package com.floragunn.searchguard.authc.base;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Document;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidatingDocNode;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.codova.validation.errors.InvalidAttributeValue;
import com.floragunn.codova.validation.errors.ValidationError;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.fluent.collections.UnmodifiableIterator;
import com.floragunn.searchguard.NoSuchComponentException;
import com.floragunn.searchguard.TypedComponentRegistry;
import com.floragunn.searchguard.authc.AuthenticationBackend;
import com.floragunn.searchguard.authc.AuthenticationDebugLogger;
import com.floragunn.searchguard.authc.AuthenticationDomain;
import com.floragunn.searchguard.authc.AuthenticationFrontend;
import com.floragunn.searchguard.authc.AuthenticatorUnavailableException;
import com.floragunn.searchguard.authc.CredentialsException;
import com.floragunn.searchguard.authc.RequestMetaData;
import com.floragunn.searchguard.authc.UserInformationBackend;
import com.floragunn.searchguard.authc.base.AcceptanceRules;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.support.ConfigConstants;
import com.floragunn.searchguard.user.AuthCredentials;
import com.floragunn.searchguard.user.AuthDomainInfo;
import com.floragunn.searchguard.user.User;
import com.floragunn.searchsupport.cstate.ComponentState;
import com.floragunn.searchsupport.cstate.metrics.Meter;
import com.floragunn.searchsupport.cstate.metrics.MetricsLevel;
import com.floragunn.searchsupport.cstate.metrics.TimeAggregation;
import com.google.common.hash.Hashing;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/floragunn/searchguard/authc/base/StandardAuthenticationDomain.class */
public class StandardAuthenticationDomain<AuthenticatorType extends AuthenticationFrontend> implements AuthenticationDomain<AuthenticatorType>, Comparable<StandardAuthenticationDomain<AuthenticatorType>>, Document<StandardAuthenticationDomain<AuthenticatorType>>, AutoCloseable {
    private static final Logger log = LogManager.getLogger(StandardAuthenticationDomain.class);
    private final DocNode source;
    private final String type;
    private final String id;
    private final AuthenticationBackend authenticationBackend;
    private final AuthenticatorType authenticationFrontend;
    private final boolean enabled;
    private final AcceptanceRules acceptanceRules;
    private final UserMapping userMapping;
    private final String description;
    private final ImmutableList<UserInformationBackend> additionalUserInformationBackends;
    private final MetricsLevel metricsLevel;
    private final int order;
    private final TimeAggregation authenticationBackendMetrics = new TimeAggregation.Milliseconds();
    private final TimeAggregation userInformationBackendMetrics = new TimeAggregation.Milliseconds();
    private final TimeAggregation impersonationUserInformationBackendMetrics = new TimeAggregation.Milliseconds();
    private final String infoString = buildInfoString();
    private final ComponentState componentState = new ComponentState(0, "auth_domain", this.infoString);

    /* renamed from: com.floragunn.searchguard.authc.base.StandardAuthenticationDomain$1, reason: invalid class name */
    /* loaded from: input_file:com/floragunn/searchguard/authc/base/StandardAuthenticationDomain$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$floragunn$searchguard$authc$AuthenticationBackend$UserCachingPolicy = new int[AuthenticationBackend.UserCachingPolicy.values().length];

        static {
            try {
                $SwitchMap$com$floragunn$searchguard$authc$AuthenticationBackend$UserCachingPolicy[AuthenticationBackend.UserCachingPolicy.ALWAYS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$floragunn$searchguard$authc$AuthenticationBackend$UserCachingPolicy[AuthenticationBackend.UserCachingPolicy.ONLY_IF_AUTHZ_SEPARATE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$floragunn$searchguard$authc$AuthenticationBackend$UserCachingPolicy[AuthenticationBackend.UserCachingPolicy.NEVER.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public StandardAuthenticationDomain(DocNode docNode, String str, String str2, String str3, boolean z, int i, AcceptanceRules acceptanceRules, AuthenticatorType authenticatortype, AuthenticationBackend authenticationBackend, ImmutableList<UserInformationBackend> immutableList, UserMapping userMapping, MetricsLevel metricsLevel) {
        this.source = docNode;
        this.type = str;
        this.id = str2;
        this.description = str3;
        this.enabled = z;
        this.authenticationFrontend = authenticatortype;
        this.authenticationBackend = authenticationBackend;
        this.order = i;
        this.additionalUserInformationBackends = immutableList;
        this.userMapping = userMapping;
        this.acceptanceRules = acceptanceRules;
        this.metricsLevel = metricsLevel;
        if (authenticatortype != null) {
            this.componentState.addPart(authenticatortype.getComponentState());
        }
        if (authenticationBackend != null) {
            this.componentState.addPart(authenticationBackend.getComponentState());
        }
        this.componentState.updateStateFromParts();
        if (metricsLevel.basicEnabled()) {
            this.componentState.addMetrics("authentication_backend", this.authenticationBackendMetrics, "user_information_backend", this.userInformationBackendMetrics, "impersonation_backend", this.impersonationUserInformationBackendMetrics);
        }
    }

    public AuthenticationBackend getBackend() {
        return this.authenticationBackend;
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public AuthenticatorType getFrontend() {
        return this.authenticationFrontend;
    }

    public int getOrder() {
        return this.order;
    }

    @Override // java.lang.Comparable
    public int compareTo(StandardAuthenticationDomain<AuthenticatorType> standardAuthenticationDomain) {
        return Integer.compare(this.order, standardAuthenticationDomain.order);
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public String getId() {
        return this.id;
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public boolean accept(RequestMetaData<?> requestMetaData) {
        return this.acceptanceRules.accept(requestMetaData);
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public boolean accept(AuthCredentials authCredentials) {
        return this.acceptanceRules.accept(authCredentials);
    }

    public String toString() {
        return this.infoString;
    }

    private String buildInfoString() {
        StringBuilder sb = new StringBuilder(this.type);
        if (this.id != null) {
            sb.append("[").append(this.id).append("]");
        }
        return sb.toString();
    }

    public static <AuthenticatorType extends AuthenticationFrontend> StandardAuthenticationDomain<AuthenticatorType> parse(DocNode docNode, Class<AuthenticatorType> cls, ConfigurationRepository.Context context, MetricsLevel metricsLevel) throws ConfigValidationException {
        ValidationErrors validationErrors = new ValidationErrors();
        return parse(new ValidatingDocNode(docNode, validationErrors), validationErrors, cls, context, metricsLevel);
    }

    public static <AuthenticatorType extends AuthenticationFrontend> StandardAuthenticationDomain<AuthenticatorType> parse(ValidatingDocNode validatingDocNode, ValidationErrors validationErrors, Class<AuthenticatorType> cls, ConfigurationRepository.Context context, MetricsLevel metricsLevel) throws ConfigValidationException {
        String substring;
        String substring2;
        TypedComponentRegistry typedComponentRegistry = context.modulesRegistry().getTypedComponentRegistry();
        String str = null;
        String str2 = null;
        boolean z = true;
        int i = 0;
        AcceptanceRules acceptanceRules = null;
        UserMapping userMapping = null;
        String str3 = null;
        AuthenticationFrontend authenticationFrontend = null;
        AuthenticationBackend authenticationBackend = AuthenticationBackend.NOOP;
        ImmutableList<UserInformationBackend> empty = ImmutableList.empty();
        try {
            str = validatingDocNode.get("id").asString();
            str2 = validatingDocNode.get("description").asString();
            z = validatingDocNode.get("enabled").withDefault(true).asBoolean();
            i = validatingDocNode.get("order").withDefault(0).asInt();
            acceptanceRules = new AcceptanceRules((AcceptanceRules.Criteria) validatingDocNode.get("accept").by(AcceptanceRules.Criteria::parse), (AcceptanceRules.Criteria) validatingDocNode.get("skip").by(AcceptanceRules.Criteria::parse));
            userMapping = (UserMapping) validatingDocNode.get("user_mapping").by(UserMapping::parse);
            str3 = validatingDocNode.get(ConfigConstants.SEARCHGUARD_AUDIT_ES_TYPE).required().asString();
            if (str3 != null) {
                int indexOf = str3.indexOf(47);
                if (indexOf == -1) {
                    substring = str3;
                    substring2 = null;
                } else {
                    substring = str3.substring(0, indexOf);
                    substring2 = str3.substring(indexOf + 1);
                }
                try {
                    authenticationFrontend = (AuthenticationFrontend) typedComponentRegistry.create(cls, substring, validatingDocNode.getDocumentNode().getAsNode(substring), context);
                } catch (NoSuchComponentException e) {
                    validationErrors.add(new InvalidAttributeValue(ConfigConstants.SEARCHGUARD_AUDIT_ES_TYPE, str3, e.getAvailableTypesAsInfoString()).message("Unknown authentication frontend").cause(e));
                } catch (ConfigValidationException e2) {
                    validationErrors.add(substring, e2);
                }
                if (substring2 != null) {
                    try {
                        authenticationBackend = (AuthenticationBackend) typedComponentRegistry.create(AuthenticationBackend.class, substring2, validatingDocNode.getDocumentNode().getAsNode(substring2), context);
                    } catch (NoSuchComponentException e3) {
                        validationErrors.add(new InvalidAttributeValue(ConfigConstants.SEARCHGUARD_AUDIT_ES_TYPE, str3, e3.getAvailableTypesAsInfoString()).message("Unknown authentication backend").cause(e3));
                    } catch (ConfigValidationException e4) {
                        validationErrors.add(substring2, e4);
                    }
                }
            }
            if (str == null) {
                str = Hashing.sha256().hashString(validatingDocNode.getDocumentNode().toJsonString(), StandardCharsets.UTF_8).toString().substring(0, 8);
            }
            if (validatingDocNode.hasNonNull("additional_user_information")) {
                try {
                    empty = parseAdditionalUserInformationBackends(validatingDocNode.getDocumentNode().getAsListOfNodes("additional_user_information"), context);
                } catch (ConfigValidationException e5) {
                    validationErrors.add("additional_user_information", e5);
                }
            }
        } catch (Exception e6) {
            if (e6 instanceof ConfigValidationException) {
                throw e6;
            }
            validationErrors.add(new ValidationError((String) null, String.format("Failed to parse config due to exception: %s - %s", e6.getClass().getName(), e6.getMessage())).cause(e6));
        }
        validationErrors.throwExceptionForPresentErrors();
        return new StandardAuthenticationDomain<>(validatingDocNode.getDocumentNode(), str3, str, str2, z, i, acceptanceRules, authenticationFrontend, authenticationBackend, empty, userMapping, metricsLevel);
    }

    private static ImmutableList<UserInformationBackend> parseAdditionalUserInformationBackends(List<DocNode> list, ConfigurationRepository.Context context) throws ConfigValidationException {
        ValidationErrors validationErrors = new ValidationErrors();
        ImmutableList.Builder builder = new ImmutableList.Builder(list.size());
        for (int i = 0; i < list.size(); i++) {
            try {
                builder.with(parseAdditionalUserInformationBackend(list.get(i), context));
            } catch (ConfigValidationException e) {
                validationErrors.add(String.valueOf(i), e);
            }
        }
        validationErrors.throwExceptionForPresentErrors();
        return builder.build();
    }

    private static UserInformationBackend parseAdditionalUserInformationBackend(DocNode docNode, ConfigurationRepository.Context context) throws ConfigValidationException {
        ValidationErrors validationErrors = new ValidationErrors();
        String asString = ((ValidatingDocNode.Attribute) new ValidatingDocNode(docNode, validationErrors).get(ConfigConstants.SEARCHGUARD_AUDIT_ES_TYPE).required().expected(context.modulesRegistry().getTypedComponentRegistry().getAvailableSubTypesAsShortString(UserInformationBackend.class))).asString();
        validationErrors.throwExceptionForPresentErrors();
        try {
            return (UserInformationBackend) context.modulesRegistry().getTypedComponentRegistry().create(UserInformationBackend.class, asString, docNode.getAsNode(asString), context);
        } catch (ConfigValidationException e) {
            validationErrors.add(asString, e);
            throw new ConfigValidationException(validationErrors);
        } catch (NoSuchComponentException e2) {
            validationErrors.add(new InvalidAttributeValue(ConfigConstants.SEARCHGUARD_AUDIT_ES_TYPE, asString, e2.getAvailableTypes()).message("Unknown authentication backend").cause(e2));
            throw new ConfigValidationException(validationErrors);
        }
    }

    public UserMapping getUserMapping() {
        return this.userMapping;
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public boolean isEnabled() {
        return this.enabled;
    }

    public AuthenticationBackend.UserMapper getUserMapper() {
        return this.userMapping != null ? this.userMapping : AuthenticationBackend.UserMapper.DIRECT;
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public AuthenticationDomain.CredentialsMapper getCredentialsMapper() {
        return this.userMapping != null ? this.userMapping : AuthenticationDomain.CredentialsMapper.DIRECT;
    }

    public ImmutableList<UserInformationBackend> getAdditionalUserInformationBackends() {
        return this.additionalUserInformationBackends;
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public CompletableFuture<User> authenticate(AuthCredentials authCredentials, AuthenticationDebugLogger authenticationDebugLogger) throws AuthenticatorUnavailableException, CredentialsException {
        try {
            Meter basic = Meter.basic(this.metricsLevel, this.authenticationBackendMetrics);
            try {
                AuthCredentials authCredentials2 = this.authenticationBackend.authenticate(authCredentials, basic).get();
                if (basic != null) {
                    basic.close();
                }
                if (authCredentials2 == null) {
                    return CompletableFuture.completedFuture(null);
                }
                AuthCredentials with = authCredentials2.with(AuthDomainInfo.forAuthenticatorType(this.authenticationFrontend.getType()).authBackendType(this.authenticationBackend != null ? this.authenticationBackend.getType() : null));
                if (this.additionalUserInformationBackends.size() != 0) {
                    Meter basic2 = Meter.basic(this.metricsLevel, this.userInformationBackendMetrics);
                    try {
                        UnmodifiableIterator it = this.additionalUserInformationBackends.iterator();
                        while (it.hasNext()) {
                            UserInformationBackend userInformationBackend = (UserInformationBackend) it.next();
                            try {
                                Meter basic3 = basic2.basic(userInformationBackend.getType());
                                try {
                                    with = with.with(userInformationBackend.getUserInformation(with, basic3, authenticationDebugLogger).get());
                                    if (basic3 != null) {
                                        basic3.close();
                                    }
                                } finally {
                                }
                            } catch (InterruptedException e) {
                                throw new RuntimeException(e);
                            } catch (ExecutionException e2) {
                                if (e2.getCause() instanceof AuthenticatorUnavailableException) {
                                    throw ((AuthenticatorUnavailableException) e2.getCause());
                                }
                                if (e2.getCause() instanceof RuntimeException) {
                                    throw ((RuntimeException) e2.getCause());
                                }
                                throw new RuntimeException(e2.getCause());
                            }
                        }
                        if (basic2 != null) {
                            basic2.close();
                        }
                    } catch (Throwable th) {
                        if (basic2 != null) {
                            try {
                                basic2.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                }
                authenticationDebugLogger.success(getType(), "Backends successful", "user_mapping_attributes", with.getAttributesForUserMapping());
                return CompletableFuture.completedFuture(this.userMapping != null ? this.userMapping.map(with) : AuthenticationBackend.UserMapper.DIRECT.map(with));
            } finally {
            }
        } catch (InterruptedException e3) {
            throw new RuntimeException(e3);
        } catch (ExecutionException e4) {
            if (e4.getCause() instanceof AuthenticatorUnavailableException) {
                throw ((AuthenticatorUnavailableException) e4.getCause());
            }
            if (e4.getCause() instanceof CredentialsException) {
                throw ((CredentialsException) e4.getCause());
            }
            if (e4.getCause() instanceof RuntimeException) {
                throw ((RuntimeException) e4.getCause());
            }
            throw new RuntimeException(e4.getCause());
        }
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public CompletableFuture<User> impersonate(User user, AuthCredentials authCredentials) throws AuthenticatorUnavailableException, CredentialsException {
        if (!(this.authenticationBackend instanceof UserInformationBackend)) {
            return CompletableFuture.completedFuture(null);
        }
        UserInformationBackend userInformationBackend = (UserInformationBackend) this.authenticationBackend;
        try {
            Meter basic = Meter.basic(this.metricsLevel, this.impersonationUserInformationBackendMetrics);
            try {
                AuthCredentials authCredentials2 = userInformationBackend.getUserInformation(authCredentials, basic).get();
                if (basic != null) {
                    basic.close();
                }
                if (authCredentials2 == null) {
                    return CompletableFuture.completedFuture(null);
                }
                AuthCredentials build = authCredentials2.copy().authDomainInfo(AuthDomainInfo.from(user).addAuthBackend(this.authenticationBackend.getType() + "+impersonation")).build();
                if (this.additionalUserInformationBackends.size() != 0) {
                    Meter basic2 = Meter.basic(this.metricsLevel, this.userInformationBackendMetrics);
                    try {
                        UnmodifiableIterator it = this.additionalUserInformationBackends.iterator();
                        while (it.hasNext()) {
                            UserInformationBackend userInformationBackend2 = (UserInformationBackend) it.next();
                            try {
                                Meter basic3 = basic2.basic(userInformationBackend2.getType());
                                try {
                                    build = build.with(userInformationBackend2.getUserInformation(build, basic3).get());
                                    if (basic3 != null) {
                                        basic3.close();
                                    }
                                } finally {
                                }
                            } catch (InterruptedException e) {
                                throw new RuntimeException(e);
                            } catch (ExecutionException e2) {
                                if (e2.getCause() instanceof AuthenticatorUnavailableException) {
                                    throw ((AuthenticatorUnavailableException) e2.getCause());
                                }
                                if (e2.getCause() instanceof RuntimeException) {
                                    throw ((RuntimeException) e2.getCause());
                                }
                                throw new RuntimeException(e2.getCause());
                            }
                        }
                        if (basic2 != null) {
                            basic2.close();
                        }
                    } catch (Throwable th) {
                        if (basic2 != null) {
                            try {
                                basic2.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                }
                return CompletableFuture.completedFuture(this.userMapping != null ? this.userMapping.map(build) : AuthenticationBackend.UserMapper.DIRECT.map(build));
            } finally {
            }
        } catch (InterruptedException e3) {
            throw new RuntimeException(e3);
        } catch (ExecutionException e4) {
            if (e4.getCause() instanceof AuthenticatorUnavailableException) {
                throw ((AuthenticatorUnavailableException) e4.getCause());
            }
            if (e4.getCause() instanceof CredentialsException) {
                throw ((CredentialsException) e4.getCause());
            }
            if (e4.getCause() instanceof RuntimeException) {
                throw ((RuntimeException) e4.getCause());
            }
            throw new RuntimeException(e4.getCause());
        }
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public String getType() {
        return this.type;
    }

    public Object toBasicObject() {
        return this.source;
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationDomain
    public boolean cacheUser() {
        switch (AnonymousClass1.$SwitchMap$com$floragunn$searchguard$authc$AuthenticationBackend$UserCachingPolicy[this.authenticationBackend.userCachingPolicy().ordinal()]) {
            case ConfigConstants.SEARCHGUARD_AUDIT_SSL_VERIFY_HOSTNAMES_DEFAULT /* 1 */:
                return true;
            case 2:
                return !this.additionalUserInformationBackends.isEmpty();
            case 3:
            default:
                return false;
        }
    }

    public String getDescription() {
        return this.description;
    }

    public ComponentState getComponentState() {
        return this.componentState;
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        try {
            if (this.authenticationBackend instanceof AutoCloseable) {
                ((AutoCloseable) this.authenticationBackend).close();
            }
        } catch (Exception e) {
            log.error("Error while closing " + this.authenticationBackend, e);
        }
        try {
            if (this.authenticationFrontend instanceof AutoCloseable) {
                ((AutoCloseable) this.authenticationFrontend).close();
            }
        } catch (Exception e2) {
            log.error("Error while closing " + this.authenticationFrontend, e2);
        }
        if (this.additionalUserInformationBackends != null) {
            UnmodifiableIterator it = this.additionalUserInformationBackends.iterator();
            while (it.hasNext()) {
                UserInformationBackend userInformationBackend = (UserInformationBackend) it.next();
                try {
                    if (userInformationBackend instanceof AutoCloseable) {
                        ((AutoCloseable) userInformationBackend).close();
                    }
                } catch (Exception e3) {
                    log.error("Error while closing " + userInformationBackend, e3);
                }
            }
        }
    }
}
