package org.elasticsearch.xpack.core.security.authc.support.mapper;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.BiConsumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.TransportVersions;
import org.elasticsearch.common.ParsingException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.io.stream.Writeable;
import org.elasticsearch.common.xcontent.LoggingDeprecationHandler;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.script.ScriptService;
import org.elasticsearch.xcontent.ObjectParser;
import org.elasticsearch.xcontent.ParseField;
import org.elasticsearch.xcontent.ToXContent;
import org.elasticsearch.xcontent.ToXContentObject;
import org.elasticsearch.xcontent.XContentBuilder;
import org.elasticsearch.xcontent.XContentParser;
import org.elasticsearch.xcontent.XContentType;
import org.elasticsearch.xpack.core.ml.job.persistence.ElasticsearchMappings;
import org.elasticsearch.xpack.core.security.authc.support.UserRoleMapper;
import org.elasticsearch.xpack.core.security.authc.support.mapper.expressiondsl.ExpressionModel;
import org.elasticsearch.xpack.core.security.authc.support.mapper.expressiondsl.ExpressionParser;
import org.elasticsearch.xpack.core.security.authc.support.mapper.expressiondsl.RoleMapperExpression;

/* loaded from: input_file:org/elasticsearch/xpack/core/security/authc/support/mapper/ExpressionRoleMapping.class */
public class ExpressionRoleMapping implements ToXContentObject, Writeable {
    private static final ObjectParser<Builder, String> PARSER = new ObjectParser<>(NativeRoleMappingStoreField.DOC_TYPE_ROLE_MAPPING, Builder::new);
    private static final String UPGRADE_API_TYPE_FIELD = "type";
    private final String name;
    private final RoleMapperExpression expression;
    private final List<String> roles;
    private final List<TemplateRoleName> roleTemplates;
    private final Map<String, Object> metadata;
    private final boolean enabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authc/support/mapper/ExpressionRoleMapping$Builder.class */
    public static class Builder {
        private RoleMapperExpression rules;
        private List<String> roles;
        private List<TemplateRoleName> roleTemplates;
        private Map<String, Object> metadata = Collections.emptyMap();
        private Boolean enabled;

        private Builder() {
        }

        Builder rules(RoleMapperExpression roleMapperExpression) {
            this.rules = roleMapperExpression;
            return this;
        }

        Builder roles(List<String> list) {
            this.roles = new ArrayList(list);
            return this;
        }

        Builder roleTemplates(List<TemplateRoleName> list) {
            this.roleTemplates = new ArrayList(list);
            return this;
        }

        Builder metadata(Map<String, Object> map) {
            this.metadata = map;
            return this;
        }

        Builder enabled(boolean z) {
            this.enabled = Boolean.valueOf(z);
            return this;
        }

        private ExpressionRoleMapping build(String str) {
            if (this.roles == null && this.roleTemplates == null) {
                throw missingField(str, Fields.ROLES);
            }
            if (this.rules == null) {
                throw missingField(str, Fields.RULES);
            }
            if (this.enabled == null) {
                throw missingField(str, Fields.ENABLED);
            }
            return new ExpressionRoleMapping(str, this.rules, this.roles, this.roleTemplates, this.metadata, this.enabled.booleanValue());
        }

        private static IllegalStateException missingField(String str, ParseField parseField) {
            return new IllegalStateException("failed to parse role-mapping [" + str + "]. missing field [" + parseField + "]");
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authc/support/mapper/ExpressionRoleMapping$Fields.class */
    public interface Fields {
        public static final ParseField ROLES = new ParseField("roles", new String[0]);
        public static final ParseField ROLE_TEMPLATES = new ParseField("role_templates", new String[0]);
        public static final ParseField ENABLED = new ParseField(ElasticsearchMappings.ENABLED, new String[0]);
        public static final ParseField RULES = new ParseField("rules", new String[0]);
        public static final ParseField METADATA = new ParseField("metadata", new String[0]);
    }

    public static Set<String> resolveRoles(UserRoleMapper.UserData userData, Collection<ExpressionRoleMapping> collection, ScriptService scriptService, Logger logger) {
        ExpressionModel asModel = userData.asModel();
        Set<String> set = (Set) collection.stream().filter((v0) -> {
            return v0.isEnabled();
        }).filter(expressionRoleMapping -> {
            return expressionRoleMapping.getExpression().match(asModel);
        }).flatMap(expressionRoleMapping2 -> {
            Set<String> roleNames = expressionRoleMapping2.getRoleNames(scriptService, asModel);
            logger.trace(() -> {
                return Strings.format("Applying role-mapping [{}] to user-model [{}] produced role-names [{}]", new Object[]{expressionRoleMapping2.getName(), asModel, roleNames});
            });
            return roleNames.stream();
        }).collect(Collectors.toSet());
        logger.debug(() -> {
            return Strings.format("Mapping user [{}] to roles [{}]", new Object[]{userData, set});
        });
        return set;
    }

    public ExpressionRoleMapping(String str, RoleMapperExpression roleMapperExpression, List<String> list, List<TemplateRoleName> list2, Map<String, Object> map, boolean z) {
        this.name = str;
        this.expression = roleMapperExpression;
        this.roles = list == null ? Collections.emptyList() : list;
        this.roleTemplates = list2 == null ? Collections.emptyList() : list2;
        this.metadata = map;
        this.enabled = z;
    }

    public ExpressionRoleMapping(StreamInput streamInput) throws IOException {
        this.name = streamInput.readString();
        this.enabled = streamInput.readBoolean();
        this.roles = streamInput.readStringCollectionAsList();
        if (streamInput.getTransportVersion().onOrAfter(TransportVersions.V_7_2_0)) {
            this.roleTemplates = streamInput.readCollectionAsList(TemplateRoleName::new);
        } else {
            this.roleTemplates = Collections.emptyList();
        }
        this.expression = ExpressionParser.readExpression(streamInput);
        this.metadata = streamInput.readGenericMap();
    }

    public void writeTo(StreamOutput streamOutput) throws IOException {
        streamOutput.writeString(this.name);
        streamOutput.writeBoolean(this.enabled);
        streamOutput.writeStringCollection(this.roles);
        if (streamOutput.getTransportVersion().onOrAfter(TransportVersions.V_7_2_0)) {
            streamOutput.writeCollection(this.roleTemplates);
        }
        ExpressionParser.writeExpression(this.expression, streamOutput);
        streamOutput.writeGenericMap(this.metadata);
    }

    public String getName() {
        return this.name;
    }

    public RoleMapperExpression getExpression() {
        return this.expression;
    }

    public List<String> getRoles() {
        return Collections.unmodifiableList(this.roles);
    }

    public List<TemplateRoleName> getRoleTemplates() {
        return Collections.unmodifiableList(this.roleTemplates);
    }

    public Map<String, Object> getMetadata() {
        return Collections.unmodifiableMap(this.metadata);
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public String toString() {
        return getClass().getSimpleName() + "<" + this.name + " ; " + this.roles + "/" + this.roleTemplates + " = " + Strings.toString(this.expression) + ">";
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        ExpressionRoleMapping expressionRoleMapping = (ExpressionRoleMapping) obj;
        return this.enabled == expressionRoleMapping.enabled && Objects.equals(this.name, expressionRoleMapping.name) && Objects.equals(this.expression, expressionRoleMapping.expression) && Objects.equals(this.roles, expressionRoleMapping.roles) && Objects.equals(this.roleTemplates, expressionRoleMapping.roleTemplates) && Objects.equals(this.metadata, expressionRoleMapping.metadata);
    }

    public int hashCode() {
        return Objects.hash(this.name, this.expression, this.roles, this.roleTemplates, this.metadata, Boolean.valueOf(this.enabled));
    }

    public static ExpressionRoleMapping parse(String str, BytesReference bytesReference, XContentType xContentType) throws IOException {
        XContentParser createParserNotCompressed = XContentHelper.createParserNotCompressed(LoggingDeprecationHandler.XCONTENT_PARSER_CONFIG, bytesReference, xContentType);
        try {
            ExpressionRoleMapping parse = parse(str, createParserNotCompressed);
            if (createParserNotCompressed != null) {
                createParserNotCompressed.close();
            }
            return parse;
        } catch (Throwable th) {
            if (createParserNotCompressed != null) {
                try {
                    createParserNotCompressed.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static ExpressionRoleMapping parse(String str, XContentParser xContentParser) throws IOException {
        try {
            return ((Builder) PARSER.parse(xContentParser, str)).build(str);
        } catch (IllegalArgumentException | IllegalStateException e) {
            throw new ParsingException(xContentParser.getTokenLocation(), e.getMessage(), e, new Object[0]);
        }
    }

    public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
        return toXContent(xContentBuilder, params, false);
    }

    public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params, boolean z) throws IOException {
        xContentBuilder.startObject();
        xContentBuilder.field(Fields.ENABLED.getPreferredName(), this.enabled);
        if (!this.roles.isEmpty()) {
            xContentBuilder.startArray(Fields.ROLES.getPreferredName());
            Iterator<String> it = this.roles.iterator();
            while (it.hasNext()) {
                xContentBuilder.value(it.next());
            }
            xContentBuilder.endArray();
        }
        if (!this.roleTemplates.isEmpty()) {
            xContentBuilder.startArray(Fields.ROLE_TEMPLATES.getPreferredName());
            Iterator<TemplateRoleName> it2 = this.roleTemplates.iterator();
            while (it2.hasNext()) {
                xContentBuilder.value(it2.next());
            }
            xContentBuilder.endArray();
        }
        xContentBuilder.field(Fields.RULES.getPreferredName());
        this.expression.toXContent(xContentBuilder, params);
        xContentBuilder.field(Fields.METADATA.getPreferredName(), this.metadata);
        if (z) {
            xContentBuilder.field(NativeRoleMappingStoreField.DOC_TYPE_FIELD, NativeRoleMappingStoreField.DOC_TYPE_ROLE_MAPPING);
        }
        return xContentBuilder.endObject();
    }

    public Set<String> getRoleNames(ScriptService scriptService, ExpressionModel expressionModel) {
        return (Set) Stream.concat(this.roles.stream(), this.roleTemplates.stream().flatMap(templateRoleName -> {
            return templateRoleName.getRoleNames(scriptService, expressionModel).stream();
        })).collect(Collectors.toSet());
    }

    static {
        PARSER.declareStringArray((v0, v1) -> {
            v0.roles(v1);
        }, Fields.ROLES);
        PARSER.declareObjectArray((v0, v1) -> {
            v0.roleTemplates(v1);
        }, (xContentParser, str) -> {
            return TemplateRoleName.parse(xContentParser);
        }, Fields.ROLE_TEMPLATES);
        PARSER.declareField((v0, v1) -> {
            v0.rules(v1);
        }, ExpressionParser::parseObject, Fields.RULES, ObjectParser.ValueType.OBJECT);
        PARSER.declareField((v0, v1) -> {
            v0.metadata(v1);
        }, (v0) -> {
            return v0.map();
        }, Fields.METADATA, ObjectParser.ValueType.OBJECT);
        PARSER.declareBoolean((v0, v1) -> {
            v0.enabled(v1);
        }, Fields.ENABLED);
        BiConsumer biConsumer = (builder, str2) -> {
        };
        PARSER.declareString(biConsumer, new ParseField(NativeRoleMappingStoreField.DOC_TYPE_FIELD, new String[0]));
        PARSER.declareString(biConsumer, new ParseField("type", new String[0]));
    }
}
