package org.elasticsearch.xpack.core.security.authz.store;

import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.hash.MessageDigests;
import org.elasticsearch.xpack.core.security.authc.CrossClusterAccessSubjectInfo;
import org.elasticsearch.xpack.core.security.authz.RoleDescriptor;

/* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/store/RoleReference.class */
public interface RoleReference {

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/store/RoleReference$ApiKeyRoleReference.class */
    public static final class ApiKeyRoleReference implements RoleReference {
        private final String apiKeyId;
        private final BytesReference roleDescriptorsBytes;
        private final ApiKeyRoleType roleType;
        private RoleKey id = null;

        public ApiKeyRoleReference(String str, BytesReference bytesReference, ApiKeyRoleType apiKeyRoleType) {
            this.apiKeyId = str;
            this.roleDescriptorsBytes = bytesReference;
            this.roleType = apiKeyRoleType;
        }

        @Override // org.elasticsearch.xpack.core.security.authz.store.RoleReference
        public RoleKey id() {
            if (this.id == null) {
                this.id = computeRoleKey(this.roleDescriptorsBytes, this.roleType);
            }
            return this.id;
        }

        private static RoleKey computeRoleKey(BytesReference bytesReference, ApiKeyRoleType apiKeyRoleType) {
            return new RoleKey(Set.of("apikey:" + MessageDigests.toHexString(MessageDigests.digest(bytesReference, MessageDigests.sha256()))), "apikey_" + String.valueOf(apiKeyRoleType));
        }

        @Override // org.elasticsearch.xpack.core.security.authz.store.RoleReference
        public void resolve(RoleReferenceResolver roleReferenceResolver, ActionListener<RolesRetrievalResult> actionListener) {
            roleReferenceResolver.resolveApiKeyRoleReference(this, actionListener);
        }

        public String getApiKeyId() {
            return this.apiKeyId;
        }

        public BytesReference getRoleDescriptorsBytes() {
            return this.roleDescriptorsBytes;
        }

        public ApiKeyRoleType getRoleType() {
            return this.roleType;
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/store/RoleReference$ApiKeyRoleType.class */
    public enum ApiKeyRoleType {
        ASSIGNED,
        LIMITED_BY
    }

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/store/RoleReference$BwcApiKeyRoleReference.class */
    public static final class BwcApiKeyRoleReference implements RoleReference {
        private final String apiKeyId;
        private final Map<String, Object> roleDescriptorsMap;
        private final ApiKeyRoleType roleType;

        public BwcApiKeyRoleReference(String str, Map<String, Object> map, ApiKeyRoleType apiKeyRoleType) {
            this.apiKeyId = str;
            this.roleDescriptorsMap = map;
            this.roleType = apiKeyRoleType;
        }

        @Override // org.elasticsearch.xpack.core.security.authz.store.RoleReference
        public RoleKey id() {
            return new RoleKey(Set.of(this.apiKeyId), "bwc_api_key_" + String.valueOf(this.roleType));
        }

        @Override // org.elasticsearch.xpack.core.security.authz.store.RoleReference
        public void resolve(RoleReferenceResolver roleReferenceResolver, ActionListener<RolesRetrievalResult> actionListener) {
            roleReferenceResolver.resolveBwcApiKeyRoleReference(this, actionListener);
        }

        public String getApiKeyId() {
            return this.apiKeyId;
        }

        public Map<String, Object> getRoleDescriptorsMap() {
            return this.roleDescriptorsMap;
        }

        public ApiKeyRoleType getRoleType() {
            return this.roleType;
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/store/RoleReference$CrossClusterAccessRoleReference.class */
    public static final class CrossClusterAccessRoleReference implements RoleReference {
        private final CrossClusterAccessSubjectInfo.RoleDescriptorsBytes roleDescriptorsBytes;
        private RoleKey id = null;
        private final String userPrincipal;

        public CrossClusterAccessRoleReference(String str, CrossClusterAccessSubjectInfo.RoleDescriptorsBytes roleDescriptorsBytes) {
            this.userPrincipal = str;
            this.roleDescriptorsBytes = roleDescriptorsBytes;
        }

        @Override // org.elasticsearch.xpack.core.security.authz.store.RoleReference
        public RoleKey id() {
            if (this.id == null) {
                this.id = new RoleKey(Set.of("cross_cluster_access:" + this.roleDescriptorsBytes.digest()), "cross_cluster_access");
            }
            return this.id;
        }

        @Override // org.elasticsearch.xpack.core.security.authz.store.RoleReference
        public void resolve(RoleReferenceResolver roleReferenceResolver, ActionListener<RolesRetrievalResult> actionListener) {
            roleReferenceResolver.resolveCrossClusterAccessRoleReference(this, actionListener);
        }

        public String getUserPrincipal() {
            return this.userPrincipal;
        }

        public CrossClusterAccessSubjectInfo.RoleDescriptorsBytes getRoleDescriptorsBytes() {
            return this.roleDescriptorsBytes;
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/store/RoleReference$CrossClusterApiKeyRoleReference.class */
    public static final class CrossClusterApiKeyRoleReference implements RoleReference {
        private final String apiKeyId;
        private final BytesReference roleDescriptorsBytes;
        private RoleKey id = null;
        private final ApiKeyRoleType roleType = ApiKeyRoleType.ASSIGNED;

        public CrossClusterApiKeyRoleReference(String str, BytesReference bytesReference) {
            this.apiKeyId = str;
            this.roleDescriptorsBytes = bytesReference;
        }

        @Override // org.elasticsearch.xpack.core.security.authz.store.RoleReference
        public RoleKey id() {
            if (this.id == null) {
                this.id = ApiKeyRoleReference.computeRoleKey(this.roleDescriptorsBytes, this.roleType);
            }
            return this.id;
        }

        @Override // org.elasticsearch.xpack.core.security.authz.store.RoleReference
        public void resolve(RoleReferenceResolver roleReferenceResolver, ActionListener<RolesRetrievalResult> actionListener) {
            roleReferenceResolver.resolveCrossClusterApiKeyRoleReference(this, actionListener);
        }

        public String getApiKeyId() {
            return this.apiKeyId;
        }

        public BytesReference getRoleDescriptorsBytes() {
            return this.roleDescriptorsBytes;
        }

        public ApiKeyRoleType getRoleType() {
            return this.roleType;
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/store/RoleReference$FixedRoleReference.class */
    public static final class FixedRoleReference implements RoleReference {
        private final RoleDescriptor roleDescriptor;
        private final String source;

        public FixedRoleReference(RoleDescriptor roleDescriptor, String str) {
            this.roleDescriptor = roleDescriptor;
            this.source = str;
        }

        @Override // org.elasticsearch.xpack.core.security.authz.store.RoleReference
        public RoleKey id() {
            return new RoleKey(Set.of(this.roleDescriptor.getName()), this.source);
        }

        @Override // org.elasticsearch.xpack.core.security.authz.store.RoleReference
        public void resolve(RoleReferenceResolver roleReferenceResolver, ActionListener<RolesRetrievalResult> actionListener) {
            RolesRetrievalResult rolesRetrievalResult = new RolesRetrievalResult();
            rolesRetrievalResult.addDescriptors(Set.of(this.roleDescriptor));
            actionListener.onResponse(rolesRetrievalResult);
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/store/RoleReference$NamedRoleReference.class */
    public static final class NamedRoleReference implements RoleReference {
        private final String[] roleNames;

        public NamedRoleReference(String[] strArr) {
            this.roleNames = strArr;
        }

        public String[] getRoleNames() {
            return this.roleNames;
        }

        @Override // org.elasticsearch.xpack.core.security.authz.store.RoleReference
        public RoleKey id() {
            if (this.roleNames.length == 0) {
                return RoleKey.ROLE_KEY_EMPTY;
            }
            HashSet hashSet = new HashSet(List.of((Object[]) this.roleNames));
            return (hashSet.size() == 1 && hashSet.contains(ReservedRolesStore.SUPERUSER_ROLE_DESCRIPTOR.getName())) ? RoleKey.ROLE_KEY_SUPERUSER : new RoleKey(Set.copyOf(hashSet), RoleKey.ROLES_STORE_SOURCE);
        }

        @Override // org.elasticsearch.xpack.core.security.authz.store.RoleReference
        public void resolve(RoleReferenceResolver roleReferenceResolver, ActionListener<RolesRetrievalResult> actionListener) {
            roleReferenceResolver.resolveNamedRoleReference(this, actionListener);
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/store/RoleReference$ServiceAccountRoleReference.class */
    public static final class ServiceAccountRoleReference implements RoleReference {
        private final String principal;

        public ServiceAccountRoleReference(String str) {
            this.principal = str;
        }

        public String getPrincipal() {
            return this.principal;
        }

        @Override // org.elasticsearch.xpack.core.security.authz.store.RoleReference
        public RoleKey id() {
            return new RoleKey(Set.of(this.principal), "service_account");
        }

        @Override // org.elasticsearch.xpack.core.security.authz.store.RoleReference
        public void resolve(RoleReferenceResolver roleReferenceResolver, ActionListener<RolesRetrievalResult> actionListener) {
            roleReferenceResolver.resolveServiceAccountRoleReference(this, actionListener);
        }
    }

    RoleKey id();

    void resolve(RoleReferenceResolver roleReferenceResolver, ActionListener<RolesRetrievalResult> actionListener);
}
