package com.floragunn.searchguard.authz;

import com.floragunn.fluent.collections.CheckTable;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.fluent.collections.UnmodifiableIterator;
import com.floragunn.searchguard.authz.actions.Action;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.support.ActionFilter;
import org.elasticsearch.rest.RestStatus;

/* loaded from: input_file:com/floragunn/searchguard/authz/PrivilegesEvaluationResult.class */
public class PrivilegesEvaluationResult {
    public static final PrivilegesEvaluationResult OK = new PrivilegesEvaluationResult(Status.OK);
    public static final PrivilegesEvaluationResult PARTIALLY_OK = new PrivilegesEvaluationResult(Status.PARTIALLY_OK);
    public static final PrivilegesEvaluationResult EMPTY = new PrivilegesEvaluationResult(Status.EMPTY);
    public static final PrivilegesEvaluationResult INSUFFICIENT = new PrivilegesEvaluationResult(Status.INSUFFICIENT);
    public static final PrivilegesEvaluationResult PENDING = new PrivilegesEvaluationResult(Status.PENDING);
    private final Status status;
    private final CheckTable<String, Action> indexToActionPrivilegeTable;
    private final ImmutableList<Error> errors;
    private final ImmutableSet<String> availableIndices;
    private final String reason;
    private final ImmutableList<ActionFilter> additionalActionFilters;

    /* loaded from: input_file:com/floragunn/searchguard/authz/PrivilegesEvaluationResult$Error.class */
    public static class Error {
        private final String message;
        private final Throwable cause;
        private final String role;
        private final Throwable rootCause;

        public Error(String str, Throwable th) {
            this.message = str;
            this.cause = th;
            this.role = null;
            this.rootCause = getRootCause(th);
        }

        public Error(String str, Throwable th, String str2) {
            this.message = str;
            this.cause = th;
            this.role = str2;
            this.rootCause = getRootCause(th);
        }

        public String getMessage() {
            return this.message;
        }

        public Throwable getCause() {
            return this.cause;
        }

        public String toString() {
            return this.rootCause != null ? this.message + " [" + this.rootCause + "]" : this.message;
        }

        public int hashCode() {
            return (31 * 1) + (this.message == null ? 0 : this.message.hashCode());
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof Error)) {
                return false;
            }
            Error error = (Error) obj;
            return this.message == null ? error.message == null : this.message.equals(error.message);
        }

        public String getRole() {
            return this.role;
        }

        private static Throwable getRootCause(Throwable th) {
            if (th == null) {
                return null;
            }
            for (int i = 0; th.getCause() != null && th.getCause() != th && i < 10; i++) {
                th = th.getCause();
            }
            return th;
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/authz/PrivilegesEvaluationResult$Status.class */
    public enum Status {
        OK,
        PARTIALLY_OK,
        EMPTY,
        INSUFFICIENT,
        PENDING
    }

    PrivilegesEvaluationResult(Status status) {
        this.status = status;
        this.indexToActionPrivilegeTable = null;
        this.errors = ImmutableList.empty();
        this.reason = null;
        this.availableIndices = null;
        this.additionalActionFilters = ImmutableList.empty();
    }

    PrivilegesEvaluationResult(Status status, String str, ImmutableSet<String> immutableSet, CheckTable<String, Action> checkTable, ImmutableList<Error> immutableList, ImmutableList<ActionFilter> immutableList2) {
        this.status = status;
        this.indexToActionPrivilegeTable = checkTable;
        this.errors = immutableList;
        this.reason = str;
        this.availableIndices = immutableSet;
        this.additionalActionFilters = immutableList2;
    }

    public PrivilegesEvaluationResult reason(String str) {
        return new PrivilegesEvaluationResult(this.status, str, this.availableIndices, this.indexToActionPrivilegeTable, this.errors, this.additionalActionFilters);
    }

    public PrivilegesEvaluationResult reason(String str, ImmutableList<Error> immutableList) {
        return new PrivilegesEvaluationResult(this.status, str, this.availableIndices, this.indexToActionPrivilegeTable, immutableList, this.additionalActionFilters);
    }

    public PrivilegesEvaluationResult reason(String str, Error error) {
        return new PrivilegesEvaluationResult(this.status, str, this.availableIndices, this.indexToActionPrivilegeTable, ImmutableList.of(this.errors), this.additionalActionFilters);
    }

    public PrivilegesEvaluationResult with(CheckTable<String, Action> checkTable) {
        return new PrivilegesEvaluationResult(this.status, this.reason, this.availableIndices, checkTable, this.errors, this.additionalActionFilters);
    }

    public PrivilegesEvaluationResult with(CheckTable<String, Action> checkTable, ImmutableList<Error> immutableList) {
        return new PrivilegesEvaluationResult(this.status, this.reason, this.availableIndices, checkTable, immutableList, this.additionalActionFilters);
    }

    public PrivilegesEvaluationResult with(String str, CheckTable<String, Action> checkTable, ImmutableList<Error> immutableList) {
        return new PrivilegesEvaluationResult(this.status, str, this.availableIndices, checkTable, immutableList, this.additionalActionFilters);
    }

    public PrivilegesEvaluationResult with(ImmutableList<Error> immutableList) {
        return immutableList.size() != 0 ? new PrivilegesEvaluationResult(this.status, this.reason, this.availableIndices, this.indexToActionPrivilegeTable, immutableList, this.additionalActionFilters) : this;
    }

    public PrivilegesEvaluationResult with(ActionFilter actionFilter) {
        return actionFilter != null ? new PrivilegesEvaluationResult(this.status, this.reason, this.availableIndices, this.indexToActionPrivilegeTable, this.errors, this.additionalActionFilters.with(actionFilter)) : this;
    }

    public PrivilegesEvaluationResult availableIndices(ImmutableSet<String> immutableSet, CheckTable<String, Action> checkTable, ImmutableList<Error> immutableList) {
        return new PrivilegesEvaluationResult(this.status, this.reason, immutableSet, checkTable, immutableList, this.additionalActionFilters);
    }

    public PrivilegesEvaluationResult availableIndices(ImmutableSet<String> immutableSet, CheckTable<String, Action> checkTable) {
        return new PrivilegesEvaluationResult(this.status, this.reason, immutableSet, checkTable, this.errors, this.additionalActionFilters);
    }

    public PrivilegesEvaluationResult missingPrivileges(Action action) {
        return new PrivilegesEvaluationResult(this.status, this.reason, this.availableIndices, CheckTable.create("_", ImmutableSet.of(action)), this.errors, this.additionalActionFilters);
    }

    public PrivilegesEvaluationResult status(Status status) {
        return new PrivilegesEvaluationResult(status, this.reason, this.availableIndices, this.indexToActionPrivilegeTable, this.errors, this.additionalActionFilters);
    }

    public CheckTable<String, Action> getIndexToActionPrivilegeTable() {
        return this.indexToActionPrivilegeTable;
    }

    public ImmutableList<Error> getErrors() {
        return this.errors;
    }

    public Throwable getFirstThrowable() {
        if (this.errors.isEmpty()) {
            return null;
        }
        UnmodifiableIterator it = this.errors.iterator();
        while (it.hasNext()) {
            Error error = (Error) it.next();
            if (error.cause != null) {
                return error.cause;
            }
        }
        return null;
    }

    public boolean hasErrors() {
        return !this.errors.isEmpty();
    }

    public Status getStatus() {
        return this.status;
    }

    public boolean isOk() {
        return this.status == Status.OK;
    }

    public boolean isPending() {
        return this.status == Status.PENDING;
    }

    public ImmutableSet<String> getAvailableIndices() {
        return this.availableIndices;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder("");
        sb.append("Status: ").append(this.status).append("\n");
        if (this.reason != null) {
            sb.append("Reason: ").append(this.reason).append("\n");
        }
        if (this.indexToActionPrivilegeTable != null) {
            String checkTable = this.indexToActionPrivilegeTable.toString("ok", "MISSING");
            if (checkTable.length() > 30 || checkTable.contains("\n")) {
                sb.append("Evaluated Privileges:\n").append(checkTable).append("\n");
            } else {
                sb.append("Evaluated Privileges: ").append(checkTable).append("\n");
            }
        }
        if (this.errors.size() == 1) {
            sb.append("Errors: ").append(this.errors.only());
        } else if (this.errors.size() > 1) {
            sb.append("Errors:\n").append(this.errors.stream().map(error -> {
                return " - " + error + "\n";
            }).collect(Collectors.toList())).append("\n");
        }
        return sb.toString();
    }

    public ImmutableList<ActionFilter> getAdditionalActionFilters() {
        return this.additionalActionFilters;
    }

    public boolean hasAdditionalActionFilters() {
        return this.additionalActionFilters != null && this.additionalActionFilters.size() > 0;
    }

    public Exception toSecurityException(PrivilegesEvaluationContext privilegesEvaluationContext) {
        ElasticsearchSecurityException elasticsearchSecurityException = new ElasticsearchSecurityException("Insufficient permissions", RestStatus.FORBIDDEN, new Object[0]);
        if (this.indexToActionPrivilegeTable != null) {
            if (isRelatedToIndexPermission()) {
                elasticsearchSecurityException.addMetadata("es.missing_permissions", getFlattenedIndexToActionPrivilegeTable());
            } else {
                elasticsearchSecurityException.addMetadata("es.missing_permissions", (List) this.indexToActionPrivilegeTable.getColumns().stream().map(action -> {
                    return action.name();
                }).collect(Collectors.toList()));
            }
        }
        if (privilegesEvaluationContext.isDebugEnabled()) {
            if (this.reason != null) {
                elasticsearchSecurityException.addMetadata("es.reason_detail", new String[]{this.reason});
            }
            elasticsearchSecurityException.addMetadata("es.user", new String[]{String.valueOf(privilegesEvaluationContext.getUser())});
            if (privilegesEvaluationContext.getMappedRoles() != null) {
                elasticsearchSecurityException.addMetadata("es.effective_roles", (List) privilegesEvaluationContext.getMappedRoles().stream().collect(Collectors.toList()));
            }
            elasticsearchSecurityException.addMetadata("es.user_attributes", (List) privilegesEvaluationContext.getUser().getStructuredAttributes().keySet().stream().collect(Collectors.toList()));
            if (this.errors != null && !this.errors.isEmpty()) {
                elasticsearchSecurityException.addMetadata("es.errors", (List) this.errors.stream().map(error -> {
                    return error.toString();
                }).collect(Collectors.toList()));
            }
        }
        return elasticsearchSecurityException;
    }

    private boolean isRelatedToIndexPermission() {
        return this.indexToActionPrivilegeTable != null && ((Action) this.indexToActionPrivilegeTable.getColumns().any()).isIndexPrivilege();
    }

    private List<String> getFlattenedIndexToActionPrivilegeTable() {
        ArrayList arrayList = new ArrayList();
        UnmodifiableIterator it = this.indexToActionPrivilegeTable.getRows().iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            UnmodifiableIterator it2 = this.indexToActionPrivilegeTable.getColumns().iterator();
            while (it2.hasNext()) {
                Action action = (Action) it2.next();
                if (!this.indexToActionPrivilegeTable.isChecked(str, action)) {
                    arrayList.add(str + ": " + action);
                }
            }
        }
        return arrayList;
    }
}
