package com.floragunn.searchguard.dlic.rest.api;

import com.fasterxml.jackson.databind.JsonNode;
import com.floragunn.dlic.auth.ldap.util.ConfigConstants;
import com.floragunn.searchguard.DefaultObjectMapper;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateAction;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateNodeResponse;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateRequest;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateResponse;
import com.floragunn.searchguard.action.licenseinfo.LicenseInfoResponse;
import com.floragunn.searchguard.auditlog.AuditLog;
import com.floragunn.searchguard.configuration.AdminDNs;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator;
import com.floragunn.searchguard.privileges.PrivilegesEvaluator;
import com.floragunn.searchguard.sgconf.Hideable;
import com.floragunn.searchguard.sgconf.StaticDefinable;
import com.floragunn.searchguard.sgconf.StaticSgConfig;
import com.floragunn.searchguard.sgconf.impl.CType;
import com.floragunn.searchguard.sgconf.impl.Meta;
import com.floragunn.searchguard.sgconf.impl.SgDynamicConfiguration;
import com.floragunn.searchguard.ssl.transport.PrincipalExtractor;
import com.floragunn.searchguard.user.User;
import java.io.IOException;
import java.nio.file.Path;
import java.util.Arrays;
import java.util.Collections;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ExceptionsHelper;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.rest.BaseRestHandler;
import org.elasticsearch.rest.BytesRestResponse;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/AbstractApiAction.class */
public abstract class AbstractApiAction extends BaseRestHandler {
    protected final Logger log = LogManager.getLogger(getClass());
    protected final ConfigurationRepository cl;
    protected final ClusterService cs;
    final ThreadPool threadPool;
    private String searchguardIndex;
    private final RestApiPrivilegesEvaluator restApiPrivilegesEvaluator;
    protected final Boolean acceptInvalidLicense;
    protected final AuditLog auditLog;
    protected final Settings settings;
    protected final StaticSgConfig staticSgConfig;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.floragunn.searchguard.dlic.rest.api.AbstractApiAction$3, reason: invalid class name */
    /* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/AbstractApiAction$3.class */
    public static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$org$elasticsearch$rest$RestRequest$Method = new int[RestRequest.Method.values().length];

        static {
            try {
                $SwitchMap$org$elasticsearch$rest$RestRequest$Method[RestRequest.Method.DELETE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$elasticsearch$rest$RestRequest$Method[RestRequest.Method.POST.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$elasticsearch$rest$RestRequest$Method[RestRequest.Method.PUT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$elasticsearch$rest$RestRequest$Method[RestRequest.Method.GET.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/AbstractApiAction$ConfigUpdatingActionListener.class */
    public static class ConfigUpdatingActionListener<Response> implements ActionListener<Response> {
        private final Client client;
        private final ActionListener<Response> delegate;

        public ConfigUpdatingActionListener(Client client, ActionListener<Response> actionListener) {
            this.client = client;
            this.delegate = actionListener;
        }

        public void onResponse(final Response response) {
            this.client.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest((String[]) CType.lcStringValues().toArray(new String[0])), new ActionListener<ConfigUpdateResponse>() { // from class: com.floragunn.searchguard.dlic.rest.api.AbstractApiAction.ConfigUpdatingActionListener.1
                public void onResponse(ConfigUpdateResponse configUpdateResponse) {
                    if (configUpdateResponse.hasFailures()) {
                        ConfigUpdatingActionListener.this.delegate.onFailure((Exception) configUpdateResponse.failures().get(0));
                    } else {
                        ConfigUpdatingActionListener.this.delegate.onResponse(response);
                    }
                }

                public void onFailure(Exception exc) {
                    ConfigUpdatingActionListener.this.delegate.onFailure(exc);
                }
            });
        }

        public void onFailure(Exception exc) {
            this.delegate.onFailure(exc);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/AbstractApiAction$OnSucessActionListener.class */
    public abstract class OnSucessActionListener<Response> implements ActionListener<Response> {
        private final RestChannel channel;

        public OnSucessActionListener(RestChannel restChannel) {
            this.channel = restChannel;
        }

        public final void onFailure(Exception exc) {
            AbstractApiAction.this.internalErrorResponse(this.channel, "Error " + exc.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractApiAction(Settings settings, Path path, RestController restController, Client client, AdminDNs adminDNs, ConfigurationRepository configurationRepository, StaticSgConfig staticSgConfig, ClusterService clusterService, PrincipalExtractor principalExtractor, PrivilegesEvaluator privilegesEvaluator, ThreadPool threadPool, AuditLog auditLog) {
        this.settings = settings;
        this.searchguardIndex = settings.get("searchguard.config_index_name", "searchguard");
        this.acceptInvalidLicense = settings.getAsBoolean("searchguard.unsupported.restapi.accept_invalid_license", Boolean.FALSE);
        this.cl = configurationRepository;
        this.cs = clusterService;
        this.threadPool = threadPool;
        this.restApiPrivilegesEvaluator = new RestApiPrivilegesEvaluator(settings, adminDNs, privilegesEvaluator, principalExtractor, path, threadPool);
        this.auditLog = auditLog;
        this.staticSgConfig = staticSgConfig;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract AbstractConfigurationValidator getValidator(RestRequest restRequest, BytesReference bytesReference, Object... objArr);

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract String getResourceName();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract CType getConfigName();

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleApiRequest(RestChannel restChannel, RestRequest restRequest, Client client) throws IOException {
        AbstractConfigurationValidator validator = getValidator(restRequest, restRequest.content(), new Object[0]);
        if (!validator.validate()) {
            restRequest.params().clear();
            badRequestResponse(restChannel, validator);
            return;
        }
        switch (AnonymousClass3.$SwitchMap$org$elasticsearch$rest$RestRequest$Method[restRequest.method().ordinal()]) {
            case ConfigConstants.LDAPS_VERIFY_HOSTNAMES_DEFAULT /* 1 */:
                handleDelete(restChannel, restRequest, client, validator.getContentAsNode());
                return;
            case 2:
                handlePost(restChannel, restRequest, client, validator.getContentAsNode());
                return;
            case 3:
                handlePut(restChannel, restRequest, client, validator.getContentAsNode());
                return;
            case 4:
                handleGet(restChannel, restRequest, client, validator.getContentAsNode());
                return;
            default:
                badRequestResponse(restChannel, restRequest.method() + " not supported for " + getName());
                return;
        }
    }

    protected void handleDelete(final RestChannel restChannel, RestRequest restRequest, Client client, JsonNode jsonNode) throws IOException {
        final String param = restRequest.param("name");
        if (param == null || param.length() == 0) {
            badRequestResponse(restChannel, "No " + getResourceName() + " specified.");
            return;
        }
        SgDynamicConfiguration<?> load = load(getConfigName(), false);
        if (isHidden(load, param)) {
            notFound(restChannel, getResourceName() + " " + param + " not found.");
            return;
        }
        if (isReserved(load, param)) {
            forbidden(restChannel, "Resource '" + param + "' is read-only.");
            return;
        }
        boolean exists = load.exists(param);
        load.remove(param);
        if (exists) {
            saveAnUpdateConfigs(client, restRequest, getConfigName(), load, new OnSucessActionListener<IndexResponse>(restChannel) { // from class: com.floragunn.searchguard.dlic.rest.api.AbstractApiAction.1
                public void onResponse(IndexResponse indexResponse) {
                    AbstractApiAction.this.successResponse(restChannel, "'" + param + "' deleted.");
                }
            });
        } else {
            notFound(restChannel, getResourceName() + " " + param + " not found.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handlePut(final RestChannel restChannel, RestRequest restRequest, Client client, JsonNode jsonNode) throws IOException {
        final String param = restRequest.param("name");
        if (param == null || param.length() == 0) {
            badRequestResponse(restChannel, "No " + getResourceName() + " specified.");
            return;
        }
        SgDynamicConfiguration<?> load = load(getConfigName(), false);
        if (isHidden(load, param)) {
            forbidden(restChannel, "Resource '" + param + "' is not available.");
            return;
        }
        if (isReserved(load, param)) {
            forbidden(restChannel, "Resource '" + param + "' is read-only.");
            return;
        }
        if (this.log.isTraceEnabled() && jsonNode != null) {
            this.log.trace(jsonNode.toString());
        }
        final boolean exists = load.exists(param);
        load.putCObject(param, DefaultObjectMapper.readTree(jsonNode, load.getImplementingClass()));
        saveAnUpdateConfigs(client, restRequest, getConfigName(), load, new OnSucessActionListener<IndexResponse>(restChannel) { // from class: com.floragunn.searchguard.dlic.rest.api.AbstractApiAction.2
            public void onResponse(IndexResponse indexResponse) {
                if (exists) {
                    AbstractApiAction.this.successResponse(restChannel, "'" + param + "' updated.");
                } else {
                    AbstractApiAction.this.createdResponse(restChannel, "'" + param + "' created.");
                }
            }
        });
    }

    protected void handlePost(RestChannel restChannel, RestRequest restRequest, Client client, JsonNode jsonNode) throws IOException {
        notImplemented(restChannel, RestRequest.Method.POST);
    }

    protected void handleGet(RestChannel restChannel, RestRequest restRequest, Client client, JsonNode jsonNode) throws IOException {
        String param = restRequest.param("name");
        SgDynamicConfiguration<?> load = load(getConfigName(), true);
        filter(load);
        if (param == null || param.length() == 0) {
            successResponse(restChannel, load);
        } else if (!load.exists(param)) {
            notFound(restChannel, "Resource '" + param + "' not found.");
        } else {
            load.removeOthers(param);
            successResponse(restChannel, load);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final SgDynamicConfiguration<?> load(CType cType, boolean z) {
        SgDynamicConfiguration<?> deepClone = ((SgDynamicConfiguration) this.cl.getConfigurationsFromIndex(Collections.singleton(cType), z).get(cType)).deepClone();
        this.staticSgConfig.addTo(deepClone);
        return deepClone;
    }

    protected boolean ensureIndexExists() {
        return this.cs.state().getMetadata().hasConcreteIndex(this.searchguardIndex);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void filter(SgDynamicConfiguration<?> sgDynamicConfiguration) {
        sgDynamicConfiguration.removeHidden();
        sgDynamicConfiguration.set_sg_meta((Meta) null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void saveAnUpdateConfigs(Client client, RestRequest restRequest, CType cType, SgDynamicConfiguration<?> sgDynamicConfiguration, OnSucessActionListener<IndexResponse> onSucessActionListener) {
        IndexRequest indexRequest = new IndexRequest(this.searchguardIndex);
        String lCString = cType.toLCString();
        sgDynamicConfiguration.removeStatic();
        try {
            client.index(indexRequest.id(lCString).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).setIfSeqNo(sgDynamicConfiguration.getSeqNo()).setIfPrimaryTerm(sgDynamicConfiguration.getPrimaryTerm()).source(new Object[]{lCString, XContentHelper.toXContent(sgDynamicConfiguration, XContentType.JSON, false)}), new ConfigUpdatingActionListener(client, onSucessActionListener));
        } catch (IOException e) {
            throw ExceptionsHelper.convertToElastic(e);
        }
    }

    protected final BaseRestHandler.RestChannelConsumer prepareRequest(RestRequest restRequest, NodeClient nodeClient) throws IOException {
        consumeParameters(restRequest);
        if (!ensureIndexExists()) {
            return restChannel -> {
                internalErrorResponse(restChannel, AbstractConfigurationValidator.ErrorType.SG_NOT_INITIALIZED.getMessage());
            };
        }
        String checkAccessPermissions = this.restApiPrivilegesEvaluator.checkAccessPermissions(restRequest, getEndpoint());
        if (checkAccessPermissions == null) {
            Object obj = this.threadPool.getThreadContext().getTransient("_sg_user");
            Object obj2 = this.threadPool.getThreadContext().getTransient("_sg_remote_address");
            Object obj3 = this.threadPool.getThreadContext().getTransient("_sg_origin");
            return restChannel2 -> {
                this.threadPool.generic().submit(() -> {
                    try {
                        ThreadContext.StoredContext stashContext = this.threadPool.getThreadContext().stashContext();
                        try {
                            this.threadPool.getThreadContext().putHeader("_sg_conf_request", "true");
                            this.threadPool.getThreadContext().putTransient("_sg_user", obj);
                            this.threadPool.getThreadContext().putTransient("_sg_remote_address", obj2);
                            this.threadPool.getThreadContext().putTransient("_sg_origin", obj3);
                            handleApiRequest(restChannel2, restRequest, nodeClient);
                            if (stashContext != null) {
                                stashContext.close();
                            }
                        } finally {
                        }
                    } catch (Exception e) {
                        this.log.error("Error while processing request " + restRequest, e);
                        internalErrorResponse(restChannel2, "Error while processing request: " + e);
                    }
                });
            };
        }
        this.log.error("No permission to access REST API: " + checkAccessPermissions);
        User user = (User) this.threadPool.getThreadContext().getTransient("_sg_user");
        this.auditLog.logMissingPrivileges(checkAccessPermissions, user == null ? null : user.getName(), restRequest);
        restRequest.params().clear();
        return restChannel3 -> {
            forbidden(restChannel3, "No permission to access REST API: " + checkAccessPermissions);
        };
    }

    protected boolean checkConfigUpdateResponse(ConfigUpdateResponse configUpdateResponse) {
        int size = this.cs.state().getNodes().getNodes().size();
        boolean z = configUpdateResponse.getNodes().size() == size;
        if (!z) {
            this.log.error("Expected " + size + " nodes to return response, but got only " + configUpdateResponse.getNodes().size());
        }
        for (String str : configUpdateResponse.getNodesMap().keySet()) {
            ConfigUpdateNodeResponse configUpdateNodeResponse = (ConfigUpdateNodeResponse) configUpdateResponse.getNodesMap().get(str);
            boolean z2 = configUpdateNodeResponse.getUpdatedConfigTypes() != null && configUpdateNodeResponse.getUpdatedConfigTypes().length == 1;
            if (!z2) {
                this.log.error("Expected 1 config types for node " + str + " but got only " + Arrays.toString(configUpdateNodeResponse.getUpdatedConfigTypes()));
            }
            z = z && z2;
        }
        return z;
    }

    protected static XContentBuilder convertToJson(RestChannel restChannel, ToXContent toXContent) {
        try {
            XContentBuilder newBuilder = restChannel.newBuilder();
            toXContent.toXContent(newBuilder, ToXContent.EMPTY_PARAMS);
            return newBuilder;
        } catch (IOException e) {
            throw ExceptionsHelper.convertToElastic(e);
        }
    }

    protected void response(RestChannel restChannel, RestStatus restStatus, String str) {
        try {
            XContentBuilder newBuilder = restChannel.newBuilder();
            newBuilder.startObject();
            newBuilder.field("status", restStatus.name());
            newBuilder.field("message", str);
            newBuilder.endObject();
            restChannel.sendResponse(new BytesRestResponse(restStatus, newBuilder));
        } catch (IOException e) {
            throw ExceptionsHelper.convertToElastic(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void successResponse(RestChannel restChannel, SgDynamicConfiguration<?> sgDynamicConfiguration) {
        restChannel.sendResponse(new BytesRestResponse(RestStatus.OK, convertToJson(restChannel, sgDynamicConfiguration)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void successResponse(RestChannel restChannel, LicenseInfoResponse licenseInfoResponse) {
        try {
            XContentBuilder newBuilder = restChannel.newBuilder();
            newBuilder.startObject();
            licenseInfoResponse.toXContent(newBuilder, ToXContent.EMPTY_PARAMS);
            newBuilder.endObject();
            if (this.log.isDebugEnabled()) {
                this.log.debug("Successfully fetched license " + licenseInfoResponse.toString());
            }
            restChannel.sendResponse(new BytesRestResponse(RestStatus.OK, newBuilder));
        } catch (IOException e) {
            internalErrorResponse(restChannel, "Unable to fetch license: " + e.getMessage());
            this.log.error("Cannot fetch convert license to XContent due to", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void badRequestResponse(RestChannel restChannel, AbstractConfigurationValidator abstractConfigurationValidator) {
        restChannel.sendResponse(new BytesRestResponse(RestStatus.BAD_REQUEST, abstractConfigurationValidator.errorsAsXContent(restChannel)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void successResponse(RestChannel restChannel, String str) {
        response(restChannel, RestStatus.OK, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createdResponse(RestChannel restChannel, String str) {
        response(restChannel, RestStatus.CREATED, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void badRequestResponse(RestChannel restChannel, String str) {
        response(restChannel, RestStatus.BAD_REQUEST, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void notFound(RestChannel restChannel, String str) {
        response(restChannel, RestStatus.NOT_FOUND, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void forbidden(RestChannel restChannel, String str) {
        response(restChannel, RestStatus.FORBIDDEN, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void internalErrorResponse(RestChannel restChannel, String str) {
        response(restChannel, RestStatus.INTERNAL_SERVER_ERROR, str);
    }

    protected void unprocessable(RestChannel restChannel, String str) {
        response(restChannel, RestStatus.UNPROCESSABLE_ENTITY, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void notImplemented(RestChannel restChannel, RestRequest.Method method) {
        response(restChannel, RestStatus.NOT_IMPLEMENTED, "Method " + method.name() + " not supported for this action.");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean isReserved(SgDynamicConfiguration<?> sgDynamicConfiguration, String str) {
        if (isStatic(sgDynamicConfiguration, str)) {
            return true;
        }
        Object cEntry = sgDynamicConfiguration.getCEntry(str);
        return cEntry != null && (cEntry instanceof Hideable) && ((Hideable) cEntry).isReserved();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean isHidden(SgDynamicConfiguration<?> sgDynamicConfiguration, String str) {
        Object cEntry = sgDynamicConfiguration.getCEntry(str);
        return cEntry != null && (cEntry instanceof Hideable) && ((Hideable) cEntry).isHidden();
    }

    protected final boolean isStatic(SgDynamicConfiguration<?> sgDynamicConfiguration, String str) {
        Object cEntry = sgDynamicConfiguration.getCEntry(str);
        return cEntry != null && (cEntry instanceof StaticDefinable) && ((StaticDefinable) cEntry).isStatic();
    }

    protected void consumeParameters(RestRequest restRequest) {
        restRequest.param("name");
    }

    public String getName() {
        return getClass().getSimpleName();
    }

    protected abstract Endpoint getEndpoint();
}
