package org.elasticsearch.xpack.core.security.authz.permission;

import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.lucene.util.automaton.Automaton;
import org.apache.lucene.util.automaton.Operations;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.core.Tuple;
import org.elasticsearch.xpack.core.security.authz.permission.ResourcePrivilegesMap;
import org.elasticsearch.xpack.core.security.authz.privilege.ApplicationPrivilege;
import org.elasticsearch.xpack.core.security.authz.privilege.ApplicationPrivilegeDescriptor;
import org.elasticsearch.xpack.core.security.support.Automatons;

/* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/permission/ApplicationPermission.class */
public final class ApplicationPermission {
    public static final ApplicationPermission NONE;
    private final Logger logger = LogManager.getLogger(getClass());
    private final List<PermissionEntry> permissions;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/permission/ApplicationPermission$PermissionEntry.class */
    public static class PermissionEntry {
        private final ApplicationPrivilege privilege;
        private final Predicate<String> application;
        private final Set<String> resourceNames;
        private final Automaton resourceAutomaton;

        private PermissionEntry(ApplicationPrivilege applicationPrivilege, Set<String> set, Automaton automaton) {
            this.privilege = applicationPrivilege;
            this.application = Automatons.predicate(applicationPrivilege.getApplication());
            this.resourceNames = set;
            this.resourceAutomaton = automaton;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean grants(ApplicationPrivilege applicationPrivilege, Automaton automaton) {
            return matchesPrivilege(applicationPrivilege) && Operations.subsetOf(automaton, this.resourceAutomaton);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean matchesPrivilege(ApplicationPrivilege applicationPrivilege) {
            if (this.privilege.equals(applicationPrivilege)) {
                return true;
            }
            if (!this.application.test(applicationPrivilege.getApplication())) {
                return false;
            }
            if (Operations.isTotal(this.privilege.getAutomaton())) {
                return true;
            }
            return (Operations.isEmpty(this.privilege.getAutomaton()) || Operations.isEmpty(applicationPrivilege.getAutomaton()) || !Operations.subsetOf(applicationPrivilege.getAutomaton(), this.privilege.getAutomaton())) ? false : true;
        }

        public String toString() {
            return this.privilege.toString() + ":" + this.resourceNames;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ApplicationPermission(List<Tuple<ApplicationPrivilege, Set<String>>> list) {
        HashMap hashMap = new HashMap();
        list.forEach(tuple -> {
            hashMap.compute((ApplicationPrivilege) tuple.v1(), (applicationPrivilege, permissionEntry) -> {
                Set set = (Set) tuple.v2();
                Automaton patterns = Automatons.patterns(set);
                return permissionEntry == null ? new PermissionEntry(applicationPrivilege, set, patterns) : new PermissionEntry(applicationPrivilege, Sets.union(permissionEntry.resourceNames, set), Automatons.unionAndMinimize(Arrays.asList(permissionEntry.resourceAutomaton, patterns)));
            });
        });
        this.permissions = List.copyOf(hashMap.values());
    }

    public boolean grants(ApplicationPrivilege applicationPrivilege, String str) {
        Automaton patterns = Automatons.patterns(str);
        boolean anyMatch = this.permissions.stream().anyMatch(permissionEntry -> {
            return permissionEntry.grants(applicationPrivilege, patterns);
        });
        this.logger.trace("Permission [{}] {} grant [{} , {}]", this, anyMatch ? "does" : "does not", applicationPrivilege, str);
        return anyMatch;
    }

    public ResourcePrivilegesMap checkResourcePrivileges(String str, Set<String> set, Set<String> set2, Collection<ApplicationPrivilegeDescriptor> collection) {
        ResourcePrivilegesMap.Builder builder = ResourcePrivilegesMap.builder();
        for (String str2 : set) {
            for (String str3 : set2) {
                Set singleton = Collections.singleton(str3);
                Set<ApplicationPrivilege> set3 = ApplicationPrivilege.get(str, singleton, collection);
                this.logger.trace("Resolved privileges [{}] for [{},{}]", set3, str, singleton);
                for (ApplicationPrivilege applicationPrivilege : set3) {
                    if (!$assertionsDisabled && !Automatons.predicate(str).test(applicationPrivilege.getApplication())) {
                        throw new AssertionError("Privilege " + applicationPrivilege + " should have application " + str);
                    }
                    if (!$assertionsDisabled && !applicationPrivilege.name().equals(singleton)) {
                        throw new AssertionError("Privilege " + applicationPrivilege + " should have name " + singleton);
                    }
                    if (grants(applicationPrivilege, str2)) {
                        builder.addResourcePrivilege(str2, str3, Boolean.TRUE);
                    } else {
                        builder.addResourcePrivilege(str2, str3, Boolean.FALSE);
                    }
                }
            }
        }
        return builder.build();
    }

    public String toString() {
        return getClass().getSimpleName() + "{privileges=" + this.permissions + "}";
    }

    public Set<String> getApplicationNames() {
        return (Set) this.permissions.stream().map(permissionEntry -> {
            return permissionEntry.privilege.getApplication();
        }).collect(Collectors.toSet());
    }

    public Set<ApplicationPrivilege> getPrivileges(String str) {
        return (Set) this.permissions.stream().filter(permissionEntry -> {
            return str.equals(permissionEntry.privilege.getApplication());
        }).map(permissionEntry2 -> {
            return permissionEntry2.privilege;
        }).collect(Collectors.toSet());
    }

    public Set<String> getResourcePatterns(ApplicationPrivilege applicationPrivilege) {
        return (Set) this.permissions.stream().filter(permissionEntry -> {
            return permissionEntry.matchesPrivilege(applicationPrivilege);
        }).map(permissionEntry2 -> {
            return permissionEntry2.resourceNames;
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toSet());
    }

    static {
        $assertionsDisabled = !ApplicationPermission.class.desiredAssertionStatus();
        NONE = new ApplicationPermission(Collections.emptyList());
    }
}
