
        this.restAuthcConfig = restAuthcConfig;
        this.transportAuthcConfig = transportAuthcConfig;
        this.license = searchGuardLicenseKey;
    }

    public static ValidationResult<LegacySgConfig> parse(DocNode docNode, ConfigurationRepository.Context context) {
        ValidationErrors validationErrors = new ValidationErrors();
        try {
            ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode.splitDottedAttributeNamesToTree(), validationErrors);
            if (!validatingDocNode.get("dynamic.multi_rolespan_enabled").withDefault(false).asBoolean()) {
                log.error("The option multi_rolespan_enabled is no longer supported; from now on the privilege evaluation will always work like multi_rolespan_enabled was set to true");
            }
            if (validatingDocNode.get("dynamic.disable_rest_auth").withDefault(false).asBoolean()) {
                log.error("The option disable_rest_auth is no longer supported. Rest layer authentication cannot be disabled.");
            }
            SearchGuardLicenseKey searchGuardLicenseKey = (SearchGuardLicenseKey) validatingDocNode.get("dynamic.license").by(SearchGuardLicenseKey::parse);
            ValidationResult<ImmutableList<LegacyAuthorizationBackend>> parseAuthorizationDomains = parseAuthorizationDomains(docNode, context);
            ValidationResult<RestAuthcConfig> parseRestConfig = parseRestConfig(docNode, context, (ImmutableList) parseAuthorizationDomains.peek());
            ValidationResult<TransportAuthcConfig> parseTransportConfig = parseTransportConfig(docNode, context, (ImmutableList) parseAuthorizationDomains.peek());
            validationErrors.add((String) null, parseAuthorizationDomains);
            validationErrors.add((String) null, parseRestConfig);
            validationErrors.add((String) null, parseTransportConfig);
            return (parseRestConfig.hasResult() && parseTransportConfig.hasResult()) ? new ValidationResult<>(new LegacySgConfig(docNode, (RestAuthcConfig) parseRestConfig.peek(), (TransportAuthcConfig) parseTransportConfig.peek(), searchGuardLicenseKey), validationErrors) : new ValidationResult<>(validationErrors);
        } catch (UnexpectedDocumentStructureException e) {
            return new ValidationResult<>(e.getValidationErrors());
        }
    }

    static ValidationResult<RestAuthcConfig> parseRestConfig(DocNode docNode, ConfigurationRepository.Context context, ImmutableList<LegacyAuthorizationBackend> immutableList) {
        DocNode asNode = docNode.getAsNode("dynamic", new String[]{"authc"});
        if (asNode.isNull()) {
            return new ValidationResult<>(RestAuthcConfig.empty(docNode), new MissingAttribute("dynamic.authc"));
        }
        if (!asNode.isMap()) {
            return new ValidationResult<>(RestAuthcConfig.empty(docNode), new InvalidAttributeValue("dynamic.authc", (Object) null, "A mapping from auth domain names to definitions"));
        }
        ValidationErrors validationErrors = new ValidationErrors();
        boolean z = false;
        ValidationResult<ImmutableList<AuthenticationDomain<HttpAuthenticationFrontend>>> parseAuthenticationDomains = parseAuthenticationDomains(docNode, context, immutableList);
        validationErrors.add((String) null, parseAuthenticationDomains.getValidationErrors());
        RestAuthcConfig.Network network = null;
        try {
            DocNode asNode2 = docNode.getAsNode("dynamic", new String[]{"http", "xff"});
            if (!asNode2.isNull() && asNode2.getBoolean("enabled") != null && asNode2.getBoolean("enabled").booleanValue()) {
                network = RestAuthcConfig.Network.parseLegacy(asNode2);
            }
        } catch (ConfigValidationException e) {
            validationErrors.add("dynamic.http.xff", e);
            z = true;
        }
        return (z || !parseAuthenticationDomains.hasResult()) ? new ValidationResult<>(RestAuthcConfig.empty(docNode), validationErrors) : new ValidationResult<>(new RestAuthcConfig(docNode, (ImmutableList) parseAuthenticationDomains.peek(), network, CacheConfig.DEFAULT, false, MetricsLevel.NONE), validationErrors);
    }

    static ValidationResult<TransportAuthcConfig> parseTransportConfig(DocNode docNode, ConfigurationRepository.Context context, ImmutableList<LegacyAuthorizationBackend> immutableList) {
        DocNode asNode = docNode.getAsNode("dynamic", new String[]{"authc"});
        if (asNode.isNull()) {
            return new ValidationResult<>(new MissingAttribute("dynamic.authc"));
        }
        if (!asNode.isMap()) {
            return new ValidationResult<>(new InvalidAttributeValue("dynamic.authc", (Object) null, "A mapping from auth domain names to definitions"));
        }
        ValidationErrors validationErrors = new ValidationErrors();
        ValidationResult<ImmutableList<AuthenticationDomain<TransportAuthenticationDomain.TransportAuthenticationFrontend>>> parseTransportAuthenticationDomains = parseTransportAuthenticationDomains(docNode, context, immutableList);
        validationErrors.add((String) null, parseTransportAuthenticationDomains.getValidationErrors());
        return parseTransportAuthenticationDomains.hasResult() ? new ValidationResult<>(new TransportAuthcConfig(docNode, (ImmutableList) parseTransportAuthenticationDomains.peek(), null, CacheConfig.DEFAULT, false), validationErrors) : new ValidationResult<>(validationErrors);
    }

    static ValidationResult<ImmutableList<AuthenticationDomain<HttpAuthenticationFrontend>>> parseAuthenticationDomains(DocNode docNode, ConfigurationRepository.Context context, ImmutableList<LegacyAuthorizationBackend> immutableList) {
        DocNode asNode = docNode.getAsNode("dynamic", new String[]{"authc"});
        if (asNode.isNull()) {
            return new ValidationResult<>(new MissingAttribute("dynamic.authc"));
        }
        if (!asNode.isMap()) {
            return new ValidationResult<>(new InvalidAttributeValue("dynamic.authc", (Object) null, "A mapping from auth domain names to definitions"));
        }
        ImmutableList.Builder builder = new ImmutableList.Builder();
        ValidationErrors validationErrors = new ValidationErrors();
        for (Map.Entry entry : asNode.toMapOfNodes().entrySet()) {
            String str = (String) entry.getKey();
            try {
                builder.with(LegacyAuthenticationDomain.parseHttpDomain(str, (DocNode) entry.getValue(), context, immutableList));
            } catch (ConfigValidationException e) {
                validationErrors.add("dynamic.authc." + str, e);
            }
        }
        ImmutableList build = builder.build((authenticationDomain, authenticationDomain2) -> {
            return Integer.compare(((LegacyAuthenticationDomain) authenticationDomain).getOrder(), ((LegacyAuthenticationDomain) authenticationDomain2).getOrder());
        });
        if (Boolean.TRUE.equals(docNode.get("dynamic", new String[]{"http", "anonymous_auth_enabled"}))) {
            build = build.with(new LegacyAnonAuthenticationDomain());
        }
        return new ValidationResult<>(build, validationErrors);
    }

    static ValidationResult<ImmutableList<LegacyAuthorizationBackend>> parseAuthorizationDomains(DocNode docNode, ConfigurationRepository.Context context) {
        DocNode asNode = docNode.getAsNode("dynamic", new String[]{"authz"});
        if (asNode.isNull()) {
            return new ValidationResult<>(ImmutableList.empty());
        }
        if (!asNode.isMap()) {
            return new ValidationResult<>(ImmutableList.empty(), new InvalidAttributeValue("dynamic.authc", (Object) null, "A mapping from auth domain names to definitions"));
        }
        ValidationErrors validationErrors = new ValidationErrors();
        ImmutableList.Builder builder = new ImmutableList.Builder();
        Iterator it = asNode.toMapOfNodes().entrySet().iterator();
        while (it.hasNext()) {
            try {
                builder.with(parseAuthorizationDomain((DocNode) ((Map.Entry) it.next()).getValue(), context));
            } catch (ConfigValidationException e) {
                validationErrors.add("dynamic.authz", e);
            }
        }
        return new ValidationResult<>(builder.build(), validationErrors);
    }

    static Optional<LegacyAuthorizationBackend> parseAuthorizationDomain(DocNode docNode, ConfigurationRepository.Context context) throws ConfigValidationException {
        ValidationErrors validationErrors = new ValidationErrors();
        ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors);
        TypedComponentRegistry typedComponentRegistry = context.modulesRegistry().getTypedComponentRegistry();
        if (!validatingDocNode.get("http_enabled").withDefault(true).asBoolean()) {
            return Optional.empty();
        }
        String asString = validatingDocNode.get("authorization_backend.type").required().asString();
        final ImmutableList asListOfStrings = validatingDocNode.get("skipped_users").asListOfStrings();
        LegacyAuthorizationBackend legacyAuthorizationBackend = null;
        try {
            legacyAuthorizationBackend = (LegacyAuthorizationBackend) typedComponentRegistry.create(LegacyAuthorizationBackend.class, asString, docNode.getAsNode("authorization_backend", new String[]{"config"}), context);
        } catch (NoSuchComponentException e) {
            validationErrors.add(new InvalidAttributeValue("authorization_backend.type", asString, e.getAvailableTypesAsInfoString()).cause(e));
        } catch (ConfigValidationException e2) {
            validationErrors.add(asString, e2);
        } catch (Exception e3) {
            log.error("Unexpected exception while creating authorization backend " + asString, e3);
            validationErrors.add(new ValidationError(asString, e3.getMessage()).cause(e3));
        }
        if (asListOfStrings != null && asListOfStrings.size() > 0) {
            final LegacyAuthorizationBackend legacyAuthorizationBackend2 = legacyAuthorizationBackend;
            legacyAuthorizationBackend = new LegacyAuthorizationBackend() { // from class: com.floragunn.searchguard.authc.legacy.LegacySgConfig.1
                @Override // com.floragunn.searchguard.authc.UserInformationBackend
                public String getType() {
                    return UserInformationBackend.this.getType();
                }

                @Override // com.floragunn.searchguard.authc.legacy.LegacyAuthorizationBackend
                public void fillRoles(User user, AuthCredentials authCredentials) throws AuthenticatorUnavailableException {
                    if (WildcardMatcher.matchAny(asListOfStrings, authCredentials.getName())) {
                        return;
                    }
                    fillRoles(user, authCredentials);
                }
            };
        }
        validationErrors.throwExceptionForPresentErrors();
        return Optional.of(legacyAuthorizationBackend);
    }

    static ValidationResult<ImmutableList<AuthenticationDomain<TransportAuthenticationDomain.TransportAuthenticationFrontend>>> parseTransportAuthenticationDomains(DocNode docNode, ConfigurationRepository.Context context, ImmutableList<LegacyAuthorizationBackend> immutableList) {
        DocNode asNode = docNode.getAsNode("dynamic", new String[]{"authc"});
        if (asNode.isNull()) {
            return new ValidationResult<>(ImmutableList.empty());
        }
        if (!asNode.isMap()) {
            return new ValidationResult<>(ImmutableList.empty(), new InvalidAttributeValue("dynamic.authc", (Object) null, "A mapping from auth domain names to definitions"));
        }
        ImmutableList.Builder builder = new ImmutableList.Builder();
        ValidationErrors validationErrors = new ValidationErrors();
        for (Map.Entry entry : asNode.toMapOfNodes().entrySet()) {
            String str = (String) entry.getKey();
            try {
                builder.with(LegacyAuthenticationDomain.parseTransportDomain(str, (DocNode) entry.getValue(), context, immutableList));
            } catch (ConfigValidationException e) {
                validationErrors.add("dynamic.authc." + str, e);
            }
        }
        return new ValidationResult<>(builder.build((authenticationDomain, authenticationDomain2) -> {
            return Integer.compare(((LegacyAuthenticationDomain) authenticationDomain).getOrder(), ((LegacyAuthenticationDomain) authenticationDomain2).getOrder());
        }), validationErrors);
    }

    public RestAuthcConfig getRestAuthcConfig() {
        return this.restAuthcConfig;
    }

    public TransportAuthcConfig getTransportAuthcConfig() {
        return this.transportAuthcConfig;
    }

    public Object toBasicObject() {
        return this.source;
    }

    public DocNode getSource() {
        return this.source;
    }

    public SearchGuardLicenseKey getLicense() {
        return this.license;
    }
}
