package com.floragunn.searchguard.authtoken;

import com.fasterxml.jackson.databind.JsonNode;
import com.floragunn.dlic.auth.ldap.util.ConfigConstants;
import com.floragunn.searchguard.sgconf.impl.SgDynamicConfiguration;
import com.floragunn.searchguard.sgconf.impl.v7.RoleV7;
import com.floragunn.searchsupport.config.validation.ConfigValidationException;
import com.floragunn.searchsupport.config.validation.ValidatingJsonNode;
import com.floragunn.searchsupport.config.validation.ValidatingJsonParser;
import com.floragunn.searchsupport.config.validation.ValidationError;
import com.floragunn.searchsupport.config.validation.ValidationErrors;
import java.io.IOException;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.io.stream.Writeable;
import org.elasticsearch.xcontent.ToXContent;
import org.elasticsearch.xcontent.ToXContentObject;
import org.elasticsearch.xcontent.XContentBuilder;

/* loaded from: input_file:com/floragunn/searchguard/authtoken/RequestedPrivileges.class */
public class RequestedPrivileges implements Writeable, ToXContentObject, Serializable {
    private static final long serialVersionUID = 5862219250642101795L;
    private static final List<String> WILDCARD_LIST = Collections.singletonList("*");
    private List<String> clusterPermissions;
    private List<IndexPermissions> indexPermissions;
    private List<TenantPermissions> tenantPermissions;
    private List<String> roles;
    private List<String> excludedClusterPermissions;
    private List<ExcludedIndexPermissions> excludedIndexPermissions;

    /* loaded from: input_file:com/floragunn/searchguard/authtoken/RequestedPrivileges$ExcludedIndexPermissions.class */
    public static class ExcludedIndexPermissions implements Writeable, ToXContentObject, Serializable {
        private static final long serialVersionUID = -2567351561923741922L;
        private List<String> indexPatterns;
        private List<String> actions;

        ExcludedIndexPermissions(List<String> list, List<String> list2) {
            this.indexPatterns = list;
            this.actions = list2;
        }

        ExcludedIndexPermissions(StreamInput streamInput) throws IOException {
            this.indexPatterns = streamInput.readStringList();
            this.actions = streamInput.readStringList();
        }

        public void writeTo(StreamOutput streamOutput) throws IOException {
            streamOutput.writeStringCollection(this.indexPatterns);
            streamOutput.writeStringCollection(this.actions);
        }

        public static ExcludedIndexPermissions parse(JsonNode jsonNode) throws ConfigValidationException {
            ValidationErrors validationErrors = new ValidationErrors();
            ValidatingJsonNode validatingJsonNode = new ValidatingJsonNode(jsonNode, validationErrors);
            List requiredStringList = validatingJsonNode.requiredStringList("index_patterns", 1);
            List requiredStringList2 = validatingJsonNode.requiredStringList("actions", 1);
            validationErrors.throwExceptionForPresentErrors();
            return new ExcludedIndexPermissions(requiredStringList, requiredStringList2);
        }

        public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
            xContentBuilder.startObject();
            xContentBuilder.field("index_patterns", this.indexPatterns);
            xContentBuilder.field("actions", this.actions);
            xContentBuilder.endObject();
            return xContentBuilder;
        }

        public String toString() {
            return "ExcludedIndexPermissions [indexPatterns=" + this.indexPatterns + ", actions=" + this.actions + "]";
        }

        public int hashCode() {
            return (31 * ((31 * 1) + (this.actions == null ? 0 : this.actions.hashCode()))) + (this.indexPatterns == null ? 0 : this.indexPatterns.hashCode());
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            IndexPermissions indexPermissions = (IndexPermissions) obj;
            if (this.actions == null) {
                if (indexPermissions.allowedActions != null) {
                    return false;
                }
            } else if (!this.actions.equals(indexPermissions.allowedActions)) {
                return false;
            }
            return this.indexPatterns == null ? indexPermissions.indexPatterns == null : this.indexPatterns.equals(indexPermissions.indexPatterns);
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/authtoken/RequestedPrivileges$IndexPermissions.class */
    public static class IndexPermissions implements Writeable, ToXContentObject, Serializable {
        private static final long serialVersionUID = -2567351561923741922L;
        private List<String> indexPatterns;
        private List<String> allowedActions;

        IndexPermissions(List<String> list, List<String> list2) {
            this.indexPatterns = list;
            this.allowedActions = list2;
        }

        IndexPermissions(StreamInput streamInput) throws IOException {
            this.indexPatterns = streamInput.readStringList();
            this.allowedActions = streamInput.readStringList();
        }

        public void writeTo(StreamOutput streamOutput) throws IOException {
            streamOutput.writeStringCollection(this.indexPatterns);
            streamOutput.writeStringCollection(this.allowedActions);
        }

        public static IndexPermissions parse(JsonNode jsonNode) throws ConfigValidationException {
            ValidationErrors validationErrors = new ValidationErrors();
            ValidatingJsonNode validatingJsonNode = new ValidatingJsonNode(jsonNode, validationErrors);
            List requiredStringList = validatingJsonNode.requiredStringList("index_patterns", 1);
            List requiredStringList2 = validatingJsonNode.requiredStringList("allowed_actions", 1);
            validationErrors.throwExceptionForPresentErrors();
            return new IndexPermissions(requiredStringList, requiredStringList2);
        }

        public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
            xContentBuilder.startObject();
            xContentBuilder.field("index_patterns", this.indexPatterns);
            xContentBuilder.field("allowed_actions", this.allowedActions);
            xContentBuilder.endObject();
            return xContentBuilder;
        }

        public String toString() {
            return "IndexPermissions [indexPatterns=" + this.indexPatterns + ", allowedActions=" + this.allowedActions + "]";
        }

        public int hashCode() {
            return (31 * ((31 * 1) + (this.allowedActions == null ? 0 : this.allowedActions.hashCode()))) + (this.indexPatterns == null ? 0 : this.indexPatterns.hashCode());
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            IndexPermissions indexPermissions = (IndexPermissions) obj;
            if (this.allowedActions == null) {
                if (indexPermissions.allowedActions != null) {
                    return false;
                }
            } else if (!this.allowedActions.equals(indexPermissions.allowedActions)) {
                return false;
            }
            return this.indexPatterns == null ? indexPermissions.indexPatterns == null : this.indexPatterns.equals(indexPermissions.indexPatterns);
        }

        public boolean isWildcard() {
            return this.indexPatterns.contains("*") & this.allowedActions.contains("*");
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/authtoken/RequestedPrivileges$TenantPermissions.class */
    public static class TenantPermissions implements Writeable, ToXContentObject, Serializable {
        private static final long serialVersionUID = 170036537583928629L;
        private List<String> tenantPatterns;
        private List<String> allowedActions;

        TenantPermissions(List<String> list, List<String> list2) {
            this.tenantPatterns = list;
            this.allowedActions = list2;
        }

        TenantPermissions(StreamInput streamInput) throws IOException {
            this.tenantPatterns = streamInput.readStringList();
            this.allowedActions = streamInput.readStringList();
        }

        public void writeTo(StreamOutput streamOutput) throws IOException {
            streamOutput.writeStringCollection(this.tenantPatterns);
            streamOutput.writeStringCollection(this.allowedActions);
        }

        public static TenantPermissions parse(JsonNode jsonNode) throws ConfigValidationException {
            ValidationErrors validationErrors = new ValidationErrors();
            ValidatingJsonNode validatingJsonNode = new ValidatingJsonNode(jsonNode, validationErrors);
            List requiredStringList = validatingJsonNode.requiredStringList("tenant_patterns", 1);
            List requiredStringList2 = validatingJsonNode.requiredStringList("allowed_actions", 1);
            validationErrors.throwExceptionForPresentErrors();
            return new TenantPermissions(requiredStringList, requiredStringList2);
        }

        public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
            xContentBuilder.startObject();
            xContentBuilder.field("tenant_patterns", this.tenantPatterns);
            xContentBuilder.field("allowed_actions", this.allowedActions);
            xContentBuilder.endObject();
            return xContentBuilder;
        }

        public String toString() {
            return "TenantPermissions [tenantPatterns=" + this.tenantPatterns + ", allowedActions=" + this.allowedActions + "]";
        }

        public int hashCode() {
            return (31 * ((31 * 1) + (this.allowedActions == null ? 0 : this.allowedActions.hashCode()))) + (this.tenantPatterns == null ? 0 : this.tenantPatterns.hashCode());
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            TenantPermissions tenantPermissions = (TenantPermissions) obj;
            if (this.allowedActions == null) {
                if (tenantPermissions.allowedActions != null) {
                    return false;
                }
            } else if (!this.allowedActions.equals(tenantPermissions.allowedActions)) {
                return false;
            }
            return this.tenantPatterns == null ? tenantPermissions.tenantPatterns == null : this.tenantPatterns.equals(tenantPermissions.tenantPatterns);
        }

        public boolean isWildcard() {
            return this.tenantPatterns.contains("*") & this.allowedActions.contains("*");
        }
    }

    public RequestedPrivileges(StreamInput streamInput) throws IOException {
        this.clusterPermissions = streamInput.readStringList();
        this.indexPermissions = streamInput.readList(IndexPermissions::new);
        this.tenantPermissions = streamInput.readList(TenantPermissions::new);
        this.excludedClusterPermissions = streamInput.readStringList();
        this.excludedIndexPermissions = streamInput.readList(ExcludedIndexPermissions::new);
        this.roles = streamInput.readOptionalStringList();
    }

    private RequestedPrivileges() {
    }

    public List<String> getClusterPermissions() {
        return this.clusterPermissions;
    }

    public List<IndexPermissions> getIndexPermissions() {
        return this.indexPermissions;
    }

    public List<TenantPermissions> getTenantPermissions() {
        return this.tenantPermissions;
    }

    public List<String> getRoles() {
        return this.roles;
    }

    public List<String> getExcludedClusterPermissions() {
        return this.excludedClusterPermissions;
    }

    public List<ExcludedIndexPermissions> getExcludedIndexPermissions() {
        return this.excludedIndexPermissions;
    }

    public RequestedPrivileges excludeClusterPermissions(List<String> list) {
        if (list == null || list.size() == 0) {
            return this;
        }
        RequestedPrivileges requestedPrivileges = new RequestedPrivileges();
        requestedPrivileges.clusterPermissions = this.clusterPermissions;
        requestedPrivileges.indexPermissions = this.indexPermissions;
        requestedPrivileges.tenantPermissions = this.tenantPermissions;
        requestedPrivileges.roles = this.roles;
        requestedPrivileges.excludedIndexPermissions = this.excludedIndexPermissions;
        ArrayList arrayList = new ArrayList(this.excludedClusterPermissions);
        arrayList.addAll(list);
        requestedPrivileges.excludedClusterPermissions = Collections.unmodifiableList(arrayList);
        return requestedPrivileges;
    }

    public RequestedPrivileges excludeIndexPermissions(List<ExcludedIndexPermissions> list) {
        if (list == null || list.size() == 0) {
            return this;
        }
        RequestedPrivileges requestedPrivileges = new RequestedPrivileges();
        requestedPrivileges.clusterPermissions = this.clusterPermissions;
        requestedPrivileges.indexPermissions = this.indexPermissions;
        requestedPrivileges.tenantPermissions = this.tenantPermissions;
        requestedPrivileges.roles = this.roles;
        requestedPrivileges.excludedClusterPermissions = this.excludedClusterPermissions;
        ArrayList arrayList = new ArrayList(this.excludedIndexPermissions);
        arrayList.addAll(list);
        requestedPrivileges.excludedIndexPermissions = Collections.unmodifiableList(arrayList);
        return requestedPrivileges;
    }

    public boolean isTotalWildcard() {
        if (!this.clusterPermissions.contains("*")) {
            return false;
        }
        if (this.excludedClusterPermissions != null && this.excludedClusterPermissions.size() > 0) {
            return false;
        }
        if (this.excludedIndexPermissions == null || this.excludedIndexPermissions.size() <= 0) {
            return (this.roles == null || this.roles.size() <= 0) && this.indexPermissions.size() == 1 && this.indexPermissions.get(0).isWildcard() && this.tenantPermissions.size() == 1 && this.tenantPermissions.get(0).isWildcard();
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SgDynamicConfiguration<RoleV7> toRolesConfig() {
        SgDynamicConfiguration<RoleV7> empty = SgDynamicConfiguration.empty();
        RoleV7 roleV7 = new RoleV7();
        roleV7.setCluster_permissions(new ArrayList(this.clusterPermissions));
        roleV7.setExclude_cluster_permissions(new ArrayList(this.excludedClusterPermissions));
        ArrayList arrayList = new ArrayList();
        for (IndexPermissions indexPermissions : this.indexPermissions) {
            RoleV7.Index index = new RoleV7.Index();
            index.setIndex_patterns(new ArrayList(indexPermissions.indexPatterns));
            index.setAllowed_actions(new ArrayList(indexPermissions.allowedActions));
            arrayList.add(index);
        }
        roleV7.setIndex_permissions(arrayList);
        ArrayList arrayList2 = new ArrayList();
        for (ExcludedIndexPermissions excludedIndexPermissions : this.excludedIndexPermissions) {
            RoleV7.ExcludeIndex excludeIndex = new RoleV7.ExcludeIndex();
            excludeIndex.setIndex_patterns(new ArrayList(excludedIndexPermissions.indexPatterns));
            excludeIndex.setActions(new ArrayList(excludedIndexPermissions.actions));
            arrayList2.add(excludeIndex);
        }
        roleV7.setIndex_permissions(arrayList);
        ArrayList arrayList3 = new ArrayList();
        for (TenantPermissions tenantPermissions : this.tenantPermissions) {
            RoleV7.Tenant tenant = new RoleV7.Tenant();
            tenant.setTenant_patterns(new ArrayList(tenantPermissions.tenantPatterns));
            tenant.setAllowed_actions(new ArrayList(tenantPermissions.allowedActions));
            arrayList3.add(tenant);
        }
        roleV7.setTenant_permissions(arrayList3);
        empty.putCEntry("_requested_privileges", roleV7);
        return empty;
    }

    public void writeTo(StreamOutput streamOutput) throws IOException {
        streamOutput.writeStringCollection(this.clusterPermissions);
        streamOutput.writeList(this.indexPermissions);
        streamOutput.writeList(this.tenantPermissions);
        streamOutput.writeStringCollection(this.excludedClusterPermissions);
        streamOutput.writeList(this.excludedIndexPermissions);
        streamOutput.writeOptionalStringCollection(this.roles);
    }

    public static RequestedPrivileges parse(JsonNode jsonNode) throws ConfigValidationException {
        if (jsonNode.isTextual() && jsonNode.textValue().equals("*")) {
            return totalWildcard();
        }
        ValidationErrors validationErrors = new ValidationErrors();
        ValidatingJsonNode validatingJsonNode = new ValidatingJsonNode(jsonNode, validationErrors);
        RequestedPrivileges requestedPrivileges = new RequestedPrivileges();
        requestedPrivileges.clusterPermissions = validatingJsonNode.stringList("cluster_permissions");
        requestedPrivileges.indexPermissions = validatingJsonNode.list("index_permissions", IndexPermissions::parse);
        requestedPrivileges.tenantPermissions = validatingJsonNode.list("tenant_permissions", TenantPermissions::parse);
        requestedPrivileges.excludedClusterPermissions = validatingJsonNode.stringList("exclude_cluster_permissions");
        requestedPrivileges.excludedIndexPermissions = validatingJsonNode.list("exclude_index_permissions", ExcludedIndexPermissions::parse);
        requestedPrivileges.roles = validatingJsonNode.stringList(ConfigConstants.LDAP_AUTHZ_ROLES);
        validationErrors.throwExceptionForPresentErrors();
        if (requestedPrivileges.clusterPermissions == null && requestedPrivileges.indexPermissions == null && requestedPrivileges.tenantPermissions == null) {
            if (requestedPrivileges.roles != null && !requestedPrivileges.roles.isEmpty()) {
                requestedPrivileges.clusterPermissions = WILDCARD_LIST;
                requestedPrivileges.indexPermissions = Arrays.asList(new IndexPermissions(WILDCARD_LIST, WILDCARD_LIST));
                requestedPrivileges.tenantPermissions = Arrays.asList(new TenantPermissions(WILDCARD_LIST, WILDCARD_LIST));
                return requestedPrivileges;
            }
            validationErrors.add(new ValidationError((String) null, "No permissions or roles have been specified"));
        }
        if (requestedPrivileges.clusterPermissions == null) {
            requestedPrivileges.clusterPermissions = Collections.emptyList();
        }
        if (requestedPrivileges.indexPermissions == null) {
            requestedPrivileges.indexPermissions = Collections.emptyList();
        }
        if (requestedPrivileges.tenantPermissions == null) {
            requestedPrivileges.tenantPermissions = Collections.emptyList();
        }
        if (requestedPrivileges.excludedClusterPermissions == null) {
            requestedPrivileges.excludedClusterPermissions = Collections.emptyList();
        }
        if (requestedPrivileges.excludedIndexPermissions == null) {
            requestedPrivileges.excludedIndexPermissions = Collections.emptyList();
        }
        if (!validationErrors.hasErrors() && requestedPrivileges.clusterPermissions.isEmpty() && requestedPrivileges.indexPermissions.isEmpty() && requestedPrivileges.tenantPermissions.isEmpty() && (requestedPrivileges.roles == null || requestedPrivileges.roles.isEmpty())) {
            validationErrors.add(new ValidationError((String) null, "No permissions or roles have been specified"));
        }
        validationErrors.throwExceptionForPresentErrors();
        return requestedPrivileges;
    }

    public static RequestedPrivileges totalWildcard() {
        RequestedPrivileges requestedPrivileges = new RequestedPrivileges();
        requestedPrivileges.clusterPermissions = WILDCARD_LIST;
        requestedPrivileges.indexPermissions = Arrays.asList(new IndexPermissions(WILDCARD_LIST, WILDCARD_LIST));
        requestedPrivileges.tenantPermissions = Arrays.asList(new TenantPermissions(WILDCARD_LIST, WILDCARD_LIST));
        return requestedPrivileges;
    }

    public static RequestedPrivileges parseYaml(String str) throws ConfigValidationException {
        return parse(ValidatingJsonParser.readYamlTree(str));
    }

    public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
        xContentBuilder.startObject();
        if (this.clusterPermissions != null && this.clusterPermissions.size() > 0) {
            xContentBuilder.field("cluster_permissions", this.clusterPermissions);
        }
        if (this.indexPermissions != null && this.indexPermissions.size() > 0) {
            xContentBuilder.field("index_permissions", this.indexPermissions);
        }
        if (this.tenantPermissions != null && this.tenantPermissions.size() > 0) {
            xContentBuilder.field("tenant_permissions", this.tenantPermissions);
        }
        if (this.excludedClusterPermissions != null && this.excludedClusterPermissions.size() > 0) {
            xContentBuilder.field("exclude_cluster_permissions", this.excludedClusterPermissions);
        }
        if (this.excludedIndexPermissions != null && this.excludedIndexPermissions.size() > 0) {
            xContentBuilder.field("exclude_index_permissions", this.excludedIndexPermissions);
        }
        if (this.roles != null && this.roles.size() > 0) {
            xContentBuilder.field(ConfigConstants.LDAP_AUTHZ_ROLES, this.roles);
        }
        xContentBuilder.endObject();
        return xContentBuilder;
    }

    public int hashCode() {
        return (31 * ((31 * ((31 * ((31 * ((31 * ((31 * 1) + (this.clusterPermissions == null ? 0 : this.clusterPermissions.hashCode()))) + (this.excludedClusterPermissions == null ? 0 : this.excludedClusterPermissions.hashCode()))) + (this.excludedIndexPermissions == null ? 0 : this.excludedIndexPermissions.hashCode()))) + (this.indexPermissions == null ? 0 : this.indexPermissions.hashCode()))) + (this.roles == null ? 0 : this.roles.hashCode()))) + (this.tenantPermissions == null ? 0 : this.tenantPermissions.hashCode());
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        RequestedPrivileges requestedPrivileges = (RequestedPrivileges) obj;
        if (this.clusterPermissions == null) {
            if (requestedPrivileges.clusterPermissions != null) {
                return false;
            }
        } else if (!this.clusterPermissions.equals(requestedPrivileges.clusterPermissions)) {
            return false;
        }
        if (this.excludedClusterPermissions == null) {
            if (requestedPrivileges.excludedClusterPermissions != null) {
                return false;
            }
        } else if (!this.excludedClusterPermissions.equals(requestedPrivileges.excludedClusterPermissions)) {
            return false;
        }
        if (this.excludedIndexPermissions == null) {
            if (requestedPrivileges.excludedIndexPermissions != null) {
                return false;
            }
        } else if (!this.excludedIndexPermissions.equals(requestedPrivileges.excludedIndexPermissions)) {
            return false;
        }
        if (this.indexPermissions == null) {
            if (requestedPrivileges.indexPermissions != null) {
                return false;
            }
        } else if (!this.indexPermissions.equals(requestedPrivileges.indexPermissions)) {
            return false;
        }
        if (this.roles == null) {
            if (requestedPrivileges.roles != null) {
                return false;
            }
        } else if (!this.roles.equals(requestedPrivileges.roles)) {
            return false;
        }
        return this.tenantPermissions == null ? requestedPrivileges.tenantPermissions == null : this.tenantPermissions.equals(requestedPrivileges.tenantPermissions);
    }

    public String toString() {
        return "RequestedPrivileges [clusterPermissions=" + this.clusterPermissions + ", indexPermissions=" + this.indexPermissions + ", tenantPermissions=" + this.tenantPermissions + ", roles=" + this.roles + ", excludedClusterPermissions=" + this.excludedClusterPermissions + ", excludedIndexPermissions=" + this.excludedIndexPermissions + "]";
    }
}
