package org.elasticsearch.xpack.security.profile;

import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.time.Instant;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.hash.MessageDigests;
import org.elasticsearch.common.xcontent.ObjectParserHelper;
import org.elasticsearch.xcontent.ConstructingObjectParser;
import org.elasticsearch.xcontent.ParseField;
import org.elasticsearch.xcontent.ToXContent;
import org.elasticsearch.xcontent.ToXContentObject;
import org.elasticsearch.xcontent.XContentBuilder;
import org.elasticsearch.xcontent.XContentParser;
import org.elasticsearch.xpack.core.security.action.profile.Profile;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.authc.Subject;
import org.elasticsearch.xpack.core.security.user.User;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;

/* loaded from: input_file:org/elasticsearch/xpack/security/profile/ProfileDocument.class */
public final class ProfileDocument extends Record implements ToXContentObject {
    private final String uid;
    private final boolean enabled;
    private final long lastSynchronized;
    private final ProfileDocumentUser user;
    private final Map<String, Object> labels;
    private final BytesReference applicationData;
    static final ConstructingObjectParser<ProfileDocumentUser, Void> PROFILE_DOC_USER_PARSER;
    static final ConstructingObjectParser<ProfileDocument, Void> PROFILE_DOC_PARSER;
    static final ConstructingObjectParser<ProfileDocument, Void> PARSER;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser.class */
    public static final class ProfileDocumentUser extends Record implements ToXContent {
        private final String username;
        private final List<String> roles;
        private final Authentication.RealmRef realm;
        private final String email;
        private final String fullName;

        public ProfileDocumentUser(String str, List<String> list, Authentication.RealmRef realmRef, String str2, String str3) {
            this.username = str;
            this.roles = list;
            this.realm = realmRef;
            this.email = str2;
            this.fullName = str3;
        }

        public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
            xContentBuilder.startObject("user");
            xContentBuilder.field("username", this.username);
            xContentBuilder.field("roles", this.roles);
            xContentBuilder.field(LoggingAuditTrail.REALM_FIELD_NAME, this.realm);
            xContentBuilder.field("email", this.email);
            xContentBuilder.field("full_name", this.fullName);
            xContentBuilder.endObject();
            return xContentBuilder;
        }

        public Profile.ProfileUser toProfileUser() {
            return new Profile.ProfileUser(this.username, this.roles, this.realm.getName(), this.realm.getDomain() != null ? this.realm.getDomain().name() : null, this.email, this.fullName);
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, ProfileDocumentUser.class), ProfileDocumentUser.class, "username;roles;realm;email;fullName", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;->username:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;->roles:Ljava/util/List;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;->realm:Lorg/elasticsearch/xpack/core/security/authc/Authentication$RealmRef;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;->email:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;->fullName:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, ProfileDocumentUser.class), ProfileDocumentUser.class, "username;roles;realm;email;fullName", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;->username:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;->roles:Ljava/util/List;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;->realm:Lorg/elasticsearch/xpack/core/security/authc/Authentication$RealmRef;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;->email:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;->fullName:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, ProfileDocumentUser.class, Object.class), ProfileDocumentUser.class, "username;roles;realm;email;fullName", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;->username:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;->roles:Ljava/util/List;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;->realm:Lorg/elasticsearch/xpack/core/security/authc/Authentication$RealmRef;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;->email:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;->fullName:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String username() {
            return this.username;
        }

        public List<String> roles() {
            return this.roles;
        }

        public Authentication.RealmRef realm() {
            return this.realm;
        }

        public String email() {
            return this.email;
        }

        public String fullName() {
            return this.fullName;
        }
    }

    public ProfileDocument(String str, boolean z, long j, ProfileDocumentUser profileDocumentUser, Map<String, Object> map, BytesReference bytesReference) {
        this.uid = str;
        this.enabled = z;
        this.lastSynchronized = j;
        this.user = profileDocumentUser;
        this.labels = map;
        this.applicationData = bytesReference;
    }

    public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
        xContentBuilder.startObject();
        xContentBuilder.field("uid", this.uid);
        xContentBuilder.field("enabled", this.enabled);
        xContentBuilder.field("last_synchronized", this.lastSynchronized);
        this.user.toXContent(xContentBuilder, params);
        if (!params.paramAsBoolean("include_labels", true) || this.labels == null) {
            xContentBuilder.startObject("labels").endObject();
        } else {
            xContentBuilder.field("labels", this.labels);
        }
        if (!params.paramAsBoolean("include_data", true) || this.applicationData == null) {
            xContentBuilder.startObject("application_data").endObject();
        } else {
            xContentBuilder.field("application_data", this.applicationData);
        }
        xContentBuilder.endObject();
        return xContentBuilder;
    }

    public Subject subject() {
        return new Subject(new User(this.user.username, (String[]) this.user.roles.toArray(i -> {
            return new String[i];
        }), this.user.fullName, this.user.email, Map.of(), true), this.user.realm);
    }

    static ProfileDocument fromSubject(Subject subject) {
        return fromSubjectWithUid(subject, computeBaseUidForSubject(subject) + "_0");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ProfileDocument fromSubjectWithUid(Subject subject, String str) {
        if (!$assertionsDisabled && !str.startsWith(computeBaseUidForSubject(subject) + "_")) {
            throw new AssertionError();
        }
        User user = subject.getUser();
        return new ProfileDocument(str, true, Instant.now().toEpochMilli(), new ProfileDocumentUser(user.principal(), Arrays.asList(user.roles()), subject.getRealm(), user.email(), user.fullName()), Map.of(), null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String computeBaseUidForSubject(Subject subject) {
        MessageDigest sha256 = MessageDigests.sha256();
        sha256.update(subject.getUser().principal().getBytes(StandardCharsets.UTF_8));
        if (subject.getRealm().getDomain() != null) {
            subject.getRealm().getDomain().realms().stream().sorted((realmIdentifier, realmIdentifier2) -> {
                int compareTo = realmIdentifier.getType().compareTo(realmIdentifier2.getType());
                return compareTo == 0 ? realmIdentifier.getName().compareTo(realmIdentifier2.getName()) : compareTo;
            }).forEach(realmIdentifier3 -> {
                sha256.update(realmIdentifier3.getType().getBytes(StandardCharsets.UTF_8));
                if (false == Authentication.isFileOrNativeRealm(realmIdentifier3.getType())) {
                    sha256.update(realmIdentifier3.getName().getBytes(StandardCharsets.UTF_8));
                }
            });
        } else {
            sha256.update(subject.getRealm().getType().getBytes(StandardCharsets.UTF_8));
            if (false == Authentication.isFileOrNativeRealm(subject.getRealm().getType())) {
                sha256.update(subject.getRealm().getName().getBytes(StandardCharsets.UTF_8));
            }
        }
        return "u_" + Base64.getUrlEncoder().withoutPadding().encodeToString(sha256.digest());
    }

    public static ProfileDocument fromXContent(XContentParser xContentParser) {
        return (ProfileDocument) PARSER.apply(xContentParser, (Object) null);
    }

    @Override // java.lang.Record
    public final String toString() {
        return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, ProfileDocument.class), ProfileDocument.class, "uid;enabled;lastSynchronized;user;labels;applicationData", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->uid:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->enabled:Z", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->lastSynchronized:J", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->user:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->labels:Ljava/util/Map;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->applicationData:Lorg/elasticsearch/common/bytes/BytesReference;").dynamicInvoker().invoke(this) /* invoke-custom */;
    }

    @Override // java.lang.Record
    public final int hashCode() {
        return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, ProfileDocument.class), ProfileDocument.class, "uid;enabled;lastSynchronized;user;labels;applicationData", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->uid:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->enabled:Z", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->lastSynchronized:J", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->user:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->labels:Ljava/util/Map;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->applicationData:Lorg/elasticsearch/common/bytes/BytesReference;").dynamicInvoker().invoke(this) /* invoke-custom */;
    }

    @Override // java.lang.Record
    public final boolean equals(Object obj) {
        return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, ProfileDocument.class, Object.class), ProfileDocument.class, "uid;enabled;lastSynchronized;user;labels;applicationData", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->uid:Ljava/lang/String;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->enabled:Z", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->lastSynchronized:J", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->user:Lorg/elasticsearch/xpack/security/profile/ProfileDocument$ProfileDocumentUser;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->labels:Ljava/util/Map;", "FIELD:Lorg/elasticsearch/xpack/security/profile/ProfileDocument;->applicationData:Lorg/elasticsearch/common/bytes/BytesReference;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
    }

    public String uid() {
        return this.uid;
    }

    public boolean enabled() {
        return this.enabled;
    }

    public long lastSynchronized() {
        return this.lastSynchronized;
    }

    public ProfileDocumentUser user() {
        return this.user;
    }

    public Map<String, Object> labels() {
        return this.labels;
    }

    public BytesReference applicationData() {
        return this.applicationData;
    }

    static {
        $assertionsDisabled = !ProfileDocument.class.desiredAssertionStatus();
        PROFILE_DOC_USER_PARSER = new ConstructingObjectParser<>("user_profile_document_user", false, (objArr, r10) -> {
            return new ProfileDocumentUser((String) objArr[0], (List) objArr[1], (Authentication.RealmRef) objArr[2], (String) objArr[3], (String) objArr[4]);
        });
        PROFILE_DOC_PARSER = new ConstructingObjectParser<>("user_profile_document", false, (objArr2, r12) -> {
            return new ProfileDocument((String) objArr2[0], ((Boolean) objArr2[1]).booleanValue(), ((Long) objArr2[2]).longValue(), (ProfileDocumentUser) objArr2[3], (Map) objArr2[4], (BytesReference) objArr2[5]);
        });
        PARSER = new ConstructingObjectParser<>("user_profile_document_container", true, (objArr3, r4) -> {
            return (ProfileDocument) objArr3[0];
        });
        PROFILE_DOC_USER_PARSER.declareString(ConstructingObjectParser.constructorArg(), new ParseField("username", new String[0]));
        PROFILE_DOC_USER_PARSER.declareStringArray(ConstructingObjectParser.constructorArg(), new ParseField("roles", new String[0]));
        PROFILE_DOC_USER_PARSER.declareObject(ConstructingObjectParser.constructorArg(), (xContentParser, r5) -> {
            return (Authentication.RealmRef) Authentication.REALM_REF_PARSER.parse(xContentParser, r5);
        }, new ParseField(LoggingAuditTrail.REALM_FIELD_NAME, new String[0]));
        PROFILE_DOC_USER_PARSER.declareStringOrNull(ConstructingObjectParser.optionalConstructorArg(), new ParseField("email", new String[0]));
        PROFILE_DOC_USER_PARSER.declareStringOrNull(ConstructingObjectParser.optionalConstructorArg(), new ParseField("full_name", new String[0]));
        PROFILE_DOC_PARSER.declareString(ConstructingObjectParser.constructorArg(), new ParseField("uid", new String[0]));
        PROFILE_DOC_PARSER.declareBoolean(ConstructingObjectParser.constructorArg(), new ParseField("enabled", new String[0]));
        PROFILE_DOC_PARSER.declareLong(ConstructingObjectParser.constructorArg(), new ParseField("last_synchronized", new String[0]));
        PROFILE_DOC_PARSER.declareObject(ConstructingObjectParser.constructorArg(), (xContentParser2, r52) -> {
            return (ProfileDocumentUser) PROFILE_DOC_USER_PARSER.parse(xContentParser2, (Object) null);
        }, new ParseField("user", new String[0]));
        PROFILE_DOC_PARSER.declareObject(ConstructingObjectParser.constructorArg(), (xContentParser3, r3) -> {
            return xContentParser3.map();
        }, new ParseField("labels", new String[0]));
        ObjectParserHelper.declareRawObject(PROFILE_DOC_PARSER, ConstructingObjectParser.constructorArg(), new ParseField("application_data", new String[0]));
        PARSER.declareObject(ConstructingObjectParser.constructorArg(), (xContentParser4, r53) -> {
            return (ProfileDocument) PROFILE_DOC_PARSER.parse(xContentParser4, (Object) null);
        }, new ParseField("user_profile", new String[0]));
    }
}
