package com.floragunn.searchguard.authz.config;

import com.floragunn.codova.config.text.Pattern;
import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Parser;
import com.floragunn.codova.documents.UnexpectedDocumentStructureException;
import com.floragunn.codova.documents.patch.PatchableDocument;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidatingDocNode;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.codova.validation.ValidationResult;
import com.floragunn.searchguard.authz.AuthorizationService;
import com.floragunn.searchguard.authz.config.RoleMapping;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchsupport.StaticSettings;
import com.floragunn.searchsupport.cstate.metrics.MetricsLevel;

/* loaded from: input_file:com/floragunn/searchguard/authz/config/AuthorizationConfig.class */
public class AuthorizationConfig implements PatchableDocument<AuthorizationConfig> {
    static final Pattern DEFAULT_IGNORE_UNAUTHORIZED_INDICES_ACTIONS = Pattern.createUnchecked("indices:data/read/*", "indices:admin/mappings/fields/get", new String[]{"indices:admin/shards/search_shards", "indices:admin/search/search_shards", "indices:admin/resolve/index", "indices:admin/delete", "indices:admin/mapping/put", "indices:admin/settings/update", "indices:monitor/settings/get", "indices:monitor/stats", "indices:admin/upgrade", "indices:admin/refresh", "indices:admin/synced_flush", "indices:admin/aliases/get", "indices:admin/data_stream/get", "indices:admin/get"});
    static final Pattern DEFAULT_IGNORE_UNAUTHORIZED_INDICES_ACTIONS_ALLOWING_EMPTY_RESULT = Pattern.createUnchecked("indices:data/read/*", "indices:admin/mappings/fields/get", new String[]{"indices:admin/shards/search_shards", "indices:admin/search/search_shards", "indices:admin/resolve/index", "indices:monitor/settings/get", "indices:monitor/stats", "indices:admin/refresh", "indices:admin/synced_flush", "indices:admin/aliases/get", "indices:admin/data_stream/get", "indices:admin/get"});
    public static final AuthorizationConfig DEFAULT = new AuthorizationConfig(DocNode.EMPTY, true, DEFAULT_IGNORE_UNAUTHORIZED_INDICES_ACTIONS, DEFAULT_IGNORE_UNAUTHORIZED_INDICES_ACTIONS_ALLOWING_EMPTY_RESULT, null, RoleMapping.ResolutionMode.MAPPING_ONLY, false, MetricsLevel.BASIC);
    private final DocNode source;
    private final boolean ignoreUnauthorizedIndices;
    private final Pattern ignoreUnauthorizedIndicesActions;
    private final Pattern ignoreUnauthorizedIndicesActionsAllowingEmptyResult;
    private final String fieldAnonymizationSalt;
    private final boolean debugEnabled;
    private final MetricsLevel metricsLevel;
    private final RoleMapping.ResolutionMode roleMappingResolution;

    AuthorizationConfig(DocNode docNode, boolean z, Pattern pattern, Pattern pattern2, String str, RoleMapping.ResolutionMode resolutionMode, boolean z2, MetricsLevel metricsLevel) {
        this.source = docNode;
        this.ignoreUnauthorizedIndices = z;
        this.ignoreUnauthorizedIndicesActions = pattern;
        this.ignoreUnauthorizedIndicesActionsAllowingEmptyResult = pattern2;
        this.fieldAnonymizationSalt = str;
        this.roleMappingResolution = resolutionMode;
        this.debugEnabled = z2;
        this.metricsLevel = metricsLevel;
    }

    public static ValidationResult<AuthorizationConfig> parse(DocNode docNode, Parser.Context context) {
        ValidationErrors validationErrors = new ValidationErrors();
        try {
            ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode.splitDottedAttributeNamesToTree(), validationErrors);
            return !validationErrors.hasErrors() ? new ValidationResult<>(new AuthorizationConfig(docNode, validatingDocNode.get("ignore_unauthorized_indices.enabled").withDefault(true).asBoolean(), (Pattern) validatingDocNode.get("ignore_unauthorized_indices.affected_actions").withDefault(DEFAULT_IGNORE_UNAUTHORIZED_INDICES_ACTIONS).by(Pattern::parse), (Pattern) validatingDocNode.get("ignore_unauthorized_indices.empty_result_allowed_for_actions").withDefault(DEFAULT_IGNORE_UNAUTHORIZED_INDICES_ACTIONS_ALLOWING_EMPTY_RESULT).by(Pattern::parse), validatingDocNode.get("field_anonymization.salt").asString(), (RoleMapping.ResolutionMode) validatingDocNode.get("role_mapping.resolution_mode").withDefault(RoleMapping.ResolutionMode.MAPPING_ONLY).asEnum(RoleMapping.ResolutionMode.class), validatingDocNode.get("debug").withDefault(false).asBoolean(), validatingDocNode.get("metrics").withDefault(MetricsLevel.BASIC).asEnum(MetricsLevel.class))) : new ValidationResult<>(validationErrors);
        } catch (UnexpectedDocumentStructureException e) {
            return new ValidationResult<>(e.getValidationErrors());
        }
    }

    public static AuthorizationConfig parseLegacySgConfig(DocNode docNode, Parser.Context context, StaticSettings staticSettings) throws ConfigValidationException {
        ValidationErrors validationErrors = new ValidationErrors();
        String asString = new ValidatingDocNode(docNode.splitDottedAttributeNamesToTree(), validationErrors).get("dynamic.field_anonymization_salt2").asString();
        validationErrors.throwExceptionForPresentErrors();
        return new AuthorizationConfig(docNode, true, DEFAULT_IGNORE_UNAUTHORIZED_INDICES_ACTIONS, DEFAULT_IGNORE_UNAUTHORIZED_INDICES_ACTIONS_ALLOWING_EMPTY_RESULT, asString, getRolesMappingResolution(staticSettings), false, MetricsLevel.BASIC);
    }

    public boolean isIgnoreUnauthorizedIndices() {
        return this.ignoreUnauthorizedIndices;
    }

    public Object toBasicObject() {
        return this.source;
    }

    public String toString() {
        return toJsonString();
    }

    public String getFieldAnonymizationSalt() {
        return this.fieldAnonymizationSalt;
    }

    public boolean isDebugEnabled() {
        return this.debugEnabled;
    }

    /* renamed from: parseI, reason: merged with bridge method [inline-methods] */
    public AuthorizationConfig m115parseI(DocNode docNode, Parser.Context context) throws ConfigValidationException {
        return (AuthorizationConfig) parse(docNode, (ConfigurationRepository.Context) context).get();
    }

    public MetricsLevel getMetricsLevel() {
        return this.metricsLevel;
    }

    public Pattern getIgnoreUnauthorizedIndicesActions() {
        return this.ignoreUnauthorizedIndicesActions;
    }

    public Pattern getIgnoreUnauthorizedIndicesActionsAllowingEmptyResult() {
        return this.ignoreUnauthorizedIndicesActionsAllowingEmptyResult;
    }

    private static RoleMapping.ResolutionMode getRolesMappingResolution(StaticSettings staticSettings) {
        try {
            return RoleMapping.ResolutionMode.valueOf(((String) staticSettings.get(AuthorizationService.ROLES_MAPPING_RESOLUTION)).toUpperCase());
        } catch (Exception e) {
            return RoleMapping.ResolutionMode.MAPPING_ONLY;
        }
    }

    public RoleMapping.ResolutionMode getRoleMappingResolution() {
        return this.roleMappingResolution;
    }
}
