package com.floragunn.searchguard.authc.internal_users_db;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Document;
import com.floragunn.codova.documents.Parser;
import com.floragunn.codova.documents.RedactableDocument;
import com.floragunn.codova.documents.patch.PatchableDocument;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidatingDocNode;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.codova.validation.ValidationResult;
import com.floragunn.codova.validation.errors.InvalidAttributeValue;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.fluent.collections.ImmutableMap;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.searchguard.configuration.Hideable;
import com.floragunn.searchguard.support.ConfigConstants;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.bouncycastle.crypto.generators.OpenBSDBCrypt;

/* loaded from: input_file:com/floragunn/searchguard/authc/internal_users_db/InternalUser.class */
public class InternalUser implements PatchableDocument<InternalUser>, RedactableDocument, Hideable {
    private static final SecureRandom RANDOM = new SecureRandom();
    private final Map<String, Object> rawDocument;
    private final String description;
    private final String passwordHash;
    private final boolean reserved;
    private final boolean hidden;
    private final ImmutableSet<String> backendRoles;
    private final ImmutableSet<String> searchGuardRoles;
    private final ImmutableMap<String, Object> attributes;

    private InternalUser(Map<String, Object> map, String str, String str2, boolean z, boolean z2, List<String> list, List<String> list2, Map<String, Object> map2) {
        this.rawDocument = map;
        this.description = str;
        this.passwordHash = str2;
        this.reserved = z;
        this.hidden = z2;
        this.backendRoles = ImmutableSet.of(list);
        this.searchGuardRoles = ImmutableSet.of(list2);
        this.attributes = ImmutableMap.of(map2);
    }

    public Object toBasicObject() {
        return this.rawDocument != null ? this.rawDocument : ImmutableMap.of("description", this.description, "hash", this.passwordHash, "backend_roles", this.backendRoles, "search_guard_roles", this.searchGuardRoles, "attributes", this.attributes);
    }

    /* renamed from: toRedactedBasicObject, reason: merged with bridge method [inline-methods] */
    public ImmutableMap<String, Object> m35toRedactedBasicObject() {
        return this.rawDocument != null ? ImmutableMap.without(this.rawDocument, "hash") : ImmutableMap.ofNonNull("description", this.description, "backend_roles", this.backendRoles, "search_guard_roles", this.searchGuardRoles, "attributes", this.attributes);
    }

    public String getDescription() {
        return this.description;
    }

    public String getPasswordHash() {
        return this.passwordHash;
    }

    @Override // com.floragunn.searchguard.configuration.Hideable
    public boolean isReserved() {
        return this.reserved;
    }

    @Override // com.floragunn.searchguard.configuration.Hideable
    public boolean isHidden() {
        return this.hidden;
    }

    public ImmutableSet<String> getBackendRoles() {
        return this.backendRoles;
    }

    public ImmutableSet<String> getSearchGuardRoles() {
        return this.searchGuardRoles;
    }

    public ImmutableMap<String, Object> getAttributes() {
        return this.attributes;
    }

    public static ValidationResult<InternalUser> parse(Object obj, Parser.Context context) {
        ValidationErrors validationErrors = new ValidationErrors();
        ValidatingDocNode validatingDocNode = new ValidatingDocNode(DocNode.wrap(obj), validationErrors, context);
        String asString = validatingDocNode.get("description").asString();
        String str = null;
        if (validatingDocNode.hasNonNull(ConfigConstants.SEARCHGUARD_AUDIT_EXTERNAL_ES_PASSWORD)) {
            if (validatingDocNode.get(ConfigConstants.SEARCHGUARD_AUDIT_EXTERNAL_ES_PASSWORD).asString().length() == 0) {
                validationErrors.add(new InvalidAttributeValue(ConfigConstants.SEARCHGUARD_AUDIT_EXTERNAL_ES_PASSWORD, "", "A non-empty password"));
            }
            str = hash(validatingDocNode.get(ConfigConstants.SEARCHGUARD_AUDIT_EXTERNAL_ES_PASSWORD).asString().trim().toCharArray());
        } else if (validatingDocNode.hasNonNull("hash")) {
            str = validatingDocNode.get("hash").asString();
        }
        boolean asBoolean = validatingDocNode.get("reserved").withDefault(false).asBoolean();
        boolean asBoolean2 = validatingDocNode.get("hidden").withDefault(false).asBoolean();
        ImmutableList ofStrings = validatingDocNode.get("backend_roles").asList().withEmptyListAsDefault().ofStrings();
        ImmutableList ofStrings2 = validatingDocNode.get("search_guard_roles").asList().withEmptyListAsDefault().ofStrings();
        ImmutableMap asMap = validatingDocNode.get("attributes").asMap();
        Map unmodifiableMap = asMap != null ? Collections.unmodifiableMap(new LinkedHashMap((Map) asMap)) : Collections.emptyMap();
        LinkedHashMap linkedHashMap = new LinkedHashMap((Map) DocNode.wrap(obj));
        linkedHashMap.remove(ConfigConstants.SEARCHGUARD_AUDIT_EXTERNAL_ES_PASSWORD);
        if (str != null) {
            linkedHashMap.put("hash", str);
        }
        return validationErrors.hasErrors() ? new ValidationResult<>(validationErrors) : new ValidationResult<>(new InternalUser(linkedHashMap, asString, str, asBoolean, asBoolean2, ofStrings, ofStrings2, unmodifiableMap));
    }

    public static Document<InternalUser> check(Map<String, Object> map) throws ConfigValidationException {
        return Document.assertedType(map, InternalUser.class);
    }

    private static String hash(char[] cArr) {
        byte[] bArr = new byte[16];
        RANDOM.nextBytes(bArr);
        String generate = OpenBSDBCrypt.generate(cArr, bArr, 12);
        Arrays.fill(bArr, (byte) 0);
        Arrays.fill(cArr, (char) 0);
        return generate;
    }

    /* renamed from: parseI, reason: merged with bridge method [inline-methods] */
    public InternalUser m34parseI(DocNode docNode, Parser.Context context) throws ConfigValidationException {
        return (InternalUser) parse(docNode.toMap(), context).get();
    }
}
