package com.floragunn.searchguard.sgconf;

import com.floragunn.searchguard.auth.AuthFailureListener;
import com.floragunn.searchguard.auth.AuthenticationDomain;
import com.floragunn.searchguard.auth.AuthorizationDomain;
import com.floragunn.searchguard.auth.Destroyable;
import com.floragunn.searchguard.auth.HTTPAuthenticator;
import com.floragunn.searchguard.auth.api.AuthenticationBackend;
import com.floragunn.searchguard.auth.api.AuthorizationBackend;
import com.floragunn.searchguard.auth.blocking.ClientBlockRegistry;
import com.floragunn.searchguard.modules.SearchGuardModulesRegistry;
import com.floragunn.searchguard.modules.state.ComponentState;
import com.floragunn.searchguard.sgconf.impl.v6.ConfigV6;
import com.google.common.base.Strings;
import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.Multimap;
import com.google.common.collect.Multimaps;
import java.net.InetAddress;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xcontent.XContentType;

@Deprecated
/* loaded from: input_file:com/floragunn/searchguard/sgconf/DynamicConfigModelV6.class */
public class DynamicConfigModelV6 extends DynamicConfigModel {
    private final ConfigV6 config;
    private final Settings esSettings;
    private final Path configPath;
    private SortedSet<AuthenticationDomain> restAuthenticationDomains;
    private SortedSet<AuthenticationDomain> transportAuthenticationDomains;
    private Set<AuthorizationDomain> restAuthorizationDomains;
    private Set<AuthorizationDomain> transportAuthorizationDomains;
    private List<Destroyable> destroyableComponents;
    private final SearchGuardModulesRegistry modulesRegistry;
    private List<AuthFailureListener> ipAuthFailureListeners;
    private Multimap<String, AuthFailureListener> authBackendFailureListeners;
    private List<ClientBlockRegistry<InetAddress>> ipClientBlockRegistries;
    private Multimap<String, ClientBlockRegistry<String>> authBackendClientBlockRegistries;
    private final ComponentState componentState = new ComponentState(2, null, "sg_config", DynamicConfigModelV7.class);

    public DynamicConfigModelV6(ConfigV6 configV6, Settings settings, Path path, SearchGuardModulesRegistry searchGuardModulesRegistry) {
        this.config = configV6;
        this.esSettings = settings;
        this.configPath = path;
        this.modulesRegistry = searchGuardModulesRegistry;
        buildAAA();
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public SortedSet<AuthenticationDomain> getRestAuthenticationDomains() {
        return Collections.unmodifiableSortedSet(this.restAuthenticationDomains);
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public Set<AuthorizationDomain> getRestAuthorizationDomains() {
        return Collections.unmodifiableSet(this.restAuthorizationDomains);
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public SortedSet<AuthenticationDomain> getTransportAuthenticationDomains() {
        return Collections.unmodifiableSortedSet(this.transportAuthenticationDomains);
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public Set<AuthorizationDomain> getTransportAuthorizationDomains() {
        return Collections.unmodifiableSet(this.transportAuthorizationDomains);
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public String getTransportUsernameAttribute() {
        return this.config.dynamic.transport_userrname_attribute;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public boolean isAnonymousAuthenticationEnabled() {
        return this.config.dynamic.http.anonymous_auth_enabled;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public boolean isXffEnabled() {
        return this.config.dynamic.http.xff.enabled;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public String getInternalProxies() {
        return this.config.dynamic.http.xff.internalProxies;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public String getRemoteIpHeader() {
        return this.config.dynamic.http.xff.remoteIpHeader;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public String getFieldAnonymizationSalt2() {
        return null;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public boolean isRestAuthDisabled() {
        return this.config.dynamic.disable_rest_auth;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public boolean isInterTransportAuthDisabled() {
        return this.config.dynamic.disable_intertransport_auth;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public boolean isRespectRequestIndicesEnabled() {
        return this.config.dynamic.respect_request_indices_options;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public String getKibanaServerUsername() {
        return this.config.dynamic.kibana.server_username;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public String getKibanaIndexname() {
        return this.config.dynamic.kibana.index;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public boolean isKibanaMultitenancyEnabled() {
        return this.config.dynamic.kibana.multitenancy_enabled;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public boolean isDnfofEnabled() {
        return this.config.dynamic.do_not_fail_on_forbidden || this.config.dynamic.kibana.do_not_fail_on_forbidden;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public boolean isMultiRolespanEnabled() {
        return this.config.dynamic.multi_rolespan_enabled;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public String getFilteredAliasMode() {
        return this.config.dynamic.filtered_alias_mode;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public boolean isDnfofForEmptyResultsEnabled() {
        return this.config.dynamic.do_not_fail_on_forbidden_empty;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public String getHostsResolverMode() {
        return this.config.dynamic.hosts_resolver_mode;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public List<AuthFailureListener> getIpAuthFailureListeners() {
        return Collections.unmodifiableList(this.ipAuthFailureListeners);
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public Multimap<String, AuthFailureListener> getAuthBackendFailureListeners() {
        return Multimaps.unmodifiableMultimap(this.authBackendFailureListeners);
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public List<ClientBlockRegistry<InetAddress>> getIpClientBlockRegistries() {
        return Collections.unmodifiableList(this.ipClientBlockRegistries);
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public Multimap<String, ClientBlockRegistry<String>> getAuthBackendClientBlockRegistries() {
        return Multimaps.unmodifiableMultimap(this.authBackendClientBlockRegistries);
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public boolean isKibanaRbacEnabled() {
        return false;
    }

    @Override // com.floragunn.searchguard.sgconf.DynamicConfigModel
    public Map<String, Object> getAuthTokenProviderConfig() {
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r4v2, types: [com.floragunn.searchguard.auth.HTTPAuthenticator] */
    private void buildAAA() {
        TreeSet treeSet = new TreeSet();
        TreeSet treeSet2 = new TreeSet();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        LinkedList linkedList = new LinkedList();
        ArrayList arrayList = new ArrayList();
        ArrayListMultimap create = ArrayListMultimap.create();
        ArrayList arrayList2 = new ArrayList();
        ArrayListMultimap create2 = ArrayListMultimap.create();
        for (Map.Entry<String, ConfigV6.AuthzDomain> entry : this.config.dynamic.authz.getDomains().entrySet()) {
            boolean z = entry.getValue().enabled;
            boolean z2 = z && entry.getValue().http_enabled;
            boolean z3 = z && entry.getValue().transport_enabled;
            if (z2 || z3) {
                try {
                    AuthorizationBackend searchGuardComponentRegistry = this.modulesRegistry.getAuthorizationBackends().getInstance(entry.getValue().authorization_backend.type, Settings.builder().put(this.esSettings).put(Settings.builder().loadFromSource(entry.getValue().authorization_backend.configAsJson(), XContentType.JSON).build()).build(), this.configPath);
                    List<String> list = entry.getValue().skipped_users;
                    if (z2) {
                        hashSet.add(new AuthorizationDomain(searchGuardComponentRegistry, list));
                    }
                    if (z3) {
                        hashSet2.add(new AuthorizationDomain(searchGuardComponentRegistry, list));
                    }
                    if (searchGuardComponentRegistry instanceof Destroyable) {
                        linkedList.add((Destroyable) searchGuardComponentRegistry);
                    }
                } catch (Exception e) {
                    this.log.error("Unable to initialize AuthorizationBackend {} due to {}", entry, e.toString(), e);
                }
            }
        }
        for (Map.Entry<String, ConfigV6.AuthcDomain> entry2 : this.config.dynamic.authc.getDomains().entrySet()) {
            boolean z4 = entry2.getValue().enabled;
            boolean z5 = z4 && entry2.getValue().http_enabled;
            boolean z6 = z4 && entry2.getValue().transport_enabled;
            if (z5 || z6) {
                try {
                    AuthenticationBackend searchGuardComponentRegistry2 = this.modulesRegistry.getAuthenticationBackends().getInstance(entry2.getValue().authentication_backend.type, Settings.builder().put(this.esSettings).put(Settings.builder().loadFromSource(entry2.getValue().authentication_backend.configAsJson(), XContentType.JSON).build()).build(), this.configPath);
                    String str = entry2.getValue().http_authenticator.type;
                    Object obj = str != null ? (HTTPAuthenticator) this.modulesRegistry.getHttpAuthenticators().getInstance(str, Settings.builder().put(this.esSettings).put(Settings.builder().loadFromSource(entry2.getValue().http_authenticator.configAsJson(), XContentType.JSON).build()).build(), this.configPath) : null;
                    AuthenticationDomain authenticationDomain = new AuthenticationDomain(entry2.getKey(), searchGuardComponentRegistry2, obj, entry2.getValue().http_authenticator.challenge, entry2.getValue().order, entry2.getValue().skip_users, null);
                    if (z5 && authenticationDomain.getHttpAuthenticator() != null) {
                        treeSet.add(authenticationDomain);
                    }
                    if (z6) {
                        treeSet2.add(authenticationDomain);
                    }
                    if (obj instanceof Destroyable) {
                        linkedList.add((Destroyable) obj);
                    }
                    if (searchGuardComponentRegistry2 instanceof Destroyable) {
                        linkedList.add((Destroyable) searchGuardComponentRegistry2);
                    }
                } catch (Exception e2) {
                    this.log.error("Unable to initialize auth domain {} due to {}", entry2, e2.toString(), e2);
                }
            }
        }
        List<Destroyable> list2 = this.destroyableComponents;
        this.restAuthenticationDomains = Collections.unmodifiableSortedSet(treeSet);
        this.transportAuthenticationDomains = Collections.unmodifiableSortedSet(treeSet2);
        this.restAuthorizationDomains = Collections.unmodifiableSet(hashSet);
        this.transportAuthorizationDomains = Collections.unmodifiableSet(hashSet2);
        this.destroyableComponents = Collections.unmodifiableList(linkedList);
        if (list2 != null) {
            destroyDestroyables(list2);
        }
        createAuthFailureListeners(arrayList, create, arrayList2, create2, linkedList);
        this.ipAuthFailureListeners = Collections.unmodifiableList(arrayList);
        this.ipClientBlockRegistries = Collections.unmodifiableList(arrayList2);
        this.authBackendClientBlockRegistries = Multimaps.unmodifiableMultimap(create2);
        this.authBackendFailureListeners = Multimaps.unmodifiableMultimap(create);
        this.componentState.setInitialized();
    }

    private void destroyDestroyables(List<Destroyable> list) {
        for (Destroyable destroyable : list) {
            try {
                destroyable.destroy();
            } catch (Exception e) {
                this.log.error("Error while destroying " + destroyable, e);
            }
        }
    }

    private void createAuthFailureListeners(List<AuthFailureListener> list, Multimap<String, AuthFailureListener> multimap, List<ClientBlockRegistry<InetAddress>> list2, Multimap<String, ClientBlockRegistry<String>> multimap2, List<Destroyable> list3) {
        for (Map.Entry<String, ConfigV6.AuthFailureListener> entry : this.config.dynamic.auth_failure_listeners.getListeners().entrySet()) {
            Settings build = Settings.builder().put(this.esSettings).put(Settings.builder().loadFromSource(entry.getValue().asJson(), XContentType.JSON).build()).build();
            String str = entry.getValue().type;
            String str2 = entry.getValue().authentication_backend;
            AuthFailureListener searchGuardComponentRegistry = this.modulesRegistry.getAuthFailureListeners().getInstance(str, build, this.configPath);
            if (Strings.isNullOrEmpty(str2)) {
                list.add(searchGuardComponentRegistry);
                if (searchGuardComponentRegistry instanceof ClientBlockRegistry) {
                    if (InetAddress.class.isAssignableFrom(((ClientBlockRegistry) searchGuardComponentRegistry).getClientIdType())) {
                        list2.add((ClientBlockRegistry) searchGuardComponentRegistry);
                    } else {
                        this.log.error("Illegal ClientIdType for AuthFailureListener" + entry.getKey() + ": " + ((ClientBlockRegistry) searchGuardComponentRegistry).getClientIdType() + "; must be InetAddress.");
                    }
                }
            } else {
                String className = this.modulesRegistry.getAuthenticationBackends().getClassName(str2);
                multimap.put(className, searchGuardComponentRegistry);
                if (searchGuardComponentRegistry instanceof ClientBlockRegistry) {
                    if (String.class.isAssignableFrom(((ClientBlockRegistry) searchGuardComponentRegistry).getClientIdType())) {
                        multimap2.put(className, (ClientBlockRegistry) searchGuardComponentRegistry);
                    } else {
                        this.log.error("Illegal ClientIdType for AuthFailureListener" + entry.getKey() + ": " + ((ClientBlockRegistry) searchGuardComponentRegistry).getClientIdType() + "; must be InetAddress.");
                    }
                }
            }
            if (searchGuardComponentRegistry instanceof Destroyable) {
                list3.add((Destroyable) searchGuardComponentRegistry);
            }
        }
    }

    @Override // com.floragunn.searchguard.modules.state.ComponentStateProvider
    public ComponentState getComponentState() {
        return this.componentState;
    }
}
