package com.floragunn.searchguard.dlic.rest.api;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.flipkart.zjsonpatch.JsonPatch;
import com.flipkart.zjsonpatch.JsonPatchApplicationException;
import com.floragunn.searchguard.DefaultObjectMapper;
import com.floragunn.searchguard.auditlog.AuditLog;
import com.floragunn.searchguard.configuration.AdminDNs;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.dlic.rest.api.AbstractApiAction;
import com.floragunn.searchguard.dlic.rest.support.Utils;
import com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator;
import com.floragunn.searchguard.privileges.PrivilegesEvaluator;
import com.floragunn.searchguard.privileges.SpecialPrivilegesEvaluationContextProviderRegistry;
import com.floragunn.searchguard.sgconf.StaticSgConfig;
import com.floragunn.searchguard.sgconf.impl.SgDynamicConfiguration;
import com.floragunn.searchguard.ssl.transport.PrincipalExtractor;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.util.Iterator;
import java.util.List;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestHandler;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/PatchableResourceApiAction.class */
public abstract class PatchableResourceApiAction extends AbstractApiAction {
    protected final Logger log;

    public PatchableResourceApiAction(Settings settings, Path path, RestController restController, Client client, AdminDNs adminDNs, ConfigurationRepository configurationRepository, StaticSgConfig staticSgConfig, ClusterService clusterService, PrincipalExtractor principalExtractor, PrivilegesEvaluator privilegesEvaluator, SpecialPrivilegesEvaluationContextProviderRegistry specialPrivilegesEvaluationContextProviderRegistry, ThreadPool threadPool, AuditLog auditLog) {
        super(settings, path, restController, client, adminDNs, configurationRepository, staticSgConfig, clusterService, principalExtractor, privilegesEvaluator, specialPrivilegesEvaluationContextProviderRegistry, threadPool, auditLog);
        this.log = LogManager.getLogger(getClass());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<RestHandler.Route> getStandardResourceRoutes(String str) {
        return ImmutableList.of(new RestHandler.Route(RestRequest.Method.GET, "/_searchguard/api/" + str + "/{name}"), new RestHandler.Route(RestRequest.Method.GET, "/_searchguard/api/" + str + "/"), new RestHandler.Route(RestRequest.Method.DELETE, "/_searchguard/api/" + str + "/{name}"), new RestHandler.Route(RestRequest.Method.PUT, "/_searchguard/api/" + str + "/{name}"), new RestHandler.Route(RestRequest.Method.PATCH, "/_searchguard/api/" + str + "/"), new RestHandler.Route(RestRequest.Method.PATCH, "/_searchguard/api/" + str + "/{name}"));
    }

    private void handlePatch(RestChannel restChannel, RestRequest restRequest, Client client) throws IOException {
        if (restRequest.getXContentType() != XContentType.JSON) {
            badRequestResponse(restChannel, "PATCH accepts only application/json");
            return;
        }
        String param = restRequest.param("name");
        SgDynamicConfiguration<?> load = load(getConfigName(), false);
        try {
            JsonNode readTree = DefaultObjectMapper.readTree(restRequest.content().utf8ToString());
            JsonNode convertJsonToJackson = Utils.convertJsonToJackson(load, true);
            if (!(convertJsonToJackson instanceof ObjectNode)) {
                internalErrorResponse(restChannel, "Config " + getConfigName() + " is malformed");
                return;
            }
            ObjectNode objectNode = (ObjectNode) convertJsonToJackson;
            if (Strings.isNullOrEmpty(param)) {
                handleBulkPatch(restChannel, restRequest, client, load, objectNode, readTree);
            } else {
                handleSinglePatch(restChannel, restRequest, client, param, load, objectNode, readTree);
            }
        } catch (IOException e) {
            this.log.debug("Error while parsing JSON patch", e);
            badRequestResponse(restChannel, "Error in JSON patch: " + e.getMessage());
        }
    }

    private void handleSinglePatch(final RestChannel restChannel, RestRequest restRequest, Client client, final String str, SgDynamicConfiguration<?> sgDynamicConfiguration, ObjectNode objectNode, JsonNode jsonNode) throws IOException {
        if (isHidden(sgDynamicConfiguration, str)) {
            notFound(restChannel, getResourceName() + " " + str + " not found.");
            return;
        }
        if (isReserved(sgDynamicConfiguration, str)) {
            forbidden(restChannel, "Resource '" + str + "' is read-only.");
            return;
        }
        if (!sgDynamicConfiguration.exists(str)) {
            notFound(restChannel, getResourceName() + " " + str + " not found.");
            return;
        }
        JsonNode jsonNode2 = objectNode.get(str);
        try {
            JsonNode applyPatch = applyPatch(jsonNode, jsonNode2);
            AbstractConfigurationValidator postProcessApplyPatchResult = postProcessApplyPatchResult(restChannel, restRequest, jsonNode2, applyPatch, str);
            if (postProcessApplyPatchResult != null && !postProcessApplyPatchResult.validate()) {
                restRequest.params().clear();
                badRequestResponse(restChannel, postProcessApplyPatchResult);
                return;
            }
            AbstractConfigurationValidator validator = getValidator(restRequest, applyPatch);
            if (validator.validate()) {
                saveAnUpdateConfigs(client, restRequest, getConfigName(), SgDynamicConfiguration.fromNode(objectNode.deepCopy().set(str, applyPatch), sgDynamicConfiguration.getCType(), sgDynamicConfiguration.getVersion(), sgDynamicConfiguration.getDocVersion(), sgDynamicConfiguration.getSeqNo(), sgDynamicConfiguration.getPrimaryTerm()), new AbstractApiAction.OnSucessActionListener<IndexResponse>(restChannel) { // from class: com.floragunn.searchguard.dlic.rest.api.PatchableResourceApiAction.1
                    public void onResponse(IndexResponse indexResponse) {
                        PatchableResourceApiAction.this.successResponse(restChannel, "'" + str + "' updated.");
                    }
                });
            } else {
                restRequest.params().clear();
                badRequestResponse(restChannel, validator);
            }
        } catch (JsonPatchApplicationException | IllegalArgumentException e) {
            this.log.debug("Error while applying JSON patch", e);
            badRequestResponse(restChannel, e.getMessage());
        }
    }

    private void handleBulkPatch(final RestChannel restChannel, RestRequest restRequest, Client client, SgDynamicConfiguration<?> sgDynamicConfiguration, ObjectNode objectNode, JsonNode jsonNode) throws IOException {
        try {
            JsonNode applyPatch = applyPatch(jsonNode, objectNode);
            for (String str : sgDynamicConfiguration.getCEntries().keySet()) {
                JsonNode jsonNode2 = objectNode.get(str);
                JsonNode jsonNode3 = applyPatch.get(str);
                if (jsonNode2 != null && !jsonNode2.equals(jsonNode3)) {
                    if (isReserved(sgDynamicConfiguration, str)) {
                        forbidden(restChannel, "Resource '" + str + "' is read-only.");
                        return;
                    } else if (isHidden(sgDynamicConfiguration, str)) {
                        badRequestResponse(restChannel, "Resource name '" + str + "' is reserved");
                        return;
                    }
                }
            }
            Iterator fieldNames = applyPatch.fieldNames();
            while (fieldNames.hasNext()) {
                String str2 = (String) fieldNames.next();
                JsonNode jsonNode4 = objectNode.get(str2);
                JsonNode jsonNode5 = applyPatch.get(str2);
                AbstractConfigurationValidator postProcessApplyPatchResult = postProcessApplyPatchResult(restChannel, restRequest, jsonNode4, jsonNode5, str2);
                if (postProcessApplyPatchResult != null && !postProcessApplyPatchResult.validate()) {
                    restRequest.params().clear();
                    badRequestResponse(restChannel, postProcessApplyPatchResult);
                    return;
                } else if (jsonNode4 == null || !jsonNode4.equals(jsonNode5)) {
                    AbstractConfigurationValidator validator = getValidator(restRequest, jsonNode5);
                    if (!validator.validate()) {
                        restRequest.params().clear();
                        badRequestResponse(restChannel, validator);
                        return;
                    }
                }
            }
            saveAnUpdateConfigs(client, restRequest, getConfigName(), SgDynamicConfiguration.fromNode(applyPatch, sgDynamicConfiguration.getCType(), sgDynamicConfiguration.getVersion(), sgDynamicConfiguration.getDocVersion(), sgDynamicConfiguration.getSeqNo(), sgDynamicConfiguration.getPrimaryTerm()), new AbstractApiAction.OnSucessActionListener<IndexResponse>(restChannel) { // from class: com.floragunn.searchguard.dlic.rest.api.PatchableResourceApiAction.2
                public void onResponse(IndexResponse indexResponse) {
                    PatchableResourceApiAction.this.successResponse(restChannel, "Resource updated.");
                }
            });
        } catch (JsonPatchApplicationException e) {
            this.log.debug("Error while applying JSON patch", e);
            badRequestResponse(restChannel, e.getMessage());
        }
    }

    private JsonNode applyPatch(JsonNode jsonNode, JsonNode jsonNode2) {
        return JsonPatch.apply(jsonNode, jsonNode2);
    }

    protected AbstractConfigurationValidator postProcessApplyPatchResult(RestChannel restChannel, RestRequest restRequest, JsonNode jsonNode, JsonNode jsonNode2, String str) {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.floragunn.searchguard.dlic.rest.api.AbstractApiAction
    public void handleApiRequest(RestChannel restChannel, RestRequest restRequest, Client client) throws IOException {
        if (restRequest.method() == RestRequest.Method.PATCH) {
            handlePatch(restChannel, restRequest, client);
        } else {
            super.handleApiRequest(restChannel, restRequest, client);
        }
    }

    private AbstractConfigurationValidator getValidator(RestRequest restRequest, JsonNode jsonNode) throws JsonProcessingException {
        return getValidator(restRequest, new BytesArray(DefaultObjectMapper.objectMapper.writeValueAsString(jsonNode).getBytes(StandardCharsets.UTF_8)), new Object[0]);
    }
}
