package org.elasticsearch.xpack.security.authc;

import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.elasticsearch.bootstrap.BootstrapCheck;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.env.Environment;
import org.elasticsearch.license.LicensedFeature;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.elasticsearch.xpack.core.security.authc.Realm;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.elasticsearch.xpack.core.security.authc.RealmSettings;
import org.elasticsearch.xpack.core.ssl.SSLService;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.authc.esnative.NativeRealm;
import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
import org.elasticsearch.xpack.security.authc.file.FileRealm;
import org.elasticsearch.xpack.security.authc.kerberos.KerberosRealm;
import org.elasticsearch.xpack.security.authc.ldap.LdapRealm;
import org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectRealm;
import org.elasticsearch.xpack.security.authc.pki.PkiRealm;
import org.elasticsearch.xpack.security.authc.saml.SamlRealm;
import org.elasticsearch.xpack.security.authc.support.RoleMappingFileBootstrapCheck;
import org.elasticsearch.xpack.security.authc.support.mapper.NativeRoleMappingStore;
import org.elasticsearch.xpack.security.support.SecurityIndexManager;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/InternalRealms.class */
public final class InternalRealms {
    static final String RESERVED_TYPE = "reserved";
    static final String NATIVE_TYPE = "native";
    static final String FILE_TYPE = "file";
    private static final Set<String> BUILTIN_TYPES = Sets.newHashSet(new String[]{NATIVE_TYPE, FILE_TYPE});
    static final String AD_TYPE = "active_directory";
    static final String LDAP_TYPE = "ldap";
    static final String PKI_TYPE = "pki";
    static final String SAML_TYPE = "saml";
    static final String KERBEROS_TYPE = "kerberos";
    static final String OIDC_TYPE = "oidc";
    private static final Map<String, LicensedFeature.Persistent> LICENSED_REALMS = org.elasticsearch.core.Map.ofEntries(new Map.Entry[]{org.elasticsearch.core.Map.entry(AD_TYPE, Security.AD_REALM_FEATURE), org.elasticsearch.core.Map.entry(LDAP_TYPE, Security.LDAP_REALM_FEATURE), org.elasticsearch.core.Map.entry(PKI_TYPE, Security.PKI_REALM_FEATURE), org.elasticsearch.core.Map.entry(SAML_TYPE, Security.SAML_REALM_FEATURE), org.elasticsearch.core.Map.entry(KERBEROS_TYPE, Security.KERBEROS_REALM_FEATURE), org.elasticsearch.core.Map.entry(OIDC_TYPE, Security.OIDC_REALM_FEATURE)});

    @Deprecated
    public static Collection<String> getConfigurableRealmsTypes() {
        return org.elasticsearch.core.Set.copyOf(Sets.union(BUILTIN_TYPES, LICENSED_REALMS.keySet()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isInternalRealm(String str) {
        return "reserved".equals(str) || BUILTIN_TYPES.contains(str) || LICENSED_REALMS.containsKey(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isBuiltinRealm(String str) {
        return BUILTIN_TYPES.contains(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nullable
    public static LicensedFeature.Persistent getLicensedFeature(String str) {
        if (Strings.isNullOrEmpty(str)) {
            throw new IllegalArgumentException("Empty realm type [" + str + "]");
        }
        if (str.equals("reserved") || isBuiltinRealm(str)) {
            return null;
        }
        LicensedFeature.Persistent persistent = LICENSED_REALMS.get(str);
        if (persistent == null) {
            throw new IllegalArgumentException("Unsupported realm type [" + str + "]");
        }
        return persistent;
    }

    public static Map<String, Realm.Factory> getFactories(ThreadPool threadPool, ResourceWatcherService resourceWatcherService, SSLService sSLService, NativeUsersStore nativeUsersStore, NativeRoleMappingStore nativeRoleMappingStore, SecurityIndexManager securityIndexManager) {
        HashMap hashMap = new HashMap();
        hashMap.put(FILE_TYPE, realmConfig -> {
            return new FileRealm(realmConfig, resourceWatcherService, threadPool);
        });
        hashMap.put(NATIVE_TYPE, realmConfig2 -> {
            NativeRealm nativeRealm = new NativeRealm(realmConfig2, nativeUsersStore, threadPool);
            Objects.requireNonNull(nativeRealm);
            securityIndexManager.addStateListener(nativeRealm::onSecurityIndexStateChange);
            return nativeRealm;
        });
        hashMap.put(AD_TYPE, realmConfig3 -> {
            return new LdapRealm(realmConfig3, sSLService, resourceWatcherService, nativeRoleMappingStore, threadPool);
        });
        hashMap.put(LDAP_TYPE, realmConfig4 -> {
            return new LdapRealm(realmConfig4, sSLService, resourceWatcherService, nativeRoleMappingStore, threadPool);
        });
        hashMap.put(PKI_TYPE, realmConfig5 -> {
            return new PkiRealm(realmConfig5, resourceWatcherService, nativeRoleMappingStore);
        });
        hashMap.put(SAML_TYPE, realmConfig6 -> {
            return SamlRealm.create(realmConfig6, sSLService, resourceWatcherService, nativeRoleMappingStore);
        });
        hashMap.put(KERBEROS_TYPE, realmConfig7 -> {
            return new KerberosRealm(realmConfig7, nativeRoleMappingStore, threadPool);
        });
        hashMap.put(OIDC_TYPE, realmConfig8 -> {
            return new OpenIdConnectRealm(realmConfig8, sSLService, nativeRoleMappingStore, resourceWatcherService);
        });
        return Collections.unmodifiableMap(hashMap);
    }

    private InternalRealms() {
    }

    public static List<BootstrapCheck> getBootstrapChecks(Settings settings, Environment environment) {
        HashSet newHashSet = Sets.newHashSet(new String[]{AD_TYPE, LDAP_TYPE, PKI_TYPE});
        return (List) RealmSettings.getRealmSettings(settings).keySet().stream().filter(realmIdentifier -> {
            return newHashSet.contains(realmIdentifier.getType());
        }).map(realmIdentifier2 -> {
            return new RealmConfig(realmIdentifier2, settings, environment, (ThreadContext) null);
        }).map(RoleMappingFileBootstrapCheck::create).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }
}
