package org.elasticsearch.xpack.security.authc.support.mapper;

import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.cluster.ClusterChangedEvent;
import org.elasticsearch.cluster.ClusterStateListener;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.script.ScriptService;
import org.elasticsearch.xpack.core.security.authc.support.UserRoleMapper;
import org.elasticsearch.xpack.core.security.authc.support.mapper.ExpressionRoleMapping;
import org.elasticsearch.xpack.core.security.authz.RoleMappingMetadata;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/support/mapper/ClusterStateRoleMapper.class */
public class ClusterStateRoleMapper extends AbstractRoleMapperClearRealmCache implements ClusterStateListener {
    public static final String CLUSTER_STATE_ROLE_MAPPINGS_ENABLED = "xpack.security.authc.cluster_state_role_mappings.enabled";
    private static final Logger logger = LogManager.getLogger(ClusterStateRoleMapper.class);
    private final ScriptService scriptService;
    private final ClusterService clusterService;
    private final boolean enabled;

    public ClusterStateRoleMapper(Settings settings, ScriptService scriptService, ClusterService clusterService) {
        this.scriptService = scriptService;
        this.clusterService = clusterService;
        this.enabled = settings.getAsBoolean(CLUSTER_STATE_ROLE_MAPPINGS_ENABLED, true).booleanValue();
        if (this.enabled) {
            clusterService.addListener(this);
        }
    }

    public void resolveRoles(UserRoleMapper.UserData userData, ActionListener<Set<String>> actionListener) {
        actionListener.onResponse(ExpressionRoleMapping.resolveRoles(userData, getMappings(), this.scriptService, logger));
    }

    public void clusterChanged(ClusterChangedEvent clusterChangedEvent) {
        if (this.enabled && false == Objects.equals(RoleMappingMetadata.getFromClusterState(clusterChangedEvent.previousState()), RoleMappingMetadata.getFromClusterState(clusterChangedEvent.state()))) {
            clearRealmCachesOnLocalNode();
        }
    }

    public boolean hasMapping(String str) {
        return this.enabled && false == getMappings(Set.of(str)).isEmpty();
    }

    public Set<ExpressionRoleMapping> getMappings() {
        return getMappings(null);
    }

    public Set<ExpressionRoleMapping> getMappings(@Nullable Set<String> set) {
        if (!this.enabled) {
            return Set.of();
        }
        Set<ExpressionRoleMapping> roleMappings = RoleMappingMetadata.getFromClusterState(this.clusterService.state()).getRoleMappings();
        logger.trace("Retrieved [{}] mapping(s) from cluster state", Integer.valueOf(roleMappings.size()));
        return (set == null || set.isEmpty()) ? roleMappings : (Set) roleMappings.stream().filter(expressionRoleMapping -> {
            return set.contains(expressionRoleMapping.getName());
        }).collect(Collectors.toSet());
    }
}
