package com.floragunn.searchguard.user;

import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonParser;
import com.floragunn.searchsupport.json.BasicJsonReader;
import com.floragunn.searchsupport.json.BasicJsonWriter;
import com.google.common.base.Joiner;
import com.google.common.collect.Iterables;
import com.jayway.jsonpath.Configuration;
import com.jayway.jsonpath.InvalidPathException;
import com.jayway.jsonpath.JsonPath;
import com.jayway.jsonpath.Option;
import com.jayway.jsonpath.Predicate;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.common.settings.Settings;

/* loaded from: input_file:com/floragunn/searchguard/user/UserAttributes.class */
public class UserAttributes {
    private static final Logger log = LogManager.getLogger(UserAttributes.class);
    private static final JsonFactory JSON_FACTORY = new JsonFactory();
    private static final Configuration JSON_PATH_CONFIG = Configuration.defaultConfiguration().setOptions(new Option[]{Option.SUPPRESS_EXCEPTIONS});

    /* loaded from: input_file:com/floragunn/searchguard/user/UserAttributes$StringAttributeInterpolator.class */
    static class StringAttributeInterpolator {
        private final String string;
        private final User user;
        private int i = 0;

        StringAttributeInterpolator(String str, User user) {
            this.string = str;
            this.user = user;
        }

        String process() throws StringInterpolationException {
            StringBuilder sb = new StringBuilder();
            while (true) {
                int indexOf = this.string.indexOf("${", this.i);
                if (indexOf == -1) {
                    break;
                }
                sb.append(this.string.substring(this.i, indexOf));
                this.i = indexOf;
                sb.append(processAttribute());
            }
            if (this.i < this.string.length()) {
                sb.append(this.string.substring(this.i));
            }
            return sb.toString();
        }

        private String processAttribute() throws StringInterpolationException {
            int i = this.i;
            String readAttributeName = readAttributeName(i);
            Object attributeValue = getAttributeValue(readAttributeName, i);
            skipSpaces();
            while (this.i < this.string.length()) {
                char charAt = this.string.charAt(this.i);
                char charAt2 = this.i < this.string.length() - 1 ? this.string.charAt(this.i + 1) : (char) 0;
                if (charAt == '|') {
                    this.i++;
                    skipSpaces();
                    attributeValue = evaluateFunction(readFunctionName(i), attributeValue, this.i);
                } else if (charAt == '?' && charAt2 == ':') {
                    this.i += 2;
                    skipSpaces();
                    Object readJson = readJson(this.i);
                    if (attributeValue == null) {
                        attributeValue = readJson;
                    }
                } else if (charAt == ':' && charAt2 == '-') {
                    this.i += 2;
                    int indexOf = this.string.indexOf(125, this.i);
                    if (indexOf == -1) {
                        throw new StringInterpolationException("Unclosed attribute at " + i + ":\n" + this.string);
                    }
                    String substring = this.string.substring(this.i, indexOf);
                    if (attributeValue == null) {
                        attributeValue = substring;
                    }
                    this.i = indexOf;
                } else {
                    if (charAt == '}') {
                        this.i++;
                        if (attributeValue == null) {
                            throw new StringInterpolationException("No value set for " + readAttributeName);
                        }
                        if (attributeValue instanceof Collection) {
                            attributeValue = UserAttributes.toQuotedCommaSeparatedString((Collection) attributeValue);
                        } else if (!(attributeValue instanceof String)) {
                            attributeValue = attributeValue.toString();
                        }
                        return (String) attributeValue;
                    }
                    if (!Character.isWhitespace(charAt)) {
                        throw new StringInterpolationException("Unexpected character " + charAt + " at " + this.i + ":\n" + this.string);
                    }
                    skipSpaces();
                }
            }
            throw new StringInterpolationException("Unclosed attribute at " + i + ":\n" + this.string);
        }

        private String readAttributeName(int i) throws StringInterpolationException {
            this.i += 2;
            while (this.i < this.string.length()) {
                char charAt = this.string.charAt(this.i);
                if (!Character.isLetter(charAt) && !Character.isDigit(charAt) && charAt != '.' && charAt != '_') {
                    return this.string.substring(i + 2, this.i);
                }
                this.i++;
            }
            throw new StringInterpolationException("Unclosed attribute at " + i + ":\n" + this.string);
        }

        private String readFunctionName(int i) throws StringInterpolationException {
            int i2 = this.i;
            this.i += 2;
            while (this.i < this.string.length()) {
                if (!Character.isLetter(this.string.charAt(this.i))) {
                    return this.string.substring(i2, this.i);
                }
                this.i++;
            }
            throw new StringInterpolationException("Unclosed attribute at " + i + ":\n" + this.string);
        }

        private Object evaluateFunction(String str, Object obj, int i) throws StringInterpolationException {
            if (obj != null) {
                if (str.equals("toString")) {
                    obj = obj.toString();
                } else if (str.equals("toJson")) {
                    obj = BasicJsonWriter.writeAsString(obj);
                } else if (str.equals("toList")) {
                    if (!(obj instanceof Collection)) {
                        obj = Collections.singletonList(obj);
                    }
                } else if (str.equals("head")) {
                    if (obj instanceof Collection) {
                        obj = Iterables.getFirst((Collection) obj, (Object) null);
                    }
                } else if (str.equals("tail")) {
                    obj = obj instanceof Collection ? UserAttributes.tail((Collection) obj) : Collections.emptyList();
                } else {
                    if (!str.equals("toRegexFragment")) {
                        throw new StringInterpolationException("Unsupported operation " + str + " in string template at index " + i + ": " + this.string);
                    }
                    obj = toRegexFragment(obj);
                }
            }
            return obj;
        }

        private Object getAttributeValue(String str, int i) throws StringInterpolationException {
            if (str.equals("user.name") || str.equals("user_name")) {
                return this.user.getName();
            }
            if (str.equals("user.roles") || str.equals("user_roles")) {
                return this.user.getRoles();
            }
            if (str.equals("user.attrs")) {
                return this.user.getStructuredAttributes();
            }
            if (str.startsWith("user.attrs.")) {
                return this.user.getStructuredAttributes().get(str.substring("user.attrs.".length()));
            }
            if (!str.startsWith("attr.") && !str.startsWith("_")) {
                throw new StringInterpolationException("Invalid attribute name " + str + " at index " + i + ": " + this.string);
            }
            UserAttributes.log.warn("The attribute ${" + str + "} could not be mapped to a value. For backwards compatibility, the resulting string will contain the unmapped attribute unchanged. You should consider changing the configuration to the new Search Guard user attributes which provide default values for this case. The old attribute syntax will be removed in a future major Search Guard release.\nComplete String: " + this.string + "\nAvailable attributes: " + this.user.getCustomAttributesMap().keySet());
            return "${" + str + "}";
        }

        private void skipSpaces() {
            while (this.i < this.string.length() && Character.isSpaceChar(this.string.charAt(this.i))) {
                this.i++;
            }
        }

        private Object readJson(int i) throws StringInterpolationException {
            try {
                JsonParser createParser = UserAttributes.JSON_FACTORY.createParser(this.string.substring(i));
                Object read = BasicJsonReader.read(createParser);
                this.i = i + ((int) createParser.getTokenLocation().getCharOffset()) + createParser.getLastClearedToken().asString().length();
                if (UserAttributes.log.isTraceEnabled()) {
                    UserAttributes.log.trace("readJson " + i + " => " + this.i + ": " + read);
                }
                return read;
            } catch (IOException e) {
                throw new StringInterpolationException("Invalid JSON block at " + i + ": " + this.string, e);
            }
        }

        private String toRegexFragment(Object obj) {
            if (obj == null) {
                return null;
            }
            if (!(obj instanceof Collection)) {
                return "(" + Pattern.quote(obj.toString()) + ")";
            }
            StringBuilder sb = new StringBuilder("(");
            boolean z = true;
            for (Object obj2 : (Collection) obj) {
                if (obj2 != null) {
                    if (z) {
                        z = false;
                    } else {
                        sb.append("|");
                    }
                    sb.append(Pattern.quote(obj2.toString()));
                }
            }
            sb.append(")");
            return sb.toString();
        }
    }

    public static Map<String, JsonPath> getAttributeMapping(Settings settings) {
        HashMap hashMap = new HashMap();
        if (settings == null) {
            return hashMap;
        }
        for (String str : settings.keySet()) {
            try {
                hashMap.put(str, JsonPath.compile(settings.get(str), new Predicate[0]));
            } catch (InvalidPathException e) {
                log.error("Error in configuration: Invalid JSON path supplied for " + str, e);
            }
        }
        return hashMap;
    }

    public static Map<String, String> getFlatAttributeMapping(Settings settings) {
        HashMap hashMap = new HashMap();
        if (settings == null) {
            return hashMap;
        }
        for (String str : settings.keySet()) {
            hashMap.put(str, settings.get(str));
        }
        return hashMap;
    }

    public static String replaceAttributes(String str, User user) throws StringInterpolationException {
        return new StringAttributeInterpolator(str, user).process();
    }

    public static void validate(Object obj) {
        validate(obj, 0);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addAttributesByJsonPath(Map<String, JsonPath> map, Object obj, Map<String, Object> map2) {
        for (Map.Entry<String, JsonPath> entry : map.entrySet()) {
            Object read = JsonPath.using(JSON_PATH_CONFIG).parse(obj).read(entry.getValue());
            try {
                validate(read);
                map2.put(entry.getKey(), read);
            } catch (IllegalArgumentException e) {
                throw new ElasticsearchSecurityException("Error while initializing user attributes. Mapping for " + entry.getKey() + " produced invalid values:\n" + e.getMessage(), e, new Object[0]);
            }
        }
    }

    private static void validate(Object obj, int i) {
        if (i > 10) {
            throw new IllegalArgumentException("Value exceeds max allowed nesting (or the value contains loops)");
        }
        if (obj == null || (obj instanceof String) || (obj instanceof Number) || (obj instanceof Boolean) || (obj instanceof Character)) {
            return;
        }
        if (obj instanceof Collection) {
            Iterator it = ((Collection) obj).iterator();
            while (it.hasNext()) {
                validate(it.next(), i + 1);
            }
        } else {
            if (!(obj instanceof Map)) {
                throw new IllegalArgumentException("Illegal value type. In user attributes the only allowed types are: String, Number, Boolean, Character, Collection, Map. Got: " + obj);
            }
            for (Map.Entry entry : ((Map) obj).entrySet()) {
                validate(entry.getKey(), i + 1);
                validate(entry.getValue(), i + 1);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String toQuotedCommaSeparatedString(Collection<?> collection) {
        return Joiner.on(',').join(Iterables.transform(collection, obj -> {
            return '\"' + String.valueOf(obj).replaceAll("\"", "\\\"") + '\"';
        }));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static List<?> tail(Collection<?> collection) {
        if (collection.size() <= 1) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(collection.size() - 1);
        Iterator<?> it = collection.iterator();
        it.next();
        while (it.hasNext()) {
            arrayList.add(it.next());
        }
        return arrayList;
    }
}
