package com.floragunn.searchguard.authz.config;

import com.floragunn.codova.config.templates.Template;
import com.floragunn.codova.config.text.Pattern;
import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Document;
import com.floragunn.codova.documents.Parser;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidatingDocNode;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.codova.validation.ValidationResult;
import com.floragunn.codova.validation.errors.ValidationError;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.searchguard.configuration.Hideable;
import com.floragunn.searchguard.configuration.StaticDefinable;
import com.floragunn.searchsupport.queries.Query;
import com.floragunn.searchsupport.xcontent.XContentParserContext;
import com.google.common.base.Splitter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.PatternSyntaxException;

/* loaded from: input_file:com/floragunn/searchguard/authz/config/Role.class */
public class Role implements Document<Role>, Hideable, StaticDefinable {
    private final DocNode source;
    private final boolean reserved;
    private final boolean hidden;
    private final boolean isStatic;
    private final String description;
    private final ImmutableList<String> clusterPermissions;
    private final ImmutableList<Index> indexPermissions;
    private final ImmutableList<Tenant> tenantPermissions;
    private final ImmutableList<String> excludeClusterPermissions;
    private final ImmutableList<ExcludeIndex> excludeIndexPermissions;

    /* loaded from: input_file:com/floragunn/searchguard/authz/config/Role$ExcludeIndex.class */
    public static class ExcludeIndex {
        private final ImmutableList<Template<Pattern>> indexPatterns;
        private final ImmutableList<String> actions;

        public ExcludeIndex(DocNode docNode, Parser.Context context) throws ConfigValidationException {
            ValidationErrors validationErrors = new ValidationErrors();
            ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors, context);
            validatingDocNode.get("actions").by(Pattern::parse);
            this.indexPatterns = ImmutableList.of(validatingDocNode.get("index_patterns").asList().withEmptyListAsDefault().ofTemplates(Pattern::create));
            this.actions = ImmutableList.of(validatingDocNode.get("actions").asList().withEmptyListAsDefault().ofStrings());
            validatingDocNode.checkForUnusedAttributes();
            validationErrors.throwExceptionForPresentErrors();
        }

        public ExcludeIndex(ImmutableList<Template<Pattern>> immutableList, ImmutableList<String> immutableList2) {
            this.indexPatterns = immutableList;
            this.actions = immutableList2;
        }

        public ImmutableList<Template<Pattern>> getIndexPatterns() {
            return this.indexPatterns;
        }

        public ImmutableList<String> getActions() {
            return this.actions;
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/authz/config/Role$Index.class */
    public static class Index {
        private final ImmutableList<Template<Pattern>> indexPatterns;
        private final Template<Query> dls;
        private final ImmutableList<FlsPattern> fls;
        private final ImmutableList<FieldMaskingExpression> maskedFields;
        private final ImmutableList<String> allowedActions;

        /* loaded from: input_file:com/floragunn/searchguard/authz/config/Role$Index$FieldMaskingExpression.class */
        public static class FieldMaskingExpression {
            private final Pattern pattern;
            private final MessageDigest algo;
            private final List<RegexReplacement> regexReplacements;
            private final String source;

            /* loaded from: input_file:com/floragunn/searchguard/authz/config/Role$Index$FieldMaskingExpression$RegexReplacement.class */
            public static class RegexReplacement {
                private final java.util.regex.Pattern regex;
                private final String replacement;

                public RegexReplacement(String str, String str2) throws ConfigValidationException {
                    if (!str.startsWith("/") || !str.endsWith("/")) {
                        throw new ConfigValidationException(new ValidationError((String) null, "A regular expression needs to be wrapped in /.../"));
                    }
                    try {
                        this.regex = java.util.regex.Pattern.compile(str.substring(1).substring(0, str.length() - 2));
                        this.replacement = str2;
                    } catch (PatternSyntaxException e) {
                        throw new ConfigValidationException(new ValidationError((String) null, e.getMessage()).cause(e));
                    }
                }

                public java.util.regex.Pattern getRegex() {
                    return this.regex;
                }

                public String getReplacement() {
                    return this.replacement;
                }

                public String toString() {
                    return "RegexReplacement [regex=" + this.regex + ", replacement=" + this.replacement + "]";
                }
            }

            FieldMaskingExpression(String str) throws ConfigValidationException {
                this.source = str;
                List splitToList = Splitter.on("::").splitToList(str);
                this.pattern = Pattern.create((String) splitToList.get(0));
                if (splitToList.size() == 1) {
                    this.algo = null;
                    this.regexReplacements = null;
                    return;
                }
                if (splitToList.size() == 2) {
                    this.regexReplacements = null;
                    try {
                        this.algo = MessageDigest.getInstance((String) splitToList.get(1));
                        return;
                    } catch (NoSuchAlgorithmException e) {
                        throw new ConfigValidationException(new ValidationError((String) null, "Invalid algorithm " + ((String) splitToList.get(1))));
                    }
                }
                this.algo = null;
                this.regexReplacements = new ArrayList((splitToList.size() - 1) / 2);
                int i = 1;
                while (true) {
                    int i2 = i;
                    if (i2 >= splitToList.size() - 1) {
                        return;
                    }
                    this.regexReplacements.add(new RegexReplacement((String) splitToList.get(i2), (String) splitToList.get(i2 + 1)));
                    i = i2 + 2;
                }
            }

            public String toString() {
                return this.source;
            }

            public MessageDigest getAlgo() {
                return this.algo;
            }

            public List<RegexReplacement> getRegexReplacements() {
                return this.regexReplacements;
            }

            public Pattern getPattern() {
                return this.pattern;
            }

            public String getSource() {
                return this.source;
            }
        }

        /* loaded from: input_file:com/floragunn/searchguard/authz/config/Role$Index$FlsPattern.class */
        public static class FlsPattern {
            public static final FlsPattern INCLUDE_ALL = new FlsPattern(Pattern.wildcard(), false, "*");
            public static final FlsPattern EXCLUDE_ALL = new FlsPattern(Pattern.wildcard(), true, "~*");
            private final boolean excluded;
            private final Pattern pattern;
            private final String source;

            FlsPattern(String str) throws ConfigValidationException {
                if (str.startsWith("~") || str.startsWith("!")) {
                    this.excluded = true;
                    this.pattern = Pattern.create(str.substring(1));
                } else {
                    this.pattern = Pattern.create(str);
                    this.excluded = false;
                }
                this.source = str;
            }

            FlsPattern(Pattern pattern, boolean z, String str) {
                this.pattern = pattern;
                this.excluded = z;
                this.source = str;
            }

            public String getSource() {
                return this.source;
            }

            public Pattern getPattern() {
                return this.pattern;
            }

            public boolean isExcluded() {
                return this.excluded;
            }

            public String toString() {
                return this.source;
            }
        }

        Index(DocNode docNode, Parser.Context context) throws ConfigValidationException {
            ValidationErrors validationErrors = new ValidationErrors();
            ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors, context);
            this.dls = validatingDocNode.get("dls").asTemplate(str -> {
                return new Query(str, (XContentParserContext) context);
            });
            this.fls = validatingDocNode.get("fls").asList().ofObjectsParsedByString(FlsPattern::new);
            this.maskedFields = validatingDocNode.get("masked_fields").asList().withEmptyListAsDefault().ofObjectsParsedByString(FieldMaskingExpression::new);
            validatingDocNode.get("allowed_actions").by(Pattern::parse);
            this.allowedActions = ImmutableList.of(validatingDocNode.get("allowed_actions").asList().withEmptyListAsDefault().ofStrings());
            this.indexPatterns = ImmutableList.of(validatingDocNode.get("index_patterns").asList().withEmptyListAsDefault().ofTemplates(Pattern::create));
            validationErrors.throwExceptionForPresentErrors();
        }

        public Index(ImmutableList<Template<Pattern>> immutableList, Template<Query> template, ImmutableList<FlsPattern> immutableList2, ImmutableList<FieldMaskingExpression> immutableList3, ImmutableList<String> immutableList4) {
            this.indexPatterns = immutableList;
            this.dls = template;
            this.fls = immutableList2;
            this.maskedFields = immutableList3;
            this.allowedActions = immutableList4;
        }

        public ImmutableList<Template<Pattern>> getIndexPatterns() {
            return this.indexPatterns;
        }

        public Template<Query> getDls() {
            return this.dls;
        }

        public ImmutableList<FlsPattern> getFls() {
            return this.fls;
        }

        public ImmutableList<FieldMaskingExpression> getMaskedFields() {
            return this.maskedFields;
        }

        public ImmutableList<String> getAllowedActions() {
            return this.allowedActions;
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/authz/config/Role$Tenant.class */
    public static class Tenant {
        private final ImmutableList<Template<Pattern>> tenantPatterns;
        private final ImmutableList<String> allowedActions;

        public Tenant(DocNode docNode, Parser.Context context) throws ConfigValidationException {
            ValidationErrors validationErrors = new ValidationErrors();
            ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors, context);
            validatingDocNode.get("allowed_actions").by(Pattern::parse);
            this.tenantPatterns = ImmutableList.of(validatingDocNode.get("tenant_patterns").asList().withEmptyListAsDefault().ofTemplates(Pattern::create));
            this.allowedActions = ImmutableList.of(validatingDocNode.get("allowed_actions").asList().withEmptyListAsDefault().ofStrings());
            validatingDocNode.checkForUnusedAttributes();
            validationErrors.throwExceptionForPresentErrors();
        }

        public Tenant(ImmutableList<Template<Pattern>> immutableList, ImmutableList<String> immutableList2) {
            this.tenantPatterns = immutableList;
            this.allowedActions = immutableList2;
        }

        public ImmutableList<Template<Pattern>> getTenantPatterns() {
            return this.tenantPatterns;
        }

        public ImmutableList<String> getAllowedActions() {
            return this.allowedActions;
        }
    }

    public static ValidationResult<Role> parse(DocNode docNode, Parser.Context context) {
        ValidationErrors validationErrors = new ValidationErrors();
        ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors, context);
        boolean asBoolean = validatingDocNode.get("reserved").withDefault(false).asBoolean();
        boolean asBoolean2 = validatingDocNode.get("hidden").withDefault(false).asBoolean();
        boolean asBoolean3 = validatingDocNode.get("static").withDefault(false).asBoolean();
        validatingDocNode.get("cluster_permissions").by(Pattern::parse);
        validatingDocNode.get("exclude_cluster_permissions").by(Pattern::parse);
        ImmutableList of = ImmutableList.of(validatingDocNode.get("cluster_permissions").asList().withEmptyListAsDefault().ofStrings());
        ImmutableList of2 = ImmutableList.of(validatingDocNode.get("exclude_cluster_permissions").asList().withEmptyListAsDefault().ofStrings());
        ImmutableList of3 = ImmutableList.of(validatingDocNode.get("index_permissions").asList().ofObjectsParsedBy(Index::new));
        ImmutableList of4 = ImmutableList.of(validatingDocNode.get("tenant_permissions").asList().ofObjectsParsedBy(Tenant::new));
        ImmutableList of5 = ImmutableList.of(validatingDocNode.get("exclude_index_permissions").asList().ofObjectsParsedBy(ExcludeIndex::new));
        String asString = validatingDocNode.get("description").asString();
        validatingDocNode.checkForUnusedAttributes();
        return new ValidationResult<>(new Role(docNode, asBoolean, asBoolean2, asBoolean3, asString, of, of3, of4, of2, of5), validationErrors);
    }

    public Role(DocNode docNode, boolean z, boolean z2, boolean z3, String str, ImmutableList<String> immutableList, ImmutableList<Index> immutableList2, ImmutableList<Tenant> immutableList3, ImmutableList<String> immutableList4, ImmutableList<ExcludeIndex> immutableList5) {
        this.source = docNode;
        this.reserved = z;
        this.isStatic = z3;
        this.hidden = z2;
        this.description = str;
        this.clusterPermissions = immutableList;
        this.indexPermissions = immutableList2;
        this.tenantPermissions = immutableList3;
        this.excludeClusterPermissions = immutableList4;
        this.excludeIndexPermissions = immutableList5;
    }

    public Object toBasicObject() {
        return this.source;
    }

    @Override // com.floragunn.searchguard.configuration.Hideable
    public boolean isReserved() {
        return this.reserved;
    }

    @Override // com.floragunn.searchguard.configuration.Hideable
    public boolean isHidden() {
        return this.hidden;
    }

    public ImmutableList<String> getClusterPermissions() {
        return this.clusterPermissions;
    }

    public ImmutableList<String> getExcludeClusterPermissions() {
        return this.excludeClusterPermissions;
    }

    public ImmutableList<Index> getIndexPermissions() {
        return this.indexPermissions;
    }

    public ImmutableList<ExcludeIndex> getExcludeIndexPermissions() {
        return this.excludeIndexPermissions;
    }

    public ImmutableList<Tenant> getTenantPermissions() {
        return this.tenantPermissions;
    }

    public String getDescription() {
        return this.description;
    }

    @Override // com.floragunn.searchguard.configuration.StaticDefinable
    public boolean isStatic() {
        return this.isStatic;
    }
}
