package org.elasticsearch.xpack.security.authz;

import java.util.function.Consumer;
import java.util.function.Predicate;
import org.elasticsearch.TransportVersion;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.xpack.core.security.SecurityContext;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.support.Automatons;
import org.elasticsearch.xpack.core.security.user.InternalUsers;
import org.elasticsearch.xpack.security.support.SecuritySystemIndices;

/* loaded from: input_file:org/elasticsearch/xpack/security/authz/AuthorizationUtils.class */
public final class AuthorizationUtils {
    private static final Predicate<String> INTERNAL_PREDICATE;
    static final /* synthetic */ boolean $assertionsDisabled;

    private AuthorizationUtils() {
    }

    public static boolean shouldReplaceUserWithSystem(ThreadContext threadContext, String str) {
        if (!threadContext.isSystemContext() && !isInternalAction(str)) {
            return false;
        }
        if (((Authentication) threadContext.getTransient("_xpack_security_authentication")) == null && threadContext.getTransient("action.origin") == null) {
            return true;
        }
        String str2 = (String) threadContext.getTransient("_originating_action_name");
        return (str2 == null || isInternalAction(str2)) ? false : true;
    }

    public static boolean shouldSetUserBasedOnActionOrigin(ThreadContext threadContext) {
        return ((String) threadContext.getTransient("action.origin")) != null && ((Authentication) threadContext.getTransient("_xpack_security_authentication")) == null;
    }

    public static void switchUserBasedOnActionOriginAndExecute(ThreadContext threadContext, SecurityContext securityContext, TransportVersion transportVersion, Consumer<ThreadContext.StoredContext> consumer) {
        String str = (String) threadContext.getTransient("action.origin");
        if (str == null) {
            if (!$assertionsDisabled) {
                throw new AssertionError("cannot switch user if there is no action origin");
            }
            throw new IllegalStateException("cannot switch user if there is no action origin");
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case -1867981621:
                if (str.equals("async_search")) {
                    z = 27;
                    break;
                }
                break;
            case -1448751034:
                if (str.equals("enterprise_search")) {
                    z = 23;
                    break;
                }
                break;
            case -1298335483:
                if (str.equals("enrich")) {
                    z = 13;
                    break;
                }
                break;
            case -1184149916:
                if (str.equals("ingest")) {
                    z = 15;
                    break;
                }
                break;
            case -1005395930:
                if (str.equals("profiling")) {
                    z = 16;
                    break;
                }
                break;
            case -925408296:
                if (str.equals("rollup")) {
                    z = 11;
                    break;
                }
                break;
            case -775645754:
                if (str.equals("connectors")) {
                    z = 24;
                    break;
                }
                break;
            case -513448022:
                if (str.equals("security_profile")) {
                    z = true;
                    break;
                }
                break;
            case -353743520:
                if (str.equals("data_stream_lifecycle")) {
                    z = 3;
                    break;
                }
                break;
            case -348489924:
                if (str.equals("lazy_rollover")) {
                    z = 4;
                    break;
                }
                break;
            case -345871822:
                if (str.equals("searchable_snapshots")) {
                    z = 20;
                    break;
                }
                break;
            case 3487:
                if (str.equals("ml")) {
                    z = 6;
                    break;
                }
                break;
            case 96798:
                if (str.equals("apm")) {
                    z = 17;
                    break;
                }
                break;
            case 104117:
                if (str.equals("idp")) {
                    z = 14;
                    break;
                }
                break;
            case 3421516:
                if (str.equals("otel")) {
                    z = 18;
                    break;
                }
                break;
            case 97516878:
                if (str.equals("fleet")) {
                    z = 22;
                    break;
                }
                break;
            case 109757064:
                if (str.equals("stack")) {
                    z = 19;
                    break;
                }
                break;
            case 110132110:
                if (str.equals("tasks")) {
                    z = 26;
                    break;
                }
                break;
            case 789756305:
                if (str.equals("logstash_management")) {
                    z = 21;
                    break;
                }
                break;
            case 840242460:
                if (str.equals("post_write_refresh")) {
                    z = 2;
                    break;
                }
                break;
            case 936927604:
                if (str.equals("deprecation")) {
                    z = 9;
                    break;
                }
                break;
            case 949122880:
                if (str.equals("security")) {
                    z = false;
                    break;
                }
                break;
            case 962456601:
                if (str.equals("inference")) {
                    z = 25;
                    break;
                }
                break;
            case 1052666732:
                if (str.equals("transform")) {
                    z = 8;
                    break;
                }
                break;
            case 1125964220:
                if (str.equals("watcher")) {
                    z = 5;
                    break;
                }
                break;
            case 1537400806:
                if (str.equals("persistent_tasks")) {
                    z = 10;
                    break;
                }
                break;
            case 1828602840:
                if (str.equals("synonyms")) {
                    z = 28;
                    break;
                }
                break;
            case 1852089416:
                if (str.equals("monitoring")) {
                    z = 7;
                    break;
                }
                break;
            case 2097130557:
                if (str.equals("index_lifecycle")) {
                    z = 12;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                securityContext.executeAsInternalUser(InternalUsers.XPACK_SECURITY_USER, transportVersion, consumer);
                return;
            case true:
                securityContext.executeAsInternalUser(InternalUsers.SECURITY_PROFILE_USER, transportVersion, consumer);
                return;
            case true:
                securityContext.executeAsInternalUser(InternalUsers.STORAGE_USER, transportVersion, consumer);
                return;
            case true:
                securityContext.executeAsInternalUser(InternalUsers.DATA_STREAM_LIFECYCLE_USER, transportVersion, consumer);
                return;
            case true:
                securityContext.executeAsInternalUser(InternalUsers.LAZY_ROLLOVER_USER, transportVersion, consumer);
                return;
            case true:
            case SecuritySystemIndices.INTERNAL_MAIN_INDEX_FORMAT /* 6 */:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
                securityContext.executeAsInternalUser(InternalUsers.XPACK_USER, transportVersion, consumer);
                return;
            case true:
                securityContext.executeAsInternalUser(InternalUsers.ASYNC_SEARCH_USER, transportVersion, consumer);
                return;
            case true:
                securityContext.executeAsInternalUser(InternalUsers.SYNONYMS_USER, transportVersion, consumer);
                return;
            default:
                if (!$assertionsDisabled) {
                    throw new AssertionError("action.origin [" + str + "] is unknown!");
                }
                throw new IllegalStateException("action.origin [" + str + "] should always be a known value");
        }
    }

    private static boolean isInternalAction(String str) {
        return INTERNAL_PREDICATE.test(str);
    }

    static {
        $assertionsDisabled = !AuthorizationUtils.class.desiredAssertionStatus();
        INTERNAL_PREDICATE = Automatons.predicate(new String[]{"internal:*"});
    }
}
