package org.elasticsearch.shield.authz;

import com.google.common.base.Predicate;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterators;
import com.google.common.collect.UnmodifiableIterator;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import org.elasticsearch.cluster.metadata.AliasOrIndex;
import org.elasticsearch.cluster.metadata.IndexMetaData;
import org.elasticsearch.cluster.metadata.MetaData;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.shield.authz.Privilege;
import org.elasticsearch.shield.authz.RoleDescriptor;
import org.elasticsearch.shield.authz.accesscontrol.IndicesAccessControl;
import org.elasticsearch.shield.support.AutomatonPredicate;
import org.elasticsearch.shield.support.Automatons;

/* loaded from: input_file:org/elasticsearch/shield/authz/Permission.class */
public interface Permission {

    /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$Cluster.class */
    public interface Cluster extends Permission {

        /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$Cluster$Core.class */
        public static class Core implements Cluster {
            public static final Core NONE = new Core(Privilege.Cluster.NONE) { // from class: org.elasticsearch.shield.authz.Permission.Cluster.Core.1
                @Override // org.elasticsearch.shield.authz.Permission.Cluster.Core, org.elasticsearch.shield.authz.Permission.Cluster
                public boolean check(String str) {
                    return false;
                }

                @Override // org.elasticsearch.shield.authz.Permission.Cluster.Core, org.elasticsearch.shield.authz.Permission
                public boolean isEmpty() {
                    return true;
                }
            };
            private final Privilege.Cluster privilege;
            private final Predicate<String> predicate;

            private Core(Privilege.Cluster cluster) {
                this.privilege = cluster;
                this.predicate = cluster.predicate();
            }

            public Privilege.Cluster privilege() {
                return this.privilege;
            }

            @Override // org.elasticsearch.shield.authz.Permission.Cluster
            public boolean check(String str) {
                return this.predicate.apply(str);
            }

            @Override // org.elasticsearch.shield.authz.Permission
            public boolean isEmpty() {
                return false;
            }
        }

        /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$Cluster$Globals.class */
        public static class Globals implements Cluster {
            private final List<Global> globals;

            public Globals(List<Global> list) {
                this.globals = list;
            }

            @Override // org.elasticsearch.shield.authz.Permission.Cluster
            public boolean check(String str) {
                if (this.globals == null) {
                    return false;
                }
                Iterator<Global> it = this.globals.iterator();
                while (it.hasNext()) {
                    if (it.next().cluster().check(str)) {
                        return true;
                    }
                }
                return false;
            }

            @Override // org.elasticsearch.shield.authz.Permission
            public boolean isEmpty() {
                if (this.globals == null || this.globals.isEmpty()) {
                    return true;
                }
                Iterator<Global> it = this.globals.iterator();
                while (it.hasNext()) {
                    if (!it.next().isEmpty()) {
                        return false;
                    }
                }
                return true;
            }
        }

        boolean check(String str);
    }

    /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$Global.class */
    public static class Global implements Permission {
        public static final Global NONE = new Global(Cluster.Core.NONE, Indices.Core.NONE, RunAs.Core.NONE);
        private final Cluster cluster;
        private final Indices indices;
        private final RunAs runAs;

        /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$Global$Compound.class */
        static class Compound extends Global {

            /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$Global$Compound$Builder.class */
            public static class Builder {
                private List<Global> globals;

                private Builder() {
                    this.globals = new ArrayList();
                }

                public Builder add(Global global) {
                    this.globals.add(global);
                    return this;
                }

                public Compound build() {
                    return new Compound(Collections.unmodifiableList(this.globals));
                }
            }

            public Compound(List<Global> list) {
                super(new Cluster.Globals(list), new Indices.Globals(list), new RunAs.Globals(list));
            }

            public static Builder builder() {
                return new Builder();
            }
        }

        /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$Global$Role.class */
        public static class Role extends Global {
            private final String name;

            /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$Global$Role$Builder.class */
            public static class Builder {
                private final String name;
                private Cluster.Core cluster;
                private RunAs.Core runAs;
                private List<Indices.Group> groups;

                private Builder(String str) {
                    this.cluster = Cluster.Core.NONE;
                    this.runAs = RunAs.Core.NONE;
                    this.groups = new ArrayList();
                    this.name = str;
                }

                private Builder(RoleDescriptor roleDescriptor) {
                    this.cluster = Cluster.Core.NONE;
                    this.runAs = RunAs.Core.NONE;
                    this.groups = new ArrayList();
                    this.name = roleDescriptor.getName();
                    cluster(Privilege.Cluster.get(new Privilege.Name(roleDescriptor.getClusterPrivileges())));
                    for (RoleDescriptor.IndicesPrivileges indicesPrivileges : roleDescriptor.getIndicesPrivileges()) {
                        add(indicesPrivileges.getFields() == null ? null : Arrays.asList(indicesPrivileges.getFields()), indicesPrivileges.getQuery(), Privilege.Index.get(new Privilege.Name(indicesPrivileges.getPrivileges())), indicesPrivileges.getIndices());
                    }
                    String[] runAs = roleDescriptor.getRunAs();
                    if (runAs == null || runAs.length <= 0) {
                        return;
                    }
                    runAs(new Privilege.General(new Privilege.Name(runAs), runAs));
                }

                public Builder cluster(Privilege.Cluster cluster) {
                    this.cluster = new Cluster.Core(cluster);
                    return this;
                }

                public Builder runAs(Privilege.General general) {
                    this.runAs = new RunAs.Core(general);
                    return this;
                }

                public Builder add(Privilege.Index index, String... strArr) {
                    this.groups.add(new Indices.Group(index, null, null, strArr));
                    return this;
                }

                public Builder add(List<String> list, BytesReference bytesReference, Privilege.Index index, String... strArr) {
                    this.groups.add(new Indices.Group(index, list, bytesReference, strArr));
                    return this;
                }

                public Role build() {
                    return new Role(this.name, this.cluster, this.groups.isEmpty() ? Indices.Core.NONE : new Indices.Core((Indices.Group[]) this.groups.toArray(new Indices.Group[this.groups.size()])), this.runAs);
                }
            }

            private Role(String str, Cluster.Core core, Indices.Core core2, RunAs.Core core3) {
                super(core, core2, core3);
                this.name = str;
            }

            public String name() {
                return this.name;
            }

            @Override // org.elasticsearch.shield.authz.Permission.Global
            public Cluster.Core cluster() {
                return (Cluster.Core) super.cluster();
            }

            @Override // org.elasticsearch.shield.authz.Permission.Global
            public Indices.Core indices() {
                return (Indices.Core) super.indices();
            }

            @Override // org.elasticsearch.shield.authz.Permission.Global
            public RunAs.Core runAs() {
                return (RunAs.Core) super.runAs();
            }

            public static Builder builder(String str) {
                return new Builder(str);
            }

            public static Builder builder(RoleDescriptor roleDescriptor) {
                return new Builder(roleDescriptor);
            }
        }

        Global(Cluster cluster, Indices indices, RunAs runAs) {
            this.cluster = cluster;
            this.indices = indices;
            this.runAs = runAs;
        }

        public Cluster cluster() {
            return this.cluster;
        }

        public Indices indices() {
            return this.indices;
        }

        public RunAs runAs() {
            return this.runAs;
        }

        @Override // org.elasticsearch.shield.authz.Permission
        public boolean isEmpty() {
            return (this.cluster == null || this.cluster.isEmpty()) && (this.indices == null || this.indices.isEmpty()) && (this.runAs == null || this.runAs.isEmpty());
        }

        public IndicesAccessControl authorize(String str, Set<String> set, MetaData metaData) {
            ImmutableMap<String, IndicesAccessControl.IndexAccessControl> authorize = this.indices.authorize(str, set, metaData);
            boolean z = true;
            Iterator it = authorize.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (!((IndicesAccessControl.IndexAccessControl) ((Map.Entry) it.next()).getValue()).isGranted()) {
                    z = false;
                    break;
                }
            }
            return new IndicesAccessControl(z, authorize);
        }
    }

    /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$Indices.class */
    public interface Indices extends Permission, Iterable<Group> {

        /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$Indices$Core.class */
        public static class Core implements Indices {
            public static final Core NONE = new Core(new Group[0]) { // from class: org.elasticsearch.shield.authz.Permission.Indices.Core.1
                @Override // org.elasticsearch.shield.authz.Permission.Indices.Core, java.lang.Iterable
                public Iterator<Group> iterator() {
                    return Collections.emptyIterator();
                }

                @Override // org.elasticsearch.shield.authz.Permission.Indices.Core, org.elasticsearch.shield.authz.Permission
                public boolean isEmpty() {
                    return true;
                }
            };
            private final LoadingCache<String, Predicate<String>> allowedIndicesMatchersForAction = CacheBuilder.newBuilder().build(new CacheLoader<String, Predicate<String>>() { // from class: org.elasticsearch.shield.authz.Permission.Indices.Core.2
                public Predicate<String> load(String str) throws Exception {
                    ArrayList arrayList = new ArrayList();
                    for (Group group : Core.this.groups) {
                        if (group.actionMatcher.apply(str)) {
                            arrayList.addAll(Arrays.asList(group.indices));
                        }
                    }
                    return new AutomatonPredicate(Automatons.patterns(Collections.unmodifiableList(arrayList)));
                }
            });
            private final Group[] groups;

            public Core(Group... groupArr) {
                this.groups = groupArr;
            }

            @Override // java.lang.Iterable
            public Iterator<Group> iterator() {
                return Iterators.forArray(this.groups);
            }

            public Group[] groups() {
                return this.groups;
            }

            @Override // org.elasticsearch.shield.authz.Permission
            public boolean isEmpty() {
                return this.groups == null || this.groups.length == 0;
            }

            public Predicate<String> allowedIndicesMatcher(String str) {
                return (Predicate) this.allowedIndicesMatchersForAction.getUnchecked(str);
            }

            @Override // org.elasticsearch.shield.authz.Permission.Indices
            public ImmutableMap<String, IndicesAccessControl.IndexAccessControl> authorize(String str, Set<String> set, MetaData metaData) {
                SortedMap aliasAndIndexLookup = metaData.getAliasAndIndexLookup();
                HashMap hashMap = new HashMap();
                HashMap hashMap2 = new HashMap();
                HashMap hashMap3 = new HashMap();
                for (String str2 : set) {
                    boolean z = false;
                    HashSet<String> hashSet = new HashSet();
                    AliasOrIndex aliasOrIndex = (AliasOrIndex) aliasAndIndexLookup.get(str2);
                    if (aliasOrIndex != null) {
                        Iterator it = aliasOrIndex.getIndices().iterator();
                        while (it.hasNext()) {
                            hashSet.add(((IndexMetaData) it.next()).getIndex());
                        }
                    }
                    for (Group group : this.groups) {
                        if (group.check(str, str2)) {
                            z = true;
                            for (String str3 : hashSet) {
                                if (group.getFields() != null) {
                                    ImmutableSet.Builder builder = (ImmutableSet.Builder) hashMap.get(str3);
                                    if (builder == null) {
                                        builder = ImmutableSet.builder();
                                        hashMap.put(str3, builder);
                                    }
                                    builder.addAll(group.getFields());
                                }
                                if (group.getQuery() != null) {
                                    ImmutableSet.Builder builder2 = (ImmutableSet.Builder) hashMap2.get(str3);
                                    if (builder2 == null) {
                                        builder2 = ImmutableSet.builder();
                                        hashMap2.put(str3, builder2);
                                    }
                                    builder2.add(group.getQuery());
                                }
                            }
                        }
                    }
                    if (hashSet.isEmpty()) {
                        hashMap3.put(str2, Boolean.valueOf(z));
                    } else {
                        Iterator it2 = hashSet.iterator();
                        while (it2.hasNext()) {
                            hashMap3.put((String) it2.next(), Boolean.valueOf(z));
                        }
                    }
                }
                ImmutableMap.Builder builder3 = ImmutableMap.builder();
                for (Map.Entry entry : hashMap3.entrySet()) {
                    String str4 = (String) entry.getKey();
                    ImmutableSet.Builder builder4 = (ImmutableSet.Builder) hashMap2.get(str4);
                    ImmutableSet.Builder builder5 = (ImmutableSet.Builder) hashMap.get(str4);
                    builder3.put(str4, new IndicesAccessControl.IndexAccessControl(((Boolean) entry.getValue()).booleanValue(), builder5 != null ? builder5.build() : null, builder4 != null ? builder4.build() : null));
                }
                return builder3.build();
            }
        }

        /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$Indices$Globals.class */
        public static class Globals implements Indices {
            private final List<Global> globals;

            /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$Indices$Globals$Iter.class */
            static class Iter extends UnmodifiableIterator<Group> {
                private final Iterator<Global> globals;
                private Iterator<Group> current;

                Iter(List<Global> list) {
                    this.globals = list.iterator();
                    advance();
                }

                public boolean hasNext() {
                    return this.current != null && this.current.hasNext();
                }

                /* renamed from: next, reason: merged with bridge method [inline-methods] */
                public Group m78next() {
                    Group next = this.current.next();
                    advance();
                    return next;
                }

                private void advance() {
                    if (this.current == null || !this.current.hasNext()) {
                        if (!this.globals.hasNext()) {
                            this.current = null;
                            return;
                        }
                        while (this.globals.hasNext()) {
                            Indices indices = this.globals.next().indices();
                            if (!indices.isEmpty()) {
                                this.current = indices.iterator();
                                return;
                            }
                        }
                        this.current = null;
                    }
                }
            }

            public Globals(List<Global> list) {
                this.globals = list;
            }

            @Override // java.lang.Iterable
            public Iterator<Group> iterator() {
                return (this.globals == null || this.globals.isEmpty()) ? Collections.emptyIterator() : new Iter(this.globals);
            }

            @Override // org.elasticsearch.shield.authz.Permission
            public boolean isEmpty() {
                if (this.globals == null || this.globals.isEmpty()) {
                    return true;
                }
                Iterator<Global> it = this.globals.iterator();
                while (it.hasNext()) {
                    if (!it.next().indices().isEmpty()) {
                        return false;
                    }
                }
                return true;
            }

            @Override // org.elasticsearch.shield.authz.Permission.Indices
            public ImmutableMap<String, IndicesAccessControl.IndexAccessControl> authorize(String str, Set<String> set, MetaData metaData) {
                if (isEmpty()) {
                    return ImmutableMap.of();
                }
                HashMap hashMap = null;
                Iterator<Global> it = this.globals.iterator();
                while (it.hasNext()) {
                    ImmutableMap<String, IndicesAccessControl.IndexAccessControl> authorize = it.next().indices().authorize(str, set, metaData);
                    if (hashMap == null) {
                        hashMap = new HashMap((Map) authorize);
                    } else {
                        Iterator it2 = authorize.entrySet().iterator();
                        while (it2.hasNext()) {
                            Map.Entry entry = (Map.Entry) it2.next();
                            IndicesAccessControl.IndexAccessControl indexAccessControl = (IndicesAccessControl.IndexAccessControl) hashMap.get(entry.getKey());
                            if (indexAccessControl != null) {
                                hashMap.put(entry.getKey(), indexAccessControl.merge((IndicesAccessControl.IndexAccessControl) entry.getValue()));
                            } else {
                                hashMap.put(entry.getKey(), entry.getValue());
                            }
                        }
                    }
                }
                return hashMap == null ? ImmutableMap.of() : ImmutableMap.copyOf(hashMap);
            }
        }

        /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$Indices$Group.class */
        public static class Group {
            private final Privilege.Index privilege;
            private final Predicate<String> actionMatcher;
            private final String[] indices;
            private final Predicate<String> indexNameMatcher;
            private final List<String> fields;
            private final BytesReference query;
            static final /* synthetic */ boolean $assertionsDisabled;

            public Group(Privilege.Index index, @Nullable List<String> list, @Nullable BytesReference bytesReference, String... strArr) {
                if (!$assertionsDisabled && strArr.length == 0) {
                    throw new AssertionError();
                }
                this.privilege = index;
                this.actionMatcher = index.predicate();
                this.indices = strArr;
                this.indexNameMatcher = new AutomatonPredicate(Automatons.patterns(strArr));
                this.fields = list;
                this.query = bytesReference;
            }

            public Privilege.Index privilege() {
                return this.privilege;
            }

            public String[] indices() {
                return this.indices;
            }

            @Nullable
            public List<String> getFields() {
                return this.fields;
            }

            @Nullable
            public BytesReference getQuery() {
                return this.query;
            }

            public boolean indexNameMatch(String str) {
                return this.indexNameMatcher.apply(str);
            }

            public boolean check(String str, String str2) {
                if ($assertionsDisabled || str2 != null) {
                    return this.actionMatcher.apply(str) && this.indexNameMatcher.apply(str2);
                }
                throw new AssertionError();
            }

            static {
                $assertionsDisabled = !Permission.class.desiredAssertionStatus();
            }
        }

        ImmutableMap<String, IndicesAccessControl.IndexAccessControl> authorize(String str, Set<String> set, MetaData metaData);
    }

    /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$RunAs.class */
    public interface RunAs extends Permission {

        /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$RunAs$Core.class */
        public static class Core implements RunAs {
            public static final Core NONE = new Core(Privilege.General.NONE);
            private final Privilege.General privilege;
            private final Predicate<String> predicate;

            public Core(Privilege.General general) {
                this.privilege = general;
                this.predicate = general.predicate();
            }

            @Override // org.elasticsearch.shield.authz.Permission.RunAs
            public boolean check(String str) {
                return this.predicate.apply(str);
            }

            @Override // org.elasticsearch.shield.authz.Permission
            public boolean isEmpty() {
                return this == NONE;
            }
        }

        /* loaded from: input_file:org/elasticsearch/shield/authz/Permission$RunAs$Globals.class */
        public static class Globals implements RunAs {
            private final List<Global> globals;

            public Globals(List<Global> list) {
                this.globals = list;
            }

            @Override // org.elasticsearch.shield.authz.Permission.RunAs
            public boolean check(String str) {
                if (this.globals == null) {
                    return false;
                }
                Iterator<Global> it = this.globals.iterator();
                while (it.hasNext()) {
                    if (it.next().runAs().check(str)) {
                        return true;
                    }
                }
                return false;
            }

            @Override // org.elasticsearch.shield.authz.Permission
            public boolean isEmpty() {
                if (this.globals == null || this.globals.isEmpty()) {
                    return true;
                }
                Iterator<Global> it = this.globals.iterator();
                while (it.hasNext()) {
                    if (!it.next().isEmpty()) {
                        return false;
                    }
                }
                return true;
            }
        }

        boolean check(String str);
    }

    boolean isEmpty();
}
