package org.elasticsearch.xpack.security.authz.permission;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.SortedMap;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Function;
import java.util.function.Predicate;
import org.elasticsearch.cluster.metadata.AliasOrIndex;
import org.elasticsearch.cluster.metadata.IndexMetaData;
import org.elasticsearch.cluster.metadata.MetaData;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.xpack.security.authz.accesscontrol.IndicesAccessControl;
import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege;
import org.elasticsearch.xpack.security.support.Automatons;

/* loaded from: input_file:org/elasticsearch/xpack/security/authz/permission/IndicesPermission.class */
public final class IndicesPermission implements Iterable<Group> {
    public static final IndicesPermission NONE = new IndicesPermission(new Group[0]);
    private final Function<String, Predicate<String>> loadingFunction;
    private final ConcurrentHashMap<String, Predicate<String>> allowedIndicesMatchersForAction = new ConcurrentHashMap<>();
    private final Group[] groups;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/elasticsearch/xpack/security/authz/permission/IndicesPermission$DocumentLevelPermissions.class */
    public static class DocumentLevelPermissions {
        private Set<BytesReference> queries;
        private boolean allowAll;

        private DocumentLevelPermissions() {
            this.queries = null;
            this.allowAll = false;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addAll(Set<BytesReference> set) {
            if (this.allowAll) {
                return;
            }
            if (this.queries == null) {
                this.queries = new HashSet();
            }
            this.queries.addAll(set);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean isAllowAll() {
            return this.allowAll;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void setAllowAll(boolean z) {
            this.allowAll = z;
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/security/authz/permission/IndicesPermission$Group.class */
    public static class Group {
        private final IndexPrivilege privilege;
        private final Predicate<String> actionMatcher;
        private final String[] indices;
        private final Predicate<String> indexNameMatcher;
        private final FieldPermissions fieldPermissions;
        private final Set<BytesReference> query;
        static final /* synthetic */ boolean $assertionsDisabled;

        public FieldPermissions getFieldPermissions() {
            return this.fieldPermissions;
        }

        public Group(IndexPrivilege indexPrivilege, FieldPermissions fieldPermissions, @Nullable Set<BytesReference> set, String... strArr) {
            if (!$assertionsDisabled && strArr.length == 0) {
                throw new AssertionError();
            }
            this.privilege = indexPrivilege;
            this.actionMatcher = indexPrivilege.predicate();
            this.indices = strArr;
            this.indexNameMatcher = Automatons.predicate(strArr);
            this.fieldPermissions = (FieldPermissions) Objects.requireNonNull(fieldPermissions);
            this.query = set;
        }

        public IndexPrivilege privilege() {
            return this.privilege;
        }

        public String[] indices() {
            return this.indices;
        }

        @Nullable
        public Set<BytesReference> getQuery() {
            return this.query;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean check(String str) {
            return this.actionMatcher.test(str);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean check(String str, String str2) {
            if ($assertionsDisabled || str2 != null) {
                return check(str) && this.indexNameMatcher.test(str2);
            }
            throw new AssertionError();
        }

        boolean hasQuery() {
            return this.query != null;
        }

        static {
            $assertionsDisabled = !IndicesPermission.class.desiredAssertionStatus();
        }
    }

    public IndicesPermission(Group... groupArr) {
        this.groups = groupArr;
        this.loadingFunction = str -> {
            ArrayList arrayList = new ArrayList();
            for (Group group : groupArr) {
                if (group.actionMatcher.test(str)) {
                    arrayList.addAll(Arrays.asList(group.indices));
                }
            }
            return Automatons.predicate(arrayList);
        };
    }

    @Override // java.lang.Iterable
    public Iterator<Group> iterator() {
        return Arrays.asList(this.groups).iterator();
    }

    public Group[] groups() {
        return this.groups;
    }

    public Predicate<String> allowedIndicesMatcher(String str) {
        return this.allowedIndicesMatchersForAction.computeIfAbsent(str, this.loadingFunction);
    }

    public boolean check(String str) {
        for (Group group : this.groups) {
            if (group.check(str)) {
                return true;
            }
        }
        return false;
    }

    public Map<String, IndicesAccessControl.IndexAccessControl> authorize(String str, Set<String> set, MetaData metaData, FieldPermissionsCache fieldPermissionsCache) {
        SortedMap<String, AliasOrIndex> aliasAndIndexLookup = metaData.getAliasAndIndexLookup();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        for (String str2 : set) {
            boolean z = false;
            HashSet<String> hashSet = new HashSet();
            AliasOrIndex aliasOrIndex = aliasAndIndexLookup.get(str2);
            if (aliasOrIndex != null) {
                Iterator<IndexMetaData> it = aliasOrIndex.getIndices().iterator();
                while (it.hasNext()) {
                    hashSet.add(it.next().getIndex().getName());
                }
            }
            for (Group group : this.groups) {
                if (group.check(str, str2)) {
                    z = true;
                    for (String str3 : hashSet) {
                        Set set2 = (Set) hashMap.computeIfAbsent(str3, str4 -> {
                            return new HashSet();
                        });
                        hashMap.put(str2, set2);
                        set2.add(group.getFieldPermissions());
                        DocumentLevelPermissions documentLevelPermissions = (DocumentLevelPermissions) hashMap2.computeIfAbsent(str3, str5 -> {
                            return new DocumentLevelPermissions();
                        });
                        hashMap2.putIfAbsent(str2, documentLevelPermissions);
                        if (group.hasQuery()) {
                            documentLevelPermissions.addAll(group.getQuery());
                        } else {
                            documentLevelPermissions.setAllowAll(true);
                        }
                    }
                }
            }
            if (hashSet.isEmpty()) {
                hashMap3.put(str2, Boolean.valueOf(z));
            } else {
                hashMap3.put(str2, Boolean.valueOf(z));
                Iterator it2 = hashSet.iterator();
                while (it2.hasNext()) {
                    hashMap3.put((String) it2.next(), Boolean.valueOf(z));
                }
            }
        }
        HashMap hashMap4 = new HashMap();
        for (Map.Entry entry : hashMap3.entrySet()) {
            String str6 = (String) entry.getKey();
            DocumentLevelPermissions documentLevelPermissions2 = (DocumentLevelPermissions) hashMap2.get(str6);
            Set unmodifiableSet = (documentLevelPermissions2 == null || documentLevelPermissions2.isAllowAll()) ? null : Collections.unmodifiableSet(documentLevelPermissions2.queries);
            Set set3 = (Set) hashMap.get(str6);
            hashMap4.put(str6, new IndicesAccessControl.IndexAccessControl(((Boolean) entry.getValue()).booleanValue(), (set3 == null || set3.isEmpty()) ? FieldPermissions.DEFAULT : set3.size() == 1 ? (FieldPermissions) set3.iterator().next() : fieldPermissionsCache.getFieldPermissions(set3), unmodifiableSet));
        }
        return Collections.unmodifiableMap(hashMap4);
    }
}
