package com.floragunn.searchguard.authz;

import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.searchguard.authc.AuthInfoService;
import com.floragunn.searchguard.authc.legacy.LegacySgConfig;
import com.floragunn.searchguard.authz.config.AuthorizationConfig;
import com.floragunn.searchguard.authz.config.RoleMapping;
import com.floragunn.searchguard.configuration.CType;
import com.floragunn.searchguard.configuration.ConfigMap;
import com.floragunn.searchguard.configuration.ConfigurationChangeListener;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.configuration.SgDynamicConfiguration;
import com.floragunn.searchguard.privileges.SpecialPrivilegesEvaluationContext;
import com.floragunn.searchguard.user.User;
import com.floragunn.searchsupport.StaticSettings;
import com.floragunn.searchsupport.cstate.ComponentState;
import com.floragunn.searchsupport.cstate.ComponentStateProvider;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.transport.TransportAddress;

/* loaded from: input_file:com/floragunn/searchguard/authz/AuthorizationService.class */
public class AuthorizationService implements ComponentStateProvider {
    public static final StaticSettings.Attribute<String> ROLES_MAPPING_RESOLUTION = StaticSettings.Attribute.define("searchguard.roles_mapping_resolution").withDefault(RoleMapping.ResolutionMode.MAPPING_ONLY.toString()).asString();
    public static final StaticSettings.AttributeSet STATIC_SETTINGS = StaticSettings.AttributeSet.of(new StaticSettings.Attribute[]{ROLES_MAPPING_RESOLUTION});
    private static final Logger log = LogManager.getLogger(AuthorizationService.class);
    private final AuthInfoService authInfoService;
    private final ComponentState componentState = new ComponentState(9, (String) null, "authorization_service");
    private volatile AuthorizationConfig authzConfig = AuthorizationConfig.DEFAULT;
    private volatile RoleMapping.InvertedIndex roleMapping;

    public AuthorizationService(ConfigurationRepository configurationRepository, final StaticSettings staticSettings, AuthInfoService authInfoService) {
        this.authInfoService = authInfoService;
        configurationRepository.subscribeOnChange(new ConfigurationChangeListener() { // from class: com.floragunn.searchguard.authz.AuthorizationService.1
            @Override // com.floragunn.searchguard.configuration.ConfigurationChangeListener
            public void onChange(ConfigMap configMap) {
                SgDynamicConfiguration sgDynamicConfiguration = configMap.get(CType.AUTHZ);
                SgDynamicConfiguration sgDynamicConfiguration2 = configMap.get(CType.CONFIG);
                AuthorizationConfig authorizationConfig = AuthorizationConfig.DEFAULT;
                if (sgDynamicConfiguration != null && sgDynamicConfiguration.getCEntry("default") != null) {
                    AuthorizationService authorizationService = AuthorizationService.this;
                    AuthorizationConfig authorizationConfig2 = (AuthorizationConfig) sgDynamicConfiguration.getCEntry("default");
                    authorizationConfig = authorizationConfig2;
                    authorizationService.authzConfig = authorizationConfig2;
                    AuthorizationService.log.info("Updated authz config:\n" + String.valueOf(sgDynamicConfiguration));
                    if (AuthorizationService.log.isDebugEnabled()) {
                        AuthorizationService.log.debug(authorizationConfig);
                    }
                } else if (sgDynamicConfiguration2 != null && sgDynamicConfiguration2.getCEntry("sg_config") != null) {
                    try {
                        LegacySgConfig legacySgConfig = (LegacySgConfig) sgDynamicConfiguration2.getCEntry("sg_config");
                        AuthorizationService authorizationService2 = AuthorizationService.this;
                        AuthorizationConfig parseLegacySgConfig = AuthorizationConfig.parseLegacySgConfig(legacySgConfig.getSource(), null, staticSettings);
                        authorizationConfig = parseLegacySgConfig;
                        authorizationService2.authzConfig = parseLegacySgConfig;
                        AuthorizationService.log.info("Updated authz config (legacy):\n" + String.valueOf(sgDynamicConfiguration2));
                        if (AuthorizationService.log.isDebugEnabled()) {
                            AuthorizationService.log.debug(authorizationConfig);
                        }
                    } catch (ConfigValidationException e) {
                        AuthorizationService.log.error("Error while parsing sg_config:\n" + String.valueOf(e));
                    }
                }
                AuthorizationService.this.roleMapping = new RoleMapping.InvertedIndex(configMap.get(CType.ROLESMAPPING), authorizationConfig.getMetricsLevel());
                AuthorizationService.this.componentState.setConfigVersion(configMap.getVersionsAsString());
                AuthorizationService.this.componentState.replacePart(AuthorizationService.this.roleMapping.getComponentState());
                AuthorizationService.this.componentState.updateStateFromParts();
            }
        });
    }

    public boolean isInitialized() {
        return this.roleMapping != null;
    }

    public ImmutableSet<String> getMappedRoles(User user, SpecialPrivilegesEvaluationContext specialPrivilegesEvaluationContext) {
        return this.roleMapping == null ? ImmutableSet.empty() : specialPrivilegesEvaluationContext == null ? getMappedRoles(user, this.authInfoService.getCurrentRemoteAddress()) : specialPrivilegesEvaluationContext.getMappedRoles();
    }

    public ImmutableSet<String> getMappedRoles(User user, TransportAddress transportAddress) {
        if (this.roleMapping == null) {
            throw new RuntimeException("SearchGuard is not yet initialized");
        }
        return this.roleMapping.evaluate(user, transportAddress, this.authzConfig.getRoleMappingResolution());
    }

    public ComponentState getComponentState() {
        return this.componentState;
    }

    public RoleMapping.InvertedIndex getRoleMapping() {
        return this.roleMapping;
    }
}
