package com.floragunn.searchguard.authc.base;

import com.floragunn.codova.documents.BasicJsonPathDefaultConfiguration;
import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Parser;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidatingDocNode;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.codova.validation.errors.InvalidAttributeValue;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.fluent.collections.ImmutableMap;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.fluent.collections.UnmodifiableIterator;
import com.floragunn.searchguard.authc.AuthenticationBackend;
import com.floragunn.searchguard.authc.AuthenticationDomain;
import com.floragunn.searchguard.authc.CredentialsException;
import com.floragunn.searchguard.authc.base.AuthcResult;
import com.floragunn.searchguard.user.AuthCredentials;
import com.floragunn.searchguard.user.User;
import com.google.common.base.Splitter;
import com.jayway.jsonpath.Configuration;
import com.jayway.jsonpath.InvalidPathException;
import com.jayway.jsonpath.JsonPath;
import com.jayway.jsonpath.Option;
import com.jayway.jsonpath.PathNotFoundException;
import com.jayway.jsonpath.Predicate;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/floragunn/searchguard/authc/base/UserMapping.class */
public class UserMapping implements AuthenticationBackend.UserMapper, AuthenticationDomain.CredentialsMapper {
    private static final Logger log = LogManager.getLogger(UserMapping.class);
    private final DocNode source;
    private final ImmutableList<MappingSpecification> userName;
    private final ImmutableList<MappingSpecification> userNameFromBackend;
    private final ImmutableList<MappingSpecification> roles;
    private final ImmutableList<MapMappingSpecification> attrs;

    /* loaded from: input_file:com/floragunn/searchguard/authc/base/UserMapping$FromAttribute.class */
    public static class FromAttribute extends MappingSpecification {
        private final JsonPath attributePath;
        private final Pattern pattern;
        private final Splitter splitter;
        private static final Configuration attributePathConfiguration = BasicJsonPathDefaultConfiguration.listDefaultConfiguration().addOptions(new Option[]{Option.SUPPRESS_EXCEPTIONS});

        FromAttribute(JsonPath jsonPath, Pattern pattern, String str) {
            this.pattern = pattern;
            this.attributePath = jsonPath;
            this.splitter = str != null ? Splitter.on(str).trimResults() : null;
        }

        static FromAttribute parse(DocNode docNode, Parser.Context context) throws ConfigValidationException {
            if (docNode.isString()) {
                try {
                    return new FromAttribute(JsonPath.compile(docNode.toString(), new Predicate[0]), null, null);
                } catch (InvalidPathException e) {
                    throw new ConfigValidationException(new InvalidAttributeValue((String) null, docNode, "JSON Path").message(e.getMessage()).cause(e));
                }
            }
            if (!docNode.isMap()) {
                throw new ConfigValidationException(new InvalidAttributeValue((String) null, docNode, "JSON Path"));
            }
            ValidationErrors validationErrors = new ValidationErrors();
            ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors, context);
            JsonPath asJsonPath = validatingDocNode.get("json_path").required().asJsonPath();
            Pattern asPattern = validatingDocNode.get("pattern").asPattern();
            String asString = validatingDocNode.get("split").asString();
            validationErrors.throwExceptionForPresentErrors();
            return new FromAttribute(asJsonPath, asPattern, asString);
        }

        static FromAttribute parseCommaSeparated(DocNode docNode, Parser.Context context) throws ConfigValidationException {
            if (!docNode.isString()) {
                throw new ConfigValidationException(new InvalidAttributeValue((String) null, docNode, "JSON Path"));
            }
            try {
                return new FromAttribute(JsonPath.compile(docNode.toString(), new Predicate[0]), null, ",");
            } catch (InvalidPathException e) {
                throw new ConfigValidationException(new InvalidAttributeValue((String) null, docNode, "JSON Path").message(e.getMessage()).cause(e));
            }
        }

        @Override // com.floragunn.searchguard.authc.base.UserMapping.MappingSpecification
        ImmutableSet<String> apply(AuthCredentials authCredentials) {
            try {
                List list = (List) JsonPath.using(attributePathConfiguration).parse(authCredentials.getAttributesForUserMapping()).read(this.attributePath);
                return this.splitter != null ? ImmutableSet.flattenDeep(list, String::valueOf).mapFlat(str -> {
                    return splitAndApplyPattern(str);
                }) : ImmutableSet.flattenDeep(list, obj -> {
                    return applyPattern(obj);
                });
            } catch (PathNotFoundException e) {
                return ImmutableSet.empty();
            }
        }

        private Collection<String> splitAndApplyPattern(String str) {
            return (Collection) this.splitter.splitToStream(str).map(str2 -> {
                return applyPattern(str2);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.toList());
        }

        private String applyPattern(Object obj) {
            String obj2 = obj.toString();
            if (this.pattern == null) {
                return obj2;
            }
            Matcher matcher = this.pattern.matcher(obj2);
            if (!matcher.matches()) {
                return null;
            }
            if (matcher.groupCount() == 1) {
                return matcher.group(1);
            }
            if (matcher.groupCount() <= 1) {
                return null;
            }
            StringBuilder sb = new StringBuilder();
            for (int i = 1; i <= matcher.groupCount(); i++) {
                if (matcher.group(i) != null) {
                    sb.append(matcher.group(i));
                }
            }
            if (sb.length() != 0) {
                return sb.toString();
            }
            return null;
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/authc/base/UserMapping$FromAttributeMap.class */
    public static class FromAttributeMap extends MapMappingSpecification {
        private final Map<String, JsonPath> attributePathMap;
        private static final Configuration attributePathConfiguration = BasicJsonPathDefaultConfiguration.defaultConfiguration();

        FromAttributeMap(Map<String, JsonPath> map) {
            this.attributePathMap = map;
        }

        static FromAttributeMap parseFrom(DocNode docNode, Parser.Context context) throws ConfigValidationException {
            if (!docNode.isMap()) {
                throw new ConfigValidationException(new InvalidAttributeValue((String) null, docNode, "A mapping from attribute names to JSON Path"));
            }
            ValidationErrors validationErrors = new ValidationErrors();
            ImmutableMap.Builder builder = new ImmutableMap.Builder();
            UnmodifiableIterator it = docNode.toMap().entrySet().iterator();
            while (it.hasNext()) {
                Map.Entry entry = (Map.Entry) it.next();
                try {
                    builder.put((String) entry.getKey(), JsonPath.compile(String.valueOf(entry.getValue()), new Predicate[0]));
                } catch (InvalidPathException e) {
                    validationErrors.add(new InvalidAttributeValue((String) entry.getKey(), entry.getValue(), "JSON Path").message(e.getMessage()).cause(e));
                }
            }
            validationErrors.throwExceptionForPresentErrors();
            return new FromAttributeMap(builder.build());
        }

        @Override // com.floragunn.searchguard.authc.base.UserMapping.MapMappingSpecification
        void apply(AuthCredentials authCredentials, ImmutableMap.Builder<String, Object> builder) {
            for (Map.Entry<String, JsonPath> entry : this.attributePathMap.entrySet()) {
                try {
                    builder.with(entry.getKey(), JsonPath.using(attributePathConfiguration).parse(authCredentials.getAttributesForUserMapping()).read(entry.getValue()));
                } catch (Exception e) {
                    UserMapping.log.error("Error while evaluating map attribute mapping " + entry, e);
                } catch (PathNotFoundException e2) {
                    if (UserMapping.log.isDebugEnabled()) {
                        UserMapping.log.debug("Attribute mapping path not found: " + entry, e2);
                    }
                }
            }
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/authc/base/UserMapping$MapMappingSpecification.class */
    public static abstract class MapMappingSpecification {
        static ImmutableList<MapMappingSpecification> parse(DocNode docNode, Parser.Context context) throws ConfigValidationException {
            ValidationErrors validationErrors = new ValidationErrors();
            ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors, context);
            ImmutableList ofObjectsParsedBy = validatingDocNode.get("from").asList().withEmptyListAsDefault().ofObjectsParsedBy(FromAttributeMap::parseFrom);
            ImmutableList ofObjectsParsedBy2 = validatingDocNode.get("static").asList().withEmptyListAsDefault().ofObjectsParsedBy(StaticMap::parseStatic);
            validationErrors.throwExceptionForPresentErrors();
            return ImmutableList.concat(ofObjectsParsedBy, ofObjectsParsedBy2);
        }

        static ImmutableMap<String, Object> apply(Collection<MapMappingSpecification> collection, AuthCredentials authCredentials) {
            ImmutableMap.Builder<String, Object> builder = new ImmutableMap.Builder<>();
            Iterator<MapMappingSpecification> it = collection.iterator();
            while (it.hasNext()) {
                it.next().apply(authCredentials, builder);
            }
            return builder.build();
        }

        abstract void apply(AuthCredentials authCredentials, ImmutableMap.Builder<String, Object> builder);
    }

    /* loaded from: input_file:com/floragunn/searchguard/authc/base/UserMapping$MappingSpecification.class */
    public static abstract class MappingSpecification {
        static ImmutableList<MappingSpecification> parseUserNameMapping(DocNode docNode, Parser.Context context) throws ConfigValidationException {
            ValidationErrors validationErrors = new ValidationErrors();
            ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors, context);
            ImmutableList ofObjectsParsedBy = validatingDocNode.get("from").asList().withEmptyListAsDefault().ofObjectsParsedBy(FromAttribute::parse);
            ImmutableList ofObjectsParsedBy2 = validatingDocNode.get("static").asList().withEmptyListAsDefault().ofObjectsParsedBy(Static::parse);
            validatingDocNode.used(new String[]{"from_backend"});
            validatingDocNode.checkForUnusedAttributes();
            validationErrors.throwExceptionForPresentErrors();
            return ImmutableList.concat(ofObjectsParsedBy, ofObjectsParsedBy2);
        }

        static ImmutableList<MappingSpecification> parseUserNameFromBackendMapping(DocNode docNode, Parser.Context context) throws ConfigValidationException {
            ValidationErrors validationErrors = new ValidationErrors();
            ImmutableList<MappingSpecification> ofObjectsParsedBy = new ValidatingDocNode(docNode, validationErrors, context).get("from_backend").asList().withEmptyListAsDefault().ofObjectsParsedBy(FromAttribute::parse);
            validationErrors.throwExceptionForPresentErrors();
            return ofObjectsParsedBy;
        }

        static ImmutableList<MappingSpecification> parseRoleMapping(DocNode docNode, Parser.Context context) throws ConfigValidationException {
            ValidationErrors validationErrors = new ValidationErrors();
            ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors, context);
            ImmutableList ofObjectsParsedBy = validatingDocNode.get("from").asList().withEmptyListAsDefault().ofObjectsParsedBy(FromAttribute::parse);
            ImmutableList ofObjectsParsedBy2 = validatingDocNode.get("from_comma_separated_string").asList().withEmptyListAsDefault().ofObjectsParsedBy(FromAttribute::parseCommaSeparated);
            ImmutableList ofObjectsParsedBy3 = validatingDocNode.get("static").asList().withEmptyListAsDefault().ofObjectsParsedBy(Static::parse);
            validatingDocNode.checkForUnusedAttributes();
            validationErrors.throwExceptionForPresentErrors();
            return ImmutableList.concat(ofObjectsParsedBy, ofObjectsParsedBy2, ofObjectsParsedBy3);
        }

        abstract ImmutableSet<String> apply(AuthCredentials authCredentials);

        static ImmutableSet<String> apply(Collection<MappingSpecification> collection, AuthCredentials authCredentials) {
            ImmutableSet<String> empty = ImmutableSet.empty();
            Iterator<MappingSpecification> it = collection.iterator();
            while (it.hasNext()) {
                empty = empty.with(it.next().apply(authCredentials));
            }
            return empty;
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/authc/base/UserMapping$Static.class */
    public static class Static extends MappingSpecification {
        private final ImmutableSet<String> valueAsSet;

        Static(String str) {
            this.valueAsSet = ImmutableSet.of(str);
        }

        static Static parse(DocNode docNode, Parser.Context context) throws ConfigValidationException {
            return new Static(docNode.toString());
        }

        @Override // com.floragunn.searchguard.authc.base.UserMapping.MappingSpecification
        ImmutableSet<String> apply(AuthCredentials authCredentials) {
            return this.valueAsSet;
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/authc/base/UserMapping$StaticMap.class */
    public static class StaticMap extends MapMappingSpecification {
        private final ImmutableMap<String, Object> map;

        StaticMap(Map<String, Object> map) {
            this.map = ImmutableMap.of(map);
        }

        static StaticMap parseStatic(DocNode docNode, Parser.Context context) throws ConfigValidationException {
            if (docNode.isMap()) {
                return new StaticMap(docNode.toMap());
            }
            throw new ConfigValidationException(new InvalidAttributeValue((String) null, docNode, "A mapping from attribute names to values"));
        }

        @Override // com.floragunn.searchguard.authc.base.UserMapping.MapMappingSpecification
        void apply(AuthCredentials authCredentials, ImmutableMap.Builder<String, Object> builder) {
            builder.putAll(this.map);
        }
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain.CredentialsMapper
    public AuthCredentials mapCredentials(AuthCredentials authCredentials) throws CredentialsException {
        if (log.isDebugEnabled()) {
            log.debug("Mapping user using attributes " + authCredentials.getAttributesForUserMapping() + " for " + authCredentials);
        }
        if (this.userName == null || this.userName.isEmpty()) {
            return authCredentials;
        }
        ImmutableMap of = ImmutableMap.of("user_mapping_attributes", authCredentials.getAttributesForUserMapping(), "user_mapping", this.source);
        ImmutableSet<String> apply = MappingSpecification.apply(this.userName, authCredentials);
        if (apply.size() == 0) {
            throw new CredentialsException(new AuthcResult.DebugInfo(null, false, "No user name found", of));
        }
        if (apply.size() != 1) {
            throw new CredentialsException(new AuthcResult.DebugInfo(null, false, "More than one candidate for the user name was found", of.with("user_name_candidates", apply)));
        }
        if (log.isDebugEnabled()) {
            log.debug("Mapped user name: " + ((String) apply.only()));
        }
        return authCredentials.userName((String) apply.only());
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationBackend.UserMapper
    public User map(AuthCredentials authCredentials) throws CredentialsException {
        if (log.isDebugEnabled()) {
            log.debug("Mapping user using attributes " + authCredentials.getAttributesForUserMapping() + " for " + authCredentials);
        }
        AuthCredentials.Builder copy = authCredentials.copy();
        ImmutableMap of = ImmutableMap.of("user_mapping_attributes", authCredentials.getAttributesForUserMapping(), "user_mapping", this.source);
        if (this.userNameFromBackend != null && !this.userNameFromBackend.isEmpty()) {
            ImmutableSet<String> apply = MappingSpecification.apply(this.userNameFromBackend, authCredentials);
            if (apply.size() == 0) {
                throw new CredentialsException(new AuthcResult.DebugInfo(null, false, "No user name found", of));
            }
            if (apply.size() != 1) {
                throw new CredentialsException(new AuthcResult.DebugInfo(null, false, "More than one candidate for the user name was found", of.with("user_name_candidates", apply)));
            }
            if (log.isDebugEnabled()) {
                log.debug("Mapped user name: " + ((String) apply.only()));
            }
            copy.userName((String) apply.only());
        }
        if (this.roles != null && !this.roles.isEmpty()) {
            ImmutableSet<String> apply2 = MappingSpecification.apply(this.roles, authCredentials);
            copy.backendRoles((Collection<String>) apply2);
            if (log.isDebugEnabled()) {
                log.debug("Mapped roles: " + apply2);
            }
        }
        if (this.attrs != null && !this.attrs.isEmpty()) {
            ImmutableMap<String, Object> apply3 = MapMappingSpecification.apply((Collection<MapMappingSpecification>) this.attrs, authCredentials);
            if (log.isDebugEnabled()) {
                log.debug("Mapped attributes: " + apply3);
            }
            try {
                copy.attributes(apply3);
            } catch (IllegalArgumentException e) {
                throw new CredentialsException(new AuthcResult.DebugInfo(null, false, e.getMessage(), of), e);
            }
        }
        return User.forUser(copy.getUserName()).with(copy.build()).build();
    }

    public static UserMapping parse(DocNode docNode, Parser.Context context) throws ConfigValidationException {
        ValidationErrors validationErrors = new ValidationErrors();
        ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors, context);
        ImmutableList immutableList = (ImmutableList) validatingDocNode.get("user_name").by(MappingSpecification::parseUserNameMapping);
        ImmutableList immutableList2 = (ImmutableList) validatingDocNode.get("user_name").by(MappingSpecification::parseUserNameFromBackendMapping);
        ImmutableList immutableList3 = (ImmutableList) validatingDocNode.get("roles").by(MappingSpecification::parseRoleMapping);
        ImmutableList immutableList4 = (ImmutableList) validatingDocNode.get("attrs").by(MapMappingSpecification::parse);
        validatingDocNode.checkForUnusedAttributes();
        validationErrors.throwExceptionForPresentErrors();
        return new UserMapping(docNode, immutableList, immutableList2, immutableList3, immutableList4);
    }

    public UserMapping(DocNode docNode, ImmutableList<MappingSpecification> immutableList, ImmutableList<MappingSpecification> immutableList2, ImmutableList<MappingSpecification> immutableList3, ImmutableList<MapMappingSpecification> immutableList4) {
        this.source = docNode;
        this.userName = immutableList;
        this.userNameFromBackend = immutableList2;
        this.roles = immutableList3;
        this.attrs = immutableList4;
    }

    public List<MappingSpecification> getUserName() {
        return this.userName;
    }

    public List<MappingSpecification> getRoles() {
        return this.roles;
    }

    public List<MapMappingSpecification> getAttrs() {
        return this.attrs;
    }
}
