package com.floragunn.searchguard.dlic.rest.validation;

import com.floragunn.dlic.auth.ldap.util.ConfigConstants;
import com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator;
import com.floragunn.searchguard.ssl.util.Utils;
import java.util.Map;
import java.util.regex.Pattern;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.compress.NotXContentException;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.rest.RestRequest;

/* loaded from: input_file:com/floragunn/searchguard/dlic/rest/validation/InternalUsersValidator.class */
public class InternalUsersValidator extends AbstractConfigurationValidator {
    public InternalUsersValidator(RestRequest restRequest, BytesReference bytesReference, Settings settings, Object... objArr) {
        super(restRequest, bytesReference, settings, objArr);
        this.payloadMandatory = true;
        this.allowedKeys.put("hash", AbstractConfigurationValidator.DataType.STRING);
        this.allowedKeys.put(ConfigConstants.LDAP_PASSWORD, AbstractConfigurationValidator.DataType.STRING);
        this.allowedKeys.put("backend_roles", AbstractConfigurationValidator.DataType.ARRAY);
        this.allowedKeys.put("attributes", AbstractConfigurationValidator.DataType.OBJECT);
        this.allowedKeys.put("description", AbstractConfigurationValidator.DataType.STRING);
        this.allowedKeys.put("search_guard_roles", AbstractConfigurationValidator.DataType.ARRAY);
    }

    @Override // com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator
    public boolean validate() {
        if (!super.validate()) {
            return false;
        }
        String str = this.esSettings.get("searchguard.restapi.password_validation_regex", (String) null);
        if ((this.request.method() != RestRequest.Method.PUT && this.request.method() != RestRequest.Method.PATCH) || str == null || str.isEmpty() || this.content == null || this.content.length() <= 1) {
            return true;
        }
        try {
            Map map = (Map) XContentHelper.convertToMap(this.content, false, XContentType.JSON).v2();
            if (map == null || !map.containsKey(ConfigConstants.LDAP_PASSWORD)) {
                return true;
            }
            String str2 = (String) map.get(ConfigConstants.LDAP_PASSWORD);
            if (str2 == null || str2.isEmpty()) {
                if (!this.log.isDebugEnabled()) {
                    return false;
                }
                this.log.debug("Unable to validate password because no password is given");
                return false;
            }
            if (!str.isEmpty() && !Pattern.compile("^" + str + "$").matcher(str2).matches()) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Regex does not match password");
                }
                this.errorType = AbstractConfigurationValidator.ErrorType.INVALID_PASSWORD;
                return false;
            }
            String param = this.request.param("name");
            String[] strArr = new String[1];
            strArr[0] = hasParams() ? (String) this.param[0] : null;
            String str3 = (String) Utils.coalesce(param, strArr);
            if (str3 == null || str3.isEmpty()) {
                if (!this.log.isDebugEnabled()) {
                    return false;
                }
                this.log.debug("Unable to validate username because no user is given");
                return false;
            }
            if (!str3.toLowerCase().equals(str2.toLowerCase())) {
                return true;
            }
            if (this.log.isDebugEnabled()) {
                this.log.debug("Username must not match password");
            }
            this.errorType = AbstractConfigurationValidator.ErrorType.INVALID_PASSWORD;
            return false;
        } catch (NotXContentException e) {
            this.log.error("Invalid xContent: " + e, e);
            return false;
        }
    }
}
