package com.floragunn.searchguard.authc.legacy;

import com.floragunn.codova.config.text.Pattern;
import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidatingDocNode;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.codova.validation.errors.InvalidAttributeValue;
import com.floragunn.codova.validation.errors.ValidationError;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.fluent.collections.UnmodifiableIterator;
import com.floragunn.searchguard.NoSuchComponentException;
import com.floragunn.searchguard.TypedComponentRegistry;
import com.floragunn.searchguard.authc.AuthenticationBackend;
import com.floragunn.searchguard.authc.AuthenticationDebugLogger;
import com.floragunn.searchguard.authc.AuthenticationDomain;
import com.floragunn.searchguard.authc.AuthenticationFrontend;
import com.floragunn.searchguard.authc.AuthenticatorUnavailableException;
import com.floragunn.searchguard.authc.CredentialsException;
import com.floragunn.searchguard.authc.RequestMetaData;
import com.floragunn.searchguard.authc.rest.HttpAuthenticationFrontend;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.support.ConfigConstants;
import com.floragunn.searchguard.support.IPAddressCollection;
import com.floragunn.searchguard.user.AuthCredentials;
import com.floragunn.searchguard.user.User;
import com.floragunn.searchsupport.cstate.ComponentState;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ElasticsearchSecurityException;

/* loaded from: input_file:com/floragunn/searchguard/authc/legacy/LegacyAuthenticationDomain.class */
public class LegacyAuthenticationDomain<AuthenticatorType extends AuthenticationFrontend> implements AuthenticationDomain<AuthenticatorType> {
    private static final Logger log = LogManager.getLogger(LegacyAuthenticationDomain.class);
    private final String id;
    private final LegacyAuthenticationBackend backend;
    private final AuthenticatorType authenticator;
    private final ImmutableList<LegacyAuthorizationBackend> authorizationBackends;
    private final int order;
    private final boolean challenge;
    private final Pattern skippedUsers;
    private final IPAddressCollection enabledOnlyForIps;
    private final String infoString = buildInfoString();
    private final ComponentState componentState;

    /* renamed from: com.floragunn.searchguard.authc.legacy.LegacyAuthenticationDomain$1, reason: invalid class name */
    /* loaded from: input_file:com/floragunn/searchguard/authc/legacy/LegacyAuthenticationDomain$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$floragunn$searchguard$authc$AuthenticationBackend$UserCachingPolicy = new int[AuthenticationBackend.UserCachingPolicy.values().length];

        static {
            try {
                $SwitchMap$com$floragunn$searchguard$authc$AuthenticationBackend$UserCachingPolicy[AuthenticationBackend.UserCachingPolicy.ALWAYS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$floragunn$searchguard$authc$AuthenticationBackend$UserCachingPolicy[AuthenticationBackend.UserCachingPolicy.ONLY_IF_AUTHZ_SEPARATE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$floragunn$searchguard$authc$AuthenticationBackend$UserCachingPolicy[AuthenticationBackend.UserCachingPolicy.NEVER.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public LegacyAuthenticationDomain(String str, LegacyAuthenticationBackend legacyAuthenticationBackend, AuthenticatorType authenticatortype, boolean z, int i, Pattern pattern, IPAddressCollection iPAddressCollection, ImmutableList<LegacyAuthorizationBackend> immutableList) {
        this.id = str;
        this.backend = legacyAuthenticationBackend;
        this.authenticator = authenticatortype;
        this.order = i;
        this.challenge = z;
        this.skippedUsers = pattern;
        this.enabledOnlyForIps = iPAddressCollection;
        this.authorizationBackends = immutableList;
        this.componentState = new ComponentState(0, "legacy_auth_domain", str);
        if (authenticatortype != null) {
            this.componentState.addPart(authenticatortype.getComponentState());
        }
        this.componentState.updateStateFromParts();
    }

    public boolean isChallenge() {
        return this.challenge;
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public AuthenticatorType getFrontend() {
        return this.authenticator;
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public boolean accept(RequestMetaData<?> requestMetaData) {
        return this.enabledOnlyForIps == null || this.enabledOnlyForIps.contains(requestMetaData.getOriginatingIpAddress());
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public boolean accept(AuthCredentials authCredentials) {
        return this.skippedUsers == null || !this.skippedUsers.matches(authCredentials.getName());
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public boolean isEnabled() {
        return true;
    }

    public int getOrder() {
        return this.order;
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public String getId() {
        return this.id;
    }

    public String toString() {
        return this.infoString;
    }

    private String buildInfoString() {
        StringBuilder sb = new StringBuilder();
        if (this.authenticator != null) {
            sb.append(this.authenticator.getType());
        }
        if (this.backend != null) {
            sb.append("/").append(this.backend.getType());
        }
        if (this.id != null) {
            sb.append("[").append(this.id).append("]");
        }
        return sb.toString();
    }

    public static Optional<AuthenticationDomain<HttpAuthenticationFrontend>> parseHttpDomain(String str, DocNode docNode, ConfigurationRepository.Context context, ImmutableList<LegacyAuthorizationBackend> immutableList) throws ConfigValidationException {
        TypedComponentRegistry typedComponentRegistry = context.modulesRegistry().getTypedComponentRegistry();
        ValidationErrors validationErrors = new ValidationErrors();
        ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors);
        if (!validatingDocNode.get("http_enabled").withDefault(false).asBoolean()) {
            return Optional.empty();
        }
        IPAddressCollection iPAddressCollection = (IPAddressCollection) validatingDocNode.get("enabled_only_for_ips").by(IPAddressCollection::parse);
        Pattern pattern = (Pattern) validatingDocNode.get("skip_users").by(Pattern::parse);
        String asString = validatingDocNode.get("http_authenticator.type").asString();
        int asInt = validatingDocNode.get("order").withDefault(0).asInt();
        boolean asBoolean = validatingDocNode.get("challenge").withDefault(true).asBoolean();
        if (asString == null) {
            return Optional.empty();
        }
        String asString2 = validatingDocNode.get("authentication_backend.type").withDefault("internal").asString();
        HttpAuthenticationFrontend httpAuthenticationFrontend = null;
        LegacyAuthenticationBackend legacyAuthenticationBackend = null;
        try {
            httpAuthenticationFrontend = (HttpAuthenticationFrontend) typedComponentRegistry.create(LegacyHTTPAuthenticator.class, asString, docNode.getAsNode("http_authenticator", new String[]{"config"}), context);
        } catch (NoSuchComponentException e) {
            validationErrors.add(new InvalidAttributeValue("http_authenticator.type", asString, e.getAvailableTypesAsInfoString()).message("Unknown HTTP authenticator").cause(e));
        } catch (Exception e2) {
            log.error("Unexpected exception while creating authenticator " + asString, e2);
            validationErrors.add(new ValidationError("http_authenticator", e2.getMessage()).cause(e2));
        } catch (ConfigValidationException e3) {
            validationErrors.add("http_authenticator.config", e3);
        }
        if (httpAuthenticationFrontend == null) {
            throw new NoSuchComponentException(asString);
        }
        try {
            if ("intern".equals(asString2)) {
                asString2 = "internal";
            }
            legacyAuthenticationBackend = (LegacyAuthenticationBackend) typedComponentRegistry.create(LegacyAuthenticationBackend.class, asString2, docNode.getAsNode("authentication_backend", new String[]{"config"}), context);
        } catch (ConfigValidationException e4) {
            validationErrors.add("authentication_backend.config", e4);
        } catch (NoSuchComponentException e5) {
            validationErrors.add(new InvalidAttributeValue(ConfigConstants.SEARCHGUARD_AUDIT_ES_TYPE, asString2, e5.getAvailableTypesAsInfoString()).message("Unknown authentication backend").cause(e5));
        } catch (Exception e6) {
            log.error("Unexpected exception while creating authentication backend " + asString2, e6);
            validationErrors.add(new ValidationError("authentication_backend", e6.getMessage()).cause(e6));
        }
        if (legacyAuthenticationBackend == null) {
            throw new NoSuchComponentException(asString2);
        }
        validationErrors.throwExceptionForPresentErrors();
        return Optional.of(new LegacyAuthenticationDomain(str, legacyAuthenticationBackend, httpAuthenticationFrontend, asBoolean, asInt, pattern, iPAddressCollection, immutableList));
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public CompletableFuture<User> authenticate(AuthCredentials authCredentials, AuthenticationDebugLogger authenticationDebugLogger) throws AuthenticatorUnavailableException, CredentialsException {
        User authenticate = this.backend.authenticate(authCredentials);
        if (authenticate == null) {
            return CompletableFuture.completedFuture(null);
        }
        UnmodifiableIterator it = this.authorizationBackends.iterator();
        while (it.hasNext()) {
            LegacyAuthorizationBackend legacyAuthorizationBackend = (LegacyAuthorizationBackend) it.next();
            try {
                legacyAuthorizationBackend.fillRoles(authenticate, authCredentials);
            } catch (ElasticsearchSecurityException e) {
                if (log.isDebugEnabled()) {
                    log.debug("Authz backend " + legacyAuthorizationBackend + " did not find roles for " + authCredentials, e);
                }
            } catch (Exception e2) {
                log.warn("Error while retrieving roles for " + authCredentials + " from " + legacyAuthorizationBackend, e2);
            }
        }
        return CompletableFuture.completedFuture(authenticate);
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public CompletableFuture<User> impersonate(User user, AuthCredentials authCredentials) throws AuthenticatorUnavailableException, CredentialsException {
        User map = AuthenticationBackend.UserMapper.DIRECT.map(authCredentials);
        if (!this.backend.exists(map)) {
            return CompletableFuture.completedFuture(null);
        }
        UnmodifiableIterator it = this.authorizationBackends.iterator();
        while (it.hasNext()) {
            LegacyAuthorizationBackend legacyAuthorizationBackend = (LegacyAuthorizationBackend) it.next();
            try {
                legacyAuthorizationBackend.fillRoles(map, authCredentials);
            } catch (Exception e) {
                log.warn("Error while retrieving roles for " + authCredentials + " from " + legacyAuthorizationBackend, e);
            } catch (ElasticsearchSecurityException e2) {
                if (log.isDebugEnabled()) {
                    log.debug("Authz backend " + legacyAuthorizationBackend + " did not find roles for " + authCredentials, e2);
                }
            }
        }
        return CompletableFuture.completedFuture(map);
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public String getType() {
        return toString();
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public boolean cacheUser() {
        switch (AnonymousClass1.$SwitchMap$com$floragunn$searchguard$authc$AuthenticationBackend$UserCachingPolicy[this.backend.userCachingPolicy().ordinal()]) {
            case ConfigConstants.SEARCHGUARD_AUDIT_SSL_VERIFY_HOSTNAMES_DEFAULT /* 1 */:
                return true;
            case 2:
                return !this.authorizationBackends.isEmpty();
            case 3:
            default:
                return false;
        }
    }

    public ComponentState getComponentState() {
        return this.componentState;
    }
}
