package org.elasticsearch.entitlement.runtime.policy;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.module.ModuleFinder;
import java.lang.runtime.ObjectMethods;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.elasticsearch.core.Strings;
import org.elasticsearch.entitlement.runtime.policy.entitlements.Entitlement;
import org.elasticsearch.entitlement.runtime.policy.entitlements.FilesEntitlement;
import org.elasticsearch.entitlement.runtime.policy.entitlements.WriteSystemPropertiesEntitlement;
import org.elasticsearch.logging.LogManager;
import org.elasticsearch.logging.Logger;

/* loaded from: input_file:org/elasticsearch/entitlement/runtime/policy/PolicyUtils.class */
public class PolicyUtils {
    private static final Logger logger = LogManager.getLogger(PolicyUtils.class);
    public static final String POLICY_FILE_NAME = "entitlement-policy.yaml";

    /* loaded from: input_file:org/elasticsearch/entitlement/runtime/policy/PolicyUtils$PluginData.class */
    public static final class PluginData extends Record {
        private final Path pluginPath;
        private final boolean isModular;
        private final boolean isExternalPlugin;

        public PluginData(Path path, boolean z, boolean z2) {
            Objects.requireNonNull(path);
            this.pluginPath = path;
            this.isModular = z;
            this.isExternalPlugin = z2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, PluginData.class), PluginData.class, "pluginPath;isModular;isExternalPlugin", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/PolicyUtils$PluginData;->pluginPath:Ljava/nio/file/Path;", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/PolicyUtils$PluginData;->isModular:Z", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/PolicyUtils$PluginData;->isExternalPlugin:Z").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, PluginData.class), PluginData.class, "pluginPath;isModular;isExternalPlugin", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/PolicyUtils$PluginData;->pluginPath:Ljava/nio/file/Path;", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/PolicyUtils$PluginData;->isModular:Z", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/PolicyUtils$PluginData;->isExternalPlugin:Z").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, PluginData.class, Object.class), PluginData.class, "pluginPath;isModular;isExternalPlugin", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/PolicyUtils$PluginData;->pluginPath:Ljava/nio/file/Path;", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/PolicyUtils$PluginData;->isModular:Z", "FIELD:Lorg/elasticsearch/entitlement/runtime/policy/PolicyUtils$PluginData;->isExternalPlugin:Z").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public Path pluginPath() {
            return this.pluginPath;
        }

        public boolean isModular() {
            return this.isModular;
        }

        public boolean isExternalPlugin() {
            return this.isExternalPlugin;
        }
    }

    public static Map<String, Policy> createPluginPolicies(Collection<PluginData> collection, Map<String, String> map, String str) throws IOException {
        HashMap hashMap = new HashMap(collection.size());
        for (PluginData pluginData : collection) {
            Path pluginPath = pluginData.pluginPath();
            String path = pluginPath.getFileName().toString();
            Set<String> moduleNames = getModuleNames(pluginPath, pluginData.isModular());
            Policy parseEncodedPolicyIfExists = parseEncodedPolicyIfExists(map.get(path), str, pluginData.isExternalPlugin(), path, moduleNames);
            Policy parsePolicyIfExists = parsePolicyIfExists(path, pluginPath, pluginData.isExternalPlugin());
            validatePolicyScopes(path, parsePolicyIfExists, moduleNames, pluginPath.resolve(POLICY_FILE_NAME).toString());
            hashMap.put(path, parseEncodedPolicyIfExists == null ? parsePolicyIfExists : new Policy(parsePolicyIfExists.name(), mergeScopes(parsePolicyIfExists.scopes(), parseEncodedPolicyIfExists.scopes())));
        }
        return hashMap;
    }

    public static Policy parseEncodedPolicyIfExists(String str, String str2, boolean z, String str3, Set<String> set) {
        if (str == null) {
            return null;
        }
        try {
            VersionedPolicy decodeEncodedPolicy = decodeEncodedPolicy(str, str3, z);
            validatePolicyScopes(str3, decodeEncodedPolicy.policy(), set, "<patch>");
            if (decodeEncodedPolicy.versions().isEmpty() || decodeEncodedPolicy.versions().contains(str2)) {
                logger.info("Using policy patch for layer [{}]", new Object[]{str3});
                return decodeEncodedPolicy.policy();
            }
            logger.warn("Found a policy patch with version mismatch. The patch will not be applied. Layer [{}]; policy versions [{}]; current version [{}]", new Object[]{str3, String.join(",", decodeEncodedPolicy.versions()), str2});
            return null;
        } catch (Exception e) {
            throw new IllegalStateException("Unable to parse policy patch for layer [" + str3 + "]", e);
        }
    }

    static VersionedPolicy decodeEncodedPolicy(String str, String str2, boolean z) throws IOException {
        return new PolicyParser(new ByteArrayInputStream(Base64.getDecoder().decode(str)), str2, z).parseVersionedPolicy();
    }

    private static void validatePolicyScopes(String str, Policy policy, Set<String> set, String str2) {
        for (Scope scope : policy.scopes()) {
            if (!set.contains(scope.moduleName())) {
                throw new IllegalStateException(Strings.format("Invalid module name in policy: layer [%s] does not have module [%s]; available modules [%s]; policy path [%s]", new Object[]{str, scope.moduleName(), String.join(", ", set), str2}));
            }
        }
    }

    public static Policy parsePolicyIfExists(String str, Path path, boolean z) throws IOException {
        Path resolve = path.resolve(POLICY_FILE_NAME);
        if (!Files.exists(resolve, new LinkOption[0])) {
            return new Policy(str, List.of());
        }
        InputStream newInputStream = Files.newInputStream(resolve, StandardOpenOption.READ);
        try {
            Policy parsePolicy = new PolicyParser(newInputStream, str, z).parsePolicy();
            if (newInputStream != null) {
                newInputStream.close();
            }
            return parsePolicy;
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static Set<String> getModuleNames(Path path, boolean z) {
        return z ? (Set) ModuleFinder.of(new Path[]{path}).findAll().stream().map(moduleReference -> {
            return moduleReference.descriptor().name();
        }).collect(Collectors.toUnmodifiableSet()) : Set.of(PolicyManager.ALL_UNNAMED);
    }

    public static List<Scope> mergeScopes(List<Scope> list, List<Scope> list2) {
        ArrayList arrayList = new ArrayList();
        Map map = (Map) list2.stream().collect(Collectors.toMap((v0) -> {
            return v0.moduleName();
        }, (v0) -> {
            return v0.entitlements();
        }));
        for (Scope scope : list) {
            List list3 = (List) map.remove(scope.moduleName());
            if (list3 == null) {
                arrayList.add(scope);
            } else {
                arrayList.add(new Scope(scope.moduleName(), mergeEntitlements(scope.entitlements(), list3)));
            }
        }
        for (Map.Entry entry : map.entrySet()) {
            arrayList.add(new Scope((String) entry.getKey(), (List) entry.getValue()));
        }
        return arrayList;
    }

    static List<Entitlement> mergeEntitlements(List<Entitlement> list, List<Entitlement> list2) {
        Map map = (Map) list.stream().collect(Collectors.toMap((v0) -> {
            return v0.getClass();
        }, Function.identity()));
        for (Entitlement entitlement : list2) {
            map.merge(entitlement.getClass(), entitlement, PolicyUtils::mergeEntitlement);
        }
        return map.values().stream().toList();
    }

    static Entitlement mergeEntitlement(Entitlement entitlement, Entitlement entitlement2) {
        return entitlement instanceof FilesEntitlement ? mergeFiles(Stream.of((Object[]) new FilesEntitlement[]{(FilesEntitlement) entitlement, (FilesEntitlement) entitlement2})) : entitlement instanceof WriteSystemPropertiesEntitlement ? mergeWriteSystemProperties(Stream.of((Object[]) new WriteSystemPropertiesEntitlement[]{(WriteSystemPropertiesEntitlement) entitlement, (WriteSystemPropertiesEntitlement) entitlement2})) : entitlement;
    }

    public static List<Entitlement> mergeEntitlements(Stream<Entitlement> stream) {
        Map map = (Map) stream.collect(Collectors.groupingBy((v0) -> {
            return v0.getClass();
        }));
        ArrayList arrayList = new ArrayList();
        for (Map.Entry entry : map.entrySet()) {
            Class cls = (Class) entry.getKey();
            List list = (List) entry.getValue();
            if (list.size() == 1) {
                arrayList.add((Entitlement) list.get(0));
            } else {
                arrayList.add(mergeEntitlement((Class<? extends Entitlement>) cls, (Stream<Entitlement>) list.stream()));
            }
        }
        return arrayList;
    }

    static Entitlement mergeEntitlement(Class<? extends Entitlement> cls, Stream<Entitlement> stream) {
        if (cls.equals(FilesEntitlement.class)) {
            Class<FilesEntitlement> cls2 = FilesEntitlement.class;
            Objects.requireNonNull(FilesEntitlement.class);
            return mergeFiles(stream.map((v1) -> {
                return r1.cast(v1);
            }));
        }
        if (!cls.equals(WriteSystemPropertiesEntitlement.class)) {
            return stream.findFirst().orElseThrow();
        }
        Class<WriteSystemPropertiesEntitlement> cls3 = WriteSystemPropertiesEntitlement.class;
        Objects.requireNonNull(WriteSystemPropertiesEntitlement.class);
        return mergeWriteSystemProperties(stream.map((v1) -> {
            return r1.cast(v1);
        }));
    }

    private static FilesEntitlement mergeFiles(Stream<FilesEntitlement> stream) {
        return new FilesEntitlement(stream.flatMap(filesEntitlement -> {
            return filesEntitlement.filesData().stream();
        }).distinct().toList());
    }

    private static WriteSystemPropertiesEntitlement mergeWriteSystemProperties(Stream<WriteSystemPropertiesEntitlement> stream) {
        return new WriteSystemPropertiesEntitlement((Set<String>) stream.flatMap(writeSystemPropertiesEntitlement -> {
            return writeSystemPropertiesEntitlement.properties().stream();
        }).collect(Collectors.toUnmodifiableSet()));
    }

    static Set<String> describeEntitlement(Entitlement entitlement) {
        HashSet hashSet = new HashSet();
        if (entitlement instanceof FilesEntitlement) {
            Stream<R> map = ((FilesEntitlement) entitlement).filesData().stream().filter(fileData -> {
                return fileData.platform() == null || fileData.platform().isCurrent();
            }).map(fileData2 -> {
                return Strings.format("%s %s", new Object[]{PolicyParser.getEntitlementName(FilesEntitlement.class), fileData2.description()});
            });
            Objects.requireNonNull(hashSet);
            map.forEach((v1) -> {
                r1.add(v1);
            });
        } else if (entitlement instanceof WriteSystemPropertiesEntitlement) {
            Stream<R> map2 = ((WriteSystemPropertiesEntitlement) entitlement).properties().stream().map(str -> {
                return Strings.format("%s [%s]", new Object[]{PolicyParser.getEntitlementName(WriteSystemPropertiesEntitlement.class), str});
            });
            Objects.requireNonNull(hashSet);
            map2.forEach((v1) -> {
                r1.add(v1);
            });
        } else {
            hashSet.add(PolicyParser.getEntitlementName(entitlement.getClass()));
        }
        return hashSet;
    }

    public static Set<String> getEntitlementsDescriptions(Policy policy) {
        List<Entitlement> mergeEntitlements = mergeEntitlements(policy.scopes().stream().flatMap(scope -> {
            return scope.entitlements().stream();
        }));
        HashSet hashSet = new HashSet();
        Iterator<Entitlement> it = mergeEntitlements.iterator();
        while (it.hasNext()) {
            hashSet.addAll(describeEntitlement(it.next()));
        }
        return hashSet;
    }
}
