package com.floragunn.searchguard.authc.rest;

import com.floragunn.codova.config.net.CacheConfig;
import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Metadata;
import com.floragunn.codova.documents.Parser;
import com.floragunn.codova.documents.UnexpectedDocumentStructureException;
import com.floragunn.codova.documents.patch.PatchableDocument;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidatingDocNode;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.codova.validation.ValidationResult;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.fluent.collections.UnmodifiableIterator;
import com.floragunn.searchguard.authc.AuthenticationDomain;
import com.floragunn.searchguard.authc.base.IPAddressAcceptanceRules;
import com.floragunn.searchguard.authc.base.StandardAuthenticationDomain;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.configuration.Destroyable;
import com.floragunn.searchguard.support.IPAddressCollection;
import com.floragunn.searchsupport.cstate.metrics.MetricsLevel;
import java.util.regex.Pattern;

/* loaded from: input_file:com/floragunn/searchguard/authc/rest/RestAuthcConfig.class */
public class RestAuthcConfig implements PatchableDocument<RestAuthcConfig>, Destroyable {
    public static final Metadata<RestAuthcConfig> META = Metadata.create(RestAuthcConfig.class, "sg_authc", "Authentication configuration for the REST API", (docNode, context) -> {
        return (RestAuthcConfig) parse(docNode, (ConfigurationRepository.Context) context).get();
    }, new Metadata.Attribute[]{Metadata.Attribute.list("auth_domains", Object.class, "The authentication domains to use."), Metadata.Attribute.optional("debug", Boolean.class, "Enables authc debug mode. If true, /_searchguard/auth/debug provides debug information."), Metadata.Attribute.optional("network", Object.class, "Network-specific configuration."), Metadata.Attribute.optional("user_cache", Object.class, "User cache configuration.")});
    private final DocNode source;
    private final ImmutableList<AuthenticationDomain<HttpAuthenticationFrontend>> authenticationDomains;
    private final Network network;
    private final boolean debugEnabled;
    private final CacheConfig userCacheConfig;
    private final MetricsLevel metricsLevel;

    /* loaded from: input_file:com/floragunn/searchguard/authc/rest/RestAuthcConfig$Network.class */
    public static class Network {
        private final IPAddressCollection trustedProxies;

        @Deprecated
        private final Pattern trustedProxiesPattern;
        private final String remoteIpHttpHeader;
        private final IPAddressAcceptanceRules ipAddressAcceptanceRules;

        public Network(IPAddressCollection iPAddressCollection, IPAddressAcceptanceRules iPAddressAcceptanceRules, Pattern pattern, String str) {
            this.trustedProxies = iPAddressCollection;
            this.trustedProxiesPattern = pattern;
            this.remoteIpHttpHeader = str;
            this.ipAddressAcceptanceRules = iPAddressAcceptanceRules;
        }

        static Network parse(DocNode docNode) throws ConfigValidationException {
            ValidationErrors validationErrors = new ValidationErrors();
            ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors);
            IPAddressCollection iPAddressCollection = (IPAddressCollection) validatingDocNode.get("trusted_proxies").by(IPAddressCollection::parse);
            Pattern asPattern = validatingDocNode.get("trusted_proxies_regex").asPattern();
            String asString = validatingDocNode.get("http.remote_ip_header").withDefault("X-Forwarded-For").asString();
            IPAddressAcceptanceRules iPAddressAcceptanceRules = new IPAddressAcceptanceRules((IPAddressAcceptanceRules.Criteria) validatingDocNode.get("accept").by(IPAddressAcceptanceRules.Criteria::parse), (IPAddressAcceptanceRules.Criteria) validatingDocNode.get("deny").by(IPAddressAcceptanceRules.Criteria::parse));
            validatingDocNode.checkForUnusedAttributes();
            validationErrors.throwExceptionForPresentErrors();
            return new Network(iPAddressCollection, iPAddressAcceptanceRules, asPattern, asString);
        }

        public static Network parseLegacy(DocNode docNode) throws ConfigValidationException {
            ValidationErrors validationErrors = new ValidationErrors();
            ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors);
            Pattern asPattern = validatingDocNode.get("internalProxies").asPattern();
            String asString = validatingDocNode.get("remoteIpHeader").withDefault("X-Forwarded-For").asString();
            validationErrors.throwExceptionForPresentErrors();
            return new Network(null, IPAddressAcceptanceRules.ANY, asPattern, asString);
        }

        public IPAddressCollection getTrustedProxies() {
            return this.trustedProxies;
        }

        @Deprecated
        public Pattern getTrustedProxiesPattern() {
            return this.trustedProxiesPattern;
        }

        public boolean hasTrustedProxies() {
            return (this.trustedProxies == null && this.trustedProxiesPattern == null) ? false : true;
        }

        public String getRemoteIpHttpHeader() {
            return this.remoteIpHttpHeader;
        }

        public IPAddressAcceptanceRules getIpAddressAcceptanceRules() {
            return this.ipAddressAcceptanceRules;
        }
    }

    public RestAuthcConfig(DocNode docNode, ImmutableList<AuthenticationDomain<HttpAuthenticationFrontend>> immutableList, Network network, CacheConfig cacheConfig, boolean z, MetricsLevel metricsLevel) {
        this.source = docNode;
        this.authenticationDomains = immutableList;
        this.network = network;
        this.debugEnabled = z;
        this.userCacheConfig = cacheConfig;
        this.metricsLevel = metricsLevel;
    }

    public Object toBasicObject() {
        return this.source;
    }

    public static ValidationResult<RestAuthcConfig> parse(DocNode docNode, ConfigurationRepository.Context context) {
        ValidationErrors validationErrors = new ValidationErrors();
        try {
            ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode.splitDottedAttributeNamesToTree(), validationErrors);
            MetricsLevel asEnum = validatingDocNode.get("metrics").withDefault(MetricsLevel.BASIC).asEnum(MetricsLevel.class);
            ImmutableList asList = validatingDocNode.get("auth_domains").asList(docNode2 -> {
                return StandardAuthenticationDomain.parse(docNode2, HttpAuthenticationFrontend.class, context, asEnum);
            });
            Network network = (Network) validatingDocNode.get("network").by(Network::parse);
            boolean asBoolean = validatingDocNode.get("debug").withDefault(false).asBoolean();
            CacheConfig cacheConfig = (CacheConfig) validatingDocNode.get("user_cache").withDefault(CacheConfig.DEFAULT).by(CacheConfig::new);
            validatingDocNode.checkForUnusedAttributes();
            return new ValidationResult<>(new RestAuthcConfig(docNode, ImmutableList.of(asList), network, cacheConfig, asBoolean, asEnum), validationErrors);
        } catch (UnexpectedDocumentStructureException e) {
            return new ValidationResult<>(e.getValidationErrors());
        }
    }

    public static RestAuthcConfig empty(DocNode docNode) {
        return new RestAuthcConfig(docNode, ImmutableList.empty(), null, CacheConfig.DEFAULT, false, MetricsLevel.BASIC);
    }

    public Network getNetwork() {
        return this.network;
    }

    public ImmutableList<AuthenticationDomain<HttpAuthenticationFrontend>> getAuthenticators() {
        return this.authenticationDomains;
    }

    public boolean isDebugEnabled() {
        return this.debugEnabled;
    }

    public CacheConfig getUserCacheConfig() {
        return this.userCacheConfig;
    }

    public String toString() {
        return "RestAuthcConfig [authenticators=" + this.authenticationDomains + ", network=" + this.network + ", debugEnabled=" + this.debugEnabled + ", userCacheConfig=" + this.userCacheConfig + "]";
    }

    /* renamed from: parseI, reason: merged with bridge method [inline-methods] */
    public RestAuthcConfig m54parseI(DocNode docNode, Parser.Context context) throws ConfigValidationException {
        return (RestAuthcConfig) parse(docNode, (ConfigurationRepository.Context) context).get();
    }

    public Metadata<RestAuthcConfig> meta() {
        return META;
    }

    @Override // com.floragunn.searchguard.configuration.Destroyable
    public void destroy() {
        UnmodifiableIterator it = this.authenticationDomains.iterator();
        while (it.hasNext()) {
            AuthenticationDomain authenticationDomain = (AuthenticationDomain) it.next();
            if (authenticationDomain instanceof Destroyable) {
                ((Destroyable) authenticationDomain).destroy();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MetricsLevel getMetricsLevel() {
        return this.metricsLevel;
    }
}
