package com.floragunn.searchguard.dlic.rest.api;

import com.floragunn.dlic.auth.ldap.util.ConfigConstants;
import com.floragunn.searchguard.auditlog.AuditLog;
import com.floragunn.searchguard.configuration.AdminDNs;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.privileges.PrivilegesEvaluator;
import com.floragunn.searchguard.privileges.SpecialPrivilegesEvaluationContext;
import com.floragunn.searchguard.privileges.SpecialPrivilegesEvaluationContextProviderRegistry;
import com.floragunn.searchguard.ssl.transport.PrincipalExtractor;
import com.floragunn.searchguard.user.User;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.nio.file.Path;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.rest.BaseRestHandler;
import org.elasticsearch.rest.BytesRestResponse;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestHandler;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/PermissionsInfoAction.class */
public class PermissionsInfoAction extends BaseRestHandler {
    private final RestApiPrivilegesEvaluator restApiPrivilegesEvaluator;
    private final ThreadPool threadPool;
    private final PrivilegesEvaluator privilegesEvaluator;
    private final SpecialPrivilegesEvaluationContextProviderRegistry specialPrivilegesEvaluationContextProviderRegistry;

    /* renamed from: com.floragunn.searchguard.dlic.rest.api.PermissionsInfoAction$2, reason: invalid class name */
    /* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/PermissionsInfoAction$2.class */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$elasticsearch$rest$RestRequest$Method = new int[RestRequest.Method.values().length];

        static {
            try {
                $SwitchMap$org$elasticsearch$rest$RestRequest$Method[RestRequest.Method.GET.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PermissionsInfoAction(Settings settings, Path path, RestController restController, Client client, AdminDNs adminDNs, ConfigurationRepository configurationRepository, ClusterService clusterService, PrincipalExtractor principalExtractor, PrivilegesEvaluator privilegesEvaluator, SpecialPrivilegesEvaluationContextProviderRegistry specialPrivilegesEvaluationContextProviderRegistry, ThreadPool threadPool, AuditLog auditLog) {
        this.threadPool = threadPool;
        this.privilegesEvaluator = privilegesEvaluator;
        this.restApiPrivilegesEvaluator = new RestApiPrivilegesEvaluator(settings, adminDNs, privilegesEvaluator, specialPrivilegesEvaluationContextProviderRegistry, principalExtractor, path, threadPool);
        this.specialPrivilegesEvaluationContextProviderRegistry = specialPrivilegesEvaluationContextProviderRegistry;
    }

    public List<RestHandler.Route> routes() {
        return ImmutableList.of(new RestHandler.Route(RestRequest.Method.GET, "/_searchguard/api/permissionsinfo"));
    }

    public String getName() {
        return getClass().getSimpleName();
    }

    protected BaseRestHandler.RestChannelConsumer prepareRequest(RestRequest restRequest, NodeClient nodeClient) throws IOException {
        switch (AnonymousClass2.$SwitchMap$org$elasticsearch$rest$RestRequest$Method[restRequest.method().ordinal()]) {
            case ConfigConstants.LDAPS_VERIFY_HOSTNAMES_DEFAULT /* 1 */:
                return handleGet(restRequest, nodeClient);
            default:
                throw new IllegalArgumentException(restRequest.method() + " not supported");
        }
    }

    private BaseRestHandler.RestChannelConsumer handleGet(RestRequest restRequest, NodeClient nodeClient) throws IOException {
        return new BaseRestHandler.RestChannelConsumer() { // from class: com.floragunn.searchguard.dlic.rest.api.PermissionsInfoAction.1
            public void accept(RestChannel restChannel) throws Exception {
                BytesRestResponse bytesRestResponse;
                Set<String> mappedRoles;
                XContentBuilder newBuilder = restChannel.newBuilder();
                try {
                    try {
                        User user = (User) PermissionsInfoAction.this.threadPool.getThreadContext().getTransient("_sg_user");
                        SpecialPrivilegesEvaluationContext provide = PermissionsInfoAction.this.specialPrivilegesEvaluationContextProviderRegistry != null ? PermissionsInfoAction.this.specialPrivilegesEvaluationContextProviderRegistry.provide(user, PermissionsInfoAction.this.threadPool.getThreadContext()) : null;
                        boolean z = true;
                        if (provide == null) {
                            mappedRoles = PermissionsInfoAction.this.privilegesEvaluator.mapSgRoles(user, (TransportAddress) PermissionsInfoAction.this.threadPool.getThreadContext().getTransient("_sg_remote_address"));
                        } else {
                            user = provide.getUser();
                            TransportAddress caller = provide.getCaller() != null ? provide.getCaller() : (TransportAddress) PermissionsInfoAction.this.threadPool.getThreadContext().getTransient("_sg_remote_address");
                            mappedRoles = provide.getMappedRoles();
                            z = provide.isSgConfigRestApiAllowed();
                        }
                        boolean z2 = z && PermissionsInfoAction.this.restApiPrivilegesEvaluator.currentUserHasRestApiAccess(mappedRoles);
                        Map<Endpoint, List<RestRequest.Method>> disabledEndpointsForCurrentUser = PermissionsInfoAction.this.restApiPrivilegesEvaluator.getDisabledEndpointsForCurrentUser(user, mappedRoles);
                        newBuilder.startObject();
                        newBuilder.field("user", user == null ? null : user.toString());
                        newBuilder.field("user_name", user == null ? null : user.getName());
                        newBuilder.field("has_api_access", z2);
                        newBuilder.startObject("disabled_endpoints");
                        for (Map.Entry<Endpoint, List<RestRequest.Method>> entry : disabledEndpointsForCurrentUser.entrySet()) {
                            newBuilder.field(entry.getKey().name(), entry.getValue());
                        }
                        newBuilder.endObject();
                        newBuilder.endObject();
                        bytesRestResponse = new BytesRestResponse(RestStatus.OK, newBuilder);
                        if (newBuilder != null) {
                            newBuilder.close();
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                        XContentBuilder newBuilder2 = restChannel.newBuilder();
                        newBuilder2.startObject();
                        newBuilder2.field("error", e.toString());
                        newBuilder2.endObject();
                        bytesRestResponse = new BytesRestResponse(RestStatus.INTERNAL_SERVER_ERROR, newBuilder2);
                        if (newBuilder2 != null) {
                            newBuilder2.close();
                        }
                    }
                    restChannel.sendResponse(bytesRestResponse);
                } catch (Throwable th) {
                    if (newBuilder != null) {
                        newBuilder.close();
                    }
                    throw th;
                }
            }
        };
    }
}
