package com.floragunn.searchguard.authtoken;

import com.floragunn.searchguard.resolver.IndexResolverReplacer;
import com.floragunn.searchguard.sgconf.ConfigModel;
import com.floragunn.searchguard.sgconf.ConfigModelV7;
import com.floragunn.searchguard.sgconf.SgRoles;
import com.floragunn.searchguard.user.User;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder;

/* loaded from: input_file:com/floragunn/searchguard/authtoken/RestrictedSgRoles.class */
public class RestrictedSgRoles extends SgRoles {
    private final SgRoles base;
    private final SgRoles restrictionSgRoles;
    private final RequestedPrivileges restriction;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RestrictedSgRoles(SgRoles sgRoles, RequestedPrivileges requestedPrivileges, ConfigModel.ActionGroupResolver actionGroupResolver) {
        this.base = sgRoles;
        this.restriction = requestedPrivileges;
        this.restrictionSgRoles = ConfigModelV7.SgRoles.create(requestedPrivileges.toRolesConfig(), actionGroupResolver);
    }

    public boolean impliesClusterPermissionPermission(String str) {
        return this.base.impliesClusterPermissionPermission(str) && this.restrictionSgRoles.impliesClusterPermissionPermission(str);
    }

    public Set<String> getRoleNames() {
        if (this.restriction.getRoles() == null || this.restriction.getRoles().size() == 0) {
            return this.base.getRoleNames();
        }
        HashSet hashSet = new HashSet(this.restriction.getRoles().size());
        Set roleNames = this.base.getRoleNames();
        for (String str : this.restriction.getRoles()) {
            if (roleNames.contains(str)) {
                hashSet.add(str);
            }
        }
        return hashSet;
    }

    public Set<String> reduce(IndexResolverReplacer.Resolved resolved, User user, String[] strArr, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
        Set reduce = this.restrictionSgRoles.reduce(resolved, user, strArr, indexNameExpressionResolver, clusterService);
        return reduce.isEmpty() ? Collections.emptySet() : Sets.intersection(this.base.reduce(resolved, user, strArr, indexNameExpressionResolver, clusterService), reduce);
    }

    public boolean impliesTypePermGlobal(IndexResolverReplacer.Resolved resolved, User user, String[] strArr, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
        boolean impliesTypePermGlobal = this.restrictionSgRoles.impliesTypePermGlobal(resolved, user, strArr, indexNameExpressionResolver, clusterService);
        if (impliesTypePermGlobal) {
            return impliesTypePermGlobal && this.base.impliesTypePermGlobal(resolved, user, strArr, indexNameExpressionResolver, clusterService);
        }
        return false;
    }

    public boolean get(IndexResolverReplacer.Resolved resolved, User user, String[] strArr, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
        boolean z = this.restrictionSgRoles.get(resolved, user, strArr, indexNameExpressionResolver, clusterService);
        if (z) {
            return z && this.base.get(resolved, user, strArr, indexNameExpressionResolver, clusterService);
        }
        return false;
    }

    public Map<String, Set<String>> getMaskedFields(User user, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
        return this.base.getMaskedFields(user, indexNameExpressionResolver, clusterService);
    }

    public Tuple<Map<String, Set<String>>, Map<String, Set<String>>> getDlsFls(User user, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
        return this.base.getDlsFls(user, indexNameExpressionResolver, clusterService);
    }

    public Set<String> getAllPermittedIndicesForKibana(IndexResolverReplacer.Resolved resolved, User user, String[] strArr, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
        Set allPermittedIndicesForKibana = this.restrictionSgRoles.getAllPermittedIndicesForKibana(resolved, user, strArr, indexNameExpressionResolver, clusterService);
        return allPermittedIndicesForKibana.isEmpty() ? Collections.emptySet() : Sets.intersection(this.base.getAllPermittedIndicesForKibana(resolved, user, strArr, indexNameExpressionResolver, clusterService), allPermittedIndicesForKibana);
    }

    public SgRoles filter(Set<String> set) {
        throw new RuntimeException("Not implemented");
    }

    public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
        throw new RuntimeException("Not implemented");
    }

    public SgRoles.TenantPermissions getTenantPermissions(User user, String str) {
        final SgRoles.TenantPermissions tenantPermissions = this.restrictionSgRoles.getTenantPermissions(user, str);
        final SgRoles.TenantPermissions tenantPermissions2 = this.base.getTenantPermissions(user, str);
        return new SgRoles.TenantPermissions() { // from class: com.floragunn.searchguard.authtoken.RestrictedSgRoles.1
            public boolean isWritePermitted() {
                return tenantPermissions.isWritePermitted() && tenantPermissions2.isWritePermitted();
            }

            public boolean isReadPermitted() {
                return tenantPermissions.isReadPermitted() && tenantPermissions2.isReadPermitted();
            }

            public Set<String> getPermissions() {
                return Sets.intersection(tenantPermissions.getPermissions(), tenantPermissions2.getPermissions());
            }
        };
    }

    public boolean hasTenantPermission(User user, String str, String str2) {
        boolean hasTenantPermission = this.restrictionSgRoles.hasTenantPermission(user, str, str2);
        if (hasTenantPermission) {
            return hasTenantPermission && this.base.hasTenantPermission(user, str, str2);
        }
        return false;
    }

    public Map<String, Boolean> mapTenants(User user, Set<String> set) {
        Map mapTenants = this.restrictionSgRoles.mapTenants(user, set);
        Map mapTenants2 = this.base.mapTenants(user, set);
        HashMap hashMap = new HashMap(mapTenants2.size());
        for (Map.Entry entry : mapTenants2.entrySet()) {
            Boolean bool = (Boolean) mapTenants.get(entry.getKey());
            if (bool != null) {
                hashMap.put((String) entry.getKey(), Boolean.valueOf(bool.booleanValue() && ((Boolean) entry.getValue()).booleanValue()));
            }
        }
        return hashMap;
    }
}
