package org.elasticsearch.xpack.core.security.authz.privilege;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Predicate;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.io.stream.Writeable;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.xcontent.ParseField;
import org.elasticsearch.xcontent.ToXContent;
import org.elasticsearch.xcontent.XContentBuilder;
import org.elasticsearch.xcontent.XContentParseException;
import org.elasticsearch.xcontent.XContentParser;
import org.elasticsearch.xpack.core.security.action.privilege.ApplicationPrivilegesRequest;
import org.elasticsearch.xpack.core.security.action.profile.UpdateProfileDataAction;
import org.elasticsearch.xpack.core.security.action.profile.UpdateProfileDataRequest;
import org.elasticsearch.xpack.core.security.authz.permission.ClusterPermission;
import org.elasticsearch.xpack.core.security.authz.privilege.ConfigurableClusterPrivilege;
import org.elasticsearch.xpack.core.security.support.StringMatcher;
import org.elasticsearch.xpack.core.security.xcontent.XContentUtils;

/* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/privilege/ConfigurableClusterPrivileges.class */
public final class ConfigurableClusterPrivileges {
    public static final ConfigurableClusterPrivilege[] EMPTY_ARRAY;
    public static final Writeable.Reader<ConfigurableClusterPrivilege> READER;
    public static final Writeable.Writer<ConfigurableClusterPrivilege> WRITER;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/privilege/ConfigurableClusterPrivileges$ManageApplicationPrivileges.class */
    public static class ManageApplicationPrivileges implements ConfigurableClusterPrivilege {
        public static final String WRITEABLE_NAME = "manage-application-privileges";
        private final Set<String> applicationNames;
        private final Predicate<String> applicationPredicate;
        private final Predicate<TransportRequest> requestPredicate = transportRequest -> {
            if (!(transportRequest instanceof ApplicationPrivilegesRequest)) {
                return false;
            }
            Collection<String> applicationNames = ((ApplicationPrivilegesRequest) transportRequest).getApplicationNames();
            return applicationNames.isEmpty() ? this.applicationNames.contains("*") : applicationNames.stream().allMatch(str -> {
                return this.applicationPredicate.test(str);
            });
        };

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/privilege/ConfigurableClusterPrivileges$ManageApplicationPrivileges$Fields.class */
        public interface Fields {
            public static final ParseField MANAGE = new ParseField("manage", new String[0]);
            public static final ParseField APPLICATIONS = new ParseField("applications", new String[0]);
        }

        public ManageApplicationPrivileges(Set<String> set) {
            this.applicationNames = Collections.unmodifiableSet(set);
            this.applicationPredicate = StringMatcher.of(set);
        }

        @Override // org.elasticsearch.xpack.core.security.authz.privilege.ConfigurableClusterPrivilege
        public ConfigurableClusterPrivilege.Category getCategory() {
            return ConfigurableClusterPrivilege.Category.APPLICATION;
        }

        public Collection<String> getApplicationNames() {
            return this.applicationNames;
        }

        public String getWriteableName() {
            return WRITEABLE_NAME;
        }

        public void writeTo(StreamOutput streamOutput) throws IOException {
            streamOutput.writeStringCollection(this.applicationNames);
        }

        public static ManageApplicationPrivileges createFrom(StreamInput streamInput) throws IOException {
            return new ManageApplicationPrivileges(streamInput.readCollectionAsSet((v0) -> {
                return v0.readString();
            }));
        }

        @Override // org.elasticsearch.xpack.core.security.authz.privilege.ConfigurableClusterPrivilege
        public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
            return xContentBuilder.field(Fields.MANAGE.getPreferredName(), Map.of(Fields.APPLICATIONS.getPreferredName(), this.applicationNames));
        }

        public static ManageApplicationPrivileges parse(XContentParser xContentParser) throws IOException {
            ConfigurableClusterPrivileges.expectedToken(xContentParser.currentToken(), xContentParser, XContentParser.Token.FIELD_NAME);
            ConfigurableClusterPrivileges.expectFieldName(xContentParser, Fields.MANAGE);
            ConfigurableClusterPrivileges.expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.START_OBJECT);
            ConfigurableClusterPrivileges.expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.FIELD_NAME);
            ConfigurableClusterPrivileges.expectFieldName(xContentParser, Fields.APPLICATIONS);
            ConfigurableClusterPrivileges.expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.START_ARRAY);
            String[] readStringArray = XContentUtils.readStringArray(xContentParser, false);
            ConfigurableClusterPrivileges.expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.END_OBJECT);
            return new ManageApplicationPrivileges(new LinkedHashSet(Arrays.asList(readStringArray)));
        }

        public String toString() {
            return "{" + getCategory() + ":" + Fields.MANAGE.getPreferredName() + ":" + Fields.APPLICATIONS.getPreferredName() + "=" + Strings.collectionToDelimitedString(this.applicationNames, ",") + "}";
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return this.applicationNames.equals(((ManageApplicationPrivileges) obj).applicationNames);
        }

        public int hashCode() {
            return this.applicationNames.hashCode();
        }

        @Override // org.elasticsearch.xpack.core.security.authz.privilege.ClusterPrivilege
        public ClusterPermission.Builder buildPermission(ClusterPermission.Builder builder) {
            return builder.add(this, Set.of("cluster:admin/xpack/security/privilege/*"), this.requestPredicate);
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/privilege/ConfigurableClusterPrivileges$WriteProfileDataPrivileges.class */
    public static class WriteProfileDataPrivileges implements ConfigurableClusterPrivilege {
        public static final String WRITEABLE_NAME = "write-profile-data-privileges";
        private final Set<String> applicationNames;
        private final Predicate<String> applicationPredicate;
        private final Predicate<TransportRequest> requestPredicate = transportRequest -> {
            if (!(transportRequest instanceof UpdateProfileDataRequest)) {
                return false;
            }
            UpdateProfileDataRequest updateProfileDataRequest = (UpdateProfileDataRequest) transportRequest;
            if ($assertionsDisabled || null == updateProfileDataRequest.validate()) {
                return updateProfileDataRequest.getApplicationNames().stream().allMatch(str -> {
                    return this.applicationPredicate.test(str);
                });
            }
            throw new AssertionError();
        };
        static final /* synthetic */ boolean $assertionsDisabled;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/privilege/ConfigurableClusterPrivileges$WriteProfileDataPrivileges$Fields.class */
        public interface Fields {
            public static final ParseField WRITE = new ParseField("write", new String[0]);
            public static final ParseField APPLICATIONS = new ParseField("applications", new String[0]);
        }

        public WriteProfileDataPrivileges(Set<String> set) {
            this.applicationNames = Collections.unmodifiableSet(set);
            this.applicationPredicate = StringMatcher.of(set);
        }

        @Override // org.elasticsearch.xpack.core.security.authz.privilege.ConfigurableClusterPrivilege
        public ConfigurableClusterPrivilege.Category getCategory() {
            return ConfigurableClusterPrivilege.Category.PROFILE;
        }

        public Collection<String> getApplicationNames() {
            return this.applicationNames;
        }

        public String getWriteableName() {
            return WRITEABLE_NAME;
        }

        public void writeTo(StreamOutput streamOutput) throws IOException {
            streamOutput.writeStringCollection(this.applicationNames);
        }

        public static WriteProfileDataPrivileges createFrom(StreamInput streamInput) throws IOException {
            return new WriteProfileDataPrivileges(streamInput.readCollectionAsSet((v0) -> {
                return v0.readString();
            }));
        }

        @Override // org.elasticsearch.xpack.core.security.authz.privilege.ConfigurableClusterPrivilege
        public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
            return xContentBuilder.field(Fields.WRITE.getPreferredName(), Map.of(Fields.APPLICATIONS.getPreferredName(), this.applicationNames));
        }

        public static WriteProfileDataPrivileges parse(XContentParser xContentParser) throws IOException {
            ConfigurableClusterPrivileges.expectedToken(xContentParser.currentToken(), xContentParser, XContentParser.Token.FIELD_NAME);
            ConfigurableClusterPrivileges.expectFieldName(xContentParser, Fields.WRITE);
            ConfigurableClusterPrivileges.expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.START_OBJECT);
            ConfigurableClusterPrivileges.expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.FIELD_NAME);
            ConfigurableClusterPrivileges.expectFieldName(xContentParser, Fields.APPLICATIONS);
            ConfigurableClusterPrivileges.expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.START_ARRAY);
            String[] readStringArray = XContentUtils.readStringArray(xContentParser, false);
            ConfigurableClusterPrivileges.expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.END_OBJECT);
            return new WriteProfileDataPrivileges(new LinkedHashSet(Arrays.asList(readStringArray)));
        }

        public String toString() {
            return "{" + getCategory() + ":" + Fields.WRITE.getPreferredName() + ":" + Fields.APPLICATIONS.getPreferredName() + "=" + Strings.collectionToDelimitedString(this.applicationNames, ",") + "}";
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return this.applicationNames.equals(((WriteProfileDataPrivileges) obj).applicationNames);
        }

        public int hashCode() {
            return this.applicationNames.hashCode();
        }

        @Override // org.elasticsearch.xpack.core.security.authz.privilege.ClusterPrivilege
        public ClusterPermission.Builder buildPermission(ClusterPermission.Builder builder) {
            return builder.add(this, Set.of(UpdateProfileDataAction.NAME), this.requestPredicate);
        }

        static {
            $assertionsDisabled = !ConfigurableClusterPrivileges.class.desiredAssertionStatus();
        }
    }

    private ConfigurableClusterPrivileges() {
    }

    public static ConfigurableClusterPrivilege[] readArray(StreamInput streamInput) throws IOException {
        return (ConfigurableClusterPrivilege[]) streamInput.readArray(READER, i -> {
            return new ConfigurableClusterPrivilege[i];
        });
    }

    public static void writeArray(StreamOutput streamOutput, ConfigurableClusterPrivilege[] configurableClusterPrivilegeArr) throws IOException {
        streamOutput.writeArray(WRITER, configurableClusterPrivilegeArr);
    }

    public static XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params, Collection<ConfigurableClusterPrivilege> collection) throws IOException {
        xContentBuilder.startObject();
        for (ConfigurableClusterPrivilege.Category category : ConfigurableClusterPrivilege.Category.values()) {
            xContentBuilder.startObject(category.field.getPreferredName());
            for (ConfigurableClusterPrivilege configurableClusterPrivilege : collection) {
                if (category == configurableClusterPrivilege.getCategory()) {
                    configurableClusterPrivilege.toXContent(xContentBuilder, params);
                }
            }
            xContentBuilder.endObject();
        }
        return xContentBuilder.endObject();
    }

    public static List<ConfigurableClusterPrivilege> parse(XContentParser xContentParser) throws IOException {
        ArrayList arrayList = new ArrayList();
        expectedToken(xContentParser.currentToken(), xContentParser, XContentParser.Token.START_OBJECT);
        while (xContentParser.nextToken() != XContentParser.Token.END_OBJECT) {
            expectedToken(xContentParser.currentToken(), xContentParser, XContentParser.Token.FIELD_NAME);
            expectFieldName(xContentParser, ConfigurableClusterPrivilege.Category.APPLICATION.field, ConfigurableClusterPrivilege.Category.PROFILE.field);
            if (ConfigurableClusterPrivilege.Category.APPLICATION.field.match(xContentParser.currentName(), xContentParser.getDeprecationHandler())) {
                expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.START_OBJECT);
                while (xContentParser.nextToken() != XContentParser.Token.END_OBJECT) {
                    expectedToken(xContentParser.currentToken(), xContentParser, XContentParser.Token.FIELD_NAME);
                    expectFieldName(xContentParser, ManageApplicationPrivileges.Fields.MANAGE);
                    arrayList.add(ManageApplicationPrivileges.parse(xContentParser));
                }
            } else {
                if (!$assertionsDisabled && !ConfigurableClusterPrivilege.Category.PROFILE.field.match(xContentParser.currentName(), xContentParser.getDeprecationHandler())) {
                    throw new AssertionError();
                }
                expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.START_OBJECT);
                while (xContentParser.nextToken() != XContentParser.Token.END_OBJECT) {
                    expectedToken(xContentParser.currentToken(), xContentParser, XContentParser.Token.FIELD_NAME);
                    expectFieldName(xContentParser, WriteProfileDataPrivileges.Fields.WRITE);
                    arrayList.add(WriteProfileDataPrivileges.parse(xContentParser));
                }
            }
        }
        return arrayList;
    }

    private static void expectedToken(XContentParser.Token token, XContentParser xContentParser, XContentParser.Token token2) {
        if (token != token2) {
            throw new XContentParseException(xContentParser.getTokenLocation(), "failed to parse privilege. expected [" + token2 + "] but found [" + token + "] instead");
        }
    }

    private static void expectFieldName(XContentParser xContentParser, ParseField... parseFieldArr) throws IOException {
        String currentName = xContentParser.currentName();
        if (Arrays.stream(parseFieldArr).anyMatch(parseField -> {
            return parseField.match(currentName, xContentParser.getDeprecationHandler());
        })) {
        } else {
            throw new XContentParseException(xContentParser.getTokenLocation(), "failed to parse privilege. expected " + (parseFieldArr.length == 1 ? "field name" : "one of") + " [" + Strings.arrayToCommaDelimitedString(parseFieldArr) + "] but found [" + currentName + "] instead");
        }
    }

    static {
        $assertionsDisabled = !ConfigurableClusterPrivileges.class.desiredAssertionStatus();
        EMPTY_ARRAY = new ConfigurableClusterPrivilege[0];
        READER = streamInput -> {
            return (ConfigurableClusterPrivilege) streamInput.readNamedWriteable(ConfigurableClusterPrivilege.class);
        };
        WRITER = (streamOutput, configurableClusterPrivilege) -> {
            streamOutput.writeNamedWriteable(configurableClusterPrivilege);
        };
    }
}
