package org.elasticsearch.xpack.core.security.authc;

import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.elasticsearch.common.settings.SecureSetting;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsException;
import org.elasticsearch.core.Tuple;
import org.elasticsearch.xpack.core.ml.job.persistence.ElasticsearchMappings;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.elasticsearch.xpack.core.security.authc.esnative.NativeRealmSettings;
import org.elasticsearch.xpack.core.security.authc.file.FileRealmSettings;

/* loaded from: input_file:org/elasticsearch/xpack/core/security/authc/RealmSettings.class */
public class RealmSettings {
    public static final String RESERVED_REALM_AND_DOMAIN_NAME_PREFIX = "_";
    public static final String PREFIX = "xpack.security.authc.realms.";
    public static final Setting.AffixSetting<List<String>> DOMAIN_TO_REALM_ASSOC_SETTING = Setting.affixKeySetting("xpack.security.authc.domains.", "realms", str -> {
        return Setting.stringListSetting(str, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Function<String, Setting.AffixSetting<Boolean>> ENABLED_SETTING = affixSetting(ElasticsearchMappings.ENABLED, str -> {
        return Setting.boolSetting(str, true, new Setting.Property[]{Setting.Property.NodeScope});
    });
    public static final Function<String, Setting.AffixSetting<Integer>> ORDER_SETTING = affixSetting("order", str -> {
        return Setting.intSetting(str, Integer.MAX_VALUE, new Setting.Property[]{Setting.Property.NodeScope});
    });

    public static String realmSettingPrefix(String str) {
        return "xpack.security.authc.realms." + str + ".";
    }

    public static String realmSettingPrefix(RealmConfig.RealmIdentifier realmIdentifier) {
        return realmSettingPrefix(realmIdentifier.getType()) + realmIdentifier.getName() + ".";
    }

    public static String realmSslPrefix(RealmConfig.RealmIdentifier realmIdentifier) {
        return realmSettingPrefix(realmIdentifier) + "ssl.";
    }

    public static Setting.AffixSetting<String> simpleString(String str, String str2, Setting.Property... propertyArr) {
        return Setting.affixKeySetting(realmSettingPrefix(str), str2, str3 -> {
            return Setting.simpleString(str3, propertyArr);
        }, new Setting.AffixSettingDependency[0]);
    }

    public static Setting.AffixSetting<SecureString> secureString(String str, String str2) {
        return Setting.affixKeySetting(realmSettingPrefix(str), str2, str3 -> {
            return SecureSetting.secureString(str3, (Setting) null, new Setting.Property[0]);
        }, new Setting.AffixSettingDependency[0]);
    }

    public static <T> Function<String, Setting.AffixSetting<T>> affixSetting(String str, Function<String, Setting<T>> function) {
        return str2 -> {
            return Setting.affixKeySetting(realmSettingPrefix(str2), str, function, new Setting.AffixSettingDependency[0]);
        };
    }

    public static Map<RealmConfig.RealmIdentifier, Settings> getRealmSettings(Settings settings) {
        Settings byPrefix = settings.getByPrefix(PREFIX);
        return (Map) byPrefix.names().stream().flatMap(str -> {
            Settings asSettings = byPrefix.getAsSettings(str);
            return asSettings.names().stream().map(str -> {
                RealmConfig.RealmIdentifier realmIdentifier = new RealmConfig.RealmIdentifier(str, str);
                Settings asSettings2 = asSettings.getAsSettings(str);
                verifyRealmSettings(realmIdentifier, asSettings2);
                return new Tuple(realmIdentifier, asSettings2);
            });
        }).collect(Collectors.toMap((v0) -> {
            return v0.v1();
        }, (v0) -> {
            return v0.v2();
        }));
    }

    public static Map<String, String> computeRealmNameToDomainNameAssociation(Settings settings) {
        Set<RealmConfig.RealmIdentifier> keySet = getRealmSettings(settings).keySet();
        HashMap hashMap = new HashMap();
        for (String str : DOMAIN_TO_REALM_ASSOC_SETTING.getNamespaces(settings)) {
            if (str.startsWith("_")) {
                throw new IllegalArgumentException("Security domain name must not start with \"_\"");
            }
            Iterator it = ((List) DOMAIN_TO_REALM_ASSOC_SETTING.getConcreteSettingForNamespace(str).get(settings)).iterator();
            while (it.hasNext()) {
                ((Set) hashMap.computeIfAbsent((String) it.next(), str2 -> {
                    return new TreeSet();
                })).add(str);
            }
        }
        StringBuilder sb = new StringBuilder("Realms can be associated to at most one domain, but");
        boolean z = false;
        for (Map.Entry entry : hashMap.entrySet()) {
            if (((Set) entry.getValue()).size() > 1) {
                if (z) {
                    sb.append(" and");
                }
                sb.append(" realm [").append((String) entry.getKey()).append("] is associated to domains ").append(entry.getValue());
                z = true;
            }
        }
        if (z) {
            throw new IllegalArgumentException(sb.toString());
        }
        boolean z2 = false;
        boolean z3 = false;
        HashSet hashSet = new HashSet(hashMap.keySet());
        for (RealmConfig.RealmIdentifier realmIdentifier : keySet) {
            hashSet.remove(realmIdentifier.getName());
            if (realmIdentifier.getType().equals(FileRealmSettings.TYPE)) {
                z2 = true;
            }
            if (realmIdentifier.getType().equals(NativeRealmSettings.TYPE)) {
                z3 = true;
            }
        }
        if (false == z2) {
            hashSet.remove(FileRealmSettings.DEFAULT_NAME);
        }
        if (false == z3) {
            hashSet.remove(NativeRealmSettings.DEFAULT_NAME);
        }
        if (false == hashSet.isEmpty()) {
            throw new IllegalArgumentException("Undefined realms " + hashSet + " cannot be assigned to domains");
        }
        return (Map) hashMap.entrySet().stream().map(entry2 -> {
            return Map.entry((String) entry2.getKey(), (String) ((Set) entry2.getValue()).stream().findAny().get());
        }).collect(Collectors.toUnmodifiableMap(entry3 -> {
            return (String) entry3.getKey();
        }, entry4 -> {
            return (String) entry4.getValue();
        }));
    }

    private static void verifyRealmSettings(RealmConfig.RealmIdentifier realmIdentifier, Settings settings) {
        if (Settings.builder().put(settings, false).build().isEmpty()) {
            String realmSettingPrefix = realmSettingPrefix(realmIdentifier);
            throw new SettingsException("found settings for the realm [{}] (with type [{}]) in the secure settings (elasticsearch.keystore), but this realm does not have any settings in elasticsearch.yml. Please remove these settings from the keystore, or update their names to match one of the realms that are defined in elasticsearch.yml - [{}]", new Object[]{realmIdentifier.getName(), realmIdentifier.getType(), settings.keySet().stream().map(str -> {
                return realmSettingPrefix + str;
            }).collect(Collectors.joining(","))});
        }
    }

    public static String getFullSettingKey(String str, Setting.AffixSetting<?> affixSetting) {
        return affixSetting.getConcreteSettingForNamespace(str).getKey();
    }

    public static String getFullSettingKey(RealmConfig realmConfig, Setting.AffixSetting<?> affixSetting) {
        return affixSetting.getConcreteSettingForNamespace(realmConfig.name()).getKey();
    }

    public static <T> String getFullSettingKey(RealmConfig.RealmIdentifier realmIdentifier, Function<String, Setting.AffixSetting<T>> function) {
        return getFullSettingKey(realmIdentifier.getName(), (Setting.AffixSetting<?>) function.apply(realmIdentifier.getType()));
    }

    public static <T> String getFullSettingKey(RealmConfig realmConfig, Function<String, Setting.AffixSetting<T>> function) {
        return getFullSettingKey(realmConfig.identifier, function);
    }

    public static List<Setting.AffixSetting<?>> getStandardSettings(String str) {
        return Arrays.asList(ENABLED_SETTING.apply(str), ORDER_SETTING.apply(str));
    }

    private RealmSettings() {
    }
}
